Web eID Lib unit tests (auth, cert and sign service, utils and parser).

Modules/CryptoLib/Sources/CryptoSwift/CryptoContainer.swift

@@ -216,7 +216,6 @@ extension CryptoContainer {
         CryptoContainer.logger().info("Is single file: \(isSingleFile, privacy: .public)")
         CryptoContainer.logger().info("Is crypto container: \(isCryptoContainer, privacy: .public)")
 
-
         guard isSingleFile && isCryptoContainer else {
             var defaultExtension = CommonsLib.Constants.Extension.DefaultCrypto
             if CDoc2Setting.isEncryptionEnabled {

Modules/Test/CommonsTestShared/Sources/CommonsTestShared/Certificate/TestCertificateUtil.swift

@@ -23,15 +23,20 @@ public class TestCertificateUtil {
 
     public init() {}
 
-    public static func getSampleCertificate() -> Data {
-        // swiftlint:disable line_length
-        let cert = """
+    // swiftlint:disable line_length
+    private static let cert = """
             MIIEwjCCA6qgAwIBAgIUeYCoFyEHBfraNnsp4BCgKyVYfywwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNVBAYTAkVFMRIwEAYDVQQIDAlUZXN0U3RhdGUxETAPBgNVBAcMCFRlc3RDaXR5MRkwFwYDVQQKDBBUZXN0T3JnYW5pemF0aW9uMSMwIQYDVQQLDBpUZXN0T3JnYW5pemF0aW9uYWxVbml0TmFtZTEXMBUGA1UEAwwOVGVzdENvbW1vbk5hbWUxIzAhBgkqhkiG9w0BCQEWFHRlc3RAZW1haWwudGVzdGVtYWlsMB4XDTI1MDEzMTE3MDIxMloXDTI3MDUwNjE3MDIxMlowgcwxCzAJBgNVBAYTAkVFMRUwEwYDVQQIDAxTdWJqZWN0U3RhdGUxFDASBgNVBAcMC1N1YmplY3RDaXR5MSAwHgYDVQQKDBdTdWJqZWN0T3JnYW5pemF0aW9uTmFtZTEmMCQGA1UECwwdU3ViamVjdE9yZ2FuaXphdGlvbmFsVW5pdE5hbWUxGjAYBgNVBAMMEVN1YmplY3RDb21tb25OYW1lMSowKAYJKoZIhvcNAQkBFht0ZXN0c3ViamVjdEBlbWFpbC50ZXN0ZW1haWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjOB/5LMTY7HaIDQtPI0rNszyO1GwNepf2Ol6XayOJOP3V8Y3bC3pcUobnlfXfphTqoNznYKLuV2Tz9bzALI1HCK9TsiAFA9DAJqEII+BhhK0Ei5LlaHwOSHWPBt5Tn8SYvPt37hcIz/fQrRR7Ezbxj8ukW6NV7LMcVr2rsRRFnvPNCkeEjGy7mpzJP2U7Ya4yiBaQpodlcLlYws9QnMrwwnPV5NpPTJ+ko6WwKKeqcuxOUkH1j3lJb5MdNaUtLjHVW++EpeYGRn9Ibz1xda9MgBFT4JMGhgjLx7CYUWt+DD4kcL5N5dpDGs52eRzG/tnOck3zrWHlO3Vf6QWrDX6zAgMBAAGjgbMwgbAwCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwQQYDVR0RBDowOIIYc3ViamVjdC50ZXN0c3ViamVjdC50ZXN0ghx3d3cuc3ViamVjdC50ZXN0c3ViamVjdC50ZXN0MB0GA1UdDgQWBBTWjQtDdX0TrwKP/Tzgtp5x9fKXYjAfBgNVHSMEGDAWgBRxc4NGP1MWIHuIeGrjDN3udJThpzANBgkqhkiG9w0BAQsFAAOCAQEAcK2rdOzhWo6mnlYTjgbZdyCk1nKs4/jvmbx4MfTy/tKMq+OImEvC8TUg2myUzxL284p0WCCVWoALo2hwsYeYLSblfnDAsj90RMZQlDyA7rIEqrfXugqamj+hPLwPoEyZKipTkImT0mAGqakE63BkiP+SSEwveZ8YUr0XG369gHyaP8zv6XTqDkQYHx7kJQCHI87+wN+3XPIiYN5sqrf0Z147w/LO8a+XkOCD5JvTbAZB6sLI9dCvoeifd34l9JhDnlnb4SjnszC2k5gx78CNM1pF9jATS3A7mdz+TyttG4ks/i5/Mor416foXurIEh1oZTKOoxppMowq73c66rrH1g==
             """
-        // swiftlint:enable line_length
+    // swiftlint:enable line_length
+
+    public static func getSampleCertificate() -> Data {
         return Data(base64Encoded: cert) ?? Data()
     }
 
