From 1673591dee1735b066c71305161c4c6bc42bb0bc Mon Sep 17 00:00:00 2001 From: Vitor Mattos <1079143+vitormattos@users.noreply.github.com> Date: Tue, 30 Sep 2025 16:20:15 -0300 Subject: [PATCH] chore: handle error and cover with tests Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com> --- .../CertificateEngine/OpenSslHandler.php | 6 +++- .../CertificateEngine/OpenSslHandlerTest.php | 30 +++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/lib/Handler/CertificateEngine/OpenSslHandler.php b/lib/Handler/CertificateEngine/OpenSslHandler.php index 91abd08eee..82c4da1f3d 100644 --- a/lib/Handler/CertificateEngine/OpenSslHandler.php +++ b/lib/Handler/CertificateEngine/OpenSslHandler.php @@ -88,7 +88,11 @@ public function generateCertificate(): string { 'private_key_type' => OPENSSL_KEYTYPE_RSA, ]); - $csr = openssl_csr_new($this->getCsrNames(), $privateKey); + $csr = @openssl_csr_new($this->getCsrNames(), $privateKey); + if ($csr === false) { + $message = openssl_error_string(); + throw new LibresignException('OpenSSL error: ' . $message); + } $x509 = openssl_csr_sign($csr, $rootCertificate, $rootPrivateKey, $this->expirity(), [ 'config' => $this->getFilenameToLeafCert(), diff --git a/tests/php/Unit/Handler/CertificateEngine/OpenSslHandlerTest.php b/tests/php/Unit/Handler/CertificateEngine/OpenSslHandlerTest.php index 658ec822d4..f810851b6e 100644 --- a/tests/php/Unit/Handler/CertificateEngine/OpenSslHandlerTest.php +++ b/tests/php/Unit/Handler/CertificateEngine/OpenSslHandlerTest.php @@ -8,6 +8,7 @@ use OCA\Libresign\Exception\EmptyCertificateException; use OCA\Libresign\Exception\InvalidPasswordException; +use OCA\Libresign\Exception\LibresignException; use OCA\Libresign\Handler\CertificateEngine\OpenSslHandler; use OCA\Libresign\Service\CertificatePolicyService; use OCP\Files\AppData\IAppDataFactory; @@ -72,6 +73,35 @@ public function testInvalidPassword(): void { $signerInstance->readCertificate($certificateContent, 'invalid password'); } + public function testMaxLengthOfDistinguishedNamesWithSuccess(): void { + // Create root cert + $rootInstance = $this->getInstance(); + $rootInstance->generateRootCert('', []); + + // Create signer cert + $signerInstance = $this->getInstance(); + $longName = str_repeat('a', 64); + $signerInstance->setCommonName($longName); + $signerInstance->setPassword('123456'); + $certificateContent = $signerInstance->generateCertificate(); + $parsed = $signerInstance->readCertificate($certificateContent, '123456'); + $this->assertEquals($longName, $parsed['subject']['CN']); + } + + public function testBiggerThanMaxLengthOfDistinguishedNamesWithError(): void { + // Create root cert + $rootInstance = $this->getInstance(); + $rootInstance->generateRootCert('', []); + + // Create signer cert + $signerInstance = $this->getInstance(); + $longName = str_repeat('a', 65); + $signerInstance->setCommonName($longName); + $signerInstance->setPassword('123456'); + $this->expectException(LibresignException::class); + $signerInstance->generateCertificate(); + } + /** * @dataProvider dataReadCertificate */