[moodle.git] / lib / tests / upgrade_util_test.php

<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.

/**
 * Upgrade utility class  tests.
 *
 * @package    core
 * @copyright  2016 Cameron Ball <cameron@cameron1729.xyz>
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */

defined('MOODLE_INTERNAL') || die();

// Hack to let tests run on travis..
defined('CURL_SSLVERSION_TLSv1_2') || define('CURL_SSLVERSION_TLSv1_2', 6);

/**
 * Upgrade utility class tests.
 *
 * @package   core
 * @copyright 2016 Cameron Ball <cameron@cameron1729.xyz>
 * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */
class upgrade_util_testcase extends advanced_testcase {

    /**
     * A cURL version that supports TLS 1.2.
     */
    const VALID_CURL_VERSION = 467456;

    /**
     * A cURL version that does not support TLS 1.2.
     */
    const INVALID_CURL_VERSION = 467455;

    /**
     * The value of PHP_ZTS when thread safety is enabled.
     */
    const PHP_ZTS_ENABLED = 1;

    /**
     * The value of PHP_ZTS when thread safety is disabled.
     */
    const PHP_ZTS_DISABLED = 0;

    /**
     * Test PHP/cURL validation.
     *
     * @dataProvider validate_php_curl_tls_testcases()
     * @param array $curlinfo server curl_version array
     * @param int   $zts      0 or 1 as defined by PHP_ZTS
     * @param bool  $expected expected result
     */
    public function test_validate_php_curl_tls($curlinfo, $zts, $expected) {
        $this->assertSame($expected, \core\upgrade\util::validate_php_curl_tls($curlinfo, $zts));
    }

    /**
     * Test cases for validate_php_curl_tls test.
     */
    public function validate_php_curl_tls_testcases() {
        $base = curl_version();

        return [
            'Not threadsafe - Valid SSL (GnuTLS)' => [
                ['ssl_version' => 'GnuTLS/4.20'] + $base,
                self::PHP_ZTS_DISABLED,
                true
            ],
            'Not threadsafe - Valid SSL (OpenSSL)' => [
                ['ssl_version' => 'OpenSSL'] + $base,
                self::PHP_ZTS_DISABLED,
                true
            ],
            'Not threadsafe - Valid SSL (WinSSL)' => [
                ['ssl_version' => 'WinSSL'] + $base,
                self::PHP_ZTS_DISABLED,
                true
            ],
            'Not threadsafe - Invalid SSL' => [
                ['ssl_version' => ''] + $base,
                self::PHP_ZTS_DISABLED,
                false
            ],
            'Threadsafe - Valid SSL (OpenSSL)' => [
                ['ssl_version' => 'OpenSSL/1729'] + $base,
                self::PHP_ZTS_ENABLED,
                true
            ],
            'Threadsafe - Valid SSL (GnuTLS)' => [
                ['ssl_version' => 'GnuTLS/3.14'] + $base,
                self::PHP_ZTS_ENABLED,
                true
            ],
            'Threadsafe - Invalid SSL' => [
                ['ssl_version' => ''] + $base,
                self::PHP_ZTS_ENABLED,
                false
            ],
            'Threadsafe - Invalid SSL (but not empty)' => [
                ['ssl_version' => 'Not GnuTLS or OpenSSL'] + $base,
                self::PHP_ZTS_ENABLED,
                false
            ]
        ];
    }

    /**
     * Test various combinations of SSL/TLS libraries.
     *
     * @dataProvider can_use_tls12_testcases
     * @param string $sslversion the ssl_version string.
     * @param string|null $uname uname string (or null if not relevant)
     * @param bool $expected expected result
     */
    public function test_can_use_tls12($sslversion, $uname, $expected) {
        // Populate curlinfo with whats installed on this php install.
        $curlinfo = curl_version();

        // Set the curl values we are testing to the passed data.
        $curlinfo['ssl_version'] = $sslversion;
        $curlinfo['version_number'] = self::VALID_CURL_VERSION;

        // Set uname to system value if none passed in test case.
        $uname = !empty($uname) ? $uname : php_uname('r');

        $this->assertSame($expected, \core\upgrade\util::can_use_tls12($curlinfo, $uname));

        // Now set the curl version to outdated one.
        $curlinfo['version_number'] = self::INVALID_CURL_VERSION;
        // Tls12 should never be possible now curl version is bad.
        $this->assertFalse(\core\upgrade\util::can_use_tls12($curlinfo, $uname));
    }

