RubyGems - ruby-openid - Versions diffs - 1.1.4 → 2.0.1 - Mend

ruby-openid 1.1.4 → 2.0.1

Potentially problematic release.

This version of ruby-openid might be problematic. Click here for more details.

Files changed (207) hide show

data/INSTALL +0 -9
data/README +21 -22
data/UPGRADE +117 -0
data/admin/runtests.rb +36 -0
data/examples/README +13 -21
data/examples/active_record_openid_store/README +8 -3
data/examples/active_record_openid_store/XXX_add_open_id_store_to_db.rb +4 -8
data/examples/active_record_openid_store/XXX_upgrade_open_id_store.rb +26 -0
data/examples/active_record_openid_store/lib/association.rb +2 -0
data/examples/active_record_openid_store/lib/openid_ar_store.rb +22 -47
data/examples/active_record_openid_store/test/store_test.rb +78 -48
data/examples/discover +46 -0
data/examples/{rails_server → rails_openid}/README +0 -0
data/examples/{rails_server → rails_openid}/Rakefile +0 -0
data/examples/{rails_server → rails_openid}/app/controllers/application.rb +0 -0
data/examples/rails_openid/app/controllers/consumer_controller.rb +115 -0
data/examples/{rails_server → rails_openid}/app/controllers/login_controller.rb +10 -2
data/examples/rails_openid/app/controllers/server_controller.rb +265 -0
data/examples/{rails_server → rails_openid}/app/helpers/application_helper.rb +0 -0
data/examples/{rails_server → rails_openid}/app/helpers/login_helper.rb +0 -0
data/examples/{rails_server → rails_openid}/app/helpers/server_helper.rb +0 -0
data/examples/rails_openid/app/views/consumer/index.rhtml +81 -0
data/examples/rails_openid/app/views/consumer/start.rhtml +8 -0
data/examples/{rails_server → rails_openid}/app/views/layouts/server.rhtml +0 -0
data/examples/{rails_server → rails_openid}/app/views/login/index.rhtml +1 -1
data/examples/rails_openid/app/views/server/decide.rhtml +26 -0
data/examples/{rails_server → rails_openid}/config/boot.rb +0 -0
data/examples/{rails_server → rails_openid}/config/database.yml +0 -0
data/examples/{rails_server → rails_openid}/config/environment.rb +0 -0
data/examples/{rails_server → rails_openid}/config/environments/development.rb +0 -0
data/examples/{rails_server → rails_openid}/config/environments/production.rb +0 -0
data/examples/{rails_server → rails_openid}/config/environments/test.rb +0 -0
data/examples/{rails_server → rails_openid}/config/routes.rb +2 -1
data/examples/{rails_server → rails_openid}/doc/README_FOR_APP +0 -0
data/examples/{rails_server → rails_openid}/public/404.html +0 -0
data/examples/{rails_server → rails_openid}/public/500.html +0 -0
data/examples/{rails_server → rails_openid}/public/dispatch.cgi +0 -0
data/examples/{rails_server → rails_openid}/public/dispatch.fcgi +0 -0
data/examples/{rails_server → rails_openid}/public/dispatch.rb +0 -0
data/examples/{rails_server → rails_openid}/public/favicon.ico +0 -0
data/examples/rails_openid/public/images/openid_login_bg.gif +0 -0
data/examples/{rails_server → rails_openid}/public/javascripts/controls.js +0 -0
data/examples/{rails_server → rails_openid}/public/javascripts/dragdrop.js +0 -0
data/examples/{rails_server → rails_openid}/public/javascripts/effects.js +0 -0
data/examples/{rails_server → rails_openid}/public/javascripts/prototype.js +0 -0
data/examples/{rails_server → rails_openid}/public/robots.txt +0 -0
data/examples/{rails_server → rails_openid}/script/about +0 -0
data/examples/{rails_server → rails_openid}/script/breakpointer +0 -0
data/examples/{rails_server → rails_openid}/script/console +0 -0
