dav/SabreDAV/tests/Sabre/HTTP/AWSAuthTest.php

   1 <?php
   2
   3 require_once 'Sabre/HTTP/ResponseMock.php';
   4
   5 class Sabre_HTTP_AWSAuthTest extends PHPUnit_Framework_TestCase {
   6
   7     /**
   8      * @var Sabre_HTTP_ResponseMock
   9      */
  10     private $response;
  11     /**
  12      * @var Sabre_HTTP_AWSAuth
  13      */
  14     private $auth;
  15
  16     const REALM = 'SabreDAV unittest';
  17
  18     public function setUp() {
  19
  20         $this->response = new Sabre_HTTP_ResponseMock();
  21         $this->auth = new Sabre_HTTP_AWSAuth();
  22         $this->auth->setRealm(self::REALM);
  23         $this->auth->setHTTPResponse($this->response);
  24
  25     }
  26
  27     public function testNoHeader() {
  28
  29         $request = new Sabre_HTTP_Request(array(
  30             'REQUEST_METHOD' => 'GET',
  31         ));
  32
  33         $this->auth->setHTTPRequest($request);
  34
  35         $result = $this->auth->init();
  36
  37         $this->assertFalse($result,'No AWS Authorization header was supplied, so we should have gotten false');
  38         $this->assertEquals(Sabre_HTTP_AWSAuth::ERR_NOAWSHEADER,$this->auth->errorCode);
  39
  40     }
  41
  42     public function testIncorrectContentMD5() {
  43
  44         $accessKey = 'accessKey';
  45         $secretKey = 'secretKey';
  46
  47         $request = new Sabre_HTTP_Request(array(
  48             'REQUEST_METHOD'      => 'GET',
  49             'HTTP_AUTHORIZATION'  => "AWS $accessKey:sig",
  50             'HTTP_CONTENT_MD5'    => 'garbage',
  51             'REQUEST_URI'         => '/',
  52         ));
  53
  54         $this->auth->setHTTPRequest($request);
  55         $this->auth->init();
  56         $result = $this->auth->validate($secretKey);
  57
  58         $this->assertFalse($result);
  59         $this->assertEquals(Sabre_HTTP_AWSAuth::ERR_MD5CHECKSUMWRONG,$this->auth->errorCode);
  60
  61     }
  62
  63     public function testNoDate() {
  64
  65         $accessKey = 'accessKey';
  66         $secretKey = 'secretKey';
  67         $content = 'thisisthebody';
  68         $contentMD5 = base64_encode(md5($content,true));
  69
  70
  71         $request = new Sabre_HTTP_Request(array(
  72             'REQUEST_METHOD'      => 'POST',
  73             'HTTP_AUTHORIZATION'  => "AWS $accessKey:sig",
  74             'HTTP_CONTENT_MD5'    => $contentMD5,
  75         ));
  76
  77         $request->setBody($content);
  78
  79         $this->auth->setHTTPRequest($request);
  80         $this->auth->init();
  81         $result = $this->auth->validate($secretKey);
  82
  83         $this->assertFalse($result);
  84         $this->assertEquals(Sabre_HTTP_AWSAuth::ERR_INVALIDDATEFORMAT,$this->auth->errorCode);
  85
  86     }
  87
  88     public function testFutureDate() {
  89
  90         $accessKey = 'accessKey';
  91         $secretKey = 'secretKey';
  92         $content = 'thisisthebody';
  93         $contentMD5 = base64_encode(md5($content,true));
  94
  95         $date = new DateTime('@' . (time() + (60*20)));
  96         $date->setTimeZone(new DateTimeZone('GMT'));
  97         $date = $date->format('D, d M Y H:i:s \\G\\M\\T');
  98
  99         $request = new Sabre_HTTP_Request(array(
 100             'REQUEST_METHOD'      => 'POST',
 101             'HTTP_AUTHORIZATION'  => "AWS $accessKey:sig",
 102             'HTTP_CONTENT_MD5'    => $contentMD5,
 103             'HTTP_DATE'           => $date,
 104         ));
 105
 106         $request->setBody($content);
 107
 108         $this->auth->setHTTPRequest($request);
 109         $this->auth->init();
 110         $result = $this->auth->validate($secretKey);
 111
 112         $this->assertFalse($result);
 113         $this->assertEquals(Sabre_HTTP_AWSAuth::ERR_REQUESTTIMESKEWED,$this->auth->errorCode);
 114
 115     }
 116
 117     public function testPastDate() {
 118
 119         $accessKey = 'accessKey';
 120         $secretKey = 'secretKey';
 121         $content = 'thisisthebody';
 122         $contentMD5 = base64_encode(md5($content,true));
 123
 124         $date = new DateTime('@' . (time() - (60*20)));
