diff options
Diffstat (limited to 'models/openid-php-openid-782224d/Tests/Auth/OpenID')
55 files changed, 15463 insertions, 0 deletions
diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/AX.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/AX.php new file mode 100644 index 000000000..0a85ed2f1 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/AX.php @@ -0,0 +1,792 @@ +<?php + +/* + * Tests for the attribute exchange extension module + */ + +require_once "Auth/OpenID/AX.php"; +require_once "Auth/OpenID/Message.php"; +require_once "Auth/OpenID/Consumer.php"; +require_once "Auth/OpenID/Server.php"; + +class BogusAXMessage extends Auth_OpenID_AX_Message { + var $mode = 'bogus'; + + function getExtensionArgs() + { + return $this->_newArgs(); + } +} + +class AXMessageTest extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->bax = new BogusAXMessage(); + } + + function test_checkMode() + { + $result = $this->bax->_checkMode(array()); + $this->assertTrue(Auth_OpenID_AX::isError($result)); + + $result = $this->bax->_checkMode(array('mode' => 'fetch_request')); + $this->assertTrue(Auth_OpenID_AX::isError($result)); + + // does not raise an exception when the mode is right + $result = $this->bax->_checkMode(array('mode' => $this->bax->mode)); + $this->assertTrue($result === true); + } + + /* + * _newArgs generates something that has the correct mode + */ + function test_checkMode_newArgs() + { + $result = $this->bax->_checkMode($this->bax->_newArgs()); + $this->assertTrue($result === true); + } +} + +class AttrInfoTest extends PHPUnit_Framework_TestCase { + function test_construct() + { + $type_uri = 'a uri'; + $ainfo = Auth_OpenID_AX_AttrInfo::make($type_uri); + + $this->assertEquals($type_uri, $ainfo->type_uri); + $this->assertEquals(1, $ainfo->count); + $this->assertFalse($ainfo->required); + $this->assertTrue($ainfo->alias === null); + } +} + +class ToTypeURIsTest extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->aliases = new Auth_OpenID_NamespaceMap(); + } + + function test_empty() + { + foreach (array(null, '') as $empty) { + $uris = Auth_OpenID_AX_toTypeURIs($this->aliases, $empty); + $this->assertEquals(array(), $uris); + } + } + + function test_undefined() + { + $result = Auth_OpenID_AX_toTypeURIs($this->aliases, + 'http://janrain.com/'); + $this->assertTrue(Auth_OpenID_AX::isError($result)); + } + + function test_one() + { + $uri = 'http://janrain.com/'; + $alias = 'openid_hackers'; + $this->aliases->addAlias($uri, $alias); + $uris = Auth_OpenID_AX_toTypeURIs($this->aliases, $alias); + $this->assertEquals(array($uri), $uris); + } + + function test_two() + { + $uri1 = 'http://janrain.com/'; + $alias1 = 'openid_hackers'; + $this->aliases->addAlias($uri1, $alias1); + + $uri2 = 'http://jyte.com/'; + $alias2 = 'openid_hack'; + $this->aliases->addAlias($uri2, $alias2); + + $uris = Auth_OpenID_AX_toTypeURIs($this->aliases, + implode(',', array($alias1, $alias2))); + $this->assertEquals(array($uri1, $uri2), $uris); + } +} + +class ParseAXValuesTest extends PHPUnit_Framework_TestCase { + function failUnlessAXKeyError($ax_args) + { + $msg = new Auth_OpenID_AX_KeyValueMessage(); + $result = $msg->parseExtensionArgs($ax_args); + $this->assertTrue(Auth_OpenID_AX::isError($result)); + $this->assertTrue($result->message); + } + + function failUnlessAXValues($ax_args, $expected_args) + { + $msg = new Auth_OpenID_AX_KeyValueMessage(); + $msg->parseExtensionArgs($ax_args); + $this->assertEquals($expected_args, $msg->data); + } + + function test_emptyIsValid() + { + $this->failUnlessAXValues(array(), array()); + } + + function test_invalidAlias() + { + $types = array( + 'Auth_OpenID_AX_KeyValueMessage', + 'Auth_OpenID_AX_FetchRequest' + ); + + $inputs = array( + array('type.a.b' => 'urn:foo', + 'count.a.b' => '1'), + array('type.a,b' => 'urn:foo', + 'count.a,b' => '1'), + ); + + foreach ($types as $typ) { + foreach ($inputs as $input) { + $msg = new $typ(); + $result = $msg->parseExtensionArgs($input); + $this->assertTrue(Auth_OpenID_AX::isError($result)); + } + } + } + + function test_missingValueForAliasExplodes() + { + $this->failUnlessAXKeyError(array('type.foo' => 'urn:foo')); + } + + function test_countPresentButNotValue() + { + $this->failUnlessAXKeyError(array('type.foo' => 'urn:foo', + 'count.foo' => '1')); + } + + function test_invalidCountValue() + { + $msg = new Auth_OpenID_AX_FetchRequest(); + + $result = $msg->parseExtensionArgs( + array('type.foo' => 'urn:foo', + 'count.foo' => 'bogus')); + + $this->assertTrue(Auth_OpenID_AX::isError($result)); + } + + function test_requestUnlimitedValues() + { + $msg = new Auth_OpenID_AX_FetchRequest(); + + $result = $msg->parseExtensionArgs( + array('mode' => 'fetch_request', + 'required' => 'foo', + 'type.foo' => 'urn:foo', + 'count.foo' => Auth_OpenID_AX_UNLIMITED_VALUES)); + + $attrs = $msg->iterAttrs(); + $foo = $attrs[0]; + + $this->assertTrue($foo->count == Auth_OpenID_AX_UNLIMITED_VALUES); + $this->assertTrue($foo->wantsUnlimitedValues()); + } + + function test_longAlias() + { + // Spec minimum length is 32 characters. This is a silly test + // for this library, but it's here for completeness. + $alias = str_repeat('x', Auth_OpenID_AX_MINIMUM_SUPPORTED_ALIAS_LENGTH); + + $msg = new Auth_OpenID_AX_KeyValueMessage(); + $result = $msg->parseExtensionArgs( + array('type.' . $alias => 'urn:foo', + 'count.' . $alias => '1', + 'value.'.$alias.'.1' => 'first') + ); + $this->assertFalse(Auth_OpenID_AX::isError($result)); + } + + function test_countPresentAndIsZero() + { + $this->failUnlessAXValues( + array('type.foo' => 'urn:foo', + 'count.foo' => '0', + ), array('urn:foo' => array())); + } + + function test_singletonEmpty() + { + $this->failUnlessAXValues( + array('type.foo' => 'urn:foo', + 'value.foo' => '', + ), array('urn:foo' => array())); + } + + function test_doubleAlias() + { + $this->failUnlessAXKeyError( + array('type.foo' => 'urn:foo', + 'value.foo' => '', + 'type.bar' => 'urn:foo', + 'value.bar' => '', + )); + } + + function test_doubleSingleton() + { + $this->failUnlessAXValues( + array('type.foo' => 'urn:foo', + 'value.foo' => '', + 'type.bar' => 'urn:bar', + 'value.bar' => '', + ), array('urn:foo' => array(), 'urn:bar' => array())); + } + + function test_singletonValue() + { + $this->failUnlessAXValues( + array('type.foo' => 'urn:foo', + 'value.foo' => 'Westfall', + ), array('urn:foo' => array('Westfall'))); + } +} + +class FetchRequestTest extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->msg = new Auth_OpenID_AX_FetchRequest(); + $this->type_a = 'http://janrain.example.com/a'; + $this->alias_a = 'a'; + } + + function test_mode() + { + $this->assertEquals($this->msg->mode, 'fetch_request'); + } + + function test_construct() + { + $this->assertEquals(array(), $this->msg->requested_attributes); + $this->assertEquals(null, $this->msg->update_url); + + $msg = new Auth_OpenID_AX_FetchRequest('hailstorm'); + $this->assertEquals(array(), $msg->requested_attributes); + $this->assertEquals('hailstorm', $msg->update_url); + } + + function test_add() + { + $uri = 'mud://puddle'; + + // Not yet added: + $this->assertFalse(in_array($uri, $this->msg->iterTypes())); + + $attr = Auth_OpenID_AX_AttrInfo::make($uri); + $this->msg->add($attr); + + // Present after adding + $this->assertTrue(in_array($uri, $this->msg->iterTypes())); + } + + function test_addTwice() + { + $uri = 'lightning://storm'; + + $attr = Auth_OpenID_AX_AttrInfo::make($uri); + $this->msg->add($attr); + $this->assertTrue(Auth_OpenID_AX::isError($this->msg->add($attr))); + } + + function test_getExtensionArgs_empty() + { + $expected_args = array( + 'mode' =>'fetch_request', + ); + $this->assertEquals($expected_args, $this->msg->getExtensionArgs()); + } + + function test_getExtensionArgs_noAlias() + { + $attr = Auth_OpenID_AX_AttrInfo::make('type://of.transportation'); + + $this->msg->add($attr); + $ax_args = $this->msg->getExtensionArgs(); + $found = false; + $alias = null; + + foreach ($ax_args as $k => $v) { + if (($v == $attr->type_uri) && (strpos($k, 'type.') === 0)) { + $alias = substr($k, 5); + $found = true; + break; + } + } + + if (!$found) { + $this->fail("Didn't find the type definition"); + return; + } + + $this->failUnlessExtensionArgs(array( + 'type.' . $alias => $attr->type_uri, + 'if_available' => $alias)); + } + + function test_getExtensionArgs_alias_if_available() + { + $attr = Auth_OpenID_AX_AttrInfo::make( + 'type://of.transportation', 1, false, + 'transport'); + + $this->msg->add($attr); + $this->failUnlessExtensionArgs(array( + 'type.' . $attr->alias => $attr->type_uri, + 'if_available' => $attr->alias)); + } + + function test_getExtensionArgs_alias_req() + { + $attr = Auth_OpenID_AX_AttrInfo::make( + 'type://of.transportation', + 1, true, 'transport'); + + $this->msg->add($attr); + $this->failUnlessExtensionArgs(array( + 'type.' . $attr->alias => $attr->type_uri, + 'required' => $attr->alias)); + } + + /* + * Make sure that getExtensionArgs has the expected result + * + * This method will fill in the mode. + */ + function failUnlessExtensionArgs($expected_args) + { + $expected_args['mode'] = $this->msg->mode; + $this->assertEquals($expected_args, $this->msg->getExtensionArgs()); + } + + function test_isIterable() + { + $this->assertEquals(array(), $this->msg->iterAttrs()); + $this->assertEquals(array(), $this->msg->iterTypes()); + } + + function test_getRequiredAttrs_empty() + { + $this->assertEquals(array(), $this->msg->getRequiredAttrs()); + } + + function test_parseExtensionArgs_extraType() + { + $extension_args = array( + 'mode' => 'fetch_request', + 'type.' . $this->alias_a => $this->type_a); + + $this->assertTrue(Auth_OpenID_AX::isError( + $this->msg->parseExtensionArgs($extension_args))); + } + + function test_parseExtensionArgs() + { + $extension_args = array( + 'mode' => 'fetch_request', + 'type.' . $this->alias_a => $this->type_a, + 'if_available' => $this->alias_a); + + $this->msg->parseExtensionArgs($extension_args); + $this->assertEquals(array($this->type_a), $this->msg->iterTypes()); + $attr_info = Auth_OpenID::arrayGet($this->msg->requested_attributes, + $this->type_a); + $this->assertTrue($attr_info); + $this->assertFalse($attr_info->required); + $this->assertEquals($this->type_a, $attr_info->type_uri); + $this->assertEquals($this->alias_a, $attr_info->alias); + $this->assertEquals(array($attr_info), + $this->msg->iterAttrs()); + } + + function test_extensionArgs_idempotent() + { + $extension_args = array( + 'mode' => 'fetch_request', + 'type.' . $this->alias_a => $this->type_a, + 'if_available' => $this->alias_a); + + $this->msg->parseExtensionArgs($extension_args); + $this->assertEquals($extension_args, $this->msg->getExtensionArgs()); + + $attr = $this->msg->requested_attributes[$this->type_a]; + $this->assertFalse($attr->required); + } + + function test_extensionArgs_idempotent_count_required() + { + $extension_args = array( + 'mode' => 'fetch_request', + 'type.' . $this->alias_a => $this->type_a, + 'count.' . $this->alias_a => '2', + 'required' => $this->alias_a); + + $this->msg->parseExtensionArgs($extension_args); + $this->assertEquals($extension_args, $this->msg->getExtensionArgs()); + + $attr = $this->msg->requested_attributes[$this->type_a]; + $this->assertTrue($attr->required); + } + + function test_extensionArgs_count1() + { + $extension_args = array( + 'mode' => 'fetch_request', + 'type.' . $this->alias_a => $this->type_a, + 'count.' . $this->alias_a => '1', + 'if_available' => $this->alias_a); + + $extension_args_norm = array( + 'mode' => 'fetch_request', + 'type.' . $this->alias_a => $this->type_a, + 'if_available' => $this->alias_a); + + $this->msg->parseExtensionArgs($extension_args); + $this->assertEquals($extension_args_norm, $this->msg->getExtensionArgs()); + } + + function test_openidNoRealm() + { + $openid_req_msg = Auth_OpenID_Message::fromOpenIDArgs(array( + 'mode' => 'checkid_setup', + 'ns' => Auth_OpenID_OPENID2_NS, + 'ns.ax' => Auth_OpenID_AX_NS_URI, + 'ax.update_url' => 'http://different.site/path', + 'ax.mode' => 'fetch_request', + )); + $openid_req = new Auth_OpenID_Request(); + $openid_req->message =& $openid_req_msg; + $result = Auth_OpenID_AX_FetchRequest::fromOpenIDRequest( + $openid_req); + $this->assertTrue(Auth_OpenID_AX::isError($result)); + } + + function test_openidUpdateURLVerificationError() + { + $openid_req_msg = Auth_OpenID_Message::fromOpenIDArgs(array( + 'mode' => 'checkid_setup', + 'ns' => Auth_OpenID_OPENID2_NS, + 'realm' => 'http://example.com/realm', + 'ns.ax' => Auth_OpenID_AX_NS_URI, + 'ax.update_url' => 'http://different.site/path', + 'ax.mode' => 'fetch_request', + )); + $openid_req = new Auth_OpenID_Request(); + $openid_req->message =& $openid_req_msg; + $result = Auth_OpenID_AX_FetchRequest::fromOpenIDRequest($openid_req); + $this->assertTrue(Auth_OpenID_AX::isError($result)); + } + + function test_openidUpdateURLVerificationSuccess() + { + $openid_req_msg = Auth_OpenID_Message::fromOpenIDArgs(array( + 'mode' => 'checkid_setup', + 'ns' => Auth_OpenID_OPENID2_NS, + 'realm' => 'http://example.com/realm', + 'ns.ax' => Auth_OpenID_AX_NS_URI, + 'ax.update_url' => 'http://example.com/realm/update_path', + 'ax.mode' => 'fetch_request', + )); + $openid_req = new Auth_OpenID_Request(); + $openid_req->message =& $openid_req_msg; + $fr = Auth_OpenID_AX_FetchRequest::fromOpenIDRequest($openid_req); + $this->assertFalse(Auth_OpenID_AX::isError($fr)); + } + + function test_openidUpdateURLVerificationSuccessReturnTo() + { + $openid_req_msg = Auth_OpenID_Message::fromOpenIDArgs(array( + 'mode' => 'checkid_setup', + 'ns' => Auth_OpenID_OPENID2_NS, + 'return_to' => 'http://example.com/realm', + 'ns.ax' => Auth_OpenID_AX_NS_URI, + 'ax.update_url' => 'http://example.com/realm/update_path', + 'ax.mode' => 'fetch_request', + )); + $openid_req = new Auth_OpenID_Request(); + $openid_req->message =& $openid_req_msg; + $fr = Auth_OpenID_AX_FetchRequest::fromOpenIDRequest($openid_req); + $this->assertFalse(Auth_OpenID_AX::isError($fr)); + } +} + +class FauxEndpoint { + function FauxEndpoint() { + $this->claimed_id = 'http://some.url/'; + } +} + +class FetchResponseTest extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->msg = new Auth_OpenID_AX_FetchResponse(); + $this->value_a = 'monkeys'; + $this->type_a = 'http://phone.home/'; + $this->alias_a = 'robocop'; + $this->request_update_url = 'http://update.bogus/'; + } + + function test_construct() + { + $this->assertTrue($this->msg->update_url === null); + $this->assertEquals(array(), $this->msg->data); + } + + function test_getExtensionArgs_empty() + { + $expected_args = array( + 'mode' => 'fetch_response', + ); + $req = null; + $this->assertEquals($expected_args, $this->msg->getExtensionArgs($req)); + } + + function test_getExtensionArgs_empty_request() + { + $expected_args = array( + 'mode' => 'fetch_response', + ); + $req = new Auth_OpenID_AX_FetchRequest(); + $this->assertEquals($expected_args, $this->msg->getExtensionArgs($req)); + } + + function test_getExtensionArgs_empty_request_some() + { + $uri = 'http://not.found/'; + $alias = 'ext0'; + + $expected_args = array( + 'mode' => 'fetch_response', + 'type.' . $alias => $uri, + 'count.' . $alias => '0' + ); + $req = new Auth_OpenID_AX_FetchRequest(); + $req->add(Auth_OpenID_AX_AttrInfo::make('http://not.found/')); + $this->assertEquals($expected_args, $this->msg->getExtensionArgs($req)); + } + + function test_updateUrlInResponse() + { + $uri = 'http://not.found/'; + $alias = 'ext0'; + + $expected_args = array( + 'mode' => 'fetch_response', + 'update_url' => $this->request_update_url, + 'type.' . $alias => $uri, + 'count.' . $alias => '0' + ); + $req = new Auth_OpenID_AX_FetchRequest($this->request_update_url); + $req->add(Auth_OpenID_AX_AttrInfo::make($uri)); + $this->assertEquals($expected_args, $this->msg->getExtensionArgs($req)); + } + + function test_getExtensionArgs_some_request() + { + $expected_args = array( + 'mode' => 'fetch_response', + 'type.' . $this->alias_a => $this->type_a, + 'value.' . $this->alias_a . '.1' => $this->value_a, + 'count.' . $this->alias_a => '1' + ); + + $req = new Auth_OpenID_AX_FetchRequest(); + $req->add(Auth_OpenID_AX_AttrInfo::make($this->type_a, 1, false, $this->alias_a)); + $this->msg->addValue($this->type_a, $this->value_a); + + $result = $this->msg->getExtensionArgs($req); + $this->assertEquals($expected_args, $result); + } + + function test_getExtensionArgs_some_not_request() + { + $req = new Auth_OpenID_AX_FetchRequest(); + $this->msg->addValue($this->type_a, $this->value_a); + $this->assertTrue(Auth_OpenID_AX::isError($this->msg->getExtensionArgs($req))); + } + + function test_getSingle_success() + { + $req = new Auth_OpenID_AX_FetchRequest(); + $this->msg->addValue($this->type_a, $this->value_a); + $this->assertEquals($this->value_a, $this->msg->getSingle($this->type_a)); + } + + function test_getSingle_none() + { + $this->assertEquals(null, $this->msg->getSingle($this->type_a)); + } + + function test_getSingle_extra() + { + $data = array('x', 'y'); + $this->msg->setValues($this->type_a, $data); + $this->assertTrue(Auth_OpenID_AX::isError($this->msg->getSingle($this->type_a))); + } + + function test_get() + { + $this->assertTrue(Auth_OpenID_AX::isError($this->msg->get($this->type_a))); + } + + function test_fromSuccessResponseWithoutExtension() + { + $args = array( + 'mode' => 'id_res', + 'ns' => Auth_OpenID_OPENID2_NS + ); + $sf = array(); + foreach (array_keys($args) as $k) { + array_push($sf, $k); + } + $msg = Auth_OpenID_Message::fromOpenIDArgs($args); + $e = new FauxEndpoint(); + $resp = new Auth_OpenID_SuccessResponse($e, $msg, $sf); + $ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($resp); + $this->assertTrue($ax_resp === null); + } + + function test_fromSuccessResponseWithoutData() + { + $args = array( + 'mode' => 'id_res', + 'ns' => Auth_OpenID_OPENID2_NS, + 'ns.ax' => Auth_OpenID_AX_NS_URI, + 'ax.mode' => 'fetch_response', + ); + $sf = array(); + foreach (array_keys($args) as $k) { + array_push($sf, $k); + } + $msg = Auth_OpenID_Message::fromOpenIDArgs($args); + $e = new FauxEndpoint(); + $resp = new Auth_OpenID_SuccessResponse($e, $msg, $sf); + $ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($resp); + $this->assertTrue($ax_resp === null); + } + + function test_fromSuccessResponse() + { + $name = "ziggy"; + $value = "stardust"; + $uri = "http://david.bowie.name/"; + $args = array( + 'mode' => 'id_res', + 'ns' => Auth_OpenID_OPENID2_NS, + 'ns.ax' => Auth_OpenID_AX_NS_URI, + 'ax.mode' => 'fetch_response', + 'ax.update_url' => 'http://example.com/realm/update_path', + 'ax.type.'.$name => $uri, + 'ax.count.'.$name => '1', + 'ax.value.'.$name.'.1' => $value, + ); + $sf = array(); + foreach (array_keys($args) as $k) { + array_push($sf, $k); + } + $msg = Auth_OpenID_Message::fromOpenIDArgs($args); + $e = new FauxEndpoint(); + $resp = new Auth_OpenID_SuccessResponse($e, $msg, $sf); + $ax_resp = Auth_OpenID_AX_FetchResponse::fromSuccessResponse($resp, false); + $this->assertFalse($ax_resp === null); + $this->assertTrue(is_a($ax_resp, 'Auth_OpenID_AX_FetchResponse')); + $values = $ax_resp->get($uri); + $this->assertEquals(array($value), $values); + } +} + +class StoreRequestTest extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->msg = new Auth_OpenID_AX_StoreRequest(); + $this->type_a = 'http://three.count/'; + $this->alias_a = 'juggling'; + } + + function test_construct() + { + $this->assertEquals(array(), $this->msg->data); + } + + function test_getExtensionArgs_empty() + { + $args = $this->msg->getExtensionArgs(); + $expected_args = array( + 'mode' => 'store_request', + ); + $this->assertEquals($expected_args, $args); + } + + function test_getExtensionArgs_nonempty() + { + $data = array('foo', 'bar'); + $this->msg->setValues($this->type_a, $data); + $aliases = new Auth_OpenID_NamespaceMap(); + $aliases->addAlias($this->type_a, $this->alias_a); + $args = $this->msg->getExtensionArgs($aliases); + $expected_args = array( + 'mode' => 'store_request', + 'type.' . $this->alias_a => $this->type_a, + 'count.' . $this->alias_a => '2', + sprintf('value.%s.1', $this->alias_a) => 'foo', + sprintf('value.%s.2', $this->alias_a) => 'bar', + ); + $this->assertEquals($expected_args, $args); + } +} + +class StoreResponseTest extends PHPUnit_Framework_TestCase { + function test_success() + { + $msg = new Auth_OpenID_AX_StoreResponse(); + $this->assertTrue($msg->succeeded()); + $this->assertFalse($msg->error_message); + $this->assertEquals(array('mode' => 'store_response_success'), + $msg->getExtensionArgs()); + } + + function test_fail_nomsg() + { + $msg = new Auth_OpenID_AX_StoreResponse(false); + $this->assertFalse($msg->succeeded()); + $this->assertFalse($msg->error_message); + $this->assertEquals(array('mode' => 'store_response_failure'), + $msg->getExtensionArgs()); + } + + function test_fail_msg() + { + $reason = 'no reason, really'; + $msg = new Auth_OpenID_AX_StoreResponse(false, $reason); + $this->assertFalse($msg->succeeded()); + $this->assertEquals($reason, $msg->error_message); + $this->assertEquals(array('mode' => 'store_response_failure', + 'error' => $reason), $msg->getExtensionArgs()); + } +} + +class Tests_Auth_OpenID_AX extends PHPUnit_Framework_TestSuite { + function getName() + { + return "Tests_Auth_OpenID_AX"; + } + + function Tests_Auth_OpenID_AX() + { + $this->addTestSuite('StoreResponseTest'); + $this->addTestSuite('StoreRequestTest'); + $this->addTestSuite('FetchResponseTest'); + $this->addTestSuite('FetchRequestTest'); + $this->addTestSuite('ParseAXValuesTest'); + $this->addTestSuite('ToTypeURIsTest'); + $this->addTestSuite('AttrInfoTest'); + $this->addTestSuite('AXMessageTest'); + } +} + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/Association.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/Association.php new file mode 100644 index 000000000..d65829682 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/Association.php @@ -0,0 +1,54 @@ +<?php + +/** + * Tests for the Association implementation. + * + * PHP versions 4 and 5 + * + * LICENSE: See the COPYING file included in this distribution. + * + * @package OpenID + * @author JanRain, Inc. <openid@janrain.com> + * @copyright 2005-2008 Janrain, Inc. + * @license http://www.apache.org/licenses/LICENSE-2.0 Apache + */ + +require_once 'Auth/OpenID/Association.php'; + +class Tests_Auth_OpenID_Association extends PHPUnit_Framework_TestCase { + function test_me() + { + $issued = time(); + $lifetime = 600; + $assoc = new Auth_OpenID_Association('handle', 'secret', $issued, + $lifetime, 'HMAC-SHA1'); + $s = $assoc->serialize(); + $assoc2 = Auth_OpenID_Association::deserialize( + 'Auth_OpenID_Association', $s); + + if ($assoc2 === null) { + $this->fail('deserialize returned null'); + } else { + $this->assertTrue($assoc2->equal($assoc)); + } + } + function test_me256() + { + if(!Auth_OpenID_HMACSHA256_SUPPORTED) return; + $issued = time(); + $lifetime = 600; + $assoc = new Auth_OpenID_Association('handle', 'secret', $issued, + $lifetime, 'HMAC-SHA256'); + $s = $assoc->serialize(); + $assoc2 = Auth_OpenID_Association::deserialize( + 'Auth_OpenID_Association', $s); + + if ($assoc2 === null) { + $this->fail('deserialize returned null'); + } else { + $this->assertTrue($assoc2->equal($assoc)); + } + } +} + + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/AssociationResponse.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/AssociationResponse.php new file mode 100644 index 000000000..6902f95a8 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/AssociationResponse.php @@ -0,0 +1,377 @@ +<?php + +require_once "Tests/Auth/OpenID/TestUtil.php"; +require_once "Tests/Auth/OpenID/MemStore.php"; + +require_once "Auth/OpenID/Message.php"; +require_once "Auth/OpenID/Server.php"; +require_once "Auth/OpenID/Consumer.php"; +require_once "Auth/OpenID/Association.php"; + +// Some values we can use for convenience (see mkAssocResponse) +global $association_response_values; +$association_response_values = array( + 'expires_in' => '1000', + 'assoc_handle' => 'a handle', + 'assoc_type' => 'a type', + 'session_type' => 'a session type', + 'ns' => Auth_OpenID_OPENID2_NS + ); + +/** + * Build an association response message that contains the specified + * subset of keys. The values come from association_response_values. + * + * This is useful for testing for missing keys and other times that we + * don't care what the values are. + */ +function mkAssocResponse($keys) +{ + global $association_response_values; + + $args = array(); + + foreach ($keys as $key) { + $args[$key] = $association_response_values[$key]; + } + + return Auth_OpenID_Message::fromOpenIDArgs($args); +} + +class Tests_Auth_OpenID_AssociationResponse extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->store = new Tests_Auth_OpenID_MemStore(); + $this->consumer = new Auth_OpenID_GenericConsumer($this->store); + $this->endpoint = new Auth_OpenID_ServiceEndpoint(); + } + + function failUnlessProtocolError($thing) + { + $this->assertTrue(Auth_OpenID::isFailure($thing)); + } + + function _run($keys) + { + $msg = mkAssocResponse($keys); + $dumb = null; + $this->assertTrue(Auth_OpenID::isFailure($this->consumer->_extractAssociation($msg, $dumb))); + } +} + +/** + * Test for returning an error upon missing fields in association + * responses for OpenID 2 + */ +class TestExtractAssociationMissingFieldsOpenID2 extends Tests_Auth_OpenID_AssociationResponse { + + function test_noFields_openid2() + { + $this->_run(array('ns')); + } + + function test_missingExpires_openid2() + { + $this->_run(array('assoc_handle', 'assoc_type', 'session_type', 'ns')); + } + + function test_missingHandle_openid2() + { + $this->_run(array('expires_in', 'assoc_type', 'session_type', 'ns')); + } + + function test_missingAssocType_openid2() + { + $this->_run(array('expires_in', 'assoc_handle', 'session_type', 'ns')); + } + + function test_missingSessionType_openid2() + { + $this->_run(array('expires_in', 'assoc_handle', 'assoc_type', 'ns')); + } +} + +/** + * Test for returning an error upon missing fields in association + * responses for OpenID 2 + */ +class TestExtractAssociationMissingFieldsOpenID1 extends Tests_Auth_OpenID_AssociationResponse { + function test_noFields_openid1() + { + $this->_run(array()); + } + + function test_missingExpires_openid1() + { + $this->_run(array('assoc_handle', 'assoc_type')); + } + + function test_missingHandle_openid1() + { + $this->_run(array('expires_in', 'assoc_type')); + } + + function test_missingAssocType_openid1() + { + $this->_run(array('expires_in', 'assoc_handle')); + } +} + +class DummyAssocationSession { + function DummyAssocationSession($session_type, $allowed_assoc_types=array()) + { + $this->session_type = $session_type; + $this->allowed_assoc_types = $allowed_assoc_types; + } +} + +class ExtractAssociationSessionTypeMismatch extends Tests_Auth_OpenID_AssociationResponse { + function _run($requested_session_type, $response_session_type, $openid1=false) + { + global $association_response_values; + + $assoc_session = new DummyAssocationSession($requested_session_type); + $keys = array_keys($association_response_values); + if ($openid1) { + if (in_array('ns', $keys)) { + unset($keys[array_search('ns', $keys)]); + } + } + + $msg = mkAssocResponse($keys); + $msg->setArg(Auth_OpenID_OPENID_NS, 'session_type', + $response_session_type); + $this->assertTrue( + $this->consumer->_extractAssociation($msg, $assoc_session) === null); + } + + function test_typeMismatchNoEncBlank_openid2() + { + $this->_run('no-encryption', ''); + } + + function test_typeMismatchDHSHA1NoEnc_openid2() + { + $this->_run('DH-SHA1', 'no-encryption'); + } + + function test_typeMismatchDHSHA256NoEnc_openid2() + { + $this->_run('DH-SHA256', 'no-encryption'); + } + + function test_typeMismatchNoEncDHSHA1_openid2() + { + $this->_run('no-encryption', 'DH-SHA1'); + } + + function test_typeMismatchDHSHA1NoEnc_openid1() + { + $this->_run('DH-SHA1', 'DH-SHA256', true); + } + + function test_typeMismatchDHSHA256NoEnc_openid1() + { + $this->_run('DH-SHA256', 'DH-SHA1', true); + } + + function test_typeMismatchNoEncDHSHA1_openid1() + { + $this->_run('no-encryption', 'DH-SHA1', true); + } +} + +class TestOpenID1AssociationResponseSessionType extends Tests_Auth_OpenID_AssociationResponse { + function _run($expected_session_type, $session_type_value) + { + // Create a Message with just 'session_type' in it, since + // that's all this function will use. 'session_type' may be + // absent if it's set to None. + $args = array(); + if ($session_type_value !== null) { + $args['session_type'] = $session_type_value; + } + $message = Auth_OpenID_Message::fromOpenIDArgs($args); + $this->assertTrue($message->isOpenID1()); + + $actual_session_type = $this->consumer->_getOpenID1SessionType($message); + $error_message = sprintf('Returned sesion type parameter %s was expected ' . + 'to yield session type %s, but yielded %s', + $session_type_value, $expected_session_type, + $actual_session_type); + $this->assertEquals( + $expected_session_type, + $actual_session_type, + $error_message); + } + + function test_none() + { + $this->_run('no-encryption', null); + } + + function test_empty() + { + $this->_run('no-encryption', ''); + } + + function test_explicitNoEncryption() + { + $this->_run('no-encryption', 'no-encryption'); + } + + function test_dhSHA1() + { + $this->_run('DH-SHA1', 'DH-SHA1'); + } + + // DH-SHA256 is not a valid session type for OpenID1, but this + // function does not test that. This is mostly just to make sure + // that it will pass-through stuff that is not explicitly handled, + // so it will get handled the same way as it is handled for OpenID + // 2 + function test_dhSHA256() + { + $this->_run('DH-SHA256', 'DH-SHA256'); + } +} + +class DummyAssociationSession { + var $secret = "shh! don't tell!"; + var $extract_secret_called = false; + var $session_type = null; + var $allowed_assoc_types = null; + + function extractSecret($message) + { + $this->extract_secret_called = true; + return $this->secret; + } +} + +class TestInvalidFields extends Tests_Auth_OpenID_AssociationResponse { + function setUp() + { + parent::setUp(); + $this->session_type = 'testing-session'; + + // This must something that works for Association.fromExpiresIn + $this->assoc_type = 'HMAC-SHA1'; + + $this->assoc_handle = 'testing-assoc-handle'; + + // These arguments should all be valid + $this->assoc_response = Auth_OpenID_Message::fromOpenIDArgs(array( + 'expires_in' => '1000', + 'assoc_handle' => $this->assoc_handle, + 'assoc_type' => $this->assoc_type, + 'session_type' => $this->session_type, + 'ns' => Auth_OpenID_OPENID2_NS, + )); + + $this->assoc_session = new DummyAssociationSession(); + + // Make the session for the response's session type + $this->assoc_session->session_type = $this->session_type; + $this->assoc_session->allowed_assoc_types = array($this->assoc_type); + } + + function test_worksWithGoodFields() + { + // Handle a full successful association response + $assoc = $this->consumer->_extractAssociation( + $this->assoc_response, $this->assoc_session); + $this->assertTrue($this->assoc_session->extract_secret_called); + $this->assertEquals($this->assoc_session->secret, $assoc->secret); + $this->assertEquals(1000, $assoc->lifetime); + $this->assertEquals($this->assoc_handle, $assoc->handle); + $this->assertEquals($this->assoc_type, $assoc->assoc_type); + } + + function test_badAssocType() + { + // Make sure that the assoc type in the response is not valid + // for the given session. + $this->assoc_session->allowed_assoc_types = array(); + $this->assertTrue( + $this->consumer->_extractAssociation($this->assoc_response, + $this->assoc_session) === null); + } + + function test_badExpiresIn() + { + // Invalid value for expires_in should cause failure + $this->assoc_response->setArg(Auth_OpenID_OPENID_NS, 'expires_in', 'forever'); + $assoc = $this->consumer->_extractAssociation($this->assoc_response, + $this->assoc_session); + $this->assertTrue(Auth_OpenID::isFailure($assoc)); + } +} + +class TestExtractAssociationDiffieHellman extends Tests_Auth_OpenID_AssociationResponse { + var $secret = 'xxxxxxxxxxxxxxxxxxxx'; + + function _setUpDH() + { + list($sess, $message) = $this->consumer->_createAssociateRequest( + $this->endpoint, 'HMAC-SHA1', 'DH-SHA1'); + + // XXX: this is testing _createAssociateRequest + $this->assertEquals($this->endpoint->compatibilityMode(), + $message->isOpenID1()); + + $server_sess = Auth_OpenID_DiffieHellmanSHA1ServerSession::fromMessage($message); + $server_resp = $server_sess->answer($this->secret); + $server_resp['assoc_type'] = 'HMAC-SHA1'; + $server_resp['assoc_handle'] = 'handle'; + $server_resp['expires_in'] = '1000'; + $server_resp['session_type'] = 'DH-SHA1'; + return array($sess, Auth_OpenID_Message::fromOpenIDArgs($server_resp)); + } + + function test_success() + { + list($sess, $server_resp) = $this->_setUpDH(); + $ret = $this->consumer->_extractAssociation($server_resp, $sess); + $this->assertTrue($ret !== null); + $this->assertEquals($ret->assoc_type, 'HMAC-SHA1'); + $this->assertEquals($ret->secret, $this->secret); + $this->assertEquals($ret->handle, 'handle'); + $this->assertEquals($ret->lifetime, 1000); + } + + function test_openid2success() + { + // Use openid 2 type in endpoint so _setUpDH checks + // compatibility mode state properly + $this->endpoint->type_uris = array(Auth_OpenID_TYPE_2_0, + Auth_OpenID_TYPE_1_1); + $this->test_success(); + } + + /** + * Can't run this test because the base64 decoder is broken. + */ + /* + function test_badDHValues() + { + list($sess, $server_resp) = $this->_setUpDH(); + $server_resp->setArg(Auth_OpenID_OPENID_NS, 'enc_mac_key', "\x00\x00\x00"); + $this->assertTrue($this->consumer->_extractAssociation($server_resp, $sess) === null); + } + */ +} + +global $Tests_Auth_OpenID_AssociationResponse_other; +$Tests_Auth_OpenID_AssociationResponse_other = array( + new TestInvalidFields(), + new TestOpenID1AssociationResponseSessionType(), + new ExtractAssociationSessionTypeMismatch(), + new TestExtractAssociationMissingFieldsOpenID1(), + new TestExtractAssociationMissingFieldsOpenID2() + ); + +if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) { + $Tests_Auth_OpenID_AssociationResponse_other[] = new TestExtractAssociationDiffieHellman(); +} + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/AuthRequest.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/AuthRequest.php new file mode 100644 index 000000000..02ab75dd7 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/AuthRequest.php @@ -0,0 +1,299 @@ +<?php + +require_once 'Tests/Auth/OpenID/TestUtil.php'; + +require_once 'Auth/OpenID/Association.php'; +require_once 'Auth/OpenID/Consumer.php'; + +class AuthRequest_DummyEndpoint { + var $preferred_namespace = null; + var $local_id = null; + var $server_url = null; + var $is_op_identifier = false; + + function preferredNamespace() + { + return $this->preferred_namespace; + } + + function getLocalID() + { + return $this->local_id; + } + + function isOPIdentifier() + { + return $this->is_op_identifier; + } +} + +class AuthRequest_DummyAssoc { + var $handle = "assoc-handle"; +} + +/** + * Base for AuthRequest tests for OpenID 1 and 2. + */ +class TestAuthRequestMixin extends OpenIDTestMixin { + + var $preferred_namespace = null; + var $immediate = false; + var $expected_mode = 'checkid_setup'; + + function setUp() + { + $this->endpoint = new AuthRequest_DummyEndpoint(); + $this->endpoint->local_id = 'http://server.unittest/joe'; + $this->endpoint->claimed_id = 'http://joe.vanity.example/'; + $this->endpoint->server_url = 'http://server.unittest/'; + $this->endpoint->preferred_namespace = $this->preferred_namespace; + $this->realm = 'http://example/'; + $this->return_to = 'http://example/return/'; + $this->assoc = new AuthRequest_DummyAssoc(); + $this->authreq = new Auth_OpenID_AuthRequest($this->endpoint, $this->assoc); + } + + function failUnlessAnonymous($msg) + { + foreach (array('claimed_id', 'identity') as $key) { + $this->failIfOpenIDKeyExists($msg, $key); + } + } + + function failUnlessHasRequiredFields($msg) + { + $this->assertEquals($this->preferred_namespace, + $this->authreq->message->getOpenIDNamespace()); + + $this->assertEquals($this->preferred_namespace, + $msg->getOpenIDNamespace()); + + $this->failUnlessOpenIDValueEquals($msg, 'mode', + $this->expected_mode); + + // Implement these in subclasses because they depend on + // protocol differences! + $this->failUnlessHasRealm($msg); + $this->failUnlessIdentifiersPresent($msg); + } + + // TESTS + + function test_checkNoAssocHandle() + { + $this->authreq->assoc = null; + $msg = $this->authreq->getMessage($this->realm, $this->return_to, + $this->immediate); + + $this->failIfOpenIDKeyExists($msg, 'assoc_handle'); + } + + function test_checkWithAssocHandle() + { + $msg = $this->authreq->getMessage($this->realm, $this->return_to, + $this->immediate); + + $this->failUnlessOpenIDValueEquals($msg, 'assoc_handle', + $this->assoc->handle); + } + + function test_addExtensionArg() + { + $this->authreq->addExtensionArg('bag:', 'color', 'brown'); + $this->authreq->addExtensionArg('bag:', 'material', 'paper'); + $this->assertTrue($this->authreq->message->namespaces->contains('bag:')); + $this->assertEquals($this->authreq->message->getArgs('bag:'), + array('color' => 'brown', + 'material' => 'paper')); + $msg = $this->authreq->getMessage($this->realm, $this->return_to, + $this->immediate); + + // XXX: this depends on the way that Message assigns + // namespaces. Really it doesn't care that it has alias "0", + // but that is tested anyway + $post_args = $msg->toPostArgs(); + $this->assertEquals('brown', $post_args['openid.ext0.color']); + $this->assertEquals('paper', $post_args['openid.ext0.material']); + } + + function test_standard() + { + $msg = $this->authreq->getMessage($this->realm, $this->return_to, + $this->immediate); + + $this->failUnlessHasIdentifiers( + $msg, $this->endpoint->local_id, + $this->endpoint->claimed_id); + } +} + +class TestAuthRequestOpenID2 extends TestAuthRequestMixin { + var $preferred_namespace = Auth_OpenID_OPENID2_NS; + + function failUnlessHasRealm($msg) + { + // check presence of proper realm key and absence of the wrong + // one. + $this->failUnlessOpenIDValueEquals($msg, 'realm', $this->realm); + $this->failIfOpenIDKeyExists($msg, 'trust_root'); + } + + function failUnlessIdentifiersPresent($msg) + { + $identity_present = $msg->hasKey(Auth_OpenID_OPENID_NS, 'identity'); + $claimed_present = $msg->hasKey(Auth_OpenID_OPENID_NS, 'claimed_id'); + + $this->assertEquals($claimed_present, $identity_present); + } + + function failUnlessHasIdentifiers($msg, $op_specific_id, $claimed_id) + { + $this->failUnlessOpenIDValueEquals($msg, 'identity', $op_specific_id); + $this->failUnlessOpenIDValueEquals($msg, 'claimed_id', $claimed_id); + } + + // TESTS + + function test_markup_checkidImmediate() + { + $result = $this->authreq->formMarkup($this->realm, + null, true); + $this->assertTrue(Auth_OpenID::isFailure($result)); + } + + function test_markup_returnToArgs() + { + $this->authreq->return_to_args = array('extra' => 'args'); + $result = $this->authreq->formMarkup($this->realm, + null, false); + $this->assertTrue(Auth_OpenID::isFailure($result)); + } + + function test_setAnonymousWorksForOpenID2() + { + // OpenID AuthRequests should be able to set 'anonymous' to true. + $this->assertTrue($this->authreq->message->isOpenID2()); + $this->assertTrue($this->authreq->setAnonymous(true)); + $this->assertTrue($this->authreq->setAnonymous(false)); + } + + function test_userAnonymousIgnoresIdentfier() + { + $this->authreq->setAnonymous(true); + $msg = $this->authreq->getMessage($this->realm, $this->return_to, + $this->immediate); + $this->failUnlessHasRequiredFields($msg); + $this->failUnlessAnonymous($msg); + } + + function test_opAnonymousIgnoresIdentifier() + { + $this->endpoint->is_op_identifier = true; + $this->authreq->setAnonymous(true); + $msg = $this->authreq->getMessage($this->realm, $this->return_to, + $this->immediate); + $this->failUnlessHasRequiredFields($msg); + $this->failUnlessAnonymous($msg); + } + + function test_opIdentifierSendsIdentifierSelect() + { + $this->endpoint->is_op_identifier = true; + $msg = $this->authreq->getMessage($this->realm, $this->return_to, + $this->immediate); + $this->failUnlessHasRequiredFields($msg); + $this->failUnlessHasIdentifiers($msg, + Auth_OpenID_IDENTIFIER_SELECT, + Auth_OpenID_IDENTIFIER_SELECT); + } +} + +class TestAuthRequestOpenID1 extends TestAuthRequestMixin { + var $preferred_namespace = Auth_OpenID_OPENID1_NS; + + function setUpEndpoint() + { + parent::setUpEndpoint(); + $this->endpoint->preferred_namespace = Auth_OpenID_OPENID1_NS; + } + + function failUnlessHasIdentifiers($msg, $op_specific_id, $claimed_id) + { + // Make sure claimed_is is *absent* in request. + $this->failUnlessOpenIDValueEquals($msg, 'identity', $op_specific_id); + $this->failIfOpenIDKeyExists($msg, 'claimed_id'); + } + + function failUnlessIdentifiersPresent($msg) + { + $this->failIfOpenIDKeyExists($msg, 'claimed_id'); + $this->assertTrue($msg->hasKey(Auth_OpenID_OPENID_NS, 'identity')); + } + + function failUnlessHasRealm($msg) + { + // check presence of proper realm key and absence of the wrong + // one. + $this->failUnlessOpenIDValueEquals($msg, 'trust_root', $this->realm); + $this->failIfOpenIDKeyExists($msg, 'realm'); + } + + // TESTS + + function test_markup_missingReturnTo() + { + $result = $this->authreq->formMarkup($this->realm, + null, false); + $this->assertTrue(Auth_OpenID::isFailure($result)); + } + + function test_setAnonymousFailsForOpenID1() + { + // OpenID 1 requests MUST NOT be able to set anonymous to True + $this->assertTrue($this->authreq->message->isOpenID1()); + $this->assertFalse($this->authreq->setAnonymous(true)); + $this->assertTrue($this->authreq->setAnonymous(false)); + } + + function test_identifierSelect() + { + // Identfier select SHOULD NOT be sent, but this pathway is in + // here in case some special discovery stuff is done to + // trigger it with OpenID 1. If it is triggered, it will send + // identifier_select just like OpenID 2. + $this->endpoint->is_op_identifier = true; + $msg = $this->authreq->getMessage($this->realm, $this->return_to, + $this->immediate); + $this->failUnlessHasRequiredFields($msg); + $this->assertEquals(Auth_OpenID_IDENTIFIER_SELECT, + $msg->getArg(Auth_OpenID_OPENID1_NS, + 'identity')); + } +} + +class TestAuthRequestOpenID1Immediate extends TestAuthRequestOpenID1 { + var $immediate = true; + var $expected_mode = 'checkid_immediate'; +} + +class TestAuthRequestOpenID2Immediate extends TestAuthRequestOpenID2 { + var $immediate = true; + var $expected_mode = 'checkid_immediate'; +} + +class Tests_Auth_OpenID_AuthRequest extends PHPUnit_Framework_TestSuite { + + function getName() + { + return "Tests_Auth_OpenID_AuthRequest"; + } + + function Tests_Auth_OpenID_AuthRequest() + { + $this->addTestSuite('TestAuthRequestOpenID1'); + $this->addTestSuite('TestAuthRequestOpenID1Immediate'); + $this->addTestSuite('TestAuthRequestOpenID2'); + $this->addTestSuite('TestAuthRequestOpenID2Immediate'); + } +} + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/BigMath.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/BigMath.php new file mode 100644 index 000000000..acab4d918 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/BigMath.php @@ -0,0 +1,234 @@ +<?php + +/** + * Tests for the BigMath functions. + * + * PHP versions 4 and 5 + * + * LICENSE: See the COPYING file included in this distribution. + * + * @package OpenID + * @author JanRain, Inc. <openid@janrain.com> + * @copyright 2005-2008 Janrain, Inc. + * @license http://www.apache.org/licenses/LICENSE-2.0 Apache + */ + +require_once 'Auth/OpenID/BigMath.php'; +require_once 'Tests/Auth/OpenID/TestUtil.php'; + +class Tests_Auth_OpenID_BinLongConvertRnd extends PHPUnit_Framework_TestCase { + var $lib; + var $max; + + function Tests_Auth_OpenID_BinLongConvertRnd($lib, $max) + { + $this->lib =& $lib; + $this->max = $max; + } + + function runTest() + { + $n = $this->lib->init(0); + foreach (range(0, 9) as $i) { + $rnd = $this->lib->rand($this->max); + $n = $this->lib->add($n, $rnd); + } + $s = $this->lib->longToBinary($n); + $this->assertTrue(is_string($s)); + $n_prime = $this->lib->binaryToLong($s); + $this->assertEquals($this->lib->cmp($n, $n_prime), 0); + } +} + +class Tests_Auth_OpenID_BinLongConvert extends PHPUnit_Framework_TestCase { + var $lib; + var $bin; + var $lng; + + function Tests_Auth_OpenID_BinLongConvert($lib, $bin, $lng) + { + $this->lib =& $lib; + $this->bin = $bin; + $this->lng = $lng; + } + + function runTest() + { + $n_prime = $this->lib->binaryToLong($this->bin); + $s_prime = $this->lib->longToBinary($this->lng); + $this->assertEquals($this->lib->cmp($this->lng, $n_prime), 0); + $this->assertTrue($this->bin == $s_prime); + } +} + +class Tests_Auth_OpenID_Base64ToLong extends PHPUnit_Framework_TestCase { + var $num; + var $b64; + var $lib; + + function Tests_Auth_OpenID_Base64ToLong($lib, $b64, $num) + { + $this->lib = $lib; + $this->b64 = $b64; + $this->num = $num; + } + + function runTest() + { + $actual = $this->lib->base64ToLong($this->b64); + $this->assertTrue($this->lib->cmp($this->num, $actual) == 0); + } +} + +class Tests_Auth_OpenID_LongToBase64 extends Tests_Auth_OpenID_Base64ToLong { + function Tests_Auth_OpenID_LongToBase64($lib, $b64, $num) + { + $this->lib = $lib; + $this->b64 = $b64; + $this->num = $num; + } + + function runTest() + { + $actual = $this->lib->longToBase64($this->num); + $this->assertEquals($this->b64, $actual); + } +} + +class Tests_Auth_OpenID_Rand extends PHPUnit_Framework_TestCase { + function Tests_Auth_OpenID_Rand($lib) + { + $this->lib =& $lib; + } + + function runTest() + { + $stop = $this->lib->pow(2, 128); + $a = $this->lib->rand($stop); + $b = $this->lib->rand($stop); + + $this->assertFalse($this->lib->cmp($b, $a) == 0, "Same: $a $b"); + + $n = $this->lib->init(Tests_Auth_OpenID_maxint()); + $n = $this->lib->add($n, 1); + + // Make sure that we can generate random numbers that are + // larger than platform int size + $result = $this->lib->rand($n); + + // What can we say about the result? + } +} + +/** + * Computes the maximum integer value for this PHP installation. + * + * @return int $max_int_value The maximum integer value for this + * PHP installation + */ +function Tests_Auth_OpenID_maxint() +{ + /* assumes largest integer is of form 2^n - 1 */ + $to_test = pow(2, 16); + while (1) { + $last = $to_test; + $to_test = 2 * $to_test; + if (($to_test < $last) || (!is_int($to_test))) { + return($last + ($last - 1)); + } + } +} + + +class Tests_Auth_OpenID_BigMath extends PHPUnit_Framework_TestSuite { + function _parseBase64Data() + { + $lines = Tests_Auth_OpenID_readlines('n2b64'); + + $data = array(); + foreach ($lines as $line) { + $line = trim($line); + if (!$line) { + continue; + } + list($b64, $ascii) = explode(' ', $line); + $data[$b64] = $ascii; + } + return $data; + } + + function _addB64Tests() + { + $lib = Auth_OpenID_getMathLib(); + $count = defined('Tests_Auth_OpenID_thorough') ? -1 : 2; + $data = $this->_parseBase64Data(); + foreach ($data as $b64 => $num_s) { + // Only test the first few unless thorough is defined + if (strlen($num_s) > 5) { + if ($count == 0) { + break; + } else { + $count -= 1; + } + } + $num = $lib->init($num_s); + $test = new Tests_Auth_OpenID_Base64ToLong($lib, $b64, $num); + $test->setName("B64->Long $num_s"); + $this->addTest($test); + + $test = new Tests_Auth_OpenID_LongToBase64($lib, $b64, $num); + $test->setName("Long->B64 $num_s"); + $this->addTest($test); + } + } + + function _addBinLongTests() + { + $lib =& Auth_OpenID_getMathLib(); + $max = Tests_Auth_OpenID_maxint(); + $upper = defined('Tests_Auth_OpenID_thorough') ? 499 : 3; + + foreach (range(0, $upper) as $iteration) { + $test = new Tests_Auth_OpenID_BinLongConvertRnd($lib, $max); + $test->setName("BinLongConvertRnd " . strval($iteration)); + $this->addTest($test); + } + + $cases = array( + array("\x00", 0), + array("\x01", 1), + array("\x7F", 127), + array("\x00\x80", 128), + array("\x00\x81", 129), + array("\x00\xFF", 255), + array("\x00\x80\x00", 32768), + array("OpenID is cool", + "1611215304203901150134421257416556") + ); + + foreach ($cases as $case) { + list($bin, $lng_m) = $case; + $lng = $lib->init($lng_m); + $test = new Tests_Auth_OpenID_BinLongConvert($lib, $bin, $lng); + $test->setName('BinLongConvert ' . bin2hex($bin)); + $this->addTest($test); + } + + } + + function Tests_Auth_OpenID_BigMath($name) + { + $this->setName($name); + + if (defined('Auth_OpenID_NO_MATH_SUPPORT')) { + return; + } + + $this->_addB64Tests(); + $this->_addBinLongTests(); + $test = new Tests_Auth_OpenID_Rand(Auth_OpenID_getMathLib()); + $test->setName('Big number rand'); + $this->addTest($test); + } +} + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/Consumer.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/Consumer.php new file mode 100644 index 000000000..761f9f2a6 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/Consumer.php @@ -0,0 +1,2553 @@ +<?php + +/** + * Tests for the OpenID consumer. + * + * PHP versions 4 and 5 + * + * LICENSE: See the COPYING file included in this distribution. + * + * @package OpenID + * @author JanRain, Inc. <openid@janrain.com> + * @copyright 2005-2008 Janrain, Inc. + * @license http://www.apache.org/licenses/LICENSE-2.0 Apache + */ + +require_once 'Auth/OpenID/CryptUtil.php'; +require_once 'Auth/Yadis/HTTPFetcher.php'; +require_once 'Auth/OpenID/DiffieHellman.php'; +require_once 'Auth/OpenID/FileStore.php'; +require_once 'Auth/OpenID/KVForm.php'; +require_once 'Auth/OpenID/Consumer.php'; +require_once 'Auth/OpenID/Server.php'; +require_once 'Auth/OpenID/Nonce.php'; +require_once 'Auth/OpenID/SReg.php'; +require_once 'Auth/OpenID/Message.php'; +require_once 'Tests/Auth/OpenID/MemStore.php'; + +/* + * Convenience function to create a SuccessResponse with the given + * arguments, all signed. + */ +function mkSuccess($endpoint, $q) +{ + $signed_list = array(); + foreach (array_keys($q) as $k) { + $signed_list[] = 'openid.' . $k; + } + return new Auth_OpenID_SuccessResponse($endpoint, + Auth_OpenID_Message::fromOpenIDArgs($q), + $signed_list); +} + +class FastConsumerSession extends Auth_OpenID_DiffieHellmanSHA1ConsumerSession { + function FastConsumerSession($dh = null) + { + if ($dh === null) { + $dh = new Auth_OpenID_DiffieHellman(100389557, 2); + } + + $this->dh = $dh; + } +} + +function setConsumerSession($con) +{ + $con->session_types = array('DH-SHA1' => 'FastConsumerSession'); +} + +global $_Auth_OpenID_assocs; +$_Auth_OpenID_assocs = array( + array('another 20-byte key.', 'Snarky'), + array(str_repeat("\x00", 20), 'Zeros'), + ); + +function Auth_OpenID_parse($qs) +{ + $result = array(); + $parts = explode("&", $qs); + foreach ($parts as $pair) { + list($key, $value) = explode("=", $pair, 2); + assert(!array_key_exists($key, $result)); + $result[urldecode($key)] = urldecode($value); + } + return $result; +} + +function Auth_OpenID_associate($qs, $assoc_secret, $assoc_handle) +{ + $query_data = Auth_OpenID_parse($qs); + + assert($query_data['openid.mode'] == 'associate'); + assert($query_data['openid.assoc_type'] == 'HMAC-SHA1'); + + $reply_dict = array( + 'assoc_type' => 'HMAC-SHA1', + 'assoc_handle' => $assoc_handle, + 'expires_in' => '600', + ); + + if (defined('Auth_OpenID_NO_MATH_SUPPORT')) { + assert(count($query_data) == 2); + $message = Auth_OpenID_Message::fromPostArgs($query_data); + $session = Auth_OpenID_PlainTextServerSession::fromMessage($message); + } else { + assert((count($query_data) == 6) || (count($query_data) == 4)); + assert($query_data['openid.mode'] == 'associate'); + assert($query_data['openid.session_type'] == 'DH-SHA1'); + + $message = Auth_OpenID_Message::fromPostArgs($query_data); + + $session = Auth_OpenID_DiffieHellmanSHA1ServerSession::fromMessage($message); + $reply_dict['session_type'] = 'DH-SHA1'; + + } + + $reply_dict = array_merge($reply_dict, $session->answer($assoc_secret)); + return Auth_OpenID_KVForm::fromArray($reply_dict); +} + +class Auth_OpenID_TestFetcher extends Auth_Yadis_HTTPFetcher { + function Auth_OpenID_TestFetcher($user_url, $user_page, + $assoc_secret, $assoc_handle) + { + $this->get_responses = array($user_url => + new Auth_Yadis_HTTPResponse($user_url, + 200, + array(), + $user_page)); + $this->assoc_secret = $assoc_secret; + $this->assoc_handle = $assoc_handle; + $this->num_assocs = 0; + } + + function response($url, $body) + { + if ($body === null) { + return new Auth_Yadis_HTTPResponse($url, 404, array(), 'Not found'); + } else { + return new Auth_Yadis_HTTPResponse($url, 200, array(), $body); + } + } + + function get($url) + { + if (array_key_exists($url, $this->get_responses)) { + return $this->get_responses[$url]; + } else { + return $this->response($url, null); + } + } + + function _checkAuth($url, $body) + { + $query_data = Auth_OpenID_parse($body); + $expected = array( + 'openid.mode' => 'check_authentication', + 'openid.signed' => 'assoc_handle,sig,signed', + 'openid.sig' => 'fake', + 'openid.assoc_handle' => $this->assoc_handle, + ); + + if ($query_data == $expected) { + return new Auth_Yadis_HTTPResponse($url, 200, array(), "is_valid:true\n"); + } else { + return new Auth_Yadis_HTTPResponse($url, 400, array(), + "error:bad check_authentication query\n"); + } + } + + function post($url, $body) + { + if (strpos($body, 'openid.mode=associate') !== false) { + $response = Auth_OpenID_associate($body, $this->assoc_secret, + $this->assoc_handle); + $this->num_assocs++; + return $this->response($url, $response); + } elseif (strpos($body, 'openid.mode=check_authentication') !== false) { + return $this->_checkAuth($url, $body); + } + + return $this->response($url, null); + } +} + +global $_Auth_OpenID_user_page_pat; +$_Auth_OpenID_user_page_pat = "<html> + <head> + <title>A user page</title> + %s + </head> + <body> + blah blah + </body> +</html>"; + +global $_Auth_OpenID_server_url; +$_Auth_OpenID_server_url = "http://server.example.com/"; + +global $_Auth_OpenID_consumer_url; +$_Auth_OpenID_consumer_url = "http://consumer.example.com/"; + +class Tests_Auth_OpenID_Consumer extends PHPUnit_Framework_TestCase { + + function _run($consumer, $user_url, $mode, $delegate_url, + $fetcher, $store, $immediate) + { + global $_Auth_OpenID_consumer_url, + $_Auth_OpenID_server_url; + + if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) { + setConsumerSession($consumer); + } + + $endpoint = new Auth_OpenID_ServiceEndpoint(); + $endpoint->claimed_id = $user_url; + $endpoint->server_url = $_Auth_OpenID_server_url; + $endpoint->local_id = $delegate_url; + $endpoint->type_uris = array(Auth_OpenID_TYPE_1_1); + + $result = $consumer->begin($endpoint); + + $return_to = $_Auth_OpenID_consumer_url; + $trust_root = $_Auth_OpenID_consumer_url; + $redirect_url = $result->redirectURL($trust_root, $return_to, + $immediate); + + $parsed = parse_url($redirect_url); + $qs = $parsed['query']; + $q = Auth_OpenID_parse($qs); + $new_return_to = $q['openid.return_to']; + unset($q['openid.return_to']); + + $expected = array( + 'openid.mode' => $mode, + 'openid.identity' => $delegate_url, + 'openid.trust_root' => $trust_root, + ); + + if ($consumer->_use_assocs) { + $expected['openid.assoc_handle'] = $fetcher->assoc_handle; + } + + $this->assertEquals($expected, $q); + $this->assertEquals(0, strpos($redirect_url, $_Auth_OpenID_server_url)); + $this->assertEquals(0, strpos($new_return_to, $return_to)); + + $parsed = parse_url($new_return_to); + $query = Auth_OpenID_parse($parsed['query']); + + $query = array_merge($query, array( + 'openid.mode'=> 'id_res', + 'openid.return_to'=> $new_return_to, + 'openid.identity'=> $delegate_url, + 'openid.assoc_handle'=> $fetcher->assoc_handle, + )); + + if (!