data/examples/{rails_server → rails_openid}/script/destroy +0 -0
data/examples/{rails_server → rails_openid}/script/generate +0 -0
data/examples/{rails_server → rails_openid}/script/performance/benchmarker +0 -0
data/examples/{rails_server → rails_openid}/script/performance/profiler +0 -0
data/examples/{rails_server → rails_openid}/script/plugin +0 -0
data/examples/{rails_server → rails_openid}/script/process/reaper +0 -0
data/examples/{rails_server → rails_openid}/script/process/spawner +0 -0
data/examples/{rails_server → rails_openid}/script/process/spinner +0 -0
data/examples/{rails_server → rails_openid}/script/runner +0 -0
data/examples/{rails_server → rails_openid}/script/server +0 -0
data/examples/{rails_server → rails_openid}/test/functional/login_controller_test.rb +0 -0
data/examples/{rails_server → rails_openid}/test/functional/server_controller_test.rb +0 -0
data/examples/{rails_server → rails_openid}/test/test_helper.rb +0 -0
data/lib/{hmac.rb → hmac/hmac.rb} +0 -0
data/lib/{hmac-sha1.rb → hmac/sha1.rb} +1 -1
data/lib/{hmac-sha2.rb → hmac/sha2.rb} +1 -1
data/lib/openid/association.rb +213 -73
data/lib/openid/consumer/associationmanager.rb +338 -0
data/lib/openid/consumer/checkid_request.rb +175 -0
data/lib/openid/consumer/discovery.rb +480 -0
data/lib/openid/consumer/discovery_manager.rb +123 -0
data/lib/openid/consumer/html_parse.rb +136 -0
data/lib/openid/consumer/idres.rb +525 -0
data/lib/openid/consumer/responses.rb +133 -0
data/lib/openid/consumer.rb +280 -807
data/lib/openid/cryptutil.rb +85 -0
data/lib/openid/dh.rb +60 -23
data/lib/openid/extension.rb +31 -0
data/lib/openid/extensions/ax.rb +506 -0
data/lib/openid/extensions/pape.rb +182 -0
data/lib/openid/extensions/sreg.rb +275 -0
data/lib/openid/extras.rb +11 -0
data/lib/openid/fetchers.rb +132 -93
data/lib/openid/kvform.rb +133 -0
data/lib/openid/kvpost.rb +56 -0
data/lib/openid/message.rb +534 -0
data/lib/openid/protocolerror.rb +6 -0
data/lib/openid/server.rb +1215 -666
data/lib/openid/store/filesystem.rb +271 -0
data/lib/openid/store/interface.rb +75 -0
data/lib/openid/store/memory.rb +84 -0
data/lib/openid/store/nonce.rb +68 -0
data/lib/openid/trustroot.rb +314 -87
data/lib/openid/urinorm.rb +37 -34
data/lib/openid/util.rb +42 -220
data/lib/openid/yadis/accept.rb +148 -0
data/lib/openid/yadis/constants.rb +21 -0
data/lib/openid/yadis/discovery.rb +153 -0
data/lib/openid/yadis/filters.rb +205 -0
data/lib/openid/{htmltokenizer.rb → yadis/htmltokenizer.rb} +1 -54
data/lib/openid/yadis/parsehtml.rb +36 -0
data/lib/openid/yadis/services.rb +42 -0
data/lib/openid/yadis/xrds.rb +171 -0
data/lib/openid/yadis/xri.rb +90 -0
data/lib/openid/yadis/xrires.rb +106 -0
data/lib/openid.rb +1 -4
data/test/data/accept.txt +124 -0
data/test/data/dh.txt +29 -0
data/test/data/example-xrds.xml +14 -0
data/test/data/linkparse.txt +587 -0
data/test/data/n2b64 +650 -0
data/test/data/test1-discover.txt +137 -0
data/test/data/test1-parsehtml.txt +128 -0
data/test/data/test_discover/openid.html +11 -0
data/test/data/test_discover/openid2.html +11 -0
data/test/data/test_discover/openid2_xrds.xml +12 -0
data/test/data/test_discover/openid2_xrds_no_local_id.xml +11 -0
data/test/data/test_discover/openid_1_and_2.html +11 -0
data/test/data/test_discover/openid_1_and_2_xrds.xml +16 -0
data/test/data/test_discover/openid_1_and_2_xrds_bad_delegate.xml +17 -0
data/test/data/test_discover/openid_and_yadis.html +12 -0
data/test/data/test_discover/openid_no_delegate.html +10 -0
