Added uzi server cert functionality (#23)

* Added validator callback

* fix phpci

* Added serial number for server certs

* fixed line length

src/UziReader.php

@@ -30,19 +30,19 @@ public function getDataFromRequest(Request $request): ?UziUser
             return null;
         }
 
+        $uziInfo = new UziUser();
+
         // Check if the certificate is a UZI certificate
-        $surName = null;
-        $givenName = null;
         foreach ($cert['tbsCertificate']['subject']['rdnSequence'] as $sequence) {
             $data = reset($sequence);
             if ($data['type'] === 'id-at-surname') {
-                $surName = $data['value']['utf8String'];
+                $uziInfo->setSurName($data['value']['utf8String']);
             }
             if ($data['type'] === 'id-at-givenName') {
-                $givenName = $data['value']['utf8String'];
+                $uziInfo->setGivenName($data['value']['utf8String']);
             }
-            if ($givenName && $surName) {
-                break;
+            if ($data['type'] === 'id-at-serialNumber') {
+                $uziInfo->setSerialNumber($data['value']['printableString']);
             }
         }
 
@@ -53,7 +53,7 @@ public function getDataFromRequest(Request $request): ?UziUser
 
             foreach ($extension['extnValue'] as $value) {
                 if (!isset($value['otherName']) || $value['otherName']['type-id'] !== UziConstants::OID_IA5STRING) {
-                    continue;
+                    return null;
                 }
 
                 if (!isset($value['otherName']['value']['ia5String'])) {
@@ -78,20 +78,16 @@ public function getDataFromRequest(Request $request): ?UziUser
                 if (!is_array($data) || count($data) < 6) {
                     return null;
                 }
-
-                $user = new UziUser();
-                $user->setGivenName($givenName ?? "");
-                $user->setSurName($surName ?? "");
-                $user->setOidCa($data[0]);
-                $user->setUziVersion($data[1]);
-                $user->setUziNumber($data[2]);
-                $user->setCardType($data[3]);
-                $user->setSubscriberNumber($data[4]);
-                $user->setRole($data[5]);
-                $user->setAgbCode($data[6]);
-
-                return $user;
+                $uziInfo->setOidCa($data[0]);
+                $uziInfo->setUziVersion($data[1]);
+                $uziInfo->setUziNumber($data[2]);
+                $uziInfo->setCardType($data[3]);
+                $uziInfo->setSubscriberNumber($data[4]);
+                $uziInfo->setRole($data[5]);
+                $uziInfo->setAgbCode($data[6]);
             }
+
+            return $uziInfo;
         }
 
         return null;

src/UziUser.php

@@ -18,6 +18,7 @@ class UziUser implements \JsonSerializable
     protected string $sur_name = "";
     protected string $uzi_number = "";
     protected string $uzi_version = "";
+    protected string $serial_number = "";
 
     /**
      * @return string
@@ -163,6 +164,22 @@ public function setUziVersion(string $uzi_version): void
         $this->uzi_version = $uzi_version;
     }
 
+    /**
+     * @return string
+     */
+    public function getSerialNumber(): string
+    {
+        return $this->serial_number;
+    }
+
+    /**
+     * @param string $serial_number
+     */
+    public function setSerialNumber(string $serial_number): void
+    {
+        $this->serial_number = $serial_number;
+    }
+
     #[\ReturnTypeWillChange]
     public function jsonSerialize()
     {
@@ -183,7 +200,8 @@ public function toArray(): array
             'subscriber_number' => $this->getSubscriberNumber(),
             'sur_name' => $this->getSurName(),
             'uzi_number' => $this->getUziNumber(),
-            'uzi_version' => $this->getUziVersion()
+            'uzi_version' => $this->getUziVersion(),
+            'serial_number' => $this->getSerialNumber(),
         ];
     }
 }

tests/UziReaderTest.php

@@ -133,6 +133,7 @@ public function testCheckValidCert(): void
         $this->assertEquals('doe-12345678', $uziInfo->getSurName());
         $this->assertEquals('12345678', $uziInfo->getUziNumber());
         $this->assertEquals('1', $uziInfo->getUziVersion());
+        $this->assertEquals('', $uziInfo->getSerialNumber());
     }
 
     public function testCheckValidAdminCert(): void
@@ -155,5 +156,32 @@ public function testCheckValidAdminCert(): void
         $this->assertEquals('doe-11111111', $uziInfo->getSurName());
         $this->assertEquals('11111111', $uziInfo->getUziNumber());
         $this->assertEquals('1', $uziInfo->getUziVersion());
+        $this->assertEquals('', $uziInfo->getSerialNumber());
+    }
+
+    public function testCheckValidServerCert(): void
+    {
+        $uzi = new UziReader();
+
+        $request = new Request();
+        $request->server->set('SSL_CLIENT_VERIFY', "SUCCESS");
+        $request->server->set(
+            'SSL_CLIENT_CERT',
+            file_get_contents(__DIR__ . '/certs/mock-022-correct-server-cert.cert')
+        );
+
+        /** @var UziUser $uziInfo */
+        $uziInfo = $uzi->getDataFromRequest($request);
+
+        $this->assertEquals('00000000', $uziInfo->getAgbCode());
+        $this->assertEquals('S', $uziInfo->getCardType());
+        $this->assertEquals('', $uziInfo->getGivenName());
+        $this->assertEquals('2.16.528.1.1003.1.3.5.5.2', $uziInfo->getOidCa());
+        $this->assertEquals('00.000', $uziInfo->getRole());
+        $this->assertEquals('90000123', $uziInfo->getSubscriberNumber());
+        $this->assertEquals('', $uziInfo->getSurName());
+        $this->assertEquals('12345678', $uziInfo->getUziNumber());
+        $this->assertEquals('1', $uziInfo->getUziVersion());
+        $this->assertEquals('1234ABCD', $uziInfo->getSerialNumber());
     }
 }

