3 require_once 'Sabre/HTTP/ResponseMock.php';
5 class Sabre_HTTP_AWSAuthTest extends PHPUnit_Framework_TestCase {
8 * @var Sabre_HTTP_ResponseMock
12 * @var Sabre_HTTP_AWSAuth
16 const REALM = 'SabreDAV unittest';
18 public function setUp() {
20 $this->response = new Sabre_HTTP_ResponseMock();
21 $this->auth = new Sabre_HTTP_AWSAuth();
22 $this->auth->setRealm(self::REALM);
23 $this->auth->setHTTPResponse($this->response);
27 public function testNoHeader() {
29 $request = new Sabre_HTTP_Request(array(
30 'REQUEST_METHOD' => 'GET',
33 $this->auth->setHTTPRequest($request);
35 $result = $this->auth->init();
37 $this->assertFalse($result,'No AWS Authorization header was supplied, so we should have gotten false');
38 $this->assertEquals(Sabre_HTTP_AWSAuth::ERR_NOAWSHEADER,$this->auth->errorCode);
42 public function testIncorrectContentMD5() {
44 $accessKey = 'accessKey';
45 $secretKey = 'secretKey';
47 $request = new Sabre_HTTP_Request(array(
48 'REQUEST_METHOD' => 'GET',
49 'HTTP_AUTHORIZATION' => "AWS $accessKey:sig",
50 'HTTP_CONTENT_MD5' => 'garbage',
54 $this->auth->setHTTPRequest($request);
56 $result = $this->auth->validate($secretKey);
58 $this->assertFalse($result);
59 $this->assertEquals(Sabre_HTTP_AWSAuth::ERR_MD5CHECKSUMWRONG,$this->auth->errorCode);
63 public function testNoDate() {
65 $accessKey = 'accessKey';
66 $secretKey = 'secretKey';
67 $content = 'thisisthebody';
68 $contentMD5 = base64_encode(md5($content,true));
71 $request = new Sabre_HTTP_Request(array(
72 'REQUEST_METHOD' => 'POST',
73 'HTTP_AUTHORIZATION' => "AWS $accessKey:sig",
74 'HTTP_CONTENT_MD5' => $contentMD5,
77 $request->setBody($content);
79 $this->auth->setHTTPRequest($request);
81 $result = $this->auth->validate($secretKey);
83 $this->assertFalse($result);
84 $this->assertEquals(Sabre_HTTP_AWSAuth::ERR_INVALIDDATEFORMAT,$this->auth->errorCode);
88 public function testFutureDate() {
90 $accessKey = 'accessKey';
91 $secretKey = 'secretKey';
92 $content = 'thisisthebody';
93 $contentMD5 = base64_encode(md5($content,true));
95 $date = new DateTime('@' . (time() + (60*20)));
96 $date->setTimeZone(new DateTimeZone('GMT'));
97 $date = $date->format('D, d M Y H:i:s \\G\\M\\T');
99 $request = new Sabre_HTTP_Request(array(
100 'REQUEST_METHOD' => 'POST',
101 'HTTP_AUTHORIZATION' => "AWS $accessKey:sig",
102 'HTTP_CONTENT_MD5' => $contentMD5,
103 'HTTP_DATE' => $date,
106 $request->setBody($content);
108 $this->auth->setHTTPRequest($request);
110 $result = $this->auth->validate($secretKey);
112 $this->assertFalse($result);
113 $this->assertEquals(Sabre_HTTP_AWSAuth::ERR_REQUESTTIMESKEWED,$this->auth->errorCode);
117 public function testPastDate() {
119 $accessKey = 'accessKey';
120 $secretKey = 'secretKey';
121 $content = 'thisisthebody';
122 $contentMD5 = base64_encode(md5($content,true));
124 $date = new DateTime('@' . (time() - (60*20)));
125 $date->setTimeZone(new DateTimeZone('GMT'));
126 $date = $date->format('D, d M Y H:i:s \\G\\M\\T');
128 $request = new Sabre_HTTP_Request(array(
129 'REQUEST_METHOD' => 'POST',
130 'HTTP_AUTHORIZATION' => "AWS $accessKey:sig",
131 'HTTP_CONTENT_MD5' => $contentMD5,
132 'HTTP_X_AMZ_DATE' => $date,
135 $request->setBody($content);
137 $this->auth->setHTTPRequest($request);
139 $result = $this->auth->validate($secretKey);
141 $this->assertFalse($result);
142 $this->assertEquals(Sabre_HTTP_AWSAuth::ERR_REQUESTTIMESKEWED,$this->auth->errorCode);
146 public function testIncorrectSignature() {
148 $accessKey = 'accessKey';
149 $secretKey = 'secretKey';
150 $content = 'thisisthebody';
152 $contentMD5 = base64_encode(md5($content,true));
154 $date = new DateTime('now');
155 $date->setTimeZone(new DateTimeZone('GMT'));
156 $date = $date->format('D, d M Y H:i:s \\G\\M\\T');
158 $request = new Sabre_HTTP_Request(array(
159 'REQUEST_METHOD' => 'POST',
160 'HTTP_AUTHORIZATION' => "AWS $accessKey:sig",
161 'HTTP_CONTENT_MD5' => $contentMD5,
162 'HTTP_X_AMZ_DATE' => $date,
163 'REQUEST_URI' => '/',
166 $request->setBody($content);
168 $this->auth->setHTTPRequest($request);
170 $result = $this->auth->validate($secretKey);
172 $this->assertFalse($result);
173 $this->assertEquals(Sabre_HTTP_AWSAuth::ERR_INVALIDSIGNATURE,$this->auth->errorCode);
177 public function testValidRequest() {
179 $accessKey = 'accessKey';
180 $secretKey = 'secretKey';
181 $content = 'thisisthebody';
182 $contentMD5 = base64_encode(md5($content,true));
184 $date = new DateTime('now');
185 $date->setTimeZone(new DateTimeZone('GMT'));
186 $date = $date->format('D, d M Y H:i:s \\G\\M\\T');
189 $sig = base64_encode($this->hmacsha1($secretKey,
190 "POST\n$contentMD5\n\n$date\nx-amz-date:$date\n/evert"
193 $request = new Sabre_HTTP_Request(array(
194 'REQUEST_METHOD' => 'POST',
195 'HTTP_AUTHORIZATION' => "AWS $accessKey:$sig",
196 'HTTP_CONTENT_MD5' => $contentMD5,
197 'HTTP_X_AMZ_DATE' => $date,
198 'REQUEST_URI' => '/evert',
201 $request->setBody($content);
203 $this->auth->setHTTPRequest($request);
205 $result = $this->auth->validate($secretKey);
207 $this->assertTrue($result,'Signature did not validate, got errorcode ' . $this->auth->errorCode);
208 $this->assertEquals($accessKey,$this->auth->getAccessKey());
212 public function test401() {
214 $this->auth->requireLogin();
215 $test = preg_match('/^AWS$/',$this->response->headers['WWW-Authenticate'],$matches);
216 $this->assertTrue($test==true,'The WWW-Authenticate response didn\'t match our pattern');
221 * Generates an HMAC-SHA1 signature
224 * @param string $message
227 private function hmacsha1($key, $message) {
230 if (strlen($key)>$blocksize)
231 $key=pack('H*', sha1($key));
232 $key=str_pad($key,$blocksize,chr(0x00));
233 $ipad=str_repeat(chr(0x36),$blocksize);
234 $opad=str_repeat(chr(0x5c),$blocksize);
235 $hmac = pack('H*',sha1(($key^$opad).pack('H*',sha1(($key^$ipad).$message))));