    /**
     * Test cases for the can_use_tls12 test.
     * The returned data format is:
     *  [(string) ssl_version, (string|null) uname (null if not relevant), (bool) expectation ]
     *
     * @return array of testcases
     */
    public function can_use_tls12_testcases() {
        return [
            // Bad versions.
            ['OpenSSL/0.9.8o', null, false],
            ['GnuTLS/1.5.0', null, false],
            ['NSS/3.14.15', null, false],
            ['CyaSSL/0.9.9', null, false],
            ['wolfSSL/1.0.0', null, false],
            ['WinSSL', '5.1', false],
            ['SecureTransport', '10.7.5', false],
            // Lowest good version.
            ['OpenSSL/1.0.1c', null, true],
            ['GnuTLS/1.7.1', null, true],
            ['NSS/3.15.1 Basic ECC', null, true],
            ['CyaSSL/1.1.0', null, true],
            ['wolfSSL/1.1.0', null, true],
            ['WinSSL', '6.1', true],
            ['SecureTransport', '10.8.0', true],
            // More higher good versions.
            ['OpenSSL/1.0.1t', null, true],
            ['GnuTLS/1.8.1', null, true],
            ['NSS/3.17.2 Basic ECC', null, true],
            ['CyaSSL/1.2.0', null, true],
            ['wolfSSL/1.2.0', null, true],
            ['WinSSL', '7.0', true],
            ['SecureTransport', '10.9.0', true],
        ];
    }
}
Commit	Line	Data
ab3759ff CB	1	<?php
	2	// This file is part of Moodle - http://moodle.org/
	3	//
	4	// Moodle is free software: you can redistribute it and/or modify
	5	// it under the terms of the GNU General Public License as published by
	6	// the Free Software Foundation, either version 3 of the License, or
	7	// (at your option) any later version.
	8	//
	9	// Moodle is distributed in the hope that it will be useful,
	10	// but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	// GNU General Public License for more details.
	13	//
	14	// You should have received a copy of the GNU General Public License
	15	// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
	16
	17	/**
	18	* Upgrade utility class tests.
	19	*
	20	* @package core
	21	* @copyright 2016 Cameron Ball <cameron@cameron1729.xyz>
	22	* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
	23	*/
	24
	25	defined('MOODLE_INTERNAL') \|\| die();
	26
636ec501 DP	27	// Hack to let tests run on travis..
	28	defined('CURL_SSLVERSION_TLSv1_2') \|\| define('CURL_SSLVERSION_TLSv1_2', 6);
	29
ab3759ff CB	30	/**
	31	* Upgrade utility class tests.
	32	*
	33	* @package core
	34	* @copyright 2016 Cameron Ball <cameron@cameron1729.xyz>
	35	* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
	36	*/
	37	class upgrade_util_testcase extends advanced_testcase {
	38
	39	/**
	40	* A cURL version that supports TLS 1.2.
	41	*/
	42	const VALID_CURL_VERSION = 467456;
	43
	44	/**
	45	* A cURL version that does not support TLS 1.2.
	46	*/
	47	const INVALID_CURL_VERSION = 467455;
	48
	49	/**
	50	* The value of PHP_ZTS when thread safety is enabled.
	51	*/
	52	const PHP_ZTS_ENABLED = 1;
	53
	54	/**
	55	* The value of PHP_ZTS when thread safety is disabled.
	56	*/
	57	const PHP_ZTS_DISABLED = 0;
	58
	59	/**
	60	* Test PHP/cURL validation.
	61	*
	62	* @dataProvider validate_php_curl_tls_testcases()
	63	* @param array $curlinfo server curl_version array
	64	* @param int $zts 0 or 1 as defined by PHP_ZTS
	65	* @param bool $expected expected result
	66	*/
	67	public function test_validate_php_curl_tls($curlinfo, $zts, $expected) {
4089c42e	68	$this->assertSame($expected, \core\upgrade\util::validate_php_curl_tls($curlinfo, $zts));
ab3759ff CB	69	}
	70
	71	/**
	72	* Test cases for validate_php_curl_tls test.
	73	*/