data/test/data/test_discover/yadis_0entries.xml +12 -0
data/test/data/test_discover/yadis_2_bad_local_id.xml +15 -0
data/test/data/test_discover/yadis_2entries_delegate.xml +22 -0
data/test/data/test_discover/yadis_2entries_idp.xml +21 -0
data/test/data/test_discover/yadis_another_delegate.xml +14 -0
data/test/data/test_discover/yadis_idp.xml +12 -0
data/test/data/test_discover/yadis_idp_delegate.xml +13 -0
data/test/data/test_discover/yadis_no_delegate.xml +11 -0
data/test/data/test_xrds/=j3h.2007.11.14.xrds +25 -0
data/test/data/test_xrds/README +12 -0
data/test/data/test_xrds/delegated-20060809-r1.xrds +34 -0
data/test/data/test_xrds/delegated-20060809-r2.xrds +34 -0
data/test/data/test_xrds/delegated-20060809.xrds +34 -0
data/test/data/test_xrds/no-xrd.xml +7 -0
data/test/data/test_xrds/not-xrds.xml +2 -0
data/test/data/test_xrds/prefixsometimes.xrds +34 -0
data/test/data/test_xrds/ref.xrds +109 -0
data/test/data/test_xrds/sometimesprefix.xrds +34 -0
data/test/data/test_xrds/spoof1.xrds +25 -0
data/test/data/test_xrds/spoof2.xrds +25 -0
data/test/data/test_xrds/spoof3.xrds +37 -0
data/test/data/test_xrds/status222.xrds +9 -0
data/test/data/test_xrds/valid-populated-xrds.xml +39 -0
data/test/data/trustroot.txt +147 -0
data/test/discoverdata.rb +131 -0
data/test/test_accept.rb +170 -0
data/test/test_association.rb +266 -0
data/test/test_associationmanager.rb +899 -0
data/test/test_ax.rb +587 -0
data/test/test_checkid_request.rb +297 -0
data/test/test_consumer.rb +257 -0
data/test/test_cryptutil.rb +117 -0
data/test/test_dh.rb +86 -0
data/test/test_discover.rb +772 -0
data/test/test_discovery_manager.rb +262 -0
data/test/test_extras.rb +35 -0
data/test/test_fetchers.rb +472 -0
data/test/test_filters.rb +270 -0
data/test/test_idres.rb +816 -0
data/test/test_kvform.rb +165 -0
data/test/test_kvpost.rb +65 -0
data/test/test_linkparse.rb +101 -0
data/test/test_message.rb +1058 -0
data/test/test_nonce.rb +89 -0
data/test/test_openid_yadis.rb +178 -0
data/test/test_pape.rb +233 -0
data/test/test_parsehtml.rb +80 -0
data/test/test_responses.rb +63 -0
data/test/test_server.rb +2270 -0
data/test/test_sreg.rb +479 -0
data/test/test_stores.rb +269 -0
data/test/test_trustroot.rb +112 -0
data/test/{urinorm.rb → test_urinorm.rb} +6 -3
data/test/test_util.rb +144 -0
data/test/test_xrds.rb +160 -0
data/test/test_xri.rb +48 -0
data/test/test_xrires.rb +63 -0
data/test/test_yadis_discovery.rb +207 -0
data/test/testutil.rb +116 -0
data/test/util.rb +47 -50
metadata +233 -143
data/examples/consumer.rb +0 -290
data/examples/rails_openid_login_generator/openid_login_generator-0.1.gem +0 -0
data/examples/rails_server/app/controllers/server_controller.rb +0 -190
data/examples/rails_server/app/views/server/decide.rhtml +0 -11
data/examples/rails_server/public/images/rails.png +0 -0
data/lib/hmac-md5.rb +0 -11
data/lib/hmac-rmd160.rb +0 -11
data/lib/openid/discovery.rb +0 -122
data/lib/openid/filestore.rb +0 -315
data/lib/openid/parse.rb +0 -23
data/lib/openid/service.rb +0 -147
data/lib/openid/stores.rb +0 -178
data/test/assoc.rb +0 -38
data/test/consumer.rb +0 -376
data/test/data/brian.xrds +0 -16
data/test/data/brianellin.mylid.xrds +0 -42
data/test/dh.rb +0 -20
data/test/extensions.rb +0 -30
data/test/linkparse.rb +0 -305
data/test/runtests.rb +0 -22
data/test/server2.rb +0 -1053
data/test/service.rb +0 -47
data/test/storetestcase.rb +0 -172
data/test/teststore.rb +0 -47
data/test/trustroot.rb +0 -117

