forked from friendica/friendica-addons
241 lines
7 KiB
PHP
241 lines
7 KiB
PHP
|
<?php
|
||
|
|
||
|
require_once 'Sabre/HTTP/ResponseMock.php';
|
||
|
|
||
|
class Sabre_HTTP_AWSAuthTest extends PHPUnit_Framework_TestCase {
|
||
|
|
||
|
/**
|
||
|
* @var Sabre_HTTP_ResponseMock
|
||
|
*/
|
||
|
private $response;
|
||
|
/**
|
||
|
* @var Sabre_HTTP_AWSAuth
|
||
|
*/
|
||
|
private $auth;
|
||
|
|
||
|
const REALM = 'SabreDAV unittest';
|
||
|
|
||
|
public function setUp() {
|
||
|
|
||
|
$this->response = new Sabre_HTTP_ResponseMock();
|
||
|
$this->auth = new Sabre_HTTP_AWSAuth();
|
||
|
$this->auth->setRealm(self::REALM);
|
||
|
$this->auth->setHTTPResponse($this->response);
|
||
|
|
||
|
}
|
||
|
|
||
|
public function testNoHeader() {
|
||
|
|
||
|
$request = new Sabre_HTTP_Request(array(
|
||
|
'REQUEST_METHOD' => 'GET',
|
||
|
));
|
||
|
|
||
|
$this->auth->setHTTPRequest($request);
|
||
|
|
||
|
$result = $this->auth->init();
|
||
|
|
||
|
$this->assertFalse($result,'No AWS Authorization header was supplied, so we should have gotten false');
|
||
|
$this->assertEquals(Sabre_HTTP_AWSAuth::ERR_NOAWSHEADER,$this->auth->errorCode);
|
||
|
|
||
|
}
|
||
|
|
||
|
public function testIncorrectContentMD5() {
|
||
|
|
||
|
$accessKey = 'accessKey';
|
||
|
$secretKey = 'secretKey';
|
||
|
|
||
|
$request = new Sabre_HTTP_Request(array(
|
||
|
'REQUEST_METHOD' => 'GET',
|
||
|
'HTTP_AUTHORIZATION' => "AWS $accessKey:sig",
|
||
|
'HTTP_CONTENT_MD5' => 'garbage',
|
||
|
'REQUEST_URI' => '/',
|
||
|
));
|
||
|
|
||
|
$this->auth->setHTTPRequest($request);
|
||
|
$this->auth->init();
|
||
|
$result = $this->auth->validate($secretKey);
|
||
|
|
||
|
$this->assertFalse($result);
|
||
|
$this->assertEquals(Sabre_HTTP_AWSAuth::ERR_MD5CHECKSUMWRONG,$this->auth->errorCode);
|
||
|
|
||
|
}
|
||
|
|
||
|
public function testNoDate() {
|
||
|
|
||
|
$accessKey = 'accessKey';
|
||
|
$secretKey = 'secretKey';
|
||
|
$content = 'thisisthebody';
|
||
|
$contentMD5 = base64_encode(md5($content,true));
|
||
|
|
||
|
|
||
|
$request = new Sabre_HTTP_Request(array(
|
||
|
'REQUEST_METHOD' => 'POST',
|
||
|
'HTTP_AUTHORIZATION' => "AWS $accessKey:sig",
|
||
|
'HTTP_CONTENT_MD5' => $contentMD5,
|
||
|
));
|
||
|
|
||
|
$request->setBody($content);
|
||
|
|
||
|
$this->auth->setHTTPRequest($request);
|
||
|
$this->auth->init();
|
||
|
$result = $this->auth->validate($secretKey);
|
||
|
|
||
|
$this->assertFalse($result);
|
||
|
$this->assertEquals(Sabre_HTTP_AWSAuth::ERR_INVALIDDATEFORMAT,$this->auth->errorCode);
|
||
|
|
||
|
}
|
||
|
|
||
|
public function testFutureDate() {
|
||
|
|
||
|
$accessKey = 'accessKey';
|
||
|
$secretKey = 'secretKey';
|
||
|
$content = 'thisisthebody';
|
||
|
$contentMD5 = base64_encode(md5($content,true));
|
||
|
|
||
|
$date = new DateTime('@' . (time() + (60*20)));
|
||
|
$date->setTimeZone(new DateTimeZone('GMT'));
|
||
|
$date = $date->format('D, d M Y H:i:s \\G\\M\\T');
|
||
|
|
||
|
$request = new Sabre_HTTP_Request(array(
|
||
|
'REQUEST_METHOD' => 'POST',
|
||
|
'HTTP_AUTHORIZATION' => "AWS $accessKey:sig",
|
||
|
'HTTP_CONTENT_MD5' => $contentMD5,
|
||
|
'HTTP_DATE' => $date,
|
||
|
));
|
||
|
|
||
|
$request->setBody($content);
|
||
|
|
||
|
$this->auth->setHTTPRequest($request);
|
||
|
$this->auth->init();
|
||
|
$result = $this->auth->validate($secretKey);
|
||
|
|
||
|
$this->assertFalse($result);
|
||
|
$this->assertEquals(Sabre_HTTP_AWSAuth::ERR_REQUESTTIMESKEWED,$this->auth->errorCode);
|
||
|
|
||
|
}
|
||
|
|
||
|
public function testPastDate() {
|
||
|
|
||
|
$accessKey = 'accessKey';
|
||
|
$secretKey = 'secretKey';
|
||
|
$content = 'thisisthebody';
|
||
|
$contentMD5 = base64_encode(md5($content,true));
|
||
|
|
||
|