	74	public function validate_php_curl_tls_testcases() {
	75	$base = curl_version();
	76
	77	return [
	78	'Not threadsafe - Valid SSL (GnuTLS)' => [
	79	['ssl_version' => 'GnuTLS/4.20'] + $base,
	80	self::PHP_ZTS_DISABLED,
	81	true
	82	],
	83	'Not threadsafe - Valid SSL (OpenSSL)' => [
	84	['ssl_version' => 'OpenSSL'] + $base,
	85	self::PHP_ZTS_DISABLED,
	86	true
	87	],
	88	'Not threadsafe - Valid SSL (WinSSL)' => [
	89	['ssl_version' => 'WinSSL'] + $base,
	90	self::PHP_ZTS_DISABLED,
	91	true
	92	],
	93	'Not threadsafe - Invalid SSL' => [
	94	['ssl_version' => ''] + $base,
	95	self::PHP_ZTS_DISABLED,
	96	false
	97	],
	98	'Threadsafe - Valid SSL (OpenSSL)' => [
	99	['ssl_version' => 'OpenSSL/1729'] + $base,
	100	self::PHP_ZTS_ENABLED,
	101	true
	102	],
	103	'Threadsafe - Valid SSL (GnuTLS)' => [
	104	['ssl_version' => 'GnuTLS/3.14'] + $base,
	105	self::PHP_ZTS_ENABLED,
	106	true
	107	],
	108	'Threadsafe - Invalid SSL' => [
	109	['ssl_version' => ''] + $base,
	110	self::PHP_ZTS_ENABLED,
	111	false
	112	],
	113	'Threadsafe - Invalid SSL (but not empty)' => [
	114	['ssl_version' => 'Not GnuTLS or OpenSSL'] + $base,
	115	self::PHP_ZTS_ENABLED,
	116	false
	117	]
	118	];
	119	}
	120
	121	/**
	122	* Test various combinations of SSL/TLS libraries.
	123	*
	124	* @dataProvider can_use_tls12_testcases
4089c42e DP	125	* @param string $sslversion the ssl_version string.
	126	* @param string\|null $uname uname string (or null if not relevant)
	127	* @param bool $expected expected result
ab3759ff	128	*/
4089c42e DP	129	public function test_can_use_tls12($sslversion, $uname, $expected) {
	130	// Populate curlinfo with whats installed on this php install.
	131	$curlinfo = curl_version();
ab3759ff	132
4089c42e DP	133	// Set the curl values we are testing to the passed data.
	134	$curlinfo['ssl_version'] = $sslversion;
	135	$curlinfo['version_number'] = self::VALID_CURL_VERSION;
ab3759ff	136
4089c42e DP	137	// Set uname to system value if none passed in test case.
	138	$uname = !empty($uname) ? $uname : php_uname('r');
	139
	140	$this->assertSame($expected, \core\upgrade\util::can_use_tls12($curlinfo, $uname));
	141
	142	// Now set the curl version to outdated one.
	143	$curlinfo['version_number'] = self::INVALID_CURL_VERSION;
	144	// Tls12 should never be possible now curl version is bad.
	145	$this->assertFalse(\core\upgrade\util::can_use_tls12($curlinfo, $uname));
ab3759ff CB	146	}
	147
	148	/**
4089c42e DP	149	* Test cases for the can_use_tls12 test.
	150	* The returned data format is:
	151	* [(string) ssl_version, (string\|null) uname (null if not relevant), (bool) expectation ]
ab3759ff CB	152	*
	153	* @return array of testcases
	154	*/
	155	public function can_use_tls12_testcases() {
4089c42e DP	156	return [
	157	// Bad versions.
	158	['OpenSSL/0.9.8o', null, false],
	159	['GnuTLS/1.5.0', null, false],
	160	['NSS/3.14.15', null, false],
	161	['CyaSSL/0.9.9', null, false],
	162	['wolfSSL/1.0.0', null, false],
	163	['WinSSL', '5.1', false],
	164	['SecureTransport', '10.7.5', false],
	165	// Lowest good version.
	166	['OpenSSL/1.0.1c', null, true],
	167	['GnuTLS/1.7.1', null, true],
	168	['NSS/3.15.1 Basic ECC', null, true],
	169	['CyaSSL/1.1.0', null, true],
	170	['wolfSSL/1.1.0', null, true],
	171	['WinSSL', '6.1', true],
	172	['SecureTransport', '10.8.0', true],
	173	// More higher good versions.
	174	['OpenSSL/1.0.1t', null, true],
	175	['GnuTLS/1.8.1', null, true],
	176	['NSS/3.17.2 Basic ECC', null, true],
	177	['CyaSSL/1.2.0', null, true],
	178	['wolfSSL/1.2.0', null, true],
	179	['WinSSL', '7.0', true],
	180	['SecureTransport', '10.9.0', true],
ab3759ff	181	];
ab3759ff CB	182	}
ab3759ff CB	183	}