WordPress.org

Make WordPress Core

Ticket #47186: 47186.tests.diff

File 47186.tests.diff, 2.5 KB (added by dd32, 15 months ago)

Unit tests which verify verify_file_signature() operates and works within a reasonable timeframe, and that it fails to validate an invalid signature.

  • tests/phpunit/tests/file.php

    diff --git a/tests/phpunit/tests/file.php b/tests/phpunit/tests/file.php
    index 25a417e512..d36824e4df 100644
    a b function data_wp_tempnam_filenames() { 
    183183                );
    184184        }
    185185
     186        /**
     187         * @ticket 47186
     188         */
     189        function test_file_signature_functions_as_expected() {
     190                $file = wp_tempnam();
     191                file_put_contents( $file, 'WordPress' );
     192
     193                // The signature of 'WordPress' after SHA384 hashing, for verification against the key within self::filter_trust_plus85Tq_key().
     194                $expected_signature = 'PmNv0b1ziwJAsVhjdpjd4+PQZidZWSlBm5b+GbbwE9m9HVKDFhEyvyRTHkRYOLypB8P2YvbW7CoOMZqGh8mEAA==';
     195
     196                add_filter( 'wp_trusted_keys', array( $this, 'filter_trust_plus85Tq_key' ) );
     197
     198                // Measure how long the call takes.
     199                $timer_start = microtime( 1 );
     200                $verify      = verify_file_signature( $file, $expected_signature, 'WordPress' );
     201                $timer_end   = microtime( 1 );
     202                $time_taken  = ( $timer_end - $timer_start );
     203
     204                unlink( $file );
     205                remove_filter( 'wp_trusted_keys', array( $this, 'filter_trust_plus85Tq_key' ) );
     206
     207                // verify_file_signature() should intentionally never take more than 10s to run.
     208                $this->assertLessThan( 10, $time_taken, 'verify_file_signature() took longer than 10 seconds.' );
     209
     210                // Check to see if the system parameters prevent signature verifications.
     211                if ( is_wp_error( $verify ) && 'signature_verification_unsupported' == $verify->get_error_code() ) {
     212                        $this->markTestSkipped( 'This system does not support Signature Verification.' );
     213                }
     214
     215                $this->assertNotWPError( $verify );
     216                $this->assertTrue( $verify );
     217        }
     218
     219        /**
     220         * @ticket 47186
     221         */
     222        function test_file_signature_expected_failure() {
     223                $file = wp_tempnam();
     224                file_put_contents( $file, 'WordPress' );
     225
     226                // Test an invalid signature.
     227                $expected_signature = base64_encode( str_repeat( 'A', SODIUM_CRYPTO_SIGN_PUBLICKEYBYTES ) );
     228                $verify             = verify_file_signature( $file, $expected_signature, 'WordPress' );
     229                unlink( $file );
     230
     231                if ( is_wp_error( $verify ) && 'signature_verification_unsupported' == $verify->get_error_code() ) {
     232                        $this->markTestSkipped( 'This system does not support Signature Verification.' );
     233                }
     234
     235                $this->assertWPError( $verify );
     236                $this->assertEquals( 'signature_verification_failed', $verify->get_error_code() );
     237        }
     238
     239        function filter_trust_plus85Tq_key( $keys ) {
     240                // A static once-off key used to verify verify_file_signature() works as expected.
     241                $keys[] = '+85TqMhxQVAYVW4BSCVkJQvZH4q7z8I9lePbvngvf7A=';
     242
     243                return $keys;
     244        }
    186245}