$consumer->_use_assocs) { + $query['openid.signed'] = + 'assoc_handle,mode,signed,identity'; + $query['openid.assoc_handle'] = $fetcher->assoc_handle; + $query['openid.sig'] = 'fake'; + } + + $message = Auth_OpenID_Message::fromPostArgs($query); + + if ($consumer->_use_assocs) { + $assoc = $store->getAssociation($_Auth_OpenID_server_url, + $fetcher->assoc_handle); + $message = $assoc->signMessage($message); + } + + $result = $consumer->complete($message, $result->endpoint, $new_return_to); + + $this->assertEquals(Auth_OpenID_SUCCESS, $result->status); + $this->assertEquals($result->identity_url, $user_url); + } + + function _test_success($user_url, $delegate_url, $links, $immediate = false) + { + global $_Auth_OpenID_filestore_base_dir, + $_Auth_OpenID_server_url, + $_Auth_OpenID_user_page_pat, + $_Auth_OpenID_assocs; + + $store = new Tests_Auth_OpenID_MemStore(); + + if ($immediate) { + $mode = 'checkid_immediate'; + } else { + $mode = 'checkid_setup'; + } + + $user_page = sprintf($_Auth_OpenID_user_page_pat, $links); + $fetcher = new Auth_OpenID_TestFetcher($user_url, $user_page, + $_Auth_OpenID_assocs[0][0], + $_Auth_OpenID_assocs[0][1]); + + $consumer = new Auth_OpenID_GenericConsumer($store); + $consumer->fetcher =& $fetcher; + + $expected_num_assocs = 0; + $this->assertEquals($expected_num_assocs, $fetcher->num_assocs); + $this->_run($consumer, $user_url, $mode, $delegate_url, + $fetcher, $store, $immediate); + + if ($consumer->_use_assocs) { + $expected_num_assocs += 1; + } + + $this->assertEquals($expected_num_assocs, $fetcher->num_assocs); + + // Test that doing it again uses the existing association + $this->_run($consumer, $user_url, $mode, $delegate_url, + $fetcher, $store, $immediate); + + $this->assertEquals($expected_num_assocs, $fetcher->num_assocs); + + // Another association is created if we remove the existing one + $store->removeAssociation($_Auth_OpenID_server_url, + $fetcher->assoc_handle); + + $this->_run($consumer, $user_url, $mode, $delegate_url, + $fetcher, $store, $immediate); + + if ($consumer->_use_assocs) { + $expected_num_assocs += 1; + } + + $this->assertEquals($expected_num_assocs, $fetcher->num_assocs); + + // Test that doing it again uses the existing association + $this->_run($consumer, $user_url, $mode, $delegate_url, + $fetcher, $store, $immediate); + + $this->assertEquals($expected_num_assocs, $fetcher->num_assocs); + } + + function test_success() + { + global $_Auth_OpenID_server_url; + + $user_url = 'http://www.example.com/user.html'; + $links = sprintf('<link rel="openid.server" href="%s" />', + $_Auth_OpenID_server_url); + + $delegate_url = 'http://consumer.example.com/user'; + $delegate_links = sprintf('<link rel="openid.server" href="%s" />'. + '<link rel="openid.delegate" href="%s" />', + $_Auth_OpenID_server_url, $delegate_url); + + $this->_test_success($user_url, $user_url, $links); + $this->_test_success($user_url, $user_url, $links, true); + $this->_test_success($user_url, $delegate_url, $delegate_links); + $this->_test_success($user_url, $delegate_url, $delegate_links, true); + } +} + +class ConfigurableConsumer extends Auth_OpenID_GenericConsumer { + var $return_to_check_disabled = false; + + function disableReturnToChecking() { + $this->return_to_check_disabled = true; + } + + function complete($message, $endpoint, $return_to) { + if ($this->return_to_check_disabled) { + $return_to = null; + } + + return parent::complete($message, $endpoint, $return_to); + } + + function _checkReturnTo($unused, $unused2) { + if ($this->return_to_check_disabled) { + return true; + } else { + return parent::_checkReturnTo($unused, $unused2); + } + } +} + +class _TestIdRes extends PHPUnit_Framework_TestCase { + var $consumer_class = 'ConfigurableConsumer'; + + function setUp() + { + $this->store = new Tests_Auth_OpenID_MemStore(); + $cl = $this->consumer_class; + $this->consumer = new $cl($this->store); + $this->return_to = "http://some.host/path"; + $this->endpoint = new Auth_OpenID_ServiceEndpoint(); + + $this->server_id = "sirod"; + $this->server_url = "serlie"; + $this->consumer_id = "consu"; + + $this->endpoint->claimed_id = $this->consumer_id; + $this->endpoint->server_url = $this->server_url; + $this->endpoint->local_id = $this->server_id; + $this->endpoint->type_uris = array(Auth_OpenID_TYPE_1_1); + } +} + +class Tests_Auth_OpenID_Consumer_TestSetupNeeded extends _TestIdRes { + function failUnlessSetupNeeded($expected_setup_url, $message) + { + if ($this->consumer._checkSetupNeeded($message)) { + $this->assertEquals($expected_setup_url, + $message->getArg(Auth_OpenID_OPENID_NS, + 'user_setup_url')); + } else { + $this->fail("Expected to find an immediate-mode response"); + } + } + + function test_setupNeededOpenID1() + { + // The minimum conditions necessary to trigger Setup Needed + $setup_url = 'http://unittest/setup-here'; + $message = Auth_OpenID_Message::fromPostArgs(array( + 'opaenid.mode' => 'id_res', + 'openid.user_setup_url' => $setup_url + )); + $this->assertTrue($message->isOpenID1()); + $this->failUnlessSetupNeeded($setup_url, $message); + } + + function test_setupNeededOpenID1_extra() + { + // Extra stuff along with setup_url still trigger Setup Needed + $setup_url = 'http://unittest/setup-here'; + $message = Auth_OpenID_Message::fromPostArgs(array( + 'openid.mode' => 'id_res', + 'openid.user_setup_url' => $setup_url, + 'openid.identity' => 'bogus' + )); + $this->assertTrue($message->isOpenID1()); + $this->failUnlessSetupNeeded($setup_url, $message); + } + + function test_noSetupNeededOpenID1() + { + // When the user_setup_url is missing on an OpenID 1 message, + // we assume that it's not a cancel response to + // checkid_immediate + $message = Auth_OpenID_Message::fromOpenIDArgs(array('mode' => 'id_res')); + $this->assertTrue($message->isOpenID1()); + + // No SetupNeededError raised + $this->consumer->_checkSetupNeeded($message); + } + + function test_setupNeededOpenID2() + { + $message = Auth_OpenID_Message::fromOpenIDArgs(array( + 'mode' => 'setup_needed', + 'ns' => Auth_OpenID_OPENID2_NS + )); + $this->assertTrue($message->isOpenID2()); + $response = $this->consumer->complete($message, null, null); + $this->assertEquals('setup_needed', $response->status); + $this->assertEquals(null, $response->setup_url); + } + + function test_setupNeededDoesntWorkForOpenID1() + { + $message = Auth_OpenID_Message::fromOpenIDArgs(array( + 'mode' => 'setup_needed')); + + $this->assertFalse($this->consumer._checkSetupNeeded($message)); + + $response = $this->consumer->complete($message, null, null); + $this->assertEquals('failure', $response->status); + $this->assertTrue(strpos($response->message, 'Invalid openid.mode') === 0); + } + + function test_noSetupNeededOpenID2() + { + $message = Auth_OpenID_Message::fromOpenIDArgs(array( + 'mode' => 'id_res', + 'game' => 'puerto_rico', + 'ns' => Auth_OpenID_OPENID2_NS + )); + $this->assertTrue($message->isOpenID2()); + + $this->assertFalse($this->consumer._checkSetupNeeded($message)); + } +} + +class IdResCheckForFieldsTest extends _TestIdRes { + function setUp() { + # Argh. + $v = null; + $this->consumer = new Auth_OpenID_GenericConsumer($v); + } + + function successTest($openid_args, $signed_list) { + $message = Auth_OpenID_Message::fromOpenIDArgs($openid_args); + $message->setArg(Auth_OpenID_OPENID_NS, 'signed', implode(',', $signed_list)); + $result = $this->consumer->_idResCheckForFields($message); + $this->assertFalse(Auth_OpenID::isFailure($result)); + } + + function test_openid1Success() { + $this->successTest( + array('return_to' =>'return', + 'assoc_handle' =>'assoc handle', + 'sig' =>'a signature', + 'identity' =>'someone', + ), + array('return_to', 'identity')); + } + + function test_openid2Success() { + $this->successTest( + array('ns' => Auth_OpenID_OPENID2_NS, + 'return_to' =>'return', + 'assoc_handle' =>'assoc handle', + 'sig' =>'a signature', + 'op_endpoint' =>'my favourite server', + 'response_nonce' =>'use only once', + ), + array('return_to', 'response_nonce', 'assoc_handle', 'op_endpoint')); + } + + function test_openid2Success_identifiers() { + $this->successTest( + array('ns' =>Auth_OpenID_OPENID2_NS, + 'return_to' =>'return', + 'assoc_handle' =>'assoc handle', + 'sig' =>'a signature', + 'claimed_id' =>'i claim to be me', + 'identity' =>'my server knows me as me', + 'op_endpoint' =>'my favourite server', + 'response_nonce' =>'use only once', + ), + array('return_to', 'response_nonce', 'identity', + 'claimed_id', 'assoc_handle', 'op_endpoint')); + } + + function endswith($str, $it) { + $it_len = strlen($it); + $total = strlen($str); + return (strpos($str, $it) === $total - $it_len); + } + + function missingFieldTest($openid_args) { + $message = Auth_OpenID_Message::fromOpenIDArgs($openid_args); + $result = $this->consumer->_idResCheckForFields($message); + $this->assertTrue(Auth_OpenID::isFailure($result)); + $this->assertTrue(strpos($result->message, 'Missing required') === 0); + } + + function missingSignedTest($openid_args) { + $message = Auth_OpenID_Message::fromOpenIDArgs($openid_args); + $result = $this->consumer->_idResCheckForFields($message); + $this->assertTrue(Auth_OpenID::isFailure($result)); + if (Auth_OpenID::isFailure($result)) { + $this->assertTrue($this->endswith($result->message, 'not signed'), + $result->message); + } + } + + function test_openid1Missing_returnToSig() { + $this->missingSignedTest( + array('return_to' =>'return', + 'assoc_handle' =>'assoc handle', + 'sig' =>'a signature', + 'identity' =>'someone', + 'signed' => 'identity,assoc_handle')); + } + + function test_openid2Missing_opEndpointSig() { + $this->missingSignedTest( + array('ns' => Auth_OpenID_OPENID2_NS, + 'return_to' =>'return', + 'assoc_handle' =>'assoc handle', + 'sig' =>'a signature', + 'identity' =>'someone', + 'op_endpoint' => 'the endpoint', + 'signed' => 'identity,return_to,assoc_handle')); + } + + function test_openid1Missing_identitySig() { + $this->missingSignedTest( + array('return_to' =>'return', + 'assoc_handle' =>'assoc handle', + 'sig' =>'a signature', + 'identity' =>'someone', + 'signed' => 'eturn_to')); + } + + function test_openid1MissingReturnTo() { + $this->missingFieldTest( + array('assoc_handle' =>'assoc handle', + 'sig' =>'a signature', + 'identity' =>'someone', + 'signed' => 'return_to,identity')); + } + + function test_openid1MissingAssocHandle() { + $this->missingFieldTest( + array('return_to' =>'return', + 'sig' =>'a signature', + 'identity' =>'someone', + 'signed' => 'return_to,identity' + )); + } +} + +define('E_CHECK_AUTH_HAPPENED', 'checkauth occurred'); +define('E_MOCK_FETCHER_EXCEPTION', 'mock fetcher exception'); +define('E_ASSERTION_ERROR', 'assertion error'); + +class _CheckAuthDetectingConsumer extends ConfigurableConsumer { + function _verifyDiscoveryResults($message, $endpoint) + { + return $endpoint; + } + + function _idResCheckNonce($message, $endpoint) + { + return true; + } + + function _checkAuth($query, $server_url) + { + __raiseError(E_CHECK_AUTH_HAPPENED); + } +} + +global $GOODSIG; +$GOODSIG = "[A Good Signature]"; + +class GoodAssociation { + var $expiresIn = 3600; + var $handle = "-blah-"; + + function getExpiresIn() + { + return $this->expiresIn; + } + + function checkMessageSignature($message) + { + global $GOODSIG; + return $message->getArg(Auth_OpenID_OPENID_NS, 'sig') == $GOODSIG; + } +} + +class GoodAssocStore extends Tests_Auth_OpenID_MemStore { + function getAssociation($server_url, $handle = null) + { + return new GoodAssociation(); + } +} + +class TestIdResCheckSignature extends _TestIdRes { + function setUp() + { + global $GOODSIG; + + parent::setUp(); + $this->assoc = new GoodAssociation(); + $this->assoc->handle = "{not_dumb}"; + $this->store->storeAssociation($this->endpoint->server_url, $this->assoc); + + $this->message = Auth_OpenID_Message::fromPostArgs(array( + 'openid.mode'=> 'id_res', + 'openid.identity'=> '=example', + 'openid.sig'=> $GOODSIG, + 'openid.assoc_handle'=> $this->assoc->handle, + 'openid.signed'=> 'mode,identity,assoc_handle,signed', + 'frobboz'=> 'banzit')); + } + + function test_sign() + { + // assoc_handle to assoc with good sig + $this->consumer->_idResCheckSignature($this->message, + $this->endpoint->server_url); + } + + function test_signFailsWithBadSig() + { + $this->message.setArg(Auth_OpenID_OPENID_NS, 'sig', 'BAD SIGNATURE'); + $result = $this->consumer->_idResCheckSignature($this->message, $this->endpoint->server_url); + $this->assertTrue(Auth_OpenID::isFailure($result)); + } +} + +class StatelessConsumer1 extends ConfigurableConsumer { + function _processCheckAuthResponse($response, $server_url) + { + return true; + } + + function _makeKVPost($args, $server_url) + { + return array(); + } +} + +class Tests_Auth_OpenID_Stateless1 extends _TestIdRes { + var $consumer_class = "StatelessConsumer1"; + + function setUp() + { + global $GOODSIG; + + parent::setUp(); + $this->assoc = new GoodAssociation(); + $this->assoc->handle = "{not_dumb}"; + $this->store->storeAssociation($this->endpoint->server_url, $this->assoc); + + $this->message = Auth_OpenID_Message::fromPostArgs(array( + 'openid.mode'=> 'id_res', + 'openid.identity'=> '=example', + 'openid.sig'=> $GOODSIG, + 'openid.assoc_handle'=> $this->assoc->handle, + 'openid.signed'=> 'mode,identity,assoc_handle,signed', + 'frobboz'=> 'banzit')); + } + + function test_stateless() + { + // assoc_handle missing assoc, consumer._checkAuth returns + // goodthings + $this->message->setArg(Auth_OpenID_OPENID_NS, "assoc_handle", "dumbHandle"); + $this->consumer->_idResCheckSignature($this->message, + $this->endpoint->server_url); + } +} + +class StatelessConsumer2 extends ConfigurableConsumer { + function _checkAuth($_, $__) + { + return false; + } +} + +class Tests_Auth_OpenID_Stateless2 extends _TestIdRes { + var $consumer_class = "StatelessConsumer2"; + + function setUp() + { + global $GOODSIG; + + parent::setUp(); + $this->assoc = new GoodAssociation(); + $this->assoc->handle = "{not_dumb}"; + $this->store->storeAssociation($this->endpoint->server_url, $this->assoc); + + $this->message = Auth_OpenID_Message::fromPostArgs(array( + 'openid.mode'=> 'id_res', + 'openid.identity'=> '=example', + 'openid.sig'=> $GOODSIG, + 'openid.assoc_handle'=> $this->assoc->handle, + 'openid.signed'=> 'mode,identity,assoc_handle,signed', + 'frobboz'=> 'banzit')); + } + + function test_statelessRaisesError() + { + // assoc_handle missing assoc, consumer._checkAuth returns + // goodthings + $this->message->setArg(Auth_OpenID_OPENID_NS, "assoc_handle", + "dumbHandle"); + $result = $this->consumer->_idResCheckSignature($this->message, + $this->endpoint->server_url); + $this->assertTrue(Auth_OpenID::isFailure($result)); + } +} + +class Tests_Auth_OpenID_Consumer_CheckNonceTest extends _TestIdRes { + function setUp() + { + parent::setUp(); + $this->consumer->openid1_nonce_query_arg_name = 'nonce'; + } + + function test_openid1Success() + { + // use consumer-generated nonce + $nonce_value = Auth_OpenID_mkNonce(); + $this->return_to = sprintf('http://rt.unittest/?nonce=%s', + $nonce_value); + $this->response = Auth_OpenID_Message::fromOpenIDArgs( + array('return_to' => $this->return_to)); + $this->response->setArg(Auth_OpenID_BARE_NS, 'nonce', $nonce_value); + + $result = $this->consumer->_idResCheckNonce($this->response, $this->endpoint); + $this->assertFalse(Auth_OpenID::isFailure($result)); + } + + function test_openid1Missing() + { + // use consumer-generated nonce + $this->response = Auth_OpenID_Message::fromOpenIDArgs(array()); + $n = $this->consumer->_idResGetNonceOpenID1($this->response, $this->endpoint); + $this->assertTrue($n === null); + } + + function test_consumerNonceOpenID2() + { + // OpenID 2 does not use consumer-generated nonce + $this->return_to = sprintf('http://rt.unittest/?nonce=%s', + Auth_OpenID_mkNonce()); + $this->response = Auth_OpenID_Message::fromOpenIDArgs( + array('return_to' => $this->return_to, + 'ns' => Auth_OpenID_OPENID2_NS)); + $result = $this->consumer->_idResCheckNonce($this->response, $this->endpoint); + $this->assertTrue(Auth_OpenID::isFailure($result)); + } + + function test_serverNonce() + { + // use server-generated nonce + $this->response = Auth_OpenID_Message::fromOpenIDArgs( + array('ns' => Auth_OpenID_OPENID2_NS, + 'response_nonce' => Auth_OpenID_mkNonce())); + $this->consumer->_idResCheckNonce($this->response, $this->endpoint); + } + + function test_serverNonceOpenID1() + { + // OpenID 1 does not use server-generated nonce + $this->response = Auth_OpenID_Message::fromOpenIDArgs( + array('ns' => Auth_OpenID_OPENID1_NS, + 'return_to'=> 'http://return.to/', + 'response_nonce'=> Auth_OpenID_mkNonce())); + $result = $this->consumer->_idResCheckNonce($this->response, $this->endpoint); + $this->assertTrue(Auth_OpenID::isFailure($result)); + } + + function test_badNonce() + { + // remove the nonce from the store + $nonce = Auth_OpenID_mkNonce(); + list($timestamp, $salt) = Auth_OpenID_splitNonce($nonce); + + $this->store->useNonce($this->server_url, $timestamp, $salt); + + $response = Auth_OpenID_Message::fromOpenIDArgs(array( + 'response_nonce' => $nonce, + 'ns' => Auth_OpenID_OPENID2_NS + )); + + $result = $this->consumer->_idResCheckNonce($response, + $this->endpoint); + + $this->assertTrue(Auth_OpenID::isFailure($result)); + } + + function test_tamperedNonce() + { + // Malformed nonce + $query = array('response_nonce' => 'malformed', + 'ns' => Auth_OpenID_OPENID2_NS); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $result = $this->consumer->_idResCheckNonce($message, + $this->endpoint); + + $this->assertTrue(Auth_OpenID::isFailure($result)); + } + + function test_missingNonce() + { + // no nonce parameter on the return_to + $query = array('openid.return_to' => $this->return_to); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $result = $this->consumer->_idResCheckNonce($message, + $this->endpoint); + + $this->assertTrue(Auth_OpenID::isFailure($result)); + } +} + +class Tests_Auth_OpenID_Consumer_TestCheckAuthTriggered extends _TestIdRes { + var $consumer_class = '_CheckAuthDetectingConsumer'; + + function _doIdRes($message, $endpoint, $return_to) + { + return $this->consumer->_doIdRes($message, $endpoint, $return_to); + } + + function test_checkAuthTriggered() + { + $query = array('openid.return_to' => $this->return_to, + 'openid.identity' => $this->server_id, + 'openid.assoc_handle' =>'not_found', + 'openid.sig' => 'bogus', + 'openid.signed' => 'identity,return_to'); + + $message = Auth_OpenID_Message::fromPostArgs($query); + + $this->consumer->disableReturnToChecking(); + + $result = $this->_doIdRes($message, $this->endpoint, null); + + $error = __getError(); + + if ($error === null) { + $this->fail('_checkAuth did not happen.'); + } + } + + function test_checkAuthTriggeredWithAssoc() + { + // Store an association for this server that does not match + // the handle that is in the query + $issued = time(); + $lifetime = 1000; + $assoc = new Auth_OpenID_Association( + 'handle', 'secret', $issued, $lifetime, 'HMAC-SHA1'); + $this->store->storeAssociation($this->server_url, $assoc); + + $query = array( + 'openid.return_to' => $this->return_to, + 'openid.identity' => $this->server_id, + 'openid.assoc_handle' => 'not_found', + 'openid.sig' => 'bogus', + 'openid.signed' => 'return_to,identity'); + + $this->consumer->disableReturnToChecking(); + + $message = Auth_OpenID_Message::fromPostArgs($query); + + $result = $this->_doIdRes($message, $this->endpoint, null); + $error = __getError(); + + if ($error === null) { + $this->fail('_checkAuth did not happen.'); + } + } + + function test_expiredAssoc() + { + // Store an expired association for the server with the handle + // that is in the query + $issued = time() - 10; + $lifetime = 0; + $handle = 'handle'; + $assoc = new Auth_OpenID_Association( + $handle, 'secret', $issued, $lifetime, 'HMAC-SHA1'); + $this->assertTrue($assoc->getExpiresIn() <= 0); + $this->store->storeAssociation($this->server_url, $assoc); + + $query = array( + 'openid.return_to' => $this->return_to, + 'openid.identity' => $this->server_id, + 'openid.sig' => 'bogus', + 'openid.signed' => 'identity,return_to', + 'openid.assoc_handle' => $handle); + + $message = Auth_OpenID_Message::fromPostArgs($query); + + $this->consumer->disableReturnToChecking(); + + $info = $this->_doIdRes($message, $this->endpoint, null); + + $this->assertEquals('failure', $info->status); + + $this->assertTrue(strpos($info->message, 'expired') !== false); + } + + function test_newerAssoc() + { + // Store an expired association for the server with the handle + // that is in the query + $lifetime = 1000; + + $good_issued = time() - 10; + $good_handle = 'handle'; + $good_assoc = new Auth_OpenID_Association( + $good_handle, 'secret', $good_issued, $lifetime, 'HMAC-SHA1'); + $this->store->storeAssociation($this->server_url, $good_assoc); + + $bad_issued = time() - 5; + $bad_handle = 'handle2'; + $bad_assoc = new Auth_OpenID_Association( + $bad_handle, 'secret', $bad_issued, $lifetime, 'HMAC-SHA1'); + $this->store->storeAssociation($this->server_url, $bad_assoc); + + $query = array( + 'openid.return_to' => $this->return_to, + 'openid.identity' => $this->server_id, + 'openid.assoc_handle' => $good_handle); + + $this->consumer->disableReturnToChecking(); + + $message = Auth_OpenID_Message::fromPostArgs($query); + $message = $good_assoc->signMessage($message); + + $info = $this->_doIdRes($message, $this->endpoint, null); + + $this->assertEquals($info->status, 'success'); + $this->assertEquals($this->consumer_id, $info->identity_url); + } +} + +class _MockFetcher { + function _MockFetcher($response = null) + { + // response is (code, url, body) + $this->response = $response; + $this->fetches = array(); + } + + function post($url, $body) + { + $this->fetches[] = array($url, $body, array()); + return $this->response; + } + + function get($url) + { + $this->fetches[] = array($url, null, array()); + return $this->response; + } +} + +class Tests_Auth_OpenID_Complete extends _TestIdRes { + function test_cancel() + { + $query = array('openid.mode' => 'cancel'); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $this->consumer->disableReturnToChecking(); + + $r = $this->consumer->complete($message, $this->endpoint, null); + $this->assertEquals($r->status, Auth_OpenID_CANCEL); + $this->assertTrue($r->identity_url == $this->endpoint->claimed_id); + } + + function test_cancel_with_return_to() { + $message = Auth_OpenID_Message::fromPostArgs(array('openid.mode' => 'cancel')); + $r = $this->consumer->complete($message, $this->endpoint, $this->return_to); + $this->assertEquals($r->status, Auth_OpenID_CANCEL); + $this->assertTrue($r->identity_url == $this->endpoint->claimed_id); + } + + function test_errorWithNoOptionalKeys() + { + $msg = 'an error message'; + $contact = 'some contact info here'; + $message = Auth_OpenID_Message::fromPostArgs(array('openid.mode'=> 'error', + 'openid.error'=> $msg, + 'openid.contact'=> $contact)); + + $this->consumer->disableReturnToChecking(); + + $r = $this->consumer->complete($message, $this->endpoint, null); + $this->assertEquals($r->status, Auth_OpenID_FAILURE); + $this->assertTrue($r->identity_url == $this->endpoint->claimed_id); + $this->assertTrue($r->contact == $contact); + $this->assertTrue($r->reference === null); + $this->assertEquals($r->message, $msg); + } + + function test_errorWithOptionalKeys() + { + $msg = 'an error message'; + $contact = 'me'; + $reference = 'support ticket'; + $message = Auth_OpenID_Message::fromPostArgs(array('openid.mode'=> 'error', + 'openid.error'=> $msg, 'openid.reference'=> $reference, + 'openid.contact'=> $contact, 'openid.ns'=> Auth_OpenID_OPENID2_NS + )); + $r = $this->consumer->complete($message, $this->endpoint, null); + $this->assertEquals($r->status, Auth_OpenID_FAILURE); + $this->assertTrue($r->identity_url == $this->endpoint->claimed_id); + $this->assertTrue($r->contact == $contact); + $this->assertTrue($r->reference == $reference); + $this->assertEquals($r->message, $msg); + } + + function test_error() + { + $msg = 'an error message'; + $query = array('openid.mode' =>'error', + 'openid.error' => $msg); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $this->consumer->disableReturnToChecking(); + + $r = $this->consumer->complete($message, $this->endpoint, null); + $this->assertEquals($r->status, Auth_OpenID_FAILURE); + $this->assertTrue($r->identity_url == $this->endpoint->claimed_id); + $this->assertEquals($r->message, $msg); + } + + function test_noMode() + { + $query = array(); + $message = Auth_OpenID_Message::fromPostArgs($query); + $r = $this->consumer->complete($message, $this->endpoint, null); + $this->assertEquals($r->status, Auth_OpenID_FAILURE); + $this->assertTrue($r->identity_url == $this->endpoint->claimed_id); + } + + function test_idResMissingField() + { + $query = array('openid.mode' => 'id_res'); + $message = Auth_OpenID_Message::fromPostArgs($query); + $r = $this->consumer->complete($message, $this->endpoint, null); + $this->assertTrue(Auth_openID::isFailure($r)); + } +} + +class _VerifiedError extends Auth_OpenID_FailureResponse { +} + +class Consumer_idResURLMismatch extends ConfigurableConsumer { + function _discoverAndVerify($to_match) + { + return new _VerifiedError(null, 'verified error'); + } +} + +class Tests_idResURLMismatch extends _TestIdRes { + var $consumer_class = 'Consumer_idResURLMismatch'; + + function test_idResURLMismatch() + { + $query = array('openid.mode' => 'id_res', + 'openid.return_to' => 'return_to (just anything)', + 'openid.identity' => 'something wrong (not this->consumer_id)', + 'openid.assoc_handle' => 'does not matter', + 'openid.signed' => 'identity,return_to', + 'openid.sig' => 'bogus'); + + $this->consumer->disableReturnToChecking(); + + $message = Auth_OpenID_Message::fromPostArgs($query); + $r = $this->consumer->complete($message, $this->endpoint, null); + $this->assertTrue(is_a($r, '_VerifiedError')); + } +} + +class SetupNeededConsumer extends Auth_OpenID_GenericConsumer { + function _checkSetupNeeded($message) + { + return true; + } +} + +class Tests_Auth_OpenID_SetupNeeded extends _TestIdRes { + function test_setupNeededIdRes() + { + $message = Auth_OpenID_Message::fromOpenIDArgs(array('mode'=> 'id_res')); + $response = $this->consumer->complete($message, null, null); + $this->assertEquals(Auth_OpenID_SETUP_NEEDED, + $response->status); + } +} + +class TempConsumer extends ConfigurableConsumer { + function _verifyDiscoveryResults($message, $endpoint) + { + return $endpoint; + } +} + +class TestCompleteMissingSig extends PHPUnit_Framework_TestCase { + + function setUp() + { + global $GOODSIG; + + $this->store = new GoodAssocStore(); + $this->consumer = new ConfigurableConsumer($this->store); + $this->server_url = "http://idp.unittest/"; + + $claimed_id = 'bogus.claimed'; + + $this->message = Auth_OpenID_Message::fromOpenIDArgs( + array('mode'=> 'id_res', + 'return_to'=> 'return_to (just anything)', + 'identity'=> $claimed_id, + 'assoc_handle'=> 'does not matter', + 'sig'=> $GOODSIG, + 'response_nonce'=> Auth_OpenID_mkNonce(), + 'signed'=> 'identity,return_to,response_nonce,assoc_handle,claimed_id,op_endpoint', + 'claimed_id'=> $claimed_id, + 'op_endpoint'=> $this->server_url, + 'ns' => Auth_OpenID_OPENID2_NS)); + + $this->endpoint = new Auth_OpenID_ServiceEndpoint(); + $this->endpoint->server_url = $this->server_url; + $this->endpoint->claimed_id = $claimed_id; + $this->consumer->disableReturnToChecking(); + } + + function test_idResMissingNoSigs() + { + $c = new TempConsumer($this->store); + $c->disableReturnToChecking(); + $r = $c->complete($this->message, $this->endpoint, null); + $this->failUnlessSuccess($r); + } + + function test_idResNoIdentity() + { + $this->message->delArg(Auth_OpenID_OPENID_NS, 'identity'); + $this->message->delArg(Auth_OpenID_OPENID_NS, 'claimed_id'); + $this->endpoint->claimed_id = null; + $this->message->setArg(Auth_OpenID_OPENID_NS, + 'signed', 'return_to,response_nonce,assoc_handle,op_endpoint'); + $r = $this->consumer->complete($this->message, $this->endpoint, null); + $this->failUnlessSuccess($r); + } + + function test_idResMissingIdentitySig() + { + $this->message->setArg(Auth_OpenID_OPENID_NS, + 'signed', + 'return_to,response_nonce,assoc_handle,claimed_id,op_endpoint'); + $r = $this->consumer->complete($this->message, $this->endpoint, null); + $this->assertEquals($r->status, Auth_OpenID_FAILURE); + } + + function test_idResMissingReturnToSig() + { + $this->message->setArg(Auth_OpenID_OPENID_NS, + 'signed', + 'identity,response_nonce,assoc_handle,claimed_id'); + $r = $this->consumer->complete($this->message, $this->endpoint, null); + $this->assertEquals($r->status, Auth_OpenID_FAILURE); + } + + function test_idResMissingAssocHandleSig() + { + $this->message->setArg(Auth_OpenID_OPENID_NS, 'signed', + 'identity,response_nonce,return_to,claimed_id'); + $r = $this->consumer->complete($this->message, $this->endpoint, null); + $this->assertEquals($r->status, Auth_OpenID_FAILURE); + } + + function test_idResMissingClaimedIDSig() + { + $this->message->setArg(Auth_OpenID_OPENID_NS, 'signed', + 'identity,response_nonce,return_to,assoc_handle'); + $r = $this->consumer->complete($this->message, $this->endpoint, null); + $this->assertEquals($r->status, Auth_OpenID_FAILURE); + } + + function failUnlessSuccess($response) + { + if ($response->status != Auth_OpenID_SUCCESS) { + $this->fail(sprintf("Non-successful response: %s", $response->status)); + } + } +} + +class TestReturnToArgs extends PHPUnit_Framework_TestCase { + function setUp() + { + $store = null; + $this->consumer = new Auth_OpenID_GenericConsumer($store); + } + + function test_returnToArgsUnexpectedArg() + { + $query = array( + 'openid.mode' => 'id_res', + 'openid.return_to' => 'http://example.com/', + 'foo' => 'bar'); + + // no return value, success is assumed if there are no + // exceptions. + $this->assertTrue(Auth_OpenID::isFailure( + $this->consumer->_verifyReturnToArgs($query))); + } + + function test_returnToArgsOkay() + { + $query = array( + 'openid.mode'=> 'id_res', + 'openid.return_to'=> 'http://example.com/?foo=bar', + 'foo'=> 'bar' + ); + // no return value, success is assumed if there are no exceptions. + $result = $this->consumer->_verifyReturnToArgs($query); + + $this->assertFalse(Auth_OpenID::isFailure($result)); + $this->assertTrue($result); + } + + function test_returnToMismatch() + { + $query = array( + 'openid.mode' => 'id_res', + 'openid.return_to' => 'http://example.com/?foo=bar'); + + // fail, query has no key 'foo'. + $result = $this->consumer->_verifyReturnToArgs($query); + $this->assertTrue(Auth_OpenID::isFailure($result)); + + $query['foo'] = 'baz'; + // fail, values for 'foo' do not match. + $result = $this->consumer->_verifyReturnToArgs($query); + $this->assertTrue(Auth_OpenID::isFailure($result)); + } + + function test_noReturnTo() + { + $query = array('openid.mode'=> 'id_res'); + $result = $this->consumer->_verifyReturnToArgs($query); + $this->assertTrue(Auth_OpenID::isFailure($result)); + } + + function test_completeBadReturnTo() + { + // Test GenericConsumer.complete()'s handling of bad return_to + // values. + $return_to = "http://some.url/path?foo=bar"; + + // Scheme, authority, and path differences are checked by + // GenericConsumer._checkReturnTo. Query args checked by + // GenericConsumer._verifyReturnToArgs. + $bad_return_tos = array( + // Scheme only + "https://some.url/path?foo=bar", + // Authority only + "http://some.url.invalid/path?foo=bar", + // Path only + "http://some.url/path_extra?foo=bar", + // Query args differ + "http://some.url/path?foo=bar2", + "http://some.url/path?foo2=bar" + ); + + $m = new Auth_OpenID_Message(Auth_OpenID_OPENID1_NS); + $m->setArg(Auth_OpenID_OPENID_NS, 'mode', 'cancel'); + $m->setArg(Auth_OpenID_BARE_NS, 'foo', 'bar'); + $endpoint = null; + + foreach ($bad_return_tos as $bad) { + $m->setArg(Auth_OpenID_OPENID_NS, 'return_to', $bad); + $this->assertFalse($this->consumer->_checkReturnTo($m, $return_to)); + } + } + + function test_completeGoodReturnTo() + { + // Test GenericConsumer.complete()'s handling of good + // return_to values. + $return_to = "http://some.url/path"; + + $good_return_tos = array( + array($return_to, + array()), + array($return_to . "?another=arg", + array(array( + array(Auth_OpenID_BARE_NS, 'another'), + 'arg'))), + array($return_to . "?another=arg#fragment", + array(array( + array(Auth_OpenID_BARE_NS, 'another'), + 'arg'))), + array("HTTP://some.url/path",array()), + array("http://some.URL/path",array()), + array("http://some.url:80/path",array()), + array("http://some.url/./path",array()) + ); + + $endpoint = null; + + foreach ($good_return_tos as $pair) { + list($good_return_to, $extra) = $pair; + $m = new Auth_OpenID_Message(Auth_OpenID_OPENID1_NS); + $m->setArg(Auth_OpenID_OPENID_NS, 'mode', 'cancel'); + + for ($i = 0; $i < count($extra); $i++) { + list($ckey, $value) = $extra[$i]; + $ns = $ckey[0]; + $key = $ckey[1]; + $m->setArg($ns, $key, $value); + } + + $m->setArg(Auth_OpenID_OPENID_NS, 'return_to', $good_return_to); + $result = $this->consumer->complete($m, $endpoint, $return_to); + $this->assertTrue(is_a($result, 'Auth_OpenID_CancelResponse')); + } + } +} + +class Tests_Auth_OpenID_CheckAuthResponse extends _TestIdRes { + function _createAssoc() + { + $issued = time(); + $lifetime = 1000; + $assoc = new Auth_OpenID_Association( + 'handle', 'secret', $issued, $lifetime, 'HMAC-SHA1'); + $store =& $this->consumer->store; + $store->storeAssociation($this->server_url, $assoc); + $assoc2 = $store->getAssociation($this->server_url); + $this->assertEquals($assoc, $assoc2); + } + + function test_goodResponse() + { + // successful response to check_authentication + $response = array('is_valid' => 'true'); + $message = Auth_OpenID_Message::fromOpenIDArgs($response); + $r = $this->consumer->_processCheckAuthResponse($message, $this->server_url); + $this->assertTrue($r); + } + + function test_missingAnswer() + { + // check_authentication returns false when the server sends no + // answer + $response = array(); + $message = Auth_OpenID_Message::fromPostArgs($response); + $r = $this->consumer->_processCheckAuthResponse($message, $this->server_url); + $this->assertFalse($r); + } + + function test_badResponse() + { + // check_authentication returns false when is_valid is false + $response = array('is_valid' => 'false'); + $message = Auth_OpenID_Message::fromOpenIDArgs($response); + + $r = $this->consumer->_processCheckAuthResponse($message, $this->server_url); + $this->assertFalse($r); + } + + function test_badResponseInvalidate() + { + // Make sure that the handle is invalidated when is_valid is + // false + $this->_createAssoc(); + $response = array('is_valid' => 'false', + 'invalidate_handle' => 'handle'); + + $message = Auth_OpenID_Message::fromOpenIDArgs($response); + + $r = $this->consumer->_processCheckAuthResponse($message, + $this->server_url); + $this->assertFalse($r); + $this->assertTrue( + $this->consumer->store->getAssociation($this->server_url) === null); + } + + function test_invalidateMissing() + { + // invalidate_handle with a handle that is not present + $response = array('is_valid' => 'true', + 'invalidate_handle' => 'missing'); + + $message = Auth_OpenID_Message::fromOpenIDArgs($response); + + $r = $this->consumer->_processCheckAuthResponse($message, $this->server_url); + $this->assertTrue($r); + } + + function test_invalidatePresent() + { + // invalidate_handle with a handle that exists""" + $this->_createAssoc(); + $response = array('is_valid' => 'true', + 'invalidate_handle' => 'handle'); + + $message = Auth_OpenID_Message::fromOpenIDArgs($response); + + $r = $this->consumer->_processCheckAuthResponse($message, $this->server_url); + $this->assertTrue($r); + $this->assertTrue( + $this->consumer->store->getAssociation($this->server_url) === null); + } +} + +class _IdResFetchFailingConsumer extends Auth_OpenID_GenericConsumer { + var $message = 'fetch failed'; + + function _doIdRes($message, $endpoint) + { + return new Auth_OpenID_FailureResponse($endpoint, + $this->message); + } +} + +class Tests_Auth_OpenID_FetchErrorInIdRes extends _TestIdRes { + var $consumer_class = '_IdResFetchFailingConsumer'; + + function test_idResFailure() + { + $query = array('openid.mode' => 'id_res'); + $message = Auth_OpenID_Message::fromPostArgs($query); + $r = $this->consumer->complete($message, $this->endpoint, null); + $this->assertEquals($r->status, Auth_OpenID_FAILURE); + $this->assertEquals($r->identity_url, $this->consumer_id); + $this->assertEquals($this->consumer->message, $r->message); + } +} + +class _ExceptionRaisingMockFetcher { + function get($url) + { + __raiseError(E_MOCK_FETCHER_EXCEPTION); + } + + function post($url, $body) + { + __raiseError(E_MOCK_FETCHER_EXCEPTION); + + return new Auth_Yadis_HTTPResponse($url, 400, + array(), ''); + } +} + +class _BadArgCheckingConsumer extends Auth_OpenID_GenericConsumer { + function _makeKVPost($message, $tmp) + { + $args = $message->toPostArgs(); + + if ($args != array( + 'openid.mode' => 'check_authentication', + 'openid.signed' => 'foo')) { + __raiseError(E_ASSERTION_ERROR); + } + return null; + } +} + +class Tests_Auth_OpenID_Consumer_TestCheckAuth extends _TestIdRes { + function setUp() + { + $this->store = new Tests_Auth_OpenID_MemStore(); + $this->consumer = new Auth_OpenID_GenericConsumer($this->store); + $this->fetcher = new _MockFetcher(); + $this->consumer->fetcher =& $this->fetcher; + } + + function test_checkauth_error() + { + global $_Auth_OpenID_server_url; + $this->fetcher->response = new Auth_Yadis_HTTPResponse("http://some_url", + 404, + array(), + "blah:blah\n"); + $query = array('openid.signed' => 'stuff, things'); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $r = $this->consumer->_checkAuth($message, $_Auth_OpenID_server_url); + if ($r !== false) { + $this->fail("Expected _checkAuth result to be false"); + } + } + + function test_bad_args() + { + $query = array('openid.signed' => 'foo', + 'closid.foo' => 'something'); + + $consumer = new _BadArgCheckingConsumer($this->store); + + $message = Auth_OpenID_Message::fromPostArgs($query); + + $this->assertFalse($consumer->_checkAuth($message, 'does://not.matter')); + } + + function test_signedList() + { + $signed = 'identity,mode,ns.sreg,sreg.email'; + $query = Auth_OpenID_Message::fromOpenIDArgs(array( + 'mode'=> 'id_res', + 'sig'=> 'rabbits', + 'identity'=> '=example', + 'assoc_handle'=> 'munchkins', + 'ns.sreg' => 'urn:sreg', + 'sreg.email' => 'bogus@example.com', + 'signed'=> $signed, + 'foo'=> 'bar')); + + $args = $this->consumer->_createCheckAuthRequest($query); + $this->assertTrue($args->isOpenID1()); + $signed_list = explode(',',$signed); + foreach ($signed_list as $k) { + $this->assertTrue($args->getAliasedArg($k)); + } + } + + + function test_112() + { + $args = array('openid.assoc_handle' => 'fa1f5ff0-cde4-11dc-a183-3714bfd55ca8', + 'openid.claimed_id' => 'http://binkley.lan/user/test01', + 'openid.identity' => 'http://test01.binkley.lan/', + 'openid.mode' => 'id_res', + 'openid.ns' => 'http://specs.openid.net/auth/2.0', + 'openid.ns.pape' => 'http://specs.openid.net/extensions/pape/1.0', + 'openid.op_endpoint' => 'http://binkley.lan/server', + 'openid.pape.auth_policies' => 'none', + 'openid.pape.auth_time' => '2008-01-28T20 =>42 =>36Z', + 'openid.pape.nist_auth_level' => '0', + 'openid.response_nonce' => '2008-01-28T21 =>07 =>04Z99Q=', + 'openid.return_to' => 'http://binkley.lan =>8001/process?janrain_nonce=2008-01-28T21%3A07%3A02Z0tMIKx', + 'openid.sig' => 'YJlWH4U6SroB1HoPkmEKx9AyGGg=', + 'openid.signed' => 'assoc_handle,identity,response_nonce,return_to,claimed_id,op_endpoint,pape.auth_time,ns.pape,pape.nist_auth_level,pape.auth_policies' + ); + $this->assertEquals(Auth_OpenID_OPENID2_NS, $args['openid.ns']); + $incoming = Auth_OpenID_Message::fromPostArgs($args); + $this->assertTrue($incoming->isOpenID2()); + $car = $this->consumer->_createCheckAuthRequest($incoming); + $expected_args = $args; + $expected_args['openid.mode'] = 'check_authentication'; + $expected = Auth_OpenID_Message::fromPostArgs($expected_args); + $this->assertTrue($expected->isOpenID2()); + $this->assertEquals($expected, $car); + $this->assertEquals($expected_args, $car->toPostArgs()); + } +} + +class Tests_Auth_OpenID_Consumer_TestFetchAssoc extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->store = new Tests_Auth_OpenID_MemStore(); + $this->fetcher = new _MockFetcher(); + $this->consumer = new Auth_OpenID_GenericConsumer($this->store); + $this->consumer->fetcher =& $this->fetcher; + } + + function test_kvpost_error() + { + $this->fetcher->response = new Auth_Yadis_HTTPResponse("http://some_url", + 404, + array(), + "blah:blah\n"); + $query = array('openid.mode' => 'associate'); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $r = $this->consumer->_makeKVPost($message, + "http://server_url"); + if ($r !== null) { + $this->fail("Expected _makeKVPost result to be null"); + } + } + + function test_error_404() + { + // 404 from a kv post raises HTTPFetchingError + $this->fetcher->response = new Auth_Yadis_HTTPResponse( + "http://some_url", 404, array('Hea'=> 'der'), 'blah:blah\n'); + + $result = $this->consumer->_makeKVPost( + Auth_OpenID_Message::fromPostArgs(array('mode'=>'associate')), + "http://server_url"); + + $this->assertTrue($result === null); + } + + function test_error_exception() + { + $this->consumer->fetcher = new _ExceptionRaisingMockFetcher(); + + $query = array('openid.mode' => 'associate'); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $this->consumer->_makeKVPost($message, + "http://server_url"); + + if (__getError() !== E_MOCK_FETCHER_EXCEPTION) { + $this->fail("Expected ExceptionRaisingMockFetcher to " . + "raise E_MOCK_FETCHER_EXCEPTION"); + } + + $endpoint = new Auth_OpenID_ServiceEndpoint(); + $endpoint->server_url = 'some://url'; + + // exception fetching returns no association + $this->assertEquals($this->consumer->_getAssociation($endpoint), + null); + + $query = array('openid.signed' => ''); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $this->consumer->_checkAuth($message, + 'some://url'); + + if (__getError() !== E_MOCK_FETCHER_EXCEPTION) { + $this->fail("Expected ExceptionRaisingMockFetcher to " . + "raise E_MOCK_FETCHER_EXCEPTION (_checkAuth)"); + } + } +} + +class Tests_Auth_OpenID_AuthRequestHTMLMarkup extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->endpoint = new Auth_OpenID_ServiceEndpoint(); + $this->endpoint->claimed_id = 'identity_url'; + + $this->request = new Auth_OpenID_AuthRequest($this->endpoint, null); + } + + function test_htmlMarkup() + { + $html = $this->request->htmlMarkup('http://realm.com/', + 'http://realm.com/return_to'); + $this->assertTrue(strpos($html,"<html>") !== false); + $this->assertTrue(strpos($html,"</html>") !== false); + $this->assertTrue(strpos($html,"<body onload") !== false); + $this->assertTrue(strpos($html,"</body>") !== false); + $this->assertTrue(strpos($html,"<form") !== false); + $this->assertTrue(strpos($html,"</form>") !== false); + } +} + +class Tests_Auth_OpenID_SuccessResponse extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->endpoint = new Auth_OpenID_ServiceEndpoint(); + $this->endpoint->claimed_id = 'identity_url'; + } + + function test_extensionResponse() + { + $uri = "http://bogus.unittest/1.0"; + + $query = array( + 'openid.ns.unittest' => $uri, + 'openid.unittest.one' => '1', + 'openid.unittest.two' =>'2', + 'openid.sreg.nickname' => 'j3h', + 'openid.return_to' => 'return_to'); + + $message = Auth_OpenID_Message::fromPostArgs($query); + $resp = new Auth_OpenID_SuccessResponse($this->endpoint, $message); + + $utargs = $resp->extensionResponse($uri, false); + $this->assertEquals($utargs, array('one' => '1', 'two' => '2')); + $sregargs = $resp->extensionResponse(Auth_OpenID_SREG_NS_URI, false); + $this->assertEquals($sregargs, array('nickname' => 'j3h')); + } + + function test_extensionResponseSigned() + { + $args = array( + 'ns.sreg' => 'urn:sreg', + 'ns.unittest' => 'urn:unittest', + 'unittest.one' => '1', + 'unittest.two' => '2', + 'sreg.nickname' => 'j3h', + 'sreg.dob' => 'yesterday', + 'return_to' => 'return_to', + 'signed' => 'sreg.nickname,unittest.one,sreg.dob'); + + $signed_list = array('openid.sreg.nickname', + 'openid.unittest.one', + 'openid.sreg.dob', + 'openid.ns.sreg'); + + $msg = Auth_OpenID_Message::fromOpenIDArgs($args); + $resp = new Auth_OpenID_SuccessResponse($this->endpoint, $msg, $signed_list); + + // All args in this NS are signed, so expect all. + $sregargs = $resp->extensionResponse('urn:sreg', true); + $this->assertEquals($sregargs, + array('nickname' => 'j3h', + 'dob' => 'yesterday')); + + // Not all args in this NS are signed, so expect null when + // asking for them. + $utargs = $resp->extensionResponse('urn:unittest', true); + $this->assertEquals($utargs, null); + } + + function test_noReturnTo() + { + $message = Auth_OpenID_Message::fromPostArgs(array()); + $resp = new Auth_OpenID_SuccessResponse($this->endpoint, $message); + $this->assertTrue($resp->getReturnTo() === null); + } + + function test_returnTo() + { + $query = array('openid.return_to' => 'return_to'); + $message = Auth_OpenID_Message::fromPostArgs($query); + + $resp = new Auth_OpenID_SuccessResponse($this->endpoint, + $message, array('openid.return_to')); + + $this->assertEquals($resp->getReturnTo(), 'return_to'); + } +} + +class _StubConsumer { + function _StubConsumer() + { + $this->assoc = null; + $this->response = null; + $this->endpoint = null; + $this->fetcher = new _MockFetcher(); + } + + function begin($service) + { + $auth_req = new Auth_OpenID_AuthRequest($service, $this->assoc); + $this->endpoint = $service; + return $auth_req; + } + + function complete($message, $endpoint, $return_to) + { + return $this->response; + } +} + +class Tests_Auth_OpenID_DiscoFailure extends PHPUnit_Framework_TestCase { + var $consumerClass = null; + + function setUp() + { + foreach ($_SESSION as $k => $v) { + unset($_SESSION[$k]); + } + + $this->endpoint = new Auth_OpenID_ServiceEndpoint(); + $this->claimed_id = 'http://identity.url/'; + $this->endpoint->claimed_id = $this->claimed_id; + $this->store = null; + $this->session = new Auth_Yadis_PHPSession(); + $cls = $this->consumerClass; + $this->consumer = new $cls($this->store, $this->session); + $this->consumer->consumer = new _StubConsumer(); + $this->discovery = new Auth_Yadis_Discovery($this->session, + $this->claimed_id, + $this->consumer->session_key_prefix); + } +} + +class Consumer_completeEmptySession extends Auth_OpenID_GenericConsumer { + var $test_case = null; + var $text = "failed complete"; + + function complete($message, $endpoint, $return_to) + { + $this->test_case->assertTrue($endpoint === null); + return new Auth_OpenID_FailureResponse($endpoint, $this->text); + } +} + +class Tests_Auth_OpenID_ConsumerTest2 extends PHPUnit_Framework_TestCase { + function setUp() + { + foreach ($_SESSION as $k => $v) { + unset($_SESSION[$k]); + } + + $this->endpoint = new Auth_OpenID_ServiceEndpoint(); + $this->claimed_id = 'http://identity.url/'; + $this->endpoint->claimed_id = $this->claimed_id; + $this->store = null; + $this->session = new Auth_Yadis_PHPSession(); + $this->consumer = new Auth_OpenID_Consumer($this->store, $this->session); + $this->consumer->consumer = new _StubConsumer(); + $this->discovery = new Auth_Yadis_Discovery($this->session, + $this->claimed_id, + $this->consumer->session_key_prefix); + } + + function test_beginWithoutDiscovery() + { + // Does this really test anything non-trivial? + $result = $this->consumer->beginWithoutDiscovery($this->endpoint); + + // The result is an auth request + $this->assertTrue(strtolower(get_class($result)) == + 'auth_openid_authrequest'); + + $loader = new Auth_OpenID_ServiceEndpointLoader(); + + // Side-effect of calling beginWithoutDiscovery is setting the + // session value to the endpoint attribute of the result + $this->assertTrue( + $loader->fromSession( + $this->session->get($this->consumer->_token_key)) == + $result->endpoint); + + // The endpoint that we passed in is the endpoint on the + // auth_request + $this->assertTrue($result->endpoint == $this->endpoint); + } + + function test_completeEmptySession() + { + $this->consumer->consumer = new Consumer_completeEmptySession($this->store); + $this->consumer->consumer->test_case =& $this; + + $response = $this->consumer->complete(null); + $this->assertTrue(Auth_OpenID::isFailure($response)); + $this->assertEquals($this->consumer->consumer->text, $response->message); + $this->assertTrue($response->identity_url === null); + } + + function _doResp($auth_req, $exp_resp) + { + // complete a transaction, using the expected response from + // the generic consumer. + $this->consumer->consumer->response = $exp_resp; + + // endpoint is stored in the session + // $this->assertTrue($this->session->data); + $this->assertTrue($_SESSION); + $resp = $this->consumer->complete(null); + + // All responses should have the same identity URL, and the + // session should be cleaned out + if ($this->endpoint->claimed_id != Auth_OpenID_IDENTIFIER_SELECT) { + $this->assertTrue($resp->identity_url == $this->claimed_id); + } + + $this->assertFalse(in_array($this->consumer->_token_key, + $_SESSION)); // this->session->data)); + + // Expected status response + $this->assertEquals($resp->status, $exp_resp->status); + + return $resp; + } + + function _doRespNoDisco($exp_resp) + { + // Set up a transaction without discovery + $auth_req = $this->consumer->beginWithoutDiscovery($this->endpoint); + $resp = $this->_doResp($auth_req, $exp_resp); + // There should be nothing left in the session once we have + // completed. + $this->assertFalse($this->session->contents()); + return $resp; + } + + /* + * Be sure that the session gets cleaned up when the response is + * successful and has a different URL than the one in the request. + */ + function test_successDifferentURL() + { + // Set up a request endpoint describing an IDP URL + $this->identity_url = 'http://idp.url/'; + $this->endpoint->claimed_id = $this->endpoint->local_id = Auth_OpenID_IDENTIFIER_SELECT; + + // Use a response endpoint with a different URL (asserted by + // the IDP) + $resp_endpoint = new Auth_OpenID_ServiceEndpoint(); + $resp_endpoint->claimed_id = "http://user.url/"; + + $resp = $this->_doRespDisco( + true, + mkSuccess($resp_endpoint, array())); + $this->assertTrue($this->discovery->getManager(true) === null); + } + + function test_noDiscoCompleteSuccessWithToken() + { + $message = Auth_OpenID_Message::fromPostArgs(array()); + $this->_doRespNoDisco(new Auth_OpenID_SuccessResponse($this->endpoint, + $message)); + } + + function test_noDiscoCompleteCancelWithToken() + { + $this->_doRespNoDisco(new Auth_OpenID_CancelResponse($this->endpoint)); + } + + function test_noDiscoCompleteFailure() + { + $msg = 'failed!'; + $resp = $this->_doRespNoDisco(new Auth_OpenID_FailureResponse($this->endpoint, $msg)); + $this->assertTrue($resp->message == $msg); + } + + function test_noDiscoCompleteSetupNeeded() + { + $setup_url = 'http://setup.url/'; + $resp = $this->_doRespNoDisco( + new Auth_OpenID_SetupNeededResponse($this->endpoint, $setup_url)); + $this->assertTrue($resp->setup_url == $setup_url); + } + + // To test that discovery is cleaned up, we need to initialize a + // Yadis manager, and have it put its values in the session. + function _doRespDisco($is_clean, $exp_resp) + { + // Set up and execute a transaction, with discovery + $this->discovery->createManager(array($this->endpoint), + $this->claimed_id); + $auth_req = $this->consumer->begin($this->claimed_id); + $resp = $this->_doResp($auth_req, $exp_resp); + + $manager = $this->discovery->getManager(); + if ($is_clean) { + $this->assertTrue($this->discovery->getManager() === null); + } else { + $this->assertFalse($this->discovery->getManager() === null); + } + + return $resp; + } + + // Cancel and success DO clean up the discovery process + function test_completeSuccess() + { + $message = Auth_OpenID_Message::fromPostArgs(array()); + $this->_doRespDisco(true, + new Auth_OpenID_SuccessResponse($this->endpoint, + $message)); + } + + function test_completeCancel() + { + $this->_doRespDisco(true, + new Auth_OpenID_CancelResponse($this->endpoint)); + } + + // Failure and setup_needed don't clean up the discovery process + function test_completeFailure() + { + $msg = 'failed!'; + $resp = $this->_doRespDisco(false, + new Auth_OpenID_FailureResponse($this->endpoint, $msg)); + $this->assertTrue($resp->message == $msg); + } + + function test_completeSetupNeeded() + { + $setup_url = 'http://setup.url/'; + $resp = $this->_doRespDisco(false, + new Auth_OpenID_SetupNeededResponse($this->endpoint, $setup_url)); + $this->assertTrue($resp->status == Auth_OpenID_SETUP_NEEDED); + $this->assertTrue($resp->setup_url == $setup_url); + } + + function test_begin() + { + $this->discovery->createManager(array($this->endpoint), + $this->claimed_id); + // Should not raise an exception + $auth_req = $this->consumer->begin($this->claimed_id); + $this->assertTrue(strtolower(get_class($auth_req)) === 'auth_openid_authrequest'); + $this->assertTrue($auth_req->endpoint == $this->endpoint); + $this->assertTrue($auth_req->endpoint == $this->consumer->consumer->endpoint); + $this->assertTrue($auth_req->assoc == $this->consumer->consumer->assoc); + } +} + +class IDPDrivenTest_Consumer1 extends ConfigurableConsumer { + var $iverified = array(); + var $endpoint = null; + var $failure_cb = null; + var $check_endpoint = null; + + function _idResCheckNonce($message, $endpoint) + { + return true; + } + + function _verifyDiscoveryResults($identifier, $endpoint) + { + call_user_func($this->failure_cb, + $endpoint === $this->check_endpoint); + $this->iverified[] = $this->endpoint; + return $this->endpoint; + } +} + +class IDPDrivenTest_Consumer2 extends ConfigurableConsumer { + function verifyDiscoveryResults($identifier, $endp) + { + return new Auth_OpenID_FailureResponse(null, + "Bogus"); + } +} + +class IDPDrivenTest extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->store = new GoodAssocStore(); + $this->consumer = new ConfigurableConsumer($this->store); + $this->endpoint = new Auth_OpenID_ServiceEndpoint(); + $this->endpoint->server_url = "http://idp.unittest/"; + } + + function test_idpDrivenBegin() + { + // Testing here that the token-handling doesn't explode... + $this->assertTrue($this->consumer->begin($this->endpoint) !== null); + } + + function test_idpDrivenComplete() + { + global $GOODSIG; + + $this->consumer = new IDPDrivenTest_Consumer1($this->store); + $this->consumer->failure_cb = array($this, "assertTrue"); + $this->consumer->check_endpoint =& $this->endpoint; + + $identifier = '=directed_identifier'; + $message = Auth_OpenID_Message::fromPostArgs(array( + 'openid.identity'=> '=directed_identifier', + 'openid.return_to'=> 'x', + 'openid.assoc_handle'=> 'z', + 'openid.signed'=> 'identity,return_to', + 'openid.sig'=> $GOODSIG)); + + $endpoint = new Auth_OpenID_ServiceEndpoint(); + $endpoint->claimed_id = $identifier; + $endpoint->server_url = $this->endpoint->server_url; + $endpoint->local_id = $identifier; + + $this->consumer->disableReturnToChecking(); + + $this->consumer->endpoint =& $endpoint; + $response = $this->consumer->_doIdRes($message, $this->endpoint, null); + + $this->failUnlessSuccess($response); + + $this->assertEquals($response->identity_url, "=directed_identifier"); + + // assert that discovery attempt happens and returns good + $this->assertEquals($this->consumer->iverified, array($endpoint)); + } + + function test_idpDrivenCompleteFraud() + { + global $GOODSIG; + + $this->consumer = new IDPDrivenTest_Consumer2($this->store); + + // crap with an identifier that doesn't match discovery info + $message = Auth_OpenID_Message::fromPostArgs(array( + 'openid.identity'=> '=directed_identifier', + 'openid.return_to'=> 'x', + 'openid.assoc_handle'=> 'z', + 'openid.signed'=> 'identity,return_to', + 'openid.sig'=> $GOODSIG)); + + $this->consumer->disableReturnToChecking(); + + $result = $this->consumer->_doIdRes($message, $this->endpoint, null); + $this->assertTrue(Auth_OpenID::isFailure($result)); + } + + function failUnlessSuccess($response) + { + if ($response->status != Auth_OpenID_SUCCESS) { + $this->fail("Non-successful response (status is ".$response->status.")"); + } + } +} + +global $__test_otherServer_text; +$__test_otherServer_text = "__test_otherServer"; +class TestDiscoveryVerification_test_otherServer extends Auth_OpenID_GenericConsumer { + function _discoverAndVerify($to_match) + { + global $__test_otherServer_text; + return new Auth_OpenID_FailureResponse(null, $__test_otherServer_text); + } +} + +class TestDiscoveryVerification extends PHPUnit_Framework_TestCase { + var $services = array(); + + function discoveryFunc($identifier) + { + return array($identifier, $this->services); + } + + function setUp() + { + $this->store = new GoodAssocStore(); + $this->consumer = new Auth_OpenID_GenericConsumer($this->store); + $this->consumer->discoverMethod = array($this, + 'discoveryFunc'); + + $this->identifier = "http://idp.unittest/1337"; + $this->server_url = "http://endpoint.unittest/"; + + $this->message = Auth_OpenID_Message::fromPostArgs(array( + 'openid.ns'=> Auth_OpenID_OPENID2_NS, + 'openid.identity'=> $this->identifier, + 'openid.claimed_id'=> $this->identifier, + 'openid.op_endpoint'=> $this->server_url)); + + $this->endpoint = new Auth_OpenID_ServiceEndpoint(); + $this->endpoint->server_url = $this->server_url; + } + + function test_theGoodStuff() + { + $endpoint = new Auth_OpenID_ServiceEndpoint(); + $endpoint->type_uris = array(Auth_OpenID_TYPE_2_0); + $endpoint->claimed_id = $this->identifier; + $endpoint->server_url = $this->server_url; + $endpoint->local_id = $this->identifier; + $this->services = array($endpoint); + $r = $this->consumer->_verifyDiscoveryResults($this->message, $endpoint); + + $this->assertEquals($r, $endpoint); + } + + function test_otherServer() + { + global $__test_otherServer_text; + + // setup + $this->consumer = new TestDiscoveryVerification_test_otherServer($this->store); + $this->consumer->discoverMethod = array($this, + 'discoveryFunc'); + + // a set of things without the stuff + $endpoint = new Auth_OpenID_ServiceEndpoint(); + $endpoint->type_uris = array(Auth_OpenID_TYPE_2_0); + $endpoint->claimed_id = $this->identifier; + $endpoint->server_url = "http://the-MOON.unittest/"; + $endpoint->local_id = $this->identifier; + $this->services = array($endpoint); + + $result = $this->consumer->_verifyDiscoveryResults( + $this->message, $endpoint); + + $this->assertTrue(Auth_OpenID::isFailure($result)); + $this->assertTrue(strpos($result->message, $__test_otherServer_text) !== false); + } + + function test_foreignDelegate() + { + global $__test_otherServer_text; + + // setup + $this->consumer = new TestDiscoveryVerification_test_otherServer($this->store); + $this->consumer->discoverMethod = array($this, + 'discoveryFunc'); + + // a set of things with the server stuff but other delegate + $endpoint = new Auth_OpenID_ServiceEndpoint(); + $endpoint->type_uris = array(Auth_OpenID_TYPE_2_0); + $endpoint->claimed_id = $this->identifier; + $endpoint->server_url = $this->server_url; + $endpoint->local_id = "http://unittest/juan-carlos"; + + $result = $this->consumer->_verifyDiscoveryResults( + $this->message, $endpoint); + $this->assertTrue(Auth_OpenID::isFailure($result)); + $this->assertTrue(strpos($result->message, $__test_otherServer_text) !== false); + } + + function test_nothingDiscovered() + { + // a set of no things. + $this->services = array(); + $result = $this->consumer->_verifyDiscoveryResults( + $this->message, $this->endpoint); + $this->assertTrue(Auth_OpenID::isFailure($result)); + } +} + +class DummyEndpoint { + var $use_compatibility = false; + + function compatibilityMode() + { + return $this->use_compatibility; + } +} + +class TestCreateAssociationRequest extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->endpoint = new DummyEndpoint(); + $s = null; + $this->consumer = new Auth_OpenID_GenericConsumer($s); + $this->assoc_type = 'HMAC-SHA1'; + } + + function test_noEncryptionSendsType() + { + $session_type = 'no-encryption'; + list($session, $args) = $this->consumer->_createAssociateRequest( + $this->endpoint, $this->assoc_type, $session_type); + + $this->assertTrue(is_a($session, 'Auth_OpenID_PlainTextConsumerSession')); + + $expected = Auth_OpenID_Message::fromOpenIDArgs( + array('ns' => Auth_OpenID_OPENID2_NS, + 'session_type'=>$session_type, + 'mode'=>'associate', + 'assoc_type'=>$this->assoc_type)); + + $this->assertEquals($expected->toPostArgs(), + $args->toPostArgs()); + } + + function test_noEncryptionSendsTypeHMACSHA256() + { + if (!Auth_OpenID_HMACSHA256_SUPPORTED) { + $this->pass(); + return; + } + + $session_type = 'no-encryption'; + $this->assoc_type = 'HMAC-SHA256'; + + list($session, $args) = $this->consumer->_createAssociateRequest( + $this->endpoint, $this->assoc_type, $session_type); + + $this->assertTrue(is_a($session, 'Auth_OpenID_PlainTextConsumerSession')); + + $expected = Auth_OpenID_Message::fromOpenIDArgs( + array('ns' => Auth_OpenID_OPENID2_NS, + 'session_type'=>$session_type, + 'mode'=>'associate', + 'assoc_type'=>$this->assoc_type)); + + $this->assertEquals($expected->toPostArgs(), + $args->toPostArgs()); + + $response = Auth_OpenID_Message::fromOpenIDArgs( + array('ns' => Auth_OpenID_OPENID2_NS, + 'session_type'=>$session_type, + 'assoc_type'=>$this->assoc_type, + 'expires_in' => '10000000000', + 'mac_key' => 'ZM9v', + 'assoc_handle' => 'turnme' + ) + ); + + $assoc = $this->consumer->_extractAssociation($response, $session); + + $this->assertTrue($assoc !== null); + $this->assertTrue(is_a($assoc, 'Auth_OpenID_Association')); + $this->assertTrue($assoc->assoc_type = $this->assoc_type); + $this->assertTrue($assoc->session_type = $session_type); + } + + function test_noEncryptionCompatibility() + { + $this->endpoint->use_compatibility = true; + $session_type = 'no-encryption'; + list($session, $args) = $this->consumer->_createAssociateRequest( + $this->endpoint, $this->assoc_type, $session_type); + + $this->assertTrue(is_a($session, 'Auth_OpenID_PlainTextConsumerSession')); + $this->assertEquals(Auth_OpenID_Message::fromOpenIDArgs(array('mode'=>'associate', + 'assoc_type'=>$this->assoc_type)), + $args); + } + + function test_dhSHA1Compatibility() + { + // Set the consumer's session type to a fast session since we + // need it here. + setConsumerSession($this->consumer); + + $this->endpoint->use_compatibility = true; + $session_type = 'DH-SHA1'; + list($session, $args) = $this->consumer->_createAssociateRequest( + $this->endpoint, $this->assoc_type, $session_type); + + $this->assertTrue(is_a($session, + 'Auth_OpenID_DiffieHellmanSHA1ConsumerSession')); + + // This is a random base-64 value, so just check that it's + // present. + $this->assertTrue($args->hasKey(Auth_OpenID_OPENID1_NS, 'dh_consumer_public')); + $args->delArg(Auth_OpenID_OPENID1_NS, 'dh_consumer_public'); + + // OK, session_type is set here and not for no-encryption + // compatibility + $expected = Auth_OpenID_Message::fromOpenIDArgs(array('mode'=>'associate', + 'session_type'=>'DH-SHA1', + 'assoc_type'=>$this->assoc_type, + 'dh_modulus'=> 'BfvStQ==', + 'dh_gen'=> 'Ag==')); + + $this->assertEquals($expected->toPostArgs(), + $args->toPostArgs()); + } +} + +class TestDiffieHellmanResponseParameters extends PHPUnit_Framework_TestCase { + var $session_cls = null; + var $message_namespace = null; + + function setUp() + { + // Pre-compute DH with small prime so tests run quickly. + $this->server_dh = new Auth_OpenID_DiffieHellman(100389557, 2); + $this->consumer_dh = new Auth_OpenID_DiffieHellman(100389557, 2); + + $lib = Auth_OpenID_getMathLib(); + + $cls = $this->session_cls; + $this->consumer_session = new $cls($this->consumer_dh); + + // base64(btwoc(g ^ xb mod p)) + $this->dh_server_public = $lib->longToBase64($this->server_dh->public); + + $this->secret = Auth_OpenID_CryptUtil::randomString( + $this->consumer_session->secret_size); + + $this->enc_mac_key = base64_encode( + $this->server_dh->xorSecret($this->consumer_dh->public, + $this->secret, + $this->consumer_session->hash_func)); + + $this->msg = new Auth_OpenID_Message($this->message_namespace); + } + + function testExtractSecret() + { + $this->msg->setArg(Auth_OpenID_OPENID_NS, 'dh_server_public', + $this->dh_server_public); + + $this->msg->setArg(Auth_OpenID_OPENID_NS, 'enc_mac_key', + $this->enc_mac_key); + + $extracted = $this->consumer_session->extractSecret($this->msg); + $this->assertEquals($extracted, $this->secret); + } + + function testAbsentServerPublic() + { + $this->msg->setArg(Auth_OpenID_OPENID_NS, 'enc_mac_key', + $this->enc_mac_key); + + $this->assertTrue($this->consumer_session->extractSecret($this->msg) === null); + } + + function testAbsentMacKey() + { + $this->msg->setArg(Auth_OpenID_OPENID_NS, 'dh_server_public', + $this->dh_server_public); + + $this->assertTrue($this->consumer_session->extractSecret($this->msg) === null); + } + + /* + function testInvalidBase64Public() + { + $this->msg->setArg(Auth_OpenID_OPENID_NS, 'dh_server_public', + 'n o t b a s e 6 4.'); + + $this->msg->setArg(Auth_OpenID_OPENID_NS, 'enc_mac_key', + $this->enc_mac_key); + + $this->assertTrue($this->consumer_session->extractSecret($this->msg) === null); + } + + function testInvalidBase64MacKey() + { + $this->msg->setArg(Auth_OpenID_OPENID_NS, 'dh_server_public', + $this->dh_server_public); + + $this->msg->setArg(Auth_OpenID_OPENID_NS, 'enc_mac_key', + 'n o t base 64'); + + $this->assertTrue($this->consumer_session->extractSecret($this->msg) === null); + } + */ +} + +class TestOpenID1SHA1 extends TestDiffieHellmanResponseParameters { + var $session_cls = 'Auth_OpenID_DiffieHellmanSHA1ConsumerSession'; + var $message_namespace = Auth_OpenID_OPENID1_NS; +} + +class TestOpenID2SHA1 extends TestDiffieHellmanResponseParameters { + var $session_cls = 'Auth_OpenID_DiffieHellmanSHA1ConsumerSession'; + var $message_namespace = Auth_OpenID_OPENID2_NS; +} + +if (!defined('Auth_OpenID_NO_MATH_SUPPORT') && + Auth_OpenID_SHA256_SUPPORTED) { + class TestOpenID2SHA256 extends TestDiffieHellmanResponseParameters { + var $session_cls = 'Auth_OpenID_DiffieHellmanSHA256ConsumerSession'; + var $message_namespace = Auth_OpenID_OPENID2_NS; + } +} + +class Tests_Auth_OpenID_KVPost extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->server_url = 'http://unittest/bogus'; + } + + function test_200() + { + $response = new Auth_Yadis_HTTPResponse(); + $response->status = 200; + $response->body = "foo:bar\nbaz:quux\n"; + $r = Auth_OpenID_GenericConsumer::_httpResponseToMessage($response, $this->server_url); + $expected_msg = Auth_OpenID_Message::fromOpenIDArgs(array('foo' => 'bar', 'baz' => 'quux')); + $this->assertEquals($expected_msg, $r); + } + + function test_400() + { + $response = new Auth_Yadis_HTTPResponse(); + $response->status = 400; + $response->body = "error:bonk\nerror_code:7\n"; + $result = Auth_OpenID_GenericConsumer::_httpResponseToMessage($response, $this->server_url); + + $this->assertTrue(is_a($result, 'Auth_OpenID_ServerErrorContainer')); + $this->assertEquals($result->error_text, 'bonk'); + $this->assertEquals($result->error_code, '7'); + } + + function test_500() + { + // 500 as an example of any non-200, non-400 code. + $response = new Auth_Yadis_HTTPResponse(); + $response->status = 500; + $response->body = "foo:bar\nbaz:quux\n"; + $result = Auth_OpenID_GenericConsumer::_httpResponseToMessage($response, $this->server_url); + $this->assertTrue($result === null); + } +} + +// Add other test cases to be run. +global $Tests_Auth_OpenID_Consumer_other; +$Tests_Auth_OpenID_Consumer_other = array( + // new Tests_Auth_OpenID_Consumer_TestSetupNeeded(), + new Tests_Auth_OpenID_AuthRequestHTMLMarkup(), + new Tests_Auth_OpenID_Consumer_TestCheckAuth(), + new Tests_Auth_OpenID_Consumer_TestCheckAuthTriggered(), + new Tests_Auth_OpenID_Consumer_TestFetchAssoc(), + new Tests_Auth_OpenID_Consumer_CheckNonceTest(), + new Tests_Auth_OpenID_Complete(), + new Tests_Auth_OpenID_SuccessResponse(), + new Tests_Auth_OpenID_CheckAuthResponse(), + new Tests_Auth_OpenID_FetchErrorInIdRes(), + new Tests_Auth_OpenID_ConsumerTest2(), + new Tests_Auth_OpenID_Stateless1(), + new Tests_Auth_OpenID_Stateless2(), + new TestCompleteMissingSig(), + new TestReturnToArgs(), + new IDPDrivenTest(), + new TestDiscoveryVerification(), + new Tests_Auth_OpenID_KVPost(), + new Tests_idResURLMismatch(), + new IdResCheckForFieldsTest(), + ); + +if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) { + $Tests_Auth_OpenID_Consumer_other[] = new TestCreateAssociationRequest(); + $Tests_Auth_OpenID_Consumer_other[] = new TestOpenID1SHA1(); + $Tests_Auth_OpenID_Consumer_other[] = new TestOpenID2SHA1(); +} + +if (!defined('Auth_OpenID_NO_MATH_SUPPORT') && + Auth_OpenID_SHA256_SUPPORTED) { + $Tests_Auth_OpenID_Consumer_other[] = new TestOpenID2SHA256(); +} + + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/CryptUtil.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/CryptUtil.php new file mode 100644 index 000000000..29022d2e1 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/CryptUtil.php @@ -0,0 +1,54 @@ +<?php + +/** + * Tests for the CryptUtil functions. + * + * PHP versions 4 and 5 + * + * LICENSE: See the COPYING file included in this distribution. + * + * @package OpenID + * @author JanRain, Inc. <openid@janrain.com> + * @copyright 2005-2008 Janrain, Inc. + * @license http://www.apache.org/licenses/LICENSE-2.0 Apache + */ + +require_once 'Auth/OpenID.php'; +require_once 'Auth/OpenID/CryptUtil.php'; + +class Tests_Auth_OpenID_CryptUtil extends PHPUnit_Framework_TestCase { + function test_length() + { + $cases = array(1, 10, 255); + foreach ($cases as $length) { + $data = Auth_OpenID_CryptUtil::getBytes($length); + $this->assertEquals(Auth_OpenID::bytes($data), $length); + } + } + + function test_different() + { + $num_iterations = 100; + $data_length = 20; + + $data = Auth_OpenID_CryptUtil::getBytes($num_iterations); + for ($i = 0; $i < $num_iterations; $i++) { + $last = $data; + $data = Auth_OpenID_CryptUtil::getBytes($data_length); + $this->assertFalse($data == $last); + } + } + + function test_cryptrand() + { + // It's possible, but HIGHLY unlikely that a correct + // implementation will fail by returning the same number twice + + $s = Auth_OpenID_CryptUtil::getBytes(32); + $t = Auth_OpenID_CryptUtil::getBytes(32); + $this->assertEquals(Auth_OpenID::bytes($s), 32); + $this->assertEquals(Auth_OpenID::bytes($t), 32); + $this->assertFalse($s == $t); + } +} + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/DiffieHellman.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/DiffieHellman.php new file mode 100644 index 000000000..524c011b7 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/DiffieHellman.php @@ -0,0 +1,159 @@ +<?php + +/** + * Tests for the Diffie-Hellman key exchange implementation in the + * OpenID library. + * + * PHP versions 4 and 5 + * + * LICENSE: See the COPYING file included in this distribution. + * + * @package OpenID + * @author JanRain, Inc. <openid@janrain.com> + * @copyright 2005-2008 Janrain, Inc. + * @license http://www.apache.org/licenses/LICENSE-2.0 Apache + */ + +require_once 'Auth/OpenID/DiffieHellman.php'; +require_once 'Tests/Auth/OpenID/TestUtil.php'; + +class Tests_Auth_OpenID_DiffieHellman_CheckCases extends PHPUnit_Framework_TestCase { + function Tests_Auth_OpenID_DiffieHellman_CheckCases($cases, $n) + { + $this->cases = $cases; + $this->n = $n; + } + + function runTest() + { + $this->assertEquals($this->n, count($this->cases)); + } +} + +class Tests_Auth_OpenID_DiffieHellman_Private extends PHPUnit_Framework_TestCase { + function Tests_Auth_OpenID_DiffieHellman_Private($name, $input, $expected) + { + $this->setName("$name"); + $this->input = $input; + $this->expected = $expected; + } + + function runTest() + { + $lib =& Auth_OpenID_getMathLib(); + $dh = new Auth_OpenID_DiffieHellman(null, null, $this->input); + $this->assertEquals($lib->cmp($this->expected, $dh->getPublicKey()), 0); + } +} + +class Tests_Auth_OpenID_DiffieHellman_Exch extends PHPUnit_Framework_TestCase { + function Tests_Auth_OpenID_DiffieHellman_Exch($name, $p1, $p2, $shared) + { + $this->setName("$name"); + $this->p1 = $p1; + $this->p2 = $p2; + $this->shared = $shared; + } + + function runTest() + { + $lib = Auth_OpenID_getMathLib(); + $shared = $lib->init($this->shared); + $dh1 = new Auth_OpenID_DiffieHellman(null, null, $this->p1); + $dh2 = new Auth_OpenID_DiffieHellman(null, null, $this->p2); + $sh1 = $dh1->getSharedSecret($dh2->getPublicKey()); + $sh2 = $dh2->getSharedSecret($dh1->getPublicKey()); + $this->assertEquals($lib->cmp($shared, $sh1), 0); + $this->assertEquals($lib->cmp($shared, $sh2), 0); + } +} + +class Tests_Auth_OpenID_DiffieHellman extends PHPUnit_Framework_TestSuite { + function _readPrivateTestCases() + { + $lines = Tests_Auth_OpenID_readlines('dhpriv'); + $cases = array(); + foreach ($lines as $line) { + $case = array(); + if (!preg_match('/^(\d+) (\d+)\n$/', $line, $case)) { + trigger_error("Bad test input: $line", E_USER_ERROR); + } + + $c = count($case); + if ($c != 3) { + trigger_error("Wrong number of elements in parsed case: $c", + E_USER_ERROR); + } + + array_shift($case); + $cases[] = $case; + } + + return $cases; + } + + function _readExchTestCases() + { + $lines = Tests_Auth_OpenID_readlines('dhexch'); + $cases = array(); + foreach ($lines as $line) { + $case = array(); + if (!preg_match('/^(\d+) (\d+) (\d+)\n$/', $line, $case)) { + trigger_error("Bad test input: $line", E_USER_ERROR); + } + + $c = count($case); + if ($c != 4) { + trigger_error("Wrong number of elements in parsed case: $c", + E_USER_ERROR); + } + + array_shift($case); + $cases[] = $case; + } + return $cases; + } + + function Tests_Auth_OpenID_DiffieHellman($name) + { + $this->setName($name); + + $priv_cases = Tests_Auth_OpenID_DiffieHellman::_readPrivateTestCases(); + $sanity = new Tests_Auth_OpenID_DiffieHellman_CheckCases( + $priv_cases, 29); + $sanity->setName('Check parsing of priv test data'); + $this->addTest($sanity); + + $exch_cases = Tests_Auth_OpenID_DiffieHellman::_readExchTestCases(); + $sanity = new Tests_Auth_OpenID_DiffieHellman_CheckCases( + $exch_cases, 25); + $sanity->setName('Check parsing of exch test data'); + $this->addTest($sanity); + + if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) { + if (defined('Tests_Auth_OpenID_thorough')) { + $npriv = count($priv_cases); + $nexch = count($exch_cases); + } else { + $npriv = 1; + $nexch = 3; + } + + for ($i = 0; $i < $npriv; $i++) { + list($input, $expected) = $priv_cases[$i]; + $one = new Tests_Auth_OpenID_DiffieHellman_Private( + "DHPriv $i", $input, $expected); + $this->addTest($one); + } + + for ($i = 0; $i < $nexch; $i++) { + $case = $exch_cases[$i]; + $one = new Tests_Auth_OpenID_DiffieHellman_Exch( + $i, $case[0], $case[1], $case[2]); + $this->addTest($one); + } + } + } +} + + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/Discover_OpenID.