Generate certs for openssl tests on the fly

The idea is to create an easy way to provide a certificate that never
expires. In order to make it cross-platform, PHP is used rather than
openssl CLI app. Using openssl to generate certificates for tests that
test openssl might be not the best idea but pros seem to outweight cons
that this "recursice dependency" adds

Author: kamazee

ext/openssl/tests/CertificateGenerator.inc

@@ -0,0 +1,116 @@
+<?php
+
+class CertificateGenerator
+{
+    const CONFIG = __DIR__. DIRECTORY_SEPARATOR . 'openssl.cnf';
+
+    /** @var resource */
+    private $ca;
+
+    /** @var resource */
+    private $caKey;
+
+    /** @var resource|null */
+    private $lastCert;
+
+    /** @var resource|null */
+    private $lastKey;
+
+    public function __construct()
+    {
+        if (!extension_loaded('openssl')) {
+            throw new RuntimeException(
+                'openssl extension must be loaded to generate certificates'
+            );
+        }
+        $this->generateCa();
+    }
+
+    /**
+     * @param int|null $keyLength
+     * @return resource
+     */
+    private static function generateKey($keyLength = null)
+    {
+        if (null === $keyLength) {
+            $keyLength = 2048;
+        }
+
+        return openssl_pkey_new([
+            'private_key_bits' => $keyLength,
+            'private_key_type' => OPENSSL_KEYTYPE_RSA,
+            'encrypt_key' => false,
+        ]);
+    }
+
+    private function generateCa()
+    {
+        $this->caKey = self::generateKey();
+        $dn = [
+            'countryName' => 'GB',
+            'stateOrProvinceName' => 'Berkshire',
+            'localityName' => 'Newbury',
+            'organizationName' => 'Example Certificate Authority',
+            'commonName' => 'CA for PHP Tests'
+        ];
+
+        $this->ca = openssl_csr_sign(
+            openssl_csr_new(
+                $dn,
+                $this->caKey,
+                [
+                    'x509_extensions' => 'v3_ca',
+                    'config' => self::CONFIG,
+                ]
+            ),
+            null,
+            $this->caKey,
+            2
+        );
+    }
+
+    public function getCaCert()
+    {
+        $output = '';
+        openssl_x509_export($this->ca, $output);
+
+        return $output;
+    }
+
+    public function saveCaCert($file)
+    {
+        openssl_x509_export_to_file($this->ca, $file);
+    }
+
+    public function saveNewCertAsFileWithKey($commonNameForCert, $file, $keyLength = null)
+    {
+        $dn = [
+            'countryName' => 'BY',
+            'stateOrProvinceName' => 'Minsk',
+            'localityName' => 'Minsk',
+            'organizationName' => 'Example Org',
+            'commonName' => $commonNameForCert,
+        ];
+
+        $this->lastKey = self::generateKey($keyLength);
+        $this->lastCert = openssl_csr_sign(
+            openssl_csr_new($dn, $this->lastKey, ['req_extensions' => 'v3_req']),
+            $this->ca,
+            $this->caKey,
+            2
+        );
+
+        $certText = '';
+        openssl_x509_export($this->lastCert, $certText);
+
+        $keyText = '';
+        openssl_pkey_export($this->lastKey, $keyText);
+
+        file_put_contents($file, $certText . PHP_EOL . $keyText);
+    }
+
+    public function getCertDigest($algo)
+    {
+        return openssl_x509_fingerprint($this->lastCert, $algo);
+    }
+}

ext/openssl/tests/bug46127.pem

@@ -1,17 +1,19 @@
 --TEST--
-#46127, openssl_sign/verify: accept different algos
+#46127 php_openssl_tcp_sockop_accept forgets to set context on accepted stream
 --SKIPIF--
 <?php
 if (!extension_loaded("openssl")) die("skip openssl not loaded");
 if (!function_exists("proc_open")) die("skip no proc_open");
 ?>
 --FILE--
 <?php
+$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug46127.pem.tmp';
+
 $serverCode = <<<'CODE'
     $serverUri = "ssl://127.0.0.1:64321";
     $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
     $serverCtx = stream_context_create(['ssl' => [
-        'local_cert' => __DIR__ . '/bug46127.pem',
+        'local_cert' => '%s',
     ]]);
 
