ruby-openid 1.1.4 → 2.0.1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of ruby-openid might be problematic. Click here for more details.
- data/INSTALL +0 -9
- data/README +21 -22
- data/UPGRADE +117 -0
- data/admin/runtests.rb +36 -0
- data/examples/README +13 -21
- data/examples/active_record_openid_store/README +8 -3
- data/examples/active_record_openid_store/XXX_add_open_id_store_to_db.rb +4 -8
- data/examples/active_record_openid_store/XXX_upgrade_open_id_store.rb +26 -0
- data/examples/active_record_openid_store/lib/association.rb +2 -0
- data/examples/active_record_openid_store/lib/openid_ar_store.rb +22 -47
- data/examples/active_record_openid_store/test/store_test.rb +78 -48
- data/examples/discover +46 -0
- data/examples/{rails_server → rails_openid}/README +0 -0
- data/examples/{rails_server → rails_openid}/Rakefile +0 -0
- data/examples/{rails_server → rails_openid}/app/controllers/application.rb +0 -0
- data/examples/rails_openid/app/controllers/consumer_controller.rb +115 -0
- data/examples/{rails_server → rails_openid}/app/controllers/login_controller.rb +10 -2
- data/examples/rails_openid/app/controllers/server_controller.rb +265 -0
- data/examples/{rails_server → rails_openid}/app/helpers/application_helper.rb +0 -0
- data/examples/{rails_server → rails_openid}/app/helpers/login_helper.rb +0 -0
- data/examples/{rails_server → rails_openid}/app/helpers/server_helper.rb +0 -0
- data/examples/rails_openid/app/views/consumer/index.rhtml +81 -0
- data/examples/rails_openid/app/views/consumer/start.rhtml +8 -0
- data/examples/{rails_server → rails_openid}/app/views/layouts/server.rhtml +0 -0
- data/examples/{rails_server → rails_openid}/app/views/login/index.rhtml +1 -1
- data/examples/rails_openid/app/views/server/decide.rhtml +26 -0
- data/examples/{rails_server → rails_openid}/config/boot.rb +0 -0
- data/examples/{rails_server → rails_openid}/config/database.yml +0 -0
- data/examples/{rails_server → rails_openid}/config/environment.rb +0 -0
- data/examples/{rails_server → rails_openid}/config/environments/development.rb +0 -0
- data/examples/{rails_server → rails_openid}/config/environments/production.rb +0 -0
- data/examples/{rails_server → rails_openid}/config/environments/test.rb +0 -0
- data/examples/{rails_server → rails_openid}/config/routes.rb +2 -1
- data/examples/{rails_server → rails_openid}/doc/README_FOR_APP +0 -0
- data/examples/{rails_server → rails_openid}/public/404.html +0 -0
- data/examples/{rails_server → rails_openid}/public/500.html +0 -0
- data/examples/{rails_server → rails_openid}/public/dispatch.cgi +0 -0
- data/examples/{rails_server → rails_openid}/public/dispatch.fcgi +0 -0
- data/examples/{rails_server → rails_openid}/public/dispatch.rb +0 -0
- data/examples/{rails_server → rails_openid}/public/favicon.ico +0 -0
- data/examples/rails_openid/public/images/openid_login_bg.gif +0 -0
- data/examples/{rails_server → rails_openid}/public/javascripts/controls.js +0 -0
- data/examples/{rails_server → rails_openid}/public/javascripts/dragdrop.js +0 -0
- data/examples/{rails_server → rails_openid}/public/javascripts/effects.js +0 -0
- data/examples/{rails_server → rails_openid}/public/javascripts/prototype.js +0 -0