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/Discover_OpenID.php new file mode 100644 index 000000000..740548d10 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/Discover_OpenID.php @@ -0,0 +1,781 @@ +<?php + +require_once 'TestUtil.php'; + +require_once 'Auth/OpenID.php'; +require_once 'Auth/OpenID/Discover.php'; +require_once 'Auth/Yadis/Manager.php'; +require_once 'Auth/Yadis/Misc.php'; +require_once 'Auth/Yadis/XRI.php'; + +/** + * Tests for the core of the PHP Yadis library discovery logic. + */ + +class _SimpleMockFetcher { + function _SimpleMockFetcher($responses) + { + $this->responses = $responses; + } + + function get($url) + { + $response = array_pop($this->responses); + assert($response[1] == $url); + return $response; + } +} + +class Tests_Auth_OpenID_ServiceEndpoint extends PHPUnit_Framework_TestCase { + function setUp() { + $this->endpoint = new Auth_OpenID_ServiceEndpoint(); + } + + function test_getDisplayIdentifier_noFragment() { + $urls = array("http://foo.bar.com/something", + "http://foo.bar.com/something?else=what¬hing=0", + "https://smoker.myopenid.com/" + ); + + foreach ($urls as $url) { + $this->endpoint->claimed_id = $url; + $this->assertEquals($url, $this->endpoint->getDisplayIdentifier()); + } + } + + function test_getDisplayIdentifier_withFragment() { + $urls = array("http://foo.bar.com/something#fragged", + "http://foo.bar.com/something?else=what¬hing=0#ow", + "https://smoker.myopenid.com/#myentirelife" + ); + + foreach ($urls as $url) { + $this->endpoint->claimed_id = $url; + $split = explode('#', $url); + $this->assertEquals($split[0], + $this->endpoint->getDisplayIdentifier()); + } + } +} + +class Tests_Auth_OpenID_DiscoveryFailure extends PHPUnit_Framework_TestCase { + + function Tests_Auth_OpenID_DiscoveryFailure($responses) + { + // Response is ($code, $url, $body). + $this->cases = array( + array(null, 'http://network.error/', ''), + array(404, 'http://not.found/', ''), + array(400, 'http://bad.request/', ''), + array(500, 'http://server.error/', ''), + array(200, 'http://header.found/', 200, + array('x-xrds-location' => 'http://xrds.missing/')), + array(404, 'http://xrds.missing/', '')); + + $this->url = $responses[0]->final_url; + $this->responses = $responses; + $this->fetcher = new _SimpleMockFetcher($this->responses); + } + + function runTest() + { + foreach ($this->cases as $case) { + list($status, $url, $body) = $case; + $expected_status = $status; + + $result = Auth_OpenID_discover($this->url, $this->fetcher); + list($id_url, $svclist) = $result; + + $this->assertEquals($svclist, array()); + } + } +} + +### Tests for raising/catching exceptions from the fetcher through the +### discover function + +class _ErrorRaisingFetcher { + // Just raise an exception when fetch is called + + function _ErrorRaisingFetcher($thing_to_raise) + { + $this->thing_to_raise = $thing_to_raise; + } + + function post($body = null) + { + __raiseError($this->thing_to_raise); + } + + function get($url) + { + __raiseError($this->thing_to_raise); + } +} + +define('E_AUTH_OPENID_EXCEPTION', 'e_exception'); +define('E_AUTH_OPENID_DIDFETCH', 'e_didfetch'); +define('E_AUTH_OPENID_VALUE_ERROR', 'e_valueerror'); +define('E_AUTH_OPENID_RUNTIME_ERROR', 'e_runtimeerror'); +define('E_AUTH_OPENID_OI', 'e_oi'); + +class Tests_Auth_OpenID_Discover_FetchException extends PHPUnit_Framework_TestCase { + // Make sure exceptions get passed through discover function from + // fetcher. + + function Tests_Auth_OpenID_Discover_FetchException($exc) + { + $this->cases = array(E_AUTH_OPENID_EXCEPTION, + E_AUTH_OPENID_DIDFETCH, + E_AUTH_OPENID_VALUE_ERROR, + E_AUTH_OPENID_RUNTIME_ERROR, + E_AUTH_OPENID_OI); + } + + function runTest() + { + foreach ($this->cases as $thing_to_raise) { + $fetcher = ErrorRaisingFetcher($thing_to_raise); + Auth_OpenID_discover('http://doesnt.matter/', $fetcher); + $exc = __getError(); + + if ($exc !== $thing_to_raise) { + $this->fail('FetchException expected %s to be raised', + $thing_to_raise); + } + } + } +} + + +// Tests for openid.consumer.discover.discover + +class _DiscoveryMockFetcher extends Auth_Yadis_HTTPFetcher { + function _DiscoveryMockFetcher($documents) + { + $this->redirect = null; + $this->documents = $documents; + $this->fetchlog = array(); + } + + function supportsSSL() + { + return true; + } + + function post($url, $body = null, $headers = null) + { + return $this->get($url, $headers, $body); + } + + function get($url, $headers = null, $body = null) + { + $this->fetchlog[] = array($url, $body, $headers); + + if ($this->redirect) { + $final_url = $this->redirect; + } else { + $final_url = $url; + } + + if (array_key_exists($url, $this->documents)) { + list($ctype, $body) = $this->documents[$url]; + $status = 200; + } else { + $status = 404; + $ctype = 'text/plain'; + $body = ''; + } + + return new Auth_Yadis_HTTPResponse($final_url, $status, + array('content-type' => $ctype), $body); + } +} + +class _DiscoveryBase extends PHPUnit_Framework_TestCase { + var $id_url = "http://someuser.unittest/"; + var $fetcherClass = '_DiscoveryMockFetcher'; + + function _checkService($s, + $server_url, + $claimed_id=null, + $local_id=null, + $canonical_id=null, + $types=null, + $used_yadis=false, + $display_identifier=null) + { + $this->assertEquals($server_url, $s->server_url); + if ($types == array('2.0 OP')) { + $this->assertFalse($claimed_id); + $this->assertFalse($local_id); + $this->assertFalse($s->claimed_id); + $this->assertFalse($s->local_id); + $this->assertFalse($s->getLocalID()); + $this->assertFalse($s->compatibilityMode()); + $this->assertTrue($s->isOPIdentifier()); + $this->assertEquals($s->preferredNamespace(), + Auth_OpenID_OPENID2_NS); + } else { + $this->assertEquals($claimed_id, $s->claimed_id); + $this->assertEquals($local_id, $s->getLocalID()); + } + + if ($used_yadis) { + $this->assertTrue($s->used_yadis, "Expected to use Yadis"); + } else { + $this->assertFalse($s->used_yadis, + "Expected to use old-style discovery"); + } + + $openid_types = array( + '1.1' => Auth_OpenID_TYPE_1_1, + '1.0' => Auth_OpenID_TYPE_1_0, + '2.0' => Auth_OpenID_TYPE_2_0, + '2.0 OP' => Auth_OpenID_TYPE_2_0_IDP); + + $type_uris = array(); + foreach ($types as $t) { + $type_uris[] = $openid_types[$t]; + } + + $this->assertEquals($type_uris, $s->type_uris); + $this->assertEquals($canonical_id, $s->canonicalID); + + if ($s->canonicalID) { + $this->assertTrue($s->getDisplayIdentifier() != $claimed_id); + $this->assertTrue($s->getDisplayIdentifier() !== null); + $this->assertEquals($display_identifier, $s->getDisplayIdentifier()); + $this->assertEquals($s->claimed_id, $s->canonicalID); + } + + $this->assertEquals($s->display_identifier ? $s->display_identifier : $s->claimed_id, + $s->getDisplayIdentifier()); + } + + function setUp() + { + $cls = $this->fetcherClass; + // D is for Dumb. + $d = array(); + $this->fetcher = new $cls($d); + } +} + +class Tests_Auth_OpenID_Discover_OpenID extends _DiscoveryBase { + function _discover($content_type, $data, + $expected_services, $expected_id=null) + { + if ($expected_id === null) { + $expected_id = $this->id_url; + } + + $this->fetcher->documents[$this->id_url] = array($content_type, $data); + list($id_url, $services) = Auth_OpenID_discover($this->id_url, + $this->fetcher); + $this->assertEquals($expected_services, count($services)); + $this->assertEquals($expected_id, $id_url); + return $services; + } + + function test_404() + { + list($url, $services) = Auth_OpenID_discover($this->id_url . '/404', + $this->fetcher); + $this->assertTrue($services == array()); + } + + function test_noOpenID() + { + $services = $this->_discover('text/plain', + "junk", + 0); + + $services = $this->_discover( + 'text/html', + Tests_Auth_OpenID_readdata('test_discover_openid_no_delegate.html'), + 1); + + $this->_checkService($services[0], + "http://www.myopenid.com/server", + $this->id_url, + $this->id_url, + null, + array('1.1'), + false); + } + + function test_html1() + { + $services = $this->_discover('text/html', + Tests_Auth_OpenID_readdata('test_discover_openid.html'), + 1); + + + $this->_checkService($services[0], + "http://www.myopenid.com/server", + $this->id_url, + 'http://smoker.myopenid.com/', + null, + array('1.1'), + false, + $this->id_url); + } + + /* + * Ensure that the Claimed Identifier does not have a fragment if + * one is supplied in the User Input. + */ + function test_html1Fragment() + { + $data = Tests_Auth_OpenID_readdata('openid.html'); + $content_type = 'text/html'; + $expected_services = 1; + + $this->fetcher->documents[$this->id_url] = array($content_type, $data); + $expected_id = $this->id_url; + $this->id_url = $this->id_url . '#fragment'; + list($id_url, $services) = Auth_OpenID_discover($this->id_url, $this->fetcher); + $this->assertEquals($expected_services, count($services)); + $this->assertEquals($expected_id, $id_url); + + $this->_checkService( + $services[0], + "http://www.myopenid.com/server", + $expected_id, + 'http://smoker.myopenid.com/', + null, + array('1.1'), + false, + $this->id_url); + } + + function test_html2() + { + $services = $this->_discover('text/html', + Tests_Auth_OpenID_readdata('test_discover_openid2.html'), + 1); + + $this->_checkService($services[0], + "http://www.myopenid.com/server", + $this->id_url, + 'http://smoker.myopenid.com/', + null, + array('2.0'), + false, + $this->id_url); + } + + function test_html1And2() + { + $services = $this->_discover('text/html', + Tests_Auth_OpenID_readdata('test_discover_openid_1_and_2.html'), + 2); + + $types = array('2.0', '1.1'); + + for ($i = 0; $i < count($types); $i++) { + $t = $types[$i]; + $s = $services[$i]; + + $this->_checkService( + $s, + "http://www.myopenid.com/server", + $this->id_url, + 'http://smoker.myopenid.com/', + null, + array($t), + false, + $this->id_url); + } + } + + function test_yadisEmpty() + { + $services = $this->_discover('application/xrds+xml', + Tests_Auth_OpenID_readdata('test_discover_yadis_0entries.xml'), + 0); + } + + function test_htmlEmptyYadis() + { + // HTML document has discovery information, but points to an + // empty Yadis document. + + // The XRDS document pointed to by "openid_and_yadis.html" + $this->fetcher->documents[$this->id_url . 'xrds'] = + array('application/xrds+xml', + Tests_Auth_OpenID_readdata('test_discover_yadis_0entries.xml')); + + $services = $this->_discover('text/html', + Tests_Auth_OpenID_readdata('test_discover_openid_and_yadis.html'), + 1); + + $this->_checkService($services[0], + "http://www.myopenid.com/server", + $this->id_url, + 'http://smoker.myopenid.com/', + null, + array('1.1'), + false, + $this->id_url); + } + + function test_yadis1NoDelegate() + { + $services = $this->_discover('application/xrds+xml', + Tests_Auth_OpenID_readdata('test_discover_yadis_no_delegate.xml'), + 1); + + $this->_checkService( + $services[0], + "http://www.myopenid.com/server", + $this->id_url, + $this->id_url, + null, + array('1.0'), + true, + $this->id_url); + } + + function test_yadis2NoLocalID() + { + $services = $this->_discover('application/xrds+xml', + Tests_Auth_OpenID_readdata('test_discover_openid2_xrds_no_local_id.xml'), + 1); + + $this->_checkService( + $services[0], + "http://www.myopenid.com/server", + $this->id_url, + $this->id_url, + null, + array('2.0'), + true, + $this->id_url); + } + + function test_yadis2() + { + $services = $this->_discover('application/xrds+xml', + Tests_Auth_OpenID_readdata('test_discover_openid2_xrds.xml'), + 1); + + $this->_checkService($services[0], + "http://www.myopenid.com/server", + $this->id_url, + 'http://smoker.myopenid.com/', + null, + array('2.0'), + true, + $this->id_url); + } + + function test_yadis2OP() + { + $services = $this->_discover('application/xrds+xml', + Tests_Auth_OpenID_readdata('test_discover_yadis_idp.xml'), + 1); + + $this->_checkService($services[0], + "http://www.myopenid.com/server", + null, + null, + null, + array('2.0 OP'), + true, + $this->id_url); + } + + function test_yadis2OPDelegate() + { + // The delegate tag isn't meaningful for OP entries. + $services = $this->_discover('application/xrds+xml', + Tests_Auth_OpenID_readdata('test_discover_yadis_idp_delegate.xml'), + 1); + + $this->_checkService( + $services[0], + "http://www.myopenid.com/server", + null, null, null, + array('2.0 OP'), + true, + $this->id_url); + } + + function test_yadis2BadLocalID() + { + $services = $this->_discover('application/xrds+xml', + Tests_Auth_OpenID_readdata('test_discover_yadis_2_bad_local_id.xml'), + 0); + } + + function test_yadis1And2() + { + $services = $this->_discover('application/xrds+xml', + Tests_Auth_OpenID_readdata('test_discover_openid_1_and_2_xrds.xml'), + 1); + + $this->_checkService( + $services[0], + "http://www.myopenid.com/server", + $this->id_url, + 'http://smoker.myopenid.com/', + null, + array('2.0', '1.1'), + true); + } + + function test_yadis1And2BadLocalID() + { + $services = $this->_discover('application/xrds+xml', + Tests_Auth_OpenID_readdata('test_discover_openid_1_and_2_xrds_bad_delegate.xml'), + 0); + } +} + +class _MockFetcherForXRIProxy extends Auth_Yadis_HTTPFetcher { + + function _MockFetcherForXRIProxy($documents) + { + $this->documents = $documents; + $this->fetchlog = array(); + } + + function get($url, $headers=null) + { + return $this->fetch($url, $headers); + } + + function post($url, $body) + { + return $this->fetch($url, $body); + } + + function fetch($url, $body=null, $headers=null) + { + $this->fetchlog[] = array($url, $body, $headers); + + $u = parse_url($url); + $proxy_host = $u['host']; + $xri = $u['path']; + $query = Auth_OpenID::arrayGet($u, 'query'); + + if ((!$headers) && (!$query)) { + trigger_error('Error in mock XRI fetcher: no headers or query'); + } + + if (Auth_Yadis_startswith($xri, '/')) { + $xri = substr($xri, 1); + } + + if (array_key_exists($xri, $this->documents)) { + list($ctype, $body) = $this->documents[$xri]; + $status = 200; + } else { + $status = 404; + $ctype = 'text/plain'; + $body = ''; + } + + return new Auth_Yadis_HTTPResponse($url, $status, + array('content-type' => $ctype), + $body); + } +} + +class TestXRIDiscovery extends _DiscoveryBase { + var $fetcherClass = '_MockFetcherForXRIProxy'; + + function setUp() { + parent::setUp(); + + $this->fetcher->documents = array('=smoker' => array('application/xrds+xml', + Tests_Auth_OpenID_readdata('yadis_2entries_delegate.xml')), + '=smoker*bad' => array('application/xrds+xml', + Tests_Auth_OpenID_readdata('yadis_another_delegate.xml'))); + } + + function test_xri() { + list($user_xri, $services) = Auth_OpenID_discoverXRI('=smoker'); + + $this->_checkService( + $services[0], + "http://www.myopenid.com/server", + Auth_Yadis_XRI("=!1000"), + 'http://smoker.myopenid.com/', + Auth_Yadis_XRI("=!1000"), + array('1.0'), + true, + '=smoker'); + + $this->_checkService( + $services[1], + "http://www.livejournal.com/openid/server.bml", + Auth_Yadis_XRI("=!1000"), + 'http://frank.livejournal.com/', + Auth_Yadis_XRI("=!1000"), + array('1.0'), + true, + '=smoker'); + } + + function test_xriNoCanonicalID() { + list($user_xri, $services) = Auth_OpenID_discoverXRI('=smoker*bad'); + $this->assertFalse($services); + } + + function test_useCanonicalID() { + $endpoint = new Auth_OpenID_ServiceEndpoint(); + $endpoint->claimed_id = Auth_Yadis_XRI("=!1000"); + $endpoint->canonicalID = Auth_Yadis_XRI("=!1000"); + $htis->assertEquals($endpoint->getLocalID(), Auth_Yadis_XRI("=!1000")); + } +} + +class Tests_Auth_OpenID_DiscoverSession { + function Tests_Auth_OpenID_DiscoverSession() + { + $this->data = array(); + } + + function set($name, $value) + { + $this->data[$name] = $value; + } + + function get($name, $default=null) + { + if (array_key_exists($name, $this->data)) { + return $this->data[$name]; + } else { + return $default; + } + } + + function del($name) + { + unset($this->data[$name]); + } +} + +global $__Tests_BOGUS_SERVICE; +$__Tests_BOGUS_SERVICE = new Auth_OpenID_ServiceEndpoint(); +$__Tests_BOGUS_SERVICE->claimed_id = "=really.bogus.endpoint"; + +function __serviceCheck_discover_cb($url, $fetcher) +{ + global $__Tests_BOGUS_SERVICE; + return array($url, array($__Tests_BOGUS_SERVICE)); +} + +class _FetcherWithSSL extends _DiscoveryMockFetcher { + function supportsSSL() + { + return true; + } +} + +class _FetcherWithoutSSL extends _DiscoveryMockFetcher { + function supportsSSL() + { + return false; + } +} + +class _NonFetcher extends _DiscoveryMockFetcher { + var $used = false; + + function _NonFetcher() + { + $a = array(); + parent::_DiscoveryMockFetcher($a); + } + + function supportsSSL() + { + return false; + } + + function get($url, $headers) + { + $this->used = true; + } +} + +class Tests_Auth_OpenID_SSLSupport extends PHPUnit_Framework_TestCase { + function test_discoverDropSSL() + { + // In the absence of SSL support, the discovery process should + // drop endpoints whose server URLs are HTTPS. + $id_url = 'http://bogus/'; + + $d = array( + $id_url => array('application/xrds+xml', + Tests_Auth_OpenID_readdata('test_discover_openid_ssl.xml')) + ); + + $f = new _FetcherWithoutSSL($d); + + $result = Auth_OpenID_discover($id_url, $f); + + list($url, $services) = $result; + + $this->assertTrue($url == $id_url); + $this->assertTrue(count($services) == 1); + + $e = $services[0]; + $this->assertTrue($e->server_url == 'http://nossl.vroom.unittest/server'); + } + + function test_discoverRetainSSL() + { + // In the presence of SSL support, the discovery process + // should NOT drop endpoints whose server URLs are HTTPS. + + // In the absence of SSL support, the discovery process should + // drop endpoints whose server URLs are HTTPS. + $id_url = 'http://bogus/'; + + $d = array( + $id_url => array('application/xrds+xml', + Tests_Auth_OpenID_readdata('test_discover_openid_ssl.xml')) + ); + + $f = new _FetcherWithSSL($d); + + $result = Auth_OpenID_discover($id_url, $f); + + list($url, $services) = $result; + + $this->assertTrue($url == $id_url); + $this->assertTrue(count($services) == 2); + + $e = $services[0]; + $this->assertTrue($e->server_url == 'http://nossl.vroom.unittest/server'); + + $e = $services[1]; + $this->assertTrue($e->server_url == 'https://ssl.vroom.unittest/server'); + } + + function test_discoverSSL() + { + // The consumer code should not attempt to perform discovery + // on an HTTPS identity URL in the absence of SSL support. + + $id_url = 'https://unsupported/'; + + $f = new _NonFetcher(); + + $result = Auth_OpenID_discover($id_url, $f); + + $this->assertTrue($result == array($id_url, array())); + $this->assertFalse($f->used); + } +} + +global $Tests_Auth_OpenID_Discover_OpenID_other; +$Tests_Auth_OpenID_Discover_OpenID_other = array( + new Tests_Auth_OpenID_SSLSupport() + ); + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/Extension.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/Extension.php new file mode 100644 index 000000000..35eb2f274 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/Extension.php @@ -0,0 +1,44 @@ +<?php + +require_once 'Auth/OpenID/Message.php'; +require_once 'Auth/OpenID/Extension.php'; + +class _ExtensionTest_DummyExtension extends Auth_OpenID_Extension { + var $ns_uri = 'http://an.extension/'; + var $ns_alias = 'dummy'; + + function getExtensionArgs() + { + return array(); + } +} + +class Tests_Auth_OpenID_Extension extends PHPUnit_Framework_TestCase { + function test_OpenID1() + { + $oid1_msg = new Auth_OpenID_Message(Auth_OpenID_OPENID1_NS); + $ext = new _ExtensionTest_DummyExtension(); + $ext->toMessage($oid1_msg); + $namespaces = $oid1_msg->namespaces; + + $this->assertTrue($namespaces->isImplicit($ext->ns_uri)); + $this->assertEquals($ext->ns_uri, + $namespaces->getNamespaceURI($ext->ns_alias)); + $this->assertEquals($ext->ns_alias, + $namespaces->getAlias($ext->ns_uri)); + } + + function test_OpenID2() + { + $oid2_msg = new Auth_OpenID_Message(Auth_OpenID_OPENID2_NS); + $ext = new _ExtensionTest_DummyExtension(); + $ext->toMessage($oid2_msg); + $namespaces = $oid2_msg->namespaces; + $this->assertFalse($namespaces->isImplicit($ext->ns_uri)); + $this->assertEquals($ext->ns_uri, + $namespaces->getNamespaceURI($ext->ns_alias)); + $this->assertEquals($ext->ns_alias, + $namespaces->getAlias($ext->ns_uri)); + } +} + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/HMAC.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/HMAC.php new file mode 100644 index 000000000..742396666 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/HMAC.php @@ -0,0 +1,165 @@ +<?php + +/** + * Tests for the HMAC-SHA1 utility functions used by the OpenID + * library. + * + * PHP versions 4 and 5 + * + * LICENSE: See the COPYING file included in this distribution. + * + * @package OpenID + * @author JanRain, Inc. <openid@janrain.com> + * @copyright 2005-2008 Janrain, Inc. + * @license http://www.apache.org/licenses/LICENSE-2.0 Apache + */ + +require_once 'Auth/OpenID/HMAC.php'; +require_once 'Tests/Auth/OpenID/TestUtil.php'; + +class Tests_Auth_OpenID_HMAC_TestCase extends PHPUnit_Framework_TestCase { + function Tests_Auth_OpenID_HMAC_TestCase( + $name, $key, $data, $expected, $hmac_func) + { + + $this->setName($name); + $this->key = $key; + $this->data = $data; + $this->expected = $expected; + $this->hmac_func = $hmac_func; + } + + function runTest() + { + $actual = call_user_func($this->hmac_func, $this->key, $this->data); + $this->assertEquals(bin2hex($this->expected), bin2hex($actual)); + } +} + +class Tests_Auth_OpenID_HMAC extends PHPUnit_Framework_TestSuite { + function _strConvert($s) + { + $repeat_pat = '/^0x([a-f0-9]{2}) repeated (\d+) times$/'; + if (preg_match($repeat_pat, $s, $match)) { + $c = chr(hexdec($match[1])); + $n = $match[2]; + $data = ''; + for ($i = 0; $i < $n; $i++) { + $data .= $c; + } + } elseif (substr($s, 0, 2) == "0x") { + $data = pack('H*', substr($s, 2, strlen($s) - 1)); + } elseif (preg_match('/^"(.*)"$/', $s, $match)) { + $data = $match[1]; + } else { + trigger_error("Bad data format: $s", E_USER_ERROR); + } + return $data; + } + + function _readTestCases($test_file_name, $digest_len) + { + $lines = Tests_Auth_OpenID_readlines($test_file_name); + $cases = array(); + $case = array(); + foreach ($lines as $line) { + if ($line{0} == "#") { + continue; + } + + // Blank line separates test cases + if ($line == "\n") { + $cases[] = $case; + $case = array(); + } else { + $match = array(); + $pat = '/^([a-z0-9_-]+) =\s+(.*?)\n$/'; + if (!preg_match($pat, $line, $match)) { + trigger_error("Bad test input: $line", E_USER_ERROR); + } + + $c = count($match); + if ($c != 3) { + trigger_error( + "Wrong number of elements in parsed case: $c", + E_USER_ERROR); + return false; + } + + $key = $match[1]; + $value = $match[2]; + $case[$key] = $value; + } + } + + if (count($case)) { + $cases[] = $case; + } + + $final = array(); + + // Normalize strings and check data integrity + foreach ($cases as $case) { + $clean = array(); + $clean["key"] = + Tests_Auth_OpenID_HMAC::_strConvert($case["key"]); + if (defined(@$case["key_len"])) { + if (Auth_OpenID::bytes($clean["key"]) != $case["key_len"]) { + trigger_error("Bad key length", E_USER_ERROR); + } + } + + $clean["data"] = + Tests_Auth_OpenID_HMAC::_strConvert($case["data"]); + if (defined(@$case["data_len"])) { + if (Auth_OpenID::bytes($clean["data"]) != $case["data_len"]) { + trigger_error("Bad data length", E_USER_ERROR); + } + } + + $clean["digest"] = + Tests_Auth_OpenID_HMAC::_strConvert($case["digest"]); + if (Auth_OpenID::bytes($clean["digest"]) != $digest_len) { + $l = Auth_OpenID::bytes($clean["digest"]); + trigger_error("Bad digest length: $l", E_USER_ERROR); + } + + $clean['test_case'] = $case['test_case']; + + $final[] = $clean; + } + return $final; + } + + function Tests_Auth_OpenID_HMAC($name) + { + $this->setName($name); + $hash_test_defs = array(array( + 'Auth_OpenID_HMACSHA1', 'hmac-sha1.txt', 20)); + if (Auth_OpenID_HMACSHA256_SUPPORTED) { + $hash_test_defs[] = + array('Auth_OpenID_HMACSHA256', 'hmac-sha256.txt', 32); + } + foreach ($hash_test_defs as $params) { + list($hash_func, $filename, $hash_len) = $params; + $cases = $this->_readTestCases($filename, $hash_len); + foreach ($cases as $case) { + $test = new Tests_Auth_OpenID_HMAC_TestCase( + $case['test_case'], + $case['key'], + $case['data'], + $case['digest'], + $hash_func); + + $digest = $case['digest']; + $this->_addTestByValue($test); + } + } + } + + function _addTestByValue($test) { + $this->addTest($test); + } +} + + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/KVForm.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/KVForm.php new file mode 100644 index 000000000..904f2c8ee --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/KVForm.php @@ -0,0 +1,260 @@ +<?php + +/** + * Tests for the KVForm module. + * + * PHP versions 4 and 5 + * + * LICENSE: See the COPYING file included in this distribution. + * + * @package OpenID + * @author JanRain, Inc. <openid@janrain.com> + * @copyright 2005-2008 Janrain, Inc. + * @license http://www.apache.org/licenses/LICENSE-2.0 Apache + */ + +require_once 'Auth/OpenID/KVForm.php'; + +global $_Tests_Auth_OpenID_kverrors; +$_Tests_Auth_OpenID_kverrors = null; + +/** + * Keep a list of the logged errors + */ +function Tests_Auth_OpenID_kvHandleError($errno, $errmsg) +{ + global $_Tests_Auth_OpenID_kverrors; + $_Tests_Auth_OpenID_kverrors[] = $errmsg; +} + + +class Tests_Auth_OpenID_KVForm_TestCase extends PHPUnit_Framework_TestCase { + var $errs; + + function runTest() + { + // Re-set the number of logged errors + global $_Tests_Auth_OpenID_kverrors; + $_Tests_Auth_OpenID_kverrors = array(); + + set_error_handler("Tests_Auth_OpenID_kvHandleError"); + + $this->_runTest(); + + // Check to make sure we have the expected number of logged errors + //$this->assertEquals($this->errs, count($_Tests_Auth_OpenID_kverrors)); + + restore_error_handler(); + } + + function _runTest() + { + trigger_error('Must be overridden', E_USER_ERROR); + } +} + +class Tests_Auth_OpenID_KVForm_TestCase_Parse +extends Tests_Auth_OpenID_KVForm_TestCase { + function Tests_Auth_OpenID_KVForm_TestCase_Parse( + $arr, $str, $lossy, $errs) + { + + $this->arr = $arr; + $this->str = $str; + $this->lossy = $lossy; + $this->errs = $errs; + } + + function _runTest() + { + // Do one parse, after which arrayToKV and kvToArray should be + // inverses. + $parsed1 = Auth_OpenID_KVForm::toArray($this->str); + $serial1 = Auth_OpenID_KVForm::fromArray($this->arr); + + if ($this->lossy == "neither" || $this->lossy == "str") { + $this->assertEquals($this->arr, $parsed1, "str was lossy"); + } + + if ($this->lossy == "neither" || $this->lossy == "arr") { + $this->assertEquals($this->str, $serial1, "array was lossy"); + } + + $parsed2 = Auth_OpenID_KVForm::toArray($serial1); + $serial2 = Auth_OpenID_KVForm::fromArray($parsed1); + + // Round-trip both + $parsed3 = Auth_OpenID_KVForm::toArray($serial2); + $serial3 = Auth_OpenID_KVForm::fromArray($parsed2); + + $this->assertEquals($serial2, $serial3, "serialized forms differ"); + + // Check to make sure that they're inverses. + $this->assertEquals($parsed2, $parsed3, "parsed forms differ"); + + } +} + +class Tests_Auth_OpenID_KVForm_TestCase_Null +extends Tests_Auth_OpenID_KVForm_TestCase { + function Tests_Auth_OpenID_KVForm_TestCase_Null($arr, $errs) + { + $this->arr = $arr; + $this->errs = $errs; + } + + function _runTest() + { + $serialized = Auth_OpenID_KVForm::fromArray($this->arr); + $this->assertTrue($serialized === null, + 'serialization unexpectedly succeeded'); + } +} + +class Tests_Auth_OpenID_KVForm extends PHPUnit_Framework_TestSuite { + function Tests_Auth_OpenID_KVForm($name) + { + $this->setName($name); + $testdata_list = array( + array("name" => "simple", + "str" => "college:harvey mudd\n", + "arr" => array("college" => "harvey mudd"), + ), + array("name" => "empty", + "str" => "", + "arr" => array(), + ), + array("name" => "empty (just newline)", + "str" => "\n", + "arr" => array(), + "lossy" => "str", + "errors" => 1, + ), + array("name" => "empty (double newline)", + "str" => "\n\n", + "arr" => array(), + "lossy" => "str", + "errors" => 2, + ), + array("name" => "empty (no colon)", + "str" => "East is least\n", + "arr" => array(), + "lossy" => "str", + "errors" => 1, + ), + array("name" => "two keys", + "str" => "city:claremont\nstate:CA\n", + "arr" => array('city' => 'claremont', + 'state' => 'CA'), + ), + array("name" => "real life", + "str" => "is_valid:true\ninvalidate_handle:" . + "{HMAC-SHA1:2398410938412093}\n", + "arr" => array('is_valid' => 'true', + 'invalidate_handle' => + '{HMAC-SHA1:2398410938412093}'), + ), + array("name" => "empty key and value", + "str" => ":\n", + "arr" => array(''=>''), + ), + array("name" => "empty key, not value", + "str" => ":missing key\n", + "arr" => array(''=>'missing key'), + ), + array("name" => "whitespace at front of key", + "str" => " street:foothill blvd\n", + "arr" => array('street'=>'foothill blvd'), + "lossy" => "str", + "errors" => 1, + ), + array("name" => "whitespace at front of value", + "str" => "major: computer science\n", + "arr" => array('major'=>'computer science'), + "lossy" => "str", + "errors" => 1, + ), + array("name" => "whitespace around key and value", + "str" => " dorm : east \n", + "arr" => array('dorm'=>'east'), + "lossy" => "str", + "errors" => 2, + ), + array("name" => "missing trailing newline", + "str" => "e^(i*pi)+1:0", + "arr" => array('e^(i*pi)+1'=>'0'), + "lossy" => "str", + "errors" => 1, + ), + array("name" => "missing trailing newline (two key)", + "str" => "east:west\nnorth:south", + "arr" => array('east'=>'west', + 'north'=>'south'), + "lossy" => "str", + "errors" => 1, + ), + array("name" => "colon in key", + "arr" => array("k:k" => 'v'), + "errors" => 1, + ), + array("name" => "newline in key", + "arr" => array("k\nk" => 'v'), + "errors" => 1, + ), + array("name" => "newline in value", + "arr" => array('k' => "v\nv"), + "errors" => 1, + ), + array("name" => "array whitespace", + "arr" => array(" k " => "v"), + "lossy" => "both", + "str" => " k :v\n", + "errors" => 2, + ), + array("name" => "array ordering 1", + "arr" => array("a" => "x", + "b" => "x", + "c" => "x"), + "str" => "a:x\nb:x\nc:x\n", + ), + array("name" => "array ordering 2", + "arr" => array("a" => "x", + "c" => "x", + "b" => "x"), + "str" => "a:x\nc:x\nb:x\n", + ), + ); + + foreach ($testdata_list as $testdata) { + if (isset($testdata['str'])) { + $str = $testdata['str']; + } else { + $str = null; + } + + $arr = $testdata["arr"]; + + if (isset($testdata['errors'])) { + $errs = $testdata["errors"]; + } else { + $errs = 0; + } + + if (is_null($str)) { + $test = new Tests_Auth_OpenID_KVForm_TestCase_Null($arr, $errs); + } else { + if (isset($testdata['lossy'])) { + $lossy = $testdata["lossy"]; + } else { + $lossy = 'neither'; + } + $test = new Tests_Auth_OpenID_KVForm_TestCase_Parse( + $arr, $str, $lossy, $errs); + } + $test->setName($testdata["name"]); + $this->addTest($test); + } + } +} + + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/MemStore.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/MemStore.php new file mode 100644 index 000000000..772471963 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/MemStore.php @@ -0,0 +1,176 @@ +<?php + +/** + * In-memory OpenID store implementation for testing only + */ +require_once "Auth/OpenID/Interface.php"; +require_once 'Auth/OpenID/Nonce.php'; + +class ServerAssocs { + function ServerAssocs() + { + $this->assocs = array(); + } + + function set($assoc) + { + $this->assocs[$assoc->handle] = $assoc; + } + + function get($handle) + { + return Auth_OpenID::arrayGet($this->assocs, $handle); + } + + function remove($handle) + { + if (array_key_exists($handle, $this->assocs)) { + unset($this->assocs[$handle]); + return true; + } else { + return false; + } + } + + /* + * Returns association with the oldest issued date. + * + * or null if there are no associations. + */ + function best() + { + $best = null; + foreach ($this->assocs as $handle => $assoc) { + if (($best === null) || ($best->issued < $assoc->issued)) { + $best = $assoc; + } + } + return $best; + } + + /* + * Remove expired associations. + * + * @return (removed associations, remaining associations) + */ + function cleanup() + { + $remove = array(); + foreach ($this->assocs as $handle => $assoc) { + if ($assoc->getExpiresIn() == 0) { + $remove[] = $handle; + } + } + + foreach ($remove as $handle) { + unset($this->assocs[$handle]); + } + + return array(count($remove), count($this->assocs)); + } +} + +/* + * In-process memory store. + * + * Use for single long-running processes. No persistence supplied. + */ +class Tests_Auth_OpenID_MemStore extends Auth_OpenID_OpenIDStore { + function Tests_Auth_OpenID_MemStore() + { + $this->server_assocs = array(); + $this->nonces = array(); + } + + function &_getServerAssocs($server_url) + { + if (!array_key_exists($server_url, $this->server_assocs)) { + $this->server_assocs[$server_url] = new ServerAssocs(); + } + + return $this->server_assocs[$server_url]; + } + + function storeAssociation($server_url, $assoc) + { + $assocs =& $this->_getServerAssocs($server_url); + $assocs->set($assoc); + } + + function getAssociation($server_url, $handle=null) + { + $assocs =& $this->_getServerAssocs($server_url); + if ($handle === null) { + return $assocs->best(); + } else { + return $assocs->get($handle); + } + } + + function removeAssociation($server_url, $handle) + { + $assocs =& $this->_getServerAssocs($server_url); + return $assocs->remove($handle); + } + + function useNonce($server_url, $timestamp, $salt) + { + global $Auth_OpenID_SKEW; + + if (abs($timestamp - time()) > $Auth_OpenID_SKEW) { + return false; + } + + $anonce = array($server_url, intval($timestamp), $salt); + + if (in_array($anonce, $this->nonces)) { + return false; + } else { + array_push($this->nonces, $anonce); + return true; + } + } + + function cleanupNonces() + { + global $Auth_OpenID_SKEW; + + $now = time(); + $expired = array(); + foreach ($this->nonces as $anonce) { + if (abs($anonce[1] - $now) > $Auth_OpenID_SKEW) { + // removing items while iterating over the set could + // be bad. + $expired[] = $anonce; + } + } + + foreach ($expired as $anonce) { + unset($this->nonces[array_search($anonce, $this->nonces)]); + } + + return count($expired); + } + + function cleanupAssociations() + { + $remove_urls = array(); + $removed_assocs = 0; + foreach ($this->server_assocs as $server_url => $assocs) { + list($removed, $remaining) = $assocs->cleanup(); + $removed_assocs += $removed; + if (!$remaining) { + $remove_urls[] = $server_url; + } + } + + // Remove entries from server_assocs that had none remaining. + foreach ($remove_urls as $server_url) { + unset($this->server_assocs[$server_url]); + } + + return $removed_assocs; + } +} + + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/Message.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/Message.php new file mode 100644 index 000000000..0205fc45f --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/Message.php @@ -0,0 +1,1251 @@ +<?php + +/** + * Unit tests for the Auth_OpenID_Message implementation. + */ + +require_once "Auth/OpenID/Message.php"; +require_once "Auth/OpenID.php"; + +class MessageTest extends PHPUnit_Framework_TestCase { + function _argTest($ns, $key, $expected = null) + { + $a_default = 'a bogus default value'; + + $this->assertEquals($this->msg->getArg($ns, $key), $expected); + if ($expected === null) { + $this->assertEquals( + $this->msg->getArg($ns, $key, $a_default), $a_default); + $result = $this->msg->getArg($ns, $key, Auth_OpenID_NO_DEFAULT); + $this->assertTrue(Auth_OpenID::isFailure($result)); + } else { + $this->assertEquals( + $this->msg->getArg($ns, $key, $a_default), $expected); + $this->assertEquals( + $this->msg->getArg($ns, $key, Auth_OpenID_NO_DEFAULT), + $expected); + } + } +} + +class Tests_Auth_OpenID_EmptyMessage extends MessageTest { + function setUp() + { + $this->msg = new Auth_OpenID_Message(); + } + + function test_toPostArgs() + { + $this->assertEquals($this->msg->toPostArgs(), array()); + } + + function test_toArgs() + { + $this->assertEquals($this->msg->toArgs(), array()); + } + + function test_toKVForm() + { + $this->assertEquals($this->msg->toKVForm(), ''); + } + + function test_toURLEncoded() + { + $this->assertEquals($this->msg->toURLEncoded(), ''); + } + + function test_toURL() + { + $base_url = 'http://base.url/'; + $this->assertEquals($this->msg->toURL($base_url), $base_url); + } + + function test_getOpenID() + { + $this->assertEquals($this->msg->getOpenIDNamespace(), null); + } + + function test_getKeyOpenID() + { + $key = $this->msg->getKey(Auth_OpenID_OPENID_NS, 'foo'); + $this->assertTrue(Auth_OpenID::isFailure($key)); + + $this->msg->setOpenIDNamespace(Auth_OpenID_OPENID1_NS, false); + $key = $this->msg->getKey(Auth_OpenID_OPENID_NS, 'foo'); + $this->assertEquals('openid.foo', $key); + } + + function test_getKeyBARE() + { + $this->assertEquals($this->msg->getKey(Auth_OpenID_BARE_NS, 'foo'), 'foo'); + } + + function test_getKeyNS1() + { + $this->assertEquals($this->msg->getKey(Auth_OpenID_OPENID1_NS, 'foo'), null); + } + + function test_getKeyNS2() + { + $this->assertEquals($this->msg->getKey(Auth_OpenID_OPENID2_NS, 'foo'), null); + } + + function test_getKeyNS3() + { + $this->assertEquals($this->msg->getKey('urn:nothing-significant', 'foo'), + null); + } + + function test_hasKey() + { + $this->assertEquals($this->msg->hasKey(Auth_OpenID_OPENID_NS, 'foo'), false); + } + + function test_hasKeyBARE() + { + $this->assertEquals($this->msg->hasKey(Auth_OpenID_BARE_NS, 'foo'), false); + } + + function test_hasKeyNS1() + { + $this->assertEquals($this->msg->hasKey(Auth_OpenID_OPENID1_NS, 'foo'), false); + } + + function test_hasKeyNS2() + { + $this->assertEquals($this->msg->hasKey(Auth_OpenID_OPENID2_NS, 'foo'), false); + } + + function test_hasKeyNS3() + { + $this->assertEquals($this->msg->hasKey('urn:nothing-significant', 'foo'), + false); + } + + function test_getArg() + { + $result = $this->msg->getArg(Auth_OpenID_OPENID_NS, 'foo'); + $this->assertTrue(Auth_OpenID::isFailure($result)); + } + + function test_getArgs() + { + $result = $this->msg->getArgs(Auth_OpenID_OPENID_NS); + $this->assertTrue(Auth_OpenID::isFailure($result)); + } + + function test_getArgsBARE() + { + $this->assertEquals($this->msg->getArgs(Auth_OpenID_BARE_NS), array()); + } + + function test_getArgsNS1() + { + $this->assertEquals($this->msg->getArgs(Auth_OpenID_OPENID1_NS), array()); + } + + function test_getArgsNS2() + { + $this->assertEquals($this->msg->getArgs(Auth_OpenID_OPENID2_NS), array()); + } + + function test_getArgsNS3() + { + $this->assertEquals($this->msg->getArgs('urn:nothing-significant'), array()); + } + + function test_updateArgs() + { + $result= $this->msg->updateArgs(Auth_OpenID_OPENID_NS, + array('does not' => 'matter')); + $this->assertTrue(Auth_OpenID::isFailure($result)); + } + + function _test_updateArgsNS($ns) + { + $update_args = array( + 'Camper van Beethoven' => 'David Lowery', + 'Magnolia Electric Co.' => 'Jason Molina'); + + $this->assertEquals($this->msg->getArgs($ns), array()); + $this->msg->updateArgs($ns, $update_args); + $this->assertEquals($this->msg->getArgs($ns), $update_args); + } + + function test_updateArgsBARE() + { + $this->_test_updateArgsNS(Auth_OpenID_BARE_NS); + } + + function test_updateArgsNS1() + { + $this->_test_updateArgsNS(Auth_OpenID_OPENID1_NS); + } + + function test_updateArgsNS2() + { + $this->_test_updateArgsNS(Auth_OpenID_OPENID2_NS); + } + + function test_updateArgsNS3() + { + $this->_test_updateArgsNS('urn:nothing-significant'); + } + + function test_setArg() + { + $result = $this->msg->setArg(Auth_OpenID_OPENID_NS, + 'does not', 'matter'); + $this->assertTrue(Auth_OpenID::isFailure($result)); + } + + function _test_setArgNS($ns) + { + $key = 'Camper van Beethoven'; + $value = 'David Lowery'; + $this->assertEquals($this->msg->getArg($ns, $key), null); + $this->msg->setArg($ns, $key, $value); + $this->assertEquals($this->msg->getArg($ns, $key), $value); + } + + function test_setArgBARE() + { + $this->_test_setArgNS(Auth_OpenID_BARE_NS); + } + + function test_setArgNS1() + { + $this->_test_setArgNS(Auth_OpenID_OPENID1_NS); + } + + function test_setArgNS2() + { + $this->_test_setArgNS(Auth_OpenID_OPENID2_NS); + } + + function test_setArgNS3() + { + $this->_test_setArgNS('urn:nothing-significant'); + } + + function test_delArg() + { + $result = $this->msg->delArg(Auth_OpenID_OPENID_NS, 'does not'); + $this->assertTrue(Auth_OpenID::isFailure($result)); + } + + function _test_delArgNS($ns) + { + $key = 'Camper van Beethoven'; + $this->assertEquals($this->msg->delArg($ns, $key), false); + } + + function test_delArgBARE() + { + $this->_test_delArgNS(Auth_OpenID_BARE_NS); + } + + function test_delArgNS1() + { + $this->_test_delArgNS(Auth_OpenID_OPENID1_NS); + } + + function test_delArgNS2() + { + $this->_test_delArgNS(Auth_OpenID_OPENID2_NS); + } + + function test_delArgNS3() + { + $this->_test_delArgNS('urn:nothing-significant'); + } + + function test_isOpenID1() + { + $this->assertFalse($this->msg->isOpenID1()); + } + + function test_isOpenID2() + { + $this->assertFalse($this->msg->isOpenID2()); + } + + function test_args() + { + $this->_argTest(Auth_OpenID_BARE_NS, 'foo'); + $this->_argTest(Auth_OpenID_OPENID1_NS, 'foo'); + $this->_argTest(Auth_OpenID_OPENID2_NS, 'foo'); + $this->_argTest('urn:nothing-significant', 'foo'); + } +} + +class Tests_Auth_OpenID_OpenID1Message extends MessageTest { + function setUp() + { + $this->msg = Auth_OpenID_Message::fromPostArgs(array('openid.mode' => 'error', + 'openid.error' => 'unit test')); + } + + function test_toPostArgs() + { + $this->assertEquals($this->msg->toPostArgs(), + array('openid.mode' => 'error', + 'openid.error' => 'unit test')); + } + + function test_toArgs() + { + $this->assertEquals($this->msg->toArgs(), + array('mode' => 'error', + 'error' => 'unit test')); + } + + function test_toKVForm() + { + $this->assertEquals($this->msg->toKVForm(), + "error:unit test\nmode:error\n"); + } + + function test_toURLEncoded() + { + $this->assertEquals($this->msg->toURLEncoded(), + 'openid.error=unit+test&openid.mode=error'); + } + + function test_toURL() + { + $base_url = 'http://base.url/'; + $actual = $this->msg->toURL($base_url); + $actual_base = substr($actual, 0, strlen($base_url)); + $this->assertEquals($actual_base, $base_url); + $this->assertEquals($actual[strlen($base_url)], '?'); + $query = substr($actual, strlen($base_url) + 1); + + $parsed = Auth_OpenID::parse_str($query); + + $this->assertEquals($parsed, array('openid.mode' => 'error', + 'openid.error' => 'unit test')); + } + + function test_getOpenID() + { + $this->assertEquals($this->msg->getOpenIDNamespace(), + Auth_OpenID_OPENID1_NS); + $this->assertTrue($this->msg->namespaces->isImplicit(Auth_OpenID_OPENID1_NS)); + } + + function test_getKeyOpenID() + { + $this->assertEquals($this->msg->getKey(Auth_OpenID_OPENID_NS, 'mode'), + 'openid.mode'); + } + + function test_getKeyBARE() + { + $this->assertEquals($this->msg->getKey(Auth_OpenID_BARE_NS, 'mode'), 'mode'); + } + + function test_getKeyNS1() + { + $this->assertEquals( + $this->msg->getKey(Auth_OpenID_OPENID1_NS, 'mode'), 'openid.mode'); + } + + function test_getKeyNS2() + { + $this->assertEquals($this->msg->getKey(Auth_OpenID_OPENID2_NS, 'mode'), null); + } + + function test_getKeyNS3() + { + $this->assertEquals( + $this->msg->getKey('urn:nothing-significant', 'mode'), null); + } + + function test_hasKey() + { + $this->assertEquals($this->msg->hasKey(Auth_OpenID_OPENID_NS, 'mode'), true); + } + + function test_hasKeyBARE() + { + $this->assertEquals($this->msg->hasKey(Auth_OpenID_BARE_NS, 'mode'), false); + } + + function test_hasKeyNS1() + { + $this->assertEquals($this->msg->hasKey(Auth_OpenID_OPENID1_NS, 'mode'), true); + } + + function test_hasKeyNS2() + { + $this->assertEquals( + $this->msg->hasKey(Auth_OpenID_OPENID2_NS, 'mode'), false); + } + + function test_hasKeyNS3() + { + $this->assertEquals( + $this->msg->hasKey('urn:nothing-significant', 'mode'), false); + } + + function test_getArgs() + { + $this->assertEquals($this->msg->getArgs(Auth_OpenID_OPENID_NS), + array('mode' => 'error', + 'error' => 'unit test')); + } + + function test_getArgsBARE() + { + $this->assertEquals($this->msg->getArgs(Auth_OpenID_BARE_NS), array()); + } + + function test_getArgsNS1() + { + $this->assertEquals($this->msg->getArgs(Auth_OpenID_OPENID1_NS), + array('mode' => 'error', + 'error' => 'unit test')); + } + + function test_getArgsNS2() + { + $this->assertEquals($this->msg->getArgs(Auth_OpenID_OPENID2_NS), array()); + } + + function test_getArgsNS3() + { + $this->assertEquals($this->msg->getArgs('urn:nothing-significant'), array()); + } + + function _test_updateArgsNS($ns, $before=null) + { + if ($before === null) { + $before = array(); + } + + $update_args = array( + 'Camper van Beethoven' => 'David Lowery', + 'Magnolia Electric Co.' => 'Jason Molina'); + + $this->assertEquals($this->msg->getArgs($ns), $before); + $this->msg->updateArgs($ns, $update_args); + $after = $before; + $after = array_merge($after, $update_args); + $this->assertEquals($this->msg->getArgs($ns), $after); + } + + function test_updateArgs() + { + $this->_test_updateArgsNS(Auth_OpenID_OPENID_NS, + array('mode' => 'error', 'error' => 'unit test')); + } + + function test_updateArgsBARE() + { + $this->_test_updateArgsNS(Auth_OpenID_BARE_NS); + } + + function test_updateArgsNS1() + { + $this->_test_updateArgsNS(Auth_OpenID_OPENID1_NS, + array('mode' => 'error', 'error' => 'unit test')); + } + + function test_updateArgsNS2() + { + $this->_test_updateArgsNS(Auth_OpenID_OPENID2_NS); + } + + function test_updateArgsNS3() + { + $this->_test_updateArgsNS('urn:nothing-significant'); + } + + function _test_setArgNS($ns) + { + $key = 'Camper van Beethoven'; + $value = 'David Lowery'; + $this->assertEquals($this->msg->getArg($ns, $key), null); + $this->msg->setArg($ns, $key, $value); + $this->assertEquals($this->msg->getArg($ns, $key), $value); + } + + function test_setArg() + { + $this->_test_setArgNS(Auth_OpenID_OPENID_NS); + } + + function test_setArgBARE() + { + $this->_test_setArgNS(Auth_OpenID_BARE_NS); + } + + function test_setArgNS1() + { + $this->_test_setArgNS(Auth_OpenID_OPENID1_NS); + } + + function test_setArgNS2() + { + $this->_test_setArgNS(Auth_OpenID_OPENID2_NS); + } + + function test_setArgNS3() + { + $this->_test_setArgNS('urn:nothing-significant'); + } + + function _test_delArgNS($ns) + { + $key = 'Camper van Beethoven'; + $value = 'David Lowery'; + + $this->assertEquals($this->msg->delArg($ns, $key), false); + $this->msg->setArg($ns, $key, $value); + $this->assertEquals($this->msg->getArg($ns, $key), $value); + $this->msg->delArg($ns, $key); + $this->assertEquals($this->msg->getArg($ns, $key), null); + } + + function test_delArg() + { + $this->_test_delArgNS(Auth_OpenID_OPENID_NS); + } + + function test_delArgBARE() + { + $this->_test_delArgNS(Auth_OpenID_BARE_NS); + } + + function test_delArgNS1() + { + $this->_test_delArgNS(Auth_OpenID_OPENID1_NS); + } + + function test_delArgNS2() + { + $this->_test_delArgNS(Auth_OpenID_OPENID2_NS); + } + + function test_delArgNS3() + { + $this->_test_delArgNS('urn:nothing-significant'); + } + + function test_isOpenID1() + { + $this->assertTrue($this->msg->isOpenID1()); + } + + function test_isOpenID2() + { + $this->assertFalse($this->msg->isOpenID2()); + } + + function test_args() + { + $this->_argTest(Auth_OpenID_BARE_NS, 'mode'); + $this->_argTest(Auth_OpenID_OPENID_NS, 'mode', 'error'); + $this->_argTest(Auth_OpenID_OPENID1_NS, 'mode', 'error'); + $this->_argTest(Auth_OpenID_OPENID2_NS, 'mode'); + $this->_argTest('urn:nothing-significant', 'mode'); + } +} + +class Tests_Auth_OpenID_OpenID1ExplicitMessage extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->msg = Auth_OpenID_Message::fromPostArgs(array('openid.mode' => 'error', + 'openid.error' => 'unit test', + 'openid.ns' => Auth_OpenID_OPENID1_NS)); + } + + function test_isOpenID1() + { + $this->assertTrue($this->msg->isOpenID1()); + $this->assertFalse( + $this->msg->namespaces->isImplicit(Auth_OpenID_OPENID1_NS)); + } + + function test_isOpenID2() + { + $this->assertFalse($this->msg->isOpenID2()); + } + + function test_toPostArgs() + { + $this->assertEquals($this->msg->toPostArgs(), + array('openid.mode' => 'error', + 'openid.error' => 'unit test', + 'openid.ns' => Auth_OpenID_OPENID1_NS)); + } + + function test_toArgs() + { + $this->assertEquals($this->msg->toArgs(), + array('mode' => 'error', + 'error' => 'unit test', + 'ns' => Auth_OpenID_OPENID1_NS)); + } + + function test_toKVForm() + { + $this->assertEquals($this->msg->toKVForm(), + "error:unit test\nmode:error\nns:". + Auth_OpenID_OPENID1_NS."\n"); + } + + function test_toURLEncoded() + { + $this->assertEquals($this->msg->toURLEncoded(), + 'openid.error=unit+test&openid.mode=error&openid.ns=http%3A%2F%2Fopenid.net%2Fsignon%2F1.0'); + } + + function test_toURL() + { + $base_url = 'http://base.url/'; + $actual = $this->msg->toURL($base_url); + $actual_base = substr($actual, 0, strlen($base_url)); + $this->assertEquals($actual_base, $base_url); + $this->assertEquals($actual[strlen($base_url)], '?'); + $query = substr($actual, strlen($base_url) + 1); + + $parsed = Auth_OpenID::parse_str($query); + + $this->assertEquals($parsed, array('openid.mode' => 'error', + 'openid.error' => 'unit test', + 'openid.ns' => Auth_OpenID_OPENID1_NS)); + } +} + +class Tests_Auth_OpenID_OpenID2Message extends MessageTest { + function setUp() + { + $this->msg = Auth_OpenID_Message::fromPostArgs(array('openid.mode' => 'error', + 'openid.error' => 'unit test', + 'openid.ns' => Auth_OpenID_OPENID2_NS)); + $this->msg->setArg(Auth_OpenID_BARE_NS, "xey", "value"); + } + + function test_toPostArgs() + { + $this->assertEquals($this->msg->toPostArgs(), + array('openid.mode' => 'error', + 'openid.error' => 'unit test', + 'openid.ns' => Auth_OpenID_OPENID2_NS, + 'xey' => 'value')); + } + + function test_toArgs() + { + // This method can't tolerate BARE_NS. + $this->msg->delArg(Auth_OpenID_BARE_NS, "xey"); + $this->assertEquals($this->msg->toArgs(), + array('mode' => 'error', + 'error' => 'unit test', + 'ns' => Auth_OpenID_OPENID2_NS)); + } + + function test_toKVForm() + { + // Can't tolerate BARE_NS in kvform + $this->msg->delArg(Auth_OpenID_BARE_NS, "xey"); + $this->assertEquals($this->msg->toKVForm(), + sprintf("error:unit test\nmode:error\nns:%s\n", + Auth_OpenID_OPENID2_NS)); + } + + function _test_urlencoded($s) + { + $expected = 'openid.error=unit+test&openid.mode=error&' . + 'openid.ns=%s&xey=value'; + + $expected = sprintf($expected, urlencode(Auth_OpenID_OPENID2_NS)); + $this->assertEquals($s, $expected); + } + + function test_toURLEncoded() + { + $this->_test_urlencoded($this->msg->toURLEncoded()); + } + + function test_toURL() + { + $base_url = 'http://base.url/'; + $actual = $this->msg->toURL($base_url); + $actual_base = substr($actual, 0, strlen($base_url)); + + $this->assertEquals($actual_base, $base_url); + $this->assertEquals($actual[strlen($base_url)], '?'); + $query = substr($actual, strlen($base_url) + 1); + $this->_test_urlencoded($query); + } + + function test_getOpenID() + { + $this->assertEquals($this->msg->getOpenIDNamespace(), + Auth_OpenID_OPENID2_NS); + } + + function test_getKeyOpenID() + { + $this->assertEquals($this->msg->getKey(Auth_OpenID_OPENID_NS, 'mode'), + 'openid.mode'); + } + + function test_getKeyBARE() + { + $this->assertEquals($this->msg->getKey(Auth_OpenID_BARE_NS, 'mode'), 'mode'); + } + + function test_getKeyNS1() + { + $this->assertEquals( + $this->msg->getKey(Auth_OpenID_OPENID1_NS, 'mode'), null); + } + + function test_getKeyNS2() + { + $this->assertEquals( + $this->msg->getKey(Auth_OpenID_OPENID2_NS, 'mode'), 'openid.mode'); + } + + function test_getKeyNS3() + { + $this->assertEquals( + $this->msg->getKey('urn:nothing-significant', 'mode'), null); + } + + function test_hasKeyOpenID() + { + $this->assertEquals($this->msg->hasKey(Auth_OpenID_OPENID_NS, 'mode'), true); + } + + function test_hasKeyBARE() + { + $this->assertEquals($this->msg->hasKey(Auth_OpenID_BARE_NS, 'mode'), false); + } + + function test_hasKeyNS1() + { + $this->assertEquals( + $this->msg->hasKey(Auth_OpenID_OPENID1_NS, 'mode'), false); + } + + function test_hasKeyNS2() + { + $this->assertEquals( + $this->msg->hasKey(Auth_OpenID_OPENID2_NS, 'mode'), true); + } + + function test_hasKeyNS3() + { + $this->assertEquals( + $this->msg->hasKey('urn:nothing-significant', 'mode'), false); + } + + function test_getArgsOpenID() + { + $this->assertEquals($this->msg->getArgs(Auth_OpenID_OPENID_NS), + array('mode' => 'error', + 'error' => 'unit test')); + } + + function test_getArgsBARE() + { + $this->assertEquals($this->msg->getArgs(Auth_OpenID_BARE_NS), + array('xey' => 'value')); + } + + function test_getArgsNS1() + { + $this->assertEquals($this->msg->getArgs(Auth_OpenID_OPENID1_NS), array()); + } + + function test_getArgsNS2() + { + $this->assertEquals($this->msg->getArgs(Auth_OpenID_OPENID2_NS), + array('mode' => 'error', + 'error' => 'unit test')); + } + + function test_getArgsNS3() + { + $this->assertEquals($this->msg->getArgs('urn:nothing-significant'), array()); + } + + function _test_updateArgsNS($ns, $before=null) + { + if ($before === null) { + $before = array(); + } + + $update_args = array( + 'Camper van Beethoven' => 'David Lowery', + 'Magnolia Electric Co.' => 'Jason Molina'); + + $this->assertEquals($this->msg->getArgs($ns), $before); + $this->msg->updateArgs($ns, $update_args); + $after = $before; + $after = array_merge($after, $update_args); + $this->assertEquals($this->msg->getArgs($ns), $after); + } + + function test_updateArgsOpenID() + { + $this->_test_updateArgsNS(Auth_OpenID_OPENID_NS, + array('mode' => 'error', 'error' => 'unit test')); + } + + function test_updateArgsBARE() + { + $this->_test_updateArgsNS(Auth_OpenID_BARE_NS, + array('xey' => 'value')); + } + + function test_updateArgsNS1() + { + $this->_test_updateArgsNS(Auth_OpenID_OPENID1_NS); + } + + function test_updateArgsNS2() + { + $this->_test_updateArgsNS(Auth_OpenID_OPENID2_NS, + array('mode' => 'error', 'error' => 'unit test')); + } + + function test_updateArgsNS3() + { + $this->_test_updateArgsNS('urn:nothing-significant'); + } + + function _test_setArgNS($ns) + { + $key = 'Camper van Beethoven'; + $value = 'David Lowery'; + $this->assertEquals($this->msg->getArg($ns, $key), null); + $this->msg->setArg($ns, $key, $value); + $this->assertEquals($this->msg->getArg($ns, $key), $value); + } + + function test_setArgOpenID() + { + $this->_test_setArgNS(Auth_OpenID_OPENID_NS); + } + + function test_setArgBARE() + { + $this->_test_setArgNS(Auth_OpenID_BARE_NS); + } + + function test_setArgNS1() + { + $this->_test_setArgNS(Auth_OpenID_OPENID1_NS); + } + + function test_setArgNS2() + { + $this->_test_setArgNS(Auth_OpenID_OPENID2_NS); + } + + function test_setArgNS3() + { + $this->_test_setArgNS('urn:nothing-significant'); + } + + function test_badAlias() + { + // Make sure dotted aliases and OpenID protocol fields are not + // allowed as namespace aliases. + + global $Auth_OpenID_OPENID_PROTOCOL_FIELDS; + + $all = array_merge($Auth_OpenID_OPENID_PROTOCOL_FIELDS, array('dotted.alias')); + + foreach ($all as $f) { + $args = array(sprintf('openid.ns.%s', $f) => 'blah', + sprintf('openid.%s.foo', $f) => 'test'); + + // .fromPostArgs covers .fromPostArgs, .fromOpenIDArgs, + // ._fromOpenIDArgs, and .fromOpenIDArgs (since it calls + // .fromPostArgs). Python code raises AssertionError, but + // we usually return null for bad things in PHP. + $this->assertEquals($this->msg->fromPostArgs($args), null); + } + } + + function _test_delArgNS($ns) + { + $key = 'Camper van Beethoven'; + $value = 'David Lowery'; + + $this->assertEquals($this->msg->delArg($ns, $key), false); + $this->msg->setArg($ns, $key, $value); + $this->assertEquals($this->msg->getArg($ns, $key), $value); + $this->msg->delArg($ns, $key); + $this->assertEquals($this->msg->getArg($ns, $key), null); + } + + function test_delArgOpenID() + { + $this->_test_delArgNS(Auth_OpenID_OPENID_NS); + } + + function test_delArgBARE() + { + $this->_test_delArgNS(Auth_OpenID_BARE_NS); + } + + function test_delArgNS1() + { + $this->_test_delArgNS(Auth_OpenID_OPENID1_NS); + } + + function test_delArgNS2() + { + $this->_test_delArgNS(Auth_OpenID_OPENID2_NS); + } + + function test_delArgNS3() + { + $this->_test_delArgNS('urn:nothing-significant'); + } + + function test_overwriteExtensionArg() + { + $ns = 'urn:unittest_extension'; + $key = 'mykey'; + $value_1 = 'value_1'; + $value_2 = 'value_2'; + + $this->msg->setArg($ns, $key, $value_1); + $this->assertTrue($this->msg->getArg($ns, $key) == $value_1); + $this->msg->setArg($ns, $key, $value_2); + $this->assertTrue($this->msg->getArg($ns, $key) == $value_2); + } + + function test_argList() + { + $this->assertEquals($this->msg->fromPostArgs(array('arg' => array(1, 2, 3))), + null); + } + + function test_isOpenID1() + { + $this->assertFalse($this->msg->isOpenID1()); + } + + function test_isOpenID2() + { + $this->assertTrue($this->msg->isOpenID2()); + } + + function test_args() + { + $this->_argTest(Auth_OpenID_BARE_NS, 'mode'); + $this->_argTest(Auth_OpenID_OPENID_NS, 'mode', 'error'); + $this->_argTest(Auth_OpenID_OPENID1_NS, 'mode'); + $this->_argTest(Auth_OpenID_OPENID2_NS, 'mode', 'error'); + $this->_argTest('urn:nothing-significant', 'mode'); + } +} + +class Tests_Auth_OpenID_GeneralMessageTest extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->postargs = array( + 'openid.ns' => Auth_OpenID_OPENID2_NS, + 'openid.mode' => 'checkid_setup', + 'openid.identity' => 'http://bogus.example.invalid:port/', + 'openid.assoc_handle' => 'FLUB', + 'openid.return_to' => 'Neverland'); + + $this->action_url = 'scheme://host:port/path?query'; + + $this->form_tag_attrs = array( + 'company' => 'janrain', + 'class' => 'fancyCSS'); + + $this->submit_text = 'GO!'; + + // Expected data regardless of input + + $this->required_form_attrs = array( + 'accept-charset' => 'UTF-8', + 'enctype' => 'application/x-www-form-urlencoded', + 'method' => 'post'); + } + + function _checkForm($html, $message_, $action_url, + $form_tag_attrs, $submit_text) + { + $parser = Auth_Yadis_getXMLParser(); + + // Parse HTML source + $this->assertTrue($parser->init($html, array())); + + // Get root element + $form = $parser->evalXPath('/form[1]'); + $this->assertTrue(count($form) == 1); + $form = $form[0]; + + // Check required form attributes + $form_attrs = $parser->attributes($form); + foreach ($this->required_form_attrs as $k => $v) { + $this->assertTrue($form_attrs[$k] == $v); + } + + // Check extra form attributes + foreach ($form_tag_attrs as $k => $v) { + // Skip attributes that already passed the required + // attribute check, since they should be ignored by the + // form generation code. + if (in_array($k, array_keys($this->required_form_attrs))) { + continue; + } + + $this->assertTrue($form_attrs[$k] == $v, + "Form attr $k is ".$form_attrs[$k]." (expected $v)"); + } + + // Check hidden fields against post args + $hiddens = array(); + $input_elements = $parser->evalXPath('input', $form); + foreach ($input_elements as $e) { + $attrs = $parser->attributes($e); + if (strtoupper($attrs['type']) == 'HIDDEN') { + $hiddens[] = $e; + } + } + + // For each post arg, make sure there is a hidden with that + // value. Make sure there are no other hiddens. + $postargs = $message_->toPostArgs(); + foreach ($postargs as $name => $value) { + $found = false; + + foreach ($hiddens as $e) { + $attrs = $parser->attributes($e); + if ($attrs['name'] == $name) { + $this->assertTrue($attrs['value'] == $value); + $found = true; + break; + } + } + + if (!$found) { + $this->fail("Post arg $name not found in form"); + } + } + + $keys = array_keys($postargs); + foreach ($hiddens as $e) { + $attrs = $parser->attributes($e); + $this->assertTrue(in_array($attrs['name'], $keys)); + } + + // Check action URL + $this->assertTrue($form_attrs['action'] == $action_url); + + // Check submit text + $submits = array(); + foreach ($input_elements as $e) { + $attrs = $parser->attributes($e); + if (strtoupper($attrs['type']) == 'SUBMIT') { + $submits[] = $e; + } + } + + $this->assertTrue(count($submits) == 1); + + $attrs = $parser->attributes($submits[0]); + $this->assertTrue($attrs['value'] == $submit_text); + } + + function test_toFormMarkup() + { + $m = Auth_OpenID_Message::fromPostArgs($this->postargs); + $html = $m->toFormMarkup($this->action_url, $this->form_tag_attrs, + $this->submit_text); + $this->_checkForm($html, $m, $this->action_url, + $this->form_tag_attrs, $this->submit_text); + } + + function test_overrideMethod() + { + // Be sure that caller cannot change form method to GET. + $m = Auth_OpenID_Message::fromPostArgs($this->postargs); + + $tag_attrs = $this->form_tag_attrs; + $tag_attrs['method'] = 'GET'; + + $html = $m->toFormMarkup($this->action_url, $this->form_tag_attrs, + $this->submit_text); + $this->_checkForm($html, $m, $this->action_url, + $this->form_tag_attrs, $this->submit_text); + } + + function test_overrideRequired() + { + // Be sure that caller CANNOT change the form charset for + // encoding type. + $m = Auth_OpenID_Message::fromPostArgs($this->postargs); + + $tag_attrs = $this->form_tag_attrs; + $tag_attrs['accept-charset'] = 'UCS4'; + $tag_attrs['enctype'] = 'invalid/x-broken'; + + $html = $m->toFormMarkup($this->action_url, $tag_attrs, + $this->submit_text); + $this->_checkForm($html, $m, $this->action_url, + $tag_attrs, $this->submit_text); + } + + function test_setOpenIDNamespace_invalid() + { + $m = new Auth_OpenID_Message(); + $invalid_things = array( + // Empty string is not okay here. + '', + // Good guess! But wrong. + 'http://openid.net/signon/2.0', + // What? + 'http://specs%\\\r2Eopenid.net/auth/2.0', + // Too much escapings! + 'http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0', + // This is a Type URI, not a openid.ns value. + 'http://specs.openid.net/auth/2.0/signon', + ); + + foreach ($invalid_things as $x) { + $this->assertTrue($m->setOpenIDNamespace($x, true) === false); + } + } + + function test_isOpenID1() + { + $v1_namespaces = array( + // Yes, there are two of them. + 'http://openid.net/signon/1.1', + 'http://openid.net/signon/1.0', + ); + + foreach ($v1_namespaces as $ns) { + $m = new Auth_OpenID_Message($ns); + $this->assertTrue($m->isOpenID1(), + "$ns not recognized as OpenID 1"); + $this->assertEquals($ns, $m->getOpenIDNamespace()); + $this->assertTrue($m->namespaces->isImplicit($ns)); + } + } + + function test_isOpenID2() + { + $ns = 'http://specs.openid.net/auth/2.0'; + $m = new Auth_OpenID_Message($ns); + $this->assertTrue($m->isOpenID2()); + $this->assertFalse( + $m->namespaces->isImplicit(Auth_OpenID_NULL_NAMESPACE)); + $this->assertEquals($ns, $m->getOpenIDNamespace()); + } + + function test_setOpenIDNamespace_explicit() + { + $m = new Auth_OpenID_Message(); + $m->setOpenIDNamespace(Auth_OpenID_THE_OTHER_OPENID1_NS, false); + $this->assertFalse($m->namespaces->isImplicit( + Auth_OpenID_THE_OTHER_OPENID1_NS)); + } + + function test_setOpenIDNamespace_implicit() + { + $m = new Auth_OpenID_Message(); + $m->setOpenIDNamespace(Auth_OpenID_THE_OTHER_OPENID1_NS, true); + $this->assertTrue( + $m->namespaces->isImplicit(Auth_OpenID_THE_OTHER_OPENID1_NS)); + } + + + function test_explicitOpenID11NSSerialzation() + { + $m = new Auth_OpenID_Message(); + $m->setOpenIDNamespace(Auth_OpenID_THE_OTHER_OPENID1_NS, false); + + $post_args = $m->toPostArgs(); + $this->assertEquals($post_args, + array('openid.ns' => + Auth_OpenID_THE_OTHER_OPENID1_NS)); + } + + function test_fromPostArgs_ns11() + { + // An example of the stuff that some Drupal installations send us, + // which includes openid.ns but is 1.1. + $query = array( + 'openid.assoc_handle' => '', + 'openid.claimed_id' => 'http://foobar.invalid/', + 'openid.identity' => 'http://foobar.myopenid.com', + 'openid.mode' => 'checkid_setup', + 'openid.ns' => 'http://openid.net/signon/1.1', + 'openid.ns.sreg' => 'http://openid.net/extensions/sreg/1.1', + 'openid.return_to' => 'http://drupal.invalid/return_to', + 'openid.sreg.required' => 'nickname,email', + 'openid.trust_root' => 'http://drupal.invalid', + ); + $m = Auth_OpenID_Message::fromPostArgs($query); + $this->assertTrue($m->isOpenID1()); + } +} + +class Tests_Auth_OpenID_NamespaceMap extends PHPUnit_Framework_TestCase { + function test_onealias() + { + $nsm = new Auth_OpenID_NamespaceMap(); + $uri = 'http://example.com/foo'; + $alias = "foo"; + $nsm->addAlias($uri, $alias); + $this->assertTrue($nsm->getNamespaceURI($alias) == $uri); + $this->assertTrue($nsm->getAlias($uri) == $alias); + } + + function test_iteration() + { + $nsm = new Auth_OpenID_NamespaceMap(); + $uripat = 'http://example.com/foo%d'; + + $nsm->add(sprintf($uripat, 0)); + + for ($n = 1; $n < 23; $n++) { + $this->assertTrue($nsm->contains(sprintf($uripat, $n - 1))); + $this->assertTrue($nsm->isDefined(sprintf($uripat, $n - 1))); + $nsm->add(sprintf($uripat, $n)); + } + + foreach ($nsm->iteritems() as $pair) { + list($uri, $alias) = $pair; + $this->assertTrue('ext'.substr($uri, 22) == $alias); + } + + $it = $nsm->iterAliases(); + $this->assertTrue(count($it) == 23); + + $it = $nsm->iterNamespaceURIs(); + $this->assertTrue(count($it) == 23); + } +} + +class Tests_Auth_OpenID_Message extends PHPUnit_Framework_TestCase { +} + +global $Tests_Auth_OpenID_Message_other; +$Tests_Auth_OpenID_Message_other = array( + new Tests_Auth_OpenID_EmptyMessage(), + new Tests_Auth_OpenID_OpenID1Message(), + new Tests_Auth_OpenID_OpenID2Message(), + new Tests_Auth_OpenID_NamespaceMap(), + new Tests_Auth_OpenID_OpenID1ExplicitMessage(), + new Tests_Auth_OpenID_GeneralMessageTest() + ); + + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/Negotiation.