From 20420a310d9304b43342c237a687cc04bd1603a6 Mon Sep 17 00:00:00 2001
From: Joshua Thijssen <jthijssen@noxlogic.nl>
Date: Mon, 6 Feb 2023 09:39:06 +0100
Subject: [PATCH 1/2] Implemented to dedicated exceptions

---
 src/Exceptions/UziAllowedRoleException.php    | 13 +++++++++++
 src/Exceptions/UziAllowedTypeException.php    | 13 +++++++++++
 src/Exceptions/UziCaException.php             | 13 +++++++++++
 src/Exceptions/UziCardExpired.php             | 13 +++++++++++
 src/Exceptions/UziCertificateException.php    | 13 +++++++++++
 .../UziCertificateNotUziException.php         | 13 +++++++++++
 src/Exceptions/UziVersionException.php        | 13 +++++++++++
 src/UziConstants.php                          |  2 +-
 src/UziReader.php                             | 22 ++++++++++++-------
 src/UziUser.php                               |  5 +----
 src/UziValidator.php                          | 12 ++++++----
 tests/UziReaderTest.php                       |  6 ++---
 12 files changed, 118 insertions(+), 20 deletions(-)
 create mode 100644 src/Exceptions/UziAllowedRoleException.php
 create mode 100644 src/Exceptions/UziAllowedTypeException.php
 create mode 100644 src/Exceptions/UziCaException.php
 create mode 100644 src/Exceptions/UziCardExpired.php
 create mode 100644 src/Exceptions/UziCertificateException.php
 create mode 100644 src/Exceptions/UziCertificateNotUziException.php
 create mode 100644 src/Exceptions/UziVersionException.php