- data/examples/{rails_server → rails_openid}/public/robots.txt +0 -0
- data/examples/{rails_server → rails_openid}/script/about +0 -0
- data/examples/{rails_server → rails_openid}/script/breakpointer +0 -0
- data/examples/{rails_server → rails_openid}/script/console +0 -0
- data/examples/{rails_server → rails_openid}/script/destroy +0 -0
- data/examples/{rails_server → rails_openid}/script/generate +0 -0
- data/examples/{rails_server → rails_openid}/script/performance/benchmarker +0 -0
- data/examples/{rails_server → rails_openid}/script/performance/profiler +0 -0
- data/examples/{rails_server → rails_openid}/script/plugin +0 -0
- data/examples/{rails_server → rails_openid}/script/process/reaper +0 -0
- data/examples/{rails_server → rails_openid}/script/process/spawner +0 -0
- data/examples/{rails_server → rails_openid}/script/process/spinner +0 -0
- data/examples/{rails_server → rails_openid}/script/runner +0 -0
- data/examples/{rails_server → rails_openid}/script/server +0 -0
- data/examples/{rails_server → rails_openid}/test/functional/login_controller_test.rb +0 -0
- data/examples/{rails_server → rails_openid}/test/functional/server_controller_test.rb +0 -0
- data/examples/{rails_server → rails_openid}/test/test_helper.rb +0 -0
- data/lib/{hmac.rb → hmac/hmac.rb} +0 -0
- data/lib/{hmac-sha1.rb → hmac/sha1.rb} +1 -1
- data/lib/{hmac-sha2.rb → hmac/sha2.rb} +1 -1
- data/lib/openid/association.rb +213 -73
- data/lib/openid/consumer/associationmanager.rb +338 -0
- data/lib/openid/consumer/checkid_request.rb +175 -0
- data/lib/openid/consumer/discovery.rb +480 -0
- data/lib/openid/consumer/discovery_manager.rb +123 -0
- data/lib/openid/consumer/html_parse.rb +136 -0
- data/lib/openid/consumer/idres.rb +525 -0
- data/lib/openid/consumer/responses.rb +133 -0
- data/lib/openid/consumer.rb +280 -807
- data/lib/openid/cryptutil.rb +85 -0
- data/lib/openid/dh.rb +60 -23
- data/lib/openid/extension.rb +31 -0
- data/lib/openid/extensions/ax.rb +506 -0
- data/lib/openid/extensions/pape.rb +182 -0
- data/lib/openid/extensions/sreg.rb +275 -0
- data/lib/openid/extras.rb +11 -0
- data/lib/openid/fetchers.rb +132 -93
- data/lib/openid/kvform.rb +133 -0
- data/lib/openid/kvpost.rb +56 -0
- data/lib/openid/message.rb +534 -0
- data/lib/openid/protocolerror.rb +6 -0
- data/lib/openid/server.rb +1215 -666
- data/lib/openid/store/filesystem.rb +271 -0
- data/lib/openid/store/interface.rb +75 -0
- data/lib/openid/store/memory.rb +84 -0
- data/lib/openid/store/nonce.rb +68 -0
- data/lib/openid/trustroot.rb +314 -87
- data/lib/openid/urinorm.rb +37 -34
- data/lib/openid/util.rb +42 -220
- data/lib/openid/yadis/accept.rb +148 -0
- data/lib/openid/yadis/constants.rb +21 -0
- data/lib/openid/yadis/discovery.rb +153 -0
- data/lib/openid/yadis/filters.rb +205 -0
- data/lib/openid/{htmltokenizer.rb → yadis/htmltokenizer.rb} +1 -54
- data/lib/openid/yadis/parsehtml.rb +36 -0
- data/lib/openid/yadis/services.rb +42 -0
- data/lib/openid/yadis/xrds.rb +171 -0
- data/lib/openid/yadis/xri.rb +90 -0
- data/lib/openid/yadis/xrires.rb +106 -0
- data/lib/openid.rb +1 -4
- data/test/data/accept.txt +124 -0
- data/test/data/dh.txt +29 -0
- data/test/data/example-xrds.xml +14 -0
- data/test/data/linkparse.txt +587 -0
- data/test/data/n2b64 +650 -0