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/Negotiation.php new file mode 100644 index 000000000..02628fc2b --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/Negotiation.php @@ -0,0 +1,346 @@ +<?php + +require_once "Tests/Auth/OpenID/TestUtil.php"; +require_once "Tests/Auth/OpenID/MemStore.php"; + +require_once "Auth/OpenID/Message.php"; +require_once "Auth/OpenID/Consumer.php"; + +/** + * A consumer whose _requestAssocation will return predefined results + * instead of trying to actually perform association requests. + */ +class ErrorRaisingConsumer extends Auth_OpenID_GenericConsumer { + // The list of objects to be returned by successive calls to + // _requestAssocation. Each call will pop the first element from + // this list and return it to _negotiateAssociation. If the + // element is a Message object, it will be wrapped in a + // ServerErrorContainer exception. Otherwise it will be returned + // as-is. + var $return_messages = array(); + + function _requestAssociation($endpoint, $assoc_type, $session_type) + { + $m = array_pop($this->return_messages); + if (is_a($m, 'Auth_OpenID_Message')) { + return Auth_OpenID_ServerErrorContainer::fromMessage($m); + } else if (Auth_OpenID::isFailure($m)) { + return $m; + } else { + return $m; + } + } +} + +/** + * Test the session type negotiation behavior of an OpenID 2 consumer. + */ +class TestOpenID2SessionNegotiation extends PHPUnit_Framework_TestCase { + function setUp() + { + $dumb = null; + $this->consumer = new ErrorRaisingConsumer($dumb); + $this->endpoint = new Auth_OpenID_ServiceEndpoint(); + $this->endpoint->type_uris = array(Auth_OpenID_TYPE_2_0); + $this->endpoint->server_url = 'bogus'; + } + + /** + * Test the case where the response to an associate request is a + * server error or is otherwise undecipherable. + */ + function testBadResponse() + { + $this->consumer->return_messages = array( + new Auth_OpenID_Message($this->endpoint->preferredNamespace())); + $this->assertEquals($this->consumer->_negotiateAssociation($this->endpoint), null); + // $this->failUnlessLogMatches('Server error when requesting an association') + } + + /** + * Test the case where the response to an associate request is a + * a failure response object. + */ + function testBadResponseWithFailure() + { + $this->consumer->return_messages = array( + new Auth_OpenID_FailureResponse($this->endpoint)); + $this->assertEquals($this->consumer->_negotiateAssociation($this->endpoint), null); + // $this->failUnlessLogMatches('Server error when requesting an association') + } + + /** + * Test the case where the association type (assoc_type) returned + * in an unsupported-type response is absent. + */ + function testEmptyAssocType() + { + $msg = new Auth_OpenID_Message($this->endpoint->preferredNamespace()); + $msg->setArg(Auth_OpenID_OPENID_NS, 'error', 'Unsupported type'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'error_code', 'unsupported-type'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_type', null); + $msg->setArg(Auth_OpenID_OPENID_NS, 'session_type', 'new-session-type'); + + $this->consumer->return_messages = array($msg); + $this->assertEquals($this->consumer->_negotiateAssociation($this->endpoint), null); + + // $this->failUnlessLogMatches('Unsupported association type', + // 'Server responded with unsupported association ' + + // 'session but did not supply a fallback.') + } + + /** + * Test the case where the session type (session_type) returned in + * an unsupported-type response is absent. + */ + function testEmptySessionType() + { + $msg = new Auth_OpenID_Message($this->endpoint->preferredNamespace()); + $msg->setArg(Auth_OpenID_OPENID_NS, 'error', 'Unsupported type'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'error_code', 'unsupported-type'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_type', 'new-assoc-type'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'session_type', null); + + $this->consumer->return_messages = array($msg); + $this->assertEquals($this->consumer->_negotiateAssociation($this->endpoint), null); + + // $this->failUnlessLogMatches('Unsupported association type', + // 'Server responded with unsupported association ' + + // 'session but did not supply a fallback.') + } + + /** + * Test the case where an unsupported-type response specifies a + * preferred (assoc_type, session_type) combination that is not + * allowed by the consumer's SessionNegotiator. + */ + function testNotAllowed() + { + $allowed_types = array(); + + $negotiator = new Auth_OpenID_SessionNegotiator($allowed_types); + $this->consumer->negotiator = $negotiator; + + $msg = new Auth_OpenID_Message($this->endpoint->preferredNamespace()); + $msg->setArg(Auth_OpenID_OPENID_NS, 'error', 'Unsupported type'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'error_code', 'unsupported-type'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_type', 'not-allowed'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'session_type', 'not-allowed'); + + $this->consumer->return_messages = array($msg); + $this->assertEquals($this->consumer->_negotiateAssociation($this->endpoint), null); + + // $this->failUnlessLogMatches('Unsupported association type', + // 'Server sent unsupported session/association type:') + } + + /** + * Test the case where an unsupported-type response triggers a + * retry to get an association with the new preferred type. + */ + function testUnsupportedWithRetry() + { + $msg = new Auth_OpenID_Message($this->endpoint->preferredNamespace()); + $msg->setArg(Auth_OpenID_OPENID_NS, 'error', 'Unsupported type'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'error_code', 'unsupported-type'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_type', 'HMAC-SHA1'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'session_type', 'DH-SHA1'); + + $assoc = new Auth_OpenID_Association( + 'handle', 'secret', 'issued', 10000, 'HMAC-SHA1'); + + $this->consumer->return_messages = array($msg, $assoc); + $this->assertTrue($this->consumer->_negotiateAssociation($this->endpoint) === $assoc); + + // $this->failUnlessLogMatches('Unsupported association type'); + } + + /** + * Test the case where an unsupported-typ response triggers a + * retry, but the retry fails and None is returned instead. + */ + function testUnsupportedWithRetryAndFail() + { + $msg = new Auth_OpenID_Message($this->endpoint->preferredNamespace()); + $msg->setArg(Auth_OpenID_OPENID_NS, 'error', 'Unsupported type'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'error_code', 'unsupported-type'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_type', 'HMAC-SHA1'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'session_type', 'DH-SHA1'); + + $this->consumer->return_messages = array($msg, + new Auth_OpenID_Message($this->endpoint->preferredNamespace())); + + $this->assertEquals($this->consumer->_negotiateAssociation($this->endpoint), null); + + // $this->failUnlessLogMatches('Unsupported association type', + // 'Server %s refused' % ($this->endpoint.server_url)) + } + + /** + * Test the valid case, wherein an association is returned on the + * first attempt to get one. + */ + function testValid() + { + $assoc = new Auth_OpenID_Association( + 'handle', 'secret', 'issued', 10000, 'HMAC-SHA1'); + + $this->consumer->return_messages = array($assoc); + $this->assertTrue($this->consumer->_negotiateAssociation($this->endpoint) === $assoc); + // $this->failUnlessLogEmpty() + } +} + +/** + * Tests for the OpenID 1 consumer association session behavior. See + * the docs for TestOpenID2SessionNegotiation. Notice that this class + * is not a subclass of the OpenID 2 tests. Instead, it uses many of + * the same inputs but inspects the log messages logged with + * oidutil.log. See the calls to $this->failUnlessLogMatches. Some + * of these tests pass openid2-style messages to the openid 1 + * association processing logic to be sure it ignores the extra data. + */ +class TestOpenID1SessionNegotiation extends PHPUnit_Framework_TestCase { + function setUp() + { + $dumb = null; + $this->consumer = new ErrorRaisingConsumer($dumb); + + $this->endpoint = new Auth_OpenID_ServiceEndpoint(); + $this->endpoint->type_uris = array(Auth_OpenID_OPENID1_NS); + $this->endpoint->server_url = 'bogus'; + } + + function testBadResponse() + { + $this->consumer->return_messages = + array(new Auth_OpenID_Message($this->endpoint->preferredNamespace())); + $this->assertEquals($this->consumer->_negotiateAssociation($this->endpoint), null); + // $this->failUnlessLogMatches('Server error when requesting an association') + } + + function testEmptyAssocType() + { + $msg = new Auth_OpenID_Message($this->endpoint->preferredNamespace()); + $msg->setArg(Auth_OpenID_OPENID_NS, 'error', 'Unsupported type'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'error_code', 'unsupported-type'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_type', null); + $msg->setArg(Auth_OpenID_OPENID_NS, 'session_type', 'new-session-type'); + + $this->consumer->return_messages = array($msg); + $this->assertEquals($this->consumer->_negotiateAssociation($this->endpoint), null); + + // $this->failUnlessLogMatches('Server error when requesting an association') + } + + function testEmptySessionType() + { + $msg = new Auth_OpenID_Message($this->endpoint->preferredNamespace()); + $msg->setArg(Auth_OpenID_OPENID_NS, 'error', 'Unsupported type'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'error_code', 'unsupported-type'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_type', 'new-assoc-type'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'session_type', null); + + $this->consumer->return_messages = array($msg); + $this->assertEquals($this->consumer->_negotiateAssociation($this->endpoint), null); + + // $this->failUnlessLogMatches('Server error when requesting an association'); + } + + function testNotAllowed() + { + $allowed_types = array(); + + $negotiator = new Auth_OpenID_SessionNegotiator($allowed_types); + $this->consumer->negotiator = $negotiator; + + $msg = new Auth_OpenID_Message($this->endpoint->preferredNamespace()); + $msg->setArg(Auth_OpenID_OPENID_NS, 'error', 'Unsupported type'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'error_code', 'unsupported-type'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_type', 'not-allowed'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'session_type', 'not-allowed'); + + $this->consumer->return_messages = array($msg); + $this->assertEquals($this->consumer->_negotiateAssociation($this->endpoint), null); + + // $this->failUnlessLogMatches('Server error when requesting an association') + } + + function testUnsupportedWithRetry() + { + $msg = new Auth_OpenID_Message($this->endpoint->preferredNamespace()); + $msg->setArg(Auth_OpenID_OPENID_NS, 'error', 'Unsupported type'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'error_code', 'unsupported-type'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_type', 'HMAC-SHA1'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'session_type', 'DH-SHA1'); + + $assoc = new Auth_OpenID_Association( + 'handle', 'secretxx', 'issued', 10000, 'HMAC-SHA1'); + + $this->consumer->return_messages = array($assoc, $msg); + + $result = $this->consumer->_negotiateAssociation($this->endpoint); + $this->assertTrue($result === null); + + // $this->failUnlessLogMatches('Server error when requesting an association') + } + + function testValid() + { + $assoc = new Auth_OpenID_Association( + 'handle', 'secret', 'issued', 10000, 'HMAC-SHA1'); + + $this->consumer->return_messages = array($assoc); + $this->assertTrue($this->consumer->_negotiateAssociation($this->endpoint) === $assoc); + // $this->failUnlessLogEmpty() + } +} + +class TestNegotiatorBehaviors extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->allowed_types = array( + array('HMAC-SHA1', 'no-encryption'), + array('HMAC-SHA256', 'no-encryption') + ); + + $this->n = new Auth_OpenID_SessionNegotiator($this->allowed_types); + } + + function testAddAllowedTypeNoSessionTypes() + { + $this->assertFalse($this->n->addAllowedType('invalid')); + } + + function testAddAllowedTypeBadSessionType() + { + $this->assertFalse($this->n->addAllowedType('assoc1', 'invalid')); + } + + function testAddAllowedTypeContents() + { + $assoc_type = 'HMAC-SHA1'; + $this->assertTrue($this->n->addAllowedType($assoc_type)); + + foreach (Auth_OpenID_getSessionTypes($assoc_type) as $typ) { + $this->assertTrue(in_array(array($assoc_type, $typ), + $this->n->allowed_types)); + } + } +} + +class Tests_Auth_OpenID_Negotiation extends PHPUnit_Framework_TestSuite { + + function getName() + { + return 'Tests_Auth_OpenID_Negotiation'; + } + + function Tests_Auth_OpenID_Negotiation() + { + $this->addTestSuite('TestNegotiatorBehaviors'); + $this->addTestSuite('TestOpenID1SessionNegotiation'); + $this->addTestSuite('TestOpenID2SessionNegotiation'); + } +} + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/Nonce.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/Nonce.php new file mode 100644 index 000000000..1f64948ff --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/Nonce.php @@ -0,0 +1,166 @@ +<?php + +/** + * Tests for the Nonce implementation. + * + * PHP versions 4 and 5 + * + * LICENSE: See the COPYING file included in this distribution. + * + * @package OpenID + * @author JanRain, Inc. <openid@janrain.com> + * @copyright 2006 Janrain, Inc. + * @license http://www.apache.org/licenses/LICENSE-2.0 Apache + */ + +require_once 'Auth/OpenID/Nonce.php'; + +define('Tests_Auth_OpenID_nonce_re', + '/\A\d\d\d\d-\d\d-\d\dT\d\d:\d\d:\d\dZ/'); + +class Tests_Auth_OpenID_Nonce extends PHPUnit_Framework_TestSuite { + function Tests_Auth_OpenID_Nonce() + { + $this->addTestSuite('Tests_Auth_OpenID_NonceTests'); + $this->makeSplitTests(); + $this->makeCheckTimestampTests(); + $this->setName('Tests_Auth_OpenID_Nonce'); + } + + function makeSplitTests() + { + $cases = array( + '', + '1970-01-01T00:00:00+1:00', + '1969-01-01T00:00:00Z', + '1970-00-01T00:00:00Z', + '1970.01-01T00:00:00Z', + 'Thu Sep 7 13:29:31 PDT 2006', + 'monkeys', + ); + + foreach ($cases as $nonce_str) { + $this->_mkSplitTest($nonce_str); + } + } + + function _mkSplitTest($nonce_str) + { + $test = new Tests_Auth_OpenID_Nonce_BadSplitCase($nonce_str); + $test->setName('BadNonceSplit ' . var_export($nonce_str, true)); + $this->addTest($test); + } + + function makeCheckTimestampTests() + { + $cases = array( + // exact, no allowed skew + array('1970-01-01T00:00:00Z', 0, 0, true), + + // exact, large skew + array('1970-01-01T00:00:00Z', 1000, 0, true), + + // no allowed skew, one second old + array('1970-01-01T00:00:00Z', 0, 1, false), + + // many seconds old, outside of skew + array('1970-01-01T00:00:00Z', 10, 50, false), + + // one second old, one second skew allowed + array('1970-01-01T00:00:00Z', 1, 1, true), + + // One second in the future, one second skew allowed + array('1970-01-01T00:00:02Z', 1, 1, true), + + // two seconds in the future, one second skew allowed + array('1970-01-01T00:00:02Z', 1, 0, false), + + // malformed nonce string + array('monkeys', 0, 0, false) + ); + + foreach ($cases as $case) { + $this->_mkCheckTest($case); + } + } + + function _mkCheckTest($case) + { + list($nonce_str, $skew, $now, $expected) = $case; + $test = new Tests_Auth_OpenID_Nonce_TimestampCase( + $nonce_str, $skew, $now, $expected); + $test->setName('CheckTimestamp ' . var_export($nonce_str, true)); + $this->addTest($test); + } +} + +class Tests_Auth_OpenID_Nonce_TimestampCase extends PHPUnit_Framework_TestCase { + function Tests_Auth_OpenID_Nonce_TimestampCase( + $nonce_str, $skew, $now, $expected) + { + $this->nonce_string = $nonce_str; + $this->allowed_skew = $skew; + $this->now = $now; + $this->expected = $expected; + } + + function runTest() + { + $actual = Auth_OpenID_checkTimestamp($this->nonce_string, + $this->allowed_skew, + $this->now); + $this->assertEquals($this->expected, $actual); + } +} + +class Tests_Auth_OpenID_NonceTests extends PHPUnit_Framework_TestCase { + function test_mkNonce() + { + $nonce_str = Auth_OpenID_mkNonce(); + $this->assertTrue(preg_match(Tests_Auth_OpenID_nonce_re, $nonce_str)); + } + + function test_mkNonce_when() + { + $nonce_str = Auth_OpenID_mkNonce(0); + $this->assertTrue(preg_match(Tests_Auth_OpenID_nonce_re, $nonce_str)); + $tpart = substr($nonce_str, 0, 20); + $this->assertEquals('1970-01-01T00:00:00Z', $tpart); + } + + function test_splitNonce() + { + $s = '1970-01-01T00:00:00Z'; + $expected_t = 0; + $expected_salt = ''; + list($actual_t, $actual_salt) = Auth_OpenID_splitNonce($s); + $this->assertEquals($expected_t, $actual_t); + $this->assertEquals($expected_salt, $actual_salt); + } + + + function test_mkSplit() + { + $t = 42;; + $nonce_str = Auth_OpenID_mkNonce($t); + $this->assertTrue(preg_match(Tests_Auth_OpenID_nonce_re, $nonce_str)); + list($et, $salt) = Auth_OpenID_splitNonce($nonce_str); + $this->assertEquals(6, strlen($salt)); + $this->assertEquals($et, $t); + } +} + +class Tests_Auth_OpenID_Nonce_BadSplitCase extends PHPUnit_Framework_TestCase { + function Tests_Auth_OpenID_Nonce_BadSplitCase($nonce_str) + { + $this->nonce_str = $nonce_str; + } + + function runTest() + { + $result = Auth_OpenID_splitNonce($this->nonce_str); + $this->assertNull($result); + } +} + + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/OpenID_Yadis.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/OpenID_Yadis.php new file mode 100644 index 000000000..f013d967e --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/OpenID_Yadis.php @@ -0,0 +1,228 @@ +<?php + +/** + * Tests for the combination of Yadis discovery and the OpenID + * protocol. + */ + +require_once "Auth/Yadis/XRDS.php"; +require_once "Auth/OpenID/Discover.php"; + +global $__XRDS_BOILERPLATE; +$__XRDS_BOILERPLATE = '<?xml version="1.0" encoding="UTF-8"?> +<xrds:XRDS xmlns:xrds="xri://$xrds" + xmlns="xri://$xrd*($v*2.0)" + xmlns:openid="http://openid.net/xmlns/1.0"> + <XRD> +%s + </XRD> +</xrds:XRDS> +'; + +// Different sets of server URLs for use in the URI tag +global $__server_url_options; +$__server_url_options = array( + array(), // This case should not generate an endpoint object + array('http://server.url/'), + array('https://server.url/'), + array('https://server.url/', 'http://server.url/'), + array('https://server.url/', + 'http://server.url/', + 'http://example.server.url/'), + ); + +// A couple of example extension type URIs. These are not at all +// official, but are just here for testing. +global $__ext_types; +$__ext_types = array( + 'http://janrain.com/extension/blah', + 'http://openid.net/sreg/1.0'); + +// All valid combinations of Type tags that should produce an OpenID +// endpoint +global $__openid_types; +$__openid_types = array( + Auth_OpenID_TYPE_1_0, + Auth_OpenID_TYPE_1_1); + +$temp = array(); +foreach (__subsets($__ext_types) as $exts) { + foreach (__subsets($__openid_types) as $ts) { + if ($ts) { + $temp[] = array_merge($exts, $ts); + } + } +} + +global $__type_uri_options; +$__type_uri_options = $temp; + +// Range of valid Delegate tag values for generating test data +global $__delegate_options; +$__delegate_options = array( + null, + 'http://vanity.domain/', + 'https://somewhere/yadis/'); + +$temp = array(); +foreach ($__delegate_options as $delegate) { + foreach ($__type_uri_options as $type_uris) { + foreach ($__server_url_options as $uris) { + $temp[] = array($uris, $type_uris, $delegate); + } + } +} + +// All combinations of valid URIs, Type URIs and Delegate tags +global $__data; +$__data = $temp; + +function _mkXRDS($services_str) +{ + global $__XRDS_BOILERPLATE; + return sprintf($__XRDS_BOILERPLATE, $services_str); +} + +function _mkService($uris = null, $type_uris = null, + $delegate = null, $dent = ' ') +{ + $chunks = array($dent, "<Service>\n"); + $dent2 = $dent . ' '; + if ($type_uris) { + foreach ($type_uris as $type_uri) { + $chunks = array_merge($chunks, + array($dent2 . '<Type>', + $type_uri, "</Type>\n")); + } + } + + if ($uris) { + foreach ($uris as $uri) { + if (is_array($uri)) { + list($uri, $prio) = $uri; + } else { + $prio = null; + } + $chunks = array_merge($chunks, array($dent2, '<URI')); + if ($prio !== null) { + $chunks = array_merge($chunks, array(' priority="', strval($prio), '"')); + } + $chunks = array_merge($chunks, array('>', $uri, "</URI>\n")); + } + } + + if ($delegate) { + $chunks = array_merge($chunks, + array($dent2, '<openid:Delegate>', + $delegate, "</openid:Delegate>\n")); + } + + $chunks = array_merge($chunks, array($dent, "</Service>\n")); + + return implode("", $chunks); +} + +// Used for generating test data +function __subsets($list) +{ + // Generate all non-empty sublists of a list + $subsets_list = array(array()); + foreach ($list as $elem) { + + $temp = array(); + foreach ($subsets_list as $t) { + $temp[] = array_merge(array($elem), $t); + } + + $subsets_list = array_merge($subsets_list, $temp); + } + + return $subsets_list; +} + +class Tests_Auth_OpenID_Tester extends PHPUnit_Framework_TestCase { + function Tests_Auth_OpenID_Tester($uris, $type_uris, $delegate) + { + parent::__construct(); + $this->uris = $uris; + $this->type_uris = $type_uris; + $this->local_id = $delegate; + } + + function setUp() + { + $this->yadis_url = 'http://unit.test/'; + + // Create an XRDS document to parse + $services = _mkService($this->uris, + $this->type_uris, + $this->local_id); + $this->xrds = _mkXRDS($services); + } + + function runTest() + { + // Parse into endpoint objects that we will check + $xrds_object = Auth_Yadis_XRDS::parseXRDS($this->xrds); + + $endpoints = array(); + + if ($xrds_object) { + $endpoints = $xrds_object->services(array('filter_MatchesAnyOpenIDType')); + $endpoints = Auth_OpenID_makeOpenIDEndpoints($this->yadis_url, $endpoints); + } + + // make sure there are the same number of endpoints as + // URIs. This assumes that the type_uris contains at least one + // OpenID type. + $this->assertEquals(count($this->uris), count($endpoints), + "URI <-> Endpoint count"); + + // So that we can check equality on the endpoint types + $type_uris = $this->type_uris; + sort($type_uris); + + + $seen_uris = array(); + foreach ($endpoints as $endpoint) { + $seen_uris[] = $endpoint->server_url; + + // All endpoints will have same yadis_url + $this->assertEquals($this->yadis_url, $endpoint->claimed_id); + + // and delegate + $this->assertEquals($this->local_id, $endpoint->local_id); + + // and types + $actual_types = $endpoint->type_uris; + sort($actual_types); + $this->assertEquals($actual_types, $type_uris); + } + + // So that they will compare equal, because we don't care what + // order they are in + sort($seen_uris); + $uris = $this->uris; + sort($uris); + + // Make sure we saw all URIs, and saw each one once + $this->assertEquals($uris, $seen_uris); + } +} + +class Tests_Auth_OpenID_OpenID_Yadis extends PHPUnit_Framework_TestSuite { + function Tests_Auth_OpenID_OpenID_Yadis() + { + global $__data; + foreach ($__data as $case) { + $this->addTest(new Tests_Auth_OpenID_Tester($case[0], $case[1], $case[2])); + } + } + + function getName() + { + return 'Tests_Auth_OpenID_OpenID_Yadis'; + } + +} + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/PAPE.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/PAPE.php new file mode 100644 index 000000000..d71036d19 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/PAPE.php @@ -0,0 +1,244 @@ +<?php + +require_once "Auth/OpenID/PAPE.php"; +require_once "Auth/OpenID/Message.php"; +require_once "Auth/OpenID/Server.php"; + +class PapeRequestTestCase extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->req = new Auth_OpenID_PAPE_Request(); + } + + function test_construct() + { + $this->assertEquals(array(), $this->req->preferred_auth_policies); + $this->assertEquals(null, $this->req->max_auth_age); + $this->assertEquals('pape', $this->req->ns_alias); + + $req2 = new Auth_OpenID_PAPE_Request(array(PAPE_AUTH_MULTI_FACTOR), 1000); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR), $req2->preferred_auth_policies); + $this->assertEquals(1000, $req2->max_auth_age); + } + + function test_add_policy_uri() + { + $this->assertEquals(array(), $this->req->preferred_auth_policies); + $this->req->addPolicyURI(PAPE_AUTH_MULTI_FACTOR); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR), $this->req->preferred_auth_policies); + $this->req->addPolicyURI(PAPE_AUTH_MULTI_FACTOR); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR), $this->req->preferred_auth_policies); + $this->req->addPolicyURI(PAPE_AUTH_PHISHING_RESISTANT); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT), + $this->req->preferred_auth_policies); + $this->req->addPolicyURI(PAPE_AUTH_MULTI_FACTOR); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT), + $this->req->preferred_auth_policies); + } + + function test_getExtensionArgs() { + $this->assertEquals(array('preferred_auth_policies' => ''), $this->req->getExtensionArgs()); + $this->req->addPolicyURI('http://uri'); + $this->assertEquals(array('preferred_auth_policies' => 'http://uri'), $this->req->getExtensionArgs()); + $this->req->addPolicyURI('http://zig'); + $this->assertEquals(array('preferred_auth_policies' => 'http://uri http://zig'), $this->req->getExtensionArgs()); + $this->req->max_auth_age = 789; + $this->assertEquals(array('preferred_auth_policies' => 'http://uri http://zig', 'max_auth_age' => '789'), $this->req->getExtensionArgs()); + } + + function test_parseExtensionArgs() { + $args = array('preferred_auth_policies' => 'http://foo http://bar', + 'max_auth_age' => '9'); + $this->req->parseExtensionArgs($args); + $this->assertEquals(9, $this->req->max_auth_age); + $this->assertEquals(array('http://foo','http://bar'), $this->req->preferred_auth_policies); + } + + function test_parseExtensionArgs_empty() { + $this->req->parseExtensionArgs(array()); + $this->assertEquals(null, $this->req->max_auth_age); + $this->assertEquals(array(), $this->req->preferred_auth_policies); + } + + function test_fromOpenIDRequest() { + $openid_req_msg = Auth_OpenID_Message::fromOpenIDArgs(array( + 'mode' => 'checkid_setup', + 'ns' => Auth_OpenID_OPENID2_NS, + 'ns.pape' => Auth_OpenID_PAPE_NS_URI, + 'pape.preferred_auth_policies' => implode(' ', array(PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT)), + 'pape.max_auth_age' => '5476' + )); + $oid_req = new Auth_OpenID_Request(); + $oid_req->message = $openid_req_msg; + $req = Auth_OpenID_PAPE_Request::fromOpenIDRequest($oid_req); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT), $req->preferred_auth_policies); + $this->assertEquals(5476, $req->max_auth_age); + } + + function test_fromOpenIDRequest_no_pape() { + $message = new Auth_OpenID_Message(); + $openid_req = new Auth_OpenID_Request(); + $openid_req->message = $message; + $pape_req = Auth_OpenID_PAPE_Request::fromOpenIDRequest($openid_req); + $this->assertTrue($pape_req === null); + } + + function test_preferred_types() { + $this->req->addPolicyURI(PAPE_AUTH_PHISHING_RESISTANT); + $this->req->addPolicyURI(PAPE_AUTH_MULTI_FACTOR); + $pt = $this->req->preferredTypes(array(PAPE_AUTH_MULTI_FACTOR, + PAPE_AUTH_MULTI_FACTOR_PHYSICAL)); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR), $pt); + } +} + +class PAPE_DummySuccessResponse { + function PAPE_DummySuccessResponse($message, $signed_stuff) + { + $this->message = $message; + $this->signed_stuff = $signed_stuff; + } + + function getSignedNS($ns_uri) + { + return $this->signed_stuff; + } +} + +class PapeResponseTestCase extends PHPUnit_Framework_TestCase { + function setUp() { + $this->req = new Auth_OpenID_PAPE_Response(); + } + + function test_construct() { + $this->assertEquals(array(), $this->req->auth_policies); + $this->assertEquals(null, $this->req->auth_time); + $this->assertEquals('pape', $this->req->ns_alias); + $this->assertEquals(null, $this->req->nist_auth_level); + + $req2 = new Auth_OpenID_PAPE_Response(array(PAPE_AUTH_MULTI_FACTOR), + '2001-01-01T04:05:23Z', + 3); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR), $req2->auth_policies); + $this->assertEquals('2001-01-01T04:05:23Z', $req2->auth_time); + $this->assertEquals(3, $req2->nist_auth_level); + } + + function test_add_policy_uri() { + $this->assertEquals(array(), $this->req->auth_policies); + $this->req->addPolicyURI(PAPE_AUTH_MULTI_FACTOR); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR), $this->req->auth_policies); + $this->req->addPolicyURI(PAPE_AUTH_MULTI_FACTOR); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR), $this->req->auth_policies); + $this->req->addPolicyURI(PAPE_AUTH_PHISHING_RESISTANT); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT), $this->req->auth_policies); + $this->req->addPolicyURI(PAPE_AUTH_MULTI_FACTOR); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT), $this->req->auth_policies); + } + + function test_getExtensionArgs() { + $this->assertEquals(array('auth_policies' => 'none'), $this->req->getExtensionArgs()); + $this->req->addPolicyURI('http://uri'); + $this->assertEquals(array('auth_policies' => 'http://uri'), $this->req->getExtensionArgs()); + $this->req->addPolicyURI('http://zig'); + $this->assertEquals(array('auth_policies' => 'http://uri http://zig'), $this->req->getExtensionArgs()); + $this->req->auth_time = '2008-03-02T12:34:56Z'; + $this->assertEquals(array('auth_policies' => 'http://uri http://zig', 'auth_time' => '2008-03-02T12:34:56Z'), $this->req->getExtensionArgs()); + $this->req->nist_auth_level = 3; + $this->assertEquals(array('auth_policies' => 'http://uri http://zig', 'auth_time' => '2008-03-02T12:34:56Z', 'nist_auth_level' => '3'), $this->req->getExtensionArgs()); + } + + function test_getExtensionArgs_error_auth_age() { + $this->req->auth_time = "foo2008-03-02T12:34:56Z"; + $this->assertEquals(false, $this->req->getExtensionArgs()); + $this->req->auth_time = "2008-03-02T12:34:56Zbar"; + $this->assertEquals(false, $this->req->getExtensionArgs()); + } + + function test_getExtensionArgs_error_nist_auth_level() { + $this->req->nist_auth_level = "high as a kite"; + $this->assertEquals(false, $this->req->getExtensionArgs()); + $this->req->nist_auth_level = 5; + $this->assertEquals(false, $this->req->getExtensionArgs()); + $this->req->nist_auth_level = -1; + $this->assertEquals(false, $this->req->getExtensionArgs()); + } + + function test_parseExtensionArgs() { + $args = array('auth_policies' => 'http://foo http://bar', + 'auth_time' => '2008-03-02T12:34:56Z'); + $this->req->parseExtensionArgs($args); + $this->assertEquals('2008-03-02T12:34:56Z', $this->req->auth_time); + $this->assertEquals(array('http://foo','http://bar'), $this->req->auth_policies); + } + + function test_parseExtensionArgs_empty() { + $this->req->parseExtensionArgs(array()); + $this->assertEquals(null, $this->req->auth_time); + $this->assertEquals(array(), $this->req->auth_policies); + } + + function test_parseExtensionArgs_strict_bogus1() { + $args = array('auth_policies' => 'http://foo http://bar', + 'auth_time' => 'yesterday'); + $this->assertEquals(false, $this->req->parseExtensionArgs($args, true)); + } + + function test_parseExtensionArgs_strict_bogus2() { + $args = array('auth_policies' => 'http://foo http://bar', + 'auth_time' => '63', + 'nist_auth_level' => 'some'); + $this->assertEquals(false, $this->req->parseExtensionArgs($args, true)); + } + + function test_parseExtensionArgs_strict_good() { + $args = array('auth_policies' => 'http://foo http://bar', + 'auth_time' => '2008-03-02T12:34:56Z', + 'nist_auth_level' => '0'); + $this->req->parseExtensionArgs($args, true); + $this->assertEquals(array('http://foo','http://bar'), $this->req->auth_policies); + $this->assertEquals('2008-03-02T12:34:56Z', $this->req->auth_time); + $this->assertEquals(0, $this->req->nist_auth_level); + } + + function test_parseExtensionArgs_nostrict_bogus() { + $args = array('auth_policies' => 'http://foo http://bar', + 'auth_time' => 'the other day', + 'nist_auth_level' => 'some'); + $this->req->parseExtensionArgs($args); + $this->assertEquals(array('http://foo','http://bar'), $this->req->auth_policies); + $this->assertEquals(null, $this->req->auth_time); + $this->assertEquals(null, $this->req->nist_auth_level); + } + + function test_fromSuccessResponse() { + $openid_req_msg = Auth_OpenID_Message::fromOpenIDArgs(array( + 'mode' => 'id_res', + 'ns' => Auth_OpenID_OPENID2_NS, + 'ns.pape' => Auth_OpenID_PAPE_NS_URI, + 'auth_policies' => implode(' ', array(PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT)), + 'auth_time' => '2008-03-02T12:34:56Z' + )); + $signed_stuff = array( + 'auth_policies' => implode(' ', array(PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT)), + 'auth_time' => '2008-03-02T12:34:56Z' + ); + $oid_req = new PAPE_DummySuccessResponse($openid_req_msg, $signed_stuff); + $req = Auth_OpenID_PAPE_Response::fromSuccessResponse($oid_req); + $this->assertEquals(array(PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT), $req->auth_policies); + $this->assertEquals('2008-03-02T12:34:56Z', $req->auth_time); + } +} + +class Tests_Auth_OpenID_PAPE extends PHPUnit_Framework_TestSuite { + function getName() { + return "Tests_Auth_OpenID_PAPE"; + } + + function Tests_Auth_OpenID_PAPE() { + $this->addTestSuite('PapeRequestTestCase'); + $this->addTestSuite('PapeResponseTestCase'); + } +} + + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/Parse.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/Parse.php new file mode 100644 index 000000000..b0e03508e --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/Parse.php @@ -0,0 +1,185 @@ +<?php + +/** + * Tests for the Consumer parsing functions. + * + * PHP versions 4 and 5 + * + * LICENSE: See the COPYING file included in this distribution. + * + * @package OpenID + * @author JanRain, Inc. <openid@janrain.com> + * @copyright 2005-2008 Janrain, Inc. + * @license http://www.apache.org/licenses/LICENSE-2.0 Apache + */ + +require_once 'Tests/Auth/OpenID/TestUtil.php'; +require_once 'Auth/OpenID/Parse.php'; + +class Tests_Auth_OpenID_Link extends PHPUnit_Framework_TestCase { + function Tests_Auth_OpenID_Link($case) + { + list($desc, $markup, $links, $case_text) = $case; + $this->desc = $desc; + $this->markup = $markup; + $this->expected_links = $links; + $this->case_text = $case_text; + $this->parser = new Auth_OpenID_Parse(); + } + + function getName() + { + return $this->desc; + } + + function runTest() + { + $parsed = $this->parser->parseLinkAttrs($this->markup); + $i = 0; + + foreach ($this->expected_links as $expected) { + list($is_optional_link, $expected_link) = $expected; + if ($is_optional_link && + ($i >= count($parsed))) { + continue; + } + + if (count($parsed) <= $i) { + $i++; + continue; + } + + $act_link = $parsed[$i]; + + $increment = true; + foreach ($expected_link as $attr => $data) { + list($is_optional_attr, $value) = $data; + + if ($is_optional_attr) { + $actual_value = null; + if (array_key_exists($attr, $act_link)) { + $actual_value = $act_link[$attr]; + } else { + continue; + } + } else { + $actual_value = $act_link[$attr]; + } + + if ($is_optional_link && + ($value != $actual_value)) { + $increment = false; + break; + } + + $this->assertEquals($value, $actual_value); + } + + if ($increment) { + $i++; + } + } + + $this->assertEquals($i, count($parsed)); + } +} + +class NumTestCases extends PHPUnit_Framework_TestCase { + function NumTestCases($test_cases, $num_tests) + { + $this->test_cases = $test_cases; + $this->num_tests = $num_tests; + } + + function runTest() + { + $this->assertEquals(count($this->test_cases), + $this->num_tests); + } +} + +class Tests_Auth_OpenID_Parse extends PHPUnit_Framework_TestSuite { + + function getName() + { + return "Tests_Auth_OpenID_Parse"; + } + + function _parseCheck($cond, $where) + { + if (!$cond) { + trigger_error('Parse error in ' . $where, E_USER_ERROR); + } + } + + function parseLink($line) + { + $parts = explode(" ", $line); + $optional = intval($parts[0] == 'Link*:'); + $this->_parseCheck($optional || ($parts[0] == 'Link:'), __FUNCTION__); + + $attrs = array(); + foreach (array_slice($parts, 1) as $attr) { + list($k, $v) = explode("=", $attr, 2); + if ($k[strlen($k) - 1] == '*') { + $attr_optional = 1; + $k = substr($k, 0, strlen($k) - 1); + } else { + $attr_optional = 0; + } + + $attrs[$k] = array($attr_optional, $v); + } + + return array($optional, $attrs); + } + + function parseCase($s) + { + list($header, $markup) = explode("\n\n", $s, 2); + $lines = explode("\n", $header); + $name = array_shift($lines); + $this->_parseCheck(strpos($name, 'Name: ') == 0, __FUNCTION__); + $desc = substr($name, 6); + $parsed = array(); + foreach ($lines as $line) { + $parsed[] = $this->parseLink($line); + } + + return array($desc, $markup, $parsed); + } + + function parseTests($s) + { + $tests = array(); + + $cases = explode("\n\n\n", $s); + $header = array_shift($cases); + list($tests_line, $unused) = explode("\n", $header, 2); + list($k, $v) = explode(": ", $tests_line); + $this->_parseCheck(('Num Tests' == $k), __FUNCTION__); + $num_tests = intval($v); + + foreach (array_slice($cases, 0, count($cases) - 1) as $case) { + list($desc, $markup, $links) = $this->parseCase($case); + $tests[] = array($desc, $markup, $links, $case); + } + + return array($num_tests, $tests); + } + + function Tests_Auth_OpenID_Parse() + { + $test_data = Tests_Auth_OpenID_readdata('linkparse.txt'); + + list($num_tests, $test_cases) = $this->parseTests($test_data); + + $this->addTest(new NumTestCases($test_cases, $num_tests)); + + foreach ($test_cases as $case) { + $this->addTest(new Tests_Auth_OpenID_Link($case)); + } + } +} + + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/RPVerify.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/RPVerify.php new file mode 100644 index 000000000..1482af4c4 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/RPVerify.php @@ -0,0 +1,293 @@ +<?php + +/* + * Unit tests for verification of return_to URLs for a realm. + */ + +require_once 'Auth/OpenID/Discover.php'; +require_once 'Auth/OpenID/TrustRoot.php'; + +require_once 'Auth/Yadis/Yadis.php'; + +/* + * Tests for building the discovery URL from a realm and a return_to + * URL + */ +class Tests_Auth_OpenID_BuildDiscoveryURL extends PHPUnit_Framework_TestCase { + /* + * Build a discovery URL out of the realm and a return_to and make + * sure that it matches the expected discovery URL + */ + function failUnlessDiscoURL($realm, $expected_discovery_url) + { + $actual_discovery_url = Auth_OpenID_TrustRoot::buildDiscoveryURL($realm); + $this->assertEquals($expected_discovery_url, $actual_discovery_url); + } + + /* + * There is no wildcard and the realm is the same as the return_to + * URL + */ + function test_trivial() + { + $this->failUnlessDiscoURL('http://example.com/foo', + 'http://example.com/foo'); + } + + /* + * There is a wildcard + */ + function test_wildcard() + { + $this->failUnlessDiscoURL('http://*.example.com/foo', + 'http://www.example.com/foo'); + } +} + +class _MockDiscover { + function _MockDiscover($data) { + $this->data =& $data; + } + + function mockDiscover($uri, $fetcher, $discover_function=null) + { + $result = new Auth_Yadis_DiscoveryResult($uri); + $result->response_text = $this->data; + $result->normalized_uri = $uri; + return $result; + } +} + +class Tests_Auth_OpenID_ExtractReturnToURLs extends PHPUnit_Framework_TestCase { + var $disco_url = 'http://example.com/'; + + function failUnlessXRDSHasReturnURLs($data, $expected_return_urls) + { + $discover_object = new _MockDiscover($data); + $actual_return_urls = Auth_OpenID_getAllowedReturnURLs($this->disco_url, null, array($discover_object, 'mockDiscover')); + + $this->assertEquals($expected_return_urls, $actual_return_urls); + } + + function failUnlessDiscoveryFailure($text) + { + $discover_object = new _MockDiscover($text); + $this->assertFalse(Auth_OpenID_getAllowedReturnURLs($this->disco_url, null, array($discover_object, 'mockDiscover'))); + } + + function test_empty() + { + $this->failUnlessDiscoveryFailure(''); + } + + function test_badXML() + { + $this->failUnlessDiscoveryFailure('>'); + } + + function test_noEntries() + { + $this->failUnlessXRDSHasReturnURLs('<?xml version="1.0" encoding="UTF-8"?> +<xrds:XRDS xmlns:xrds="xri://$xrds" + xmlns="xri://$xrd*($v*2.0)" + > + <XRD> + </XRD> +</xrds:XRDS> +', array()); + } + + function test_noReturnToEntries() + { + $this->failUnlessXRDSHasReturnURLs('<?xml version="1.0" encoding="UTF-8"?> +<xrds:XRDS xmlns:xrds="xri://$xrds" + xmlns="xri://$xrd*($v*2.0)" + > + <XRD> + <Service priority="10"> + <Type>http://specs.openid.net/auth/2.0/server</Type> + <URI>http://www.myopenid.com/server</URI> + </Service> + </XRD> +</xrds:XRDS> +', array()); + } + + function test_oneEntry() + { + $this->failUnlessXRDSHasReturnURLs('<?xml version="1.0" encoding="UTF-8"?> +<xrds:XRDS xmlns:xrds="xri://$xrds" + xmlns="xri://$xrd*($v*2.0)" + > + <XRD> + <Service> + <Type>http://specs.openid.net/auth/2.0/return_to</Type> + <URI>http://rp.example.com/return</URI> + </Service> + </XRD> +</xrds:XRDS> +', array('http://rp.example.com/return')); + } + + function test_twoEntries() + { + $this->failUnlessXRDSHasReturnURLs('<?xml version="1.0" encoding="UTF-8"?> +<xrds:XRDS xmlns:xrds="xri://$xrds" + xmlns="xri://$xrd*($v*2.0)" + > + <XRD> + <Service priority="0"> + <Type>http://specs.openid.net/auth/2.0/return_to</Type> + <URI>http://rp.example.com/return</URI> + </Service> + <Service priority="1"> + <Type>http://specs.openid.net/auth/2.0/return_to</Type> + <URI>http://other.rp.example.com/return</URI> + </Service> + </XRD> +</xrds:XRDS> +', array('http://rp.example.com/return', + 'http://other.rp.example.com/return')); + } + + function test_twoEntries_withOther() + { + $this->failUnlessXRDSHasReturnURLs('<?xml version="1.0" encoding="UTF-8"?> +<xrds:XRDS xmlns:xrds="xri://$xrds" + xmlns="xri://$xrd*($v*2.0)" + > + <XRD> + <Service priority="0"> + <Type>http://specs.openid.net/auth/2.0/return_to</Type> + <URI>http://rp.example.com/return</URI> + </Service> + <Service priority="1"> + <Type>http://specs.openid.net/auth/2.0/return_to</Type> + <URI>http://other.rp.example.com/return</URI> + </Service> + <Service priority="0"> + <Type>http://example.com/LOLCATS</Type> + <URI>http://example.com/invisible+uri</URI> + </Service> + </XRD> +</xrds:XRDS> +', array('http://rp.example.com/return', + 'http://other.rp.example.com/return')); + } +} + +class Tests_Auth_OpenID_ReturnToMatches extends PHPUnit_Framework_TestCase { + function test_noEntries() + { + $this->assertFalse(Auth_OpenID_returnToMatches(array(), 'anything')); + } + + function test_exactMatch() + { + $r = 'http://example.com/return.to'; + $this->assertTrue(Auth_OpenID_returnToMatches(array($r), $r)); + } + + function test_garbageMatch() + { + $r = 'http://example.com/return.to'; + $this->assertTrue(Auth_OpenID_returnToMatches( + array('This is not a URL at all. In fact, it has characters, ' . + 'like "<" that are not allowed in URLs', $r), $r)); + } + + function test_descendant() + { + $r = 'http://example.com/return.to'; + $this->assertTrue(Auth_OpenID_returnToMatches(array($r), + 'http://example.com/return.to/user:joe')); + } + + function test_wildcard() + { + $this->assertFalse(Auth_OpenID_returnToMatches( + array('http://*.example.com/return.to'), + 'http://example.com/return.to')); + } + + function test_noMatch() + { + $r = 'http://example.com/return.to'; + $this->assertFalse(Auth_OpenID_returnToMatches(array($r), + 'http://example.com/xss_exploit')); + } +} + +class Verifier { + function Verifier($test_case, $return_to) + { + $this->tc =& $test_case; + $this->return_to = $return_to; + } + + function verify($disco_url) + { + $this->tc->assertEquals('http://www.example.com/', $disco_url); + + if ($this->return_to === false) { + return false; + } else { + return array($this->return_to); + } + } +} + +class Tests_Auth_OpenID_VerifyReturnTo extends PHPUnit_Framework_TestCase { + + function test_bogusRealm() + { + $this->assertFalse(Auth_OpenID_verifyReturnTo('', 'http://example.com/', null)); + } + + function test_verifyWithDiscoveryCalled() + { + $realm = 'http://*.example.com/'; + $return_to = 'http://www.example.com/foo'; + + $v = new Verifier($this, $return_to); + + $this->assertTrue(Auth_OpenID_verifyReturnTo($realm, $return_to, null, array($v, 'verify'))); + } + + function test_verifyFailWithDiscoveryCalled() + { + $realm = 'http://*.example.com/'; + $return_to = 'http://www.example.com/foo'; + + $v = new Verifier($this, 'http://something-else.invalid/'); + + $this->assertFalse(Auth_OpenID_verifyReturnTo($realm, $return_to, null, array($v, 'verify'))); + } + + function test_verifyFailIfDiscoveryRedirects() + { + $realm = 'http://*.example.com/'; + $return_to = 'http://www.example.com/foo'; + + $v = new Verifier($this, false); + + $this->assertFalse(Auth_OpenID_verifyReturnTo($realm, $return_to, null, array($v, 'verify'))); + } +} + +class Tests_Auth_OpenID_RPVerify extends PHPUnit_Framework_TestSuite { + function getName() + { + return "Tests_Auth_OpenID_RPVerify"; + } + + function Tests_Auth_OpenID_RPVerify() + { + $this->addTestSuite('Tests_Auth_OpenID_VerifyReturnTo'); + $this->addTestSuite('Tests_Auth_OpenID_ReturnToMatches'); + $this->addTestSuite('Tests_Auth_OpenID_ExtractReturnToURLs'); + $this->addTestSuite('Tests_Auth_OpenID_BuildDiscoveryURL'); + } +} + + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/SReg.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/SReg.php new file mode 100644 index 000000000..db5cd5183 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/SReg.php @@ -0,0 +1,672 @@ +<?php + +/** + * SReg.php testing code. + */ + +require_once 'Auth/OpenID/SReg.php'; +require_once 'Auth/OpenID/Message.php'; +require_once 'Auth/OpenID/Server.php'; + +class SRegURITest extends PHPUnit_Framework_TestCase { + function test_is11() + { + $this->assertEquals(Auth_OpenID_SREG_NS_URI_1_1, + Auth_OpenID_SREG_NS_URI); + } +} + +class CheckFieldNameTest extends PHPUnit_Framework_TestCase { + function test_goodNamePasses() + { + global $Auth_OpenID_sreg_data_fields; + + foreach ($Auth_OpenID_sreg_data_fields as $field_name => $desc) { + $this->assertTrue(Auth_OpenID_checkFieldName($field_name)); + } + } + + function test_badNameFails() + { + $this->assertfalse(Auth_OpenID_checkFieldName('INVALID')); + } + + function test_badTypeFails() + { + $this->assertfalse(Auth_OpenID_checkFieldName(null)); + } +} + +// For supportsSReg test +class FakeEndpoint { + function FakeEndpoint($supported) + { + $this->supported = $supported; + $this->checked_uris = array(); + } + + function usesExtension($namespace_uri) + { + $this->checked_uris[] = $namespace_uri; + return in_array($namespace_uri, $this->supported); + } +} + +class SupportsSRegTest extends PHPUnit_Framework_TestCase { + function test_unsupported() + { + $endpoint = new FakeEndpoint(array()); + $this->assertfalse(Auth_OpenID_supportsSReg($endpoint)); + $this->assertEquals(array(Auth_OpenID_SREG_NS_URI_1_1, + Auth_OpenID_SREG_NS_URI_1_0), + $endpoint->checked_uris); + } + + function test_supported_1_1() + { + $endpoint = new FakeEndpoint(array(Auth_OpenID_SREG_NS_URI_1_1)); + $this->assertTrue(Auth_OpenID_supportsSReg($endpoint)); + $this->assertEquals(array(Auth_OpenID_SREG_NS_URI_1_1), + $endpoint->checked_uris); + } + + function test_supported_1_0() + { + $endpoint = new FakeEndpoint(array(Auth_OpenID_SREG_NS_URI_1_0)); + $this->assertTrue(Auth_OpenID_supportsSReg($endpoint)); + $this->assertEquals(array(Auth_OpenID_SREG_NS_URI_1_1, + Auth_OpenID_SREG_NS_URI_1_0), + $endpoint->checked_uris); + } +} + +class FakeMessage { + function FakeMessage() + { + $this->openid1 = false; + $this->namespaces = new Auth_OpenID_NamespaceMap(); + } + + function isOpenID1() + { + return $this->openid1; + } +} + +class GetNSTest extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->msg = new FakeMessage(); + } + + function test_openID2Empty() + { + $ns_uri = Auth_OpenID_SRegBase::_getSRegNS($this->msg); + $this->assertEquals($this->msg->namespaces->getAlias($ns_uri), 'sreg'); + $this->assertEquals(Auth_OpenID_SREG_NS_URI, $ns_uri); + } + + function test_openID1Empty() + { + $this->msg->openid1 = true; + $ns_uri = Auth_OpenID_SRegBase::_getSRegNS($this->msg); + $this->assertEquals($this->msg->namespaces->getAlias($ns_uri), 'sreg'); + $this->assertEquals(Auth_OpenID_SREG_NS_URI, $ns_uri); + } + + function test_openID1Defined_1_0() + { + $this->msg->openid1 = true; + $this->msg->namespaces->add(Auth_OpenID_SREG_NS_URI_1_0); + $ns_uri = Auth_OpenID_SRegBase::_getSRegNS($this->msg); + $this->assertEquals(Auth_OpenID_SREG_NS_URI_1_0, $ns_uri); + } + + function test_openID1Defined_1_0_overrideAlias() + { + foreach (array(true, false) as $openid_version) { + foreach (array(Auth_OpenID_SREG_NS_URI_1_0, + Auth_OpenID_SREG_NS_URI_1_1) as $sreg_version) { + foreach (array('sreg', 'bogus') as $alias) { + $this->setUp(); + + $this->msg->openid1 = $openid_version; + $this->assertTrue($this->msg->namespaces->addAlias($sreg_version, $alias) !== null); + $ns_uri = Auth_OpenID_SRegBase::_getSRegNS($this->msg); + $this->assertEquals($this->msg->namespaces->getAlias($ns_uri), $alias); + $this->assertEquals($sreg_version, $ns_uri); + } + } + } + } + + function test_openID1DefinedBadly() + { + $this->msg->openid1 = true; + $this->msg->namespaces->addAlias('http://invalid/', 'sreg'); + $this->assertTrue(Auth_OpenID_SRegBase::_getSRegNS($this->msg) === null); + } + + function test_openID2DefinedBadly() + { + $this->msg->openid1 = false; + $this->msg->namespaces->addAlias('http://invalid/', 'sreg'); + $this->assertTrue(Auth_OpenID_SRegBase::_getSRegNS($this->msg) === null); + } + + function test_openID2Defined_1_0() + { + $this->msg->namespaces->add(Auth_OpenID_SREG_NS_URI_1_0); + $ns_uri = Auth_OpenID_SRegBase::_getSRegNS($this->msg); + $this->assertEquals(Auth_OpenID_SREG_NS_URI_1_0, $ns_uri); + } + + function test_openID1_sregNSfromArgs() + { + $args = array( + 'sreg.optional' => 'nickname', + 'sreg.required' => 'dob'); + + $m = Auth_OpenID_Message::fromOpenIDArgs($args); + + $this->assertTrue($m->getArg(Auth_OpenID_SREG_NS_URI_1_1, 'optional') == 'nickname'); + $this->assertTrue($m->getArg(Auth_OpenID_SREG_NS_URI_1_1, 'required') == 'dob'); + } +} + +global $__args_sentinel; +global $__ns_sentinel; +$__args_sentinel = 'args_sentinel'; +$__ns_sentinel = 'ns_sentinel'; + +class SentinelFakeMessage { + function SentinelFakeMessage($test_case) + { + $this->test_case =& $test_case; + $this->message = new Auth_OpenID_Message(); + } + + function getArgs($ns_uri) + { + global $__ns_sentinel, $__args_sentinel; + $this->test_case->assertEquals($__ns_sentinel, $ns_uri); + return $__args_sentinel; + } +} + +// XXX Ugly hack. Thanks, PHP. +global $__TestingReq_TEST_CASE; +$__TestingReq_TEST_CASE = "FLUB"; + +function __setTestCase($thing) { + global $__TestingReq_TEST_CASE; + $__TestingReq_TEST_CASE = $thing; +} + +function &__getTestCase() { + global $__TestingReq_TEST_CASE; + return $__TestingReq_TEST_CASE; +} + +class TestingReq extends Auth_OpenID_SRegRequest { + static function fromOpenIDRequest($thing, $test_case) + { + __setTestCase($test_case); + $obj = parent::fromOpenIDRequest($thing, 'TestingReq'); + return $obj; + } + + static function _getSRegNS($unused) + { + global $__ns_sentinel; + return $__ns_sentinel; + } + + function parseExtensionArgs($args) + { + global $__args_sentinel; + $tc =& __getTestCase(); + $tc->assertEquals($__args_sentinel, $args); + } +} + +class SRegRequestTest extends PHPUnit_Framework_TestCase { + function test_constructEmpty() + { + $req = Auth_OpenID_SRegRequest::build(); + $this->assertEquals(array(), $req->optional); + $this->assertEquals(array(), $req->required); + $this->assertEquals(null, $req->policy_url); + $this->assertEquals(Auth_OpenID_SREG_NS_URI, $req->ns_uri); + } + + function test_constructFields() + { + $req = Auth_OpenID_SRegRequest::build( + array('nickname'), + array('gender'), + 'http://policy', + 'http://sreg.ns_uri'); + $this->assertEquals(array('gender'), $req->optional); + $this->assertEquals(array('nickname'), $req->required); + $this->assertEquals('http://policy', $req->policy_url); + $this->assertEquals('http://sreg.ns_uri', $req->ns_uri); + } + + function test_constructBadFields() + { + $this->assertTrue(Auth_OpenID_SRegRequest::build(array('elvis')) === null); + } + + function test_fromOpenIDResponse() + { + $openid_req = new Auth_OpenID_Request(); + + $msg = new SentinelFakeMessage($this); + $openid_req->message =& $msg; + + $req = TestingReq::fromOpenIDRequest($openid_req, $this); + $this->assertTrue(is_a($req, 'TestingReq')); + } + + function test_parseExtensionArgs_empty() + { + $req = Auth_OpenID_SRegRequest::build(); + $this->assertTrue($req->parseExtensionArgs(array())); + } + + function test_parseExtensionArgs_extraIgnored() + { + $req = Auth_OpenID_SRegRequest::build(); + $this->assertTrue($req->parseExtensionArgs(array('janrain' => 'inc'))); + } + + function test_parseExtensionArgs_nonStrict() + { + $req = Auth_OpenID_SRegRequest::build(); + $this->assertTrue($req->parseExtensionArgs(array('required' => 'beans'))); + $this->assertEquals(array(), $req->required); + } + + function test_parseExtensionArgs_strict() + { + $req = Auth_OpenID_SRegRequest::build(); + $this->assertFalse($req->parseExtensionArgs(array('required' => 'beans'), + true)); + } + + function test_parseExtensionArgs_policy() + { + $req = Auth_OpenID_SRegRequest::build(); + $this->assertTrue($req->parseExtensionArgs( + array('policy_url' => 'http://policy'), true)); + $this->assertEquals('http://policy', $req->policy_url); + } + + function test_parseExtensionArgs_requiredEmpty() + { + $req = Auth_OpenID_SRegRequest::build(); + $this->assertTrue($req->parseExtensionArgs(array('required' => ''), true)); + $this->assertEquals(array(), $req->required); + } + + function test_parseExtensionArgs_optionalEmpty() + { + $req = Auth_OpenID_SRegRequest::build(); + $this->assertTrue($req->parseExtensionArgs(array('optional' => ''), true)); + $this->assertEquals(array(), $req->optional); + } + + function test_parseExtensionArgs_optionalSingle() + { + $req = Auth_OpenID_SRegRequest::build(); + $this->assertTrue($req->parseExtensionArgs(array('optional' => 'nickname'), true)); + $this->assertEquals(array('nickname'), $req->optional); + } + + function test_parseExtensionArgs_optionalList() + { + $req = Auth_OpenID_SRegRequest::build(); + $this->assertTrue($req->parseExtensionArgs(array('optional' => 'nickname,email'), true)); + $this->assertEquals(array('nickname','email'), $req->optional); + } + + function test_parseExtensionArgs_optionalListBadNonStrict() + { + $req = Auth_OpenID_SRegRequest::build(); + $this->assertTrue($req->parseExtensionArgs(array('optional' => 'nickname,email,beer'))); + $this->assertEquals(array('nickname','email'), $req->optional); + } + + function test_parseExtensionArgs_optionalListBadStrict() + { + $req = Auth_OpenID_SRegRequest::build(); + $this->assertFalse($req->parseExtensionArgs(array('optional' => 'nickname,email,beer'), + true)); + } + + function test_parseExtensionArgs_bothNonStrict() + { + $req = Auth_OpenID_SRegRequest::build(); + $this->assertTrue($req->parseExtensionArgs(array('optional' => 'nickname', + 'required' => 'nickname'))); + $this->assertEquals(array(), $req->optional); + $this->assertEquals(array('nickname'), $req->required); + } + + function test_parseExtensionArgs_bothStrict() + { + $req = Auth_OpenID_SRegRequest::build(); + $this->assertFalse($req->parseExtensionArgs( + array('optional' => 'nickname', + 'required' => 'nickname'), + true)); + } + + function test_parseExtensionArgs_bothList() + { + $req = Auth_OpenID_SRegRequest::build(); + $this->assertTrue($req->parseExtensionArgs(array('optional' => 'nickname,email', + 'required' => 'country,postcode'), + true)); + $this->assertEquals(array('nickname','email'), $req->optional); + $this->assertEquals(array('country','postcode'), $req->required); + } + + function test_allRequestedFields() + { + $req = Auth_OpenID_SRegRequest::build(); + $this->assertEquals(array(), $req->allRequestedFields()); + $req->requestField('nickname'); + $this->assertEquals(array('nickname'), $req->allRequestedFields()); + $req->requestField('gender', true); + $requested = $req->allRequestedFields(); + sort($requested); + $this->assertEquals(array('gender', 'nickname'), $requested); + } + + function test_wereFieldsRequested() + { + $req = Auth_OpenID_SRegRequest::build(); + $this->assertFalse($req->wereFieldsRequested()); + $req->requestField('gender'); + $this->assertTrue($req->wereFieldsRequested()); + } + + function test_contains() + { + global $Auth_OpenID_sreg_data_fields; + + $req = Auth_OpenID_SRegRequest::build(); + foreach ($Auth_OpenID_sreg_data_fields as $field_name => $desc) { + $this->assertFalse($req->contains($field_name)); + } + + $this->assertFalse($req->contains('something else')); + + $req->requestField('nickname'); + foreach ($Auth_OpenID_sreg_data_fields as $field_name => $desc) { + if ($field_name == 'nickname') { + $this->assertTrue($req->contains($field_name)); + } else { + $this->assertFalse($req->contains($field_name)); + } + } + } + + function test_requestField_bogus() + { + $req = Auth_OpenID_SRegRequest::build(); + $this->assertFalse($req->requestField('something else')); + $this->assertFalse($req->requestField('something else', true)); + } + + function test_requestField() + { + global $Auth_OpenID_sreg_data_fields; + + // Add all of the fields, one at a time + $req = Auth_OpenID_SRegRequest::build(); + $fields = array_keys($Auth_OpenID_sreg_data_fields); + foreach ($fields as $field_name) { + $req->requestField($field_name); + } + + $this->assertEquals($fields, $req->optional); + $this->assertEquals(array(), $req->required); + + // By default, adding the same fields over again has no effect + foreach ($fields as $field_name) { + $req->requestField($field_name); + } + + $this->assertEquals($fields, $req->optional); + $this->assertEquals(array(), $req->required); + + // Requesting a field as required overrides requesting it as + // optional + $expected = $fields; + $overridden = array_pop($expected); + + $this->assertTrue($req->requestField($overridden, true)); + + $this->assertEquals($expected, $req->optional); + $this->assertEquals(array($overridden), $req->required); + + // Requesting a field as required overrides requesting it as + // optional + foreach ($fields as $field_name) { + $this->assertTrue($req->requestField($field_name, true)); + } + + $this->assertEquals(array(), $req->optional); + foreach ($fields as $f) { + $this->assertTrue(in_array($f, $req->required)); + } + + // Requesting it as optional does not downgrade it to optional + foreach ($fields as $field_name) { + $req->requestField($field_name); + } + + $this->assertEquals(array(), $req->optional); + + foreach ($fields as $f) { + $this->assertTrue(in_array($f, $req->required)); + } + } + + function test_requestFields_type() + { + $req = Auth_OpenID_SRegRequest::build(); + $this->assertFalse($req->requestFields('nickname')); + } + + function test_requestFields() + { + global $Auth_OpenID_sreg_data_fields; + + // Add all of the fields + $req = Auth_OpenID_SRegRequest::build(); + + $fields = array_keys($Auth_OpenID_sreg_data_fields); + $req->requestFields($fields); + + $this->assertEquals($fields, $req->optional); + $this->assertEquals(array(), $req->required); + + // By default, adding the same fields over again has no effect + $req->requestFields($fields); + + $this->assertEquals($fields, $req->optional); + $this->assertEquals(array(), $req->required); + + // Requesting a field as required overrides requesting it as + // optional + $expected = $fields; + $overridden = array_shift($expected); + $req->requestFields(array($overridden), true); + + foreach ($expected as $f) { + $this->assertTrue(in_array($f, $req->optional)); + } + + $this->assertEquals(array($overridden), $req->required); + + // Requesting a field as required overrides requesting it as + // optional + $req->requestFields($fields, true); + + $this->assertEquals(array(), $req->optional); + $this->assertEquals($fields, $req->required); + + // Requesting it as optional does not downgrade it to optional + $req->requestFields($fields); + + $this->assertEquals(array(), $req->optional); + $this->assertEquals($fields, $req->required); + } + + function test_getExtensionArgs() + { + $req = Auth_OpenID_SRegRequest::build(); + $this->assertEquals(array(), $req->getExtensionArgs()); + + $this->assertTrue($req->requestField('nickname')); + $this->assertEquals(array('optional' => 'nickname'), + $req->getExtensionArgs()); + + $this->assertTrue($req->requestField('email')); + $this->assertEquals(array('optional' => 'nickname,email'), + $req->getExtensionArgs()); + + $this->assertTrue($req->requestField('gender', true)); + $this->assertEquals(array('optional' => 'nickname,email', + 'required' => 'gender'), + $req->getExtensionArgs()); + + $this->assertTrue($req->requestField('postcode', true)); + $this->assertEquals(array('optional' => 'nickname,email', + 'required' => 'gender,postcode'), + $req->getExtensionArgs()); + + $req->policy_url = 'http://policy.invalid/'; + $this->assertEquals(array('optional' => 'nickname,email', + 'required' => 'gender,postcode', + 'policy_url' => 'http://policy.invalid/'), + $req->getExtensionArgs()); + } +} + +class DummySuccessResponse { + function DummySuccessResponse($message, $signed_stuff) + { + $this->message = $message; + $this->signed_stuff = $signed_stuff; + } + + function getSignedNS($ns_uri) + { + return $this->signed_stuff; + } +} + +class SRegResponseTest extends PHPUnit_Framework_TestCase { + function test_fromSuccessResponse_signed() + { + $message = Auth_OpenID_Message::fromOpenIDArgs(array( + 'sreg.nickname' => 'The Mad Stork', + )); + $success_resp = new DummySuccessResponse($message, array()); + $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($success_resp); + $this->assertTrue(count($sreg_resp->contents()) === 0); + } + + function test_fromSuccessResponse_unsigned() + { + $message = Auth_OpenID_Message::fromOpenIDArgs(array( + 'sreg.nickname' => 'The Mad Stork', + )); + + $success_resp = new DummySuccessResponse($message, array()); + $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($success_resp, + false); + + $this->assertEquals(array('nickname' => 'The Mad Stork'), + $sreg_resp->contents()); + } +} + +class SendFieldsTest extends PHPUnit_Framework_TestCase { + function _test($uri) + { + // Create a request message with simple registration fields + $sreg_req = Auth_OpenID_SRegRequest::build(array('nickname', 'email'), + array('fullname')); + $req_msg = new Auth_OpenID_Message($uri); + $req_msg->updateArgs(Auth_OpenID_SREG_NS_URI, + $sreg_req->getExtensionArgs()); + + $req = new Auth_OpenID_Request(); + $req->message =& $req_msg; + $req->namespace = $req_msg->getOpenIDNamespace(); + + // -> send checkid_* request + + // Create an empty response message + $resp_msg = new Auth_OpenID_Message($uri); + $resp = new Auth_OpenID_ServerResponse($req); + $resp->fields = $resp_msg; + + $data = array( + 'nickname' => 'linusaur', + 'postcode' => '12345', + 'country' => 'US', + 'gender' => 'M', + 'fullname' => 'Leonhard Euler', + 'email' => 'president@whitehouse.gov', + 'dob' => '0000-00-00', + 'language' => 'en-us'); + + // Put the requested data fields in the response message + $sreg_resp = Auth_OpenID_SRegResponse::extractResponse($sreg_req, $data); + $resp->addExtension($sreg_resp); + + // <- send id_res response + + // Extract the fields that were sent + $sreg_data_resp = $resp->fields->getArgs(Auth_OpenID_SREG_NS_URI); + $this->assertEquals( + array('nickname' => 'linusaur', + 'email' => 'president@whitehouse.gov', + 'fullname' => 'Leonhard Euler'), + $sreg_data_resp); + } + + function test() + { + foreach (array(Auth_OpenID_OPENID1_NS, + Auth_OpenID_OPENID2_NS) as $uri) { + $this->_test($uri); + } + } +} + +class Tests_Auth_OpenID_SReg extends PHPUnit_Framework_TestSuite { + function getName() + { + return "Tests_Auth_OpenID_SReg"; + } + + function Tests_Auth_OpenID_SReg() + { + $this->addTestSuite('SRegURITest'); + $this->addTestSuite('CheckFieldNameTest'); + $this->addTestSuite('SupportsSRegTest'); + $this->addTestSuite('GetNSTest'); + $this->addTestSuite('SRegRequestTest'); + $this->addTestSuite('SRegResponseTest'); + $this->addTestSuite('SendFieldsTest'); + } +} + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/Server.