nfse-php/tests/Unit/Xml/DpsSignerTest.php at 476abefee3e45772e8cd72dacbcb6547d3d68360 · LibreCodeCoop/nfse-php · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
<?php

// SPDX-FileCopyrightText: 2026 LibreCode coop and contributors
// SPDX-License-Identifier: AGPL-3.0-or-later

declare(strict_types=1);

namespace LibreCodeCoop\NfsePHP\Tests\Unit\Xml;

use LibreCodeCoop\NfsePHP\Exception\PfxImportException;
use LibreCodeCoop\NfsePHP\SecretStore\NoOpSecretStore;
use LibreCodeCoop\NfsePHP\Tests\TestCase;
use LibreCodeCoop\NfsePHP\Xml\DpsSigner;

/**
 * @covers \LibreCodeCoop\NfsePHP\Xml\DpsSigner
 */
class DpsSignerTest extends TestCase
{
    private DpsSigner $signer;

    private NoOpSecretStore $store;

    private string $testCnpj = '11222333000181';

    private string $testXml = '<DPS><infDPS Id="DPS11222333000181"><cMun>3303302</cMun></infDPS></DPS>';

    private string $pfxPath = '';

    protected function setUp(): void
    {
        $this->store = new NoOpSecretStore();
        $this->signer = new DpsSigner($this->store);
        $this->setupTestCert();
    }

    protected function tearDown(): void
    {
        if ($this->pfxPath !== '' && is_file($this->pfxPath)) {
            unlink($this->pfxPath);
        }
    }

    private function setupTestCert(): void
    {
        $privKey = openssl_pkey_new([
            'private_key_bits' => 2048,
            'private_key_type' => OPENSSL_KEYTYPE_RSA,
        ]);
        self::assertNotFalse($privKey, 'openssl_pkey_new must succeed in this environment');

        $csr = openssl_csr_new(
            ['commonName' => $this->testCnpj],
            $privKey,
            ['digest_alg' => 'sha256'],
        );
        self::assertNotFalse($csr, 'openssl_csr_new must succeed');

        $cert = openssl_csr_sign($csr, null, $privKey, 1, ['digest_alg' => 'sha256']);
        self::assertNotFalse($cert, 'openssl_csr_sign must succeed');

        $pfxData = '';
        $ok = openssl_pkcs12_export($cert, $pfxData, $privKey, 'testpass');
        self::assertTrue($ok, 'openssl_pkcs12_export must succeed');

        $this->pfxPath = sys_get_temp_dir() . '/nfse_test_' . $this->testCnpj . '.pfx';
        file_put_contents($this->pfxPath, $pfxData);

        $this->store->put('pfx/' . $this->testCnpj, [
            'pfx_path'  => $this->pfxPath,
            'password'  => 'testpass',
        ]);
    }

    public function testSignReturnsXmlContainingSignatureElement(): void
    {
        $signed = $this->signer->sign($this->testXml, $this->testCnpj);

        self::assertStringContainsString('<Signature', $signed);
    }

    public function testSignReturnsXmlContainingDigestValue(): void
    {
        $signed = $this->signer->sign($this->testXml, $this->testCnpj);

        self::assertStringContainsString('DigestValue', $signed);
    }

    public function testSignReturnsXmlContainingSignatureValue(): void
    {
        $signed = $this->signer->sign($this->testXml, $this->testCnpj);

        self::assertStringContainsString('SignatureValue', $signed);
    }

    public function testSignReturnsXmlContainingX509Certificate(): void
    {
        $signed = $this->signer->sign($this->testXml, $this->testCnpj);

        self::assertStringContainsString('X509Certificate', $signed);
    }

    public function testSignThrowsPfxImportExceptionWhenFileNotFound(): void
    {
        $store = new NoOpSecretStore();
        $store->put('pfx/99999999999999', [
            'pfx_path' => '/nonexistent/path/cert.pfx',
            'password' => 'x',
        ]);

        $signer = new DpsSigner($store);

        $this->expectException(PfxImportException::class);
        $signer->sign($this->testXml, '99999999999999');
    }

    public function testSignedXmlIsStillValidXml(): void
    {
        $signed = $this->signer->sign($this->testXml, $this->testCnpj);

        $doc = new \DOMDocument();
        self::assertTrue($doc->loadXML($signed), 'Signed output must be valid XML');
    }

    public function testSignatureElementIsAppendedToDpsRoot(): void
    {
        $signed = $this->signer->sign($this->testXml, $this->testCnpj);

        $doc = new \DOMDocument();
        $doc->loadXML($signed);

        $xpath = new \DOMXPath($doc);
        $xpath->registerNamespace('ds', 'http://www.w3.org/2000/09/xmldsig#');
        $nodes = $xpath->query('/DPS/ds:Signature');

        self::assertSame(1, $nodes->length, 'Signature must be a direct child of DPS root');
    }
}