- data/test/data/test1-discover.txt +137 -0
- data/test/data/test1-parsehtml.txt +128 -0
- data/test/data/test_discover/openid.html +11 -0
- data/test/data/test_discover/openid2.html +11 -0
- data/test/data/test_discover/openid2_xrds.xml +12 -0
- data/test/data/test_discover/openid2_xrds_no_local_id.xml +11 -0
- data/test/data/test_discover/openid_1_and_2.html +11 -0
- data/test/data/test_discover/openid_1_and_2_xrds.xml +16 -0
- data/test/data/test_discover/openid_1_and_2_xrds_bad_delegate.xml +17 -0
- data/test/data/test_discover/openid_and_yadis.html +12 -0
- data/test/data/test_discover/openid_no_delegate.html +10 -0
- data/test/data/test_discover/yadis_0entries.xml +12 -0
- data/test/data/test_discover/yadis_2_bad_local_id.xml +15 -0
- data/test/data/test_discover/yadis_2entries_delegate.xml +22 -0
- data/test/data/test_discover/yadis_2entries_idp.xml +21 -0
- data/test/data/test_discover/yadis_another_delegate.xml +14 -0
- data/test/data/test_discover/yadis_idp.xml +12 -0
- data/test/data/test_discover/yadis_idp_delegate.xml +13 -0
- data/test/data/test_discover/yadis_no_delegate.xml +11 -0
- data/test/data/test_xrds/=j3h.2007.11.14.xrds +25 -0
- data/test/data/test_xrds/README +12 -0
- data/test/data/test_xrds/delegated-20060809-r1.xrds +34 -0
- data/test/data/test_xrds/delegated-20060809-r2.xrds +34 -0
- data/test/data/test_xrds/delegated-20060809.xrds +34 -0
- data/test/data/test_xrds/no-xrd.xml +7 -0
- data/test/data/test_xrds/not-xrds.xml +2 -0
- data/test/data/test_xrds/prefixsometimes.xrds +34 -0
- data/test/data/test_xrds/ref.xrds +109 -0
- data/test/data/test_xrds/sometimesprefix.xrds +34 -0
- data/test/data/test_xrds/spoof1.xrds +25 -0
- data/test/data/test_xrds/spoof2.xrds +25 -0
- data/test/data/test_xrds/spoof3.xrds +37 -0
- data/test/data/test_xrds/status222.xrds +9 -0
- data/test/data/test_xrds/valid-populated-xrds.xml +39 -0
- data/test/data/trustroot.txt +147 -0
- data/test/discoverdata.rb +131 -0
- data/test/test_accept.rb +170 -0
- data/test/test_association.rb +266 -0
- data/test/test_associationmanager.rb +899 -0
- data/test/test_ax.rb +587 -0
- data/test/test_checkid_request.rb +297 -0
- data/test/test_consumer.rb +257 -0
- data/test/test_cryptutil.rb +117 -0
- data/test/test_dh.rb +86 -0
- data/test/test_discover.rb +772 -0
- data/test/test_discovery_manager.rb +262 -0
- data/test/test_extras.rb +35 -0
- data/test/test_fetchers.rb +472 -0
- data/test/test_filters.rb +270 -0
- data/test/test_idres.rb +816 -0
- data/test/test_kvform.rb +165 -0
- data/test/test_kvpost.rb +65 -0
- data/test/test_linkparse.rb +101 -0
- data/test/test_message.rb +1058 -0
- data/test/test_nonce.rb +89 -0
- data/test/test_openid_yadis.rb +178 -0
- data/test/test_pape.rb +233 -0
- data/test/test_parsehtml.rb +80 -0
- data/test/test_responses.rb +63 -0
- data/test/test_server.rb +2270 -0
- data/test/test_sreg.rb +479 -0
- data/test/test_stores.rb +269 -0
- data/test/test_trustroot.rb +112 -0
- data/test/{urinorm.rb → test_urinorm.rb} +6 -3
- data/test/test_util.rb +144 -0
- data/test/test_xrds.rb +160 -0
- data/test/test_xri.rb +48 -0
- data/test/test_xrires.rb +63 -0
- data/test/test_yadis_discovery.rb +207 -0
- data/test/testutil.rb +116 -0
- data/test/util.rb +47 -50
- metadata +233 -143
