Tests/X509: add unit test for CRL creation with PSS keys

tests/Unit/File/X509/CRLTest.php

@@ -8,6 +8,8 @@
 
 namespace phpseclib3\Tests\Unit\File\X509;
 
+use phpseclib3\Math\BigInteger;
+use phpseclib3\Crypt\RSA;
 use phpseclib3\File\X509;
 use phpseclib3\Tests\PhpseclibTestCase;
 
@@ -25,4 +27,37 @@ class CRLTest extends PhpseclibTestCase
 
         $this->assertSame('unspecified', $reason);
     }
+
+    public function testCreateCRL()
+    {
+        // create private key / x.509 cert for signing
+        $CAPrivKey = RSA::createKey(1024);
+        $CAPubKey = $CAPrivKey->getPublicKey();
+
+        $CASubject = new X509();
+        $CASubject->setDNProp('id-at-organizationName', 'phpseclib CA cert');
+        $CASubject->setPublicKey($CAPubKey);
+
+        $CAIssuer = new X509();
+        $CAIssuer->setPrivateKey($CAPrivKey);
+        $CAIssuer->setDN($CASubject->getDN());
+
+        $x509 = new X509();
+        $x509->makeCA();
+        $result = $x509->sign($CAIssuer, $CASubject);
+        $CA = $x509->saveX509($result);
+
+        // create CRL
+        $x509 = new X509();
+        $crl = $x509->loadCRL($x509->saveCRL($x509->signCRL($CAIssuer, new X509())));
+        $x509->revoke(new BigInteger('zzz', 256), '+1 year');
+        $crl = $x509->saveCRL($x509->signCRL($CAIssuer, $x509));
+
+        // validate newly created CRL
+        $x509 = new X509();
+        $x509->loadCA($CA);
+        $r = $x509->loadCRL($crl);
+        $this->assertArrayHasKey('parameters', $r['signatureAlgorithm']);
+        $this->assertTrue($x509->validateSignature());
+    }
 }