diff --git a/src/Exceptions/UziAllowedRoleException.php b/src/Exceptions/UziAllowedRoleException.php
new file mode 100644
index 0000000..4f4fb64
--- /dev/null
+++ b/src/Exceptions/UziAllowedRoleException.php
@@ -0,0 +1,13 @@
+<?php
+
+namespace MinVWS\PUZI\Exceptions;
+
+/**
+ * Class UziAllowedRoleException
+ * SPDX-License-Identifier: EUPL-1.2
+ * @package MinVWS\PUZI\Exceptions
+ */
+class UziAllowedRoleException extends UziException
+{
+    //
+}
diff --git a/src/Exceptions/UziAllowedTypeException.php b/src/Exceptions/UziAllowedTypeException.php
new file mode 100644
index 0000000..b10cdbb
--- /dev/null
+++ b/src/Exceptions/UziAllowedTypeException.php
@@ -0,0 +1,13 @@
+<?php
+
+namespace MinVWS\PUZI\Exceptions;
+
+/**
+ * Class UziAllowedTypeException
+ * SPDX-License-Identifier: EUPL-1.2
+ * @package MinVWS\PUZI\Exceptions
+ */
+class UziAllowedTypeException extends UziException
+{
+    //
+}
diff --git a/src/Exceptions/UziCaException.php b/src/Exceptions/UziCaException.php
new file mode 100644
index 0000000..b8087f3
--- /dev/null
+++ b/src/Exceptions/UziCaException.php
@@ -0,0 +1,13 @@
+<?php
+
+namespace MinVWS\PUZI\Exceptions;
+
+/**
+ * Class UziCaException
+ * SPDX-License-Identifier: EUPL-1.2
+ * @package MinVWS\PUZI\Exceptions
+ */
+class UziCaException extends UziException
+{
+    //
+}
diff --git a/src/Exceptions/UziCardExpired.php b/src/Exceptions/UziCardExpired.php
new file mode 100644
index 0000000..c6a96f5
--- /dev/null
+++ b/src/Exceptions/UziCardExpired.php
@@ -0,0 +1,13 @@
+<?php
+
+namespace MinVWS\PUZI\Exceptions;
+
+/**
+ * Class UziVersionException
+ * SPDX-License-Identifier: EUPL-1.2
+ * @package MinVWS\PUZI\Exceptions
+ */
+class UziCardExpired extends UziException
+{
+    //
+}
diff --git a/src/Exceptions/UziCertificateException.php b/src/Exceptions/UziCertificateException.php
new file mode 100644
index 0000000..6030228
--- /dev/null
+++ b/src/Exceptions/UziCertificateException.php
@@ -0,0 +1,13 @@
+<?php
+
+namespace MinVWS\PUZI\Exceptions;
+
+/**
+ * Class UziCertificateException
+ * SPDX-License-Identifier: EUPL-1.2
+ * @package MinVWS\PUZI\Exceptions
+ */
+class UziCertificateException extends UziException
+{
+    //
+}
diff --git a/src/Exceptions/UziCertificateNotUziException.php b/src/Exceptions/UziCertificateNotUziException.php
new file mode 100644
index 0000000..e71bff8
--- /dev/null
+++ b/src/Exceptions/UziCertificateNotUziException.php
@@ -0,0 +1,13 @@
+<?php
+
+namespace MinVWS\PUZI\Exceptions;
+
+/**
+ * Class UziCertificateNotUziException
+ * SPDX-License-Identifier: EUPL-1.2
+ * @package MinVWS\PUZI\Exceptions
+ */
+class UziCertificateNotUziException extends UziException
+{
+    //
+}
diff --git a/src/Exceptions/UziVersionException.php b/src/Exceptions/UziVersionException.php
new file mode 100644
index 0000000..c71c040
--- /dev/null
+++ b/src/Exceptions/UziVersionException.php
@@ -0,0 +1,13 @@
+<?php
+
+namespace MinVWS\PUZI\Exceptions;
+
+/**
+ * Class UziVersionException
+ * SPDX-License-Identifier: EUPL-1.2
+ * @package MinVWS\PUZI\Exceptions
+ */
+class UziVersionException extends UziException
+{
+    //
+}
diff --git a/src/UziConstants.php b/src/UziConstants.php
index fda97b9..5536f2c 100644
--- a/src/UziConstants.php
+++ b/src/UziConstants.php
@@ -28,7 +28,7 @@ class UziConstants
     public const UZI_ROLE_HEALTHCARE_PSYCHOLOGIST = '25.';               // Reference page 89
     public const UZI_ROLE_PSYCHOTHERAPIST = '16.';                       // Reference page 89
     public const UZI_ROLE_DENTIST = '02.';                               // Reference page 89
-    public const UZI_ROLE_MIDWIFE = '02.';                               // Reference page 89
+    public const UZI_ROLE_MIDWIFE = '03.';                               // Reference page 89
     public const UZI_ROLE_NURSE = '30.';                                 // Reference page 89
     public const UZI_ROLE_PHYS_ASSISTANT = '81.';                        // Reference page 89
     public const UZI_ROLE_ORTHOPEDAGOGUE_GENERALIST = '31.';             // Reference page 89
diff --git a/src/UziReader.php b/src/UziReader.php
index bff77b5..b6d7b16 100644
--- a/src/UziReader.php
+++ b/src/UziReader.php
@@ -2,6 +2,9 @@
 
 namespace MinVWS\PUZI;
 
+use MinVWS\PUZI\Exceptions\UziCardExpired;
+use MinVWS\PUZI\Exceptions\UziCertificateException;
+use MinVWS\PUZI\Exceptions\UziCertificateNotUziException;
 use phpseclib3\File\X509;
 use MinVWS\PUZI\Exceptions\UziException;
 use Symfony\Component\HttpFoundation\Request;
@@ -15,7 +18,6 @@
  */
 class UziReader
 {
-
     /**
      * @return UziUser
      * @throws UziException
@@ -35,16 +37,20 @@ public function getData(): UziUser
     public function getDataFromRequest(Request $request): UziUser
     {
         if (!$request->server->has('SSL_CLIENT_VERIFY') || $request->server->get('SSL_CLIENT_VERIFY') !== 'SUCCESS') {
-            throw new UziException('Webserver client cert check not passed');
+            throw new UziCertificateException('Webserver client cert check not passed');
         }
         if (!$request->server->has('SSL_CLIENT_CERT')) {
-            throw new UziException('No client certificate presented');
+            throw new UziCertificateException('No client certificate presented');
         }
 