- data/examples/consumer.rb +0 -290
- data/examples/rails_openid_login_generator/openid_login_generator-0.1.gem +0 -0
- data/examples/rails_server/app/controllers/server_controller.rb +0 -190
- data/examples/rails_server/app/views/server/decide.rhtml +0 -11
- data/examples/rails_server/public/images/rails.png +0 -0
- data/lib/hmac-md5.rb +0 -11
- data/lib/hmac-rmd160.rb +0 -11
- data/lib/openid/discovery.rb +0 -122
- data/lib/openid/filestore.rb +0 -315
- data/lib/openid/parse.rb +0 -23
- data/lib/openid/service.rb +0 -147
- data/lib/openid/stores.rb +0 -178
- data/test/assoc.rb +0 -38
- data/test/consumer.rb +0 -376
- data/test/data/brian.xrds +0 -16
- data/test/data/brianellin.mylid.xrds +0 -42
- data/test/dh.rb +0 -20
- data/test/extensions.rb +0 -30
- data/test/linkparse.rb +0 -305
- data/test/runtests.rb +0 -22
- data/test/server2.rb +0 -1053
- data/test/service.rb +0 -47
- data/test/storetestcase.rb +0 -172
- data/test/teststore.rb +0 -47
- data/test/trustroot.rb +0 -117
data/test/test_accept.rb
ADDED
@@ -0,0 +1,170 @@
|
|
1
|
+
|
2
|
+
require 'test/unit'
|
3
|
+
require 'openid/yadis/accept'
|
4
|
+
require 'openid/extras'
|
5
|
+
require 'openid/util'
|
6
|
+
|
7
|
+
module OpenID
|
8
|
+
|
9
|
+
class AcceptTest < Test::Unit::TestCase
|
10
|
+
include TestDataMixin
|
11
|
+
|
12
|
+
def getTestData()
|
13
|
+
# Read the test data off of disk
|
14
|
+
#
|
15
|
+
# () -> [(int, str)]
|
16
|
+
lines = read_data_file('accept.txt')
|
17
|
+
line_no = 1
|
18
|
+
return lines.collect { |line|
|
19
|
+
pair = [line_no, line]
|
20
|
+
line_no += 1
|
21
|
+
pair
|
22
|
+
}
|
23
|
+
end
|
24
|
+
|
25
|
+
def chunk(lines)
|
26
|
+
# Return groups of lines separated by whitespace or comments
|
27
|
+
#
|
28
|
+
# [(int, str)] -> [[(int, str)]]
|
29
|
+
chunks = []
|
30
|
+
chunk = []
|
31
|
+
lines.each { |lineno, line|
|
32
|
+
stripped = line.strip()
|
33
|
+
if (stripped == '') or stripped.starts_with?('#')
|
34
|
+
if chunk.length > 0
|
35
|
+
chunks << chunk
|
36
|
+
chunk = []
|
37
|
+
end
|
38
|
+
else
|
39
|
+
chunk << [lineno, stripped]
|
40
|
+
end
|
41
|
+
}
|
42
|
+
|
43
|
+
if chunk.length > 0
|
44
|
+
chunks << chunk
|
45
|
+
end
|
46
|
+
|
47
|
+
return chunks
|
48
|
+
end
|
49
|
+
|
50
|
+
def parseLines(chunk)
|
51
|
+
# Take the given chunk of lines and turn it into a test data
|
52
|
+
# dictionary
|
53
|
+
#
|
54
|
+
# [(int, str)] -> {str:(int, str)}
|
55
|
+
items = {}
|
56
|
+
chunk.each { |lineno, line|
|
57
|
+
header, data = line.split(':', 2)
|
58
|
+
header = header.downcase
|
59
|
+
items[header] = [lineno, data.strip]
|
60
|
+
}
|
61
|
+
return items
|
62
|
+
end
|
63
|
+
|
64
|
+
def parseAvailable(available_text)
|
65
|
+
# Parse an Available: line's data
|
66
|
+
#
|
67
|
+
# str -> [str]
|
68
|
+
return available_text.split(',', -1).collect { |s| s.strip }
|
69
|
+
end
|
70
|
+
|
71
|
+
def parseExpected(expected_text)
|
72
|
+
# Parse an Expected: line's data
|
73
|
+
#
|
74
|
+
# str -> [(str, float)]
|
75
|
+
expected = []
|
76
|
+
if expected_text != ''
|
77
|
+
expected_text.split(',', -1).each { |chunk|
|
78
|
+
chunk = chunk.strip
|
79
|
+
mtype, qstuff = chunk.split(';', -1)
|
80
|
+
mtype = mtype.strip
|
81
|
+
Util.assert(!mtype.index('/').nil?)
