ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
AWSTest.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Sabre\HTTP\Auth;
4 
5 use Sabre\HTTP\Request;
6 use Sabre\HTTP\Response;
7 
8 class AWSTest extends \PHPUnit_Framework_TestCase {
9 
13  private $response;
14 
18  private $request;
19 
23  private $auth;
24 
25  const REALM = 'SabreDAV unittest';
26 
27  function setUp() {
28 
29  $this->response = new Response();
30  $this->request = new Request();
31  $this->auth = new AWS(self::REALM, $this->request, $this->response);
32 
33  }
34 
35  function testNoHeader() {
36 
37  $this->request->setMethod('GET');
38  $result = $this->auth->init();
39 
40  $this->assertFalse($result, 'No AWS Authorization header was supplied, so we should have gotten false');
41  $this->assertEquals(AWS::ERR_NOAWSHEADER, $this->auth->errorCode);
42 
43  }
44 
45  function testIncorrectContentMD5() {
46 
47  $accessKey = 'accessKey';
48  $secretKey = 'secretKey';
49 
50  $this->request->setMethod('GET');
51  $this->request->setHeaders([
52  'Authorization' => "AWS $accessKey:sig",
53  'Content-MD5' => 'garbage',
54  ]);
55  $this->request->setUrl('/');
56 
57  $this->auth->init();
58  $result = $this->auth->validate($secretKey);
59 
60  $this->assertFalse($result);
61  $this->assertEquals(AWS::ERR_MD5CHECKSUMWRONG, $this->auth->errorCode);
62 
63  }
64 
65  function testNoDate() {
66 
67  $accessKey = 'accessKey';
68  $secretKey = 'secretKey';
69  $content = 'thisisthebody';
70  $contentMD5 = base64_encode(md5($content, true));
71 
72  $this->request->setMethod('POST');
73  $this->request->setHeaders([
74  'Authorization' => "AWS $accessKey:sig",
75  'Content-MD5' => $contentMD5,
76  ]);
77  $this->request->setUrl('/');
78  $this->request->setBody($content);
79 
80  $this->auth->init();
81  $result = $this->auth->validate($secretKey);
82 
83  $this->assertFalse($result);
84  $this->assertEquals(AWS::ERR_INVALIDDATEFORMAT, $this->auth->errorCode);
85 
86  }
87 
88  function testFutureDate() {
89 
90  $accessKey = 'accessKey';
91  $secretKey = 'secretKey';
92  $content = 'thisisthebody';
93  $contentMD5 = base64_encode(md5($content, true));
94 
95  $date = new \DateTime('@' . (time() + (60 * 20)));
96  $date->setTimeZone(new \DateTimeZone('GMT'));
97  $date = $date->format('D, d M Y H:i:s \\G\\M\\T');
98 
99  $this->request->setMethod('POST');
100  $this->request->setHeaders([
101  'Authorization' => "AWS $accessKey:sig",
102  'Content-MD5' => $contentMD5,
103  'Date' => $date,
104  ]);
105 
106  $this->request->setBody($content);
107 
108  $this->auth->init();
109  $result = $this->auth->validate($secretKey);
110 
111  $this->assertFalse($result);
112  $this->assertEquals(AWS::ERR_REQUESTTIMESKEWED, $this->auth->errorCode);
113 
114  }
115 
116  function testPastDate() {
117 
118  $accessKey = 'accessKey';
119  $secretKey = 'secretKey';
120  $content = 'thisisthebody';
121  $contentMD5 = base64_encode(md5($content, true));
122 
123  $date = new \DateTime('@' . (time() - (60 * 20)));
124  $date->setTimeZone(new \DateTimeZone('GMT'));
125  $date = $date->format('D, d M Y H:i:s \\G\\M\\T');
126 
127  $this->request->setMethod('POST');
128  $this->request->setHeaders([
129  'Authorization' => "AWS $accessKey:sig",
130  'Content-MD5' => $contentMD5,
131  'Date' => $date,
132  ]);
133 
134  $this->request->setBody($content);
135 
136  $this->auth->init();
137  $result = $this->auth->validate($secretKey);
138 
139  $this->assertFalse($result);
140  $this->assertEquals(AWS::ERR_REQUESTTIMESKEWED, $this->auth->errorCode);
141 
142  }
143 