+    public static func getSampleCertificateString() -> String {
+        return cert
+    }
+
     public static func getSampleCertificateWithHeaders() -> Data? {
         let certString = """
             -----BEGIN CERTIFICATE-----

Modules/UtilsLib/Sources/UtilsLib/Mimetype/Parser/XMLParserHandler.swift

@@ -38,9 +38,7 @@ final class XMLParserHandler: NSObject, XMLParserDelegate {
     ) {
         let formatAttribute = attributeDict["format"]
         let nameAttribute = attributeDict["Name"]
-        if elementName == "SignedDoc", (
-            formatAttribute == "DIGIDOC-XML" || formatAttribute == "SK-XML"
-        ) {
+        if elementName == "SignedDoc", formatAttribute == "DIGIDOC-XML" || formatAttribute == "SK-XML" {
             foundElement = .ddoc
             parser.abortParsing()
         } else if elementName == "denc:EncryptionProperty" &&

Modules/WebEidLib/Package.swift

@@ -18,7 +18,8 @@ let package = Package(
         .package(url: "https://github.com/hmlongco/Factory", exact: .init(2, 5, 3)),
         .package(url: "https://github.com/Alamofire/Alamofire.git", exact: .init(5, 10, 2)),
         .package(path: "../UtilsLib"),
-        .package(path: "../CommonsLib")
+        .package(path: "../CommonsLib"),
+        .package(path: "../Test/CommonsTestShared")
     ],
     targets: [
         .target(
@@ -49,6 +50,7 @@ let package = Package(
                 "WebEidLibMocks",
                 "UtilsLib",
                 "CommonsLib",
+                "CommonsTestShared",
                 .product(name: "UtilsLibMocks", package: "utilslib"),
                 .product(name: "CommonsLibMocks", package: "commonslib"),
                 .product(name: "FactoryTesting", package: "Factory")

Modules/WebEidLib/Sources/WebEidLib/Error/WebEidError.swift

@@ -51,7 +51,7 @@ enum WebEidBuilderError: Error, LocalizedError, Sendable {
     }
 }
 
-enum WebEidAlgorithmUtilError: Error, LocalizedError {
+enum WebEidAlgorithmUtilError: Error, LocalizedError, Sendable, Equatable {
     case unsupportedKeyType
     case unsupportedECKeyLength(Int)
     case invalidBase64

Modules/WebEidLib/Sources/WebEidLib/Service/WebEidSignService.swift

@@ -46,6 +46,7 @@ public actor WebEidSignService: WebEidSignServiceProtocol, Loggable {
         guard JSONSerialization.isValidJSONObject(payload) else {
             throw WebEidBuilderError.invalidJSON
         }
+
         return try JSONSerialization.data(withJSONObject: payload, options: [])
     }
 
@@ -74,6 +75,7 @@ public actor WebEidSignService: WebEidSignServiceProtocol, Loggable {
         guard JSONSerialization.isValidJSONObject(payload) else {
             throw WebEidBuilderError.invalidJSON
         }
+
         return try JSONSerialization.data(withJSONObject: payload, options: [])
     }
 }