data/test/test_accept.rb ADDED Viewed

@@ -0,0 +1,170 @@
+require 'test/unit'
+require 'openid/yadis/accept'
+require 'openid/extras'
+require 'openid/util'
+module OpenID
+  class AcceptTest < Test::Unit::TestCase
+    include TestDataMixin
+    def getTestData()
+      # Read the test data off of disk
+      #
+      # () -> [(int, str)]
+      lines = read_data_file('accept.txt')
+      line_no = 1
+      return lines.collect { |line|
+        pair = [line_no, line]
+        line_no += 1
+        pair
+      }
+    end
+    def chunk(lines)
+      # Return groups of lines separated by whitespace or comments
+      #
+      # [(int, str)] -> [[(int, str)]]
+      chunks = []
+      chunk = []
+      lines.each { |lineno, line|
+        stripped = line.strip()
+        if (stripped == '') or stripped.starts_with?('#')
+          if chunk.length > 0
+            chunks << chunk
+            chunk = []
+          end
+        else
+          chunk << [lineno, stripped]
+        end
+      }
+      if chunk.length > 0
+        chunks << chunk
+      end
+      return chunks
+    end
+    def parseLines(chunk)
+      # Take the given chunk of lines and turn it into a test data
+      # dictionary
+      #
+      # [(int, str)] -> {str:(int, str)}
+      items = {}
+      chunk.each { |lineno, line|
+        header, data = line.split(':', 2)
+        header = header.downcase
+        items[header] = [lineno, data.strip]
+      }
+      return items
+    end
+    def parseAvailable(available_text)
+      # Parse an Available: line's data
+      #
+      # str -> [str]
+      return available_text.split(',', -1).collect { |s| s.strip }
+    end
+    def parseExpected(expected_text)
+      # Parse an Expected: line's data
+      #
+      # str -> [(str, float)]
+      expected = []
+      if expected_text != ''
+        expected_text.split(',', -1).each { |chunk|
+          chunk = chunk.strip
+          mtype, qstuff = chunk.split(';', -1)
+          mtype = mtype.strip
+          Util.assert(!mtype.index('/').nil?)
+          qstuff = qstuff.strip
+          q, qstr = qstuff.split('=', -1)
+          Util.assert(q == 'q')
+          qval = qstr.to_f
+          expected << [mtype, qval]
+        }
+      end
+      return expected
+    end
+    def test_accept_headers
+      lines = getTestData()
+      chunks = chunk(lines)
+      data_sets = chunks.collect { |chunk| parseLines(chunk) }
+      cases = []
+      data_sets.each { |data|
+        lnos = []
+        lno, header = data['accept']
+        lnos << lno
+        lno, avail_data = data['available']
+        lnos << lno
+        begin
+          available = parseAvailable(avail_data)
+        rescue
+          print 'On line', lno
+          raise
+        end
+        lno, exp_data = data['expected']
+        lnos << lno
+        begin
+          expected = parseExpected(exp_data)
+        rescue
+          print 'On line', lno
+          raise
+        end
+        descr = sprintf('MatchAcceptTest for lines %s', lnos)
+        # Test:
+        accepted = Yadis.parse_accept_header(header)
+        actual = Yadis.match_types(accepted, available)
+        assert_equal(expected, actual)
+        assert_equal(Yadis.get_acceptable(header, available),
+                     expected.collect { |mtype, _| mtype })
+      }
+    end
+    def test_generate_accept_header
+      # TODO: move this into a test case file and write parsing code
+      # for it.