         $x509 = new X509();
         $cert = $x509->loadX509($request->server->get('SSL_CLIENT_CERT'));
         if (!isset($cert['tbsCertificate']['subject']['rdnSequence'])) {
-            throw new UziException('No subject rdnSequence');
+            throw new UziCertificateNotUziException('No subject rdnSequence');
+        }
+
+        if (! $x509->validateDate()) {
+            throw new UziCardExpired('Uzi card expired');
         }
 
         $surName = null;
@@ -62,7 +68,7 @@ public function getDataFromRequest(Request $request): UziUser
             }
         }
 
-        foreach ($cert['tbsCertificate']['extensions'] as $extension) {
+        foreach ($cert['tbsCertificate']['extensions'] ?? [] as $extension) {
             if ($extension['extnId'] !== "id-ce-subjectAltName") {
                 continue;
             }
@@ -73,7 +79,7 @@ public function getDataFromRequest(Request $request): UziUser
                 }
 
                 if (!isset($value['otherName']['value']['ia5String'])) {
-                    throw new UziException('No ia5String');
+                    throw new UziCertificateException('No ia5String');
                 }
                 $subjectAltName = $value['otherName']['value']['ia5String'];
                 /**
@@ -90,7 +96,7 @@ public function getDataFromRequest(Request $request): UziUser
                  */
                 $data = explode('-', $subjectAltName);
                 if (!is_array($data) || count($data) < 6) {
-                    throw new UziException('Incorrect SAN found');
+                    throw new UziCertificateException('Incorrect SAN found');
                 }
 
                 $user = new UziUser();
@@ -107,6 +113,6 @@ public function getDataFromRequest(Request $request): UziUser
                 return $user;
             }
         }
-        throw new UziException('No valid UZI data found');
+        throw new UziCertificateNotUziException('No valid UZI card found');
     }
 }
diff --git a/src/UziUser.php b/src/UziUser.php
index 749fc05..436b0c6 100644
--- a/src/UziUser.php
+++ b/src/UziUser.php
@@ -172,10 +172,7 @@ public function setUziVersion(string $uzi_version): void
         $this->uzi_version = $uzi_version;
     }
 
-    /**
-     * @return mixed|string[]
-     */
-    public function jsonSerialize()
+    public function jsonSerialize(): array
     {
         return $this->toarray();
     }
diff --git a/src/UziValidator.php b/src/UziValidator.php
index db7b618..3f71bc1 100644
--- a/src/UziValidator.php
+++ b/src/UziValidator.php
@@ -2,7 +2,11 @@
 
 namespace MinVWS\PUZI;
 
+use MinVWS\PUZI\Exceptions\UziAllowedRoleException;
+use MinVWS\PUZI\Exceptions\UziAllowedTypeException;
+use MinVWS\PUZI\Exceptions\UziCaException;
 use MinVWS\PUZI\Exceptions\UziException;
+use MinVWS\PUZI\Exceptions\UziVersionException;
 
 /**
  * Class UziValidator
@@ -56,16 +60,16 @@ public function validate(UziUser $user): void
             $user->getOidCa() !== UziConstants::OID_CA_CARE_PROVIDER &&
             $user->getOidCa() !== UziConstants::OID_CA_NAMED_EMPLOYEE
         ) {
-            throw new UziException('CA OID not UZI register Care Provider or named employee');
+            throw new UziCaException('CA OID not UZI register Care Provider or named employee');
         }
         if ($user->getUziVersion() !== '1') {
-            throw new UziException('UZI version not 1');
+            throw new UziVersionException('UZI version not 1');
         }
         if (!in_array($user->getCardType(), $this->allowedTypes)) {
-            throw new UziException('UZI card type not allowed');
+            throw new UziAllowedTypeException('UZI card type not allowed');
         }
         if (!in_array(substr($user->getRole(), 0, 3), $this->allowedRoles)) {
-            throw new UziException("UZI card role not allowed");
+            throw new UziAllowedRoleException("UZI card role not allowed");
         }
     }
 }
diff --git a/tests/UziReaderTest.php b/tests/UziReaderTest.php
index 893a36f..95ee06e 100644
--- a/tests/UziReaderTest.php
+++ b/tests/UziReaderTest.php
@@ -56,7 +56,7 @@ public function testCheckCertWithoutValidData(): void
         $uzi = new UziReader();
 