Modules/WebEidLib/Tests/WebEidLibTests/Service/WebEidAuthServiceTests.swift

@@ -0,0 +1,92 @@
+/*
+ * Copyright 2017 - 2025 Riigi Infosüsteemi Amet
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+import Foundation
+import Testing
+import CommonsLib
+import CommonsTestShared
+import WebEidLibMocks
+
+@testable import WebEidLib
+
+struct WebEidAuthServiceTests {
+    private var service: WebEidAuthServiceProtocol
+
+    // swiftlint:disable line_length
+    private let testCert = "MIIEDjCCA2+gAwIBAgIQfS1XPVaqF6id70AX3+4UQzAKBggqhkjOPQQDBDBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4XDTI1MDQyMjEwMTg0OFoXDTMwMDQyMTIwNTk1OVowfzELMAkGA1UEBhMCRUUxKjAoBgNVBAMMIUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEQMA4GA1UEBAwHSsOVRU9SRzEWMBQGA1UEKgwNSkFBSy1LUklTVEpBTjEaMBgGA1UEBRMRUE5PRUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASJtW601r+uC3ipDFbn4st6lxtAjqICVTUTIQ0Wq/hsxHPjzSUfWDJqhWXuDBg0E9hDnnQlkIiX+c7vYeBOhHG0kbzjhQ+iz9xF3fnuDHVb/QtXBbXrh4fXWu5tVOb6IkejggHNMIIByTAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFMCEmSnETp87AjT2meEKVgAIKT57MHMGCCsGAQUFBwEBBGcwZTA1BggrBgEFBQcwAoYpaHR0cDovL2Muc2suZWUvVGVzdF9vZl9FU1RFSUQyMDE4LmRlci5jcnQwLAYIKwYBBQUHMAGGIGh0dHA6Ly9haWEuZGVtby5zay5lZS9lc3RlaWQyMDE4MB8GA1UdEQQYMBaBFDM4MDAxMDg1NzE4QGVlc3RpLmVlMEcGA1UdIARAMD4wMgYLKwYBBAGDkSEBAQEwIzAhBggrBgEFBQcCARYVaHR0cHM6Ly93d3cuc2suZWUvQ1BTMAgGBgQAj3oBAjAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwawYIKwYBBQUHAQMEXzBdMAgGBgQAjkYBATBRBgYEAI5GAQUwRzBFFj9odHRwczovL3NrLmVlL2VuL3JlcG9zaXRvcnkvY29uZGl0aW9ucy1mb3ItdXNlLW9mLWNlcnRpZmljYXRlcy8TAmVuMB0GA1UdDgQWBBRR540dJ/FCuVZGORkQFu/jLdK1PDAOBgNVHQ8BAf8EBAMCA4gwCgYIKoZIzj0EAwQDgYwAMIGIAkIBSoNaxY9V3Z7w0/tKUcLvzHLfJVb0v6OPHPlBm1wXQBw0dXSOoz3b67OFINismuBWLnvSHvIzLWZv73wth37ERIICQgDCQAFgi70IOKSLBbEGJEmJpjPq+r3VcbfBy/lXhuPOxzaIkAaCejOuehBl31gogGSIQp4LmFmR/4OOszWPOvu41w=="
+    private let testSignature =
+        "UYyRpzkKNwFgtgcbI1YQc2l1XQQTj7gy+FW/x94TsEberwzS2Rnu4dqC/JhYB3se2iOk1c6FAK2TN5WJTiIcQ9Nt3o/x7kfEsdkc5c39eUXuD83GXfUsyUxR9IQBQrpL"
+    // swiftlint:enable line_length
+
+    init() async throws {
+        service = WebEidAuthService()
+    }
+
+    @Test
+    func buildAuthToken_returnJSONPayloadData() async throws {
+        let authCert = Data(base64Encoded: testCert) ?? Data()
+        let signature = Data(base64Encoded: testSignature) ?? Data()
+        let token: [String: Any] = [
+            "unverifiedCertificate": testCert,
+            "issuerApp": "https://web-eid.eu/web-eid-mobile-app/releases/v1.0.0",
+            "algorithm": "ES384",
+            "format": "web-eid:1.0",
+            "signature": testSignature]
+
+        let expected = try JSONSerialization.data(
+            withJSONObject: token,
+            options: []
+        )
+        let result = try await service.buildAuthToken(
+            authCert: authCert,
+            signingCert: nil,
+            signature: signature
+        )
+
+        #expect(result.count == expected.count)
+    }
+
+    @Test
+    func buildAuthToken_throwinvalidCertificateWhenCertIsInvalid() async throws {
+        let invalidCert = Data([0x00, 0x01, 0x02])
+        let signature = Data(base64Encoded: testSignature) ?? Data()
+
+        await #expect(throws: WebEidBuilderError.invalidCertificate) {
+            try await service.buildAuthToken(
+                authCert: invalidCert,
+                signingCert: nil,
+                signature: signature
+            )
+        }
+    }
+
+    @Test
+    func buildAuthToken_throwUnsupportedKeyTypeWhenCertKeyIsUnsupported() async throws {
+        let cert = TestCertificateUtil.getSampleCertificate()
+        let signature = Data(base64Encoded: testSignature) ?? Data()
+
+        await #expect(throws: WebEidAlgorithmUtilError.unsupportedKeyType) {
+            try await service.buildAuthToken(
+                authCert: cert,
+                signingCert: nil,
+                signature: signature
+            )
+        }
+    }
+}