+      # Form: [input_array, expected_header_string]
+      cases = [
+               # Empty input list
+               [[], ""],
+               # Content type name only; no q value
+               [["test"], "test"],
+               # q = 1.0 should be omitted from the header
+               [[["test", 1.0]], "test"],
+               # Test conversion of float to string
+               [["test", ["with_q", 0.8]], "with_q; q=0.8, test"],
+               # Allow string q values, too
+               [["test", ["with_q_str", "0.7"]], "with_q_str; q=0.7, test"],
+               # Test q values out of bounds
+               [[["test", -1.0]], nil],
+               [[["test", 1.1]], nil],
+               # Test sorting of types by q value
+               [[["middle", 0.5], ["min", 0.1], "max"],
+                "min; q=0.1, middle; q=0.5, max"],
+              ].each { |input, expected_header|
+        if expected_header.nil?
+          assert_raise(ArgumentError) {
+            Yadis.generate_accept_header(*input)
+          }
+        else
+          assert_equal(expected_header, Yadis.generate_accept_header(*input),
+                       [input, expected_header].inspect)
+        end
+      }
+    end
+  end
+end

data/test/test_association.rb ADDED Viewed

@@ -0,0 +1,266 @@
+require "test/unit"
+require "openid/association"
+module OpenID
+  class AssociationTestCase < Test::Unit::TestCase
+    def setup
+      # Use this funny way of getting a time so that it does not have
+      # fractional seconds, and so can be serialized exactly using our
+      # standard code.
+      issued = Time.at(Time.now.to_i)
+      lifetime = 600
+      @assoc = Association.new('handle', 'secret', issued,
+                               lifetime, 'HMAC-SHA1')
+    end
+    def test_round_trip
+      assoc2 = Association.deserialize(@assoc.serialize())
+      [:handle, :secret, :lifetime, :assoc_type].each do |attr|
+        assert_equal(@assoc.send(attr), assoc2.send(attr))
+      end
+    end
+    def test_deserialize_failure
+      field_list = Util.kv_to_seq(@assoc.serialize)
+      kv = Util.seq_to_kv(field_list + [['monkeys', 'funny']])
+      assert_raises(StandardError) {
+        Association.deserialize(kv)
+      }
+      bad_version_list = field_list.dup
+      bad_version_list[0] = ['version', 'moon']
+      bad_version_kv = Util.seq_to_kv(bad_version_list)
+      assert_raises(StandardError) {
+        Association.deserialize(bad_version_kv)
+      }
+    end
+    def test_serialization_identity
+      assoc2 = Association.deserialize(@assoc.serialize)
+      assert_equal(@assoc, assoc2)
+    end
+    def test_expires_in
+      # Allow one second of slop
+      assert(@assoc.expires_in.between?(599,600))
+      assert(@assoc.expires_in(Time.now.to_i).between?(599,600))
+      assert_equal(0,@assoc.expires_in(Time.now.to_i + 10000),"negative expires_in")
+    end
+    def test_from_expires_in
+      start_time = Time.now
+      expires_in = @assoc.expires_in
+      assoc = Association.from_expires_in(expires_in,
+                                          @assoc.handle,
+                                          @assoc.secret,
+                                          @assoc.assoc_type)
+      # Allow one second of slop here for code execution time
+      assert_in_delta(1, assoc.expires_in, @assoc.expires_in)
+      [:handle, :secret, :assoc_type].each do |attr|
+        assert_equal(@assoc.send(attr), assoc.send(attr))
+      end
+      # Make sure the issued time is near the start
+      assert(assoc.issued >= start_time)
