lib/tests/upgrade_util_test.php

   1 <?php
   2 // This file is part of Moodle - http://moodle.org/
   3 //
   4 // Moodle is free software: you can redistribute it and/or modify
   5 // it under the terms of the GNU General Public License as published by
   6 // the Free Software Foundation, either version 3 of the License, or
   7 // (at your option) any later version.
   8 //
   9 // Moodle is distributed in the hope that it will be useful,
  10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 // GNU General Public License for more details.
  13 //
  14 // You should have received a copy of the GNU General Public License
  15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 /**
  18  * Upgrade utility class  tests.
  19  *
  20  * @package    core
  21  * @copyright  2016 Cameron Ball <cameron@cameron1729.xyz>
  22  * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23  */
  24
  25 defined('MOODLE_INTERNAL') || die();
  26
  27 // Hack to let tests run on travis..
  28 defined('CURL_SSLVERSION_TLSv1_2') || define('CURL_SSLVERSION_TLSv1_2', 6);
  29
  30 /**
  31  * Upgrade utility class tests.
  32  *
  33  * @package   core
  34  * @copyright 2016 Cameron Ball <cameron@cameron1729.xyz>
  35  * @license   http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  36  */
  37 class upgrade_util_testcase extends advanced_testcase {
  38
  39     /**
  40      * A cURL version that supports TLS 1.2.
  41      */
  42     const VALID_CURL_VERSION = 467456;
  43
  44     /**
  45      * A cURL version that does not support TLS 1.2.
  46      */
  47     const INVALID_CURL_VERSION = 467455;
  48
  49     /**
  50      * The value of PHP_ZTS when thread safety is enabled.
  51      */
  52     const PHP_ZTS_ENABLED = 1;
  53
  54     /**
  55      * The value of PHP_ZTS when thread safety is disabled.
  56      */
  57     const PHP_ZTS_DISABLED = 0;
  58
  59     /**
  60      * Test PHP/cURL validation.
  61      *
  62      * @dataProvider validate_php_curl_tls_testcases()
  63      * @param array $curlinfo server curl_version array
  64      * @param int   $zts      0 or 1 as defined by PHP_ZTS
  65      * @param bool  $expected expected result
  66      */
  67     public function test_validate_php_curl_tls($curlinfo, $zts, $expected) {
  68         $this->assertSame($expected, \core\upgrade\util::validate_php_curl_tls($curlinfo, $zts));
  69     }
  70
  71     /**
  72      * Test cases for validate_php_curl_tls test.
  73      */
  74     public function validate_php_curl_tls_testcases() {
  75         $base = curl_version();
  76
  77         return [
  78             'Not threadsafe - Valid SSL (GnuTLS)' => [
  79                 ['ssl_version' => 'GnuTLS/4.20'] + $base,
  80                 self::PHP_ZTS_DISABLED,
  81                 true
  82             ],
  83             'Not threadsafe - Valid SSL (OpenSSL)' => [
  84                 ['ssl_version' => 'OpenSSL'] + $base,
  85                 self::PHP_ZTS_DISABLED,
  86                 true
  87             ],
  88             'Not threadsafe - Valid SSL (WinSSL)' => [
  89                 ['ssl_version' => 'WinSSL'] + $base,
  90                 self::PHP_ZTS_DISABLED,
  91                 true
  92             ],
  93             'Not threadsafe - Invalid SSL' => [
  94                 ['ssl_version' => ''] + $base,
  95                 self::PHP_ZTS_DISABLED,
  96                 false
  97             ],
  98             'Threadsafe - Valid SSL (OpenSSL)' => [
  99                 ['ssl_version' => 'OpenSSL/1729'] + $base,
 100                 self::PHP_ZTS_ENABLED,
 101                 true
 102             ],
 103             'Threadsafe - Valid SSL (GnuTLS)' => [
 104                 ['ssl_version' => 'GnuTLS/3.14'] + $base,
 105                 self::PHP_ZTS_ENABLED,
 106                 true
 107             ],
 108             'Threadsafe - Invalid SSL' => [
 109                 ['ssl_version' => ''] + $base,
 110                 self::PHP_ZTS_ENABLED,
 111                 false
 112             ],
 113             'Threadsafe - Invalid SSL (but not empty)' => [
 114                 ['ssl_version' => 'Not GnuTLS or OpenSSL'] + $base,
 115                 self::PHP_ZTS_ENABLED,
 116                 false
 117             ]
 118         ];
 119     }
 120
 121     /**
 122      * Test various combinations of SSL/TLS libraries.
 123      *
 124      * @dataProvider can_use_tls12_testcases
 125      * @param string $sslversion the ssl_version string.
 126      * @param string|null $uname uname string (or null if not relevant)
 127      * @param bool $expected expected result
 128      */
 129     public function test_can_use_tls12($sslversion, $uname, $expected) {
 130         // Populate curlinfo with whats installed on this php install.
 131         $curlinfo = curl_version();
 132
 133         // Set the curl values we are testing to the passed data.
 134         $curlinfo['ssl_version'] = $sslversion;
 135         $curlinfo['version_number'] = self::VALID_CURL_VERSION;
 136
 137         // Set uname to system value if none passed in test case.
 138         $uname = !empty($uname) ? $uname : php_uname('r');
 139
 140         $this->assertSame($expected, \core\upgrade\util::can_use_tls12($curlinfo, $uname));
 141
 142         // Now set the curl version to outdated one.
 143         $curlinfo['version_number'] = self::INVALID_CURL_VERSION;
 144         // Tls12 should never be possible now curl version is bad.
 145         $this->assertFalse(\core\upgrade\util::can_use_tls12($curlinfo, $uname));
 146     }
 147
 148     /**
 149      * Test cases for the can_use_tls12 test.
 150      * The returned data format is:
 151      *  [(string) ssl_version, (string|null) uname (null if not relevant), (bool) expectation ]
 152      *
 153      * @return array of testcases
 154      */
 155     public function can_use_tls12_testcases() {
 156         return [
 157             // Bad versions.
 158             ['OpenSSL/0.9.8o', null, false],
 159             ['GnuTLS/1.5.0', null, false],
 160             ['NSS/3.14.15', null, false],
 161             ['CyaSSL/0.9.9', null, false],
 162             ['wolfSSL/1.0.0', null, false],
 163             ['WinSSL', '5.1', false],
 164             ['SecureTransport', '10.7.5', false],
 165             // Lowest good version.
 166             ['OpenSSL/1.0.1c', null, true],
 167             ['GnuTLS/1.7.1', null, true],
 168             ['NSS/3.15.1 Basic ECC', null, true],
 169             ['CyaSSL/1.1.0', null, true],
 170             ['wolfSSL/1.1.0', null, true],
 171             ['WinSSL', '6.1', true],
 172             ['SecureTransport', '10.8.0', true],
 173             // More higher good versions.
 174             ['OpenSSL/1.0.1t', null, true],
 175             ['GnuTLS/1.8.1', null, true],
 176             ['NSS/3.17.2 Basic ECC', null, true],
 177             ['CyaSSL/1.2.0', null, true],
 178             ['wolfSSL/1.2.0', null, true],
 179             ['WinSSL', '7.0', true],
 180             ['SecureTransport', '10.9.0', true],
 181         ];
 182     }
 183 }