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/Server.php new file mode 100644 index 000000000..d5dea91a5 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/Server.php @@ -0,0 +1,2463 @@ +<?php + +/** + * Tests for Auth_OpenID_Server + */ + +require_once "Tests/Auth/OpenID/MemStore.php"; +require_once "Auth/OpenID.php"; +require_once "Auth/OpenID/DiffieHellman.php"; +require_once "Auth/OpenID/Server.php"; +require_once "Auth/OpenID/Consumer.php"; + +function altModulus() +{ + $lib = Auth_OpenID_getMathLib(); + static $num = null; + + if (!$num) { + $num = $lib->init("1423261515703355186607439952816216983770". + "5735494988446894302176757360889904836136". + "0422513557553514790045512299468953431585". + "3008125488594198571710943663581589034331". + "6791551733211386105974742540867014420109". + "9811846875730766487278261498262568348338". + "4764372005569983660877797099908075182915". + "81860338635288400119293970087" + ); + } + + return $num; +} + +global $ALT_GEN; +$ALT_GEN = 5; + +function arrayToString($arr) +{ + $s = "Array("; + + $parts = array(); + foreach ($arr as $k => $v) { + if (is_array($v)) { + $v = arrayToString($v); + } + $parts[] = sprintf("%s => %s", $k, $v); + } + + $s .= implode(", ", $parts); + $s .= ")"; + + return $s; +} + +function _Auth_OpenID_NotAuthorized() +{ + return false; +} + +class Tests_Auth_OpenID_Test_ServerError extends PHPUnit_Framework_TestCase { + function test_browserWithReturnTo() + { + $return_to = "http://rp.unittest/consumer"; + // will be a ProtocolError raised by Decode or CheckIDRequest.answer + $args = array( + 'openid.mode' => 'monkeydance', + 'openid.identity' => 'http://wagu.unittest/', + 'openid.return_to' => $return_to); + + $e = new Auth_OpenID_ServerError( + Auth_OpenID_Message::fromPostArgs($args), + "plucky"); + + $this->assertTrue($e->hasReturnTo()); + $expected_args = array( + 'openid.mode' => 'error', + 'openid.error' => 'plucky'); + + $encoded = $e->encodeToURL(); + if (Auth_OpenID_isError($encoded)) { + $this->fail($encoded->toString()); + return; + } + + list($rt_base, $_result_args) = explode("?", $e->encodeToURL(), 2); + $result_args = Auth_OpenID::getQuery($_result_args); + + $this->assertEquals($result_args, $expected_args); + } + + function test_browserWithReturnTo_OpenID2_GET() + { + $return_to = "http://rp.unittest/consumer"; + // will be a ProtocolError raised by Decode or + // CheckIDRequest.answer + $args = Auth_OpenID_Message::fromPostArgs(array( + 'openid.ns' => Auth_OpenID_OPENID2_NS, + 'openid.mode' => 'monkeydance', + 'openid.identity' => 'http://wagu.unittest/', + 'openid.claimed_id' => 'http://wagu.unittest/', + 'openid.return_to' => $return_to)); + + $e = new Auth_OpenID_ServerError($args, "plucky"); + $this->assertTrue($e->hasReturnTo()); + $expected_args = array('openid.ns' => Auth_OpenID_OPENID2_NS, + 'openid.mode' => 'error', + 'openid.error' => 'plucky'); + + list($rt_base, $result_args_s) = explode('?', $e->encodeToURL(), 2); + $result_args = Auth_OpenID::parse_str($result_args_s); + + $this->assertEquals($result_args, $expected_args); + } + + function test_browserWithReturnTo_OpenID2_POST() + { + $return_to = "http://rp.unittest/consumer" . str_repeat('x', Auth_OpenID_OPENID1_URL_LIMIT); + // will be a ProtocolError raised by Decode or + // CheckIDRequest.answer + $args = Auth_OpenID_Message::fromPostArgs(array( + 'openid.ns' => Auth_OpenID_OPENID2_NS, + 'openid.mode' => 'monkeydance', + 'openid.identity' => 'http://wagu.unittest/', + 'openid.claimed_id' => 'http://wagu.unittest/', + 'openid.return_to' => $return_to)); + + $e = new Auth_OpenID_ServerError($args, "plucky"); + $this->assertTrue($e->hasReturnTo()); + $expected_args = array('openid.ns' => Auth_OpenID_OPENID2_NS, + 'openid.mode' => 'error', + 'openid.error' => 'plucky'); + + $this->assertTrue($e->whichEncoding() == Auth_OpenID_ENCODE_HTML_FORM); + + $msg = $e->toMessage(); + + $this->assertTrue($e->toFormMarkup() == + $msg->toFormMarkup($args->getArg(Auth_OpenID_OPENID_NS, 'return_to'))); + } + + function test_browserWithReturnTo_OpenID1_exceeds_limit() + { + $return_to = "http://rp.unittest/consumer" . str_repeat('x', Auth_OpenID_OPENID1_URL_LIMIT); + // will be a ProtocolError raised by Decode or + // CheckIDRequest.answer + $args = Auth_OpenID_Message::fromPostArgs(array( + 'openid.mode' => 'monkeydance', + 'openid.identity' => 'http://wagu.unittest/', + 'openid.return_to' => $return_to)); + + $this->assertTrue($args->isOpenID1()); + + $e = new Auth_OpenID_ServerError($args, "plucky"); + $this->assertTrue($e->hasReturnTo()); + $expected_args = array('openid.mode' => 'error', + 'openid.error' => 'plucky'); + + $this->assertTrue($e->whichEncoding() == Auth_OpenID_ENCODE_URL); + + list($rt_base, $result_args_s) = explode('?', $e->encodeToURL(), 2); + $result_args = Auth_OpenID::parse_str($result_args_s); + $this->assertEquals($result_args, $expected_args); + } + + function test_noReturnTo() + { + // will be a ProtocolError raised by Decode or CheckIDRequest.answer + $args = array( + 'openid.mode' => 'zebradance', + 'openid.identity' => 'http://wagu.unittest/'); + + $e = new Auth_OpenID_ServerError( + Auth_OpenID_Message::fromPostArgs($args), + "waffles"); + + $this->assertFalse($e->hasReturnTo()); + $expected = "error:waffles\nmode:error\n"; + $this->assertEquals($e->encodeToKVForm(), $expected); + } + + function test_noMessage() + { + $e = new Auth_OpenID_ServerError(); + $this->assertFalse($e->hasReturnTo()); + $this->assertEquals($e->whichEncoding(), null); + $this->assertEquals($e->getReturnTo(), null); + } +} + +class Tests_Auth_OpenID_Test_Decode extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->id_url = "http://decoder.am.unittest/"; + $this->rt_url = "http://rp.unittest/foobot/?qux=zam"; + $this->tr_url = "http://rp.unittest/"; + $this->assoc_handle = "{assoc}{handle}"; + + $this->claimed_id = 'http://de.legating.de.coder.unittest/'; + $this->op_endpoint = 'http://endpoint.unittest/encode'; + + $this->store = new Tests_Auth_OpenID_MemStore(); + $this->server = new Auth_OpenID_Server($this->store, + $this->op_endpoint); + $this->decoder = new Auth_OpenID_Decoder($this->server); + } + + function test_none() + { + $args = array(); + $r = $this->decoder->decode($args); + $this->assertEquals($r, null); + } + + function test_irrelevant() + { + $args = array( + 'pony' => 'spotted', + 'sreg.mutant_power' => 'decaffinator'); + + $r = $this->decoder->decode($args); + + $this->assertTrue(is_a($r, 'Auth_OpenID_ServerError')); + } + + function test_bad() + { + $args = array( + 'openid.mode' => 'twos-compliment', + 'openid.pants' => 'zippered'); + + // Be sure that decoding the args returns an error. + $result = $this->decoder->decode($args); + + $this->assertTrue(Auth_OpenID_isError($result)); + } + + function test_checkidImmediate() + { + $args = array( + 'openid.mode' => 'checkid_immediate', + 'openid.identity' => $this->id_url, + 'openid.assoc_handle' => $this->assoc_handle, + 'openid.return_to' => $this->rt_url, + 'openid.trust_root' => $this->tr_url, + # should be ignored + 'openid.some.extension' => 'junk'); + + $r = $this->decoder->decode($args); + $this->assertTrue(is_a($r, 'Auth_OpenID_CheckIDRequest')); + $this->assertEquals($r->mode, "checkid_immediate"); + $this->assertEquals($r->immediate, true); + $this->assertEquals($r->identity, $this->id_url); + $this->assertEquals($r->trust_root, $this->tr_url); + $this->assertEquals($r->return_to, $this->rt_url); + $this->assertEquals($r->assoc_handle, $this->assoc_handle); + } + + function test_checkidSetup() + { + $args = array( + 'openid.mode' => 'checkid_setup', + 'openid.identity' => $this->id_url, + 'openid.assoc_handle' => $this->assoc_handle, + 'openid.return_to' => $this->rt_url, + 'openid.trust_root' => $this->tr_url); + + $r = $this->decoder->decode($args); + $this->assertTrue(is_a($r, 'Auth_OpenID_CheckIDRequest')); + $this->assertEquals($r->mode, "checkid_setup"); + $this->assertEquals($r->immediate, false); + $this->assertEquals($r->identity, $this->id_url); + $this->assertEquals($r->trust_root, $this->tr_url); + $this->assertEquals($r->return_to, $this->rt_url); + } + + function test_checkidSetupOpenID2() + { + $args = array( + 'openid.ns' => Auth_OpenID_OPENID2_NS, + 'openid.mode' => 'checkid_setup', + 'openid.identity' => $this->id_url, + 'openid.claimed_id' => $this->claimed_id, + 'openid.assoc_handle' => $this->assoc_handle, + 'openid.return_to' => $this->rt_url, + 'openid.realm' => $this->tr_url + ); + + $r = $this->decoder->decode($args); + $this->assertTrue(is_a($r, 'Auth_OpenID_CheckIDRequest')); + $this->assertEquals($r->mode, "checkid_setup"); + $this->assertEquals($r->immediate, False); + $this->assertEquals($r->identity, $this->id_url); + $this->assertEquals($r->claimed_id, $this->claimed_id); + $this->assertEquals($r->trust_root, $this->tr_url); + $this->assertEquals($r->return_to, $this->rt_url); + } + + function test_checkidSetupNoClaimedIDOpenID2() + { + $args = array( + 'openid.ns' => Auth_OpenID_OPENID2_NS, + 'openid.mode' => 'checkid_setup', + 'openid.identity' => $this->id_url, + 'openid.assoc_handle' => $this->assoc_handle, + 'openid.return_to' => $this->rt_url, + 'openid.realm' => $this->tr_url + ); + + $result = $this->decoder->decode($args); + $this->assertTrue(is_a($result, "Auth_OpenID_ServerError")); + } + + function test_checkidSetupNoIdentityOpenID2() + { + $args = array( + 'openid.ns' => Auth_OpenID_OPENID2_NS, + 'openid.mode' => 'checkid_setup', + 'openid.assoc_handle' => $this->assoc_handle, + 'openid.return_to' => $this->rt_url, + 'openid.realm' => $this->tr_url); + + $r = $this->decoder->decode($args); + $this->assertTrue(is_a($r, 'Auth_OpenID_CheckIDRequest')); + $this->assertEquals($r->mode, "checkid_setup"); + $this->assertEquals($r->immediate, false); + $this->assertEquals($r->identity, null); + $this->assertEquals($r->trust_root, $this->tr_url); + $this->assertEquals($r->return_to, $this->rt_url); + } + + function test_checkidSetupNoReturnOpenID1() + { + $args = array( + 'openid.mode' => 'checkid_setup', + 'openid.identity' => $this->id_url, + 'openid.assoc_handle' => $this->assoc_handle, + 'openid.trust_root' => $this->tr_url); + + $result = $this->decoder->decode($args); + if (!Auth_OpenID_isError($result)) { + $this->fail("Expected Auth_OpenID_ServerError"); + } + } + + function test_checkidSetupNoReturnOpenID2() + { + // Make sure an OpenID 2 request with no return_to can be + // decoded, and make sure a response to such a request raises + // NoReturnToError. + $args = array( + 'openid.ns' => Auth_OpenID_OPENID2_NS, + 'openid.mode' => 'checkid_setup', + 'openid.identity' => $this->id_url, + 'openid.claimed_id' => $this->id_url, + 'openid.assoc_handle' => $this->assoc_handle, + 'openid.realm' => $this->tr_url); + + $req = $this->decoder->decode($args); + + $this->assertTrue(is_a($req, + 'Auth_OpenID_CheckIDRequest')); + + $this->assertTrue(is_a($req->answer(false), 'Auth_OpenID_NoReturnToError')); + $this->assertTrue(is_a($req->encodeToURL('bogus'), 'Auth_OpenID_NoReturnToError')); + $this->assertTrue(is_a($req->getCancelURL(), 'Auth_OpenID_NoReturnToError')); + } + + function test_checkidSetupRealmRequiredOpenID2() + { + // Make sure that an OpenID 2 request which lacks return_to + // cannot be decoded if it lacks a realm. Spec: This value + // (openid.realm) MUST be sent if openid.return_to is omitted. + + $args = array( + 'openid.ns' => Auth_OpenID_OPENID2_NS, + 'openid.mode' => 'checkid_setup', + 'openid.identity' => $this->id_url, + 'openid.assoc_handle' => $this->assoc_handle); + + $this->assertTrue(is_a($this->decoder->decode($args), + 'Auth_OpenID_ServerError')); + } + + function test_checkidSetupBadReturn() + { + $args = array( + 'openid.mode' => 'checkid_setup', + 'openid.identity' => $this->id_url, + 'openid.assoc_handle' => $this->assoc_handle, + 'openid.return_to' => 'not a url'); + + $result = $this->decoder->decode($args);; + if (Auth_OpenID_isError($result)) { + $this->assertTrue($result->message); + } else { + $this->fail(sprintf("Expected ProtocolError, instead " . + "returned with %s", gettype($result))); + } + } + + function test_checkidSetupUntrustedReturn() + { + $args = array( + 'openid.mode' => 'checkid_setup', + 'openid.identity' => $this->id_url, + 'openid.assoc_handle' => $this->assoc_handle, + 'openid.return_to' => $this->rt_url, + 'openid.trust_root' => 'http://not-the-return-place.unittest/'); + + $result = $this->decoder->decode($args); + $this->assertTrue(is_a($result, 'Auth_OpenID_UntrustedReturnURL')); + } + + function test_checkAuth() + { + $args = array( + 'openid.mode' => 'check_authentication', + 'openid.assoc_handle' => '{dumb}{handle}', + 'openid.sig' => 'sigblob', + 'openid.signed' => 'foo,bar,mode', + 'openid.foo' => 'signedval1', + 'openid.bar' => 'signedval2', + 'openid.baz' => 'unsigned'); + + $r = $this->decoder->decode($args); + $this->assertTrue(is_a($r, 'Auth_OpenID_CheckAuthRequest')); + $this->assertEquals($r->mode, 'check_authentication'); + $this->assertEquals($r->sig, 'sigblob'); + } + + function test_checkAuthMissingSignature() + { + $args = array( + 'openid.mode' => 'check_authentication', + 'openid.assoc_handle' => '{dumb}{handle}', + 'openid.signed' => 'foo,bar,mode', + 'openid.foo' => 'signedval1', + 'openid.bar' => 'signedval2', + 'openid.baz' => 'unsigned'); + + $r = $this->decoder->decode($args); + $this->assertTrue(is_a($r, 'Auth_OpenID_ServerError')); + } + + function test_checkAuthAndInvalidate() + { + $args = array( + 'openid.mode' => 'check_authentication', + 'openid.assoc_handle' => '{dumb}{handle}', + 'openid.invalidate_handle' => '[[SMART_handle]]', + 'openid.sig' => 'sigblob', + 'openid.signed' => 'foo,bar,mode', + 'openid.foo' => 'signedval1', + 'openid.bar' => 'signedval2', + 'openid.baz' => 'unsigned'); + + $r = $this->decoder->decode($args); + $this->assertTrue(is_a($r, 'Auth_OpenID_CheckAuthRequest')); + $this->assertEquals($r->invalidate_handle, '[[SMART_handle]]'); + } + + function test_associateDH() + { + if (defined('Auth_OpenID_NO_MATH_SUPPORT')) { + print "(Skipping test_associateDH)"; + return; + } + $args = array( + 'openid.mode' => 'associate', + 'openid.session_type' => 'DH-SHA1', + 'openid.dh_consumer_public' => "Rzup9265tw=="); + + $r = $this->decoder->decode($args); + $this->assertTrue(is_a($r, 'Auth_OpenID_AssociateRequest')); + $this->assertEquals($r->mode, "associate"); + $this->assertEquals($r->session->session_type, "DH-SHA1"); + $this->assertEquals($r->assoc_type, "HMAC-SHA1"); + $this->assertTrue($r->session->consumer_pubkey); + } + + function test_associateDHMissingKey() + { + if (defined('Auth_OpenID_NO_MATH_SUPPORT')) { + print "(Skipping test_associateDHMissingKey)"; + return; + } + $args = array( + 'openid.mode' => 'associate', + 'openid.session_type' => 'DH-SHA1'); + + // Using DH-SHA1 without supplying dh_consumer_public is an error. + $result = $this->decoder->decode($args); + if (!Auth_OpenID_isError($result)) { + $this->fail(sprintf("Expected Auth_OpenID_ServerError, got %s", + gettype($result))); + } + } + + /** + * XXX: Cannot produce a value to break base64_decode + function test_associateDHpubKeyNotB64() + { + $args = array( + 'openid.mode' => 'associate', + 'openid.session_type' => 'DH-SHA1', + 'openid.dh_consumer_public' => "donkeydonkeydonkey"); + + $r = $this->decoder->decode($args); + $this->assertTrue(is_a($r, 'Auth_OpenID_ServerError')); + } + */ + + function test_associateDHModGen() + { + if (defined('Auth_OpenID_NO_MATH_SUPPORT')) { + print "(Skipping test_associateDHModGen)"; + return; + } + + global $ALT_GEN; + + // test dh with non-default but valid values for dh_modulus + // and dh_gen + $lib = Auth_OpenID_getMathLib(); + + $args = array( + 'openid.mode' => 'associate', + 'openid.session_type' => 'DH-SHA1', + 'openid.dh_consumer_public' => "Rzup9265tw==", + 'openid.dh_modulus' => $lib->longToBase64(altModulus()), + 'openid.dh_gen' => $lib->longToBase64($ALT_GEN)); + + $r = $this->decoder->decode($args); + $this->assertTrue(is_a($r, 'Auth_OpenID_AssociateRequest')); + $this->assertEquals($r->mode, "associate"); + $this->assertEquals($r->session->session_type, "DH-SHA1"); + $this->assertEquals($r->assoc_type, "HMAC-SHA1"); + $this->assertTrue($lib->cmp($r->session->dh->mod, altModulus()) === 0); + $this->assertTrue($lib->cmp($r->session->dh->gen, $ALT_GEN) === 0); + $this->assertTrue($r->session->consumer_pubkey); + } + + /** + * XXX: Can't test invalid base64 values for mod and gen because + * PHP's base64 decoder is much too forgiving or just plain + * broken. + function test_associateDHCorruptModGen() + { + // test dh with non-default but valid values for dh_modulus + // and dh_gen + $args = array( + 'openid.mode' => 'associate', + 'openid.session_type' => 'DH-SHA1', + 'openid.dh_consumer_public' => "Rzup9265tw==", + 'openid.dh_modulus' => 'pizza', + 'openid.dh_gen' => 'gnocchi'); + + $r = $this->decoder->decode($args); + print_r($r); + + $this->assertTrue(is_a($r, 'Auth_OpenID_ServerError')); + } + */ + + function test_associateDHMissingModGen() + { + if (defined('Auth_OpenID_NO_MATH_SUPPORT')) { + print "(Skipping test_associateDHMissingModGen)"; + return; + } + + // test dh with non-default but valid values for dh_modulus + // and dh_gen + $args = array( + 'openid.mode' => 'associate', + 'openid.session_type' => 'DH-SHA1', + 'openid.dh_consumer_public' => "Rzup9265tw==", + 'openid.dh_modulus' => 'pizza'); + + $r = $this->decoder->decode($args); + $this->assertTrue(is_a($r, 'Auth_OpenID_ServerError')); + } + + function test_associateWeirdSession() + { + $args = array( + 'openid.mode' => 'associate', + 'openid.session_type' => 'FLCL6', + 'openid.dh_consumer_public' => "YQ==\n"); + + $r = $this->decoder->decode($args); + $this->assertTrue(is_a($r, 'Auth_OpenID_ServerError')); + } + + function test_associatePlain() + { + $args = array('openid.mode' => 'associate'); + + $r = $this->decoder->decode($args); + $this->assertTrue(is_a($r, 'Auth_OpenID_AssociateRequest')); + $this->assertEquals($r->mode, "associate"); + $this->assertEquals($r->session->session_type, "no-encryption"); + $this->assertEquals($r->assoc_type, "HMAC-SHA1"); + } + + function test_nomode() + { + $args = array( + 'openid.session_type' => 'DH-SHA1', + 'openid.dh_consumer_public' => "my public keeey"); + + $result = $this->decoder->decode($args); + if (!Auth_OpenID_isError($result)) { + $this->fail(sprintf("Expected Auth_OpenID_Error. Got %s", + gettype($result))); + } + } + + function test_invalidns() + { + $args = array('openid.ns' => 'Tuesday', + 'openid.mode' => 'associate'); + + $result = $this->decoder->decode($args); + + $this->assertTrue(is_a($result, 'Auth_OpenID_ServerError')); + + // Assert that the ProtocolError does have a Message attached + // to it, even though the request wasn't a well-formed Message. + $this->assertTrue($result->message); + + // The error message contains the bad openid.ns. + $this->assertTrue(strpos($result->text, 'Tuesday') != -1); + } +} + +class Tests_Auth_OpenID_Test_Encode extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->encoder = new Auth_OpenID_Encoder(); + $this->encode = $this->encoder; + $this->op_endpoint = 'http://endpoint.unittest/encode'; + $this->store = new Tests_Auth_OpenID_MemStore(); + $this->server = new Auth_OpenID_Server($this->store, + $this->op_endpoint); + } + + function encode($thing) { + return $this->encoder->encode($thing); + } + + function test_id_res_OpenID2_GET() + { + /* Check that when an OpenID 2 response does not exceed the + OpenID 1 message size, a GET response (i.e., redirect) is + issued. */ + $request = new Auth_OpenID_CheckIDRequest( + 'http://bombom.unittest/', + 'http://burr.unittest/999', + 'http://burr.unittest/', + false, + $this->server->op_endpoint); + + $response = new Auth_OpenID_ServerResponse($request); + $response->fields = Auth_OpenID_Message::fromOpenIDArgs(array( + 'ns' => Auth_OpenID_OPENID2_NS, + 'mode' => 'id_res', + 'identity' => $request->identity, + 'claimed_id' => $request->identity, + 'return_to' => $request->return_to)); + + $this->assertFalse($response->renderAsForm()); + $this->assertTrue($response->whichEncoding() == Auth_OpenID_ENCODE_URL); + $webresponse = $this->encode($response); + $this->assertTrue(array_key_exists('location', $webresponse->headers)); + } + + function test_id_res_OpenID2_POST() + { + /* Check that when an OpenID 2 response exceeds the OpenID 1 + message size, a POST response (i.e., an HTML form) is + returned. */ + $request = new Auth_OpenID_CheckIDRequest( + 'http://bombom.unittest/', + 'http://burr.unittest/999', + 'http://burr.unittest/', + false, + $this->server->op_endpoint); + + $response = new Auth_OpenID_ServerResponse($request); + $response->fields = Auth_OpenID_Message::fromOpenIDArgs(array( + 'ns' => Auth_OpenID_OPENID2_NS, + 'mode' => 'id_res', + 'identity' => $request->identity, + 'claimed_id' => $request->identity, + 'return_to' => str_repeat('x', Auth_OpenID_OPENID1_URL_LIMIT))); + + $this->assertTrue($response->renderAsForm()); + $this->assertTrue(strlen($response->encodeToURL()) > Auth_OpenID_OPENID1_URL_LIMIT); + $this->assertTrue($response->whichEncoding() == Auth_OpenID_ENCODE_HTML_FORM); + $webresponse = $this->encode($response); + $this->assertEquals($webresponse->body, $response->toFormMarkup()); + } + + function test_id_res_OpenID1_exceeds_limit() + { + /* Check that when an OpenID 1 response exceeds the OpenID 1 + message size, a GET response is issued. Technically, this + shouldn't be permitted by the library, but this test is in + place to preserve the status quo for OpenID 1. */ + $request = new Auth_OpenID_CheckIDRequest( + 'http://bombom.unittest/', + 'http://burr.unittest/999', + 'http://burr.unittest/', + false, + $this->server->op_endpoint); + + $response = new Auth_OpenID_ServerResponse($request); + $response->fields = Auth_OpenID_Message::fromOpenIDArgs(array( + 'mode' => 'id_res', + 'identity' => $request->identity, + 'return_to' => str_repeat('x', Auth_OpenID_OPENID1_URL_LIMIT))); + + $this->assertFalse($response->renderAsForm()); + $this->assertTrue(strlen($response->encodeToURL()) > Auth_OpenID_OPENID1_URL_LIMIT); + $this->assertTrue($response->whichEncoding() == Auth_OpenID_ENCODE_URL); + $webresponse = $this->encode($response); + $this->assertEquals($webresponse->headers['location'], $response->encodeToURL()); + } + + function test_id_res() + { + $request = new Auth_OpenID_CheckIDRequest( + 'http://bombom.unittest/', + 'http://burr.unittest/', + 'http://burr.unittest/999', + false, + $this->server); + + $response = new Auth_OpenID_ServerResponse($request); + $response->fields = Auth_OpenID_Message::fromOpenIDArgs( + array( + 'mode' => 'id_res', + 'identity' => $request->identity, + 'return_to' => $request->return_to)); + + $webresponse = $this->encoder->encode($response); + $this->assertEquals($webresponse->code, AUTH_OPENID_HTTP_REDIRECT); + $this->assertTrue(array_key_exists('location', + $webresponse->headers)); + + $location = $webresponse->headers['location']; + $this->assertTrue(strpos($location, $request->return_to) === 0); + // "%s does not start with %s" % ($location, + // $request->return_to)); + + $parsed = parse_url($location); + $query = array(); + $query = Auth_OpenID::parse_str($parsed['query']); + + $expected = $response->fields->toPostArgs(); + $this->assertEquals($query, $expected); + } + + function test_cancel() + { + $request = new Auth_OpenID_CheckIDRequest( + 'http://bombom.unittest/', + 'http://burr.unittest/', + 'http://burr.unittest/999', + false, null, + $this->server); + + $response = new Auth_OpenID_ServerResponse($request); + $response->fields = Auth_OpenID_Message::fromOpenIDArgs(array('mode' => 'cancel')); + + $webresponse = $this->encoder->encode($response); + $this->assertEquals($webresponse->code, AUTH_OPENID_HTTP_REDIRECT); + $this->assertTrue(array_key_exists('location', $webresponse->headers)); + } + + function test_cancelToForm() + { + $request = new Auth_OpenID_CheckIDRequest( + 'http://bombom.unittest/', + 'http://burr.unittest/999', + 'http://burr.unittest/', + false, null, + $this->server); + + $response = new Auth_OpenID_ServerResponse($request); + $response->fields = Auth_OpenID_Message::fromOpenIDArgs(array('mode' => 'cancel')); + + $form = $response->toFormMarkup(); + $pos = strpos($form, 'http://burr.unittest/999'); + $this->assertTrue($pos !== false, var_export($pos, true)); + } + + function test_assocReply() + { + if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) { + $message = new Auth_OpenID_Message(Auth_OpenID_OPENID2_NS); + $message->setArg(Auth_OpenID_OPENID2_NS, 'session_type', + 'no-encryption'); + $request = Auth_OpenID_AssociateRequest::fromMessage($message, + $this->server); + $response = new Auth_OpenID_ServerResponse($request); + $response->fields = Auth_OpenID_Message::fromOpenIDArgs( + array('assoc_handle' => "every-zig")); + $webresponse = $this->encoder->encode($response); + $body = "assoc_handle:every-zig\n"; + $this->assertEquals($webresponse->code, AUTH_OPENID_HTTP_OK); + $this->assertEquals($webresponse->headers, array()); + $this->assertEquals($webresponse->body, $body); + } + } + + function test_checkauthReply() + { + $request = new Auth_OpenID_CheckAuthRequest('a_sock_monkey', + 'siggggg', + array()); + $response = new Auth_OpenID_ServerResponse($request); + $response->fields = Auth_OpenID_Message::fromOpenIDArgs(array( + 'is_valid' => 'true', + 'invalidate_handle' => 'xXxX:xXXx')); + + $body = "invalidate_handle:xXxX:xXXx\nis_valid:true\n"; + $webresponse = $this->encoder->encode($response); + $this->assertEquals($webresponse->code, AUTH_OPENID_HTTP_OK); + $this->assertEquals($webresponse->headers, array()); + $this->assertEquals($webresponse->body, $body); + } + + function test_unencodableError() + { + $args = array('openid.identity' => 'http://limu.unittest/'); + + $e = new Auth_OpenID_ServerError(Auth_OpenID_Message::fromPostArgs($args), + "wet paint"); + + $result = $this->encoder->encode($e); + if (!Auth_OpenID_isError($result, 'Auth_OpenID_EncodingError')) { + $this->fail(sprintf("Expected Auth_OpenID_ServerError, got %s", + gettype($result))); + } + } + + function test_encodableError() + { + $args = array( + 'openid.mode' => 'associate', + 'openid.identity' => 'http://limu.unittest/'); + + $body="error:snoot\nmode:error\n"; + $err = new Auth_OpenID_ServerError(Auth_OpenID_Message::fromPostArgs($args), + "snoot"); + + $webresponse = $this->encoder->encode($err); + $this->assertEquals($webresponse->code, AUTH_OPENID_HTTP_ERROR); + $this->assertEquals($webresponse->headers, array()); + $this->assertEquals($webresponse->body, $body); + } +} + +class Tests_Auth_OpenID_SigningEncode extends PHPUnit_Framework_TestCase { + function setUp() + { + // Use filestore here instead of memstore + $this->store = new Tests_Auth_OpenID_MemStore(); + + $this->op_endpoint = 'http://endpoint.unittest/encode'; + + $this->server = new Auth_OpenID_Server($this->store, + $this->op_endpoint); + + $this->request = new Auth_OpenID_CheckIDRequest( + 'http://bombom.unittest/', + 'http://burr.unittest/', + 'http://burr.unittest/999', + false, + null, + $this->server); + + $this->response = new Auth_OpenID_ServerResponse($this->request); + $this->response->fields = Auth_OpenID_Message::fromOpenIDArgs(array( + 'mode' => 'id_res', + 'identity' => $this->request->identity, + 'return_to' => $this->request->return_to)); + + $this->signatory = new Auth_OpenID_Signatory($this->store); + $this->dumb_key = $this->signatory->dumb_key; + $this->normal_key = $this->signatory->normal_key; + + $this->encoder = new Auth_OpenID_SigningEncoder($this->signatory); + } + + function test_idres() + { + $assoc_handle = '{bicycle}{shed}'; + $assoc = Auth_OpenID_Association::fromExpiresIn(60, $assoc_handle, + 'sekrit', 'HMAC-SHA1'); + $this->store->storeAssociation($this->normal_key, $assoc); + $this->request->assoc_handle = $assoc_handle; + $webresponse = $this->encoder->encode($this->response); + $this->assertEquals($webresponse->code, AUTH_OPENID_HTTP_REDIRECT); + $this->assertTrue(array_key_exists('location', + $webresponse->headers)); + + $location = $webresponse->headers['location']; + $parsed = parse_url($location); + $query = Auth_OpenID::getQuery($parsed['query']); + + $this->assertTrue(array_key_exists('openid.sig', $query)); + $this->assertTrue(array_key_exists('openid.assoc_handle', $query)); + $this->assertTrue(array_key_exists('openid.signed', $query)); + } + + function test_idresDumb() + { + $webresponse = $this->encoder->encode($this->response); + $this->assertEquals($webresponse->code, AUTH_OPENID_HTTP_REDIRECT); + $this->assertTrue(array_key_exists('location', $webresponse->headers)); + + $location = $webresponse->headers['location']; + $parsed = parse_url($location); + $query = Auth_OpenID::getQuery($parsed['query']); + + $this->assertTrue(array_key_exists('openid.sig', $query)); + $this->assertTrue(array_key_exists('openid.assoc_handle', $query)); + $this->assertTrue(array_key_exists('openid.signed', $query)); + } + + function test_forgotStore() + { + $this->encoder->signatory = null; + $result = $this->encoder->encode($this->response); + if (!is_a($result, 'Auth_OpenID_ServerError')) { + $this->fail(sprintf("Expected Auth_OpenID_ServerError, got %s", + gettype($result))); + } + } + + function test_cancel() + { + $request = new Auth_OpenID_CheckIDRequest( + 'http://bombom.unittest/', + 'http://burr.unittest/', + 'http://burr.unittest/999', + false, + null, + $this->server); + + $response = new Auth_OpenID_ServerResponse($request, 'cancel'); + $webresponse = $this->encoder->encode($response); + $this->assertEquals($webresponse->code, AUTH_OPENID_HTTP_REDIRECT); + $this->assertTrue(array_key_exists('location', $webresponse->headers)); + $location = $webresponse->headers['location']; + $parsed = parse_url($location); + $query = Auth_OpenID::getQuery($parsed['query']); + + $this->assertFalse(array_key_exists('openid.sig', $query)); + } + + function test_assocReply() + { + if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) { + $message = new Auth_OpenID_Message(Auth_OpenID_OPENID1_NS); + $request = Auth_OpenID_AssociateRequest::fromMessage($message, + $this->server); + $response = new Auth_OpenID_ServerResponse($request); + $response->fields = Auth_OpenID_Message::fromOpenIDArgs( + array('assoc_handle' => "every-zig")); + $webresponse = $this->encoder->encode($response); + $body = "assoc_handle:every-zig\n"; + + $this->assertEquals($webresponse->code, AUTH_OPENID_HTTP_OK); + $this->assertEquals($webresponse->headers, array()); + $this->assertEquals($webresponse->body, $body); + } + } + + function test_alreadySigned() + { + $this->response->fields->setArg(Auth_OpenID_OPENID_NS, 'sig', 'priorSig=='); + $result = $this->encoder->encode($this->response); + if (!is_a($result, 'Auth_OpenID_AlreadySigned')) { + $this->fail(sprintf("Expected Auth_OpenID_AlreadySigned " . + "instance, got %s", gettype($result))); + } + } +} + +class Tests_Auth_OpenID_CheckID extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->store = new Tests_Auth_OpenID_MemStore(); + + $this->op_endpoint = 'http://endpoint.unittest/encode'; + + $this->server = new Auth_OpenID_Server($this->store, + $this->op_endpoint); + + $this->request = new Auth_OpenID_CheckIDRequest( + 'http://bambam.unittest/', + 'http://bar.unittest/999', + 'http://bar.unittest/', + false, null, + $this->server); + + $this->request->message = new Auth_OpenID_Message( + Auth_OpenID_OPENID2_NS); + } + + function test_fromMessageClaimedIDWithoutIdentityOpenID2() + { + $name = 'https://example.myopenid.com'; + + $msg = new Auth_OpenID_Message(Auth_OpenID_OPENID2_NS); + $msg->setArg(Auth_OpenID_OPENID_NS, 'mode', 'checkid_setup'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'return_to', + 'http://invalid:8000/rt'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'claimed_id', $name); + + $result = Auth_OpenID_CheckIDRequest::fromMessage( + $msg, $this->server); + + $this->assertTrue(is_a($result, 'Auth_OpenID_ServerError')); + } + + function test_fromMessageIdentityWithoutClaimedIDOpenID2() + { + $name = 'https://example.myopenid.com'; + + $msg = new Auth_OpenID_Message(Auth_OpenID_OPENID2_NS); + $msg->setArg(Auth_OpenID_OPENID_NS, 'mode', 'checkid_setup'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'return_to', + 'http://invalid:8000/rt'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'identity', $name); + + $result = Auth_OpenID_CheckIDRequest::fromMessage( + $msg, $this->server); + + $this->assertTrue(is_a($result, 'Auth_OpenID_ServerError')); + } + + function test_fromMessageWithEmptyTrustRoot() + { + $return_to = 'http://does.not.matter/'; + $msg = Auth_OpenID_Message::fromPostArgs(array( + 'openid.assoc_handle' => '{blah}{blah}{OZivdQ==}', + 'openid.claimed_id' => 'http://delegated.invalid/', + 'openid.identity' => 'http://op-local.example.com/', + 'openid.mode' => 'checkid_setup', + 'openid.ns' => 'http://openid.net/signon/1.0', + 'openid.return_to' => $return_to, + 'openid.trust_root' => '' + )); + $result = Auth_OpenID_CheckIDRequest::fromMessage( + $msg, $this->server); + $this->assertEquals($return_to, $result->trust_root); + } + + function test_trustRootInvalid() + { + $this->request->trust_root = "http://foo.unittest/17"; + $this->request->return_to = "http://foo.unittest/39"; + $this->assertFalse($this->request->trustRootValid()); + } + + function test_trustRootValid() + { + $this->request->trust_root = "http://foo.unittest/"; + $this->request->return_to = "http://foo.unittest/39"; + $this->assertTrue($this->request->trustRootValid()); + } + + function test_malformedTrustRoot() + { + $this->request->trust_root = "invalid://trust*root/"; + $this->request->return_to = "http://foo.unittest/39"; + $sentinel = 'Sentinel'; + $this->request->message = $sentinel; + + $result = $this->request->trustRootValid(); + $this->assertTrue(Auth_OpenID_isError($result)); + $this->assertEquals($result->message, $sentinel); + } + + function _verify($trust_root, $return_to, $value) + { + $this->assertEquals($this->request->trust_root, $trust_root); + $this->assertEquals($this->request->return_to, $return_to); + return $value; + } + + function _verifyTrue($trust_root, $return_to) + { + return $this->_verify($trust_root, $return_to, true); + } + + function _verifyFalse($trust_root, $return_to) + { + return $this->_verify($trust_root, $return_to, false); + } + + /* + * Make sure that verifyReturnTo is calling + * Auth_OpenID_verifyReturnTo + */ + function test_returnToVerified_callsVerify() + { + // Ensure that True and False are passed through unchanged + $this->request->verifyReturnTo = array($this, '_verifyTrue'); + $this->assertEquals(true, $this->request->returnToVerified()); + + $this->request->verifyReturnTo = array($this, '_verifyFalse'); + $this->assertEquals(false, $this->request->returnToVerified()); + } + + function test_answerToInvalidRoot() + { + $this->request->trust_root = "http://foo.unittest/17"; + $this->request->return_to = "http://foo.unittest/39"; + $result = $this->request->answer(true); + if (!is_a($result, 'Auth_OpenID_UntrustedReturnURL')) { + $this->fail(sprintf("Expected Auth_OpenID_UntrustedReturnURL, " . + "got %s", gettype($result))); + } + $this->assertTrue($this->request->answer(false)); + } + + function _expectAnswer($answer, $identity=null, $claimed_id=null) + { + if (is_a($answer, 'Auth_OpenID_ServerError')) { + $this->fail("Got ServerError, expected valid response in ".$this->getName()); + return; + } + + $expected_list = array( + array('mode', 'id_res'), + array('return_to', $this->request->return_to), + array('op_endpoint', $this->op_endpoint)); + + if ($identity) { + $expected_list[] = array('identity', $identity); + + if ($claimed_id) { + $expected_list[] = array('claimed_id', $claimed_id); + } else { + $expected_list[] = array('claimed_id', $identity); + } + } + + foreach ($expected_list as $pair) { + list($k, $expected) = $pair; + $actual = $answer->fields->getArg(Auth_OpenID_OPENID_NS, $k); + $this->assertEquals($expected, $actual, + "Got wrong value for field '".$k."'"); + } + + $this->assertTrue($answer->fields->hasKey(Auth_OpenID_OPENID_NS, 'response_nonce')); + $this->assertTrue($answer->fields->getOpenIDNamespace() == Auth_OpenID_OPENID2_NS); + + # One for nonce, one for ns + $this->assertEquals(count($answer->fields->toPostArgs()), + count($expected_list) + 2); + } + + function test_answerAllow() + { + $answer = $this->request->answer(true); + + if (Auth_OpenID_isError($answer)) { + $this->fail($answer->toString()); + return; + } + $this->assertEquals($answer->request, $this->request); + $this->_expectAnswer($answer, $this->request->identity); + } + + function test_answerAllowDelegatedIdentity() + { + $this->request->claimed_id = 'http://delegating.unittest/'; + $answer = $this->request->answer(true); + $this->_expectAnswer($answer, $this->request->identity, + $this->request->claimed_id); + } + + function test_answerAllowWithoutIdentityReally() + { + $this->request->identity = null; + $answer = $this->request->answer(true); + $this->assertEquals($answer->request, $this->request); + $this->_expectAnswer($answer); + } + + function test_answerAllowAnonymousFail() + { + $this->request->identity = null; + // XXX - Check on this, I think this behavior is legal in + // OpenID 2.0? + // $this->failUnlessRaises( + // ValueError, $this->request->answer, true, identity="=V"); + $this->assertTrue(is_a($this->request->answer(true, null, "=V"), + 'Auth_OpenID_ServerError')); + } + + function test_answerAllowWithIdentity() + { + $this->request->identity = Auth_OpenID_IDENTIFIER_SELECT; + $selected_id = 'http://anon.unittest/9861'; + $answer = $this->request->answer(true, null, $selected_id); + $this->_expectAnswer($answer, $selected_id); + } + + function test_fromMessageWithoutTrustRoot() + { + $msg = new Auth_OpenID_Message(Auth_OpenID_OPENID2_NS);; + $msg->setArg(Auth_OpenID_OPENID_NS, 'mode', 'checkid_setup'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'return_to', + 'http://real_trust_root/foo'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_handle', 'bogus'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'identity', 'george'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'claimed_id', 'george'); + + $result = Auth_OpenID_CheckIDRequest::fromMessage( + $msg, $this->server->op_endpoint); + + $this->assertEquals($result->trust_root, + 'http://real_trust_root/foo'); + } + + function test_fromMessageWithoutTrustRootOrReturnTo() + { + $msg = new Auth_OpenID_Message(Auth_OpenID_OPENID2_NS); + $msg->setArg(Auth_OpenID_OPENID_NS, 'mode', 'checkid_setup'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_handle', 'bogus'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'identity', 'george'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'claimed_id', 'george'); + + $result = Auth_OpenID_CheckIDRequest::fromMessage( + $msg, $this->server); + $this->assertTrue(is_a($result, 'Auth_OpenID_ServerError')); + } + + function test_answerAllowNoEndpointOpenID1() + { + $identity = 'http://bambam.unittest/'; + $reqmessage = Auth_OpenID_Message::fromOpenIDArgs(array( + 'identity' => $identity, + 'trust_root' => 'http://bar.unittest/', + 'return_to' => 'http://bar.unittest/999', + )); + $this->server->op_endpoint = null; + $this->request = Auth_OpenID_CheckIDRequest::fromMessage($reqmessage, $this->server); + $answer = $this->request->answer(true); + + $expected_list = array('mode' => 'id_res', + 'return_to' => $this->request->return_to, + 'identity' => $identity, + ); + + foreach ($expected_list as $k => $expected) { + $actual = $answer->fields->getArg(Auth_OpenID_OPENID_NS, $k); + $this->assertEquals($expected, $actual); + } + + $this->assertTrue($answer->fields->hasKey(Auth_OpenID_OPENID_NS, + 'response_nonce')); + $this->assertTrue($answer->fields->getOpenIDNamespace(), + Auth_OpenID_OPENID1_NS); + $this->assertTrue( + $answer->fields->namespaces->isImplicit(Auth_OpenID_OPENID1_NS)); + + // One for nonce (OpenID v1 namespace is implicit) + $this->assertEquals(count($answer->fields->toPostArgs()), + count($expected_list) + 1, + var_export($answer->fields->toPostArgs(), true)); + } + + function test_answerAllowWithDelegatedIdentityOpenID2() + { + // Answer an IDENTIFIER_SELECT case with a delegated + // identifier. claimed_id delegates to selected_id here. + $this->request->identity = Auth_OpenID_IDENTIFIER_SELECT; + $selected_id = 'http://anon.unittest/9861'; + $claimed_id = 'http://monkeyhat.unittest/'; + $answer = $this->request->answer(true, null, $selected_id, + $claimed_id); + $this->_expectAnswer($answer, $selected_id, $claimed_id); + } + + function test_answerAllowWithDelegatedIdentityOpenID1() + { + // claimed_id parameter doesn't exist in OpenID 1. + $msg = new Auth_OpenID_Message(Auth_OpenID_OPENID1_NS); + $this->request->message = $msg; + // claimed_id delegates to selected_id here. + $this->request->identity = Auth_OpenID_IDENTIFIER_SELECT; + $selected_id = 'http://anon.unittest/9861'; + $claimed_id = 'http://monkeyhat.unittest/'; + + $result = $this->request->answer(true, + null, + $selected_id, + $claimed_id); + + $this->assertTrue(is_a($result, "Auth_OpenID_ServerError"), + var_export($result, true)); + } + + function test_answerAllowWithAnotherIdentity() + { + // XXX - Check on this, I think this behavior is legal is + // OpenID 2.0? + // $this->failUnlessRaises(ValueError, $this->request->answer, true, + // identity="http://pebbles.unittest/"); + $result = $this->request->answer(true, null, "http://pebbles.unittest/"); + $this->assertTrue(is_a($result, "Auth_OpenID_ServerError")); + } + + function test_answerAllowNoIdentityOpenID1() + { + $msg = new Auth_OpenID_Message(Auth_OpenID_OPENID1_NS); + $this->request->message = $msg; + $this->request->identity = null; + // $this->failUnlessRaises(ValueError, $this->request->answer, true, + // identity=null); + $result = $this->request->answer(true); + $this->assertTrue(is_a($result, "Auth_OpenID_ServerError")); + } + + function test_answerAllowForgotEndpoint() + { + $this->request->server->op_endpoint = null; + $result = $this->request->answer(true); + $this->assertTrue(is_a($result, "Auth_OpenID_ServerError")); + } + + function test_checkIDWithNoIdentityOpenID1() + { + $msg = new Auth_OpenID_Message(Auth_OpenID_OPENID1_NS); + $msg->setArg(Auth_OpenID_OPENID_NS, 'return_to', 'bogus'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'trust_root', 'bogus'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'mode', 'checkid_setup'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_handle', 'bogus'); + + // $this->failUnlessRaises(server->ProtocolError, + // server->CheckIDRequest->fromMessage, + // msg, $this->server); + $result = Auth_OpenID_CheckIDRequest::fromMessage($msg, $this->server); + + $this->assertTrue(is_a($result, 'Auth_OpenID_ServerError')); + } + + function test_trustRootOpenID1() + { + // Ignore openid.realm in OpenID 1 + $msg = new Auth_OpenID_Message(Auth_OpenID_OPENID1_NS); + $msg->setArg(Auth_OpenID_OPENID_NS, 'mode', 'checkid_setup'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'trust_root', 'http://real_trust_root/'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'realm', 'http://fake_trust_root/'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'return_to', 'http://real_trust_root/foo'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_handle', 'bogus'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'identity', 'george'); + + $result = Auth_OpenID_CheckIDRequest::fromMessage($msg, $this->server); + + $this->assertTrue($result->trust_root == 'http://real_trust_root/'); + } + + function test_trustRootOpenID2() + { + // Ignore openid.trust_root in OpenID 2 + $msg = new Auth_OpenID_Message(Auth_OpenID_OPENID2_NS); + $msg->setArg(Auth_OpenID_OPENID_NS, 'mode', 'checkid_setup'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'realm', 'http://real_trust_root/'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'trust_root', 'http://fake_trust_root/'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'return_to', 'http://real_trust_root/foo'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'assoc_handle', 'bogus'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'identity', 'george'); + $msg->setArg(Auth_OpenID_OPENID_NS, 'claimed_id', 'george'); + + $result = Auth_OpenID_CheckIDRequest::fromMessage($msg, $this->server); + + $this->assertTrue($result->trust_root == 'http://real_trust_root/'); + } + + function test_encodeToURL() + { + $server_url = 'http://openid-server.unittest/'; + $result = $this->request->encodeToURL($server_url); + + $this->assertFalse(is_a($result, 'Auth_OpenID_ServerError')); + + // How to check? How about a round-trip test. + list($base, $result_args) = explode("?", $result, 2); + $args = Auth_OpenID::getQuery($result_args); + $message = Auth_OpenID_Message::fromPostArgs($args); + + $rebuilt_request = Auth_OpenID_CheckIDRequest::fromMessage($message, + $this->server); + // argh, lousy hack + $this->assertTrue($rebuilt_request->equals($this->request)); + } + + function test_answerAllowNoTrustRoot() + { + $this->request->trust_root = null; + $answer = $this->request->answer(true); + $this->assertEquals($answer->request, $this->request); + $this->_expectAnswer($answer, $this->request->identity); + } + + function test_answerImmediateDenyOpenID1() + { + $msg = new Auth_OpenID_Message(Auth_OpenID_OPENID1_NS); + $this->request->message = $msg; + $this->request->namespace = $msg->getOpenIDNamespace(); + $this->request->mode = 'checkid_immediate'; + $this->request->claimed_id = 'http://claimed-id.test/'; + $this->request->immediate = true; + $server_url = "http://setup-url.unittest/"; + $answer = $this->request->answer(false, $server_url); + + $this->assertEquals($answer->request, $this->request); + $this->assertEquals(count($answer->fields->toPostArgs()), 2); + $this->assertEquals($answer->fields->getOpenIDNamespace(), + Auth_OpenID_OPENID1_NS); + $this->assertTrue( + $answer->fields->namespaces->isImplicit(Auth_OpenID_OPENID1_NS)); + $this->assertEquals($answer->fields->getArg(Auth_OpenID_OPENID_NS, 'mode'), + 'id_res'); + + $usu = $answer->fields->getArg(Auth_OpenID_OPENID_NS,'user_setup_url'); + $this->assertTrue(strpos($usu, $server_url) == 0); + $expected_substr = 'openid.claimed_id=http%3A%2F%2Fclaimed-id.test%2F'; + $this->assertTrue(strpos($usu, $expected_substr), $usu); + } + + function test_answerImmediateDenyOpenID2() + { + $this->request->mode = 'checkid_immediate'; + $this->request->immediate = true; + $server_url = "http://setup-url.unittest/"; + $answer = $this->request->answer(false, $server_url); + + $this->assertEquals($answer->request, $this->request); + $this->assertEquals(count($answer->fields->toPostArgs()), 3); + $this->assertEquals($answer->fields->getOpenIDNamespace(), + Auth_OpenID_OPENID2_NS); + $this->assertEquals($answer->fields->getArg(Auth_OpenID_OPENID_NS, 'mode'), + 'setup_needed'); + } + + function test_answerSetupDeny() + { + $answer = $this->request->answer(false); + $this->assertEquals($answer->fields->getArgs(Auth_OpenID_OPENID_NS), + array('mode' => 'cancel')); + } + + function test_getCancelURL() + { + $url = $this->request->getCancelURL(); + + $parsed = parse_url($url); + $query = Auth_OpenID::getQuery($parsed['query']); + + $this->assertEquals(array('openid.mode' => 'cancel', + 'openid.ns' => Auth_OpenID_OPENID2_NS), + $query); + } + + function test_getCancelURLimmed() + { + $this->request->mode = 'checkid_immediate'; + $this->request->immediate = true; + $result = $this->request->getCancelURL(); + if (!is_a($result, 'Auth_OpenID_ServerError')) { + $this->fail(sprintf("Expected Auth_OpenID_ServerError, got %s", + gettype($result))); + } + } +} + +class Tests_Auth_OpenID_CheckIDExtension extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->op_endpoint = 'http://endpoint.unittest/ext'; + $this->store = new Tests_Auth_OpenID_MemStore(); + $this->server = new Auth_OpenID_Server($this->store, $this->op_endpoint); + $this->request = new Auth_OpenID_CheckIDRequest( + 'http://bambam.unittest/', + 'http://bar.unittest/', + 'http://bar.unittest/999', + false, + null, + $this->server); + + $this->response = new Auth_OpenID_ServerResponse($this->request); + $this->response->fields->setArg(Auth_OpenID_OPENID_NS, 'mode', 'id_res'); + $this->response->fields->setArg(Auth_OpenID_OPENID_NS, 'blue', 'star'); + } + + function test_addField() + { + $namespace = 'something:'; + $this->response->fields->setArg($namespace, 'bright', 'potato'); + $this->assertEquals($this->response->fields->getArgs(Auth_OpenID_OPENID_NS), + array('blue' => 'star', + 'mode' => 'id_res')); + + $this->assertEquals($this->response->fields->getArgs($namespace), + array('bright' => 'potato')); + } + + function test_addFields() + { + $namespace = 'mi5:'; + $args = array('tangy' => 'suspenders', + 'bravo' => 'inclusion'); + + $this->response->fields->updateArgs($namespace, $args); + $this->assertEquals($this->response->fields->getArgs(Auth_OpenID_OPENID_NS), + array('blue' => 'star', + 'mode' => 'id_res')); + $this->assertEquals($this->response->fields->getArgs($namespace), $args); + } +} + +class _MockSignatory { + var $isValid = true; + + function _MockSignatory($assoc) + { + $this->assocs = array($assoc); + } + + function verify($assoc_handle, $message) + { + if (!$message->hasKey(Auth_OpenID_OPENID_NS, 'sig')) { + return false; + } + + if (in_array(array(true, $assoc_handle), $this->assocs)) { + return $this->isValid; + } else { + return false; + } + } + + function getAssociation($assoc_handle, $dumb) + { + if (in_array(array($dumb, $assoc_handle), $this->assocs)) { + // This isn't a valid implementation for many uses of this + // function, mind you. + return true; + } else { + return null; + } + } + + function invalidate($assoc_handle, $dumb) + { + if (in_array(array($dumb, $assoc_handle), $this->assocs)) { + $i = 0; + foreach ($this->assocs as $pair) { + if ($pair == array($dumb, $assoc_handle)) { + unset($this->assocs[$i]); + break; + } + $i++; + } + } + } +} + +class Tests_Auth_OpenID_CheckAuth extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->assoc_handle = 'mooooooooo'; + $this->message = Auth_OpenID_Message::fromPostArgs( + array('openid.sig' => 'signarture', + 'one' => 'alpha', + 'two' => 'beta')); + + $this->request = new Auth_OpenID_CheckAuthRequest( + $this->assoc_handle, $this->message); + + $this->signatory = new _MockSignatory(array(true, $this->assoc_handle)); + } + + function test_valid() + { + $this->request->namespace = Auth_OpenID_OPENID1_NS; + $r = $this->request->answer($this->signatory); + $this->assertEquals($r->fields->getArgs(Auth_OpenID_OPENID1_NS), + array('is_valid' => 'true')); + $this->assertEquals($r->request, $this->request); + } + + function test_invalid() + { + $this->request->namespace = Auth_OpenID_OPENID1_NS; + $this->signatory->isValid = false; + $r = $this->request->answer($this->signatory); + $this->assertEquals($r->fields->getArgs(Auth_OpenID_OPENID1_NS), + array('is_valid' => 'false')); + } + + function test_replay() + { + $this->request->namespace = Auth_OpenID_OPENID1_NS; + $r = $this->request->answer($this->signatory); + $r = $this->request->answer($this->signatory); + $this->assertEquals($r->fields->getArgs(Auth_OpenID_OPENID1_NS), + array('is_valid' => 'false')); + } + + function test_invalidatehandle() + { + $this->request->namespace = Auth_OpenID_OPENID1_NS; + $this->request->invalidate_handle = "bogusHandle"; + $r = $this->request->answer($this->signatory); + $this->assertEquals($r->fields->getArgs(Auth_OpenID_OPENID1_NS), + array('is_valid' => 'true', + 'invalidate_handle' => "bogusHandle")); + $this->assertEquals($r->request, $this->request); + } + + function test_invalidatehandleNo() + { + $this->request->namespace = Auth_OpenID_OPENID1_NS; + $assoc_handle = 'goodhandle'; + $this->signatory->assocs[] = array(false, 'goodhandle'); + $this->request->invalidate_handle = $assoc_handle; + $r = $this->request->answer($this->signatory); + $this->assertEquals($r->fields->getArgs(Auth_OpenID_OPENID1_NS), + array('is_valid' => 'true')); + } +} + +class Tests_Auth_OpenID_Associate extends PHPUnit_Framework_TestCase { + // TODO: test DH with non-default values for modulus and gen. + // (important to do because we actually had it broken for a + // while.) + + function setUp() + { + $message = new Auth_OpenID_Message(Auth_OpenID_OPENID1_NS); + $this->request = Auth_OpenID_AssociateRequest::fromMessage($message); + $this->store = new Tests_Auth_OpenID_MemStore(); + $this->signatory = new Auth_OpenID_Signatory($this->store); + } + + function test_dhSHA1() + { + if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) { + $this->assoc = $this->signatory->createAssociation(false, + 'HMAC-SHA1'); + + $dh = new Auth_OpenID_DiffieHellman(); + $ml = Auth_OpenID_getMathLib(); + + $cpub = $dh->public; + $session = new Auth_OpenID_DiffieHellmanSHA1ServerSession( + new Auth_OpenID_DiffieHellman(), + $cpub); + + $this->request = new Auth_OpenID_AssociateRequest($session, + 'HMAC-SHA1'); + $response = $this->request->answer($this->assoc); + + $this->assertEquals( + $response->fields->getArg(Auth_OpenID_OPENID_NS, "assoc_type"), + "HMAC-SHA1"); + + $this->assertEquals( + $response->fields->getArg(Auth_OpenID_OPENID_NS, "assoc_handle"), + $this->assoc->handle); + + $this->assertFalse( + $response->fields->getArg(Auth_OpenID_OPENID_NS, "mac_key")); + + $this->assertEquals( + $response->fields->getArg(Auth_OpenID_OPENID_NS, "session_type"), + "DH-SHA1"); + + $this->assertTrue( + $response->fields->getArg(Auth_OpenID_OPENID_NS, "enc_mac_key")); + + $this->assertTrue( + $response->fields->getArg(Auth_OpenID_OPENID_NS, + "dh_server_public")); + + $enc_key = base64_decode( + $response->fields->getArg(Auth_OpenID_OPENID_NS, "enc_mac_key")); + + $spub = $ml->base64ToLong( + $response->fields->getArg(Auth_OpenID_OPENID_NS, + "dh_server_public")); + + $secret = $dh->xorSecret($spub, $enc_key, $session->hash_func); + + $this->assertEquals($secret, $this->assoc->secret); + } + } + + function test_dhSHA256() + { + if (defined('Auth_OpenID_NO_MATH_SUPPORT') || + !Auth_OpenID_SHA256_SUPPORTED) { + print "(Skipping test_dhSHA256)"; + return; + } + + $this->assoc = $this->signatory->createAssociation(false, + 'HMAC-SHA256'); + $consumer_dh = new Auth_OpenID_DiffieHellman(); + $cpub = $consumer_dh->public; + $server_dh = new Auth_OpenID_DiffieHellman(); + $session = new Auth_OpenID_DiffieHellmanSHA256ServerSession($server_dh, $cpub); + + $this->request = new Auth_OpenID_AssociateRequest($session, 'HMAC-SHA256'); + $response = $this->request->answer($this->assoc); + + $this->assertFalse($response->fields->getArg(Auth_OpenID_OPENID_NS, "mac_key")); + $this->assertTrue($response->fields->getArg(Auth_OpenID_OPENID_NS, "enc_mac_key")); + $this->assertTrue($response->fields->getArg(Auth_OpenID_OPENID_NS, "dh_server_public")); + + $fields = array( + 'assoc_type' => 'HMAC-SHA256', + 'assoc_handle' => $this->assoc->handle, + 'session_type' => 'DH-SHA256', + ); + + foreach ($fields as $k => $v) { + $this->assertEquals( + $response->fields->getArg(Auth_OpenID_OPENID_NS, $k), $v); + } + + $enc_key = base64_decode( + $response->fields->getArg(Auth_OpenID_OPENID_NS, "enc_mac_key")); + + $lib = Auth_OpenID_getMathLib(); + $spub = $lib->base64ToLong($response->fields->getArg(Auth_OpenID_OPENID_NS, + "dh_server_public")); + $secret = $consumer_dh->xorSecret($spub, $enc_key, 'Auth_OpenID_SHA256'); + + $s = base64_encode($secret); + $assoc_s = base64_encode($this->assoc->secret); + + $this->assertEquals($s, $assoc_s); + } + + function test_protoError256() + { + if (defined('Auth_OpenID_NO_MATH_SUPPORT') || + !Auth_OpenID_HMACSHA256_SUPPORTED) { + print "(Skipping test_protoError256)"; + return; + } + + $s256_session = new Auth_OpenID_DiffieHellmanSHA256ConsumerSession(); + + $invalid_s256 = array('openid.assoc_type' => 'HMAC-SHA1', + 'openid.session_type' => 'DH-SHA256'); + + $invalid_s256 = array_merge($invalid_s256, $s256_session->getRequest()); + + $invalid_s256_2 = array('openid.assoc_type' => 'MONKEY-PIRATE', + 'openid.session_type' => 'DH-SHA256'); + + $invalid_s256_2 = array_merge($invalid_s256_2, $s256_session->getRequest()); + + $bad_request_argss = array( + $invalid_s256, + $invalid_s256_2); + + foreach ($bad_request_argss as $request_args) { + $message = Auth_OpenID_Message::fromPostArgs($request_args); + $result = Auth_OpenID_Associaterequest::fromMessage($message); + $this->assertTrue(is_a($result, 'Auth_OpenID_ServerError')); + } + } + + function test_plaintext() + { + $this->assoc = $this->signatory->createAssociation(false, + 'HMAC-SHA1'); + $response = $this->request->answer($this->assoc); + + $this->assertEquals( + $response->fields->getArg(Auth_OpenID_OPENID_NS, "assoc_type"), + "HMAC-SHA1"); + + $this->assertEquals( + $response->fields->getArg(Auth_OpenID_OPENID_NS, "assoc_handle"), + $this->assoc->handle); + + $this->assertEquals( + $response->fields->getArg(Auth_OpenID_OPENID_NS, "expires_in"), + sprintf("%d", $this->signatory->SECRET_LIFETIME)); + + $this->assertEquals( + $response->fields->getArg(Auth_OpenID_OPENID_NS, "mac_key"), + base64_encode($this->assoc->secret)); + + $this->assertFalse($response->fields->getArg(Auth_OpenID_OPENID_NS, + "session_type")); + + $this->assertFalse($response->fields->getArg(Auth_OpenID_OPENID_NS, + "enc_mac_key")); + + $this->assertFalse($response->fields->getArg(Auth_OpenID_OPENID_NS, + "dh_server_public")); + } + + function test_plaintextV2() + { + // The main difference between this and the v1 test is that + // the session_typ is always returned in v2. + $args = array('openid.mode' => 'associate', + 'openid.ns' => Auth_OpenID_OPENID2_NS, + 'openid.assoc_type' => 'HMAC-SHA1', + 'openid.session_type' => 'no-encryption'); + + $this->request = Auth_OpenID_AssociateRequest::fromMessage( + Auth_OpenID_Message::fromPostArgs($args)); + $this->assertFalse($this->request->message->isOpenID1()); + + $this->assoc = $this->signatory->createAssociation(false, + 'HMAC-SHA1'); + $response = $this->request->answer($this->assoc); + + $this->assertEquals( + $response->fields->getArg(Auth_OpenID_OPENID_NS, "assoc_type"), + "HMAC-SHA1"); + + $this->assertEquals( + $response->fields->getArg(Auth_OpenID_OPENID_NS, "assoc_handle"), + $this->assoc->handle); + + $this->assertEquals( + $response->fields->getArg(Auth_OpenID_OPENID_NS, "expires_in"), + sprintf("%d", $this->signatory->SECRET_LIFETIME)); + + $this->assertEquals( + $response->fields->getArg(Auth_OpenID_OPENID_NS, "mac_key"), + base64_encode($this->assoc->secret)); + + $session_type = $response->fields->getArg(Auth_OpenID_OPENID_NS, + "session_type"); + $this->assertEquals('no-encryption', $session_type); + + $this->assertFalse($response->fields->getArg(Auth_OpenID_OPENID_NS, + "enc_mac_key")); + $this->assertFalse($response->fields->getArg(Auth_OpenID_OPENID_NS, + "dh_server_public")); + } + + function test_protoError() + { + $s1_session = new Auth_OpenID_DiffieHellmanSHA1ConsumerSession(); + + $invalid_s1 = array('openid.assoc_type' => 'HMAC-SHA256', + 'openid.session_type' => 'DH-SHA1'); + $invalid_s1 = array_merge($invalid_s1, $s1_session->getRequest()); + + $invalid_s1_2 = array('openid.assoc_type' => 'ROBOT-NINJA', + 'openid.session_type' => 'DH-SHA1'); + $invalid_s1_2 = array_merge($invalid_s1_2, $s1_session->getRequest()); + + $bad_request_argss = array(array('openid.assoc_type' => 'Wha?'), + $invalid_s1, + $invalid_s1_2); + + foreach ($bad_request_argss as $request_args) { + $message = Auth_OpenID_Message::fromPostArgs($request_args); + $result = Auth_OpenID_AssociateRequest::fromMessage($message); + $this->assertTrue(is_a($result, 'Auth_OpenID_ServerError')); + } + } + + function test_protoErrorFields() + { + $contact = 'user@example.invalid'; + $reference = 'Trac ticket number MAX_INT'; + $error = 'poltergeist'; + + $openid1_args = array( + 'openid.identitiy' => 'invalid', + 'openid.mode' => 'checkid_setup'); + + $openid2_args = $openid1_args; + $openid2_args = array_merge($openid2_args, + array('openid.ns' => Auth_OpenID_OPENID2_NS)); + + // Check presence of optional fields in both protocol versions + + $openid1_msg = Auth_OpenID_Message::fromPostArgs($openid1_args); + $p = new Auth_OpenID_ServerError($openid1_msg, $error, + $reference, $contact); + $reply = $p->toMessage(); + + $this->assertEquals($reply->getArg(Auth_OpenID_OPENID_NS, 'reference'), + $reference); + $this->assertEquals($reply->getArg(Auth_OpenID_OPENID_NS, 'contact'), + $contact); + + $openid2_msg = Auth_OpenID_Message::fromPostArgs($openid2_args); + $p = new Auth_OpenID_ServerError($openid2_msg, $error, + $reference, $contact); + $reply = $p->toMessage(); + + $this->assertEquals($reply->getArg(Auth_OpenID_OPENID_NS, 'reference'), + $reference); + $this->assertEquals($reply->getArg(Auth_OpenID_OPENID_NS, 'contact'), + $contact); + } + + function failUnlessExpiresInMatches($msg, $expected_expires_in) + { + $expires_in_str = $msg->getArg(Auth_OpenID_OPENID_NS, 'expires_in'); + if ($expires_in_str === null) { + $this->fail("Expected expires_in value."); + return; + } + + $expires_in = intval($expires_in_str); + + // Slop is necessary because the tests can sometimes get run + // right on a second boundary + $slop = 1; // second + $difference = $expected_expires_in - $expires_in; + + $error_message = sprintf('"expires_in" value not within %s of expected: '. + 'expected=%s, actual=%s', + $slop, $expected_expires_in, $expires_in); + $this->assertTrue((0 <= $difference && + $difference <= $slop), $error_message); + } + + function test_plaintext256() + { + if (defined('Auth_OpenID_NO_MATH_SUPPORT') || + !Auth_OpenID_SHA256_SUPPORTED) { + print "(Skipping test_plaintext256)"; + return; + } + + $this->assoc = $this->signatory->createAssociation(false, + 'HMAC-SHA256'); + $response = $this->request->answer($this->assoc); + $f = $response->fields; + + $this->assertEquals($f->getArg(Auth_OpenID_OPENID_NS, "assoc_type"), + "HMAC-SHA1"); + $this->assertEquals($f->getArg(Auth_OpenID_OPENID_NS, "assoc_handle"), + $this->assoc->handle); + + $this->failUnlessExpiresInMatches( + $f, + $this->signatory->SECRET_LIFETIME); + + $this->assertEquals( + $f->getArg(Auth_OpenID_OPENID_NS, "mac_key"), + base64_encode($this->assoc->secret)); + $this->assertFalse($f->hasKey(Auth_OpenID_OPENID_NS, "session_type")); + $this->assertFalse($f->hasKey(Auth_OpenID_OPENID_NS, "enc_mac_key")); + $this->assertFalse($f->hasKey(Auth_OpenID_OPENID_NS, "dh_server_public")); + } + + function test_unsupportedPrefer() + { + $allowed_assoc = 'COLD-PET-RAT'; + $allowed_sess = 'FROG-BONES'; + $message = 'This is a unit test'; + + // Set an OpenID 2 message so answerUnsupported doesn't raise + // ProtocolError. + $this->request->message = new Auth_OpenID_Message(Auth_OpenID_OPENID2_NS); + + $response = $this->request->answerUnsupported( + $message, + $allowed_assoc, + $allowed_sess); + $f = $response->fields; + $this->assertEquals($f->getArg(Auth_OpenID_OPENID_NS, 'error_code'), + 'unsupported-type'); + + $this->assertEquals($f->getArg(Auth_OpenID_OPENID_NS, 'assoc_type'), + $allowed_assoc); + + $this->assertEquals($f->getArg(Auth_OpenID_OPENID_NS, 'error'), + $message); + + $this->assertEquals($f->getArg(Auth_OpenID_OPENID_NS, 'session_type'), + $allowed_sess); + } + + function test_unsupported() + { + $message = 'This is a unit test'; + + $this->request->message = new Auth_OpenID_Message(Auth_OpenID_OPENID2_NS); + + $response = $this->request->answerUnsupported($message); + + $f = $response->fields; + $this->assertEquals($f->getArg(Auth_OpenID_OPENID_NS, 'error_code'), + 'unsupported-type'); + + $this->assertEquals($f->getArg(Auth_OpenID_OPENID_NS, 'assoc_type'), null); + $this->assertEquals($f->getArg(Auth_OpenID_OPENID_NS, 