+      assert_in_delta(1, assoc.issued.to_f, start_time.to_f)
+    end
+    def test_sign_sha1
+      pairs = [['key1', 'value1'],
+               ['key2', 'value2']]
+      [['HMAC-SHA256', "\xfd\xaa\xfe;\xac\xfc*\x988\xad\x05d6-"\
+                       "\xeaVy\xd5\xa5Z.<\xa9\xed\x18\x82\\$"\
+                       "\x95x\x1c&"],
+       ['HMAC-SHA1', "\xe0\x1bv\x04\xf1G\xc0\xbb\x7f\x9a\x8b"\
+                     "\xe9\xbc\xee}\\\xe5\xbb7*"],
+      ].each do |assoc_type, expected|
+        assoc = Association.from_expires_in(3600, "handle", 'very_secret',
+                                            assoc_type)
+        sig = assoc.sign(pairs)
+        assert_equal(sig, expected)
+        m = Message.new(OPENID2_NS)
+        pairs.each { |k, v|
+          m.set_arg(OPENID_NS, k, v)
+        }
+        m.set_arg(BARE_NS, "not_an_openid_arg", "bogus")
+        signed_m = assoc.sign_message(m)
+        assert(signed_m.has_key?(OPENID_NS, 'sig'))
+        assert_equal(signed_m.get_arg(OPENID_NS, 'signed'),
+                     'assoc_handle,key1,key2,ns,signed')
+      end
+    end
+    def test_sign_message_with_sig
+      assoc = Association.from_expires_in(3600, "handle", "very_secret",
+                                          "HMAC-SHA1")
+      m = Message.new(OPENID2_NS)
+      m.set_arg(OPENID_NS, 'sig', 'noise')
+      assert_raises(ArgumentError) {
+        assoc.sign_message(m)
+      }
+    end
+    def test_sign_message_with_signed
+      assoc = Association.from_expires_in(3600, "handle", "very_secret",
+                                          "HMAC-SHA1")
+      m = Message.new(OPENID2_NS)
+      m.set_arg(OPENID_NS, 'signed', 'fields')
+      assert_raises(ArgumentError) {
+        assoc.sign_message(m)
+      }
+    end
+    def test_sign_different_assoc_handle
+      assoc = Association.from_expires_in(3600, "handle", "very_secret",
+                                          "HMAC-SHA1")
+      m = Message.new(OPENID2_NS)
+      m.set_arg(OPENID_NS, 'assoc_handle', 'different')
+      assert_raises(ArgumentError) {
+        assoc.sign_message(m)
+      }
+    end
+    def test_sign_bad_assoc_type
+      @assoc.instance_eval { @assoc_type = 'Cookies' }
+      assert_raises(StandardError) {
+        @assoc.sign([])
+      }
+    end
+    def test_make_pairs
+      msg = Message.new(OPENID2_NS)
+      msg.update_args(OPENID2_NS, {
+                        'mode' => 'id_res',
+                        'identifier' => '=example',
+                        'signed' => 'identifier,mode',
+                        'sig' => 'cephalopod',
+                      })
+      msg.update_args(BARE_NS, {'xey' => 'value'})
+      assoc = Association.from_expires_in(3600, '{sha1}', 'very_secret',
+                                          "HMAC-SHA1")
+      pairs = assoc.make_pairs(msg)
+      assert_equal([['identifier', '=example'],
+                    ['mode', 'id_res']], pairs)
+    end
+    def test_check_message_signature_no_signed
+      m = Message.new(OPENID2_NS)
+      m.update_args(OPENID2_NS, {'mode' => 'id_res',
+                      'identifier' => '=example',
+                      'sig' => 'coyote',
+                    })
+      assoc = Association.from_expires_in(3600, '{sha1}', 'very_secret',
+                                          "HMAC-SHA1")
+      assert_raises(StandardError) {
+        assoc.check_message_signature(m)
+      }
+    end
+    def test_check_message_signature_no_sig
+      m = Message.new(OPENID2_NS)
+      m.update_args(OPENID2_NS, {'mode' => 'id_res',
+                      'identifier' => '=example',
