From bcb46a14c23682a106c969f23ef114d03b9e5955 Mon Sep 17 00:00:00 2001
From: Sebastiaan Stok <s.stok@rollerscapes.net>
Date: Mon, 27 Nov 2023 13:31:07 +0100
Subject: [PATCH] Use psr/clock instead of protected method

---
 composer.json                      |  2 ++
 src/CertificateValidator.php       |  9 +++++----
 tests/CertificateValidatorTest.php | 15 ++++++++++-----
 3 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/composer.json b/composer.json
index 45b2537..b0994b7 100644
--- a/composer.json
+++ b/composer.json
@@ -21,6 +21,7 @@
         "ext-mbstring": "*",
         "ext-openssl": "*",
         "mlocati/ocsp": "^1.0",
+        "psr/clock": "^1.0",
         "rollerworks/pdb-symfony-bridge": "^1.0",
         "rollerworks/pdb-validator": "^1.0",
         "symfony/translation-contracts": "^2.5 || ^3.0"
@@ -30,6 +31,7 @@
         "phpspec/prophecy-phpunit": "^2.0",
         "phpunit/phpunit": "^10.4.2",
         "rollerscapes/standards": "^1.0",
+        "symfony/clock": "^6.3",
         "symfony/error-handler": "^6.3",
         "symfony/http-client": "^6.3",
         "symfony/phpunit-bridge": "^6.3 || ^7.0",
diff --git a/src/CertificateValidator.php b/src/CertificateValidator.php
index ef301d7..2ac44f5 100644
--- a/src/CertificateValidator.php
+++ b/src/CertificateValidator.php
@@ -14,6 +14,7 @@
 namespace Rollerworks\Component\X509Validator;
 
 use Pdp\Domain;
+use Psr\Clock\ClockInterface;
 use Rollerworks\Component\PdbSfBridge\PdpManager as PublicSuffixManager;
 use Rollerworks\Component\X509Validator\Violation\CertificateHasExpired;
 use Rollerworks\Component\X509Validator\Violation\GlobalWildcard;
@@ -41,7 +42,8 @@ class CertificateValidator
     public function __construct(
         private readonly PublicSuffixManager $suffixManager,
         X509DataExtractor $dataExtractor = null,
-        CAResolver $caResolver = null
+        CAResolver $caResolver = null,
+        private ?ClockInterface $clock = null
     ) {
         $this->extractor = $dataExtractor ?? new X509DataExtractor();
         $this->caResolver = $caResolver ?? new CAResolverImpl();
@@ -171,9 +173,8 @@ public function validateCertificateSupport(string $certificate, callable $valida
         $validator($data, $certificate, $this);
     }
 
-    /** @internal used for testing */
-    protected function getNow(): \DateTimeImmutable
+    private function getNow(): \DateTimeImmutable
     {
-        return new \DateTimeImmutable();
+        return $this->clock?->now() ?? new \DateTimeImmutable();
     }
 }
diff --git a/tests/CertificateValidatorTest.php b/tests/CertificateValidatorTest.php
index c4df568..e382599 100644
--- a/tests/CertificateValidatorTest.php
+++ b/tests/CertificateValidatorTest.php
@@ -17,6 +17,7 @@
 use PHPUnit\Framework\Attributes\DoesNotPerformAssertions;
 use PHPUnit\Framework\Attributes\Test;
 use PHPUnit\Framework\TestCase;
+use Psr\Clock\ClockInterface;
 use Rollerworks\Component\PdbSfBridge\PdpManager;
 use Rollerworks\Component\PdbSfBridge\PdpMockProvider;
 use Rollerworks\Component\X509Validator\CertificateValidator;
@@ -28,30 +29,34 @@
 use Rollerworks\Component\X509Validator\Violation\UnsupportedPurpose;
 use Rollerworks\Component\X509Validator\Violation\WeakSignatureAlgorithm;
 use Rollerworks\Component\X509Validator\X509Info;
+use Symfony\Component\Clock\Clock;
 
 /**
  * @internal
  */
 final class CertificateValidatorTest extends TestCase
 {
+    private ClockInterface $clock;
     private CertificateValidator $certificateValidator;
     private PdpManager $pdpManager;
 
     protected function setUp(): void
     {
-        $this->pdpManager = PdpMockProvider::getPdpManager();
-        $this->certificateValidator = new class($this->pdpManager) extends CertificateValidator {
+        $this->clock = new class() implements ClockInterface {
             public ?string $now = '2013-05-29T14:12:14.000000+0000';
 
-            protected function getNow(): \DateTimeImmutable
+            public function now(): \DateTimeImmutable
             {
                 if (isset($this->now)) {
                     return new \DateTimeImmutable($this->now);
                 }
 
-                return parent::getNow();
+                return Clock::get()->now();
             }
         };
+
+        $this->pdpManager = PdpMockProvider::getPdpManager();
+        $this->certificateValidator = new CertificateValidator($this->pdpManager, clock: $this->clock);
     }
 
     #[Test]
@@ -124,7 +129,7 @@ public function validate_certificate_is_expired(): void
             CA;
 
         try {
-            $this->certificateValidator->now = null;
+            $this->clock->now = null;
             $this->certificateValidator->validateCertificate($certContents, ['root' => $ca]);
 
             self::fail('Exception was expected.');