Fix phpstan complaint: MetadataFactory::GetCertificateData() does not handle an invalid certificate

pmeulen · pmeulen · commit 8ea62add84c0 · 2025-04-30T18:44:23.000+02:00
diff --git a/src/Metadata/MetadataFactory.php b/src/Metadata/MetadataFactory.php
@@ -114,6 +114,10 @@ private function getCertificateData(string $publicKeyFile): string
         $matches = [];
         preg_match(Certificate::CERTIFICATE_PATTERN, $certificate, $matches);
 
+        if (! isset($matches[1])) {
+            throw new \RuntimeException(sprintf('Could not parse PEM certificate in %s', $publicKeyFile));
+        }
+
         return str_replace([' ', "\n"], '', $matches[1]);
     }
 
diff --git a/src/Tests/Unit/Metadata/MetadataFactoryTest.php b/src/Tests/Unit/Metadata/MetadataFactoryTest.php
@@ -0,0 +1,38 @@
+<?php
+
+
+namespace Surfnet\SamlBundle\Tests\Unit\Metadata;
+
+use PHPUnit\Framework\TestCase;
+use ReflectionMethod;
+use Surfnet\SamlBundle\Metadata\MetadataFactory;
+
+class MetadataFactoryTest extends TestCase
+{
+    public function testGetCertificateData(): void
+    {
+        $publicKeyFile = __DIR__ . '/certificate.pem';  // File with test certificate in PEM format
+        // Read the public key file and remove the first and last lines and all newlines
+        $expectedCertificate = str_replace("\n", '', implode("", array_slice(file($publicKeyFile), 1, -1)));
+
+        // Setup a mock for the MetadataFactory with the real getCertificateData method
+        // and add the mocked File class to it
+        $metadataFactoryMock = $this->getMockBuilder(MetadataFactory::class)
+            ->disableOriginalConstructor()
+            ->onlyMethods(['getCertificateData'])
+            ->getMock();
+
+        // Setup a reflection to call the private method
+        $reflectionMethod = new ReflectionMethod($metadataFactoryMock::class, 'getCertificateData');
+
+        // Test getCertificateData method with a valid certificate
+        $result = $reflectionMethod->invoke($metadataFactoryMock, $publicKeyFile);
+        $this->assertEquals($expectedCertificate, $result);
+
+        // Test with an invalid certificate
+        $invalidPublicKeyFile = __DIR__ . '/invalid_certificate.pem';  // File with invalid certificate
+        $this->expectException(\RuntimeException::class);
+        $this->expectExceptionMessage('Could not parse PEM certificate in ' . $invalidPublicKeyFile);
+        $reflectionMethod->invoke($metadataFactoryMock, $invalidPublicKeyFile);
+    }
+}
diff --git a/src/Tests/Unit/Metadata/certificate.pem b/src/Tests/Unit/Metadata/certificate.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqmgAwIBAgIUYuSUugwc4J4NyW9WGqYJ/liwM4owDQYJKoZIhvcNAQEL
+BQAwcDELMAkGA1UEBhMCTkwxEDAOBgNVBAgMB1V0cmVjaHQxEDAOBgNVBAcMB1V0
+cmVjaHQxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDEU
+MBIGA1UEAwwLR2F0ZXdheSBJRFAwHhcNMjMwNTE3MTIxNTEyWhcNMzMwNTE0MTIx
+NTEyWjBwMQswCQYDVQQGEwJOTDEQMA4GA1UECAwHVXRyZWNodDEQMA4GA1UEBwwH
+VXRyZWNodDEnMCUGA1UECgweRGV2ZWxvcG1lbnQgRG9ja2VyIGVudmlyb25tZW50
