4.1 KiB
Testing RSA Keys Management
This document explains how RSA keys are managed during testing to ensure that running tests doesn't interfere with production keys.
Overview
The application uses RSA keys for OIDC (OpenID Connect) JWT token signing. To prevent tests from deleting or overwriting production keys, we've implemented a separate key management system for testing environments.
Key Features
1. Environment-Aware Key Paths
- Production:
storage/oauth/ - Testing:
storage/testing/oauth/
2. Enhanced Generate Keys Command
The app:generate-keys command now supports:
# Generate keys in default location (environment-dependent)
php artisan app:generate-keys
# Generate keys in custom location
php artisan app:generate-keys --path=/custom/path
Environment Behavior:
- Production: Uses
storage/oauth/ - Testing: Uses
storage/testing/oauth/
3. Test Key Management Trait
The ManagesTestKeys trait provides methods for managing test keys:
// Set up test keys before test suite
ManagesTestKeys::setUpTestKeys()
// Clean up test keys after test suite
ManagesTestKeys::tearDownTestKeys()
// Ensure test keys exist for current test
$this->ensureTestKeysExist()
4. CI/CD Script
The scripts/setup-test-keys.sh script provides commands for CI/CD environments:
# Set up test keys
./scripts/setup-test-keys.sh setup
# Clean up test keys
./scripts/setup-test-keys.sh cleanup
# Reset (cleanup and regenerate) test keys
./scripts/setup-test-keys.sh reset
Implementation Details
Files Modified
-
app/Console/Commands/GenerateKeys.php- Added
--pathoption - Environment-aware default paths
- Uses
storage/testing/oauth/in testing environment
- Added
-
app/Http/Controllers/OIDCController.php- Added helper methods
getPrivateKeyPath()andgetPublicKeyPath() - Uses test keys in testing environment
- Added helper methods
-
tests/Feature/GenerateKeysCommandTest.php- Updated to use test directory
- Added test for custom path option
-
tests/Feature/OIDCControllerTest.php- Uses
ManagesTestKeystrait - Automatically generates test keys before tests
- Uses
-
.gitignore- Added
/storage/testing/*to ignore test files
- Added
Test Key Management
Automatic Generation
Test keys are automatically generated when needed:
- When running
OIDCControllerTest, keys are generated inbeforeEach - Keys are only generated if they don't already exist
- Uses the same RSA 2048-bit specification as production
Cleanup
Test keys are cleaned up:
- After each test in
GenerateKeysCommandTest - Can be manually cleaned using the script
- Not committed to version control (ignored in
.gitignore)
GitHub Actions Integration
Example workflow configuration:
- name: Set up test RSA keys
run: ./scripts/setup-test-keys.sh setup
- name: Run tests
run: php artisan test --coverage
- name: Clean up test RSA keys
run: ./scripts/setup-test-keys.sh cleanup
if: always()
Benefits
- Safety: Production keys are never affected by tests
- Isolation: Each test environment has its own keys
- Consistency: Same key generation process for all environments
- CI/CD Ready: Works seamlessly in automated environments
- Flexibility: Custom paths supported for advanced use cases
Usage Examples
Local Development
# Run tests (keys automatically managed)
php artisan test
# Manually generate test keys
php artisan app:generate-keys --path=storage/testing/oauth
CI/CD Environment
# Set up environment
./scripts/setup-test-keys.sh setup
# Run tests
php artisan test
# Clean up
./scripts/setup-test-keys.sh cleanup
Custom Testing Setup
// In a test file
use Tests\Support\ManagesTestKeys;
uses(ManagesTestKeys::class);
beforeEach(function () {
$this->ensureTestKeysExist();
});
Security Considerations
- Test keys are generated with the same security parameters as production
- Test keys are temporary and not persisted
- Test directories are excluded from version control
- No hardcoded keys in test files