Skip to content

Commit 5afc38d

Browse files
vitormattosvitormattos
committed
test: validate click-to-sign revocation timestamp offset
Signed-off-by: Vitor Mattos <[email protected]>
1 parent 0b4fdd8 commit 5afc38d

1 file changed

Lines changed: 34 additions & 3 deletions

File tree

tests/php/Unit/Listener/RevokeClickToSignCertificateListenerTest.php

Lines changed: 34 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -86,7 +86,9 @@ public function testRevokeClickToSignCertificateUsingSupersededReasonCode(): voi
8686
$serialNumber,
8787
CRLReason::SUPERSEDED,
8888
$this->anything(),
89-
$this->anything()
89+
$this->anything(),
90+
null,
91+
$this->isInstanceOf(\DateTime::class),
9092
)
9193
->willReturn(true);
9294

@@ -102,7 +104,9 @@ public function testRevocationMustBeAttributedToSystemUser(): void {
102104
$this->anything(),
103105
$this->anything(),
104106
$this->anything(),
105-
'system'
107+
'system',
108+
null,
109+
$this->isInstanceOf(\DateTime::class),
106110
)
107111
->willReturn(true);
108112

@@ -122,7 +126,9 @@ public function testRevocationMessageMustExplainTemporaryCertificateForAuditPurp
122126
$this->stringContains('click-to-sign'),
123127
$this->stringContains('revoked after document signing')
124128
),
125-
$this->anything()
129+
$this->anything(),
130+
null,
131+
$this->isInstanceOf(\DateTime::class),
126132
)
127133
->willReturn(true);
128134

@@ -157,6 +163,31 @@ public function testLogDebugWhenRevocationSucceeds(): void {
157163
$this->listener->handle($event);
158164
}
159165

166+
public function testRevocationDateIsSetAtLeastOneSecondInFutureToAvoidTimestampTie(): void {
167+
$event = $this->createSignedEvent(true, 'OFFSET_123');
168+
$beforeCall = new \DateTime();
169+
170+
$this->crlService->expects($this->once())
171+
->method('revokeCertificate')
172+
->with(
173+
$this->anything(),
174+
$this->anything(),
175+
$this->anything(),
176+
$this->anything(),
177+
null,
178+
$this->callback(function ($revokedAt) use ($beforeCall): bool {
179+
if (!($revokedAt instanceof \DateTime)) {
180+
return false;
181+
}
182+
$delta = $revokedAt->getTimestamp() - $beforeCall->getTimestamp();
183+
return $delta >= 1;
184+
})
185+
)
186+
->willReturn(true);
187+
188+
$this->listener->handle($event);
189+
}
190+
160191
private function createSignedEvent(bool $signedWithoutPassword, ?string $certificateSerialHex): SignedEvent {
161192
$signRequest = new SignRequest();
162193
$signRequest->setId(123);

0 commit comments

Comments
 (0)