45 lines
1.3 KiB
PHP
45 lines
1.3 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace Tests\Unit;
|
|
|
|
use PHPUnit\Framework\TestCase;
|
|
use App\Services\Security\HmacService;
|
|
|
|
final class HmacTest extends TestCase
|
|
{
|
|
private HmacService $service;
|
|
|
|
protected function setUp(): void
|
|
{
|
|
$this->service = new HmacService();
|
|
}
|
|
|
|
public function test_it_verifies_valid_signature(): void
|
|
{
|
|
$secret = 'test-secret';
|
|
$nonce = 'nonce-123';
|
|
$timestamp = (string)time();
|
|
$payload = json_encode(['foo' => 'bar']);
|
|
|
|
$signature = $this->service->sign($secret, 'POST', '/api/v1/test', $timestamp, $nonce, $payload);
|
|
|
|
$this->assertTrue($this->service->verify($secret, 'POST', '/api/v1/test', $timestamp, $nonce, $payload, $signature));
|
|
}
|
|
|
|
public function test_it_rejects_tampered_payload(): void
|
|
{
|
|
$secret = 'test-secret';
|
|
$nonce = 'nonce-123';
|
|
$timestamp = (string)time();
|
|
$payload = json_encode(['foo' => 'bar']);
|
|
|
|
$signature = $this->service->sign($secret, 'POST', '/api/v1/test', $timestamp, $nonce, $payload);
|
|
|
|
$tamperedPayload = json_encode(['foo' => 'baz']);
|
|
|
|
$this->assertFalse($this->service->verify($secret, 'POST', '/api/v1/test', $timestamp, $nonce, $tamperedPayload, $signature));
|
|
}
|
|
}
|