|
82
|
+
qstuff = qstuff.strip
|
83
|
+
q, qstr = qstuff.split('=', -1)
|
84
|
+
Util.assert(q == 'q')
|
85
|
+
qval = qstr.to_f
|
86
|
+
expected << [mtype, qval]
|
87
|
+
}
|
88
|
+
end
|
89
|
+
|
90
|
+
return expected
|
91
|
+
end
|
92
|
+
|
93
|
+
def test_accept_headers
|
94
|
+
lines = getTestData()
|
95
|
+
chunks = chunk(lines)
|
96
|
+
data_sets = chunks.collect { |chunk| parseLines(chunk) }
|
97
|
+
cases = []
|
98
|
+
data_sets.each { |data|
|
99
|
+
lnos = []
|
100
|
+
lno, header = data['accept']
|
101
|
+
lnos << lno
|
102
|
+
lno, avail_data = data['available']
|
103
|
+
lnos << lno
|
104
|
+
begin
|
105
|
+
available = parseAvailable(avail_data)
|
106
|
+
rescue
|
107
|
+
print 'On line', lno
|
108
|
+
raise
|
109
|
+
end
|
110
|
+
|
111
|
+
lno, exp_data = data['expected']
|
112
|
+
lnos << lno
|
113
|
+
begin
|
114
|
+
expected = parseExpected(exp_data)
|
115
|
+
rescue
|
116
|
+
print 'On line', lno
|
117
|
+
raise
|
118
|
+
end
|
119
|
+
|
120
|
+
descr = sprintf('MatchAcceptTest for lines %s', lnos)
|
121
|
+
|
122
|
+
# Test:
|
123
|
+
accepted = Yadis.parse_accept_header(header)
|
124
|
+
actual = Yadis.match_types(accepted, available)
|
125
|
+
assert_equal(expected, actual)
|
126
|
+
|
127
|
+
assert_equal(Yadis.get_acceptable(header, available),
|
128
|
+
expected.collect { |mtype, _| mtype })
|
129
|
+
}
|
130
|
+
end
|
131
|
+
|
132
|
+
def test_generate_accept_header
|
133
|
+
# TODO: move this into a test case file and write parsing code
|
134
|
+
# for it.
|
135
|
+
|
136
|
+
# Form: [input_array, expected_header_string]
|
137
|
+
cases = [
|
138
|
+
# Empty input list
|
139
|
+
[[], ""],
|
140
|
+
# Content type name only; no q value
|
141
|
+
[["test"], "test"],
|
142
|
+
# q = 1.0 should be omitted from the header
|
143
|
+
[[["test", 1.0]], "test"],
|
144
|
+
# Test conversion of float to string
|
145
|
+
[["test", ["with_q", 0.8]], "with_q; q=0.8, test"],
|
146
|
+
# Allow string q values, too
|
147
|
+
[["test", ["with_q_str", "0.7"]], "with_q_str; q=0.7, test"],
|
148
|
+
# Test q values out of bounds
|
149
|
+
[[["test", -1.0]], nil],
|
150
|
+
[[["test", 1.1]], nil],
|
151
|
+
# Test sorting of types by q value
|
152
|
+
[[["middle", 0.5], ["min", 0.1], "max"],
|
153
|
+
"min; q=0.1, middle; q=0.5, max"],
|
154
|
+
|
155
|
+
].each { |input, expected_header|
|
156
|
+
|
157
|
+
if expected_header.nil?
|
158
|
+
assert_raise(ArgumentError) {
|
159
|
+
Yadis.generate_accept_header(*input)
|
160
|
+
}
|
161
|
+
else
|
162
|
+
assert_equal(expected_header, Yadis.generate_accept_header(*input),
|
163
|
+
[input, expected_header].inspect)
|
164
|
+
end
|
165
|
+
}
|
166
|
+
end
|
167
|
+
|
168
|
+
end
|
169
|
+
|
170
|
+
end
|
@@ -0,0 +1,266 @@
|
|
1
|
+
require "test/unit"
|
2
|
+
require "openid/association"