 125         $date->setTimeZone(new DateTimeZone('GMT'));
 126         $date = $date->format('D, d M Y H:i:s \\G\\M\\T');
 127
 128         $request = new Sabre_HTTP_Request(array(
 129             'REQUEST_METHOD'      => 'POST',
 130             'HTTP_AUTHORIZATION'  => "AWS $accessKey:sig",
 131             'HTTP_CONTENT_MD5'    => $contentMD5,
 132             'HTTP_X_AMZ_DATE'     => $date,
 133         ));
 134
 135         $request->setBody($content);
 136
 137         $this->auth->setHTTPRequest($request);
 138         $this->auth->init();
 139         $result = $this->auth->validate($secretKey);
 140
 141         $this->assertFalse($result);
 142         $this->assertEquals(Sabre_HTTP_AWSAuth::ERR_REQUESTTIMESKEWED,$this->auth->errorCode);
 143
 144     }
 145
 146     public function testIncorrectSignature() {
 147
 148         $accessKey = 'accessKey';
 149         $secretKey = 'secretKey';
 150         $content = 'thisisthebody';
 151
 152         $contentMD5 = base64_encode(md5($content,true));
 153
 154         $date = new DateTime('now');
 155         $date->setTimeZone(new DateTimeZone('GMT'));
 156         $date = $date->format('D, d M Y H:i:s \\G\\M\\T');
 157
 158         $request = new Sabre_HTTP_Request(array(
 159             'REQUEST_METHOD'      => 'POST',
 160             'HTTP_AUTHORIZATION'  => "AWS $accessKey:sig",
 161             'HTTP_CONTENT_MD5'    => $contentMD5,
 162             'HTTP_X_AMZ_DATE'     => $date,
 163             'REQUEST_URI'         => '/',
 164         ));
 165
 166         $request->setBody($content);
 167
 168         $this->auth->setHTTPRequest($request);
 169         $this->auth->init();
 170         $result = $this->auth->validate($secretKey);
 171
 172         $this->assertFalse($result);
 173         $this->assertEquals(Sabre_HTTP_AWSAuth::ERR_INVALIDSIGNATURE,$this->auth->errorCode);
 174
 175     }
 176
 177     public function testValidRequest() {
 178
 179         $accessKey = 'accessKey';
 180         $secretKey = 'secretKey';
 181         $content = 'thisisthebody';
 182         $contentMD5 = base64_encode(md5($content,true));
 183
 184         $date = new DateTime('now');
 185         $date->setTimeZone(new DateTimeZone('GMT'));
 186         $date = $date->format('D, d M Y H:i:s \\G\\M\\T');
 187
 188
 189         $sig = base64_encode($this->hmacsha1($secretKey,
 190             "POST\n$contentMD5\n\n$date\nx-amz-date:$date\n/evert"
 191         ));
 192
 193         $request = new Sabre_HTTP_Request(array(
 194             'REQUEST_METHOD'      => 'POST',
 195             'HTTP_AUTHORIZATION'  => "AWS $accessKey:$sig",
 196             'HTTP_CONTENT_MD5'    => $contentMD5,
 197             'HTTP_X_AMZ_DATE'     => $date,
 198             'REQUEST_URI'         => '/evert',
 199         ));
 200
 201         $request->setBody($content);
 202
 203         $this->auth->setHTTPRequest($request);
 204         $this->auth->init();
 205         $result = $this->auth->validate($secretKey);
 206
 207         $this->assertTrue($result,'Signature did not validate, got errorcode ' . $this->auth->errorCode);
 208         $this->assertEquals($accessKey,$this->auth->getAccessKey());
 209
 210     }
 211
 212     public function test401() {
 213
 214         $this->auth->requireLogin();
 215         $test = preg_match('/^AWS$/',$this->response->headers['WWW-Authenticate'],$matches);
 216         $this->assertTrue($test==true,'The WWW-Authenticate response didn\'t match our pattern');
 217
 218     }
 219
 220     /**
 221      * Generates an HMAC-SHA1 signature
 222      *
 223      * @param string $key
 224      * @param string $message
 225      * @return string
 226      */
 227     private function hmacsha1($key, $message) {
 228
 229         $blocksize=64;
 230         if (strlen($key)>$blocksize)
 231             $key=pack('H*', sha1($key));
 232         $key=str_pad($key,$blocksize,chr(0x00));
 233         $ipad=str_repeat(chr(0x36),$blocksize);
 234         $opad=str_repeat(chr(0x5c),$blocksize);
 235         $hmac = pack('H*',sha1(($key^$opad).pack('H*',sha1(($key^$ipad).$message))));
 236         return $hmac;
 237
 238     }
 239
 240 }