tests/certs/generate-mock-certs.sh

@@ -119,3 +119,11 @@ openssl req -x509 \
     -days 3650 \
     -subj "/C=NL/O=MockTest Cert/title=physician/SN=doe-11111111/GN=john/CN=john doe-11111111" \
     -addext "subjectAltName = otherName:2.5.5.5;IA5STRING:2.16.528.1.1003.1.3.5.5.2-1252-11111111-N-90000111-01.015-00000000"
+
+openssl req -x509 \
+    -nodes \
+    -keyout dummy.key \
+    -out mock-022-correct-server-cert.cert \
+    -days 3650 \
+    -subj "/C=NL/O=MockTest Cert/CN=test.example.org/serialNumber=1234ABCD" \
+    -addext "subjectAltName = otherName:2.5.5.5;IA5STRING:2.16.528.1.1003.1.3.5.5.2-1-12345678-S-90000123-00.000-00000000"

tests/certs/mock-022-correct-server-cert.cert

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID3jCCAsagAwIBAgIUMsVos4XdwMecyyLBt9+T4HyZNe4wDQYJKoZIhvcNAQEL
+BQAwUzELMAkGA1UEBhMCTkwxFjAUBgNVBAoMDU1vY2tUZXN0IENlcnQxGTAXBgNV
+BAMMEHRlc3QuZXhhbXBsZS5vcmcxETAPBgNVBAUTCDEyMzRBQkNEMB4XDTIzMDIy
+MDExMTQzMFoXDTMzMDIxNzExMTQzMFowUzELMAkGA1UEBhMCTkwxFjAUBgNVBAoM
+DU1vY2tUZXN0IENlcnQxGTAXBgNVBAMMEHRlc3QuZXhhbXBsZS5vcmcxETAPBgNV
+BAUTCDEyMzRBQkNEMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4T9/
+hcm3kpC7XWYN0ybO+0LKuGefDo5dgj/xo/PG2h4KCjKQS0uc5RcUA2Ha4CUS0wvw
+uIfEz2MCNAniWRgJaeMT7ShR4o8KwvQUpwVAjiiZylzxZEfOFygTlFTqVqfZKOAh
+ek8uOYQBt4KTlX/UufI7mQtd3kvn5CsCu91XVCZYUavwIn/4Csu8AuADDZiFGYMO
++AgTK/sY8PWNd6hdXZqX16leUIv+3TmzOEQ0ckH0d+iLqzSWpZCGjWg21bG+/6La
+aLD4wFAFGO2MWZjYEibTthhAzE0lttgWqN0Dla+JxY4HuJzY+2QL/ubHIX3fMzqh
+A4uB9wQKoYvRj6+OjwIDAQABo4GpMIGmMB0GA1UdDgQWBBR0yCZOLl6b/eNW1AdC
+7Qwng30FrzAfBgNVHSMEGDAWgBR0yCZOLl6b/eNW1AdC7Qwng30FrzAPBgNVHRMB
+Af8EBTADAQH/MFMGA1UdEQRMMEqgSAYDVQUFoEEWPzIuMTYuNTI4LjEuMTAwMy4x
+LjMuNS41LjItMS0xMjM0NTY3OC1TLTkwMDAwMTIzLTAwLjAwMC0wMDAwMDAwMDAN
+BgkqhkiG9w0BAQsFAAOCAQEA07i/UAQxBgV9fkpUzdx28cASTubxZrjYIErjE2Ix
+zZuLEK8rUl8gO7tmLlM4Ua5w6LwbCKAomq8Vbclh7aq2mo7lvsdJwCXgap9igzAi
+6YjSIPSrmrNF/VOrLkGRmOwIf5ZWljEkLuvwsNt3YrH46PrZuGsMuPMoiVXfZYu1
+shVwlWvprSXVKZAxmPlzNlDXTiGp/UYapQKnwKSqRC4Vv5z51Fxh/h+wdNwNLgn4
+3dmHHls5QYQ33ixi+f1hl9oBzKED/zk12MJ9659Rsi3oMVIYEi8znig5FFgLppbj
+CVGpRqhwZiGJETtguMTvJAiD7qTBlh/+fG1jqNdol/Glfw==
+-----END CERTIFICATE-----