|
3
|
+
|
4
|
+
module OpenID
|
5
|
+
class AssociationTestCase < Test::Unit::TestCase
|
6
|
+
def setup
|
7
|
+
# Use this funny way of getting a time so that it does not have
|
8
|
+
# fractional seconds, and so can be serialized exactly using our
|
9
|
+
# standard code.
|
10
|
+
issued = Time.at(Time.now.to_i)
|
11
|
+
lifetime = 600
|
12
|
+
|
13
|
+
@assoc = Association.new('handle', 'secret', issued,
|
14
|
+
lifetime, 'HMAC-SHA1')
|
15
|
+
end
|
16
|
+
|
17
|
+
def test_round_trip
|
18
|
+
assoc2 = Association.deserialize(@assoc.serialize())
|
19
|
+
[:handle, :secret, :lifetime, :assoc_type].each do |attr|
|
20
|
+
assert_equal(@assoc.send(attr), assoc2.send(attr))
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
def test_deserialize_failure
|
25
|
+
field_list = Util.kv_to_seq(@assoc.serialize)
|
26
|
+
kv = Util.seq_to_kv(field_list + [['monkeys', 'funny']])
|
27
|
+
assert_raises(StandardError) {
|
28
|
+
Association.deserialize(kv)
|
29
|
+
}
|
30
|
+
|
31
|
+
bad_version_list = field_list.dup
|
32
|
+
bad_version_list[0] = ['version', 'moon']
|
33
|
+
bad_version_kv = Util.seq_to_kv(bad_version_list)
|
34
|
+
assert_raises(StandardError) {
|
35
|
+
Association.deserialize(bad_version_kv)
|
36
|
+
}
|
37
|
+
end
|
38
|
+
|
39
|
+
def test_serialization_identity
|
40
|
+
assoc2 = Association.deserialize(@assoc.serialize)
|
41
|
+
assert_equal(@assoc, assoc2)
|
42
|
+
end
|
43
|
+
|
44
|
+
def test_expires_in
|
45
|
+
# Allow one second of slop
|
46
|
+
assert(@assoc.expires_in.between?(599,600))
|
47
|
+
assert(@assoc.expires_in(Time.now.to_i).between?(599,600))
|
48
|
+
assert_equal(0,@assoc.expires_in(Time.now.to_i + 10000),"negative expires_in")
|
49
|
+
end
|
50
|
+
|
51
|
+
def test_from_expires_in
|
52
|
+
start_time = Time.now
|
53
|
+
expires_in = @assoc.expires_in
|
54
|
+
assoc = Association.from_expires_in(expires_in,
|
55
|
+
@assoc.handle,
|
56
|
+
@assoc.secret,
|
57
|
+
@assoc.assoc_type)
|
58
|
+
|
59
|
+
# Allow one second of slop here for code execution time
|
60
|
+
assert_in_delta(1, assoc.expires_in, @assoc.expires_in)
|
61
|
+
[:handle, :secret, :assoc_type].each do |attr|
|
62
|
+
assert_equal(@assoc.send(attr), assoc.send(attr))
|
63
|
+
end
|
64
|
+
|
65
|
+
# Make sure the issued time is near the start
|
66
|
+
assert(assoc.issued >= start_time)
|
67
|
+
assert_in_delta(1, assoc.issued.to_f, start_time.to_f)
|
68
|
+
end
|
69
|
+
|
70
|
+
def test_sign_sha1
|
71
|
+
pairs = [['key1', 'value1'],
|
72
|
+
['key2', 'value2']]
|
73
|
+
|
74
|
+
[['HMAC-SHA256', "\xfd\xaa\xfe;\xac\xfc*\x988\xad\x05d6-"\
|
75
|
+
"\xeaVy\xd5\xa5Z.<\xa9\xed\x18\x82\\$"\
|
76
|
+
"\x95x\x1c&"],
|
77
|
+
['HMAC-SHA1', "\xe0\x1bv\x04\xf1G\xc0\xbb\x7f\x9a\x8b"\
|
78
|
+
"\xe9\xbc\xee}\\\xe5\xbb7*"],
|
79
|
+
].each do |assoc_type, expected|
|
80
|
+
assoc = Association.from_expires_in(3600, "handle", 'very_secret',
|
81
|
+
assoc_type)
|
82
|
+
sig = assoc.sign(pairs)
|
83
|
+
assert_equal(sig, expected)
|
84
|
+
|
85
|
+
m = Message.new(OPENID2_NS)
|
86
|
+
pairs.each { |k, v|
|
87
|
+
m.set_arg(OPENID_NS, k, v)
|
88
|
+
}
|
89
|
+
m.set_arg(BARE_NS, "not_an_openid_arg", "bogus")
|
90
|
+
|
91
|
+