144  function testIncorrectSignature() {
145 
146  $accessKey = 'accessKey';
147  $secretKey = 'secretKey';
148  $content = 'thisisthebody';
149 
150  $contentMD5 = base64_encode(md5($content, true));
151 
152  $date = new \DateTime('now');
153  $date->setTimeZone(new \DateTimeZone('GMT'));
154  $date = $date->format('D, d M Y H:i:s \\G\\M\\T');
155 
156  $this->request->setUrl('/');
157  $this->request->setMethod('POST');
158  $this->request->setHeaders([
159  'Authorization' => "AWS $accessKey:sig",
160  'Content-MD5' => $contentMD5,
161  'X-amz-date' => $date,
162  ]);
163  $this->request->setBody($content);
164 
165  $this->auth->init();
166  $result = $this->auth->validate($secretKey);
167 
168  $this->assertFalse($result);
169  $this->assertEquals(AWS::ERR_INVALIDSIGNATURE, $this->auth->errorCode);
170 
171  }
172 
173  function testValidRequest() {
174 
175  $accessKey = 'accessKey';
176  $secretKey = 'secretKey';
177  $content = 'thisisthebody';
178  $contentMD5 = base64_encode(md5($content, true));
179 
180  $date = new \DateTime('now');
181  $date->setTimeZone(new \DateTimeZone('GMT'));
182  $date = $date->format('D, d M Y H:i:s \\G\\M\\T');
183 
184 
185  $sig = base64_encode($this->hmacsha1($secretKey,
186  "POST\n$contentMD5\n\n$date\nx-amz-date:$date\n/evert"
187  ));
188 
189  $this->request->setUrl('/evert');
190  $this->request->setMethod('POST');
191  $this->request->setHeaders([
192  'Authorization' => "AWS $accessKey:$sig",
193  'Content-MD5' => $contentMD5,
194  'X-amz-date' => $date,
195  ]);
196 
197  $this->request->setBody($content);
198 
199  $this->auth->init();
200  $result = $this->auth->validate($secretKey);
201 
202  $this->assertTrue($result, 'Signature did not validate, got errorcode ' . $this->auth->errorCode);
203  $this->assertEquals($accessKey, $this->auth->getAccessKey());
204 
205  }
206 
207  function test401() {
208 
209  $this->auth->requireLogin();
210  $test = preg_match('/^AWS$/', $this->response->getHeader('WWW-Authenticate'), $matches);
211  $this->assertTrue($test == true, 'The WWW-Authenticate response didn\'t match our pattern');
212 
213  }
214 
222  private function hmacsha1($key, $message) {
223 
224  $blocksize = 64;
225  if (strlen($key) > $blocksize)
226  $key = pack('H*', sha1($key));
227  $key = str_pad($key, $blocksize, chr(0x00));
228  $ipad = str_repeat(chr(0x36), $blocksize);
229  $opad = str_repeat(chr(0x5c), $blocksize);
230  $hmac = pack('H*', sha1(($key ^ $opad) . pack('H*', sha1(($key ^ $ipad) . $message))));
231  return $hmac;
232 
233  }
234 
235 }
Sabre\HTTP\Auth\AWS
HTTP AWS Authentication handler.
Definition: AWS.php:16
Sabre\HTTP\Auth\AWS\ERR_INVALIDSIGNATURE
const ERR_INVALIDSIGNATURE
Definition: AWS.php:45
$result
$result
Definition: CleanUpTest.php:463
Sabre\HTTP\Request
The Request class represents a single HTTP request.
Definition: Request.php:18
PHPUnit_Framework_TestCase
$message
catch(Exception $e) $message
Definition: saml2-logout.php:34
Sabre\HTTP\Auth\AWS\ERR_INVALIDDATEFORMAT
const ERR_INVALIDDATEFORMAT
Definition: AWS.php:43
Sabre\HTTP\Response
This class represents a single HTTP response.
Definition: Response.php:12
Sabre\HTTP\Auth\AWS\ERR_NOAWSHEADER
const ERR_NOAWSHEADER
Definition: AWS.php:41
Sabre\HTTP\Auth\AWS\ERR_REQUESTTIMESKEWED
const ERR_REQUESTTIMESKEWED
Definition: AWS.php:44
Sabre\HTTP\Auth\AWS\ERR_MD5CHECKSUMWRONG
const ERR_MD5CHECKSUMWRONG
Definition: AWS.php:42
$key
$key
Definition: croninfo.php:18
$test
$test
Definition: Utf8Test.php:84
Sabre\HTTP\Auth\AWSTest\hmacsha1
hmacsha1($key, $message)
Generates an HMAC-SHA1 signature.
Definition: AWSTest.php:222