getMock('apache\shindig\common\RemoteContentFetcher'); $this->signingFetcher = SigningFetcher::makeFromOpenSslPrivateKey($basicFetcher, 'http://shindig/public.cer', $rsa_private_key); } /** * Cleans up the environment after running a test. */ protected function tearDown() { $this->Substitutions = null; parent::tearDown(); } /** * Tests SigningFetcher->fetchRequest */ public function testFetchRequest() { $request = new RemoteContentRequest('http://example.org/signed'); $request->setAuthType(RemoteContentRequest::$AUTH_SIGNED); $request->setToken(BasicSecurityToken::createFromValues('owner', 'viewer', 'app', 'domain', 'appUrl', '1', 'default')); $request->setPostBody('key=value&anotherkey=value'); $this->signingFetcher->fetchRequest($request); $this->verifySignedRequest($request); } /** * Tests SigningFetcher->fetchRequest */ public function testFetchRequestForBodyHash() { $request = new RemoteContentRequest('http://example.org/signed'); $request->setAuthType(RemoteContentRequest::$AUTH_SIGNED); $request->setToken(BasicSecurityToken::createFromValues('owner', 'viewer', 'app', 'domain', 'appUrl', '1', 'default')); $request->setPostBody('Hello World!'); $request->setHeaders('Content-Type: text/plain'); $this->signingFetcher->fetchRequest($request); $this->verifySignedRequest($request); $url = parse_url($request->getUrl()); $query = array(); parse_str($url['query'], $query); // test example 'Hello World!' and 'Lve95gjOVATpfV8EL5X4nxwjKHE=' are from // OAuth Request Body Hash 1.0 Draft 4 Example $this->assertEquals('Lve95gjOVATpfV8EL5X4nxwjKHE=', $query['oauth_body_hash']); } /** * Tests SigningFetcher->fetchRequest */ public function testFetchRequestWithEmptyPath() { $request = new RemoteContentRequest('http://example.org'); $request->setAuthType(RemoteContentRequest::$AUTH_SIGNED); $request->setToken(BasicSecurityToken::createFromValues('owner', 'viewer', 'app', 'domain', 'appUrl', '1', 'default')); $request->setPostBody('key=value&anotherkey=value'); $this->signingFetcher->fetchRequest($request); $this->verifySignedRequest($request); } private function verifySignedRequest(RemoteContentRequest $request) { $url = parse_url($request->getUrl()); $query = array(); parse_str($url['query'], $query); $post = array(); $contentType = $request->getHeader('Content-Type'); if ((stripos($contentType, 'application/x-www-form-urlencoded') !== false || $contentType == null)) { parse_str($request->getPostBody(), $post); } else { $this->assertEquals(base64_encode(sha1($request->getPostBody(), true)), $query['oauth_body_hash']); } $this->assertEquals('owner', $query['opensocial_owner_id']); $this->assertEquals('viewer', $query['opensocial_viewer_id']); $this->assertEquals('app', $query['opensocial_app_id']); $this->assertEquals('appUrl', $query['opensocial_app_url']); $this->assertEquals('1', $query['opensocial_instance_id']); $this->assertEquals($query['xoauth_signature_publickey'], $query['xoauth_public_key']); $oauthRequest = \OAuthRequest::from_request($request->getMethod(), $request->getUrl(), array_merge($query, $post)); $signature_method = new MockSignatureMethod(); $signature_valid = $signature_method->check_signature($oauthRequest, null, null, $query['oauth_signature']); $this->assertTrue($signature_valid); } }