'error'), $message); + $this->assertEquals($f->getArg(Auth_OpenID_OPENID_NS, 'session_type'), null); + } +} + +class Counter { + function Counter() + { + $this->count = 0; + } + + function inc() + { + $this->count += 1; + } +} + +class Tests_Auth_OpenID_ServerTest extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->store = new Tests_Auth_OpenID_MemStore(); + $this->server = new Auth_OpenID_Server($this->store); + } + + function test_associate() + { + if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) { + $message = new Auth_OpenID_Message(Auth_OpenID_OPENID1_NS); + $request = Auth_OpenID_AssociateRequest::fromMessage($message); + $response = $this->server->openid_associate($request); + $this->assertTrue($response->fields->hasKey(Auth_OpenID_OPENID_NS, + 'assoc_handle')); + } + } + + function test_associate2() + { + // Associate when the server has no allowed association types + // + // Gives back an error with error_code and no fallback session + // or assoc types. + $this->server->negotiator->setAllowedTypes(array()); + + $msg = Auth_OpenID_Message::fromPostArgs(array( + 'openid.ns' => Auth_OpenID_OPENID2_NS, + 'openid.session_type' => 'no-encryption')); + + $request = Auth_OpenID_AssociateRequest::fromMessage($msg); + + $response = $this->server->openid_associate($request); + $this->assertTrue($response->fields->hasKey(Auth_OpenID_OPENID_NS, "error")); + $this->assertTrue($response->fields->hasKey(Auth_OpenID_OPENID_NS, "error_code")); + $this->assertFalse($response->fields->hasKey(Auth_OpenID_OPENID_NS, "assoc_handle")); + $this->assertFalse($response->fields->hasKey(Auth_OpenID_OPENID_NS, "assoc_type")); + $this->assertFalse($response->fields->hasKey(Auth_OpenID_OPENID_NS, "session_type")); + } + + function test_associate3() + { + if (defined('Auth_OpenID_NO_MATH_SUPPORT') || + !Auth_OpenID_HMACSHA256_SUPPORTED) { + print "(Skipping test_associate3)"; + return; + } + + // Request an assoc type that is not supported when there are + // supported types. + // + // Should give back an error message with a fallback type. + $this->server->negotiator->setAllowedTypes(array(array('HMAC-SHA256', 'DH-SHA256'))); + + $msg = Auth_OpenID_Message::fromPostArgs(array( + 'openid.ns' => Auth_OpenID_OPENID2_NS, + 'openid.session_type' => 'no-encryption')); + + $request = Auth_OpenID_AssociateRequest::fromMessage($msg); + $response = $this->server->openid_associate($request); + + $this->assertTrue($response->fields->hasKey(Auth_OpenID_OPENID_NS, "error")); + $this->assertTrue($response->fields->hasKey(Auth_OpenID_OPENID_NS, "error_code")); + $this->assertFalse($response->fields->hasKey(Auth_OpenID_OPENID_NS, "assoc_handle")); + $this->assertEquals($response->fields->getArg(Auth_OpenID_OPENID_NS, "assoc_type"), + 'HMAC-SHA256'); + $this->assertEquals($response->fields->getArg(Auth_OpenID_OPENID_NS, "session_type"), + 'DH-SHA256'); + } + + function test_associate4() + { + if (defined('Auth_OpenID_NO_MATH_SUPPORT') || + !Auth_OpenID_HMACSHA256_SUPPORTED) { + print "(Skipping test_associate4)"; + return; + } + + $this->assertTrue($this->server->negotiator->setAllowedTypes( + array(array('HMAC-SHA256', 'DH-SHA256')))); + + $query = array( + 'openid.dh_consumer_public' => + 'ALZgnx8N5Lgd7pCj8K86T/DDMFjJXSss1SKoLmxE72kJTzOtG6I2PaYrHX'. + 'xku4jMQWSsGfLJxwCZ6280uYjUST/9NWmuAfcrBfmDHIBc3H8xh6RBnlXJ'. + '1WxJY3jHd5k1/ZReyRZOxZTKdF/dnIqwF8ZXUwI6peV0TyS/K1fOfF/s', + 'openid.assoc_type' => 'HMAC-SHA256', + 'openid.session_type' => 'DH-SHA256'); + + $message = Auth_OpenID_Message::fromPostArgs($query); + $request = Auth_OpenID_AssociateRequest::fromMessage($message); + $response = $this->server->openid_associate($request); + $this->assertTrue($response->fields->hasKey(Auth_OpenID_OPENID_NS, "assoc_handle")); + } + + function test_missingSessionTypeOpenID2() + { + // Make sure session_type is required in OpenID 2 + $msg = Auth_OpenID_Message::fromPostArgs(array('openid.ns' => Auth_OpenID_OPENID2_NS)); + + $result = Auth_OpenID_AssociateRequest::fromMessage($msg); + + $this->assertTrue(is_a($result, 'Auth_OpenID_ServerError')); + } + + function test_checkAuth() + { + $request = new Auth_OpenID_CheckAuthRequest('arrrrrf', + '0x3999', array()); + + $response = $this->server->openid_check_authentication($request); + $this->assertTrue($response->fields->hasKey(Auth_OpenID_OPENID_NS, 'is_valid')); + } +} + +class Tests_Auth_OpenID_Signatory extends PHPUnit_Framework_TestCase { + function setUp() + { + $this->store = new Tests_Auth_OpenID_MemStore(); + $this->signatory = new Auth_OpenID_Signatory($this->store); + $this->dumb_key = $this->signatory->dumb_key; + $this->normal_key = $this->signatory->normal_key; + } + + function test_sign() + { + $request = new Auth_OpenID_ServerRequest(); + $request->namespace = Auth_OpenID_OPENID1_NS; + + $assoc_handle = '{assoc}{lookatme}'; + $assoc = Auth_OpenID_Association::fromExpiresIn(60, $assoc_handle, + 'sekrit', 'HMAC-SHA1'); + $this->store->storeAssociation($this->normal_key, $assoc); + $request->assoc_handle = $assoc_handle; + $request->namespace = Auth_OpenID_OPENID1_NS; + + $response = new Auth_OpenID_ServerResponse($request); + $response->fields = Auth_OpenID_Message::fromOpenIDArgs(array( + 'foo' => 'amsigned', + 'bar' => 'notsigned', + 'azu' => 'alsosigned')); + + $sresponse = $this->signatory->sign($response); + + $this->assertEquals($sresponse->fields->getArg(Auth_OpenID_OPENID_NS, + 'assoc_handle'), + $assoc_handle); + + $this->assertEquals($sresponse->fields->getArg(Auth_OpenID_OPENID_NS, 'signed'), + 'assoc_handle,azu,bar,foo,signed'); + + $this->assertTrue($sresponse->fields->hasKey(Auth_OpenID_OPENID_NS, 'sig')); + } + + function test_signDumb() + { + $request = new Auth_OpenID_ServerRequest(); + $request->assoc_handle = null; + $request->namespace = Auth_OpenID_OPENID1_NS; + + $response = new Auth_OpenID_ServerResponse($request); + $response->fields = Auth_OpenID_Message::fromOpenIDArgs(array( + 'foo' => 'amsigned', + 'bar' => 'notsigned', + 'azu' => 'alsosigned')); + + $sresponse = $this->signatory->sign($response); + + $assoc_handle = $sresponse->fields->getArg(Auth_OpenID_OPENID_NS, + 'assoc_handle'); + + $this->assertTrue($assoc_handle); + $assoc = $this->signatory->getAssociation($assoc_handle, true); + + $this->assertTrue($assoc); + $this->assertEquals($sresponse->fields->getArg(Auth_OpenID_OPENID_NS, 'signed'), + 'assoc_handle,azu,bar,foo,signed'); + $this->assertTrue($sresponse->fields->hasKey(Auth_OpenID_OPENID_NS, 'sig')); + } + + function test_signExpired() + { + $request = new Auth_OpenID_ServerRequest(); + $assoc_handle = '{assoc}{lookatme}'; + $assoc = Auth_OpenID_Association::fromExpiresIn(-10, $assoc_handle, + 'sekrit', 'HMAC-SHA1'); + $this->store->storeAssociation($this->normal_key, $assoc); + $this->assertTrue($this->store->getAssociation($this->normal_key, + $assoc_handle)); + + $request->assoc_handle = $assoc_handle; + $request->namespace = Auth_OpenID_OPENID1_NS; + + $response = new Auth_OpenID_ServerResponse($request); + $response->fields = Auth_OpenID_Message::fromOpenIDArgs(array( + 'foo' => 'amsigned', + 'bar' => 'notsigned', + 'azu' => 'alsosigned')); + + $sresponse = $this->signatory->sign($response); + + $new_assoc_handle = $sresponse->fields->getArg(Auth_OpenID_OPENID_NS, + 'assoc_handle'); + $this->assertTrue($new_assoc_handle); + $this->assertFalse($new_assoc_handle == $assoc_handle); + + $this->assertEquals($sresponse->fields->getArg(Auth_OpenID_OPENID_NS, + 'invalidate_handle'), + $assoc_handle); + + $this->assertEquals($sresponse->fields->getArg(Auth_OpenID_OPENID_NS, + 'signed'), + 'assoc_handle,azu,bar,foo,invalidate_handle,signed'); + $this->assertTrue($sresponse->fields->hasKey(Auth_OpenID_OPENID_NS, + 'sig')); + + // make sure the expired association is gone + $this->assertFalse($this->store->getAssociation($this->normal_key, + $assoc_handle)); + + // make sure the new key is a dumb mode association + $this->assertTrue($this->store->getAssociation($this->dumb_key, + $new_assoc_handle)); + + $this->assertFalse($this->store->getAssociation($this->normal_key, + $new_assoc_handle)); + } + + function test_signInvalidHandle() + { + $request = new Auth_OpenID_ServerRequest(); + $assoc_handle = '{bogus-assoc}{notvalid}'; + + $request->assoc_handle = $assoc_handle; + $request->namespace = Auth_OpenID_OPENID1_NS; + + $response = new Auth_OpenID_ServerResponse($request); + $response->fields = Auth_OpenID_Message::fromOpenIDArgs(array( + 'foo' => 'amsigned', + 'bar' => 'notsigned', + 'azu' => 'alsosigned')); + + $response->signed = array('foo', 'azu'); + $sresponse = $this->signatory->sign($response); + + $new_assoc_handle = $sresponse->fields->getArg(Auth_OpenID_OPENID_NS, + 'assoc_handle'); + + $this->assertTrue($new_assoc_handle); + $this->assertFalse($new_assoc_handle == $assoc_handle); + + $this->assertEquals($sresponse->fields->getArg(Auth_OpenID_OPENID_NS, + 'invalidate_handle'), + $assoc_handle); + + $this->assertEquals($sresponse->fields->getArg(Auth_OpenID_OPENID_NS, + 'signed'), + 'assoc_handle,azu,bar,foo,invalidate_handle,signed'); + $this->assertTrue($sresponse->fields->hasKey(Auth_OpenID_OPENID_NS, + 'sig')); + + // make sure the new key is a dumb mode association + $this->assertTrue($this->store->getAssociation($this->dumb_key, + $new_assoc_handle)); + + $this->assertFalse($this->store->getAssociation($this->normal_key, + $new_assoc_handle)); + } + + function test_verify() + { + $assoc_handle = '{vroom}{zoom}'; + $assoc = Auth_OpenID_Association::fromExpiresIn(60, $assoc_handle, + 'sekrit', 'HMAC-SHA1'); + + $this->store->storeAssociation($this->dumb_key, $assoc); + + $signed = Auth_OpenID_Message::fromPostArgs(array( + 'openid.foo' => 'bar', + 'openid.apple' => 'orange', + 'openid.assoc_handle' => $assoc_handle, + 'openid.signed' => 'apple,assoc_handle,foo,signed', + 'openid.sig' => 'uXoT1qm62/BB09Xbj98TQ8mlBco=')); + + $verified = $this->signatory->verify($assoc_handle, $signed); + $this->assertTrue($verified); + } + + function test_verifyBadSig() + { + $assoc_handle = '{vroom}{zoom}'; + $assoc = Auth_OpenID_Association::fromExpiresIn(60, $assoc_handle, + 'sekrit', 'HMAC-SHA1'); + + $this->store->storeAssociation($this->dumb_key, $assoc); + + $signed = Auth_OpenID_Message::fromPostArgs(array( + 'openid.foo' => 'bar', + 'openid.apple' => 'orange', + 'openid.assoc_handle' => $assoc_handle, + 'openid.signed' => 'apple,assoc_handle,foo,signed', + 'openid.sig' => str_rot13('uXoT1qm62/BB09Xbj98TQ8mlBco='))); + + $verified = $this->signatory->verify($assoc_handle, $signed); + + $this->assertFalse($verified); + } + + function test_verifyBadHandle() + { + $assoc_handle = '{vroom}{zoom}'; + $signed = Auth_OpenID_Message::fromPostArgs( + array('foo' => 'bar', + 'apple' => 'orange', + 'openid.sig' => "Ylu0KcIR7PvNegB/K41KpnRgJl0=")); + + $verified = $this->signatory->verify($assoc_handle, $signed); + $this->assertFalse($verified); + } + + function test_verifyAssocMismatch() + { + // Attempt to validate sign-all message with a signed-list + // assoc. + $assoc_handle = '{vroom}{zoom}'; + $assoc = Auth_OpenID_Association::fromExpiresIn( + 60, $assoc_handle, 'sekrit', 'HMAC-SHA1'); + + $this->store->storeAssociation($this->dumb_key, $assoc); + + $signed = Auth_OpenID_Message::fromPostArgs(array( + 'foo' => 'bar', + 'apple' => 'orange', + 'openid.sig' => "d71xlHtqnq98DonoSgoK/nD+QRM=" + )); + + $verified = $this->signatory->verify($assoc_handle, $signed); + $this->assertFalse($verified); + } + + function test_getAssoc() + { + $assoc_handle = $this->makeAssoc(true); + $assoc = $this->signatory->getAssociation($assoc_handle, true); + $this->assertTrue($assoc); + $this->assertEquals($assoc->handle, $assoc_handle); + } + + function test_getAssocExpired() + { + $assoc_handle = $this->makeAssoc(true, -10); + $assoc = $this->signatory->getAssociation($assoc_handle, true); + $this->assertFalse($assoc); + } + + function test_getAssocInvalid() + { + $ah = 'no-such-handle'; + $this->assertEquals( + $this->signatory->getAssociation($ah, false), null); + } + + function test_getAssocDumbVsNormal() + { + $assoc_handle = $this->makeAssoc(true); + $this->assertEquals( + $this->signatory->getAssociation($assoc_handle, false), null); + } + + function test_createAssociation() + { + $assoc = $this->signatory->createAssociation(false); + $this->assertTrue($this->signatory->getAssociation($assoc->handle, + false)); + } + + function makeAssoc($dumb, $lifetime = 60) + { + $assoc_handle = '{bling}'; + $assoc = Auth_OpenID_Association::fromExpiresIn( + $lifetime, $assoc_handle, + 'sekrit', 'HMAC-SHA1'); + + $this->store->storeAssociation((($dumb) ? $this->dumb_key : + $this->normal_key), $assoc); + return $assoc_handle; + } + + function test_invalidate() + { + $assoc_handle = '-squash-'; + $assoc = Auth_OpenID_Association::fromExpiresIn(60, $assoc_handle, + 'sekrit', 'HMAC-SHA1'); + + $this->store->storeAssociation($this->dumb_key, $assoc); + $assoc = $this->signatory->getAssociation($assoc_handle, true); + $this->assertTrue($assoc); + $assoc = $this->signatory->getAssociation($assoc_handle, true); + $this->assertTrue($assoc); + $this->signatory->invalidate($assoc_handle, true); + $assoc = $this->signatory->getAssociation($assoc_handle, true); + $this->assertFalse($assoc); + } +} + +class Tests_Auth_OpenID_Server extends PHPUnit_Framework_TestSuite { + + function getName() + { + return "Tests_Auth_OpenID_Server"; + } + + function Tests_Auth_OpenID_Server() + { + $this->addTestSuite('Tests_Auth_OpenID_Signatory'); + $this->addTestSuite('Tests_Auth_OpenID_ServerTest'); + if (!defined('Auth_OpenID_NO_MATH_SUPPORT')) { + $this->addTestSuite('Tests_Auth_OpenID_Associate'); + } + $this->addTestSuite('Tests_Auth_OpenID_CheckAuth'); + $this->addTestSuite('Tests_Auth_OpenID_CheckIDExtension'); + $this->addTestSuite('Tests_Auth_OpenID_CheckAuth'); + $this->addTestSuite('Tests_Auth_OpenID_SigningEncode'); + $this->addTestSuite('Tests_Auth_OpenID_Test_Encode'); + $this->addTestSuite('Tests_Auth_OpenID_Test_Decode'); + $this->addTestSuite('Tests_Auth_OpenID_Test_ServerError'); + $this->addTestSuite('Tests_Auth_OpenID_CheckID'); + } +} + + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/StoreTest.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/StoreTest.php new file mode 100644 index 000000000..7c50e2fda --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/StoreTest.php @@ -0,0 +1,755 @@ +<?php + +/** + * A test script for the OpenIDStore classes. + * + * PHP versions 4 and 5 + * + * LICENSE: See the COPYING file included in this distribution. + * + * @package OpenID + * @author JanRain, Inc. <openid@janrain.com> + * @copyright 2005-2008 Janrain, Inc. + * @license http://www.apache.org/licenses/LICENSE-2.0 Apache + */ + +/** + * Require classes and functions to run the Store tests. + */ +require_once 'Auth/OpenID/Association.php'; +require_once 'Auth/OpenID/CryptUtil.php'; +require_once 'Auth/OpenID/Nonce.php'; +require_once 'Auth/OpenID.php'; + +function _Auth_OpenID_mkdtemp() +{ + if (strpos(PHP_OS, 'WIN') === 0) { + $dir = $_ENV['TMP']; + if (!isset($dir)) { + $dir = 'C:\Windows\Temp'; + } + } else { + $dir = @$_ENV['TMPDIR']; + if (!isset($dir)) { + $dir = '/tmp'; + } + } + + return Auth_OpenID_FileStore::_mkdtemp($dir); +} + +/** + * This is the host where the SQL stores' databases should be created + * and destroyed. + */ +global $_Auth_OpenID_db_test_host; +$_Auth_OpenID_db_test_host = 'dbtest'; + +/** + * Generate a sufficently unique database name so many hosts can run + * SQL store tests on the server at the same time and not step on each + * other. + */ +function _Auth_OpenID_getTmpDbName() +{ + $hostname = php_uname('n'); + $hostname = str_replace('.', '_', $hostname); + $hostname = str_replace('-', '_', $hostname); + $hostname = strtolower($hostname); + + return sprintf("%s_%d_%s_openid_test", + $hostname, + getmypid(), + strval(rand(1, time()))); +} + +/** + * Superclass that has methods for testing OpenID stores. Subclass this to + * test your own store implementation. + * + * @package OpenID + */ +class Tests_Auth_OpenID_Store extends PHPUnit_Framework_TestCase { + + function pass() {} + + /** + * Prepares for the SQL store tests. + */ + function setUp() + { + $this->letters = Auth_OpenID_letters; + $this->digits = Auth_OpenID_digits; + $this->punct = Auth_OpenID_punct; + $this->allowed_nonce = $this->letters . $this->digits; + $this->allowed_handle = $this->letters . $this->digits . $this->punct; + } + + /** + * Generates an association with the specified parameters. + */ + function genAssoc($now, $issued = 0, $lifetime = 600) + { + $sec = Auth_OpenID_CryptUtil::randomString(20); + $hdl = Auth_OpenID_CryptUtil::randomString(128, $this->allowed_handle); + return new Auth_OpenID_Association($hdl, $sec, $now + $issued, + $lifetime, 'HMAC-SHA1'); + } + + /** + * @access private + */ + function _checkRetrieve($store, $url, $handle, $expected, $name = null) + { + $retrieved_assoc = $store->getAssociation($url, $handle); + if ($expected === null) { + $this->assertTrue($retrieved_assoc === null); + } else { + $this->assertTrue($expected->equal($retrieved_assoc), $name); + } + } + + function _checkRemove($store, $url, $handle, $expected, $name = null) + { + $present = $store->removeAssociation($url, $handle); + $this->assertTrue((!$expected && !$present) || + ($expected && $present), + $name); + } + + /** + * Make sure a given store has a minimum of API compliance. Call + * this function with an empty store. + * + * Raises AssertionError if the store does not work as expected. + * + * OpenIDStore -> NoneType + */ + function _testStore($store) + { + // Association functions + $now = time(); + + $server_url = 'http://www.myopenid.com/openid'; + + $assoc = $this->genAssoc($now); + + $this->_checkRetrieve($store, $server_url, null, null, + 'Make sure that a missing association returns no result'); + + $store->storeAssociation($server_url, $assoc); + $this->_checkRetrieve($store, $server_url, null, $assoc, + 'Check that after storage, getting returns the same result'); + + $this->_checkRetrieve($store, $server_url, null, $assoc, + 'more than once'); + + $store->storeAssociation($server_url, $assoc); + $this->_checkRetrieve($store, $server_url, null, $assoc, + 'Storing more than once has no ill effect'); + + // Removing an association that does not exist returns not present + $this->_checkRemove($store, $server_url, $assoc->handle . 'x', false, + "Remove nonexistent association (1)"); + + // Removing an association that does not exist returns not present + $this->_checkRemove($store, $server_url . 'x', $assoc->handle, false, + "Remove nonexistent association (2)"); + + // Removing an association that is present returns present + $this->_checkRemove($store, $server_url, $assoc->handle, true, + "Remove existent association"); + + // but not present on subsequent calls + $this->_checkRemove($store, $server_url, $assoc->handle, false, + "Remove nonexistent association after removal"); + + // Put assoc back in the store + $store->storeAssociation($server_url, $assoc); + + // More recent and expires after assoc + $assoc2 = $this->genAssoc($now, $issued = 1); + $store->storeAssociation($server_url, $assoc2); + + $this->_checkRetrieve($store, $server_url, null, $assoc2, + 'After storing an association with a different handle, but the +same $server_url, the handle with the later expiration is +returned.'); + + $this->_checkRetrieve($store, $server_url, $assoc->handle, $assoc, + 'We can still retrieve the older association'); + + $this->_checkRetrieve($store, $server_url, $assoc2->handle, $assoc2, + 'Plus we can retrieve the association with the later expiration +explicitly'); + + $assoc3 = $this->genAssoc($now, $issued = 2, $lifetime = 100); + $store->storeAssociation($server_url, $assoc3); + + // More recent issued time, so assoc3 is expected. + $this->_checkRetrieve($store, $server_url, null, $assoc3, "(1)"); + + $this->_checkRetrieve($store, $server_url, $assoc->handle, + $assoc, "(2)"); + + $this->_checkRetrieve($store, $server_url, $assoc2->handle, + $assoc2, "(3)"); + + $this->_checkRetrieve($store, $server_url, $assoc3->handle, + $assoc3, "(4)"); + + $this->_checkRemove($store, $server_url, $assoc2->handle, true, "(5)"); + + $this->_checkRetrieve($store, $server_url, null, $assoc3, "(6)"); + + $this->_checkRetrieve($store, $server_url, $assoc->handle, + $assoc, "(7)"); + + $this->_checkRetrieve($store, $server_url, $assoc2->handle, + null, "(8)"); + + $this->_checkRetrieve($store, $server_url, $assoc3->handle, + $assoc3, "(9)"); + + $this->_checkRemove($store, $server_url, $assoc2->handle, + false, "(10)"); + + $this->_checkRemove($store, $server_url, $assoc3->handle, + true, "(11)"); + + $this->_checkRetrieve($store, $server_url, null, $assoc, "(12)"); + + $this->_checkRetrieve($store, $server_url, $assoc->handle, + $assoc, "(13)"); + + $this->_checkRetrieve($store, $server_url, $assoc2->handle, + null, "(14)"); + + $this->_checkRetrieve($store, $server_url, $assoc3->handle, + null, "(15)"); + + $this->_checkRemove($store, $server_url, $assoc2->handle, + false, "(16)"); + + $this->_checkRemove($store, $server_url, $assoc->handle, + true, "(17)"); + + $this->_checkRemove($store, $server_url, $assoc3->handle, + false, "(18)"); + + $this->_checkRetrieve($store, $server_url, null, null, "(19)"); + + $this->_checkRetrieve($store, $server_url, $assoc->handle, + null, "(20)"); + + $this->_checkRetrieve($store, $server_url, $assoc2->handle, + null, "(21)"); + + $this->_checkRetrieve($store, $server_url,$assoc3->handle, + null, "(22)"); + + $this->_checkRemove($store, $server_url, $assoc2->handle, + false, "(23)"); + + $this->_checkRemove($store, $server_url, $assoc->handle, + false, "(24)"); + + $this->_checkRemove($store, $server_url, $assoc3->handle, + false, "(25)"); + + // Put associations into store, for two different server URLs + $assoc1 = $this->genAssoc($now); + $assoc2 = $this->genAssoc($now + 2); + $server_url1 = "http://one.example.com/one"; + $server_url2 = "http://two.localhost.localdomain/two"; + + $store->storeAssociation($server_url1, $assoc1); + $store->storeAssociation($server_url2, $assoc2); + + // Ask for each one, make sure we get it + $this->_checkRetrieve($store, $server_url1, $assoc1->handle, + $assoc1, "(26)"); + + $this->_checkRetrieve($store, $server_url2, $assoc2->handle, + $assoc2, "(27)"); + + $store->storeAssociation($server_url1, $assoc1); + $store->storeAssociation($server_url2, $assoc2); + + // Ask for each one, make sure we get it + $this->_checkRetrieve($store, $server_url1, null, + $assoc1, "(28)"); + + $this->_checkRetrieve($store, $server_url2, null, + $assoc2, "(29)"); + + // test expired associations + // assoc 1: server 1, valid + // assoc 2: server 1, expired + // assoc 3: server 2, expired + // assoc 4: server 3, valid + $assocValid1 = $this->genAssoc($now, -3600, 7200); + $assocValid2 = $this->genAssoc($now, -5); + $assocExpired1 = $this->genAssoc($now, -7200, 3600); + $assocExpired2 = $this->genAssoc($now, -7200, 3600); + + if (!$store->supportsCleanup()) { + return; + } + + $store->cleanupAssociations(); + $store->storeAssociation($server_url . '1', $assocValid1); + $store->storeAssociation($server_url . '1', $assocExpired1); + $store->storeAssociation($server_url . '2', $assocExpired2); + $store->storeAssociation($server_url . '3', $assocValid2); + + $cleaned = $store->cleanupAssociations(); + $this->assertEquals(2, $cleaned); + } + + function _checkUseNonce($store, $nonce, $expected, $server_url, $msg=null) + { + list($stamp, $salt) = Auth_OpenID_splitNonce($nonce); + $actual = $store->useNonce($server_url, $stamp, $salt); + $this->assertEquals(intval($expected), intval($actual), "_checkUseNonce failed: $server_url, $msg"); + } + + function _testNonce($store) + { + // Nonce functions + + $server_url = 'http://www.myopenid.com/openid'; + + foreach (array($server_url, '') as $url) { + // Random nonce (not in store) + $nonce1 = Auth_OpenID_mkNonce(); + + // A nonce is not by default + $this->_checkUseNonce($store, $nonce1, true, $url, "blergx"); + + // Once stored, cannot be stored again + $this->_checkUseNonce($store, $nonce1, false, $url, 2); + + // And using again has the same effect + $this->_checkUseNonce($store, $nonce1, false, $url, 3); + + // Nonces from when the universe was an hour old should + // not pass these days. + $old_nonce = Auth_OpenID_mkNonce(3600); + $this->_checkUseNonce($store, $old_nonce, false, $url, + "Old nonce ($old_nonce) passed."); + + } + } + + function _testNonceCleanup($store) { + if (!$store->supportsCleanup()) { + return; + } + + $server_url = 'http://www.myopenid.com/openid'; + + $now = time(); + + $old_nonce1 = Auth_OpenID_mkNonce($now - 20000); + $old_nonce2 = Auth_OpenID_mkNonce($now - 10000); + $recent_nonce = Auth_OpenID_mkNonce($now - 600); + + global $Auth_OpenID_SKEW; + $orig_skew = $Auth_OpenID_SKEW; + + $Auth_OpenID_SKEW = 0; + $store->cleanupNonces(); + // Set SKEW high so stores will keep our nonces. + $Auth_OpenID_SKEW = 100000; + + $params = Auth_OpenID_splitNonce($old_nonce1); + array_unshift($params, $server_url); + $this->assertTrue(call_user_func_array(array($store, 'useNonce'), $params)); + + $params = Auth_OpenID_splitNonce($old_nonce2); + array_unshift($params, $server_url); + $this->assertTrue(call_user_func_array(array($store, 'useNonce'), $params)); + + $params = Auth_OpenID_splitNonce($recent_nonce); + array_unshift($params, $server_url); + $this->assertTrue(call_user_func_array(array($store, 'useNonce'), $params)); + + $Auth_OpenID_SKEW = 3600; + $cleaned = $store->cleanupNonces(); + $this->assertEquals(2, $cleaned); // , "Cleaned %r nonces." % (cleaned,) + + $Auth_OpenID_SKEW = 100000; + // A roundabout method of checking that the old nonces were + // cleaned is to see if we're allowed to add them again. + + $params = Auth_OpenID_splitNonce($old_nonce1); + array_unshift($params, $server_url); + $this->assertTrue(call_user_func_array(array($store, 'useNonce'), $params)); + $params = Auth_OpenID_splitNonce($old_nonce2); + array_unshift($params, $server_url); + $this->assertTrue(call_user_func_array(array($store, 'useNonce'), $params)); + + // The recent nonce wasn't cleaned, so it should still fail. + $params = Auth_OpenID_splitNonce($recent_nonce); + array_unshift($params, $server_url); + $this->assertFalse(call_user_func_array(array($store, 'useNonce'), $params)); + + $Auth_OpenID_SKEW = $orig_skew; + } + +} +/** + * Class that tests all of the stores included with the OpenID library + * + * @package OpenID + */ +class Tests_Auth_OpenID_Included_StoreTest extends Tests_Auth_OpenID_Store { + function test_memstore() + { + require_once 'Tests/Auth/OpenID/MemStore.php'; + $store = new Tests_Auth_OpenID_MemStore(); + $this->_testStore($store); + $this->_testNonce($store); + $this->_testNonceCleanup($store); + } + + function test_filestore() + { + require_once 'Auth/OpenID/FileStore.php'; + + $temp_dir = _Auth_OpenID_mkdtemp(); + + if (!$temp_dir) { + trigger_error('Could not create temporary directory ' . + 'with Auth_OpenID_FileStore::_mkdtemp', + E_USER_WARNING); + return null; + } + + $store = new Auth_OpenID_FileStore($temp_dir); + $this->_testStore($store); + $this->_testNonce($store); + $this->_testNonceCleanup($store); + $store->destroy(); + } + + function test_postgresqlstore() + { + // If the postgres extension isn't loaded or loadable, succeed + // because we can't run the test. + if (!(extension_loaded('pgsql')) || + !(@include_once 'DB.php')) { + print "(not testing PostGreSQL store)"; + $this->pass(); + return; + } + + require_once 'Auth/OpenID/PostgreSQLStore.php'; + + global $_Auth_OpenID_db_test_host; + + $temp_db_name = _Auth_OpenID_getTmpDbName(); + + $connect_db_name = 'test_master'; + + $dsn = array( + 'phptype' => 'pgsql', + 'username' => 'openid_test', + 'password' => '', + 'hostspec' => $_Auth_OpenID_db_test_host, + 'database' => $connect_db_name + ); + + $allowed_failures = 5; + $result = null; + $sleep_time = 1.0; + $sql = sprintf("CREATE DATABASE %s", $temp_db_name); + + for ($failures = 0; $failures < $allowed_failures; $failures++) { + $template_db =& DB::connect($dsn); + + if (PEAR::isError($template_db)) { + $result =& $template_db; + } else { + // Try to create the test database. + $result = $template_db->query($sql); + + $template_db->disconnect(); + unset($template_db); + + if (!PEAR::isError($result)) { + break; + } + } + + $sleep_time *= ((mt_rand(1, 100) / 100.0) + 1.5); + print "Failed to create database $temp_db_name.\n". + "Waiting $sleep_time before trying again\n"; + + $int_sleep = floor($sleep_time); + $frac_sleep = $sleep_time - $int_sleep; + sleep($int_sleep); + usleep($frac_sleep * 1000000.0); + } + + if ($failures == $allowed_failures) { + $this->pass("Temporary database creation failed after $failures ". + " tries ('$temp_db_name'): " . $result->getMessage()); + return; + } + + // Disconnect from template1 and reconnect to the temporary + // testing database. + $dsn['database'] = $temp_db_name; + $db =& DB::connect($dsn); + + if (PEAR::isError($db)) { + $this->fail("Temporary database connection failed " . + " ('$temp_db_name'): " . $db->getMessage()); + return; + } + + $store = new Auth_OpenID_PostgreSQLStore($db); + + $this->assertFalse($store->tableExists($store->nonces_table_name)); + $this->assertFalse($store->tableExists($store->associations_table_name)); + + $store->createTables(); + + $this->assertTrue($store->tableExists($store->nonces_table_name)); + $this->assertTrue($store->tableExists($store->associations_table_name)); + + $this->_testStore($store); + $this->_testNonce($store); + $this->_testNonceCleanup($store); + + $db->disconnect(); + unset($db); + + // Connect to template1 again so we can drop the temporary + // database. + $dsn['database'] = $connect_db_name; + $template_db =& DB::connect($dsn); + + if (PEAR::isError($template_db)) { + $this->fail("Template database connection (to drop " . + "temporary database) failed: " . + $template_db->getMessage()); + return; + } + + $result = $template_db->query(sprintf("DROP DATABASE %s", + $temp_db_name)); + + if (PEAR::isError($result)) { + $this->fail("Dropping temporary database failed: " . + $result->getMessage()); + return; + } + + $template_db->disconnect(); + unset($template_db); + } + + function test_sqlitestore() + { + // If the sqlite extension isn't loaded or loadable, succeed + // because we can't run the test. + if (!(extension_loaded('sqlite')) || + !(@include_once 'DB.php')) { + print "(not testing SQLite store)"; + $this->pass(); + return; + } + + require_once 'Auth/OpenID/SQLiteStore.php'; + + $temp_dir = _Auth_OpenID_mkdtemp(); + + if (!$temp_dir) { + trigger_error('Could not create temporary directory ' . + 'with Auth_OpenID_FileStore::_mkdtemp', + E_USER_WARNING); + return null; + } + + $dsn = 'sqlite:///' . urlencode($temp_dir) . '/php_openid_storetest.db'; + $db =& DB::connect($dsn); + + if (PEAR::isError($db)) { + $this->pass("SQLite database connection failed: " . + $db->getMessage()); + } else { + $store = new Auth_OpenID_SQLiteStore($db); + $this->assertTrue($store->createTables(), "Table creation failed"); + $this->_testStore($store); + $this->_testNonce($store); + $this->_testNonceCleanup($store); + } + + $db->disconnect(); + unset($db); + unset($store); + unlink($temp_dir . '/php_openid_storetest.db'); + rmdir($temp_dir); + } + + function test_mysqlstore() + { + // If the mysql extension isn't loaded or loadable, succeed + // because we can't run the test. + if (!(extension_loaded('mysql')) || + !(@include_once 'DB.php')) { + print "(not testing MySQL store)"; + $this->pass(); + return; + } + + require_once 'Auth/OpenID/MySQLStore.php'; + + global $_Auth_OpenID_db_test_host; + + $dsn = array( + 'phptype' => 'mysql', + 'username' => 'openid_test', + 'password' => '', + 'hostspec' => $_Auth_OpenID_db_test_host + ); + + $db =& DB::connect($dsn); + + if (PEAR::isError($db)) { + print "MySQL database connection failed: " . + $db->getMessage(); + $this->pass(); + return; + } + + $temp_db_name = _Auth_OpenID_getTmpDbName(); + + $result = $db->query("CREATE DATABASE $temp_db_name"); + + if (PEAR::isError($result)) { + $this->pass("Error creating MySQL temporary database: " . + $result->getMessage()); + return; + } + + $db->query("USE $temp_db_name"); + + $store = new Auth_OpenID_MySQLStore($db); + $store->createTables(); + $this->_testStore($store); + $this->_testNonce($store); + $this->_testNonceCleanup($store); + + $db->query("DROP DATABASE $temp_db_name"); + } + + function test_mdb2store() + { + // The MDB2 test can use any database engine. MySQL is chosen + // arbitrarily. + if (!(extension_loaded('mysql') || + @dl('mysql.' . PHP_SHLIB_SUFFIX)) || + !(@include_once 'MDB2.php')) { + print "(not testing MDB2 store)"; + $this->pass(); + return; + } + + require_once 'Auth/OpenID/MDB2Store.php'; + + global $_Auth_OpenID_db_test_host; + + $dsn = array( + 'phptype' => 'mysql', + 'username' => 'openid_test', + 'password' => '', + 'hostspec' => $_Auth_OpenID_db_test_host + ); + + $db =& MDB2::connect($dsn); + + if (PEAR::isError($db)) { + print "MySQL database connection failed: " . + $db->getMessage(); + $this->pass(); + return; + } + + $temp_db_name = _Auth_OpenID_getTmpDbName(); + + $result = $db->query("CREATE DATABASE $temp_db_name"); + + if (PEAR::isError($result)) { + $this->pass("Error creating MySQL temporary database: " . + $result->getMessage()); + return; + } + + $db->query("USE $temp_db_name"); + + $store =& new Auth_OpenID_MDB2Store($db); + if (!$store->createTables()) { + $this->fail("Failed to create tables"); + return; + } + $this->_testStore($store); + $this->_testNonce($store); + $this->_testNonceCleanup($store); + + $db->query("DROP DATABASE $temp_db_name"); + } +} + +/** + * This is the host that the store test will use + */ +global $_Auth_OpenID_memcache_test_host; +$_Auth_OpenID_memcache_test_host = 'localhost'; + +class Tests_Auth_OpenID_MemcachedStore_Test extends Tests_Auth_OpenID_Store { + function test_memcache() + { + // If the memcache extension isn't loaded or loadable, succeed + // because we can't run the test. + if (!extension_loaded('memcache')) { + print "(skipping memcache store tests)"; + $this->pass(); + return; + } + require_once 'Auth/OpenID/MemcachedStore.php'; + + global $_Auth_OpenID_memcache_test_host; + + $memcached = new Memcache(); + if (!$memcached->connect($_Auth_OpenID_memcache_test_host)) { + print "(skipping memcache store tests - couldn't connect)"; + $this->pass(); + } else { + $store = new Auth_OpenID_MemcachedStore($memcached); + + $this->_testStore($store); + $this->_testNonce($store); + $this->_testNonceCleanup($store); + + $memcached->close(); + } + } +} + +class Tests_Auth_OpenID_StoreTest extends PHPUnit_Framework_TestSuite { + function getName() + { + return "Tests_Auth_OpenID_StoreTest"; + } + + function Tests_Auth_OpenID_StoreTest() + { + $this->addTestSuite('Tests_Auth_OpenID_Included_StoreTest'); + $this->addTestSuite('Tests_Auth_OpenID_MemcachedStore_Test'); + } +} + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/TestUtil.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/TestUtil.php new file mode 100644 index 000000000..28e3ca9af --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/TestUtil.php @@ -0,0 +1,60 @@ +<?php + +/** + * Utilites for test functions + */ + + +function Tests_Auth_OpenID_datafile($name, $reader) +{ + $path = dirname(realpath(__FILE__)); + $sep = DIRECTORY_SEPARATOR; + $filename = $path . $sep . 'data' . $sep . $name; + $data = $reader($filename); + if ($data === false) { + $msg = "Failed to open data file: $name"; + trigger_error($msg, E_USER_ERROR); + } + return $data; +} + +function Tests_Auth_OpenID_readdata($name) +{ + return Tests_Auth_OpenID_datafile($name, 'file_get_contents'); +} + +function Tests_Auth_OpenID_readlines($name) +{ + return Tests_Auth_OpenID_datafile($name, 'file'); +} + +class OpenIDTestMixin extends PHPUnit_Framework_TestCase { + function failUnlessOpenIDValueEquals($msg, $key, $expected, $ns=null) + { + if ($ns === null) { + $ns = Auth_OpenID_OPENID_NS; + } + + $actual = $msg->getArg($ns, $key); + $error_format = 'Wrong value for openid.%s: expected=%s, actual=%s'; + $error_message = sprintf($error_format, + $key, $expected, $actual); + + $this->assertEquals($expected, $actual, $error_message); + } + + function failIfOpenIDKeyExists($msg, $key, $ns=null) + { + if ($ns === null) { + $ns = Auth_OpenID_OPENID_NS; + } + + $actual = $msg->getArg($ns, $key); + $error_message = sprintf('openid.%s unexpectedly present: %s', + $key, $actual); + + $this->assertFalse($msg->hasKey($ns, $key), + $error_message); + } +} + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/TrustRoot.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/TrustRoot.php new file mode 100644 index 000000000..360394091 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/TrustRoot.php @@ -0,0 +1,172 @@ +<?php + +/** + * Tests for the TrustRoot module + */ + +require_once "Auth/OpenID/TrustRoot.php"; +require_once "Tests/Auth/OpenID/TestUtil.php"; + +class Tests_Auth_OpenID_TRParseCase extends PHPUnit_Framework_TestCase { + function Tests_Auth_OpenID_TRParseCase($desc, $case, $expected) + { + $this->setName($desc); + $this->case = $case; + $this->expected = $expected; + } + + function runTest() + { + $is_sane = Auth_OpenID_TrustRoot::isSane($this->case); + $parsed = (bool)Auth_OpenID_TrustRoot::_parse($this->case); + switch ($this->expected) { + case 'sane': + $this->assertTrue($parsed, "Did not parse"); + $this->assertTrue($is_sane, "Is not sane"); + break; + case 'insane': + $this->assertTrue($parsed, "Did not parse"); + $this->assertFalse($is_sane, "Is sane"); + break; + default: + $this->assertFalse($parsed, "Did parse"); + $this->assertFalse($is_sane, "Is sane"); + } + } +} + +class Tests_Auth_OpenID_TRMatchCase extends PHPUnit_Framework_TestCase { + function Tests_Auth_OpenID_TRMatchCase($desc, $tr, $rt, $matches) + { + $this->setName($desc); + $this->tr = $tr; + $this->rt = $rt; + $this->matches = $matches; + } + + function runTest() + { + $matches = Auth_OpenID_TrustRoot::match($this->tr, $this->rt); + $this->assertEquals((bool)$this->matches, (bool)$matches); + } +} + +function Tests_Auth_OpenID_parseHeadings($data, $c) +{ + $heading_pat = '/(^|\n)' . $c . '{40}\n([^\n]+)\n' . $c . '{40}\n()/'; + $offset = 0; + $headings = array(); + while (true) { + preg_match($heading_pat, substr($data, $offset), $matches, + PREG_OFFSET_CAPTURE); + if (!$matches) { + break; + } + $start = $matches[0][1]; + $heading = $matches[2][0]; + $end = $matches[3][1]; + $headings[] = array('heading' => $heading, + 'start' => $offset + $start, + 'end' => $offset + $end, + ); + $offset += $end; + } + return $headings; +} + +function Tests_Auth_OpenID_getSections($data) +{ + $headings = Tests_Auth_OpenID_parseHeadings($data, '-'); + $sections = array(); + $n = count($headings); + for ($i = 0; $i < $n; ) { + $secdata = $headings[$i]; + list($numtests, $desc) = explode(': ', $secdata['heading']); + $start = $secdata['end']; + $i += 1; + if ($i < $n) { + $blob = substr($data, $start, $headings[$i]['start'] - $start); + } else { + $blob = substr($data, $start); + } + $lines = explode("\n", trim($blob)); + if (count($lines) != $numtests) { + trigger_error('Parse failure: ' . var_export($secdata, true), + E_USER_ERROR); + } + $sections[] = array('desc' => $desc, 'lines' => $lines,); + } + return $sections; +} + +function Tests_Auth_OpenID_trParseTests($head, $tests) +{ + $tests = array('fail' => $tests[0], + 'insane' => $tests[1], + 'sane' => $tests[2]); + $testobjs = array(); + foreach ($tests as $expected => $testdata) { + $lines = $testdata['lines']; + foreach ($lines as $line) { + $desc = sprintf("%s - %s: %s", $head, + $testdata['desc'], var_export($line, true)); + $testobjs[] = new Tests_Auth_OpenID_TRParseCase( + $desc, $line, $expected); + } + } + return $testobjs; +} + +function Tests_Auth_OpenID_trMatchTests($head, $tests) +{ + $tests = array(true => $tests[0], false => $tests[1]); + $testobjs = array(); + foreach ($tests as $expected => $testdata) { + $lines = $testdata['lines']; + foreach ($lines as $line) { + $pat = '/^([^ ]+) +([^ ]+)$/'; + preg_match($pat, $line, $matches); + list($_, $tr, $rt) = $matches; + $desc = sprintf("%s - %s: %s %s", $head, $testdata['desc'], + var_export($tr, true), var_export($rt, true)); + $testobjs[] = new Tests_Auth_OpenID_TRMatchCase( + $desc, $tr, $rt, $expected); + } + } + return $testobjs; +} + +function Tests_Auth_OpenID_trustRootTests() +{ + $data = Tests_Auth_OpenID_readdata('trustroot.txt'); + list($parsehead, $matchhead) = Tests_Auth_OpenID_parseHeadings($data, '='); + $pe = $parsehead['end']; + $parsedata = substr($data, $pe, $matchhead['start'] - $pe); + $parsetests = Tests_Auth_OpenID_getSections($parsedata); + $parsecases = Tests_Auth_OpenID_trParseTests($parsehead['heading'], + $parsetests); + + $matchdata = substr($data, $matchhead['end']); + $matchtests = Tests_Auth_OpenID_getSections($matchdata); + $matchcases = Tests_Auth_OpenID_trMatchTests($matchhead['heading'], + $matchtests); + + return array_merge($parsecases, $matchcases); +} + +class Tests_Auth_OpenID_TrustRoot extends PHPUnit_Framework_TestSuite { + function Tests_Auth_OpenID_TrustRoot($name) + { + $this->setName($name); + + foreach (Tests_Auth_OpenID_trustRootTests() as $test) { + $this->_addTestByValue($test); + } + } + + function _addTestByValue($test) { + $this->addTest($test); + } +} + + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/URINorm.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/URINorm.php new file mode 100644 index 000000000..b79b7802b --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/URINorm.php @@ -0,0 +1,66 @@ +<?php + +/** + * Tests for the URI normalization routines used by the OpenID + * library. + * + * PHP versions 4 and 5 + * + * LICENSE: See the COPYING file included in this distribution. + * + * @package OpenID + * @author JanRain, Inc. <openid@janrain.com> + * @copyright 2005-2008 Janrain, Inc. + * @license http://www.apache.org/licenses/LICENSE-2.0 Apache + */ + +require_once 'Auth/OpenID/URINorm.php'; +require_once 'Tests/Auth/OpenID/TestUtil.php'; + +class Tests_Auth_OpenID_URINorm_TestCase extends PHPUnit_Framework_TestCase { + function Tests_Auth_OpenID_URINorm_TestCase( + $name, $uri, $expected) + { + + $this->setName($name); + $this->uri = $uri; + $this->expected = $expected; + } + + function runTest() + { + $actual = Auth_OpenID_urinorm($this->uri); + $this->assertEquals($this->expected, $actual); + } +} + +class Tests_Auth_OpenID_URINorm extends PHPUnit_Framework_TestSuite { + function _readTestCases() + { + $lines = Tests_Auth_OpenID_readlines('urinorm.txt'); + $cases = array(); + $case = array(); + for ($i = 0; $i < count($lines) && ($i + 3 <= count($lines)); $i += 4) { + $name = trim($lines[$i]); + $uri = trim($lines[$i + 1]); + $expected = trim($lines[$i + 2]); + if ($expected == 'fail') { + $expected = null; + } + $cases[] = array($name, $uri, $expected); + } + + return $cases; + } + + function Tests_Auth_OpenID_URINorm($name) + { + $this->setName($name); + $cases = $this->_readTestCases(); + foreach ($cases as $case) { + list($name, $uri, $expected) = $case; + $this->addTest(new Tests_Auth_OpenID_URINorm_TestCase($name, $uri, $expected)); + } + } +} + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/Util.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/Util.php new file mode 100644 index 000000000..ecaed7905 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/Util.php @@ -0,0 +1,319 @@ +<?php + +/** + * Tests for utility functions used by the OpenID library. + * + * PHP versions 4 and 5 + * + * LICENSE: See the COPYING file included in this distribution. + * + * @package OpenID + * @author JanRain, Inc. <openid@janrain.com> + * @copyright 2005-2008 Janrain, Inc. + * @license http://www.apache.org/licenses/LICENSE-2.0 Apache + */ + +require_once 'Auth/OpenID.php'; + +class Tests_Auth_OpenID_Util extends PHPUnit_Framework_TestCase { + function test_base64() + { + // This is not good for international use, but PHP doesn't + // appear to provide access to the local alphabet. + $letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; + $digits = "0123456789"; + $extra = "+/="; + $allowed_s = $letters . $digits . $extra; + $allowed_d = array(); + + for ($i = 0; $i < strlen($allowed_s); $i++) { + $c = $allowed_s[$i]; + $allowed_d[$c] = null; + } + + function checkEncoded($obj, $str, $allowed_array) + { + for ($i = 0; $i < strlen($str); $i++) { + $obj->assertTrue(array_key_exists($str[$i], + $allowed_array)); + } + } + + $cases = array( + "", + "x", + "\x00", + "\x01", + str_repeat("\x00", 100), + implode("", array_map('chr', range(0, 255))) + ); + + foreach ($cases as $s) { + $b64 = base64_encode($s); + checkEncoded($this, $b64, $allowed_d); + $s_prime = base64_decode($b64); + $this->assertEquals($s_prime, $s); + } + + function random_ordinal($unused) + { + return rand(0, 255); + } + + // Randomized test + foreach (range(0, 49) as $i) { + $n = rand(0, 2048); + $s = implode("", array_map('chr', + array_map('random_ordinal', + range(0, $n)))); + $b64 = base64_encode($s); + checkEncoded($this, $b64, $allowed_d); + $s_prime = base64_decode($b64); + $this->assertEquals($s_prime, $s); + } + } + + function test_urldefrag() + { + $cases = array( + array('http://foo.com', 'http://foo.com'), + array('http://foo.com/', 'http://foo.com/'), + array('http://foo.com/path', 'http://foo.com/path'), + array('http://foo.com/path?query', 'http://foo.com/path?query'), + array('http://foo.com/path?query=v', 'http://foo.com/path?query=v'), + array('http://foo.com/?query=v', 'http://foo.com/?query=v'), + ); + + foreach ($cases as $pair) { + list($orig, $after) = $pair; + list($base, $frag) = Auth_OpenID::urldefrag($orig); + $this->assertEquals($after, $base); + $this->assertEquals($frag, ''); + + list($base, $frag) = Auth_OpenID::urldefrag($orig . "#fragment"); + $this->assertEquals($after, $base); + $this->assertEquals('fragment', $frag); + } + } + + function test_normalizeUrl() + { + $this->assertEquals("http://foo.com/", + Auth_OpenID::normalizeUrl("foo.com")); + + $this->assertEquals("http://foo.com/", + Auth_OpenID::normalizeUrl("http://foo.com")); + + $this->assertEquals("https://foo.com/", + Auth_OpenID::normalizeUrl("https://foo.com")); + + $this->assertEquals("http://foo.com/bar", + Auth_OpenID::normalizeUrl("foo.com/bar")); + + $this->assertEquals("http://foo.com/bar", + Auth_OpenID::normalizeUrl("http://foo.com/bar")); + + $this->assertEquals("http://foo.com/", + Auth_OpenID::normalizeUrl("http://foo.com/")); + + $this->assertEquals("https://foo.com/", + Auth_OpenID::normalizeUrl("https://foo.com/")); + + $this->assertEquals("https://foo.com/bar" , + Auth_OpenID::normalizeUrl("https://foo.com/bar")); + + $this->assertEquals("http://foo.com/bar" , + Auth_OpenID::normalizeUrl("HTtp://foo.com/bar")); + + $this->assertEquals("http://foo.com/bar" , + Auth_OpenID::normalizeUrl("HTtp://foo.com/bar#fraggle")); + + $this->assertEquals("http://foo.com/bAr/" , + Auth_OpenID::normalizeUrl("HTtp://fOo.com/bAr/.#fraggle")); + + if (0) { + $this->assertEquals("http://foo.com/%E8%8D%89", + Auth_OpenID::normalizeUrl("foo.com/\u8349")); + + $this->assertEquals("http://foo.com/%E8%8D%89", + Auth_OpenID::normalizeUrl("http://foo.com/\u8349")); + } + + $non_ascii_domain_cases = array( + array("http://xn--vl1a.com/", + "\u8349.com"), + + array("http://xn--vl1a.com/", + "http://\u8349.com"), + + array("http://xn--vl1a.com/", + "\u8349.com/"), + + array("http://xn--vl1a.com/", + "http://\u8349.com/"), + + array("http://xn--vl1a.com/%E8%8D%89", + "\u8349.com/\u8349"), + + array("http://xn--vl1a.com/%E8%8D%89", + "http://\u8349.com/\u8349"), + ); + + // XXX + /* + codecs.getencoder('idna') + except LookupError: + # If there is no idna codec, these cases with + # non-ascii-representable domain names should fail. + should_raise = True + else: + should_raise = False + + for expected, case in non_ascii_domain_cases: +try: +actual = Auth_OpenID::normalizeUrl(case) + except UnicodeError: + assert should_raise + else: +assert not should_raise and actual == expected, case + */ + + $this->assertNull(Auth_OpenID::normalizeUrl(null)); + $this->assertNull(Auth_OpenID::normalizeUrl('')); + $this->assertNull(Auth_OpenID::normalizeUrl('http://')); + } + + function test_appendArgs() + { + + $simple = 'http://www.example.com/'; + + $cases = array( + array('empty list', + array($simple, array()), + $simple), + + array('empty dict', + array($simple, array()), + $simple), + + array('one list', + array($simple, array(array('a', 'b'))), + $simple . '?a=b'), + + array('one dict', + array($simple, array('a' => 'b')), + $simple . '?a=b'), + + array('two list (same)', + array($simple, array(array('a', 'b'), + array('a', 'c'))), + $simple . '?a=b&a=c'), + + array('two list', + array($simple, array(array('a', 'b'), + array('b', 'c'))), + $simple . '?a=b&b=c'), + + array('two list (order)', + array($simple, array(array('b', 'c'), + array('a', 'b'))), + $simple . '?b=c&a=b'), + + array('two dict (order)', + array($simple, array('b' => 'c', + 'a' => 'b')), + $simple . '?a=b&b=c'), + + array('escape', + array($simple, array(array('=', '='))), + $simple . '?%3D=%3D'), + + array('escape (URL)', + array($simple, array(array('this_url', + $simple))), + $simple . + '?this_url=http%3A%2F%2Fwww.example.com%2F'), + + array('use dots', + array($simple, array(array('openid.stuff', + 'bother'))), + $simple . '?openid.stuff=bother'), + + array('args exist (empty)', + array($simple . '?stuff=bother', array()), + $simple . '?stuff=bother'), + + array('args exist', + array($simple . '?stuff=bother', + array(array('ack', 'ack'))), + $simple . '?stuff=bother&ack=ack'), + + array('args exist', + array($simple . '?stuff=bother', + array(array('ack', 'ack'))), + $simple . '?stuff=bother&ack=ack'), + + array('args exist (dict)', + array($simple . '?stuff=bother', + array('ack' => 'ack')), + $simple . '?stuff=bother&ack=ack'), + + array('args exist (dict 2)', + array($simple . '?stuff=bother', + array('ack' => 'ack', 'zebra' => 'lion')), + $simple . '?stuff=bother&ack=ack&zebra=lion'), + + array('three args (dict)', + array($simple, array('stuff' => 'bother', + 'ack' => 'ack', + 'zebra' => 'lion')), + $simple . '?ack=ack&stuff=bother&zebra=lion'), + + array('three args (list)', + array($simple, array( + array('stuff', 'bother'), + array('ack', 'ack'), + array('zebra', 'lion'))), + $simple . '?stuff=bother&ack=ack&zebra=lion'), + ); + + // Tests. + foreach ($cases as $case) { + list($desc, $data, $expected) = $case; + list($url, $query) = $data; + $this->assertEquals($expected, + Auth_OpenID::appendArgs($url, $query)); + } + } + + function test_getQuery() + { + $queries = array( + '' => array(), + 'single' => array(), + 'no&pairs' => array(), + 'x%3Dy' => array(), + 'single&real=value' => array('real' => 'value'), + 'x=y&m=x%3Dn' => array('x' => 'y', 'm' => 'x=n'), + '&m=x%20y' => array('m' => 'x y'), + 'single&&m=x%20y&bogus' => array('m' => 'x y'), + // Even with invalid encoding. But don't do that. + 'too=many=equals&' => array('too' => 'many=equals') + ); + + foreach ($queries as $s => $data) { + $query = Auth_OpenID::getQuery($s); + + foreach ($data as $key => $value) { + $this->assertTrue($query[$key] === $value); + } + + foreach ($query as $key => $value) { + $this->assertTrue($data[$key] === $value); + } + } + } +} + + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/VerifyDisco.php b/models/openid-php-openid-782224d/Tests/Auth/OpenID/VerifyDisco.php new file mode 100644 index 000000000..ea2566d19 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/VerifyDisco.php @@ -0,0 +1,422 @@ +<?php + +require_once "Tests/Auth/OpenID/TestUtil.php"; +require_once "Tests/Auth/OpenID/MemStore.php"; + +require_once "Auth/OpenID/Message.php"; +require_once "Auth/OpenID/Consumer.php"; + +class Tests_Auth_OpenID_VerifyDisco_1 extends Auth_OpenID_GenericConsumer { + function _discoverAndVerify($claimed_id, $to_match_endpoints) + { + $this->test_case->assertEquals($this->endpoint->claimed_id, $claimed_id); + return new Auth_OpenID_FailureResponse(null, $this->text); + } +} + +class __VerifiedError extends Auth_OpenID_FailureResponse { +} + +class VerifyDisco_Consumer_verifiedError extends Auth_OpenID_GenericConsumer { + function _discoverAndVerify($to_match) + { + return new __VerifiedError(null, 'verified error'); + } +} + +class _DiscoverAndVerify extends OpenIDTestMixin { + var $consumer_class = 'Auth_OpenID_GenericConsumer'; + + function setUp() + { + $this->store = new Tests_Auth_OpenID_MemStore(); + $cl = $this->consumer_class; + $this->consumer = new $cl($this->store); + $this->return_to = "http://some.host/path"; + $this->endpoint = new Auth_OpenID_ServiceEndpoint(); + + $this->server_id = "sirod"; + $this->server_url = "serlie"; + $this->consumer_id = "consu"; + + $this->endpoint->claimed_id = $this->consumer_id; + $this->endpoint->server_url = $this->server_url; + $this->endpoint->local_id = $this->server_id; + $this->endpoint->type_uris = array(Auth_OpenID_TYPE_1_1); + } + + function failUnlessProtocolError($thing) + { + $this->assertTrue(Auth_OpenID::isFailure($thing)); + } +} + +class _Tests_discoveryOverride { + function _Tests_discoveryOverride($endpoint) + { + $this->endpoint = $endpoint; + } + + function discover($unused_url) + { + return array($this->endpoint->claimed_id, array($this->endpoint)); + } +} +class Tests_openID1Fallback1_0 extends _DiscoverAndVerify { + function test_openID1Fallback1_0() + { + $claimed_id = 'http://claimed.id/'; + $resp_msg = Auth_OpenID_Message::fromOpenIDArgs( + array('ns' => Auth_OpenID_OPENID1_NS, + 'identity' => $claimed_id)); + $resp_msg->setArg(Auth_OpenID_BARE_NS, 'openid1_claimed_id', + $claimed_id); + $expected_endpoint = new Auth_OpenID_ServiceEndpoint(); + $expected_endpoint->type_uris = array(Auth_OpenID_TYPE_1_0); + $expected_endpoint->local_id = null; + $expected_endpoint->claimed_id = $claimed_id; + + $discovery_override = new _Tests_discoveryOverride($expected_endpoint); + $this->consumer->discoverMethod = array($discovery_override, 'discover'); + + $actual_endpoint = $this->consumer->_verifyDiscoveryResults( + $resp_msg, null); + + $this->assertTrue(is_a($actual_endpoint, "Auth_OpenID_ServiceEndpoint")); + + $this->assertEquals($expected_endpoint->local_id, + $actual_endpoint->local_id); + $this->assertEquals($expected_endpoint->server_url, + $actual_endpoint->server_url); + + $this->assertEquals($expected_endpoint->type_uris, + $actual_endpoint->type_uris); + + $this->assertEquals($expected_endpoint->claimed_id, + $actual_endpoint->claimed_id); + + } +} + +class Tests_Auth_OpenID_VerifyDisco extends _DiscoverAndVerify { + function test_openID1NoLocalID() + { + $endpoint = new Auth_OpenID_ServiceEndpoint(); + $endpoint->claimed_id = 'bogus'; + + $msg = Auth_OpenID_Message::fromOpenIDArgs(array()); + // 'Missing required field openid.identity' + $this->failUnlessProtocolError($this->consumer->_verifyDiscoveryResults($msg, $endpoint)); + } + + function test_openID1NoEndpoint() + { + $msg = Auth_OpenID_Message::fromOpenIDArgs(array('identity' => 'snakes on a plane')); + $this->failUnlessProtocolError($this->consumer->_verifyDiscoveryResults($msg)); + } + + function test_openID2NoOPEndpointArg() + { + $msg = Auth_OpenID_Message::fromOpenIDArgs(array('ns' => Auth_OpenID_OPENID2_NS)); + $this->failUnlessProtocolError($this->consumer->_verifyDiscoveryResults($msg, null)); + } + + function test_openID2LocalIDNoClaimed() + { + $msg = Auth_OpenID_Message::fromOpenIDArgs(array('ns' => Auth_OpenID_OPENID2_NS, + 'op_endpoint' => 'Phone Home', + 'identity' => 'Jose Lius Borges')); + // 'openid.identity is present without', + $this->failUnlessProtocolError($this->consumer->_verifyDiscoveryResults($msg)); + } + + function test_openID2NoLocalIDClaimed() + { + $msg = Auth_OpenID_Message::fromOpenIDArgs(array('ns' => Auth_OpenID_OPENID2_NS, + 'op_endpoint' => 'Phone Home', + 'claimed_id' => 'Manuel Noriega')); + // 'openid.claimed_id is present without', + $this->failUnlessProtocolError( + $this->consumer->_verifyDiscoveryResults($msg)); + } + + function test_openID2NoIdentifiers() + { + $op_endpoint = 'Phone Home'; + $msg = Auth_OpenID_Message::fromOpenIDArgs(array('ns' => Auth_OpenID_OPENID2_NS, + 'op_endpoint' => $op_endpoint)); + $result_endpoint = $this->consumer->_verifyDiscoveryResults($msg); + $this->assertTrue($result_endpoint->isOPIdentifier()); + $this->assertEquals($op_endpoint, $result_endpoint->server_url); + $this->assertEquals(null, $result_endpoint->claimed_id); + } + + function test_openid2UsePreDiscovered() + { + $endpoint = new Auth_OpenID_ServiceEndpoint(); + $endpoint->local_id = 'my identity'; + $endpoint->claimed_id = 'i am sam'; + $endpoint->server_url = 'Phone Home'; + $endpoint->type_uris = array(Auth_OpenID_TYPE_2_0); + + $msg = Auth_OpenID_Message::fromOpenIDArgs( + array('ns' => Auth_OpenID_OPENID2_NS, + 'identity' => $endpoint->local_id, + 'claimed_id' => $endpoint->claimed_id, + 'op_endpoint' => $endpoint->server_url)); + + $result = $this->consumer->_verifyDiscoveryResults($msg, $endpoint); + $this->assertTrue($result === $endpoint); + } + + function test_openid2UsePreDiscoveredWrongType() + { + $this->consumer = new Tests_Auth_OpenID_VerifyDisco_1($this->store); + $this->consumer->test_case =& $this; + $this->consumer->text = "verify failed"; + + $endpoint = new Auth_OpenID_ServiceEndpoint(); + $endpoint->local_id = 'my identity'; + $endpoint->claimed_id = 'i am sam'; + $endpoint->server_url = 'Phone Home'; + $endpoint->type_uris = array(Auth_OpenID_TYPE_1_1); + + $this->consumer->endpoint =& $endpoint; + + $msg = Auth_OpenID_Message::fromOpenIDArgs( + array('ns' => Auth_OpenID_OPENID2_NS, + 'identity' => $endpoint->local_id, + 'claimed_id' => $endpoint->claimed_id, + 'op_endpoint' => $endpoint->server_url)); + + $result = $this->consumer->_verifyDiscoveryResults($msg, $endpoint); + $this->failUnlessProtocolError($result); + $this->assertTrue($result->message == "verify failed"); + } + + function test_openid1UsePreDiscovered() + { + $endpoint = new Auth_OpenID_ServiceEndpoint(); + $endpoint->local_id = 'my identity'; + $endpoint->claimed_id = 'i am sam'; + $endpoint->server_url = 'Phone Home'; + $endpoint->type_uris = array(Auth_OpenID_TYPE_1_1); + + $msg = Auth_OpenID_Message::fromOpenIDArgs( + array('ns' => Auth_OpenID_OPENID1_NS, + 'identity' => $endpoint->local_id)); + $result = $this->consumer->_verifyDiscoveryResults($msg, $endpoint); + $this->assertTrue($result == $endpoint); + } + + function test_openid2Fragment() + { + $claimed_id = "http://unittest.invalid/"; + $claimed_id_frag = $claimed_id . "#fragment"; + + $endpoint = new Auth_OpenID_ServiceEndpoint(); + $endpoint->local_id = 'my identity'; + $endpoint->claimed_id = $claimed_id; + $endpoint->server_url = 'Phone Home'; + $endpoint->type_uris = array(Auth_OpenID_TYPE_2_0); + + $msg = Auth_OpenID_Message::fromOpenIDArgs( + array('ns' => Auth_OpenID_OPENID2_NS, + 'identity' => $endpoint->local_id, + 'claimed_id' => $claimed_id_frag, + 'op_endpoint' => $endpoint->server_url)); + $result = $this->consumer->_verifyDiscoveryResults($msg, $endpoint); + + $this->assertEquals($result->local_id, $endpoint->local_id); + $this->assertEquals($result->server_url, $endpoint->server_url); + + $this->assertEquals($result->type_uris, $endpoint->type_uris); + + $this->assertEquals($result->claimed_id, $claimed_id_frag); + } + +} + +class Tests_openid1UsePreDiscoveredWrongType extends _DiscoverAndVerify { + var $consumer_class = 'VerifyDisco_Consumer_verifiedError'; + + function test_openid1UsePreDiscoveredWrongType() + { + $endpoint = new Auth_OpenID_ServiceEndpoint(); + $endpoint->local_id = 'my identity'; + $endpoint->claimed_id = 'i am sam'; + $endpoint->server_url = 'Phone Home'; + $endpoint->type_uris = array(Auth_OpenID_TYPE_2_0); + + $msg = Auth_OpenID_Message::fromOpenIDArgs( + array('ns' => Auth_OpenID_OPENID1_NS, + 'identity' => $endpoint->local_id)); + + $result = $this->consumer->_verifyDiscoveryResults($msg, $endpoint); + $this->failUnlessProtocolError($result); + $this->assertTrue(is_a($result, '__VerifiedError')); + } +} + +// XXX: test the implementation of _discoverAndVerify + +class Tests_openID2NoEndpointDoesDisco_sentinel extends Auth_OpenID_GenericConsumer { + var $sentinel = 'blah'; + + function _discoverAndVerify($to_match) + { + return $this->sentinel; + } +} + +class Tests_openID2NoEndpointDoesDisco_failure extends Auth_OpenID_GenericConsumer { + var $failure_message = 'A fake failure response message'; + + function _verifyDiscoverySingle($to_match) + { + return new Auth_OpenID_FailureResponse(null, $this->failure_message); + } +} + +class Tests_openID2NoEndpointDoesDisco extends Tests_Auth_OpenID_VerifyDisco { + var $consumer_class = 'Tests_openID2NoEndpointDoesDisco_sentinel'; + + function test_openID2NoEndpointDoesDisco() + { + $op_endpoint = 'Phone Home'; + $this->consumer->sentinel = new Auth_OpenID_ServiceEndpoint(); + $this->consumer->sentinel->claimed_id = 'monkeysoft'; + + $msg = Auth_OpenID_Message::fromOpenIDArgs( + array('ns' => Auth_OpenID_OPENID2_NS, + 'identity' => 'sour grapes', + 'claimed_id' => 'monkeysoft', + 'op_endpoint' => $op_endpoint)); + + $result = $this->consumer->_verifyDiscoveryResults($msg); + $this->assertEquals($this->consumer->sentinel, $result); + } +} + +class Tests_openID2MismatchedDoesDisco extends Tests_Auth_OpenID_VerifyDisco { + var $consumer_class = 'Tests_openID2NoEndpointDoesDisco_sentinel'; + + function test_openID2MismatchedDoesDisco() + { + $mismatched = new Auth_OpenID_ServiceEndpoint(); + $mismatched->identity = 'nothing special, but different'; + $mismatched->local_id = 'green cheese'; + + $sentinel = new Auth_OpenID_ServiceEndpoint(); + $sentinel->claimed_id = 'monkeysoft'; + $this->consumer->sentinel = $sentinel; + + $op_endpoint = 'Phone Home'; + + $msg = Auth_OpenID_Message::fromOpenIDArgs( + array('ns' => Auth_OpenID_OPENID2_NS, + 'identity' => 'sour grapes', + 'claimed_id' => 'monkeysoft', + 'op_endpoint' => $op_endpoint)); + + $result = $this->consumer->_verifyDiscoveryResults($msg, $mismatched); + $this->assertEquals($this->consumer->sentinel, $result); + } +} + +class Tests_openID2MismatchedDoesDisco_failure extends PHPUnit_Framework_TestCase { + var $consumer_class = 'Tests_openID2NoEndpointDoesDisco_failure'; + + function setUp() + { + $this->store = new Tests_Auth_OpenID_MemStore(); + $cl = $this->consumer_class; + $this->consumer = new $cl($this->store); + $this->return_to = "http://some.host/path"; + $this->endpoint = new Auth_OpenID_ServiceEndpoint(); + + $this->consumer->discoverMethod = array($this, "_getServices"); + + $this->server_id = "sirod"; + $this->server_url = "serlie"; + $this->consumer_id = "consu"; + + $this->endpoint->claimed_id = $this->consumer_id; + $this->endpoint->server_url = $this->server_url; + $this->endpoint->local_id = $this->server_id; + $this->endpoint->type_uris = array(Auth_OpenID_TYPE_1_1); + } + + function _getServices($claimed_id, $fetcher=null) { + return array(null, array($this->endpoint)); + } + + function test_openID2MismatchedDoesDisco_failure() + { + $mismatched = new Auth_OpenID_ServiceEndpoint(); + $mismatched->identity = 'nothing special, but different'; + $mismatched->local_id = 'green cheese'; + + $op_endpoint = 'Phone Home'; + + $msg = Auth_OpenID_Message::fromOpenIDArgs( + array('ns' => Auth_OpenID_OPENID2_NS, + 'identity' => 'sour grapes', + 'claimed_id' => 'monkeysoft', + 'op_endpoint' => $op_endpoint)); + + $result = $this->consumer->_verifyDiscoveryResults($msg, $mismatched); + $this->assertTrue(Auth_OpenID::isFailure($result)); + } +} + +class TestVerifyDiscoverySingle extends OpenIDTestMixin { + var $consumer_class = 'Auth_OpenID_GenericConsumer'; + + function setUp() + { + $this->store = new Tests_Auth_OpenID_MemStore(); + $cl = $this->consumer_class; + $this->consumer = new $cl($this->store); + $this->return_to = "http://some.host/path"; + $this->endpoint = new Auth_OpenID_ServiceEndpoint(); + + $this->server_id = "sirod"; + $this->server_url = "serlie"; + $this->consumer_id = "consu"; + + $this->endpoint->claimed_id = $this->consumer_id; + $this->endpoint->server_url = $this->server_url; + $this->endpoint->local_id = $this->server_id; + $this->endpoint->type_uris = array(Auth_OpenID_TYPE_1_1); + } + + function test_endpointWithoutLocalID() + { + // An endpoint like this with no local_id is generated as a + // result of e.g. Yadis discovery with no LocalID tag. + $endpoint = new Auth_OpenID_ServiceEndpoint(); + $endpoint->server_url = "http://localhost:8000/openidserver"; + $endpoint->claimed_id = "http://localhost:8000/id/id-jo"; + + $to_match = new Auth_OpenID_ServiceEndpoint(); + $to_match->server_url = "http://localhost:8000/openidserver"; + $to_match->claimed_id = "http://localhost:8000/id/id-jo"; + $to_match->local_id = "http://localhost:8000/id/id-jo"; + + $result = $this->consumer->_verifyDiscoverySingle($endpoint, $to_match); + + // result should always be None, raises exception on failure. + $this->assertEquals($result, null); + } +} + +global $Tests_Auth_OpenID_VerifyDisco_other; +$Tests_Auth_OpenID_VerifyDisco_other = array( + new Tests_openID2MismatchedDoesDisco(), + new Tests_openID2NoEndpointDoesDisco(), + new Tests_openID2MismatchedDoesDisco_failure(), + new Tests_openid1UsePreDiscoveredWrongType(), + new Tests_openID1Fallback1_0(), + ); + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/dhexch b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/dhexch new file mode 100644 index 000000000..7a8be0737 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/dhexch @@ -0,0 +1,25 @@ +2126517416 1503105722 107994742031567165457540274858809652167995244913839787589743578103625285208352685332617657612917013907706708046204110421143061814711041523408378123857885283119340960531860106377561159933747570456852792031929014142490977574671361334052940195520731561436107832724927338342871107723160776334443535305873323500256 +1726325708 97982531 120276049194830643562108817809662062106546923236483207874835831104433621725428405166395533625121884325430201809382464614237831903082554679507511419420917850293136497504021313018779166242697363853538302653639224106865664333535348491338293646599577557630201300627170167862878616413985927131488374258664616392092 +7191572 1822336109 122056637146069839485450157659463602136773435897258591538866604089577736061707581662949502933519623787237101424065925246227311788026398025228549571401681364284397681558495127293422405005519207011429758784679359026564663723906503072635741603815702201571462971153413211041068663899032199555395016545688330586044 +228786056 1675584603 117701151389970889003978379762267752133865163176557074701079147801046451813688145274964215828365957142552336288689654120601548113748929766366564174096775189852190965077394508456052823068488823291767811224538103381867631753777200820579564678159674117155563703553000884461777658090456283332220216734612556688513 +804908984 2135801843 64993745755656098807721600357147815184322152457013249228399624894951891365784451431980303960531348451816046446458097670030866575746640795583720668211568084611960590087205609635406810868042628237527172170079769791670793545166757565720288711565725471066283638538704293790079806106677373567711048953361333211210 +1122280790 1614259350 3970244390792364343312138669070883638127263175075582263096706481850448381703964455173288740017450440943500797144425033043394229962284552755667989452357422108026327690718801740503572676309934059296211509079412739861064178751353597300902277808636740745335474263237517162977595705012834985895341553367459792583 +554314515 998420920 123643361743671701825618173162391028658772950477687990712748798605914570427945055208640384218469111438408345424338893652923941552893606133066783001743721804859308011765507616515353882559991735865794891472781955621601467016660304188272123202130977476560852093272543539966026915472638392018462692756028817601255 +719945347 612820861 103551249110130410018728043034553056272870332237608830696804104933749752848182147616875273399120950956495972830177071656956289995248469136767050516935071277259217339496102844766065836859503647533631994664364053659677674596380230790347281302210808329346735637394258018381272973124437749621859047096780954428763 +1030625109 1519412381 15696617275088442746387785148060623054817901281945029743077460769180096631404983383910114661025034557230747207080210469011273591184527303007260363112037932265980126744700626024259985586947347501172863220738584453809309462129610346067407238209251289710742647393829531889303218223237301268534338307710560528439 +1711254768 1710707291 57671766580359527580383190392835992822988951359063099518333951473557157636791373831886967456320589708220219137556141104065094734173377513568373511612097050435132426608350879787688784646390242899955969071718348216328885834450215105058725433533776719158074043390881257587614495125963197168525883771897032429145 +350065369 319208735 44521456496863698728911963510653524876630475042295240074435222668882607096381437705850621136342821688618111659046306438623837465097724847737566157513351593063095577843263064035230462006868686576892037899378382406468120801597507834123281075093108794208153836881908434178839513489161646768450411118658866064760 +2060218994 1946043223 56312469398022909670236635086334904553302665496424591277087996113064393075310693844995965663947160222486178761741935506327835516277624460430181450292802834360724976701838361338230904004764511115279873515265325364671729600765057941485718305803874368460265173324375012707038078949514720443784809672434739391394 +348859478 486047271 63578529904279717544096579659734885121575283886072626718230632949600891106018451131129915865157675764791879663149288069798959505461654979937263948081560345222746334083402817181164255208790802816536212306902000509334761465449621953806270899950736579351124776383450108496252367170418747525612150563944975123906 +1012847796 1311216437 107243486601777772242638374457577339776317528440551074937135087437181884726459082109032187432358497015564158022857522392034581988349463322793155498885898276448910563934149930379053835676169014345745737841013305105289515557002942278171260275549569040668192618881235525671100756834785472005323827534045854021808 +1108188659 73002956 151810407586486667408500610375120927048683500513617431444670840241105574837701928593342245869128797827409414723271900961746330458448581633550115101600384307415146567797051023727766743006773542272526168313129133103058023736384944187039543948615045687254043611794926502253898300807539332514119558228945387167129 +1367891527 957164137 106888874248390844568539366153235739322099571679913873665077300044384432133087328354115380340807163549209282323027334598550750155549975114208460003069900549945106924101337174939911191001778776920788324219234143471273850920009578258747072782983631129326451246547584416492036977756842649955247390532642313031673 +1109319782 312705549 68015190517529836158634537187194145539209089151286211608940739126031607591236786876471227901028349157506546942329120582174574792522929377067808957872180985535362179866434055727341930725758279092655515659945664689974113139170079360543337269872976473433045950679959300152245802435127006127508284128226462808242 +77629902 1442208847 80002290434058357698705037287975366182731667140415670086832039653095542318592553515737200055739316505804591069679885064388918352070456242079053263046801427045473800954002156858264359891351667747947419377687560365442620710551484084591458509139700723197713694698034159851521977928611736821392017020477832037627 +1876665427 42392232 94638321177007894302596716790742601595610267055803051893624262442254201910985079684859058170169970420428917385076321338591735591117741499259022286688741758915429225227910702796255294628145448897362890044237980198958757175908654342104958253051607028469935368687936664986431151922321609065078691893879183189566 +559635525 1782490275 71365295096950865667427967092027725943054589808884646377867956234326896501650860934260905567087143525158504721587985301638221372965891635800328428504369765880956526297788284176796001565732103141822914955442743632126166019769189834699258461912602048002960149362882398622111007162709444738907309082349930416022 +743575094 32085276 110453584602878746921666429659148701413696049424461554973529870857842263810553552249241246313332783204009612578170167391820378603413812193480492843470042238103670641705732755583940134259794253885826115668806244330875357074130716388274584300227667628005544555311079499447940768673150499033922449576383527638186 +129818206 137481306 140835473021876998102027624369898079740454145360699735493249477450544517213808389172240396819192163023303266715591396745357472463341356969319556862236385556442904650009255138279232984377682804793224148996875324569988553808409865099882747099149617352970774643108291836908871124753511856578160489828404865664010 +570689556 1980693879 108353275894436996626884805554770441694866167783124178905252902978286824751598925059178987939656961896173921225105217325495780672752694383439806863122466053616930970271706866769895033633709670957150865005763659847698663978549871624628298476651867451354816053985969930735100533712902146229305011837945607699037 +2103057616 691067770 27024056452709622585420653808400360576905666723601175215091499609471301967744143329187436673102391151329548614036436716051750524604202541651425479133617399916946398092715923340837394931898418514658066714568415577105694330058750941172815095999450748361179045856199026312487393802486505084466623313733605784416 +481705774 1641440342 117722260864906582664053412535574009960206959347375143271559843536103545468155917636456429488071536410856812908716077868452921005581676036410474437330482920141777150620686622782118823530416466223519936589968714322291361670902315520017103387742935706013660879451297004924070011539277017717095949755265539759012 diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/dhpriv b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/dhpriv new file mode 100644 index 000000000..0fa523146 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/dhpriv @@ -0,0 +1,29 @@ +130706940119084053627151828062879423433929180135817317038378606310097533503449582079984816816837125851552273641820339909167103200910805078308128174143174269944095368580519322913514764528012639683546377014716235962867583443566164615728897857285824741767070432119909660645255499710701356135207437699643611094585 139808169914464096465921128085565621767096724855516655439365028496569658038844954238931647642811548254956660405394116677296461848124300258439895306367561416289126854788101396379292925819850897858045772500578222021901631436550118958972312221974009238050517034542286574826081826542722270952769078386418682059418 +91966407878983240112417790733941098492087186469785726449910011271065622315680646030230288265496017310433513856308693810812043160919214636748486185212617634222158204354206411031403206076739932806412551605172319515223573351072757800448643935018534945933808900467686115619932664888581913179496050117713298715475 88086484332488517006277516020842172054013692832175783214603951240851750819999098631851571207693874357651112736088114133607400684776234181681933311972926752846692615822043533641407510569745606256772455614745111122033229877596984718963046218854103292937700694160593653595134512369959987897086639788909618660591 +94633950701209990078055218830969910271587805983595045023718108184189787131629772007048606080263109446462048743696369276578815611098215686598630889831104860221067872883514840819381234786050098278403321905311637820524177879167250981289318356078312300538871435101338967079907049912435983871847334104247675360099 136836393035803488129856151345450008294260680733328546556640578838845312279198933806383329293483852515700876505956362639881210101974254765087350842271260064592406308509078284840473735904755203614987286456952991025347168970462354352741159076541157478949094536405618626397435745496863324654768971213730622037771 +24685127248019769965088146297942173464487677364928435784091685260262292485380918213538979925891771204729738138857126454465630594391449913947358655368215901119137728648638547728497517587701248406019427282237279437409508871300675355166059811431191200555457304463617727969228965042729205402243355816702436970430 103488011917988946858248200111251786178288940265978921633592888293430082248387786443813155999158786903216094876295371112716734481877806417714913656921169196196571699893360825510307056269738593971532017994987406325068886420548597161498019372380511676314312298122272401348856314619382867707981701472607230523868 +116791045850880292989786005885944774698035781824784400772676299590038746153860847252706167458966356897309533614849402276819438194497464696186624618374179812548893947178936305721131565012344462048549467883494038577857638815386798694225798517783768606048713198211730870155881426709644960689953998714045816205549 25767875422998856261320430397505398614439586659207416236135894343577952114994718158163212134503751463610021489053571733974769536157057815413209619147486931502025658987681202196476489081257777148377685478756033509708349637895740799542063593586769082830323796978935454479273531157121440998804334199442003857410 +75582226959658406842894734694860761896800153014775231713388264961517169436476322183886891849966756849783437334069692683523296295601533803799559985845105706728538458624387103621364117548643541824878550074680443708148686601108223917493525070861593238005735446708555769966855130921562955491250908613793521520082 51100990616369611694975829054222013346248289055987940844427061856603230021472379888102172458517294080775792439385531234808129302064303666640376750139242970123503857186428797403843206765926798353022284672682073397573130625177187185114726049347844460311761033584101482859992951420083621362870301150543916815123 +22852401165908224137274273646590366934616265607879280260563022941455466297431255072303172649495519837876946233272420969249841381161312477263365567831938496555136366981954001163034914812189448922853839616662859772087929140818377228980710884492996109434435597500854043325062122184466315338260530734979159890875 35017410720028595029711778101507729481023945551700945988329114663345341120595162378885287946069695772429641825579528116641336456773227542256911497084242947904528367986325800537695079726856460817606404224094336361853766354225558025931211551975334149258299477750615397616908655079967952372222383056221992235704 +37364490883518159794654045194678325635036705086417851509136183713863262621334636905291385255662750747808690129471989906644041585863034419130023070856805511017402434123099100618568335168939301014148587149578150068910141065808373976114927339040964292334109797421173369274978107389084873550233108940239410902552 40916262212189137562350357241447034318002130016858244002788189310078477605649010031339865625243230798681216437501833540185827501244378529230150467789369234869122179247196276164931090039290879808162629109742198951942358028123056268054775108592325500609335947248599688175189333996086475013450537086042387719925 +42030470670714872936404499074069849778147578537708230270030877866700844337372497704027708080369726758812896818567830863540507961487472657570488625639077418109017434494794778542739932765561706796300920251933107517954265066804108669800167526425723377411855061131982689717887180411017924173629124764378241885274 124652439272864857598747946875599560379786580730218192165733924418687522301721706620565030507816884907589477351553268146177293719586287258662025940181301472851649975563004543250656807255226609296537922304346339513054316391667044301386950180277940536542183725690479451746977789001659540839582630251935163344393 +33176766914206542084736303652243484580303865879984981189372762326078776390896986743451688462101732968104375838228070296418541745483112261133079756514082093269959937647525005374035326747696591842313517634077723301677759648869372517403529488493581781546743147639937580084065663597330159470577639629864369972900 67485835091897238609131069363014775606263390149204621594445803179810038685760826651889895397414961195533694176706808504447269558421955735607423135937153901140512527504198912146656610630396284977496295289999655140295415981288181545277299615922576281262872097567020980675200178329219970170480653040350512964539 +131497983897702298481056962402569646971797912524360547236788650961059980711719600424210346263081838703940277066368168874781981151411096949736205282734026497995296147418292226818536168555712128736975034272678008697869326747592750850184857659420541708058277866000692785617873742438060271311159568468507825422571 5400380840349873337222394910303409203226429752629134721503171858543984393161548520471799318518954232197106728096866840965784563043721652790856860155702760027304915133166173298206604451826182024471262142046935060360564569939062438160049193241369468208458085699995573492688298015026628427440418009025072261296 +83265103005695640943261961853521077357830295830250157593141844209296716788437615940096402365505416686459260302419338241462783388722843946886845478224048360927114533590583464979009731440049610985062455108831881153988321298531365779084012803908832525921630534096740755274371500276660832724874701671184539131864 141285570207910287798371174771658911045525474449663877845558585668334618068814605961306961485855329182957174312715910923324965889174835444049526313968571611940626279733302104955951067959291852710640374412577070764165811275030632465290729619533330733368808295932659463215921521905553936914975786500018720073003 +68435028583616495789148116911096163791710022987677894923742899873596891423986951658100606742052014161171185231735413902875605720814417622409817842932759492013585936536452615480700628719795872201528559780249210820284350401473564919576289210869896327937002173624497942136329576506818749730506884927872345019446 134655528287263100540003157571441260698452262106680191153945271167894435782028803135774578949200580551016388918860856991026082917835209212892423567114480975540305860034439015788120390011692862968771136814777768281366591257663821495720134621172848947971117885754539770645621669309650476331439675400544167728223 +97765390064836080322590528352647421920257073063706996347334558390461274981996865736612531330863478931481491964338380362350271734683183807511097331539820133036984271653285063355715726806139083282458695728902452215405696318402583540317419929113959816258829534543044153959951908676300847164682178008704099351835 92552521881196975294401505656851872247567784546370503402756239533783651371688190302773864319828182042605239246779598629409815474038541272600580320815319709309111399294952620375093803971373108792300726524826209329889463854451846561437729676142864421966497641824498079067929811613947148353921163336822026640804 +145767094672933012300753301037546647564595762930138884463767054235112032706630891961371504668013023047595721138624016493638510710257541241706724342585654715468628355455898091951826598092812212209834746162089753649871544789379424903025374228231365026585872808685759231756517703720396301355299998059523896918448 116669462839999965355861187716880953863237226719689755457884414384663576662696981997535568446560375442532084973721539944428004043491468494548231348032618218312515409944970197902589794303562379864012797605284844016184274353252071642511293089390472576498394410829972525726474727579603392265177009323768966538608 +34172517877854802711907683049441723730724885305592620486269966708379625109832852005775048584124451699198484092407720344962116726808090368739361658889584507734617844212547181476646725256303630128954338675520938806905779837227983648887192531356390902975904503218654196581612781227843742951241442641220856414232 126013077261793777773236390821108423367648447987653714614732477073177878509574051196587476846560696305938891953527959347566502332765820074506907037627115954790645652211088723122982633069089920979477728376746424256704724173255656757918995039125823421607024407307091796807227896314403153380323770001854211384322 +9979624731056222925878866378063961280844793874828281622845276060532093809300121084179730782833657205171434732875093693074415298975346410131191865198158876447591891117577190438695367929923494177555818480377241891190442070100052523008290671797937772993634966511431668500154258765510857129203107386972819651767 76559085024395996164590986654274454741199399364851956129137304209855150918182685643729981600389513229011956888957763987167398150792454613751473654448162776379362213885827651020309844507723069713820393068520302223477225569348080362344052033711960892643036147232270133731530049660264526964146237693063093765111 +18162696663677410793062235946366423954875282212790518677684260521370996677183041664345920941714064628111537529793170736292618705900247450994864220481135611781148410617609559050220262121494712903009168783279356915189941268264177631458029177102542745167475619936272581126346266816618866806564180995726437177435 63244550218824945129624987597134280916829928261688093445040235408899092619821698537312158783367974202557699994650667088974727356690181336666077506063310290098995215324552449858513870629176838494348632073938023916155113126203791709810160925798130199717340478393420816876665127594623142175853115698049952126277 +4817943161362708117912118300716778687157593557807116683477307391846133734701449509121209661982298574607233039490570567781316652698287671086985501523197566560479906850423709894582834963398034434055472063156147829131181965140631257939036683622084290629927807369457311894970308590034407761706800045378158588657 61612160237840981966750225147965256022861527286827877531373888434780789812764688703260066154973576040405676432586962624922734102370509771313805122788566405984830112657060375568510809122230960988304085950306616401218206390412815884549481965750553137717475620505076144744211331973240555181377832337912951699135 +36363324947629373144612372870171042343590861026293829791335153646774927623889458346817049419803031378037141773848560341251355283891019532059644644509836766167835557471311319194033709837770615526356168418160386395260066262292757953919140150454538786106958252854181965875293629955562111756775391296856504912587 86831561031659073326747216166881733513938228972332631084118628692228329095617884068498116676787029033973607066377816508795286358748076949738854520048303930186595481606562375516134920902325649683618195251332651685732712539073110524182134321873838204219194459231650917098791250048469346563303077080880339797744 +26406869969418301728540993821409753036653370247174689204659006239823766914991146853283367848649039747728229875444327879875275718711878211919734397349994000106499628652960403076186651083084423734034070082770589453774926850920776427074440483233447839259180467805375782600203654373428926653730090468535611335253 100139935381469543084506312717977196291289016554846164338908226931204624582010530255955411615528804421371905642197394534614355186795223905217732992497673429554618838376065777445760355552020655667172127543653684405493978325270279321013143828897100500212200358450649158287605846102419527584313353072518101626851 +92613116984760565837109105383781193800503303131143575169488835702472221039082994091847595094556327985517286288659598094631489552181233202387028607421487026032402972597880028640156629614572656967808446397456622178472130864873587747608262139844319805074476178618930354824943672367046477408898479503054125369731 30023391082615178562263328892343821010986429338255434046051061316154579824472412477397496718186615690433045030046315908170615910505869972621853946234911296439134838951047107272129711854649412919542407760508235711897489847951451200722151978578883748353566191421685659370090024401368356823252748749449302536931 +31485815361342085113278193504381994806529237123359718043079410511224607873725611862217941085749929342777366642477711445011074784469367917758629403998067347054115844421430072631339788256386509261291675080191633908849638316409182455648806133048549359800886124554879661473112614246869101243501787363247762961784 114503770698890543429251666713050844656853278831559195214556474458830029271801818536133531843456707474500106283648085144619097572354066554819887152106174400667929098257361286338795493838820850475790977445807435511982704395422526800272723708548541616513134676140304653112325071112865020365664833601046215694089 +76882090884790547431641385530818076533805072109483843307806375918023300052767710853172670987385376253156912268523505310624133905633437815297307463917718596711590885553760690350221265675690787249135345226947453988081566088302642706234126002514517416493192624887800567412565527886687096028028124049522890448168 15056463217273240496622619354104573042767532856243223052125822509781815362480522535564283485059790932505429110157271454207173426525345813426696743168079246510944969446574354255284952839036431873039487144279164893710061580467579842173706653409487110282515691099753380094215805485573768509475850463001549608836 +52345178981230648108672997265819959243255047568833938156267924185186047373470984278294897653277996726416846430969793375429223610099546622112048283560483136389901514170116723365811871938630317974150540909650396429631704968748113009366339718498979597226137532343384889080245796447593572468846438769413505393967 32148494517199936472358017244372701214529606506776255341152991328091526865643069587953759877295255050519124541457805199596762210567333445908166076384465183589342153762720515477404466193879418014196727238972417616122646440870364200208488239778452378059236162633837824948613596114768455832408342040970780086 +41095268619128788015767564971105114602454449306041732792746397800275041704886345704294273937217484580365505320134717320083763349380629342859670693445658118959823430378844830923452105707338162448974869312012791385772125813291388247857971218575518319578818336960572244046567099555399203328678654466958536663208 92166550199033418923713824997841892577149715275633481076285269142670107687867024550593869464613175882141630640739938334001211714884975032600306279287443909448541179109981755796752132502127330056736913454039526413284519137059580845856736918773597087836203497066909257930043736166431682872083389105176299181629 +40049143661018504441607875135884755310012910557581028447435354354754245291878800571089144452035026644953322330676651798951447670184106450649737772686119714700743396359069052813433030118630105307022867200053964644574786137276428546712005171080129190959914708907200288299169344380390093918556722227705114244981 108159089972386282154772900619022507336076619354549601813179459338897131937353741544606392560724999980281424266891537298473163753022749859939445293926707568015958367188089915420630082556748668489756475027008449860889202622698060097015044886961901650857610841562477736791450080980702347705778074391774667412741 +69905259478181995876884927656894491893594530150260951315109404530530357998889589977208787140430938039028941393673520799460431992051993157468616168400324834880926190141581037597526917869362292931957289043707855837933490285814769110495657056206391880865972389421774822461752702336812585852278453803972600333734 71821415380277072313878763768684432371552628204186742842154591000123020597011744840460964835414360968627162765288463383113375595799297552681618876474019263288277398833725479226930770694271622605114061622753165584075733358178384410640349907375170170910499615355511313349300918885560131539570707695789106185664 +26945345439378873515011714350080059082081595419023056538696949766471272811362104837806324694947413603019863785876836706911406330379274553386254346050697348395574746891556054334903838949157798006141473389066020212044825140294048709654273698482867946522782450500680195477050110145664069582549935651920545151500 80313315938584480048642653013876614091607852535582224914294013785054094052454758327935781971746329853786568549510067442145637007308960551652864942042189241081946607011847245280773379099020221884296226818685556430275385068764313042226925852500883894269809033380734632866477789520106865758504064806906234130588 diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/hmac-sha1.txt b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/hmac-sha1.txt new file mode 100644 index 000000000..4299a9655 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/hmac-sha1.txt @@ -0,0 +1,49 @@ +test_case = 1 +key = 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b +key_len = 20 +data = "Hi There" +data_len = 8 +digest = 0xb617318655057264e28bc0b6fb378c8ef146be00 + +test_case = 2 +key = "Jefe" +key_len = 4 +data = "what do ya want for nothing?" +data_len = 28 +digest = 0xeffcdf6ae5eb2fa2d27416d5f184df9c259a7c79 + +test_case = 3 +key = 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +key_len = 20 +data = 0xdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd +data_len = 50 +digest = 0x125d7342b9ac11cd91a39af48aa17b4f63f175d3 + +test_case = 4 +key = 0x0102030405060708090a0b0c0d0e0f10111213141516171819 +key_len = 25 +data = 0xcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd +data_len = 50 +digest = 0x4c9007f4026250c6bc8414f9bf50c86c2d7235da + +test_case = 5 +key = 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c +key_len = 20 +data = "Test With Truncation" +data_len = 20 +digest = 0x4c1a03424b55e07fe7f27be1d58bb9324a9a5a04 +digest-96 = 0x4c1a03424b55e07fe7f27be1 + +test_case = 6 +key = 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +key_len = 80 +data = "Test Using Larger Than Block-Size Key - Hash Key First" +data_len = 54 +digest = 0xaa4ae5e15272d00e95705637ce8a3b55ed402112 + +test_case = 7 +key = 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +key_len = 80 +data = "Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data" +data_len = 73 +digest = 0xe8e99d0f45237d786d6bbaa7965c7808bbff1a91 diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/hmac-sha256.txt b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/hmac-sha256.txt new file mode 100644 index 000000000..a0b2e73aa --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/hmac-sha256.txt @@ -0,0 +1,29 @@ +test_case = 1 +key = 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b +data = 0x4869205468657265 +digest = 0xb0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7 + +test_case = 2 +key = 0x4a656665 +data = 0x7768617420646f2079612077616e7420666f72206e6f7468696e673f +digest = 0x5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843 + +test_case = 3 +key = 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +data = 0xdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd +digest = 0x773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe + +test_case = 4 +key = 0x0102030405060708090a0b0c0d0e0f10111213141516171819 +data = 0xcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd +digest = 0x82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b + +test_case = 6 +key = 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +data = 0x54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374 +digest = 0x60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54 + +test_case = 7 +key = 0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +data = 0x5468697320697320612074657374207573696e672061206c6172676572207468616e20626c6f636b2d73697a65206b657920616e642061206c6172676572207468616e20626c6f636b2d73697a6520646174612e20546865206b6579206e6565647320746f20626520686173686564206265666f7265206265696e6720757365642062792074686520484d414320616c676f726974686d2e +digest = 0x9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2 diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/linkparse.txt b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/linkparse.txt new file mode 100644 index 000000000..eb13e6b53 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/linkparse.txt @@ -0,0 +1,594 @@ +Num Tests: 73 + +OpenID link parsing test cases +Copyright (C) 2005-2008, JanRain, Inc. +See COPYING for license information. + +File format +----------- + +All text before the first triple-newline (this chunk) should be ignored. + +This file may be interpreted as Latin-1 or UTF-8. + +Test cases separated by three line separators (`\n\n\n'). The test +cases consist of a headers section followed by a data block. These are +separated by a double newline. The headers consist of the header name, +followed by a colon, a space, the value, and a newline. There must be +one, and only one, `Name' header for a test case. There may be zero or +more link headers. The `Link' header consists of whitespace-separated +attribute pairs. A link header with an empty string as a value +indicates an empty but present link tag. The attribute pairs are `=' +separated and not quoted. + +Optional Links and attributes have a trailing `*'. A compilant +implementation may produce this as output or may not. A compliant +implementation will not produce any output that is absent from this +file. + + +Name: Well-formed link rel (in CAPS) +Link: rel=openid.server href=http://www.myopenid.com/server + +<HTML> + <HEAD> + <LINK REL="openid.server" + HREF="http://www.myopenid.com/server" /> + </HEAD> +</HTML> + + +Name: No link tag at all + +<html> +<head> +</head> +</html> + + +Name: Link element first + +<link> + + +Name: Link inside HTML, not head + +<html> +<link> + + +Name: Link inside head, not html + +<head> +<link> + + +Name: Link inside html, after head + +<html> +<head> +</head> +<link> + + +Name: Link inside html, before head + +<html> +<link> +<head> + + +Name: Link before html and head + +<link> +<html> +<head> + + +Name: Link after html document with head + +<html> +<head> +</head> +</html> +<link> + + +Name: Link inside html inside head, inside another html + +<html> +<head> +<html> +<link> + + +Name: Link inside html inside head + +<head> +<html> +<link> + + +Name: link inside body inside head inside html + +<html> +<head> +<body> +<link> + + +Name: Link inside head inside head inside html + +<html> +<head> +<head> +<link> + + +Name: Link inside script inside head inside html + +<html> +<head> +<script> +<link> +</script> + + +Name: Link inside comment inside head inside html + +<html> +<head/> +<link> + + +Name: Link inside of head after short head + +<html> +<head/> +<head> +<link> + + +Name: Plain vanilla +Link: + +<html> +<head> +<link> + + +Name: Ignore tags in the <script:... > namespace +Link*: + +<html> +<head> +<script:paddypan> +<link> +</script:paddypan> + + +Name: Short link tag +Link: + +<html> +<head> +<link/> + + +Name: Spaces in the HTML tag +Link: + +<html > +<head> +<link> + + +Name: Spaces in the head tag +Link: + +<html> +<head > +<link> + + +Name: Spaces in the link tag +Link: + +<html> +<head> +<link > + + +Name: No whitespace +Link: + +<html><head><link> + + +Name: Closed head tag +Link: + +<html> +<head> +<link> +</head> + + +Name: One good, one bad (after close head) +Link: + +<html> +<head> +<link> +</head> +<link> + + +Name: One good, one bad (after open body) +Link: + +<html> +<head> +<link> +<body> +<link> + + +Name: ill formed (missing close head) +Link: + +<html> +<head> +<link> +</html> + + +Name: Ill formed (no close head, link after </html>) +Link: + +<html> +<head> +<link> +</html> +<link> + + +Name: Ignore random tags inside of html +Link: + +<html> +<delicata> +<head> +<title> +<link> + + +Name: case-folding +Link*: + +<HtMl> +<hEaD> +<LiNk> + + +Name: unexpected tags +Link: + +<butternut> +<html> +<summer> +<head> +<turban> +<link> + + +Name: un-closed script tags +Link*: + +<html> +<head> +<script> +<link> + + +Name: un-closed script tags (no whitespace) +Link*: + +<html><head><script><link> + + +Name: un-closed comment +Link*: + +<html> +<head> +<!-- +<link> + + +Name: un-closed CDATA +Link*: + +<html> +<head> +<![CDATA[ +<link> + + +Name: cdata-like +Link*: + +<html> +<head> +<![ACORN[ +<link> +]]> + + +Name: comment close only +Link: + +<html> +<head> +<link> +--> + + +Name: Vanilla, two links +Link: +Link: + +<html> +<head> +<link> +<link> + + +Name: extra tag, two links +Link: +Link: + +<html> +<gold nugget> +<head> +<link> +<link> + + +Name: case-fold, body ends, two links +Link: +Link*: + +<html> +<head> +<link> +<LiNk> +<body> +<link> + + +Name: simple, non-quoted rel +Link: rel=openid.server + +<html><head><link rel=openid.server> + + +Name: short tag has rel +Link: rel=openid.server + +<html><head><link rel=openid.server/> + + +Name: short tag w/space has rel +Link: rel=openid.server + +<html><head><link rel=openid.server /> + + +Name: extra non-attribute, has rel +Link: rel=openid.server + +<html><head><link hubbard rel=openid.server> + + +Name: non-attr, has rel, short +Link: rel=openid.server + +<html><head><link hubbard rel=openid.server/> + + +Name: non-attr, has rel, short, space +Link: rel=openid.server + +<html><head><link hubbard rel=openid.server /> + + +Name: misplaced slash has rel +Link: rel=openid.server + +<html><head><link / rel=openid.server> + + +Name: quoted rel +Link: rel=openid.server + +<html><head><link rel="openid.server"> + + +Name: single-quoted rel +Link: rel=openid.server + +<html><head><link rel='openid.server'> + + +Name: two links w/ rel +Link: x=y +Link: a=b + +<html><head><link x=y><link a=b> + + +Name: non-entity +Link: x=&y + +<html><head><link x=&y> + + +Name: quoted non-entity +Link: x=&y + +<html><head><link x="&y"> + + +Name: quoted entity +Link: x=& + +<html><head><link x="&"> + + +Name: entity not processed +Link: x= + +<html><head><link x=""> + + +Name: < +Link: x=< + +<html><head><link x="<"> + + +Name: > +Link: x=> + +<html><head><link x=">"> + + +Name: " +Link: x=" + +<html><head><link x="""> + + +Name: &" +Link: x=&" + +<html><head><link x="&""> + + +Name: mixed entity and non-entity +Link: x=&"…> + +<html><head><link x="&"…>"> + + +Name: mixed entity and non-entity (w/normal chars) +Link: x=x&"…>x + +<html><head><link x="x&"…>x"> + + +Name: broken tags +Link*: x=y + +<html><head><link x=y<> + + +Name: missing close pointy +Link: z=y + +<html><head><link x=y<link z=y /> + + +Name: missing attribute value +Link: x=y y*= +Link: x=y + +<html><head><link x=y y=><link x=y /> + + +Name: Missing close pointy (no following) +Link*: x=y + +<html><head><link x=y + + +Name: Should be quoted +Link: x*=< + +<html><head><link x="<"> + + +Name: Should be quoted (2) +Link: x*=> + +<html><head><link x=">"> + + +Name: Repeated attribute +Link: x=y + +<html><head><link x=z x=y> + + +Name: Repeated attribute (2) +Link: x=y + +<html><head><link x=y x=y> + + +Name: Two attributes +Link: x=y y=z + +<html><head><link x=y y=z> + + +Name: Well-formed link rel="openid.server" +Link: rel=openid.server href=http://www.myopenid.com/server + +<html> + <head> + <link rel="openid.server" + href="http://www.myopenid.com/server" /> + </head> +</html> + + +Name: Well-formed link rel="openid.server" and "openid.delegate" +Link: rel=openid.server href=http://www.myopenid.com/server +Link: rel=openid.delegate href=http://example.myopenid.com/ + +<html><head><link rel="openid.server" + href="http://www.myopenid.com/server" /> + <link rel="openid.delegate" href="http://example.myopenid.com/" /> +</head></html> + + +Name: from brian's livejournal page +Link: rel=stylesheet href=http://www.livejournal.com/~serotta/res/319998/stylesheet?1130478711 type=text/css +Link: rel=openid.server href=http://www.livejournal.com/openid/server.bml + +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <link rel="stylesheet" + href="http://www.livejournal.com/~serotta/res/319998/stylesheet?1130478711" + type="text/css" /> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + <meta name="foaf:maker" + content="foaf:mbox_sha1sum '12f8abdacb5b1a806711e23249da592c0d316260'" /> + <meta name="robots" content="noindex, nofollow, noarchive" /> + <meta name="googlebot" content="nosnippet" /> + <link rel="openid.server" + href="http://www.livejournal.com/openid/server.bml" /> + <title>Brian</title> + </head> + + +Name: non-ascii (Latin-1 or UTF8) +Link: x=® + +<html><head><link x="®"> + + diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/n2b64 b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/n2b64 new file mode 100644 index 000000000..b12a24604 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/n2b64 @@ -0,0 +1,650 @@ +AA== 0 +AQ== 1 +Ag== 2 +Aw== 3 +BA== 4 +BQ== 5 +Bg== 6 +Bw== 7 +CA== 8 +CQ== 9 +Cg== 10 +Cw== 11 +DA== 12 +DQ== 13 +Dg== 14 +Dw== 15 +EA== 16 +EQ== 17 +Eg== 18 +Ew== 19 +FA== 20 +FQ== 21 +Fg== 22 +Fw== 23 +GA== 24 +GQ== 25 +Gg== 26 +Gw== 27 +HA== 28 +HQ== 29 +Hg== 30 +Hw== 31 +IA== 32 +IQ== 33 +Ig== 34 +Iw== 35 +JA== 36 +JQ== 37 +Jg== 38 +Jw== 39 +KA== 40 +KQ== 41 +Kg== 42 +Kw== 43 +LA== 44 +LQ== 45 +Lg== 46 +Lw== 47 +MA== 48 +MQ== 49 +Mg== 50 +Mw== 51 +NA== 52 +NQ== 53 +Ng== 54 +Nw== 55 +OA== 56 +OQ== 57 +Og== 58 +Ow== 59 +PA== 60 +PQ== 61 +Pg== 62 +Pw== 63 +QA== 64 +QQ== 65 +Qg== 66 +Qw== 67 +RA== 68 +RQ== 69 +Rg== 70 +Rw== 71 +SA== 72 +SQ== 73 +Sg== 74 +Sw== 75 +TA== 76 +TQ== 77 +Tg== 78 +Tw== 79 +UA== 80 +UQ== 81 +Ug== 82 +Uw== 83 +VA== 84 +VQ== 85 +Vg== 86 +Vw== 87 +WA== 88 +WQ== 89 +Wg== 90 +Ww== 91 +XA== 92 +XQ== 93 +Xg== 94 +Xw== 95 +YA== 96 +YQ== 97 +Yg== 98 +Yw== 99 +ZA== 100 +ZQ== 101 +Zg== 102 +Zw== 103 +aA== 104 +aQ== 105 +ag== 106 +aw== 107 +bA== 108 +bQ== 109 +bg== 110 +bw== 111 +cA== 112 +cQ== 113 +cg== 114 +cw== 115 +dA== 116 +dQ== 117 +dg== 118 +dw== 119 +eA== 120 +eQ== 121 +eg== 122 +ew== 123 +fA== 124 +fQ== 125 +fg== 126 +fw== 127 +AIA= 128 +AIE= 129 +AII= 130 +AIM= 131 +AIQ= 132 +AIU= 133 +AIY= 134 +AIc= 135 +AIg= 136 +AIk= 137 +AIo= 138 +AIs= 139 +AIw= 140 +AI0= 141 +AI4= 142 +AI8= 143 +AJA= 144 +AJE= 145 +AJI= 146 +AJM= 147 +AJQ= 148 +AJU= 149 +AJY= 150 +AJc= 151 +AJg= 152 +AJk= 153 +AJo= 154 +AJs= 155 +AJw= 156 +AJ0= 157 +AJ4= 158 +AJ8= 159 +AKA= 160 +AKE= 161 +AKI= 162 +AKM= 163 +AKQ= 164 +AKU= 165 +AKY= 166 +AKc= 167 +AKg= 168 +AKk= 169 +AKo= 170 +AKs= 171 +AKw= 172 +AK0= 173 +AK4= 174 +AK8= 175 +ALA= 176 +ALE= 177 +ALI= 178 +ALM= 179 +ALQ= 180 +ALU= 181 +ALY= 182 +ALc= 183 +ALg= 184 +ALk= 185 +ALo= 186 +ALs= 187 +ALw= 188 +AL0= 189 +AL4= 190 +AL8= 191 +AMA= 192 +AME= 193 +AMI= 194 +AMM= 195 +AMQ= 196 +AMU= 197 +AMY= 198 +AMc= 199 +AMg= 200 +AMk= 201 +AMo= 202 +AMs= 203 +AMw= 204 +AM0= 205 +AM4= 206 +AM8= 207 +ANA= 208 +ANE= 209 +ANI= 210 +ANM= 211 +ANQ= 212 +ANU= 213 +ANY= 214 +ANc= 215 +ANg= 216 +ANk= 217 +ANo= 218 +ANs= 219 +ANw= 220 +AN0= 221 +AN4= 222 +AN8= 223 +AOA= 224 +AOE= 225 +AOI= 226 +AOM= 227 +AOQ= 228 +AOU= 229 +AOY= 230 +AOc= 231 +AOg= 232 +AOk= 233 +AOo= 234 +AOs= 235 +AOw= 236 +AO0= 237 +AO4= 238 +AO8= 239 +APA= 240 +APE= 241 +API= 242 +APM= 243 +APQ= 244 +APU= 245 +APY= 246 +APc= 247 +APg= 248 +APk= 249 +APo= 250 +APs= 251 +APw= 252 +AP0= 253 +AP4= 254 +AP8= 255 +AQA= 256 +AQE= 257 +AQI= 258 +AQM= 259 +AQQ= 260 +AQU= 261 +AQY= 262 +AQc= 263 +AQg= 264 +AQk= 265 +AQo= 266 +AQs= 267 +AQw= 268 +AQ0= 269 +AQ4= 270 +AQ8= 271 +ARA= 272 +ARE= 273 +ARI= 274 +ARM= 275 +ARQ= 276 +ARU= 277 +ARY= 278 +ARc= 279 +ARg= 280 +ARk= 281 +ARo= 282 +ARs= 283 +ARw= 284 +AR0= 285 +AR4= 286 +AR8= 287 +ASA= 288 +ASE= 289 +ASI= 290 +ASM= 291 +ASQ= 292 +ASU= 293 +ASY= 294 +ASc= 295 +ASg= 296 +ASk= 297 +ASo= 298 +ASs= 299 +ASw= 300 +AS0= 301 +AS4= 302 +AS8= 303 +ATA= 304 +ATE= 305 +ATI= 306 +ATM= 307 +ATQ= 308 +ATU= 309 +ATY= 310 +ATc= 311 +ATg= 312 +ATk= 313 +ATo= 314 +ATs= 315 +ATw= 316 +AT0= 317 +AT4= 318 +AT8= 319 +AUA= 320 +AUE= 321 +AUI= 322 +AUM= 323 +AUQ= 324 +AUU= 325 +AUY= 326 +AUc= 327 +AUg= 328 +AUk= 329 +AUo= 330 +AUs= 331 +AUw= 332 +AU0= 333 +AU4= 334 +AU8= 335 +AVA= 336 +AVE= 337 +AVI= 338 +AVM= 339 +AVQ= 340 +AVU= 341 +AVY= 342 +AVc= 343 +AVg= 344 +AVk= 345 +AVo= 346 +AVs= 347 +AVw= 348 +AV0= 349 +AV4= 350 +AV8= 351 +AWA= 352 +AWE= 353 +AWI= 354 +AWM= 355 +AWQ= 356 +AWU= 357 +AWY= 358 +AWc= 359 +AWg= 360 +AWk= 361 +AWo= 362 +AWs= 363 +AWw= 364 +AW0= 365 +AW4= 366 +AW8= 367 +AXA= 368 +AXE= 369 +AXI= 370 +AXM= 371 +AXQ= 372 +AXU= 373 +AXY= 374 +AXc= 375 +AXg= 376 +AXk= 377 +AXo= 378 +AXs= 379 +AXw= 380 +AX0= 381 +AX4= 382 +AX8= 383 +AYA= 384 +AYE= 385 +AYI= 386 +AYM= 387 +AYQ= 388 +AYU= 389 +AYY= 390 +AYc= 391 +AYg= 392 +AYk= 393 +AYo= 394 +AYs= 395 +AYw= 396 +AY0= 397 +AY4= 398 +AY8= 399 +AZA= 400 +AZE= 401 +AZI= 402 +AZM= 403 +AZQ= 404 +AZU= 405 +AZY= 406 +AZc= 407 +AZg= 408 +AZk= 409 +AZo= 410 +AZs= 411 +AZw= 412 +AZ0= 413 +AZ4= 414 +AZ8= 415 +AaA= 416 +AaE= 417 +AaI= 418 +AaM= 419 +AaQ= 420 +AaU= 421 +AaY= 422 +Aac= 423 +Aag= 424 +Aak= 425 +Aao= 426 +Aas= 427 +Aaw= 428 +Aa0= 429 +Aa4= 430 +Aa8= 431 +AbA= 432 +AbE= 433 +AbI= 434 +AbM= 435 +AbQ= 436 +AbU= 437 +AbY= 438 +Abc= 439 +Abg= 440 +Abk= 441 +Abo= 442 +Abs= 443 +Abw= 444 +Ab0= 445 +Ab4= 446 +Ab8= 447 +AcA= 448 +AcE= 449 +AcI= 450 +AcM= 451 +AcQ= 452 +AcU= 453 +AcY= 454 +Acc= 455 +Acg= 456 +Ack= 457 +Aco= 458 +Acs= 459 +Acw= 460 +Ac0= 461 +Ac4= 462 +Ac8= 463 +AdA= 464 +AdE= 465 +AdI= 466 +AdM= 467 +AdQ= 468 +AdU= 469 +AdY= 470 +Adc= 471 +Adg= 472 +Adk= 473 +Ado= 474 +Ads= 475 +Adw= 476 +Ad0= 477 +Ad4= 478 +Ad8= 479 +AeA= 480 +AeE= 481 +AeI= 482 +AeM= 483 +AeQ= 484 +AeU= 485 +AeY= 486 +Aec= 487 +Aeg= 488 +Aek= 489 +Aeo= 490 +Aes= 491 +Aew= 492 +Ae0= 493 +Ae4= 494 +Ae8= 495 +AfA= 496 +AfE= 497 +AfI= 498 +AfM= 499 +AfQ= 500 +AfU= 501 +AfY= 502 +Afc= 503 +Afg= 504 +Afk= 505 +Afo= 506 +Afs= 507 +Afw= 508 +Af0= 509 +Af4= 510 +Af8= 511 +AgA= 512 +ALDs7paJl5xPh6ORH61iDA6pONpV0rTjGiTkLEW2JsVsRKaRiS4AGn2PTR1UZXP0vXAmRXwdSegQgWPUp3Hm3RofRcDh1SykZBLif7ulau1hVO+rhwRyKc7F8F+7LcMf/v+s73eOXUDbbI2r52wfr7skZy/IELhsC8EK6HzhACI3 124241322153253947064453752054205174382289463089695815605736438952932114700118408072544073767229325045596832952652232288773280299665950768731398747700657715829631597019676014848183966683866396215048196276450953653433516126074463193382764063985175903718735372053536664711482497859539116009770850968340298474039 +AOzgU1s6Pd2IkrJlvGND8legXTe50nyDCocI5mwT9rW0YsisY5jaaEOcu51BAq9MmXBPeVX0k/jlXwH4Pn3mCpUAU1rEOsTdcmSJp35siKliDdhTZHHdZNMW+igfXGX5OCsA/BaBcGnE6NnrGWXKyTOoVUGQLEkL2T5yhNUaCT83 166340174936369324883416612727439279977041963320514134445183426741643586944819834936989524033374309932122967866930503619179389342537723598234062828695747850043368572301869699886931403612266216965783079972698791813140295203826980649434652168563255385527187360027803388963151668338040517316899628026707657178935 +AO8hrpw+lDiJ13JahLtCb1RenupQcNd0wlTSck9OLL8wB/x6gAoj0PTLV05eZIbz43N3GUSDmmckjlxdHXiBJ9rsoB0P95l1CWIV+4rXblCqxmOdmlm6VZ13bqbI0x7l0cjeMrkmk+yJ067WqUolqQBlUWMTuJVfkxALJYH5xr/C 167923899524385316022824282304301434707626789716026029252173742527362300338760906999615029022863637963070711762128687835779073122264515776657475985362344360699359591353388569856862973447791264902182048648600267737826849280828116753682917256540180401899752566540869918949003470368970029744573140084219550547906 +QxAn7yrdVs5tlHV+Glbqdaj67c6Ni8am3bBLOL8PV5HbdrLf2xIPmNugo6MfUwFSnT+ZPJ51+VTOsItaNwCFju0Eh1cqyP3JWyLRPE7emKuo6xRhf+5ik0pTg77LEF4JXW6ofDqirpR4alFi0G2d9yImQPphsYJwYGF/nNT8u0Q= 47093316905427544098193936500644355852669366083115552072584429220248776817916430034648347490325490701471113667554329499736495877969341478442613611948220957798780043076906836236556612316544460763366275536846463456405604189392790111985912854476264292503164100482712281088955640964034295834935468665872932715332 +AI9PVzrbJUvmCihwSFans1lBKwudGEZpWWu8pkSK2zVgzGhMvUoGgMp6TG2zsUd1tV8zv7KsVD2t6pXmjT1wPUynufq97GVHI06SGpflDTt30WboYRh3DgYxvso1sOjUXpnDezcaqc2Aiz4nV5MSShkBlyBjA8z2worHDE+uXqw0 100635651531872121827765663065728398779771663753008344681972226973080394359405041113312675686974926993279775427390065833081040771269307007695807025882757371805607979134114890454059957194316765342461291139168706134406917264848659448693866813989352429841300235734400772946895458374870482441457514575059390213172 +FiinVicXOqqRLpxcGTorQpSAGeQ/PfDOuzYK9ViFtmPv6D0cYPfhUH4qXEHOejvmX+0b4lfaX8MWPVZxlqpfXiU9BhG76HJxkLF4ysipukeOvhoHzvcxE5bnhSF1i//bOSifATBLBEZInwqSVg5tHHPuuCkwTL91NqhOulp7Lsk= 15560440884463435471963622630292643727112462888414585143143739400703889930416938984547754943252935620248108237258540176511252143752416771350868493435174026287082706690332705481726295797196444796135827460509780634261726494455068460028424141500629527968240913757449787164107068039175831847071025316475940056777 +aYrxyQN/hkBne2ayqo2/iDLF3DZGgk080SOMJfsj9h3Z1OfFZM7TJA+y+/O7niqatosvKrfHrAw+Qs7c6tCZ6NPwYJ4QJLOF9bqH2u2a3fkI954voNUctlUagYUJsZXV8hdhLM6NwUyIZ3ZFkPcpTZp7nKQQ84tr1a8VjDIT5/o= 74114640794666001532816944350975062126079079113921109750255283189037502412929005615388097912507598112836936032143435813588205939470002911374442844578739574773399427907766548612582213272643279263782396527705126350063372192910060171635870872236876399794128383338399728947176692692942605589343038282957050865658 +AMpCUeKUX/vtRslWiUUuXNl1KA9uDAWjMUkTrdsxxRDESI7iZIn3TR9lW+0kV5fzkLF18iYLAwSGBmX1PS/T0UVFmoBPJ9yS7yktNL0lpQ3noyGFn8HHZ6XB3FkH3jegIfGbvwwhnhhFzpHPrXlpO5iU5Y+rexzp2XHWt4yJGuIL 142031143422642739313498629438991149460874309300342349421794421544918823888598660275343727563280565210534243383322796489809683834300630555650331646026843796764549231159336347965502383849513994449309613369541991287590422095953275586374371960367000083487965487661436037637475372929033613295072397262739084075531 +AIMIQVz0JIEKEI+PREu94m3v9XoiU/Q0CpsSuqkwSSje+Wyul5ea9oU5qgtOpdkMUOW91BJo0DW/GMZ8v3C4qyyP29TtjCcAHObJi9hfLSlnTSuzXZnDStooYYKqzfToLToCaAJKCXiXAVW0vWtapLnyqafrf/KgyGZ5u4HfXKY0 92013973253053602863003242446596060337454881568126916916519869242232429836082762281129448384605359749247852792606718908482332975424967542242332487707042773885428473061056052851768940900752317020681189773407893371297668591494665352294885305475871917069040377145530889271334616499701769138948975263435137525300 +ANfP+zPBTR27afneyac1KJhOB5Pq3AXB+SoAXJvQI/GkSoNhw5KdfqoIkLcoJi8wClCm424Gm1AdrdGwDFOM/iKTSPkrvMag93+b2EbQGX66/n2X3YRFNkgq/Gtb+2M8oCcAL054Z/iiMD67aU5RWzjqS64ePHsn01bJ7dqLgpMO 151548639867177154896951257541227014781655576169318283047778755573323724856619156348444192550664853912434681577093459933599575436686424046466113215132845213008587152894642577278656978304699131916299275797578171518984206145555369576872231567191579337901913492071976578289189524123204040497290426960375042970382 +AK0kHtacLGu1NFWMADq2rG8hpzM4UEYyPOL+aMJbnwXcUYptRIxb0YFZg35RN/RiZs4lQsiq+kEJKzMMV71TsJq59vMkIZhZoB3t8g9ZqBZuq0JYcTICDwRpNSttJidVpJ6P9sR3s1xPMYKdlSwt6EEc9htOXfZU+yHKYgn98X60 121583812047864398969816595368193171848971298823388059338224714026742264861090347096116404814514279627148994345584790617974476594451626305761040465570524035369799925437276511604752129817947910677564301623631349399504187314174538914591944778074509068973226322566160587813128746039859381466427380402262866230964 +W3sZlWW1Aev3x/DiH9MzwCAZzBj++x9cknLfGAHwgFqkLH6vimEH/r8hi85hzlCOG5CjwhoZ0D/Hsfr26ZJ3X4chG84byrfDnek1V9mm1++v+clJvlYgcuVgn2Opsba2TILTm1MDB+Ujs9brJ2AAKrE9+ep5nvtQVeG9PUGtdlo= 64240043913835461386212515483198059541440539167395859777194837833769712010594411295323900074066077107346806786205590345517755715510695858065925747020336398305793661773798243627926904542715123849691490667964262778804487343218972081260210371192903128886030021862362141928329650003493687310970684093289133340250 +FTQRk9/BIj21gbLwI22fHJWYj+8Ghdcc613hOtJ+/hQmh73HwTXLpaGK9aCptxVbpjW0r/bxaRjmgxu9u1CCZh5yRd7Z46Wk/LIPXGd3ycQzqRMFB7TISFQGJIcFoxRp3Eb5wa2OyrUg7c/D+kb7oFJq9P7mEwIh8TpLzwmu4SU= 14889529068556301710329043521845510156960298822469914567758538023025100741826628180855835334285179977296740667353391766487166458692144569279381035582718738461626140662441222061900764829681913534146898551570916312642104487829660946024590782808750587095559047648957238487820069966851521487428624726655438348581 +APYXO6uGvs9qWiEAkcWsaCaCrGJJCP2Z1g++XlJ67oZIgEoWITn3T/R2/c4edAfwUUzNHAYZN1h2dSrRoqlrRXrbxFtGOuRCUrXcGLFFcEbTrtm+z5z8xGRfcorx7Cu3FIBPMK5XcGPcbRZdyP1gBkeDMvuBNAo0/To+LP/dhCNM 172810804474418448604443090732221483571611665465870520701624598983692130272337358406272727413570938793741430131635927237320173996217984860203754686741782921346604605228620148450611724714868551781003004492587584071978757421616871762681049508123223983431502852926521520561941051298696758046005573332373854233420 +AIDNxhnDEe1kTJ3XGfTS8zKXeXPRdw5yifm8j8Ibzj/quExy7hFPtKct8hRskPR2qwTlMiW9Ra8Npg2USsqHV0rBoIkX7E3psxq5LBfp/q00l3SEBuLL4K2FGR87bPgU+Duk3RVrNMnColiTcnAR5XkoeWhn/r9MfJMIN9Y0FEh8 90449107125498302548188660544012777357148118984122992664008792590422284061463729084479315745509706793674355738023180454297730948397413371686013210006834869294564190666543874617716180411178090109573192518129248278410216362657350215009192850017507998797754539132540293137589672869131300859207213449571846080636 +AIRWavxYRsGlH0Yr0DudwrpYtbrByf9ZsDawKom7ubiRfepqYzcBlwt4adMMnkYSaXeYtOsD4KBm2ZvLKN3++RkYNmxgkyarORBEg7ERyiThBj7Ksw57pNHCAoHtBEhH7Wp9mHhuZtPvPgCEptmwCu9rYhLt4zZp+Zq8a02dkXvM 92930601962515884925250459851491509622611227724602941760145671636277317511265759558869239180653492283311584982044597979173761619470326096725838197524704577188104121460089235709339932110663536557497112887112782062772810759971739760085128369628777812332518137107605855679096146402427144185104230596200130247628 +AMNJGLcAiJtL5fUfkesWKYJurdYSnvsOZeZcrg7bemkEVjF6S9CcojimUl+ncr/YY5/EXnU0mg84fObtDxWWdJ7z7l0CFcoALTyEatDYKshT0xvdKY3u+LUShxIAyk8EcGnf+KoEaa4Mx3tg2oTBnVegXClOakNTWw8bu2ItagoQ 137134165107366719462230252606689766470445826753581409513106273517221906418464863733870948759313279128624638614534848890858250894834883265387344539280755177217350585564186248554307335197387734431939154077778003706720017441895613190141376534460438929588407764609772857975000507660651583780079804513519571438096 +BmGPZt8XqqI1PuLN4K1/PZMi2rfOYtHEMrcwZdSjKRm5qTkd0Pbb/5zPV07TnM0uLRvIQYTLloEY+GYyn0K5gDTEZpEtQ8ee6Y87zYGDwcf20eqYNxkA7FVV71vqCP/Uw3Oi6B+hMvsWZbvv2vH6MkAeADCrezOtwqVS+irftyc= 4480956865245875120472829476982311611308898564405318773810939350829150182630548948231116574193987272498161864310429976564278532538229396846813874244969927890037756969704618336242255039858182439641759659872128285423988638335967412040624105824571426792562334458751137508116412821914961236269913776304372561703 +APqFgCIYbJWuRyEGuOStPvcprj2PILQ0JpgwQ2jLKn3DvkWSd83qh7PWGKozGavsjh803K+ZzI7P2wP+Nc0r0El3q4nzaHvKaCtVRyMwbXv9wYLFZICeM6J1l9ljUMts4tbDoPzkIy3ScU7pYxarBWqMkcBU8qL6NN1vEdkeu0fW 175922170410080716883576123079908758276229469783745771772401183721225804343343063277676406040455068452258961299511343441961963941297631097736305638850193978800615558067791016294285848963023036905095022181004058235239390870177623185946205281141386416867569004073524130001309977475780893497185890756991672600534 +APA/rCcGeH6A+6ZwaBBDM6mB6tTD8mjkrOWEo/pK3MCZ+rrErMBnFp2S19GhlLOfuY8BHS+D834Fdm8+3wKYkWnXZpGb+e3v8ofOQ34G1HvzULOYtrEiC4ISZRt2SSyz2hU+PBXjVnplsHWTRxZDmBxTJdgli4ItAqxGCxj/aJ9m 168708388929747822981923386197903561880341990893945097067702518857172133291360611402092714329372304718329568897960770488377524912057166920574319430820488930520807742026377043178502591886293565177404635365772829346030773275726024973460121300339258054215286249329967181244588558220467488638468686270735376228198 +AKmwrLP108dCGWOWxE/6woJVLRi/Kra/DvdsPkkrZQmWIlUT7IvwM4gU6bUr4f6wpT08cIQls2cGh7dbSEaO0xLa3mmtKhPiAlzSnz0wuifF3JT9U3uXgUfCZuFtE0z7Oi7WTOrpl3k3GA7JFvXnY0lwblIQALVf6oWyNETnajGl 119160465301384937485959146028591622947513292915838943629387700439301197965652871741710280647524383590817798553034250156068573474278225305190573334054718387045488098320076877626430189054572361967283632592181431701411266656256255758079114072932140551282607247364388070762970060420036793573956057551235306893733 +VTe3rCzAL1Sljo3QAXEkAdBy1ZARHZwtrj6ZNRa5ttqd6/l21g4z3iHCeGo4rnE2F8wYTy+NlugjXw86OS+XojW5y6UzTtx0HX5IJ4POqN64aXWmaklGzroBEYWeuFFKcgQN3NOxkuJoDQ6VElP7Epz69kj5CsKJUwL0SjbNrFY= 59841866347633473702601462509811342285929528424012250265905695635971518533504187799047710303717472950129869674786231155102509311322791323986824635569605105662070745033595366004805920086888891275288347907772640070278731650628917037915863439204501060041944275512863990729926528905725569467329169134226609384534 +AIZt1xGhC/HrvpPASsvVIVdsu//tn0noyJmVYh3FdQ6yIh1uce47iCsrV1yvYqx5ZTbC0vnfnbjFcWqH+HtLX/DelgvhEwzqJ8hwQrfE1ShLG4ZjAVo1Z4GCjrDcEUMlwKcunuSJssuxeQuXwTLS92+q6QeBSS7OmfxPX29CLb4B 94399298271083745508290936113986978382457275531684761701599029877008571741877683365769553170771833981099580359640421358853566501815723434822307977440496208486103754978934472597505865596938563438311337045817621762649604204720249750058676095769230214181772215323235427976398686727606000594646472236822594174465 +NIhTPpWXS82VTA0LTd6TfM+HgLgUcmvnMYtLqPpuqCKZwalAycwl0XFYNyVvaY21J94j92ts/lRYgVtHDhk7/9nLXq5js/lsUnG8rWPHJo11JTxvW+df88aX0pw8u+biOWt87vc1MW1dsMTTsJFJAeBx77qU/Cwto95IVqM7vSE= 36889590210230649939994518345793530042252563793069578097360569338647730438860274349862767107939590441616825589851005429465345268710487649366046960918184701290985280638488938340668212498212581853679035928093386035688597446809895381618260692378376844452061580510108168030682664507293277674052032318576713776417 +KXdi4A2Z7tSiiX9YGtDtxUXIfQvPhcc48rUH+Q2SnXL7fLNmr+F4Rf3RiFBRiHKocPfE94pothop5qQJ5X221/DbEKWK6s+ChfQ636jvRxojoLMab3dPtaAPpDJHrfZMxbT4ZaDJT0tpA2e+zZrzBuDs+UUgCpty9nxtdm1gS7A= 29118662951481660380477444121362422614202367719725087486810943918529894738076273660245405874301505615796632229852040910511025841576465052938308369421493312085081188509808322692130449282585522349552501983296872614029139293444558468751646868108213623606366977549477663987815308260383403466635254115908032940976 +AIOTBZQR2EJJRmoWdRNFLG4fceoS3KnRTHRpPdllhHODqdg+QxTOcOvqIzBqgdD0JgO12SuNAjLQOiz0jhd02qkXw9Y1adGuKvL97ARFtNEuJiNzFAj7KpDLy2zk2rPJp4Lp7cjQs0fe8BQYnTzTsNRGm+4ybln/gse1YWu9w8y5 92394618277596007469808288231093678404089765494062813665106014405059399079199990128824492247005602685377185496959522609467906358619318009231448503013528692450191782140091818984176967246749464502089280153086163239846744554575017530385347720563798041108608545014076448155956762636929707905789978331102411214009 +NzfbJRBF4pqEeborJrjoknJgpfK+DZh2k9cE5dcElMPZ2Zn9im7desWGiBSQnu3KbTO4L/t4+m6nFTNcbIJnqbVSMDHdsfG72rG/t89aOuECQw0HMVVgONNNa6i/mw0jZSWnRLD4fa1YgbUlMd8jeqO9XcBDB4mVtDTxyeGa3vU= 38775530011374537813502898274019389132620116890266344603221997943675706375698597061571989090674289834838060050848545748579361837989319487970580969082824601965845786771062335733318139530316825802589479118956745739691326447349403950997231306042638797277408335778415717988679050762936401945487285814799382535925 +Y4BVPZ6necuLSwaqYEPeZp0lt9tTGFl/WCJJbwg7XpyvuwYKtzagC1NLzY5ymBfwGFw1yRlQuyGsYd9mBfC99DuVCIeh0JNrhJN1bNfoSzy5UO5+dmTr+dm66VGSRS0tFcViDTfCIleTV+zxo/xuZT+Bjxq7kZue8zGkjp42Kmo= 69872189501616471647606976308259279995249122669120675885925763529037695584466011511740991152346215507625265226811128801733353566555339153627478941716586678793853828514394269931890370517258825006937741437480128878717892485074131232336852490940507703859793477547154689914725314529986438108117871674332626168426 +AKCP9Mto4q/a2xNqM4N7PekbKspwt48OGPre+iqVwPrSP/jWKxg3CvvLNZzN5P+/FiUGIklMMFJ8w76OaHIPqKuwckj1gvCLECJEE+UAZWrNKPmpzd/ootN9/kQhNMuloTFCyhXAUUOXJ7Z0WVLb2u6fn4zroszSMBoWQEKC6lcq 112750701794692134675959811050012620191158543234019977304167102486465198271340022889272244811582365901584420008564301920174477182946432553537794834985703732129975734658113610563794129371053853971031300761815004524681756388784922001759202643614966614186697992611399618828963452661554240362943588548146868410154 +APOTAFA2waoAODECaGNgCHa8dNN+cjMnD01M+IeQFytzo9RLMzzzg/gpTUFpyLtFMcfbCkDYQMLXwE4crTimdz5sVvjGQ+5fSFQjoDY6Bw7MO6NAcLzlV/sI/1WyNBKaLQbcl2720n16tdUcdckQNnV+cC2J48CVxYM1c7QQlxA0 171043636512232272455501595416608280460445723238023572475354665686544174728784633443479486247342724860289312593374524429736857970220153680852977711594899595712511352458264354251161579203922747468321999465061463474727943140910084880926005209538535217464825087114791420210981711903880998556269523363208766099508 +AMGpxRlB8WVnsGqyyiy3/mzrPymtJW1o1HcDErK11ZwQV5PwTF3c0THwlnxDmcziLWHSWgPQwfRddVDCXMGW9BffJn+XO6aTcWDPmDAh+1DbWJPE1aqApGbHvQ8HONy90dQMZf1ayuwceWCVTuU1wnHdo9F/sIsRbuu7ic2OJDzY 135994898408425255747055209966103741651849229328236418804928584233229830656742052333413774490626915784901255640138520158698845938184666683995579777154437927013722740366497459963753542029774185193376253885864514386760437194444013834088425088260658670140534670789371556026135595577395047002643901630053097946328 +AJAw4uDYdSYkOrjtwJVWLv3pi1+UxWge4RmkWKqVquTsAVcT2tRZ+MFdHM457Hl7fmFIyxvGZQy4c2v1AbHEfPR8ID2sCRQpdcfrxEUZPMDqxfnHHm0ziny6W4X6ggdBzMp/sBWaVNTBL0e61/pELBGYNRGFMzGws7HQkr/sro1D 101254336834199527040756567675327011562230719161388328289463594628690618298993695452746353237675715087353241661592074446889034411683413957950360025295995263477031608845241728493807755308798509893719674568267846671753070163272328014412744008880395248474446310603301447848026040555910147467745595720879397834051 +AM09TdtXgYL4FI5CGNiVjf0T/AN/pZ5zZsBOi1MAUKMURiXnc1x8VKYTqM9Xb86mqNBBqphynIQG6/3e/YbGJgHlsSdrmKbo+P9daMr02I/7Z76/7Osa8+7Ky6lhVCbU3F0tBH4WvopkCQmuJ267afgvDD5kB+9uNr28deMH00cY 144124056591600568767398029380314564902309327093641173350205276895603332085753288682409279238417493662029954512382520307259348748813767324609446500382301421328754981718014234615523158887865271179104711373675849713359713282937065993613915015084108700238420759344034475478243507306107546245540340758766909867800 +AKDhK+/BKGXbrbBh2vM61OP8LN81YwlJKe68KNwUu4tjXlQg7i49Jis7QKPI/YFPUpSNTu5N2iCgeMnCX4+r3NAfivOao9lw4N3nc9bi839SIWdlokhwBHBYmCIgjehUeBAdkU4jKqlE06pIrpRmSvBtn7O4aWTbT+C++ViYAcGF 112973480670453665543892521898882856059335781900313607790238402438320486344365203510769919022496690291280873287383392088872774202832124927485754495093552572232234532821756395965072330282810574669371524103814871172318519695921477775100282448247625395376072233777533359104085023946019406729587713120941266551173 +ALxDiSxHjfxvP8ETvpE+SyDPTS7q3o3zCK519WTepygC58KSRfvDnIVIyV3toQKzgqD50kF1Ni5D/wuaSs62y3zg3kELX1g+WuBCc8+x50+kDtbHXa1Me3et/OqVS/QeppkcjK1UZMU29fXze6P/w6aQfvKQkE7koeQtZBKkYc0p 132203344567902304830160099595561253300484092355345272411265169562971473393256361094745618829297250316196312398486598077249124198329075791740755862221465178128527292695331061023291345396067863215552021206609309872689233899464919108147533679134727064586730810633196817136739658243232643507412032417747255282985 +VF0YUTvy8Mfi5o6X06DEvLm87r72mAtTdyyLNr0/GXlk0Xj3L2Oi2bVUMtcXQNRXg/mkdGP88pgdaP/eMzqkUU++vJ7t3UgOC1i3SHegpiBhhZh+aZHH/wjFV8Mz2XZB5z8MpMgN+QwALK1TT2Pyt/feQTsOy0imVanB5+OvCeQ= 59242171319056188000481457618922567543461456096441095927600135114274111606802456239311634638536207588762066940095527920532936960549439269891703098017342732142860571277442598349453761561189719823290643146391349978698217357430495238876700400634593256155537598291759795109752990651995982467695091946768443574756 +ezpwBt0N6QhTusiPcKrBvSB6yuk/KShTLUFQHdf5J1u1fgDYrp+aOWuXOFVfOd0bweiG4UxBQNXB2IDFWfYON0fBoaDqNk/41YyqXBSkKbiNWLi1y3zPmwTAiwK0PzYp2EPfk/t/j0HsDbvebu0ygcxb2tPqj4EQ1TXEdD007kU= 86533835313999945727720083706940213467453975054116752898416709637030456504024135513972566184073843025739226187558143854850980654667596935003124034699919861200483994576288766702308068265526535622439762454501169018136389983894783905946543636163866717367545972667876983557989192393479830223914708619684891389509 +U8BT26zT46tTZnkmTNxGUAlXbJhk5cNi4AMSd8fSvZHm55siMFGJ8Jl7mtdzEFR1UFAyEztf2fUhxdtMLe8ei/OJgM0j7myQ9STucEwnsShT7QS/DjBmfvcC42sl1CRpXkb0ZLrEJCPf+crtLKGrG7ExS1oawIAgALBiMQIL6mE= 58812148564290791415180898639607206220554150794356494356250223429674091688305329629529905854147200457536549527135776329004085047145097927266797668252160196098870200925284256433894773392353678965699083286106628662506590268955650280670838340651598082083455821825076016227525614626726458235627297885815646710369 +HfYii3U1SIkBZl09RHaGGA7H3np+qxyNeeCNY07PDl8LwZAaaYk/bHPeBVboan0I2X4o78zCD/gFXFBJ4rxwwUsVjHEioyO2JcpV2/oDOelJBD//78WzBMMSWt7ZKbJV9uYr9ZUM0BUD3fsk1esFCEdnDJdr86U0UMmiig2R+ME= 21039655953870571289679214995029926285040274249531458675115179004718812090027267801012507748013357317597416722235988917212676802092082137617336199787762782958420742299451435320649616271885264333948336627286638368859041172783505464468640994920853000441536629081040963398001710173320125308624362209157720438977 +AICOlee3daFyqTrTdtWjVb5M2rclh9BpIo1CRvKo2bF7NYcjrU0/VvbOnTVXDwdeGMLupbi76f0BrfDxYtkzMXvIZlgoTit4g5ennnklDHFBC5cogaGlri8U28w4/h5oMunZ1O4ezdpRgVJe9nTP/sSEMYiNS5IA7Zshdvm/XccF 90275777798511290102824338787811725003177532250296755103300529948194832904403489332420505850668003332750291879153080212231952155092379375422537931240723308384652734942204313672973885652497290433943089371705605128843469306776615573873479312715317072986990219294942040272550822460408702072075001377245051602693 +L0QUSVIjxvE201b1ztRZyOOxy8vkUz6626TH4tbLwXjjc+AhmrvplaVlavnOgHqve+/L18XNuAYP4BqdxIcWTx+yxBKm4ZS92dRJdcAtccvZpEJtYjdJvI6qbL5Ph6HluaVZwp4dyFyXuZOJGTfYdTb7PUWM0jNT/xsqyjxSQ2U= 33191267986826803728285073844005357792766429917696698533494382218509532051029343127452480789088572904364699220151221680328978554239767633887572649589456766209242252549993823283929686430100804479376247660556781589549613316880150951333982646510273364068770923588389668733632648346075516618646974067295703417701 +APlD9ECKJuACUmQUsbd2GTOpb2PgQVT08C/5hyNEVdA5bWoICX7epmoCKCybdolk+cfEBP6fSz33j+Vn8MbeiHBLdmF6ETbmcyOjldJ902MDvU8dqAa8IgEZN5Uh5x/xzN+3dqk9o0ji7yi291u90rpfIh85PPpDat2B4l5zs9i5 175040148659257809883308984693597046378367187659749953472629929701758633206586720399909808941145946314755491399962797299295431089674294356220216615950668954164397362123668926410543898553191541662075745481299747832013627018846822876386760538344447600390187421938699064459451308870669878673306013635576901916857 +KB7N0tE+A5vFhyrd/m6Qe1wTihkjqmBn+rinfmMAzRlvtxIBSyDLzQsOQs7L4oTG64ABU+YwcWVijvoeZNamaxGl4hatAH1pRqmC/r8FMvC4vqiFTbFHzQhkjM7uoHD1aKnxyBVgjMj0E0KZjrRxydZjIR2p13FXjLP3UQSFtII= 28173452509830313810392326357601136401754938805266458365469366750775669869895498658593356375710132149836430968810246171974040975430205200958564616924399794768861923079158311829444850822144940112488994119845741191519421434257276977333662656888696213514226866147767570046232093727585815615828360199830275208322 +bxFgV7eXwnbQScl4VzS3RTdcMW+NY6pcGkT1UsqHIeDVyBb8DnH/2/Z+DX3zniR1iW6FPdvhJJeQyPIax1ohILa11R27C1TLxGvTrRBGUycxjEcBIxamHveBsXbECWusYLEakeSDg9x4BTWMz1rTQajkorBoeEjYuW+xBxQtXME= 77994515143740690952370766995249847650881300682406161400195705464876513409097078624084133111941171517535435606295232558665316819077765607639545069239931096306624817379462598756505457054433358548941076472902905065316335603665413114267741896000877284610377452471067725794013283338924419969559537339967562669249 +AOH6E2eBzD76QdTJ6QbR/7OeF7AagUif9pEYx7fMqrIsXCJKKpLV/RHIItCDYP2WO4URCaVueoAJe3M/Shj4o6efvH9pf5Q8MLM0rn5MTHWhThivqYQDwjCp1ZsPgq1VFS+gcnmwgHhj2W7XzJxiNPeRXlxI2vL+XTT/wPBYhqEP 158686346608862569574095184731081143351413141116869402750758091813874232272198082464382169470744476593016502816563462778075467588097653320101723165887488327616477297401486647183409348122990505635004320879840358339260797834264972100385692477324858942142372580281421734058008608134075577990829273447077276721423 +ANDDgNXOB/rXwmS4KEjiHj7RCDocVrMv5SU0aw6AJzNTBfseFngqidXx2AJKOEeG7RDDN2gzn4K4qJktF0AIPG2JbELlLUu0MFlpOLxamp586qyp67Cl9OuPq3UZTyQhIsSIE3VQkvxuQkGsaV1owDV3BKIWQbQEqMQI3yT4ELHm 146598844784260148346676185962272439320781765598895126402049215152385925250917998794921584290777625240122575975327405909800121511343265147922400813488099624745229653124857224399973509428158163452130086943873214460600035260925149630502192183407327427517292065083168010281295559088633086659209316582810260124134 +Vprr6oBnWuxIzyTZjuxlKSdZhBc0upeNBHVIlXpQEnN1Q+XURKzp4/6Vg/koITftr3SMSgGpE7LkrERMGFgYaqM5XZ1RXYFKT9dRJnz9VRDITVZtdkDrU04bqo2Ur+jvZhvg/oHBDTgQ4nPLJfHO3+GEmUtck+g/wOVozMMgufY= 60816213163057201559480662231646403262735082707152897397414589876256824040344252799972529759737904461369360580708093117244392116003622336721789703580184437841209963565058475060017600871779929808204093448248984201640754565635410002090180110910120481044515630478472999135146756643143415057403006410330361346550 +do4LGsm0afQLHl9alWF2RVyEKPxLIErsf4pTPgScRE7ZiTSVErbCDeyzd/KHzhBLQs/DhHHcw+OXj541cIRm6jaLVKiT8EwLW/dVG0AkVli83sFh2f56Kk+bCGSKvfGEQcGLY2k7nQ06zoMlYR/xbZCka6Q6kSq4YBDQgigQ1lU= 83252051731120517035090523892596419800592471447735288551342681962005778435125655090199060145942826521644585427683714084736143440310518046334877897672493531918539106001203807757254797471481884534543367685912500572052457610702790097953420236852480969038388056545966568595395722585797418296411673622376893961813 +OL2Qoj4xkqRrQmuuLwrABG3BMMBNGjfBtVBNTdBf7g027Ghkk/z3aK3jKT1EPpdiOdn8zXYBSO1mTRGyK3n7Jo8ICOcnlBOF6cZtDsb9bvSVE26MOD2wzl6irU7vzS+s3vGBkN3AazrxPD4czk3xezA9y13DJVnNzgAgIQHEols= 39844525812817530522650122383059885756573694015271773938493414420875846359054562126060762455794481186614035892021706051863945033061233991184379580556219478200155757966121832613842937722944431875100059046588723473670448006803481527981834627086055642349130254917244469014754132003347635357123155857820000494171 +Ljgn+3Hcg5DOf6usRumk7P+ZrdTBRmo968HdZU1mS7LwLW3Hii2KNkwMV7J77zA0P1pnvhMSEEeh1RbCUjLtSIbt3RIcOEoc+aO0eINF8r99l83xF57CBI3MDA3AAbtaYATy/NUXSC2h4W5kdsQuR88139MFi5y8E5njqxHu3UI= 32456338403763561215581247445990611953939298888251578685087656354454727113846722731945605696397627662593375001096230320486703167389461057538581895745078593206660798580358701927596287363374862536765135996838944212622199018632046955402325290145163082309469649329852148345837780541107029165352782710901375425858 +AMt5/u+ZUNm+Xsucr4RQPUu6ExAOq/Jbcjm/Kb2YIAaEQ1czIL82wsu6YmpHcfMaxLjY+EnaaF+eCWQPeGd1av919+QFbQPeh5DT7ZT9klK7BFyVsN0nEDJQ3AMMJqq6lm4sUeVxDVTmMypYnkzRl7jqzyCRY1MHA+o2LyMECdOg 142886089970163885609957244378225169093559131065687633458877059657380607541767850701139140472705242750285722732461954100519608059127637509286558848391554697942686619832870045594188204522385787253648018847569919409782188708374165437385572046835539379151066214153911415525465041951116179326632238059135825466272 +AMvXeHCaa+zk5VdB27KoS8XpjSUngaw7Gwlq6e2RrkEOxBhU2rGWGJ3fhq1HBNRxDf0quqfYTMd1speisaEr3cIyx9BhYwB6A+Nex/Sf9DSixezhcgEz6c5CfwUYP0QTTOiZDqzz+GcjKikjN7DKJTO0WSXMRG8qX8FBbH0rlc9l 143142496664357119491819741364830737485524654099662921673419335301323845847085335210884201567922636945282124120681371777665458057821603161276185071778040317947168899788341482064834489328957963447735297898161379277478278414388733161844053774747425459239004132791029364174047523473372650441001639174571312926565 +AMxoMXHfE2i4khsAkv/lPtLQhbWUjP3kxYmlJkpacpicBB6z/TmG5zjmTC/sqzBvBn3J4UvMzKYFyk9/l7Wnuc480500a3S4HRVtMtirPueV8v/SPktL67eN2zoj1VZA/Rex0aRGjW2CzEKGwEn3G2bZSgdT8hKv7AypF69ppjz6 143539479941314279463880342636704987025205547180882175105616955926182352311179043850344463145750154442573797875223178075233807385237935671604701513551125937539235111702655902037518920150424691586943553275517626347557879039695678271564616114192941679606063184290901862703975921261779714258077775731727612132602 +ODvOKg7l9RCn5CePG1FfMitkR5l9+7JK67eU+WeA5p1YXCcKS8GbYAKCtXPD2QfxmQcrNYfAc6Yb/kksaq29oW7MzZuTDzK0HXY5xBc/fJzEuvU51gaI0PR3cuU1qRlLqwmIlyt16gto+2E64BgPgIKJcAjx+TfH/EqNeJ77/W4= 39488587053253042573878502921384752550143716864908041972426777545317969264945056510991363961916339225192727727267483337259701961148978214005913510275048195308792987888118270387288989623193626554910652030960235845935461155296845475356011099372367616732243132816329531758943935324760665826550992788664237161838 +AKkznyQtB+PGvbVroM5nUIzhJUjiNj7q4fC9sSFbmDgvehnwPElVlie6PimH2FKonGV4GSaxZ+osil+9omfkb4rO3pq8fy5KcFSw/gs09X/U2eEEcUt/4oSbjs2NaMIxQftM2CauULiwfkWdkMFTBkHnh7Bbyocc8dtmrBDdoI8a 118817437232756222334188081193205110010964766506378146125932730686679941224328135190204402802650523704343176483564284220367074983943319572348376466341132480772885833789613392397284313483009178508647973749522358005819092779831781339778163122774381387989185969990310049504391258988402795259963134610905036263194 +AJfwWA7XnYbTjlJt+9hO/Q/OubHkUkyMYrN6Jd0cN5MG9Rg8W3i8U6oJxT18p4XozkiOgPlF1lE7hIAW9KRKJKGTue+iw0okLq5UNMu2Ha6l5/wzKi0QzRVTBnQm2zjPlQpgUorBBty5mcbt/B/Y3vOE4I3iVXklVtjQ7zIBHaNK 106695084438708194568048926154027115609888551145480521213711726807296356271397749432698558860759334362315257102647885062353922543502466463770991058956633500180245599467233361812610650830611712448187310827443315947425061886163301613989593906515923245020641415290300558869209909418659128196109640872398602216266 +aCXItk5XhuNrbrqJr1Qm04U4y4AzSKDMms11PgVcdf5fCGdizibh6/oZqx5OitM26nRz2vob8F+ZIP0CIyIJU0T1M50dVTbbpwuVNdv/XI6gHekQt0d2g34x1TQJIcsT1VWwGWTPNMtht1hezBAYxwv105AGKnqdLiz04YAdEk0= 73134927546833985031652237686088635686032103401394612286045377544136784429757461671691980910279873140130943470029643791712859175007885735170485461366406852784845528918253441791024065848540598601036357817496637108534035807393364939272891745520961269029038360205258229770737579266643408540634722493263322616397 +APNeoaWlyNa554OtHP8F7GAY5V9F7LMoF2ssg5wBmsgGFktrRH1C4FdyD0COrzIb0Vcko1/HiTnA9JXlfGKc3gTHEnO0gxBSDjK41L+EIgUfR0EhAD9iftTaCoBM7qZN3R1MYrSz3sevQZNMFOOnRrzwWEXnJaPKAZXvsqPzOIF9 170899982929163229592439208307232242235219591108657660041403142612622997092685093132858257827585941687488772925553142105567685213341947938835403410054637382864108739466539574004149772568683507025358331323655651148107044968424043673850583150424463706583215452211942132017052425497789362680979074312857823248765 +ALhwBfBYpOk1pfJcNut0C2fEAd4hhYU03/ZQBqVe/7MgpEDjro7oMvSdba5kjH/VBssmZVqpvuZ5lG+vI9lXLukhwRKJg7m67HG8lZXvjDmjU/PCjxBPNt5r8/DziETYmMa+fhaMTw4hedZcwDe37t1VPIflvM94sBKu6be9yJAn 129516480651398210587505113546142851617282590236388547627336279692965778911450075230961856270046942312918567973875005814982283590898552829322178788678196583244198944578081007477482775130405341039067711963061287597331433268366003672643052056973656674139309732186091974604170508497340243515339072325943686631463 +c9vpoiZvtnj71b8XguD67WayOF57QgOX4V4L++nG2u/RY9VT2+0tJ/C4NIawVa7ScQZAPVLuhV4J50HJX7FZgtY5n+lwMzNo0av7i0IqTS+1BBO8eNJy2wkCbWWBxNybuNnF6OK7eXdPb2Mmwm2OmhN2/j7HAr0cD7rK/Hnif7I= 81358980280155473712258342299472964374474635149963153129588784719499494479288254287754874893180126149146558961101860327826747785201363745989346818037655063262173536227595206355647880155693272153902647256175878517626925488264893732295267833614283963802283320574654949992393798458265266551024756663538388467634 +APArEXNLzDydcHrieLDReJryWxFzcsN1dxjpJIVGeJp6itsJOrUtnmXVnETtaZhWsmN3/Zh0R7TgJ253f7PZ/Z2xCEdqF0hs2MmnERSywdWZQ0a0McbDUUaDjBNYFht1wvS6djbI1b8RfayrnEZ0miYdzrrP1ntU+5cM1QBAvj6T 168651870043094856205824264282870999215855903395882323164614939540734011037112413507417141209480771157672307388419164831992909066097194364645695794831939514470650008210390333649278806163193463937050083854756730458780288720541495880958909249273048328511615821480782977316719631334570687241232556472064072892051 +RhGyx6xibf0OvY1XjnmX5na3G7emG8PWbvEa1kIjR6pK6K1MrMZnxFefXpHWInFS7ADESNI9LHjZB8VW5QrjRVPMksgdEAlkhY7MyQxaclUlShFl2AfKYBfIIro+vg7mUMzMctD+07BLk+jejRHtPVIxHmNnZrZYds80ve5z3Xw= 49204219353786910100605282012781696579642953908541693903348594981245301165936599174304121350092894937817100350990938057159324959104937469442065996667276651025661016077514839755853073999975805394464570132481314896694678249282338429544941873047382467276103868995474424700207571657816852575364781281563515280764 +AKbFfU3GL6NILVyONPVD/X0tffk5HS//7FBp7n6JKMXu3VXvWnfTl32R0WyVHk2yP0iIyi6SUusSicOH9ncO8KJHmaoMGN9Fn+Zq94FTFqZne5NxHmCtwRAbFNDVGg4FeemGXEe1S5Kk1VcvWqnp+QgY0uwa7RtT8C7/T+1pZlwq 117110890075563714812929271250884717870581483065920538069845585667296154465072587148155060755111295509684258790280104272121160614620669593483929827848744548171793187278583947500205314283462739235860439216105116687015890394925743036369717346234391524403038196640934551590543386844279091801685432977718405127210 +AJ0xZ9dfRc6P4W31bMHBymgOq+38ETEIMvMtr+wB5WTcsquZY1IUB4IVkrHaOo3W2SIr479IfJOOQhmvyRS4iB05yDI88Z/fJfXarkH53gDivECuo+5+JmV7e0S6gCvOuVamwoQjlK3G32bCV2946ry4EyIsVZ6Alk9xk7X5HfGU 110384671994603894282707302829898242894456931176497230904862171369974466400767175784681299142670706023468915238955836087425993929524341269289746060546848852729416925808186253355106621584826213979718185296723694190658548757311188764342751280681935289121682174507629679900374674992438818324999211250580434317716 +fjzmb1D+YBU5Wn1GlwhxjiJS07k+fXxjeNRbOv5SjktzxOXmautO8xZ5ACOlYrTt5G2gzW2PU6sYNfByQ0xoUSyutOuQlD2r+8MnDrxCo6RxT3P0dUSX7q0IVj+oLK4GPbscnKLfe6KqUcYLMgKnDYnc+ztFD+csL6BQnM9WMLk= 88647261832601702291191332432291274285041869480562430895152086741320122435409959711452438332192792226899741738806447713240934608106883094466050154088410020909933636902495700779087737304255058561688767369900548260278700135161077055869478387490726087630962098228537973426295306997128615315548440548541717688505 +YDg99aHkQSh9RjytWknbXzcgLD8MrWUEHF46yQLHYANKXaQYyf3yGM9TYPCDUqWbOapqQe+XfOCoACLyRg7vVDsnOPRDI9ZFUgCQBNG06ZOxzktEhnNJoRC99da8jyodFqqk2f9UD1lVa8tsQdatjUDocwgJaDAOpYEyGnUlbXo= 67567767932654827067250684965667741848878457020992905661955722020937161710030993261011062929936964216357930453809610708591260182295097124272956485574313839759737390934220465669626974544253750900911093325004172643146669082793591441922014060981070503803266774197958528843445580649512373693546027107823355522426 +ANdsfO+cNtWsbT/QJHGkYAL2WCHWVPrX6oEz78pO8lUwiigVEow5roLI5Tm7GP7XffjF95z5WDxzpoam+Bfp4za75D6ZEHQmuFnpWQAmNLUHdKUE6UcsWN1rbV1uY+x+Nr5Vni/M7PfQi1yRTTJTYav40tFPb9rY48FsUotivoxd 151275723772668372472508916060743043308364940375633847663054782759325087560768667906829087958412643723335046123025802453213225972572697773468957759328009026531148112732519692142632237595562259864125679649273054426879080697360204352423668940795473103047320116317252295126635024518179060076282921965794883439709 +D2Z8YA0G/vzEVVQ6itLPUC92r9n9FKRpf6lDPWIgpZOOfIkukPp7zzTlo9Ej5IsBrZBbtGz/eYmlHeZ8Y9pQj8HFW24HeKYqjmR0ujbNxI0QgoE+VUwPVg0HhoQsOGmq47zpXpkDwpOAZbMh/t1Bafq6r2zM0qmiwOacJ8KFUas= 10814483230552506566705634583020057064935800294861277580077052473134972003523900930560478187758928889017740705417070994563709463926267126567504805864719383185267204810142444719634360655595490833208838383875687102074846353850310954150927702228780599083427768247170427544730791038729428517279760042619935478187 +XoZpSMHqlOyPYJS7dWSRNDJHCkjbo6+DECzu0FpB9O8bftcxan/06Twbo5d1lEqPlLx3w0XeWtrmCSCaeVcXVtlY3QuPjdKPv8LBnnhslPOVcbGyflaTPXU+ITWE6rwnIF+yWQl3NIwCV4EBtCT+3U//Dt/Ebif9gzfKpKltD6U= 66377743237695515693282032069691369056215169443985727092982918806809030742478033317158686828712146024066618073633406428345129492010236994055590530566431286733776441810601990431112187030942086686719669823512292071202675269428014136307286941704297995292544712278047959299939833088742083527714893795660235870117 +QUbbkyJQ0Nru9c/nPbphM6VxHp5DWlai6407KIDbTGvUReVYI7de1gO/BFphL9GA7gDareYoMuej3/SVp8lEujXywtXzjiI+j2TzR3YYiMBAMhsJO1wU9pxy69Cj5xeFFlrOycjE9sPS9nrqnEEEFNPiK/GDDTHj0KuNbWSCLrI= 45838919357034925862751142472777409057791233610959872523563363744902783251621354580995921495295078179996083468819097423327554678806691589090814275138081407920379810144694354354954459732280968086760894209634364189264517251735804373673532012530665557440070501687207620525228416650281363557992436992284712644274 +F+uI7ARCeAlnPLO1YR7RJj8LyhtE/EJMcY45lsNMff0YeENe8KOITZVxNA55FcxDYpg9sKi1UV3/ASqkqpH8MOxWpBdT2UwSX3oBkp6ETfJKqiag0C4MS8cQVsfcKF39BJ6KUE7X6KUEj11j2YIIRREmLPyZ0LatG7dN7Rmv2iI= 16797235966984072293396362937533957334369977688369659112225970370748312376722010874726300554329794854683394163379447263409228872034356195791733533528404245739693397078461712458035888813157166614479153484688995068722288153129390850561042173295997770817893349738328312152341860704179681230323810266038959856162 +ALkEoXznA7BJlBIfA3Avl9kygQcxexEMApwduVRiXeYG0uEXMQU4rgMJBlPqs+ly8LTIcLFaLnJAG2KFQn2GXz2TNa7w4xkegkrslIJEtBWX/lc7VzRtcLbhaXEs0Ci1ValnW9Up7dYOj3Qw9eNo/9M9b1fD9TI+0QXFtp1ge728 129924120553920201168632484268654219915712271781591182777925696006023100660478316445751842982460082888615429513674356810187315558964251402722465707617058251479494744427428152566665405423424700027316505872162698141109433045594670140335040479559124757490095995568556894332243767736124299898808796118800328801724 +Ki3FNTEE870E9GaNtbT418CLSmf++s6Di3hzAy8NgiDOFo+uuicJa54V3JNRxOBc99sl/chfZuaBQt14BFOQ0i+9rm2KD82okNABd+SNfXOb0Ow2taZX8CpkVJYDyphFPyHbPIKmzwMShNx9X2z9w4++tJgzBzGcFTPv1nhAlxc= 29618953883711174042338818332957726953262658484143534778541769862244883781157097499904047532839425875312731531093860721544220959674634750905085721866390609141599426547378130082409488797303960018348798930232014390380383063108812922828160584483043190739354817699497573863286563890071313017508437166939160221463 +AJq8tcSnAq6M32ViO4hVGiHY7Tb08cLVyxpl/v0Y5adYblvjrbsFcCmsNDi5PnBOBl5awR7KZdQ1xgq6jIs+SQbccEMvJvGUZW5MgcHrXBj9XVd+8oB0z0eahqXpgYBqLDeHLU6238xR3dJYFf+Xrcrzjg8swx66OmQKkAQVJtdq 108660120968150664552423780971948386965268856900017812123107864829782135741514930439461240950044759098603910762272795612101834680870627850178371693837566833495418727543557712057554231215186486008080050486837716071537742708913279026303380104388546316647349432118287628353129105425052237438199445863950767806314 +AI3mfrgcRwtE3mA12gSoQV1xyIGy/YA4pCCvja4mTjvzQOAfiZL0efadxZH5awohCC1SpZDCFsE9yYp4LugHKu/A8zMcp4k5ena8sTPDkSod1yucjybgmVJ5h17Pru28AzHQ/YUmCnojQv55aV2+AUhxzIfojY+NT2PKRqr+vuf+ 99645829268436288676280252226747461064597487404802430565833102291706103139410465131373666856042539909746769688396958963177805479987372681967013633920910376342526433530508868114301205524789149997372160919406352823342811006288909548557622230243808373083272214426118230701324879006645047374853535922112549545982 +TmXQ+D8XFKSclXwnTIH8d+sb1IV0gfm7GagJahaFL6A9rvYaZ0NTizkG5DQ0RmXyo0wPmLork/296whsdNdUxVAwnGFlWWvMV0ftR1fOvN9KoT0WtVZ4Rmu6Fuc7q1PskAZzIp7MkOAxILO4iX5dNuVC+GLZYIbpTel3Ga8fXuU= 55052751096768041533898435453266875315629605001878362193939750978427494147944918632414581744895066623527980497732722163665712245580312596487741856071020477624754815927936394948233480228964159047139170955663289543349257377302556035170334384320502468579367401821986660515827461352578142560630318492817238744805 +EF6KIBWQiQoHOnBdJs1p+WIcAv9ILt0cnQVo+o/2niOtI0C+eFBSiNgeddhotkQFgHvGUjq8BPYgtLC8A5IFKGzXu4SYj5ziagka0hqfhVs9zVHKNx2NUoMhPDG5R7+giwEGGPOayGHVNbsBf1FBYG91+mwy8hnNbhcHSnvLGk4= 11494909948912248031301686864833544028186348338729984264372557659364976118965740281229664413031002362633393381744365783802034700038490736736266032000546393704814403638058993380993275865674190555703046732456017652317200288968188655019374159412919163798248766655991273308390043613040731449231289437754791500366 +AL7wCh8tkFe07qChFAzRkrnNehvda/Teroj65X1Bmcr14+/zeJlZDObYRYBOm8YYSYNgJekcL3o9lLFE34sCMbSJgm4dGwpEVexiLVi+zc8ndnqBDSAnRqtC+3jbInm/v8l6cUvuzrUNtzXIQ/H4FrmPMiVy0EMerkMtkfw5GBsd 134080980697158076909534078193319899756347955848461100874771253577754225619652121295523443912922220564492468474647193062555347746840044705102003079330399499915801536721237211615317000955332058281901995149084303143543150689010335818219129745452688372571010816270728441637278434982752674030696337642893239393053 +APunLhlblRi3bbRBwSV8dsw8h5SvT8ncAmXPnca+e1dLzrQZzL7P2OhFope0mW1MCDl2kJPiGTdK3SiYJVsAFeR3r/0z96g3oq+8uS66T6VaJym0QToMsqQF4/fUMaTo9HsukyPyOgjVIU+6TiFd3SxQKIu1/GpQWVQIP2pkHFKM 176716779397275986910036615967409090183531310366246043951791503601618945774743601662530806467045971394247287367421508126613573039423674729894091424105133906122821596079925540513892022311039293333114333317886304014722168786051080135090242879622144693440448171583324154550086458411590240882982297314605229953676 +MM6B5AgdJKe5OLlPzcXwi9WhqQjx5KsnBYxxa3kWdGNTdk/IN6TVd4Ptn8lWkLm78mw3DXP4Ol1sQbIfkHRoKFUN6TaWg5aDCJBDXyHSTZI2FDc1di0Te1SwziYn0sIOe+R+rfuLuHlcT1xaZBgL6+dDLAZaZza36UEjn5i/pTs= 34273208848307582992498656582721015257885595139328466874135636009184357438445251703533153492315835793684794951576799764181908090765379592683793969576893243386892292517067596035059342970830813419330530731370385186653239446376170533147020072285887964430731437765184844167400169982662183791828762458682426369339 +AJK1dx77ZA4F0sYCgRL1LKSTvjGTKBHd4QBeVnE6FKJxIow82puqtsVZ7TBxbECex+LkLQPrEbuQaVr3giUDjg0aJCE0D9ZVXCUS06qulqcCCdWgGFHXDOQzTWDn6TlJCGxtTEMbMxSlUq1q0iKZ19kwMHiT3GydBn8/G7tIYd23 103022457217861194294329435482792508957642944252832971366936865663608381648431732294396977429863681671686490913575377744795372643599438468695483808375208871881849232129651519218503507811863794426234594709451104684234156597418383183271923307418704786548452806494411689822939919114966188329657999811363991575991 +fPZNsqUYBbVGA2FAiglnByxGJOZkVSpj8Y4QNW5wq6o/1e/PRwp0TLYJXIoCJRs82pAj0QDpQbHl5lCZmNxEIQP8o8xI//HCPxPIdgBJmSfm3VGetrOpqEGU0KJJqK4IsjoVpAfPFMUMOpGNz9CSvCHGk1AKrtYvrTJEKmETuig= 87751387019308584846595931543798879607048239290774788042055795835726250309378365187899578817976976035304304847968410200168743967600896348021636654074952051821111673620467434295067182213181329543946368332581250062140819766061014427755090798550122401239987766844126425179573454145697756278292448630509686471208 +EmT6DUd0bxcdprYhAnycQaxm89kltJOlIOGFFRmEK90H3RhzBGr5PRVTJVqemFVpVliO1gy1nPHgqDGVNIE1GXhrhyFJU6m+HJeNcduippRe38xPCiuraRkXao79X7WAiVYUq6RIH+UIRnfTvHBgzTwjrOvKJ5853hYmGaanjh0= 12917015385266582065020051081997430892582163827812227349569911846746592973268746845211126663077128575098045461893559476227689488349263954564361736197688317585888118974603264677576027836032271531903881104937422976121352854003385726888601980526287956222142458858211589791399646989299770657341412683499692330525 +APtOYyWzdY1A/YU0SGrtjPdMZA5E50Y3hJVXppwuuSk04TjXzcbu2Sqp7sMnKYbToRW4nB5p2UnaLPhTRy0yszOd1auLngW+0ttCybD6nTcVoP65gYOwXGfSEQysqKLb1OfV8kYq5Ba92Efn+CcWWWuS0wEr97W5M/Hccx9bGu0r 176473215292413922394356058789571494026727424839036665031567966488209592078148711908841964690807374236235612412767651029865069639786447019874344449598703213025389428836803984245755885691094364960118900160737925054803955567361126391353868279642836569627177281508980029006921064654964339077608785831304875404587 +Vs6bjpYfFA1R/QTeCfhMuZLZ+Zxo6wxq1jFZpi5SBR1LaUwAtOAj38OJC8L7zmxSOj/RGEmJHkulI3E1MH7P7xlWbY468/azfot5fX9BgHrtptV6Q0dkBUg7H91+tcxdbm4/V0HGQGa2rZp+XK1rO+U/d0ki6iNbsCsCR+OeyvI= 60957991334776853645581868230398759578123373154273044785333939425321390401088800849629483265841435899835570419798325123273632247193463641611211088549152950252041797959644227170492417662363676228611376046334386877555777556575818860902071813120592757466883038430756577949025778080997296219236534786815367760626 +GiauT9A+wmwJsFbS2OPIM6ultIbU+kT2NgACn1jFAy+vNBahdfHMCH0jJdCs5TbmKTCeiEf3ITc5TV1OSvIejJ0GRkTf80nY47TAhiP1aehZvMAv59NQHHTDUE1U4TPVYKIyFpm1V1A+JBHKJzuGrB4lvqB2ed7k4m/ZD5lFLMM= 18363925023885496669420377869542744504974590667921570026763131637088916425434675950812384919000566852243714758512996458727914094904422651029609645299422563453163291342992902510788457007623888307499601267675322986672697397389663297565071582648674012080122614260400848960757021864980761735684874056409664531651 +AL/9KOZLtZu4+ZQYQsmOgbST8F4RV4N/Z+l8qsbCFlHdXHqTTkcN0chsccE/3KkVTZsAnAyJqogbAvB/RZqttaK5a8iKlOEoerUS92FVQw/42WhsVaFggR9cHVuvCD6QqclZjSBQKQzUMy0YWPWlycAZDIv96tooA+V+Fk0jbcFs 134819194171226950171930028888667967094069342154233489571728632904658607624703819928943642011918061760802468868660586005724399808048609316802502143143910585363214684061242274402109137825176291816945489430125510625857564490981683683589784133305376252294774711594646923226452625156299996630452243345104727556460 +AK5x2N/4+PKlsW/fNrw76CnE+nS76Rd7Ugo3IKhMTB/IuCc5xG4MQHo5MlWE0oVkZ+Gs4CxUpvD/WCCjHHFlSxKG4mC6ehz3NVLglBt+f1RWfPkF28JPd0UaIOG3um8kG4J3JDN48PXOPP86A0H8ZYbE5+ImmXsGAcwvScUQRInU 122499245103202714319465533564374494931278163571999934877854825659720649344163774228004853964635693562785966889622928722984134944784141208867445419597834322541679973956606275877526560988151196822256754309120410807075405427166696093800381410682490767468563176131997424692783482903880902119461752084196789357012 +ALZ12i0hqFhwRAikcoahYzH/BUolhgZ9Jz6adLvvTO4wk6LLOpNC/zCz+LjM7HazZomT1SqeYJ2X+WeGFLADHuWo+Gp/I3S0UEneYHKJxoU7OoOtE0mB0BCncLckHao/LmbpnQpS+Lx5bRsr0yE6oWNea6gbyRm/R0to74MI3/KK 128128022342420083856194424802390993133863171077961467523372211039771843125192435716337829530528063182315478279257832480290950255315151577221042903861075751839976362752440630888566422581799720709574650482021111126414843635330535518992034746102956214991673417580508389225948159518319625680855827280146399752842 +APXxvLifWgehdwdTRAJP5KrchRzgbUsyMWKcPGm2ZkwGDJjoTl2LIOOGVFiL4CyPBxahkEHf0nMxBN5oNGX/Y4W4PuOAC8gMgHzdLkPWkpnTcyoe5DD+fQsqNuKVw9nvyB15fx8k0d6b056nfFjnnRqgybby7MSllAWSKRYRdxVm 172707950911363219032118650562553641123743396229371815589867086054370029540557395298194067635069298952836929253340374819975848769009260895874615676938511747311585257140973518651959463416682165208985512233703837931718385346209362040743041262031997793519095342415901373534535662377972036003546589624834285049190 +O+9ohtZ9SzGLJoZM8IRQAjhc/GPt2X5G+M22ZidYjx9WgOTrZDXorSyxLuHxay6djsJSgjxYMj8MuanYSn/DzPWBB1Gn4cDmIsfeYuzO+vUJ4l6d0nIvBg9Iqs61/PGFd46YxhnDiVQ9HEznyTjzESnNqc0+/OkQVJcwNHAcZBg= 42087920806448980363073662127262313840530298932643042322138035915324224188032438119079107631420338701086802583985117830416851550991102672642532160807467909040086448764318690465254898516502941122327185894900817634110254371864896139724173087625913998657136384357741816102965779105122269429701537815263708996632 +VJOZmvqrqsIUTQSSJpZPhbQIYN2tsfBhAciWnfAYpwjK9/ts7OP4Qgdp6T/V2EsSRPnfZ0VKdLg1CnEWDhfcODo+/BZcUrJ0AviFAEtdeUhoMSWXtjel9Ln2guHY4s33z2cN70+e8gfjes65lCzrxUIXEF4nKxzKBnScoooQP5k= 59391682001673484862915842850714742391303140646889359425353339320546979084250010101273851580028171449840778038774656177449549941659895629203970455580974953864068394275066532699748911169800076515776388213090834432354601344176559839798153004796057709798368011673585434643656820656931921831615507416411999846297 +FRyJCOgPziO6RDHX1JgYGZRcSAuoQFIZM4niD/B0twK3l+TRpmVigKZAJnZZFtmX+0JQkDwQn3lcBGQIL6mgy+j0hD58U2/Wd6xebuHSzf4OHVGo1cYoqZLplszA+hVCoDVTHi2YAZ+GtfQEggumcNVxqfEZd6D9Nu//hm0t21M= 14824975573460749317081504809641216868382341402512168178334301409725840669112911061147252565570697788806398498723577368905065980113760265945344671897779830912242224090954834750057278285419880820811348943398148063418809729356397202526234113316098584002071850758705282845646489058224513019380757604894853946195 +dUk5LyS7mduFJlvh5o8R73kJIeeTh0Zli/y3XjtIXfCaNRf+wDlD/pX91JEwsQ5Mvj8yq/Uq13QyWhoNwsPpXVcJtJ+02wtIn5darsBDfzcD/LbWhl7zTRUeMjZ72gAWi1djx94SWjrZJS2oWZU92Og1yOyKRG+ua0AhHfYYh6g= 82361050315899968537319599868832189063658136463903643442673674137187842597528653416212822014359684261704550279153006971937114135373937934986951573613797195556144113400128502946618028800530164890707031379614952207482505803377774320259789692177752930767589642007257364960987343146063216186985472686575891023784 +AI6rejwEznR35rIPuIz0CP2aWyhRUR3unJ90YfxyuVYxrqOJQGSDTSf6SGDDw5MqpZXa9pWuwpyrb6smOq4ZtC3Er7lipJfXDjhy+0k1qcfMjmqbATUscwXGpgW+MO71cttccEz6vhbjndi8gvG5M/vfL2l1jA8nXuBd4e254dbz 100186164434910864539376019601151338080943067893748898987236087770762310617199833479771711726248130012472861788210345311298499515751355424063761182369333224929721733015910055321263016834247318907562652286587380604998130368845939290804442878127169587599285040969551065995197981341260363722618429042861484922611 +AJ5vLZX0fSs8dUSBqd5hki48T9cYuR0atxR+qv7cRu9nD1vP8uNVR8dLitg3XH0RARt3ZmOgi/AuggZt6tTxuIBg+9JhBY9WW+BLL5CnYWHC3AKMi7MQBWciLtmBpyF152bDaEcV1PXxtml2KxX0Ba0C+hGVDmJSdi8Kjd4AkfU6 111256341508463539324514225759801553679558662737345522765042612717818066374840372549356543720386819501973783940451033901079765311790026584654529398345993992144903839534037331533660672892487693477412528974248713261092693018326068480417183236210881306241164169849090833681510163753605662526243408192127670285626 +ZhXtSzn1GiFfHHnSKUYZiTcEWqlI8owyCKFjCQ+VEvkdk50m8uN7RCQ6ZhI545tN7Uy0WdLstJhgJETBYLHHIoWsJn07mgPxuyO0XsqNroICMQEOO/YWQFk1c0VqZifcohQAwJj7fONzM7hTcA22/7gVigJ3iLq178jZOJsEPQs= 71686982768953132894579286530164112027530221141251507987469672039995314435159469907420372652392376452531392493658576814100773556880394271726970628960571077839124343525055625420896355363707908511865700866168843075071778015504724409171911254647909938237551680861008772396291072284353858575645679153885560978699 +Vc8Cw5m5yI+bJ5sUJYm/F2wyZ5x3D4ydyL0uU/3eVF2ZJu55OOlC9pUyyv7WGExClHvWpR9mhMnsqCLyseLfM2Q/YXJ7cjGPKp2xd+fvwHa4hRi1FdOxs96rJnb+HUt9hTwQByXgzpnUfs7AqrqaNf4WSlBNMu0IOOqDdB4iVHU= 60256873326783629723455608618518793848697944184579877638436234491615392142659293975260290798403892159720925893207048153291000664050780029732557737984085196691225472664027706406879051455184548871511448456651238810812870905640934953489289909009741493031472382758586341375517766302753448531830002512912250459253 +QmeUn6cbpE8YrDfMETz/+KVFaK+d4NHHzcdj/MnjcmqQSLpP/XwCW/aeudlN3SfKd6rNo1XZefunZO/ek+PHEIy899WzjiJaajhf2X05fl9WuPEaMES3Yrr+ClogFNQ+9jL8+7L+J8lDuqQzvchT0U0RPay5HSNZw+ZouVCiQ18= 46630904037845609335515965570673490721137364238213103678233212262384415738654627185220187275286458759154841820256007930773120637898228224906635911124921895934056288121005350040349882413280772888907627838315559544636626856478316691755270725623680935763476199888127096014398699432042227882284223578563208692575 +ALUBYIShA4w5kRUa6iNF8S33DqaprdOWjVBnO+j9CCGtUh+NNwfpKR8AKf536MtuFFtwaQvRIlkLpaTYXuRxzyU/YG2+UfRQF3pEmXQhcMxJqFzqZ5nWCIWlJ/KtYS4lcC/B7hD2UGAktnIdjVUTSxX60VzA+zxeunV2iBZXQlEs 127106299687401374061881872616647348819431126560557369258073443762502337592227172639640997680536372567116568811258505773087926491911004324918919511363985868314578663758269650473780772688462266790559846182685481907703974916356209771821075179827563487466641669110315430790405454641953880582274165368514679034156 +ANyAdMnVCVjmUZGiVdyvGE5mUQpKoJOJINqMAfzVUGvvxXFmGdoAx+xsDRNAP4KoijpXk6E3yPBPBZEWyhiHnyjEkktK/gX6gnb745afS0QIlsjhKCk/W/BHXkzC862Llnc1ZGAIsERnGceEoZHdICfDUh/7nMFp5WuSMzPB7nEO 154841617115465511611746667401422322067517612306328612547616471923266281876818466022676728696273611923942543658633762267658490816264271663863494188027433799849037906883352478212451733963905925106470599843045599411842850386623187980045961158399934160107237440980574028985561404965317132715808604373199725949198 +AJ4nfhDe+HojR2YrprDHW9FVUxsZvoIekwlNL2iKFRFcTB9IcEdh6QnGcaRinev7yEYUsL6saSxUj39uWlqo8udJFdszuuQUmnloIi34L5uj0m1OpLy2dawpFQr8pqyA7go4ugMMj6XCtiVnISUcK8wjHgY3Jed/EKK8k5ce0Jxt 111059703393618496515021583605572584329116596402705082562306930876194742195701060137568030171429700588269665205795898835699633817098262654446852249498668467827435829513531633390969638488553144849154126899372953755511962841193763362947708260103832329116485114451074371844037650417731807385491783373627950406765 +AL+heSTflb2MkRYFTKghfzqlVQ1oE5vcx0eCIsy9NJ2NGFXCRRvoGDVoB8UEsUWIRnaA+MIpwDKGpbOS8kRQrvBvPe/xM/t3jrGkaS6pN064+bCBx8Y/Jq31ZXNG8oUol+y1Eo6fkUKNl4EOetmZWK8VmhVwol5YngDffj4Q8ned 134567692290185631768518572983694048149859804864902017394351513816079806629664302312927579302025923096596995134868068794900003728293470554490807959649153000914807604036531509869958441069678002226922395630284261949256022972967357884468325217602330254290548618134453007903724438628204981673400911693835033278365 +AI272d2sbYIi637kHZC+6lievgcDvT5VKaCnus3fHwm2vfao7oYu31P4st9DlqPWJ635X6QtLkU5HgvVSy66MDj2fcOfwVL09ffkZYnoGNdhMADVgOq62Ro5cCpOdw8Ko0cCyVpVIaSysPuqY7kiClf9GTdyZz/uYHDgwWeNrc4R 99528854246023003959943182132914587584844397870416002887630245681136432049666385367430032197518895755482367603560037194955739661569172773017279832774100155646116233705958563163070414171045438199561777058338188494271322834524386565519620661180246416329082614115142485663975718653564590519408413408765689056785 +AN9S8vPzo4SkyKsk07nfyD0um1riJzRqqWF9KCL+kWMHajurgPACikYzu61tL7l1mNEaIU16Ndz541o+y76DgsTLYszu4KXUOEt1Gu3eHy05Fq18zCDlNesSVjkZjPmuJr2ku+p0cP0TLLMn7/KuVOm4GlEVc6OvBNZuEzRriSYZ 156823459768092337875922818543729136404805918580285507923139232733465414368775678369646914249412830351437211620056021568154043505276475345347569200977945836210758870414054407438380975491139001471954448623922841964684437333066353208837709613982022690623722155151315252634380695513434502419141555410441456920089 +AMc5H8kywLgiT4zz5xgoI90jejsHorbqUGtBeX9wke7zyvEKyWxRKScZwzRbinjDZzN48eg/30qTZOV2Rw97JFg+EA63iZ0vqfF8jErIt3hODniKX8zayCuNmiSb5kiZL0UDU1SNh8ER4m6o5vshBKkmqs0PeozfCGQtR3bZXlx4 139899247405256530335276706333424670310599977544642091674186635734421385499036688803073040921114325725234673132788498809189814711681909865484671959982394306416477300458309408833281654917008031099378445580498219376391819745965887864647387211647794422908411100892195529730435423964537342228510107659017578765432 +AKv+3H/TruTX3wdMWnLzD05em8u/QMl6lCHT4VkK+uZwBXoLeji54Tcs/hZIhj0Bdj0URrRt+7JdGSTy4Sr986AtVFxBJZA3lT+JT4JSrq3oY1Tv+tX/yg8ZodQmbpQyyfaFg3BgeHNmsUoCrdqhj4IwBqEXoOBRIXnzaTuqqSEw 120779384043726135670909127168686589868907326577918074234323699599475436892003731971700278391108690400460261929381703781833059801757700386671579819341589048987186473249926590758009001670959004477454905417357202448886738669226760846888369186457452643053236389556969071303251275912453385963613554945645058007344 +ANXIB+HxOyJd3YYsscMpqZpi/eYjZi5q6A0MohU4BiWEJK/E4uIObLJDH5yd4ng+hn7UMhc+R/AxG88hIdOc5NyG/QyFs95ZLUC26F9rkRifu2CBkgqR5EQi2cgwC8jGxQOkC62YND6cAn/ILsKTYaH0iavtO9Tz04vQp9Ypc82H 150122383481070201614242107655752525590609186454390549085509458064289390813495886095936526832230958746095739308601699615024239939948911472291507190108935262129646691795733786714291498653838550751365834947465294261687773081563139416397262227609481906371677917295227469553787085145970923979142676551778927103367 +ZQLFoW+dJ7vrHdMlcLRGKY6T6PZKnE2L3NjXymS/55my2CDBLdDf3oXwLlRjVt9KnEiXyQzLhyY2PrFA4k3N/3P5lVDLHero5c36TMshbHgbIKRGN2CGWPEFeQ4j040IwVbQCPJeuF3jL5ikCxWZFXfeEnTL6TqumLfD9yLQfKA= 70932215714423143395949105745758445705072524008235214324766464113352968998429901322485575506330607802260244612268338586532462314021433435523464635419846126736185176246740838082062856583684393425704173881940108783636582561707441482446854068022535943408999200681879161519209676205165680598258447492092651404448 +LzzvPw0FdtM2G/RRiqoajJiIH+Lw3jpL4H+08yOpp1bNITR2Aq0beu2nP0H4o2Z1/FNr2hzuGakkAhVbmmRXc8keoOkeaAQAP/8OYxHpjrqou3WPWaKx+vUCTSqVYYf8gnVKpAAC2cD+3lW+/ZJ538o+c0ovbUKNu1u1j1OBtA0= 33171669664542509840621265032202455391098253465550501094201777336478104142847268103467889435377685359857979277521589539506627375165485879405453566052091202280471235979376217319335800766353336252760793484157724210008639813552207624049019149744883918494762511376489708611103181576211531366514802868659603747853 +APrGj1lIIlxA57DNh+bTEAFbJK2Y2P3MxLShb4fPx2aY6j88k3umoe07ISQLf9PzNPeml4/0I3w0KNd2x4s9KHbj7NsIT64lhO6eQSEteqZXZGXUYUyNzhrTbAjt+Q9LVKItQhsTkTW2HTQ5RQZfGrkL118b/I18J4P+T8CGZdDz 176100632478477421621142147788721746818712752858710594712903769452749028606541677227413333567013253138397373757811889654342173021761934591400685421771460440213093509170325205622261487145789848227404883040799927313402244625239515162996390018403365063394514244196976794479529075569412676472840544017222373593331 +Fvcl/LemWk29I5LCjU1QedTjGlkvFF/kZXNkRJv+vNZ7qgq6pX8WB9yVkk6AoclDYAhCRfKTKuEpR23iafVuHpprPfNXcqBH8n01kq3U27xqIy2hS+D6BRBK67PQaekq31EB0aOcEb/DuNaXakS9+mtTMx6BKt+WoEY+NkzHK6c= 16126868736093163702771491576570380743773057522016869811780571865928979861357811080042796140032050364543242385458140594532945509386155523162799601656485075247603490060565663264947465987286983338572455184901756399862440455644131755848583379822279676555143231305246033911608913609591095831135803702269767527335 +AKW8tvaB8YZ7J5W2lmquBniJzUhRfqFdPZPqvBoMzR4cRh1CMNdSFsYsnsaF3KolNzogdsxFpHAaEMG6zSvpNJAoi4nixCqb5SETXrSLASXvNjI9MvCoE2JCRq7kMbjPL7cem+mBPWZITGUI6KVlJPLxQngHYSFxukqlx7jznwJH 116384596458828069344020651216200368975621068920641012055593076864629080375946542748377736186556382088448816531408136815533164209947323588157210859294774679831647934533061547276394884474877353537242203645373945111105805934070657589374883764420038511061919092743520704686962593876316976299391579463759429567047 +D5N2P4FrqDf7/2Z2BJsqah4SjUtolic/yNqdNzvNEogDKZKAJyGq4zhnHvkYXkEm2ueU/FDPJRqisszG0oULdU6c7p8acirEwsGLVh4RamnFRgmQSK1vbiYB3bR+P+iFX/bZ+TWjN2Y3YMa5UB//I6Zb5kEIjmTpjY2LEPI1e6s= 10937855369372570149476727082965401421189236366492771695094788039313362971972373068736123833330006002198346944149230147444718818161877123407713821100752433128205189334393732633989950841577315682292180735057952587083688644195300641998709155269462601925653013312848413290208844194513502358901613104779186502571 +V/A1ktS0xrcwlI8xrYqvlLCFYrdVp8tEzZaZ9iNNpPH/pzVsA0WbnnUeHbdilkje+4OdoX9C4U2xaOuWOfvqLR0c7GeCkSffCqyf4ZsBmjy/BQL6rCpxMF0gIHXO5O8aJ1h17hy9LTuNzWm4zVh4pNFuHC9L6nAcf92udMiIQzk= 61752386563628388546439207444896778638632243226541303179646524864765343154194512297447627825411023405896612559648434895675553567405277169056807223959390559391191382555701580549902639604424290133917402316755076644943742815711432111554988540913643347167948778404861099845961151998728662878854088239266688156473 +APoPgEKA0/r1FYmt/Iso6ChYK6dDU62Y+vH5h/LVE00biBYG1f7aL3GdllUTN+XQSHpqlDw8CD+9xojwZIMfgpgjOwLbbe7Aso460zLrg3R8aHBpbVt8iZUgjACwPYr5UyKbFzIAWaXcnYYQ+tCO9aDIuOz+/7eIF62C81zXFJVZ 175598490446477604563905754135475294999639698464908622773037381109011373179895295130424828038708319325919451724985361900259676699137657615076219968061941008972496322083528922054390781811699677037439989404270415929836486610353098273115864435328533577114470407444852521009919911888840405368858409835197558461785 +cL54ymLJhRx3U20Y9aUTIsXy9Ags+XHy4qk3F7uJyO46eiXSL7VrrR9vTQXAbETbu1YiVWfslsPht810eUDUVaVir6yLnXkywn46Ci42FEvVoTEFjO22uYcCh8nqB8H589w/+lVSlNrcILugwfdfCvK1iZzVimOO6l3qzfXToOU= 79171550718114578361958369278761819285111811576818442980166457146638966315793211967882077899426611721874954146020093740153495693185472340728106727284441726113022873005252623222594060645383105757498856463065370975867121188445567981809371870213273555432308279508351518168027875538720367440153667708369625129189 +QdQN4qW2QZq8/fmSaqlRiPSoDbhmF0oYjaY29HcKYGHdlOH0AMJb+RUIq1aszvVtjh7AYay2TNhaZMWQ6Qi3c42SNk3A1MVknT6zqiRCGjNFfxf/matbRLbTFQF832MAId708vrFLF/o2HpekMkc5hcHB6bkUUhEI1NLcMXwGck= 46226230186280253581676626651942823886592433541360244612432763620730826574920825070086312767146345247802570752482654580909236388357139147786783758670999083804670979821212991224400629053427330483809790366665043598754931511997925850227997764381723288657884346974360232490075739442406431704368767588177525348809 +cxHvCK/dyVDvaqCCQyLeaiBGA36mV5el+1lc2eUTkHGUzX5gU0QQCEp+iSXNJhIOON8VFpKOFsziuV0Z+3cegWRw/VnxnjXcBh6IDKdupzOPB+Yl8MA1ti/GrQjLC6ikcNYNjQT0ZThL7KTqEvvZJH68WYmD0IuK26swjNGIGaI= 80804939616399473443737611589382762718815989847332356984276911837267997590368701684135326680567847542004499684038240485603420973682522792156533112356849436451918522884749244246467852622918805139990256619014116276456718693703261686778030658826952213058982142604346352178078750879100976710761147710018148637090 +AIQ3OIZevkYoRGBmsFaXJobSfLeInuKKReVYNjP5VEPoMq0mXTltY6l09/rQ3d1JjsMD1PfA7emhxex+H9t3leBIfCi6Ux34GQEjXWpQc4awuiy9tbR077HaJyecvb8Qy1FTnOHoH5C043QJzrKYT/sFXjgB60piI8Y0R/hwxO4r 92845026347218330987427785323244729176754623818531419911990153715676845614711324345879159989637824921793015074978358052562420379797956750450245721653716740651389924718711940869162230097839047895842495414221110468446944827052871968998907462191349838598297775847512250220907563815783358238473966349820476321323 +LoG6ib5lUh57rdmSkZSWzBoudytFohS4uoU/uly6OaQDOi34GeNVxu/yr6RszJyL9JWkGNgFaBIv/HirH5zA9VQAL/6kpL93a0/GQ/nuHkHy3GWZPF/2+yJ0PfazQ40fWhHZfRxBngWslbguFPjj1XaJ37YzpQAYb/+QcUai9ic= 32658152290878644668906121702816147999633088014476055330179597550087921141413344679134407016170035735846077181424615228657687216737432274043674411132745299610950657139041836412322040866250189120286839287690983293111362228893996267791120043532014262644480689231457941173330523718758287779526551822788227954215 +AKu2jgOQCCfYZ3CLkXEH44aO4TtwMPeK/eq4FtNj9HZ9FxT0LLNJh0ZXPOaPJjgznvIw5C7/hNm7rUs1JeV8I8dj3nbS3EVERQz1gc/ckYB3H1bViWREOD5+TScDusi86YO/z4ar3dauKkg5kT1kKDuU/OP5kNMWvtJjHc4Vd3L3 120581042599355202025471829872601846477331097842315143148145881424071317426176264583672725691485724160094190478865850305422057632110749683552966861219554215519032344086824849470294473808177223497912069335635933312949412445851201918768630656712413082629164792850095444166888072453190903931430551124946191872759 +ANLs7OsR7oBM5jSjVADrk+Mx9d0TeieTIkxwWiJ5STKNQmW2EzPOjgbfcLhbYEhzzDFJveXO2dzz6/c8V5oW2yqg7VMx88DzEbpQnQpk/rOQRw9jbI4fxXNJHkNZCeysEVvFfLJb4ecsGA0xJ3Aylny/jP10ahPv2z5K99edGZSU 148116916208650944522110872759145096907599612943009577897396622287067669897712748449324334650112672914917664881091633448764667172850435775162090891556266912697811031318228334453406561952979778127173704706529448647577013482442758465809198730066784986763500579667100246958959793527011919373534159474250508506260 +AL+Er3n1qj+SBsZVtOMJYg4m0CN+DE6gRnC1F7nPvd2XnBe+QE0+LKfcpUDHVNxoydW4BDzNVwnUNbyjXZ+iuddPtO9hchVEI36UiuL0ydeldFpOZ9mtHJaAF6abd0MlHw4vXRf8CbOvXb5N4s76ggijlZBjRtU563sSmBcyq6Zt 134488725667189507159811764480908602790838430340670328479145818969651133017546803581865897303917708192047926432630297993507146075655594931523561067937580218599890162311074002344315818494246433967228889645359283635389151927472221799543158424012020308449895562192866672439712148770104592027035768027605661099629 +AK/04XOBSjjPpuFXTDF82RNWnKqZz9mJQbS2B5bn0ehFnBa6j+B+MazX+AxXTL/d5+hPLT1uexcnSMl3DcGGwKipOXg7Dtuj3pfJXHTrCqXAUYrIXI+8vKVQO55yQPGfzIg9SVgetwW1sDk+a28ZhJ5a9OddqNoi5C+dLce7ZtNb 123560902006294001923570614486104726169564351074482936927091682096999779538353161007361361829586988452098646362280351148131540524964916445100589671458589346440250329883789099771417949746709217272531950438336245613419967556433467843237384555807236658182067742367748737224684334525934210197178231424396818830171 +PzOEGHlihiveoWFAALY+LOfkRJfm0NUF/uR6cSU/tbpGAq4onNpr+iZIzEP5o3JBLOtDC595/NBPI0fzaXl0vQvgJs6KG8iKANjsLKQjIpZBkoKhdbG9MzTVQuAeuDW0w3sn2iMZ/v2dgAzRwfqmQYXJr3I2BbcwWraIJuZXw5A= 44381416070253681813077725822442106641846565789204187691647505370231831464947935035197059366680327425453811558282831465960889061956588244308214943856009686127871667376028831540813257349779756631357122923723235595360268572998278795110672666089470210929411514949652537714634611421849780859192966935514197771152 +APnuduN01GS9dO2m2uCLs400AR2lX7elOnIPC5U6e17qbukxWYzNhilZlM4kdGXAIeYpzFdSIW/gxRMZe6TXq9krFWRaaPyT2QwRfGHYnazS9F1QNYmW1zXdt+qVp0JGxmh5PyDstbP8Z3x50/E8Mb0gLLPhNAvzY2Jnr9A8Q1Hy 175507868985304663005133968393406051624825489142498103948374797086106732382869120248515993626061853699363294022457032257026588816021007648668265488426495800459085474654859258116280251546902009156490112550154951965894022789029787886785376415437170872937201839249103828294508088966180386198213606090453461193202 +QHEhL4iVzNdUsfG0izTEepwTOvxka8t/9MwuF1Ey6kxsI+ry4g4sJPgR2xMnbtOmvQn2NitAkfvA8JPCiL7a8+gmf+DVRDjKDfpfrtgAVmo+3rH+uJYTrKhAp8R7ggU2xIrvbIrgeUj7ieThPI3Rtap+IdkPCL853JC/+oKtytM= 45252649968839515171157821292772647085425694172492111870169593872127007254353374581972876464918186509502070064028725519394859148593053614163356612260257013360168930649423732336969778875205250872728821432415158634190866775855521719727700464116412886964736859295086745723651735554245035077902615220578218265299 +APeaekK4mVhEShCfM0mkRebcg1Iq5CgrFIEGOoh1nHzgebr5A9Wrhm9yD1Vd3e+fFD9urDRB4y5MHPJHX1U2NFToC+H8nQkFXL8bfd/9Wl2c7y8m0Mxwi53pLIdzETLbbfeOOtJvuSYYT3n8+/PeMnJ46UD8OfqtnFuS0/bVpFLS 173873040145444066957050580959132871919216036714423404143335635770937773583761934638398867981658394368476005882852706046614562314432695052874974848076542261910660410561876043187368112065303981001507235893831108658530338308496461162623683138693880482650786841100027392293758260448606244283355655751440485602002 +FqC/wgZDPTUoObPFSH5w4QR79zj/O+ZiHGTEnsBMwNZD3Gl/ClRDIsFMDDupNLgwgXsqCQbpwSOHOtAvUuAFwRpzt5B7lwIgtP5ism/AZRno5p+9WVSmUAM3glHsNtvYydz2MkXtnXzSMIR1ZVoLrdwMnckE4pbMzggqz+JZqxw= 15889870005716350976759704672045310928616256175405784574141006779373730686049218680335525720670897894546334915362899913262232170795516176419192840427996647372619000239408311568577050460995518058850793096827271653902583271225799114408537346367483775593212272587811309978019791973449354003275559762102731778844 +AJXNbv2AMWadF5h99ZAUy5gLnVK/hMaakFo0ZedtPNRJobxPmwj+h52G+Czd0U48G0V0wpdeUJC9v/4BhjzhCvNhNsdAT1+vQXDuteYQ1aspsEKLQ6b+NknO88QSbRJw53+KeOY2xe7PKOa4V89XnFFBF7wljRnIYrM8vvcqVQDk 105194875227030598769888785590198577650278341586165110611689226597424766274486797264032300493674927704016605741286512271390703088626381669060095573361828932336327125438452066548897528158329044309005232090053420259033538936293519762277428283316506398965916381374819450858053512398634116052299066189424983605476 +AIDRnUpBHepjBqYAlU4MG/8JxzX1mPxVNHpWvnEVgvqTQx/bisFPpXrYs3jAKIR/lzevYwhH0K/8Vvw4NK9iTMFqgSnU44AZztKsoxUXsEsl1UU56UscY5C7ciKU6vjjWI7nm/uHNOXdE82TQXkk2WX8ferNqZU5DaLFCb+zxb7w 90459642084794142567976043425270153270545560059973413835786695756473295513758287577749768786155290305189883600338986370836806413936196854410098516254596146039255388020628703824195128439558127783534033672712705194483515442668075394018677699876614329419492391568463215822656901183478205197671375262145069825776 +AIdvVNzJqWPgAShvi3GhbhMQft+SLigKGrhoqas2Saz/bA9u9Td6fAxa2LjrAqshW6cnm2aalc3Yv6RW/Y8vg7Ho31NSaRjT4zMUenykcC0/Y88UNxREi85wdnHwGytms6Lq49H8/7EFGJIyL1PLRWPmZn6XFkegscI/HUq/hiKm 95105613103051650721863964216778532448106311156426028879315612217763044797186635476805213120469258258125661666950525364331551671653846368977016286153840829836509696804585927581668281228810410814602664419962214359687545209312836366693384158782798559255789953908588601637765910472073600954502095647132310971046 +DdchOPjXrI6lpV84IdKCisPmdqZan8AARXRLADEhixsfXCYuO+WhNatI/fM1vgv+/TxwwIQjIfG1vOZcB36JUfjHYdItYQ70vUXaVFdpqvoBGyfOTU50Ds/11iGPCF8mWiQwR30/XAXytqDZtaVJVWsgHD3RigBSnSHhnvZAWYg= 9719024770319024562623340689338530708271347986326272393419504304391837979619189392867902307307106771234732135400958362219711925045600118964223238147375808749507928768896918369395426933218443166133187066167663170936604731896932630589251946733237697936733924510107175304126061649311812536190882160340308613512 +I+Z6rdTOt26/v3dtUP1plITb15fjb6aMDvqFS3AD1+nxBqnnk7ISGE9j6dv762EIWQpMzcCG5NCCq35KOHEwRXP28zup6olOMt3CBFgYVcBE2pWOpGiO19G/iFweYZXZPY5HgIkex7HBbb7l6HhomPc2sLL/IRhh2oogyHx2JMM= 25210054612455888156900839678249806510561198051210010474517915819801056434402727631042894881559517808906460418029149538469607239850657781476308872923928122553395468026744382526167194202058040459679991391557937527079948356545086684521068912222036707113005006607012596093923970784177288565193670152033981048003 +ALbBoyelCs4UkfnPjMT3S67ujhBHBEE0uxLx6kSGZq2IOMU/QdWYPFElRgYC/y++334FSEycjS6NAJJo2ITpZCO5AjNJ93J3WYgbDLiwu1VzKHX6ItfFNEk45km+QTi07+pDKcKNd1k0mxqpLd/PuZd5hRpPDDoKBb6i+mrCb2yF 128335905497646745013379107761994003743181143126608677203818152878840562628631384684712779135591095534911406031545494164782375276574093777950840330452805743803067864740000758175436633463846967335728314347497013853264454015790847388463800323796888198433722196292529074568758149650782323407298620158495364705413 +ANwlxEkeqmqYTxw1ZwMi1v2wo4ntPaEYZYoTLTJQfa+kuIksnHW9va243HAiOixd+rviVdm1dEwzESBbX0wiJNtRBpP+bnRxy4xOBjNoOB0c/tfka5JVwu5eeskyHx4V3inLviUaj86Yck42n5NaJFMfBvhzVftZ/YF9WBITI8g6 154592850289860621115358362871905683265658659789986179554827712019629689749439795961607030363152337159590319622241556795951071651584979664762468782303706550885785493534656062553770262954861884613383561063525714923031691298088562054236178003658891902606245782350998076658704876516153027797371814038658244397114 diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/openid.html b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/openid.html new file mode 100644 index 000000000..1a57d44f2 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/openid.html @@ -0,0 +1,11 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html> + <head> + <title>Identity Page for Smoker</title> + <link rel="openid.server" href="http://www.myopenid.com/server" /> + <link rel="openid.delegate" href="http://smoker.myopenid.com/" /> + </head> + <body> + <p>foo</p> + </body> +</html> diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid.html b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid.html new file mode 100644 index 000000000..1a57d44f2 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid.html @@ -0,0 +1,11 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html> + <head> + <title>Identity Page for Smoker</title> + <link rel="openid.server" href="http://www.myopenid.com/server" /> + <link rel="openid.delegate" href="http://smoker.myopenid.com/" /> + </head> + <body> + <p>foo</p> + </body> +</html> diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid2.html b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid2.html new file mode 100644 index 000000000..a74c042e7 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid2.html @@ -0,0 +1,11 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html> + <head> + <title>Identity Page for Smoker</title> + <link rel="openid2.provider" href="http://www.myopenid.com/server" /> + <link rel="openid2.local_id" href="http://smoker.myopenid.com/" /> + </head> + <body> + <p>foo</p> + </body> +</html> diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid2_xrds.xml b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid2_xrds.xml new file mode 100644 index 000000000..8091ab94d --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid2_xrds.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xrds:XRDS xmlns:xrds="xri://$xrds" + xmlns="xri://$xrd*($v*2.0)" + > + <XRD> + <Service priority="10"> + <Type>http://specs.openid.net/auth/2.0/signon</Type> + <URI>http://www.myopenid.com/server</URI> + <LocalID>http://smoker.myopenid.com/</LocalID> + </Service> + </XRD> +</xrds:XRDS> diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid2_xrds_no_local_id.xml b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid2_xrds_no_local_id.xml new file mode 100644 index 000000000..e6a0eb977 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid2_xrds_no_local_id.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xrds:XRDS xmlns:xrds="xri://$xrds" + xmlns="xri://$xrd*($v*2.0)" + > + <XRD> + <Service priority="10"> + <Type>http://specs.openid.net/auth/2.0/signon</Type> + <URI>http://www.myopenid.com/server</URI> + </Service> + </XRD> +</xrds:XRDS> diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_1_and_2.html b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_1_and_2.html new file mode 100644 index 000000000..5e581287b --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_1_and_2.html @@ -0,0 +1,11 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html> + <head> + <title>Identity Page for Smoker</title> + <link rel="openid2.provider openid.server" href="http://www.myopenid.com/server" /> + <link rel="openid2.local_id openid.delegate" href="http://smoker.myopenid.com/" /> + </head> + <body> + <p>foo</p> + </body> +</html> diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_1_and_2_xrds.xml b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_1_and_2_xrds.xml new file mode 100644 index 000000000..6d85d57e3 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_1_and_2_xrds.xml @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xrds:XRDS xmlns:xrds="xri://$xrds" + xmlns="xri://$xrd*($v*2.0)" + xmlns:openid="http://openid.net/xmlns/1.0" + > + <XRD> + + <Service priority="10"> + <Type>http://specs.openid.net/auth/2.0/signon</Type> + <Type>http://openid.net/signon/1.1</Type> + <URI>http://www.myopenid.com/server</URI> + <LocalID>http://smoker.myopenid.com/</LocalID> + <openid:Delegate>http://smoker.myopenid.com/</openid:Delegate> + </Service> + </XRD> +</xrds:XRDS> diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_1_and_2_xrds_bad_delegate.xml b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_1_and_2_xrds_bad_delegate.xml new file mode 100644 index 000000000..db7282e2b --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_1_and_2_xrds_bad_delegate.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xrds:XRDS xmlns:xrds="xri://$xrds" + xmlns="xri://$xrd*($v*2.0)" + xmlns:openid="http://openid.net/xmlns/1.0" + > + <XRD> + + <Service priority="10"> + <Type>http://specs.openid.net/auth/2.0/signon</Type> + <Type>http://openid.net/signon/1.0</Type> + <Type>http://openid.net/signon/1.1</Type> + <URI>http://www.myopenid.com/server</URI> + <LocalID>http://smoker.myopenid.com/</LocalID> + <openid:Delegate>http://localid.mismatch.invalid/</openid:Delegate> + </Service> + </XRD> +</xrds:XRDS> diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_and_yadis.html b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_and_yadis.html new file mode 100644 index 000000000..3befa6fc3 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_and_yadis.html @@ -0,0 +1,12 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html> + <head> + <title>Identity Page for Smoker</title> + <meta http-equiv="X-XRDS-Location" content="http://someuser.unittest/xrds" /> + <link rel="openid.server" href="http://www.myopenid.com/server" /> + <link rel="openid.delegate" href="http://smoker.myopenid.com/" /> + </head> + <body> + <p>foo</p> + </body> +</html> diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_no_delegate.html b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_no_delegate.html new file mode 100644 index 000000000..f5180b3dc --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_no_delegate.html @@ -0,0 +1,10 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html> + <head> + <title>Identity Page for Smoker</title> + <link rel="openid.server" href="http://www.myopenid.com/server" /> + </head> + <body> + <p>foo</p> + </body> +</html> diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_ssl.xml b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_ssl.xml new file mode 100644 index 000000000..111945c85 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_openid_ssl.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xrds:XRDS xmlns:xrds="xri://$xrds" + xmlns="xri://$xrd*($v*2.0)" + xmlns:openid="http://openid.net/xmlns/1.0" + > + <XRD> + + <Service priority="10"> + <Type>http://openid.net/signon/1.0</Type> + <URI>http://nossl.vroom.unittest/server</URI> + <openid:Delegate>http://smoker.myopenid.com/</openid:Delegate> + </Service> + <Service priority="11"> + <Type>http://openid.net/signon/1.0</Type> + <URI>https://ssl.vroom.unittest/server</URI> + <openid:Delegate>http://smoker.myopenid.com/</openid:Delegate> + </Service> + </XRD> +</xrds:XRDS> diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_0entries.xml b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_0entries.xml new file mode 100644 index 000000000..f161a0b31 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_0entries.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xrds:XRDS xmlns:xrds="xri://$xrds" + xmlns="xri://$xrd*($v*2.0)" + xmlns:openid="http://openid.net/xmlns/1.0" + > + <XRD> + <Service > + <Type>http://is-not-openid.unittest/</Type> + <URI>http://noffing.unittest./</URI> + </Service> + </XRD> +</xrds:XRDS> diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_2_bad_local_id.xml b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_2_bad_local_id.xml new file mode 100644 index 000000000..68c2ce1fc --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_2_bad_local_id.xml @@ -0,0 +1,15 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xrds:XRDS xmlns:xrds="xri://$xrds" + xmlns="xri://$xrd*($v*2.0)" + xmlns:openid="http://openid.net/xmlns/1.0" + > + <XRD> + + <Service priority="10"> + <Type>http://specs.openid.net/auth/2.0/signon</Type> + <URI>http://www.myopenid.com/server</URI> + <LocalID>http://smoker.myopenid.com/</LocalID> + <LocalID>http://localid.mismatch.invalid/</LocalID> + </Service> + </XRD> +</xrds:XRDS> diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_2entries_delegate.xml b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_2entries_delegate.xml new file mode 100644 index 000000000..372955b02 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_2entries_delegate.xml @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xrds:XRDS xmlns:xrds="xri://$xrds" + xmlns="xri://$xrd*($v*2.0)" + xmlns:openid="http://openid.net/xmlns/1.0" + > + <XRD> + <CanonicalID>=!1000</CanonicalID> + + <Service priority="10"> + <Type>http://openid.net/signon/1.0</Type> + <URI>http://www.myopenid.com/server</URI> + <openid:Delegate>http://smoker.myopenid.com/</openid:Delegate> + </Service> + + <Service priority="20"> + <Type>http://openid.net/signon/1.0</Type> + <URI>http://www.livejournal.com/openid/server.bml</URI> + <openid:Delegate>http://frank.livejournal.com/</openid:Delegate> + </Service> + + </XRD> +</xrds:XRDS> diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_2entries_idp.xml b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_2entries_idp.xml new file mode 100644 index 000000000..9a07b3d40 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_2entries_idp.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xrds:XRDS xmlns:xrds="xri://$xrds" + xmlns="xri://$xrd*($v*2.0)" + xmlns:openid="http://openid.net/xmlns/1.0" + > + <XRD> + <CanonicalID>=!1000</CanonicalID> + + <Service priority="10"> + <Type>http://specs.openid.net/auth/2.0/signon</Type> + <URI>http://www.myopenid.com/server</URI> + <openid:LocalID>http://smoker.myopenid.com/</openid:LocalID> + </Service> + + <Service priority="20"> + <Type>http://specs.openid.net/auth/2.0/server</Type> + <URI>http://www.livejournal.com/openid/server.bml</URI> + </Service> + + </XRD> +</xrds:XRDS> diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_another_delegate.xml b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_another_delegate.xml new file mode 100644 index 000000000..2f3b9af37 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_another_delegate.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xrds:XRDS xmlns:xrds="xri://$xrds" + xmlns="xri://$xrd*($v*2.0)" + xmlns:openid="http://openid.net/xmlns/1.0" + > + <XRD> + + <Service priority="10"> + <Type>http://openid.net/signon/1.0</Type> + <URI>http://vroom.unittest/server</URI> + <openid:Delegate>http://smoker.myopenid.com/</openid:Delegate> + </Service> + </XRD> +</xrds:XRDS> diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_idp.xml b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_idp.xml new file mode 100644 index 000000000..f570d0437 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_idp.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xrds:XRDS xmlns:xrds="xri://$xrds" + xmlns="xri://$xrd*($v*2.0)" + xmlns:openid="http://openid.net/xmlns/1.0" + > + <XRD> + <Service priority="10"> + <Type>http://specs.openid.net/auth/2.0/server</Type> + <URI>http://www.myopenid.com/server</URI> + </Service> + </XRD> +</xrds:XRDS> diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_idp_delegate.xml b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_idp_delegate.xml new file mode 100644 index 000000000..541060053 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_idp_delegate.xml @@ -0,0 +1,13 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xrds:XRDS xmlns:xrds="xri://$xrds" + xmlns="xri://$xrd*($v*2.0)" + xmlns:openid="http://openid.net/xmlns/1.0" + > + <XRD> + <Service> + <Type>http://specs.openid.net/auth/2.0/server</Type> + <URI>http://www.myopenid.com/server</URI> + <openid:Delegate>http://smoker.myopenid.com/</openid:Delegate> + </Service> + </XRD> +</xrds:XRDS> diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_no_delegate.xml b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_no_delegate.xml new file mode 100644 index 000000000..fbd673490 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/test_discover_yadis_no_delegate.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xrds:XRDS xmlns:xrds="xri://$xrds" + xmlns="xri://$xrd*($v*2.0)" + > + <XRD> + <Service priority="10"> + <Type>http://openid.net/signon/1.0</Type> + <URI>http://www.myopenid.com/server</URI> + </Service> + </XRD> +</xrds:XRDS> diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/trustroot.txt b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/trustroot.txt new file mode 100644 index 000000000..1b6cb4ca5 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/trustroot.txt @@ -0,0 +1,149 @@ +======================================== +Trust root parsing checking +======================================== + +---------------------------------------- +20: Does not parse +---------------------------------------- +baz.org +*.foo.com +http://*.schtuff.*/ +ftp://foo.com +ftp://*.foo.com +http://*.foo.com:80:90/ +foo.*.com +http://foo.*.com +http://www.* +http://*foo.com/ +http://foo.com\/ +http://localhost:1900foo/ +http://foo.com/invalid#fragment +http://π.pi.com/ +http://lambda.com/Λ + + + +5 +http:/// + +---------------------------------------- +15: Insane +---------------------------------------- +http://*/ +https://*/ +http://*.com +http://*.com/ +https://*.com/ +http://*.com.au/ +http://*.co.uk/ +http://*.foo.notatld/ +https://*.foo.notatld/ +http://*.museum/ +https://*.museum/ +http://www.schtuffcom/ +http://it/ +http://..it/ +http://.it/ + +---------------------------------------- +18: Sane +---------------------------------------- +http://*.schtuff.com./ +http://*.schtuff.com/ +http://*.foo.schtuff.com/ +http://*.schtuff.com +http://www.schtuff.com/ +http://www.schtuff.com./ +http://www.schutff.com +http://*.this.that.schtuff.com/ +http://*.foo.com/path +http://*.foo.com/path?action=foo2 +http://x.foo.com/path?action=foo2 +http://x.foo.com/path?action=%3D +http://localhost:8081/ +http://localhost:8082/?action=openid +https://foo.com/ +http://kink.fm/should/be/sane +http://beta.lingu.no/ +http://goathack.livejournal.org:8020/openid/login.bml + +======================================== +return_to matching +======================================== + +---------------------------------------- +45: matches +---------------------------------------- +http://foo.com/ HTTP://foo.com/ +http://*/ http://cnn.com/ +http://*/ http://livejournal.com/ +http://*/ http://met.museum/ +http://*:8081/ http://met.museum:8081/ +http://localhost:8081/x?action=openid http://localhost:8081/x?action=openid +http://*.foo.com http://b.foo.com +http://*.foo.com http://b.foo.com/ +http://*.foo.com/ http://b.foo.com +http://b.foo.com http://b.foo.com +http://b.foo.com http://b.foo.com/ +http://b.foo.com/ http://b.foo.com +http://*.b.foo.com http://b.foo.com +http://*.b.foo.com http://b.foo.com/ +http://*.b.foo.com/ http://b.foo.com +http://*.b.foo.com http://x.b.foo.com +http://*.b.foo.com http://w.x.b.foo.com +http://*.bar.co.uk http://www.bar.co.uk +http://*.uoregon.edu http://x.cs.uoregon.edu +http://x.com/abc http://x.com/abc +http://127.1/abc http://127.1/abc +http://10.0.0.1/abc http://10.0.0.1/abc +http://x.com/abc http://x.com/abc/def +http://*.x.com http://x.com/gallery +http://*.x.com http://foo.x.com/gallery +http://foo.x.com http://foo.x.com/gallery/xxx +http://*.x.com/gallery http://foo.x.com/gallery +http://localhost:8082/?action=openid http://localhost:8082/?action=openid +http://goathack.livejournal.org:8020/ http://goathack.livejournal.org:8020/openid/login.bml +https://foo.com https://foo.com +http://Foo.com http://foo.com +http://foo.com http://Foo.com +http://foo.com:80/ http://foo.com/ +http://foo.com/?x=y http://foo.com/?x=y&a=b +http://foo.com/x http://foo.com/x?y +http://mylid.net/j3h. http://mylid.net/j3h.?x=y +http://j3h.us http://j3h.us?ride=unicycle +https://www.filmclans.com:443/mattmartin/FilmClans https://www.filmclans.com/mattmartin/FilmClans/Logon.aspx?nonce=BVjqSOee +http://foo.com:80 http://foo.com +http://foo.com http://foo.com:80 +http://foo.com http://foo.com/ +http://foo.com/ http://foo.com +http://foo.com/ http://foo.com:80 +http://foo.com:80/ http://foo.com:80/stuff +http://foo.com:80/ http://foo.com/stuff + +---------------------------------------- +24: does not match +---------------------------------------- +http://*/ ftp://foo.com/ +http://*/ xxx +http://*.x.com/abc http://foo.x.com +http://*.x.com/abc http://*.x.com +http://*.com/ http://*.com/ +http://x.com/abc http://x.com/ +http://x.com/abc http://x.com/a +http://x.com/abc http://x.com/ab +http://x.com/abc http://x.com/abcd +http://*.cs.uoregon.edu http://x.uoregon.edu +http://*.foo.com http://bar.com +http://*.foo.com http://www.bar.com +http://*.bar.co.uk http://xxx.co.uk +https://foo.com http://foo.com +http://foo.com https://foo.com +http://foo.com:81 http://foo.com:80 +http://*:80 http://foo.com:81 +http://foo.com/?a=b http://foo.com/?x=y +http://foo.com/?a=b http://foo.com/?x=y&a=b +http://foo.com/?a=b http://foo.com/ +http://*.oo.com/ http://foo.com/ +http://foo.com/* http://foo.com/anything +http://foo.com http://foo.com:443 +https://foo.com https://foo.com:80 diff --git a/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/urinorm.txt b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/urinorm.txt new file mode 100644 index 000000000..9e10135b6 --- /dev/null +++ b/models/openid-php-openid-782224d/Tests/Auth/OpenID/data/urinorm.txt @@ -0,0 +1,87 @@ +Already normal form +http://example.com/ +http://example.com/ + +Add a trailing slash +http://example.com +http://example.com/ + +Remove an empty port segment +http://example.com:/ +http://example.com/ + +Remove a default port segment +http://example.com:80/ +http://example.com/ + +Capitalization in host names +http://wWw.exaMPLE.COm/ +http://www.example.com/ + +Capitalization in scheme names +htTP://example.com/ +http://example.com/ + +Capitalization in percent-escaped reserved characters +http://example.com/foo%2cbar +http://example.com/foo%2Cbar + +Unescape percent-encoded unreserved characters +http://example.com/foo%2Dbar%2dbaz +http://example.com/foo-bar-baz + +remove_dot_segments example 1 +http://example.com/a/b/c/./../../g +http://example.com/a/g + +remove_dot_segments example 2 +http://example.com/mid/content=5/../6 +http://example.com/mid/6 + +remove_dot_segments: single-dot +http://example.com/a/./b +http://example.com/a/b + +remove_dot_segments: double-dot +http://example.com/a/../b +http://example.com/b + +remove_dot_segments: leading double-dot +http://example.com/../b +http://example.com/b + +remove_dot_segments: trailing single-dot +http://example.com/a/. +http://example.com/a/ + +remove_dot_segments: trailing double-dot +http://example.com/a/.. +http://example.com/ + +remove_dot_segments: trailing single-dot-slash +http://example.com/a/./ +http://example.com/a/ + +remove_dot_segments: trailing double-dot-slash +http://example.com/a/../ +http://example.com/ + +Test of all kinds of syntax-based normalization +hTTPS://a/./b/../b/%63/%7bfoo%7d +https://a/b/c/%7Bfoo%7D + +Unsupported scheme +ftp://example.com/ +fail + +Non-absolute URI +http:/foo +fail + +Illegal character in URI +http://<illegal>.com/ +fail + +Non-ascii character in URI +http://foo.com/ +fail
\ No newline at end of file |