test: expand CRL extractor coverage with RFC-driven data provider

vitormattos · vitormattos · commit 181e5791cdec · 2026-04-25T13:47:05.000-03:00
Signed-off-by: Vitor Mattos &lt;1079143+vitormattos@users.noreply.github.com&gt;
diff --git a/lib/Service/Crl/CrlDistributionPointsExtractor.php b/lib/Service/Crl/CrlDistributionPointsExtractor.php
@@ -46,7 +46,7 @@ public function extractFromExtensions(array $extensions): array {
 
 		$urls = [];
 		foreach ($values as $value) {
-			preg_match_all('/URI\s*:\s*([^\s,\n]+)/i', $value, $matches);
+			preg_match_all('/URI\s*:\s*([^\s\n]+)/i', $value, $matches);
 			if (!empty($matches[1])) {
 				$urls = [...$urls, ...$matches[1]];
 			}
diff --git a/tests/php/Unit/Service/Crl/CrlDistributionPointsExtractorTest.php b/tests/php/Unit/Service/Crl/CrlDistributionPointsExtractorTest.php
@@ -10,6 +10,7 @@
 namespace OCA\Libresign\Tests\Unit\Service\Crl;
 
 use OCA\Libresign\Service\Crl\CrlDistributionPointsExtractor;
+use PHPUnit\Framework\Attributes\DataProvider;
 use PHPUnit\Framework\TestCase;
 
 final class CrlDistributionPointsExtractorTest extends TestCase {
@@ -19,30 +20,79 @@ protected function setUp(): void {
 		$this->extractor = new CrlDistributionPointsExtractor();
 	}
 
-	public function testExtractFromOidExtensionName(): void {
-		$result = $this->extractor->extractFromExtensions([
-			'2.5.29.31' => "Full Name:\nURI:https://example.org/crl/root.crl",
-		]);
+	#[DataProvider('crlDistributionPointExtractionProvider')]
+	public function testExtractFromExtensions(array $extensions, bool $expectedHasExtension, array $expectedUrls): void {
+		$result = $this->extractor->extractFromExtensions($extensions);
 
-		$this->assertTrue($result['hasExtension']);
-		$this->assertSame(['https://example.org/crl/root.crl'], $result['urls']);
+		$this->assertSame($expectedHasExtension, $result['hasExtension']);
+		$this->assertSame($expectedUrls, $result['urls']);
 	}
 
-	public function testExtractFromX509LabelExtensionName(): void {
-		$result = $this->extractor->extractFromExtensions([
-			'X509v3 CRL Distribution Points' => "Full Name:\n URI : https://example.org/crl/issuer.crl",
-		]);
-
-		$this->assertTrue($result['hasExtension']);
-		$this->assertSame(['https://example.org/crl/issuer.crl'], $result['urls']);
-	}
-
-	public function testIgnoreUnknownExtensionNameWithSimilarText(): void {
-		$result = $this->extractor->extractFromExtensions([
-			'Issuer CRL Distribution Points' => "Full Name:\nURI:https://example.org/crl/issuer.crl",
-		]);
-
-		$this->assertFalse($result['hasExtension']);
-		$this->assertSame([], $result['urls']);
+	/**
+	 * RFC 5280 4.2.1.13 defines cRLDistributionPoints as DistributionPointName
+	 * with URI represented in GeneralNames. Tests cover common OpenSSL textual
+	 * outputs for HTTP and LDAP URIs and multiple distribution points.
+	 *
+	 * @return array<string, array{0: array<string, mixed>, 1: bool, 2: list<string>}>
+	 */
+	public static function crlDistributionPointExtractionProvider(): array {
+		return [
+			'oid-extension-with-http-uri' => [
+				[
+					'2.5.29.31' => "Full Name:\nURI:https://example.org/crl/root.crl",
+				],
+				true,
+				['https://example.org/crl/root.crl'],
+			],
+			'x509v3-label-with-http-uri' => [
+				[
+					'X509v3 CRL Distribution Points' => "Full Name:\n URI : https://example.org/crl/issuer.crl",
+				],
+				true,
+				['https://example.org/crl/issuer.crl'],
+			],
+			'rfc-ldap-uri-with-dn-and-query' => [
+				[
+					'crlDistributionPoints' => "Full Name:\nURI:ldap://ldap.example.com/cn=Example%20CA,ou=PKI,dc=example,dc=com?certificateRevocationList;binary",
+				],
+				true,
+				['ldap://ldap.example.com/cn=Example%20CA,ou=PKI,dc=example,dc=com?certificateRevocationList;binary'],
+			],
+			'multiple-distribution-points-in-single-extension' => [
+				[
+					'2.5.29.31' => "Full Name:\nURI:https://pki.example.org/root.crl\nFull Name:\nURI:ldap://ldap.example.org/cn=RootCA,dc=example,dc=org?certificateRevocationList;binary",
+				],
+				true,
+				[
+					'https://pki.example.org/root.crl',
+					'ldap://ldap.example.org/cn=RootCA,dc=example,dc=org?certificateRevocationList;binary',
+				],
+			],
+			'array-extension-value-and-duplicates' => [
+				[
+					'2.5.29.31' => [
+						'Full Name:',
+						'URI:https://example.org/crl/root.crl',
+						'URI:https://example.org/crl/root.crl',
+					],
+				],
+				true,
+				['https://example.org/crl/root.crl'],
+			],
+			'known-extension-without-uri' => [
+				[
+					'2.5.29.31' => 'Distribution Point Name: relativeName=CN=DP1',
+				],
+				true,
+				[],
+			],
+			'unknown-extension-name-should-not-match' => [
+				[
+					'Issuer CRL Distribution Points' => "Full Name:\nURI:https://example.org/crl/issuer.crl",
+				],
+				false,
+				[],
+			],
+		];
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@ public function extractFromExtensions(array $extensions): array {`
`46`	`46`
`47`	`47`	`$urls = [];`
`48`	`48`	`foreach ($values as $value) {`
`49`		`- preg_match_all('/URI\s:\s([^\s,\n]+)/i', $value, $matches);`
	`49`	`+ preg_match_all('/URI\s:\s([^\s\n]+)/i', $value, $matches);`
`50`	`50`	`if (!empty($matches[1])) {`
`51`	`51`	`$urls = [...$urls, ...$matches[1]];`
`52`	`52`	`}`