+                      'signed' => 'mode',
+                    })
+      assoc = Association.from_expires_in(3600, '{sha1}', 'very_secret',
+                                          "HMAC-SHA1")
+      assert_raises(StandardError) {
+        assoc.check_message_signature(m)
+      }
+    end
+    def test_check_message_signature_bad_sig
+      m = Message.new(OPENID2_NS)
+      m.update_args(OPENID2_NS, {'mode' => 'id_res',
+                      'identifier' => '=example',
+                      'signed' => 'mode',
+                      'sig' => Util.to_base64('coyote'),
+                    })
+      assoc = Association.from_expires_in(3600, '{sha1}', 'very_secret',
+                                          "HMAC-SHA1")
+      assert(!assoc.check_message_signature(m))
+    end
+    def test_check_message_signature_good_sig
+      m = Message.new(OPENID2_NS)
+      m.update_args(OPENID2_NS, {'mode' => 'id_res',
+                      'identifier' => '=example',
+                      'signed' => 'mode',
+                      'sig' => Util.to_base64('coyote'),
+                    })
+      assoc = Association.from_expires_in(3600, '{sha1}', 'very_secret',
+                                          "HMAC-SHA1")
+      class << assoc
+        # Override sign, because it's already tested elsewhere
+        def sign(pairs)
+          "coyote"
+        end
+      end
+      assert(assoc.check_message_signature(m))
+    end
+  end
+  class AssociationNegotiatorTestCase < Test::Unit::TestCase
+    def assert_equal_under(item1, item2)
+      val1 = yield(item1)
+      val2 = yield(item2)
+      assert_equal(val1, val2)
+    end
+    def test_copy
+      neg = AssociationNegotiator.new([['HMAC-SHA1', 'DH-SHA1']])
+      neg2 = neg.copy
+      assert_equal_under(neg, neg2) {|n| n.instance_eval{@allowed_types} }
+      assert(neg.object_id != neg2.object_id)
+    end
+    def test_add_allowed
+      neg = AssociationNegotiator.new([])
+      assert(!neg.allowed?('HMAC-SHA1', 'DH-SHA1'))
+      assert(!neg.allowed?('HMAC-SHA1', 'no-encryption'))
+      assert(!neg.allowed?('HMAC-SHA256', 'DH-SHA256'))
+      assert(!neg.allowed?('HMAC-SHA256', 'no-encryption'))
+      neg.add_allowed_type('HMAC-SHA1')
+      assert(neg.allowed?('HMAC-SHA1', 'DH-SHA1'))
+      assert(neg.allowed?('HMAC-SHA1', 'no-encryption'))
+      assert(!neg.allowed?('HMAC-SHA256', 'DH-SHA256'))
+      assert(!neg.allowed?('HMAC-SHA256', 'no-encryption'))
+      neg.add_allowed_type('HMAC-SHA256', 'DH-SHA256')
+      assert(neg.allowed?('HMAC-SHA1', 'DH-SHA1'))
+      assert(neg.allowed?('HMAC-SHA1', 'no-encryption'))
+      assert(neg.allowed?('HMAC-SHA256', 'DH-SHA256'))
+      assert(!neg.allowed?('HMAC-SHA256', 'no-encryption'))
+      assert_equal(neg.get_allowed_type, ['HMAC-SHA1', 'DH-SHA1'])
+    end
+    def test_bad_assoc_type
+      assert_raises(StandardError) {
+        AssociationNegotiator.new([['OMG', 'Ponies']])
+      }
+    end
+    def test_bad_session_type
+      assert_raises(StandardError) {
+        AssociationNegotiator.new([['HMAC-SHA1', 'OMG-Ponies']])
+      }
+    end
+    def test_default_negotiator
+      assert_equal(DefaultNegotiator.get_allowed_type,
+                   ['HMAC-SHA1', 'DH-SHA1'])
+      assert(DefaultNegotiator.allowed?('HMAC-SHA256', 'no-encryption'))
+    end
+    def test_encrypted_negotiator
+      assert_equal(EncryptedNegotiator.get_allowed_type,
+                   ['HMAC-SHA1', 'DH-SHA1'])
+      assert(!EncryptedNegotiator.allowed?('HMAC-SHA256', 'no-encryption'))
+    end
+  end
+end