Modules/WebEidLib/Tests/WebEidLibTests/Service/WebEidSignServiceTests.swift

@@ -0,0 +1,146 @@
+/*
+ * Copyright 2017 - 2025 Riigi Infosüsteemi Amet
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ */
+
+import Foundation
+import Testing
+import CommonsLib
+import CommonsTestShared
+import WebEidLibMocks
+
+@testable import WebEidLib
+
+struct WebEidSignServiceTests {
+    private var service: WebEidSignServiceProtocol
+
+    // swiftlint:disable line_length
+    private let testCert = "MIID7DCCA02gAwIBAgIQK33iqGajpAnSrLD7w+X3TjAKBggqhkjOPQQDBDBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4XDTI1MDQyMjEwMTg0OVoXDTMwMDQyMTIwNTk1OVowfzELMAkGA1UEBhMCRUUxKjAoBgNVBAMMIUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEQMA4GA1UEBAwHSsOVRU9SRzEWMBQGA1UEKgwNSkFBSy1LUklTVEpBTjEaMBgGA1UEBRMRUE5PRUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATYWYk4C8W5+RAMeuvIQVa0sVdobkxXKASvA4lUh5K/whRAT5f3p8n2rw8O3nsCt/1LFyKXVVrZdtWZ1Vh894TA2QHEm6xaXnJs4ZmYo4blrm/nXE1PcEZan9023+73sE+jggGrMIIBpzAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFMCEmSnETp87AjT2meEKVgAIKT57MHMGCCsGAQUFBwEBBGcwZTA1BggrBgEFBQcwAoYpaHR0cDovL2Muc2suZWUvVGVzdF9vZl9FU1RFSUQyMDE4LmRlci5jcnQwLAYIKwYBBQUHMAGGIGh0dHA6Ly9haWEuZGVtby5zay5lZS9lc3RlaWQyMDE4MEgGA1UdIARBMD8wMgYLKwYBBAGDkSEBAQEwIzAhBggrBgEFBQcCARYVaHR0cHM6Ly93d3cuc2suZWUvQ1BTMAkGBwQAi+xAAQIwgYoGCCsGAQUFBwEDBH4wfDAIBgYEAI5GAQEwCAYGBACORgEEMBMGBgQAjkYBBjAJBgcEAI5GAQYBMFEGBgQAjkYBBTBHMEUWP2h0dHBzOi8vc2suZWUvZW4vcmVwb3NpdG9yeS9jb25kaXRpb25zLWZvci11c2Utb2YtY2VydGlmaWNhdGVzLxMCZW4wHQYDVR0OBBYEFFh+R2KDfE2Tdj///kXTCqcz6rRuMA4GA1UdDwEB/wQEAwIGQDAKBggqhkjOPQQDBAOBjAAwgYgCQgD7B3WI1xpXX94+9e3TdaIcUNCj5JkCX15pj1mjRqv/Vx9Hlg3tbgwW2yOhqnTF04+e9rVHCtA8YRINp5BfDFqj/wJCAVuUlCu7GNVSFeU7A6lEORkB6obIALZusUFxT4bsaFWTpKllmvlX6lZm3QEbHgeiD8k7VMPdcw5V51p+B+2WUWBh"
+    private let testSignature =
+        "jfrC/H3mn+ySpYCJrzIMm5Wm7sC0VRLyyuA6Jkc7cTt1JwjobbdAleQucJfc71f0MOeGtXouKIjs/HvETPZZNfjtgx/9bzwQCnws9TvZly1XCbscFFYP4rAbz4HNF+wk"
+    // swiftlint:enable line_length
+
+    init() async throws {
+        service = WebEidSignService()
+    }
+
+    @Test
+    func buildCertificatePayload_returnJSONPayloadData() async throws {
+        let signingCert = Data(base64Encoded: testCert) ?? Data()
+
+        let payload: [String: Any] = [
+            "certificate": testCert,
+            "supportedSignatureAlgorithms": [
+                [
+                    "cryptoAlgorithm": "ECC",
+                    "hashFunction": "SHA-224",
+                    "paddingScheme": "NONE"
+                ],
+                [
+                    "cryptoAlgorithm": "ECC",
+                    "hashFunction": "SHA-256",
+                    "paddingScheme": "NONE"
+                ],
+                [
+                    "cryptoAlgorithm": "ECC",
+                    "hashFunction": "SHA-384",
+                    "paddingScheme": "NONE"
+                ],
+                [
+                    "cryptoAlgorithm": "ECC",
+                    "hashFunction": "SHA-512",
+                    "paddingScheme": "NONE"
+                ],