$date = new DateTime('@' . (time() - (60*20)));
|
||
|
$date->setTimeZone(new DateTimeZone('GMT'));
|
||
|
$date = $date->format('D, d M Y H:i:s \\G\\M\\T');
|
||
|
|
||
|
$request = new Sabre_HTTP_Request(array(
|
||
|
'REQUEST_METHOD' => 'POST',
|
||
|
'HTTP_AUTHORIZATION' => "AWS $accessKey:sig",
|
||
|
'HTTP_CONTENT_MD5' => $contentMD5,
|
||
|
'HTTP_X_AMZ_DATE' => $date,
|
||
|
));
|
||
|
|
||
|
$request->setBody($content);
|
||
|
|
||
|
$this->auth->setHTTPRequest($request);
|
||
|
$this->auth->init();
|
||
|
$result = $this->auth->validate($secretKey);
|
||
|
|
||
|
$this->assertFalse($result);
|
||
|
$this->assertEquals(Sabre_HTTP_AWSAuth::ERR_REQUESTTIMESKEWED,$this->auth->errorCode);
|
||
|
|
||
|
}
|
||
|
|
||
|
public function testIncorrectSignature() {
|
||
|
|
||
|
$accessKey = 'accessKey';
|
||
|
$secretKey = 'secretKey';
|
||
|
$content = 'thisisthebody';
|
||
|
|
||
|
$contentMD5 = base64_encode(md5($content,true));
|
||
|
|
||
|
$date = new DateTime('now');
|
||
|
$date->setTimeZone(new DateTimeZone('GMT'));
|
||
|
$date = $date->format('D, d M Y H:i:s \\G\\M\\T');
|
||
|
|
||
|
$request = new Sabre_HTTP_Request(array(
|
||
|
'REQUEST_METHOD' => 'POST',
|
||
|
'HTTP_AUTHORIZATION' => "AWS $accessKey:sig",
|
||
|
'HTTP_CONTENT_MD5' => $contentMD5,
|
||
|
'HTTP_X_AMZ_DATE' => $date,
|
||
|
'REQUEST_URI' => '/',
|
||
|
));
|
||
|
|
||
|
$request->setBody($content);
|
||
|
|
||
|
$this->auth->setHTTPRequest($request);
|
||
|
$this->auth->init();
|
||
|
$result = $this->auth->validate($secretKey);
|
||
|
|
||
|
$this->assertFalse($result);
|
||
|
$this->assertEquals(Sabre_HTTP_AWSAuth::ERR_INVALIDSIGNATURE,$this->auth->errorCode);
|
||
|
|
||
|
}
|
||
|
|
||
|
public function testValidRequest() {
|
||
|
|
||
|
$accessKey = 'accessKey';
|
||
|
$secretKey = 'secretKey';
|
||
|
$content = 'thisisthebody';
|
||
|
$contentMD5 = base64_encode(md5($content,true));
|
||
|
|
||
|
$date = new DateTime('now');
|
||
|
$date->setTimeZone(new DateTimeZone('GMT'));
|
||
|
$date = $date->format('D, d M Y H:i:s \\G\\M\\T');
|
||
|
|
||
|
|
||
|
$sig = base64_encode($this->hmacsha1($secretKey,
|
||
|
"POST\n$contentMD5\n\n$date\nx-amz-date:$date\n/evert"
|
||
|
));
|
||
|
|
||
|
$request = new Sabre_HTTP_Request(array(
|
||
|
'REQUEST_METHOD' => 'POST',
|
||
|
'HTTP_AUTHORIZATION' => "AWS $accessKey:$sig",
|
||
|
'HTTP_CONTENT_MD5' => $contentMD5,
|
||
|
'HTTP_X_AMZ_DATE' => $date,
|
||
|
'REQUEST_URI' => '/evert',
|
||
|
));
|
||
|
|
||
|
$request->setBody($content);
|
||
|
|
||
|
$this->auth->setHTTPRequest($request);
|
||
|
$this->auth->init();
|
||
|
$result = $this->auth->validate($secretKey);
|
||
|
|
||
|
$this->assertTrue($result,'Signature did not validate, got errorcode ' . $this->auth->errorCode);
|
||
|
$this->assertEquals($accessKey,$this->auth->getAccessKey());
|
||
|
|
||
|
}
|
||
|
|
||
|
public function test401() {
|
||
|
|
||
|
$this->auth->requireLogin();
|
||
|
$test = preg_match('/^AWS$/',$this->response->headers['WWW-Authenticate'],$matches);
|
||
|
$this->assertTrue($test==true,'The WWW-Authenticate response didn\'t match our pattern');
|
||
|
|
||
|
}
|
||
|
|
||
|
/**
|
||
|
* Generates an HMAC-SHA1 signature
|
||
|
*
|
||
|
* @param string $key
|
||
|
* @param string $message
|
||
|
* @return string
|
||
|
*/
|
||
|
private function hmacsha1($key, $message) {
|
||
|
|
||
|
$blocksize=64;
|
||
|
if (strlen($key)>$blocksize)
|
||
|
$key=pack('H*', sha1($key));
|
||
|
$key=str_pad($key,$blocksize,chr(0x00));
|
||
|
$ipad=str_repeat(chr(0x36),$blocksize);
|
||
|
$opad=str_repeat(chr(0x5c),$blocksize);
|
||
|
$hmac = pack('H*',sha1(($key^$opad).pack('H*',sha1(($key^$ipad).$message))));
|
||
|
return $hmac;
|
||
|
|
||
|
}
|
||
|
|
||
|
}
|