signed_m = assoc.sign_message(m)
|
92
|
+
assert(signed_m.has_key?(OPENID_NS, 'sig'))
|
93
|
+
assert_equal(signed_m.get_arg(OPENID_NS, 'signed'),
|
94
|
+
'assoc_handle,key1,key2,ns,signed')
|
95
|
+
end
|
96
|
+
end
|
97
|
+
|
98
|
+
def test_sign_message_with_sig
|
99
|
+
assoc = Association.from_expires_in(3600, "handle", "very_secret",
|
100
|
+
"HMAC-SHA1")
|
101
|
+
m = Message.new(OPENID2_NS)
|
102
|
+
m.set_arg(OPENID_NS, 'sig', 'noise')
|
103
|
+
assert_raises(ArgumentError) {
|
104
|
+
assoc.sign_message(m)
|
105
|
+
}
|
106
|
+
end
|
107
|
+
|
108
|
+
def test_sign_message_with_signed
|
109
|
+
assoc = Association.from_expires_in(3600, "handle", "very_secret",
|
110
|
+
"HMAC-SHA1")
|
111
|
+
m = Message.new(OPENID2_NS)
|
112
|
+
m.set_arg(OPENID_NS, 'signed', 'fields')
|
113
|
+
assert_raises(ArgumentError) {
|
114
|
+
assoc.sign_message(m)
|
115
|
+
}
|
116
|
+
end
|
117
|
+
|
118
|
+
def test_sign_different_assoc_handle
|
119
|
+
assoc = Association.from_expires_in(3600, "handle", "very_secret",
|
120
|
+
"HMAC-SHA1")
|
121
|
+
m = Message.new(OPENID2_NS)
|
122
|
+
m.set_arg(OPENID_NS, 'assoc_handle', 'different')
|
123
|
+
assert_raises(ArgumentError) {
|
124
|
+
assoc.sign_message(m)
|
125
|
+
}
|
126
|
+
end
|
127
|
+
|
128
|
+
def test_sign_bad_assoc_type
|
129
|
+
@assoc.instance_eval { @assoc_type = 'Cookies' }
|
130
|
+
assert_raises(StandardError) {
|
131
|
+
@assoc.sign([])
|
132
|
+
}
|
133
|
+
end
|
134
|
+
|
135
|
+
def test_make_pairs
|
136
|
+
msg = Message.new(OPENID2_NS)
|
137
|
+
msg.update_args(OPENID2_NS, {
|
138
|
+
'mode' => 'id_res',
|
139
|
+
'identifier' => '=example',
|
140
|
+
'signed' => 'identifier,mode',
|
141
|
+
'sig' => 'cephalopod',
|
142
|
+
})
|
143
|
+
msg.update_args(BARE_NS, {'xey' => 'value'})
|
144
|
+
assoc = Association.from_expires_in(3600, '{sha1}', 'very_secret',
|
145
|
+
"HMAC-SHA1")
|
146
|
+
pairs = assoc.make_pairs(msg)
|
147
|
+
assert_equal([['identifier', '=example'],
|
148
|
+
['mode', 'id_res']], pairs)
|
149
|
+
end
|
150
|
+
|
151
|
+
def test_check_message_signature_no_signed
|
152
|
+
m = Message.new(OPENID2_NS)
|
153
|
+
m.update_args(OPENID2_NS, {'mode' => 'id_res',
|
154
|
+
'identifier' => '=example',
|
155
|
+
'sig' => 'coyote',
|
156
|
+
})
|
157
|
+
assoc = Association.from_expires_in(3600, '{sha1}', 'very_secret',
|
158
|
+
"HMAC-SHA1")
|
159
|
+
assert_raises(StandardError) {
|
160
|
+
assoc.check_message_signature(m)
|
161
|
+
}
|
162
|
+
end
|
163
|
+
|
164
|
+
def test_check_message_signature_no_sig
|
165
|
+
m = Message.new(OPENID2_NS)
|
166
|
+
m.update_args(OPENID2_NS, {'mode' => 'id_res',
|
167
|
+
'identifier' => '=example',
|
168
|
+
'signed' => 'mode',
|
169
|
+
})
|
170
|
+
assoc = Association.from_expires_in(3600, '{sha1}', 'very_secret',
|
171
|
+
"HMAC-SHA1")
|
172
|
+
assert_raises(StandardError) {
|
173
|
+
assoc.check_message_signature(m)
|
174
|
+
}
|
175
|
+
end
|
176
|
+
|
177
|
+
def test_check_message_signature_bad_sig
|
178
|
+
m = Message.new(OPENID2_NS)
|
179
|
+
m.update_args(OPENID2_NS, {'mode' => 'id_res',
|
180
|
+
'identifier' => '=example',
|
181
|
+
'signed' => 'mode',
|
182
|
+
'sig' => Util.to_base64('coyote'),
