fix: invalid character in iap cert cache key (#263)

googleapis · Feb 12, 2020 · 87b212d · 87b212d
1 parent eb60d74
commit 87b212d
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 8 deletions.
diff --git a/src/AccessToken.php b/src/AccessToken.php
@@ -450,6 +450,6 @@ private function getCacheKeyFromCertLocation($certsLocation)
             ? 'federated_signon_certs_v3'
             : sha1($certsLocation);
 
-        return 'google_auth_certs_cache:' . $key;
+        return 'google_auth_certs_cache|' . $key;
     }
 }
diff --git a/tests/AccessTokenTest.php b/tests/AccessTokenTest.php
@@ -80,7 +80,7 @@ public function testVerify(
             ]
         ]);
 
-        $cacheKey = 'google_auth_certs_cache:' .
+        $cacheKey = 'google_auth_certs_cache|' .
             ($certsLocation ? sha1($certsLocation) : 'federated_signon_certs_v3');
         $this->cache->getItem($cacheKey)
             ->shouldBeCalledTimes(1)
@@ -204,6 +204,24 @@ public function testEsVerifyEndToEnd()
         $this->assertEquals('https://cloud.google.com/iap', $payload['iss']);
     }
 
+    public function testGetCertsForIap()
+    {
+        $token = new AccessToken();
+        $reflector = new \ReflectionObject($token);
+        $cacheKeyMethod = $reflector->getMethod('getCacheKeyFromCertLocation');
+        $cacheKeyMethod->setAccessible(true);
+        $getCertsMethod = $reflector->getMethod('getCerts');
+        $getCertsMethod->setAccessible(true);
+        $cacheKey = $cacheKeyMethod->invoke($token, AccessToken::IAP_CERT_URL);
+        $certs = $getCertsMethod->invoke(
+            $token,
+            AccessToken::IAP_CERT_URL,
+            $cacheKey
+        );
+        $this->assertTrue(is_array($certs));
+        $this->assertEquals(5, count($certs));
+    }
+
     public function testRetrieveCertsFromLocationLocalFile()
     {
         $certsLocation = __DIR__ . '/fixtures/federated-certs.json';
@@ -218,7 +236,7 @@ public function testRetrieveCertsFromLocationLocalFile()
         $item->expiresAt(Argument::type('\DateTime'))
             ->shouldBeCalledTimes(1);
 
-        $this->cache->getItem('google_auth_certs_cache:' . sha1($certsLocation))
+        $this->cache->getItem('google_auth_certs_cache|' . sha1($certsLocation))
             ->shouldBeCalledTimes(1)
             ->willReturn($item->reveal());
 
@@ -255,7 +273,7 @@ public function testRetrieveCertsFromLocationLocalFileInvalidFilePath()
             ->shouldBeCalledTimes(1)
             ->willReturn(null);
 
-        $this->cache->getItem('google_auth_certs_cache:' . sha1($certsLocation))
+        $this->cache->getItem('google_auth_certs_cache|' . sha1($certsLocation))
             ->shouldBeCalledTimes(1)
             ->willReturn($item->reveal());
 
@@ -280,7 +298,7 @@ public function testRetrieveCertsInvalidData()
             ->shouldBeCalledTimes(1)
             ->willReturn('{}');
 
-        $this->cache->getItem('google_auth_certs_cache:federated_signon_certs_v3')
+        $this->cache->getItem('google_auth_certs_cache|federated_signon_certs_v3')
             ->shouldBeCalledTimes(1)
             ->willReturn($item->reveal());
 
@@ -307,7 +325,7 @@ public function testRetrieveCertsFromLocationLocalFileInvalidFileData()
             ->shouldBeCalledTimes(1)
             ->willReturn(null);
 
-        $this->cache->getItem('google_auth_certs_cache:' . sha1($certsLocation))
+        $this->cache->getItem('google_auth_certs_cache|' . sha1($certsLocation))
             ->shouldBeCalledTimes(1)
             ->willReturn($item->reveal());
 
@@ -343,7 +361,7 @@ public function testRetrieveCertsFromLocationRemote()
         $item->expiresAt(Argument::type('\DateTime'))
             ->shouldBeCalledTimes(1);
 
-        $this->cache->getItem('google_auth_certs_cache:federated_signon_certs_v3')
+        $this->cache->getItem('google_auth_certs_cache|federated_signon_certs_v3')
             ->shouldBeCalledTimes(1)
             ->willReturn($item->reveal());
 
@@ -382,7 +400,7 @@ public function testRetrieveCertsFromLocationRemoteBadRequest()
             ->shouldBeCalledTimes(1)
             ->willReturn(null);
 
-        $this->cache->getItem('google_auth_certs_cache:federated_signon_certs_v3')
+        $this->cache->getItem('google_auth_certs_cache|federated_signon_certs_v3')
             ->shouldBeCalledTimes(1)
             ->willReturn($item->reveal());