+MRQwEgYDVQQDDAtHYXRld2F5IElEUDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAM2ulQVs5WpbJOAf7Cv/VPDTJqbWHVdUxAmdwZJlcNTRKNFVp4aJzQ3d
+piyiGghI5odnzU0/BWBoHZFNYPU/OFr/gzn6iJGxL63L9+mFgE8PR9HpkV5TaRnr
+21+nZ0EXWjDZk9Px0enERicCItTeQzAUJeA0A9miIcK5IKIz/zSBSR3c802SGD/V
+elUqY7Z2/UJM97cT92L+4Fz+4zhxxoThbPbrR0CweiROIt82grdwg7zf0+b62MOu
+VtqFh0yPLRAFfLc4LjHuxFUdUvOHVta7x74dwdmHikqfujM10XN+sNns3LDJde2y
+PWchU6ktq7cjgbYfIW/vzVzafP1Jk40CAwEAAaNTMFEwHQYDVR0OBBYEFGYn6LWR
+DZa7+YryUncIlwJB2VorMB8GA1UdIwQYMBaAFGYn6LWRDZa7+YryUncIlwJB2Vor
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJ57lcOF6PWWW56m
+S2s5gKFImtfRFzlfiyHsF14L7+nQ5NjfOhpU0wRpnTjK91KP0wCwlxzGFXR8yfqf
+BFJryIV7aDdYPH/RIkwVaNBI0fsD/ozlYb18seieDEGLvQtTlrmc0UNHtWz6FW3L
+2geM3ENaqpOATl1Ywp4EPML7Dh0CbhhyM8PnPCEsdclouIeP5/B9Swfk3omXehof
+6bkFbntqA03msFBiW50twkfKeKULcJGXo667hto27KNxZUauqtPbnAGpUQmge8nx
+SQlN8RPwlvygVM4LVMF9qP9YxloTH0xVNwN4noZUhfMNsKoJ7Hg5Xulaok8oCqmz
+EiSroEg=
+-----END CERTIFICATE-----
diff --git a/src/Tests/Unit/Metadata/invalid_certificate.pem b/src/Tests/Unit/Metadata/invalid_certificate.pem
@@ -0,0 +1,23 @@
+--
+MIIDwTCCAqmgAwIBAgIUYuSUugwc4J4NyW9WGqYJ/liwM4owDQYJKoZIhvcNAQEL
+BQAwcDELMAkGA1UEBhMCTkwxEDAOBgNVBAgMB1V0cmVjaHQxEDAOBgNVBAcMB1V0
+cmVjaHQxJzAlBgNVBAoMHkRldmVsb3BtZW50IERvY2tlciBlbnZpcm9ubWVudDEU
+MBIGA1UEAwwLR2F0ZXdheSBJRFAwHhcNMjMwNTE3MTIxNTEyWhcNMzMwNTE0MTIx
+NTEyWjBwMQswCQYDVQQGEwJOTDEQMA4GA1UECAwHVXRyZWNodDEQMA4GA1UEBwwH
+VXRyZWNodDEnMCUGA1UECgweRGV2ZWxvcG1lbnQgRG9ja2VyIGVudmlyb25tZW50
+MRQwEgYDVQQDDAtHYXRld2F5IElEUDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAM2ulQVs5WpbJOAf7Cv/VPDTJqbWHVdUxAmdwZJlcNTRKNFVp4aJzQ3d
+piyiGghI5odnzU0/BWBoHZFNYPU/OFr/gzn6iJGxL63L9+mFgE8PR9HpkV5TaRnr
+21+nZ0EXWjDZk9Px0enERicCItTeQzAUJeA0A9miIcK5IKIz/zSBSR3c802SGD/V
+elUqY7Z2/UJM97cT92L+4Fz+4zhxxoThbPbrR0CweiROIt82grdwg7zf0+b62MOu
+VtqFh0yPLRAFfLc4LjHuxFUdUvOHVta7x74dwdmHikqfujM10XN+sNns3LDJde2y
+PWchU6ktq7cjgbYfIW/vzVzafP1Jk40CAwEAAaNTMFEwHQYDVR0OBBYEFGYn6LWR
+DZa7+YryUncIlwJB2VorMB8GA1UdIwQYMBaAFGYn6LWRDZa7+YryUncIlwJB2Vor
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJ57lcOF6PWWW56m
+S2s5gKFImtfRFzlfiyHsF14L7+nQ5NjfOhpU0wRpnTjK91KP0wCwlxzGFXR8yfqf
+BFJryIV7aDdYPH/RIkwVaNBI0fsD/ozlYb18seieDEGLvQtTlrmc0UNHtWz6FW3L
+2geM3ENaqpOATl1Ywp4EPML7Dh0CbhhyM8PnPCEsdclouIeP5/B9Swfk3omXehof
+6bkFbntqA03msFBiW50twkfKeKULcJGXo667hto27KNxZUauqtPbnAGpUQmge8nx
+SQlN8RPwlvygVM4LVMF9qP9YxloTH0xVNwN4noZUhfMNsKoJ7Hg5Xulaok8oCqmz
+EiSroEg=
+-----END CERTIFICATE-----

Original file line number	Diff line number	Diff line change
`@@ -114,6 +114,10 @@ private function getCertificateData(string $publicKeyFile): string`
`114`	`114`	`$matches = [];`
`115`	`115`	`preg_match(Certificate::CERTIFICATE_PATTERN, $certificate, $matches);`
`116`	`116`
	`117`	`+ if (! isset($matches[1])) {`
	`118`	`+ throw new \RuntimeException(sprintf('Could not parse PEM certificate in %s', $publicKeyFile));`
	`119`	`+ }`
	`120`	`+`
`117`	`121`	`return str_replace([' ', "\n"], '', $matches[1]);`
`118`	`122`	`}`
`119`	`123`