     $sock = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@@ -20,6 +22,7 @@ $serverCode = <<<'CODE'
     $link = stream_socket_accept($sock);
     fwrite($link, "Sending bug 46127\n");
 CODE;
+$serverCode = sprintf($serverCode, $certFile);
 
 $clientCode = <<<'CODE'
     $serverUri = "ssl://127.0.0.1:64321";
@@ -36,8 +39,16 @@ $clientCode = <<<'CODE'
     echo fgets($sock);
 CODE;
 
+include 'CertificateGenerator.inc';
+$certificateGenerator = new CertificateGenerator();
+$certificateGenerator->saveNewCertAsFileWithKey('bug46127', $certFile);
+
 include 'ServerClientTestCase.inc';
 ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
 ?>
+--CLEAN--
+<?php
+@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug46127.pem.tmp');
+?>
 --EXPECT--
 Sending bug 46127

ext/openssl/tests/bug46127.phpt

@@ -7,11 +7,14 @@ if (!function_exists("proc_open")) die("skip no proc_open");
 ?>
 --FILE--
 <?php
+$certFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug48182.pem.tmp';
+$cacertFile = __DIR__ . DIRECTORY_SEPARATOR . 'bug48182-ca.pem.tmp';
+
 $serverCode = <<<'CODE'
     $serverUri = "ssl://127.0.0.1:64321";
     $serverFlags = STREAM_SERVER_BIND | STREAM_SERVER_LISTEN;
     $serverCtx = stream_context_create(['ssl' => [
-        'local_cert' => __DIR__ . '/bug54992.pem'
+        'local_cert' => '%s'
     ]]);
 
     $server = stream_socket_server($serverUri, $errno, $errstr, $serverFlags, $serverCtx);
@@ -22,13 +25,15 @@ $serverCode = <<<'CODE'
     $data = "Sending bug48182\n" . fread($client, 8192);
     fwrite($client, $data);
 CODE;
+$serverCode = sprintf($serverCode, $certFile);
 
+$peerName = 'bug48182';
 $clientCode = <<<'CODE'
     $serverUri = "ssl://127.0.0.1:64321";
     $clientFlags = STREAM_CLIENT_CONNECT | STREAM_CLIENT_ASYNC_CONNECT;
     $clientCtx = stream_context_create(['ssl' => [
-        'cafile' => __DIR__ . '/bug54992-ca.pem',
-        'peer_name' => 'bug54992.local'
+        'cafile' => '%s',
+        'peer_name' => '%s'
     ]]);
 
     phpt_wait();
@@ -39,13 +44,24 @@ $clientCode = <<<'CODE'
     fwrite($client, $data);
     echo fread($client, 1024);
 CODE;
+$clientCode = sprintf($clientCode, $cacertFile, $peerName);
 
 echo "Running bug48182\n";
 
+include 'CertificateGenerator.inc';
+$certificateGenerator = new CertificateGenerator();
+$certificateGenerator->saveCaCert($cacertFile);
+$certificateGenerator->saveNewCertAsFileWithKey($peerName, $certFile);
+
 include 'ServerClientTestCase.inc';
 ServerClientTestCase::getInstance()->run($clientCode, $serverCode);
 ?>
---EXPECTF--
+--CLEAN--
+<?php
+@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug48182.pem.tmp');
+@unlink(__DIR__ . DIRECTORY_SEPARATOR . 'bug48182-ca.pem.tmp');
+?>
+--EXPECT--
 Running bug48182
 Sending bug48182
 Sending data over to SSL server in async mode with contents like Hello World