+                [
+                    "cryptoAlgorithm": "ECC",
+                    "hashFunction": "SHA3-224",
+                    "paddingScheme": "NONE"
+                ],
+                [
+                    "cryptoAlgorithm": "ECC",
+                    "hashFunction": "SHA3-256",
+                    "paddingScheme": "NONE"
+                ],
+                [
+                    "cryptoAlgorithm": "ECC",
+                    "hashFunction": "SHA3-384",
+                    "paddingScheme": "NONE"
+                ],
+                [
+                    "cryptoAlgorithm": "ECC",
+                    "hashFunction": "SHA3-512",
+                    "paddingScheme": "NONE"
+                ]
+            ]
+        ]
+
+        let expected = try JSONSerialization.data(withJSONObject: payload, options: [])
+        let result = try await service.buildCertificatePayload(signingCert: signingCert)
+
+        #expect(result.count == expected.count)
+    }
+
+    @Test
+    func buildCertificatePayload_throwInvalidCertificateWhenCertIsInvalid() async throws {
+        let invalidCert = Data([0x00, 0x01, 0x02])
+
+        await #expect(throws: WebEidBuilderError.invalidCertificate) {
+            try await service.buildCertificatePayload(signingCert: invalidCert)
+        }
+    }
+
+    @Test
+    func buildCertificatePayload_throwUnsupportedKeyTypeWhenCertKeyIsUnsupported() async throws {
+        let cert = TestCertificateUtil.getSampleCertificate()
+
+        await #expect(throws: WebEidAlgorithmUtilError.unsupportedKeyType) {
+            try await service.buildCertificatePayload(signingCert: cert)
+        }
+    }
+
+    @Test
+    func buildSignPayload_returnJSONPayloadData() async throws {
+        let signature = Data(base64Encoded: testSignature) ?? Data()
+        let payload: [String: Any] = [
+            "signatureAlgorithm":
+                [
+                    "hashFunction": "SHA-256",
+                    "paddingScheme": "NONE",
+                    "cryptoAlgorithm": "ECC"
+                ],
+            "signature": testSignature
+        ]
+
+        let expected = try JSONSerialization.data(withJSONObject: payload, options: [])
+        let result = try await service.buildSignPayload(signingCert: testCert,
+                                                        signature: signature,
+                                                        hashFunction: "SHA-256")
+
+        #expect(result.count == expected.count)
+    }
+
+    @Test
+    func buildSignPayload_throwUnsupportedHashFunctionWhenHashIsUnsupported() async throws {
+        let cert = TestCertificateUtil.getSampleCertificateString()
+        let signature = Data(base64Encoded: testSignature) ?? Data()
+        await #expect(throws: WebEidAlgorithmUtilError.unsupportedHashFunction("SHA-255")) {
+            try await service.buildSignPayload(signingCert: cert,
+                                               signature: signature,
+                                               hashFunction: "SHA-255")
+        }
+    }
+}