         $this->expectException(UziException::class);
-        $this->expectExceptionMessage("No valid UZI data found");
+        $this->expectExceptionMessage("No valid UZI card found");
 
         $request = new Request();
         $request->server->set('SSL_CLIENT_VERIFY', "SUCCESS");
@@ -70,7 +70,7 @@ public function testCheckCertWithInvalidSAN(): void
         $uzi = new UziReader();
 
         $this->expectException(UziException::class);
-        $this->expectExceptionMessage("No valid UZI data found");
+        $this->expectExceptionMessage("No valid UZI card found");
 
         $request = new Request();
         $request->server->set('SSL_CLIENT_VERIFY', "SUCCESS");
@@ -84,7 +84,7 @@ public function testCheckCertWithInvalidOtherName(): void
         $uzi = new UziReader();
 
         $this->expectException(UziException::class);
-        $this->expectExceptionMessage("No valid UZI data found");
+        $this->expectExceptionMessage("No valid UZI card found");
 
         $request = new Request();
         $request->server->set('SSL_CLIENT_VERIFY', "SUCCESS");

From 27edaf08f6b2d53d96be7a920690130cfe733b11 Mon Sep 17 00:00:00 2001
From: Joshua Thijssen <jthijssen@noxlogic.nl>
Date: Mon, 6 Feb 2023 09:46:56 +0100
Subject: [PATCH 2/2] Allowing to test at 8.1 and 8.2 and fixed exception
 message

---
 .github/workflows/test.yml | 2 +-
 tests/UziReaderTest.php    | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index b3fedab..cb71fe1 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -14,7 +14,7 @@ jobs:
     strategy:
       max-parallel: 3
       matrix:
-        php-versions: [ '7.3', '7.4', '8.0' ]
+        php-versions: [ '7.3', '7.4', '8.0', '8.1', '8.2' ]
 
     steps:
     - uses: actions/checkout@v2
diff --git a/tests/UziReaderTest.php b/tests/UziReaderTest.php
index fda2cb9..27f9102 100644
--- a/tests/UziReaderTest.php
+++ b/tests/UziReaderTest.php
@@ -57,7 +57,7 @@ public function testCheckCertWithoutValidData(): void
         $uzi = new UziReader();
 
         $this->expectException(UziCertificateNotUziException::class);
-        $this->expectExceptionMessage("No valid UZI data found");
+        $this->expectExceptionMessage("No valid UZI card found");
 
         $request = new Request();
         $request->server->set('SSL_CLIENT_VERIFY', "SUCCESS");
@@ -71,7 +71,7 @@ public function testCheckCertWithInvalidSAN(): void
         $uzi = new UziReader();
 
         $this->expectException(UziCertificateNotUziException::class);
-        $this->expectExceptionMessage("No valid UZI data found");
+        $this->expectExceptionMessage("No valid UZI card found");
 
         $request = new Request();
         $request->server->set('SSL_CLIENT_VERIFY', "SUCCESS");
@@ -85,7 +85,7 @@ public function testCheckCertWithInvalidOtherName(): void
         $uzi = new UziReader();
 
         $this->expectException(UziCertificateNotUziException::class);
-        $this->expectExceptionMessage("No valid UZI data found");
+        $this->expectExceptionMessage("No valid UZI card found");
 
         $request = new Request();
         $request->server->set('SSL_CLIENT_VERIFY', "SUCCESS");