|
| 1 | +<?php |
| 2 | + |
| 3 | +// SPDX-FileCopyrightText: 2026 LibreCode coop and contributors |
| 4 | +// SPDX-License-Identifier: AGPL-3.0-or-later |
| 5 | + |
| 6 | +declare(strict_types=1); |
| 7 | + |
| 8 | +namespace LibreCodeCoop\NfsePHP\Tests\Integration\Xml; |
| 9 | + |
| 10 | +use LibreCodeCoop\NfsePHP\Exception\PfxImportException; |
| 11 | +use LibreCodeCoop\NfsePHP\SecretStore\NoOpSecretStore; |
| 12 | +use LibreCodeCoop\NfsePHP\Tests\Support\LoadsLocalEnv; |
| 13 | +use LibreCodeCoop\NfsePHP\Tests\TestCase; |
| 14 | +use LibreCodeCoop\NfsePHP\Xml\DpsSigner; |
| 15 | + |
| 16 | +/** |
| 17 | + * Optional integration test: |
| 18 | + * - Uses real PFX when env vars are available |
| 19 | + * - Skips cleanly when env vars are absent |
| 20 | + */ |
| 21 | +class DpsSignerIntegrationTest extends TestCase |
| 22 | +{ |
| 23 | + use LoadsLocalEnv; |
| 24 | + |
| 25 | + public function testSignsXmlWithConfiguredPfxWhenEnvIsPresent(): void |
| 26 | + { |
| 27 | + self::loadLocalEnv(); |
| 28 | + |
| 29 | + $cnpj = getenv('NFS_TEST_CNPJ') ?: '11222333000181'; |
| 30 | + $pfxPath = getenv('NFSE_MTLS_PFX_PATH') ?: ''; |
| 31 | + $pfxPassword = getenv('NFSE_MTLS_PFX_PASSWORD') ?: ''; |
| 32 | + |
| 33 | + if ($pfxPath === '' || $pfxPassword === '') { |
| 34 | + self::markTestSkipped('Set NFSE_MTLS_PFX_PATH and NFSE_MTLS_PFX_PASSWORD to run real-PFX integration test.'); |
| 35 | + } |
| 36 | + |
| 37 | + if (!str_starts_with($pfxPath, '/')) { |
| 38 | + $pfxPath = dirname(__DIR__, 3) . '/' . ltrim($pfxPath, '/'); |
| 39 | + } |
| 40 | + |
| 41 | + if (!is_file($pfxPath)) { |
| 42 | + self::markTestSkipped('Configured PFX file does not exist for integration test.'); |
| 43 | + } |
| 44 | + |
| 45 | + $store = new NoOpSecretStore(); |
| 46 | + $store->put('pfx/' . $cnpj, [ |
| 47 | + 'pfx_path' => $pfxPath, |
| 48 | + 'password' => $pfxPassword, |
| 49 | + ]); |
| 50 | + |
| 51 | + $signer = new DpsSigner($store); |
| 52 | + $xml = '<DPS><infDPS Id="DPS123"><x>abc</x></infDPS></DPS>'; |
| 53 | + |
| 54 | + try { |
| 55 | + $signed = $signer->sign($xml, $cnpj); |
| 56 | + } catch (PfxImportException $e) { |
| 57 | + $message = strtolower($e->getMessage()); |
| 58 | + |
| 59 | + // Local OpenSSL runtime may not support legacy PKCS#12 algorithms. |
| 60 | + if (str_contains($message, 'digital envelope routines') || str_contains($message, 'asn1 encoding routines')) { |
| 61 | + self::markTestSkipped('Local OpenSSL runtime cannot import this PFX format.'); |
| 62 | + } |
| 63 | + |
| 64 | + throw $e; |
| 65 | + } |
| 66 | + |
| 67 | + self::assertStringContainsString('<Signature', $signed); |
| 68 | + self::assertStringContainsString('DigestValue', $signed); |
| 69 | + } |
| 70 | +} |
0 commit comments