|
183
|
+
})
|
184
|
+
assoc = Association.from_expires_in(3600, '{sha1}', 'very_secret',
|
185
|
+
"HMAC-SHA1")
|
186
|
+
assert(!assoc.check_message_signature(m))
|
187
|
+
end
|
188
|
+
|
189
|
+
def test_check_message_signature_good_sig
|
190
|
+
m = Message.new(OPENID2_NS)
|
191
|
+
m.update_args(OPENID2_NS, {'mode' => 'id_res',
|
192
|
+
'identifier' => '=example',
|
193
|
+
'signed' => 'mode',
|
194
|
+
'sig' => Util.to_base64('coyote'),
|
195
|
+
})
|
196
|
+
assoc = Association.from_expires_in(3600, '{sha1}', 'very_secret',
|
197
|
+
"HMAC-SHA1")
|
198
|
+
class << assoc
|
199
|
+
# Override sign, because it's already tested elsewhere
|
200
|
+
def sign(pairs)
|
201
|
+
"coyote"
|
202
|
+
end
|
203
|
+
end
|
204
|
+
|
205
|
+
assert(assoc.check_message_signature(m))
|
206
|
+
end
|
207
|
+
end
|
208
|
+
|
209
|
+
class AssociationNegotiatorTestCase < Test::Unit::TestCase
|
210
|
+
def assert_equal_under(item1, item2)
|
211
|
+
val1 = yield(item1)
|
212
|
+
val2 = yield(item2)
|
213
|
+
assert_equal(val1, val2)
|
214
|
+
end
|
215
|
+
|
216
|
+
def test_copy
|
217
|
+
neg = AssociationNegotiator.new([['HMAC-SHA1', 'DH-SHA1']])
|
218
|
+
neg2 = neg.copy
|
219
|
+
assert_equal_under(neg, neg2) {|n| n.instance_eval{@allowed_types} }
|
220
|
+
assert(neg.object_id != neg2.object_id)
|
221
|
+
end
|
222
|
+
|
223
|
+
def test_add_allowed
|
224
|
+
neg = AssociationNegotiator.new([])
|
225
|
+
assert(!neg.allowed?('HMAC-SHA1', 'DH-SHA1'))
|
226
|
+
assert(!neg.allowed?('HMAC-SHA1', 'no-encryption'))
|
227
|
+
assert(!neg.allowed?('HMAC-SHA256', 'DH-SHA256'))
|
228
|
+
assert(!neg.allowed?('HMAC-SHA256', 'no-encryption'))
|
229
|
+
neg.add_allowed_type('HMAC-SHA1')
|
230
|
+
assert(neg.allowed?('HMAC-SHA1', 'DH-SHA1'))
|
231
|
+
assert(neg.allowed?('HMAC-SHA1', 'no-encryption'))
|
232
|
+
assert(!neg.allowed?('HMAC-SHA256', 'DH-SHA256'))
|
233
|
+
assert(!neg.allowed?('HMAC-SHA256', 'no-encryption'))
|
234
|
+
neg.add_allowed_type('HMAC-SHA256', 'DH-SHA256')
|
235
|
+
assert(neg.allowed?('HMAC-SHA1', 'DH-SHA1'))
|
236
|
+
assert(neg.allowed?('HMAC-SHA1', 'no-encryption'))
|
237
|
+
assert(neg.allowed?('HMAC-SHA256', 'DH-SHA256'))
|
238
|
+
assert(!neg.allowed?('HMAC-SHA256', 'no-encryption'))
|
239
|
+
assert_equal(neg.get_allowed_type, ['HMAC-SHA1', 'DH-SHA1'])
|
240
|
+
end
|
241
|
+
|
242
|
+
def test_bad_assoc_type
|
243
|
+
assert_raises(StandardError) {
|
244
|
+
AssociationNegotiator.new([['OMG', 'Ponies']])
|
245
|
+
}
|
246
|
+
end
|
247
|
+
|
248
|
+
def test_bad_session_type
|
249
|
+
assert_raises(StandardError) {
|
250
|
+
AssociationNegotiator.new([['HMAC-SHA1', 'OMG-Ponies']])
|
251
|
+
}
|
252
|
+
end
|
253
|
+
|
254
|
+
def test_default_negotiator
|
255
|
+
assert_equal(DefaultNegotiator.get_allowed_type,
|
256
|
+
['HMAC-SHA1', 'DH-SHA1'])
|
257
|
+
assert(DefaultNegotiator.allowed?('HMAC-SHA256', 'no-encryption'))
|
258
|
+
end
|
259
|
+
|
260
|
+
def test_encrypted_negotiator
|
261
|
+
assert_equal(EncryptedNegotiator.get_allowed_type,
|
262
|
+
['HMAC-SHA1', 'DH-SHA1'])
|
263
|
+
assert(!EncryptedNegotiator.allowed?('HMAC-SHA256', 'no-encryption'))
|
264
|
+
end
|
265
|
+
end
|
266
|
+
end
|