activitypub-php/test/Auth/HttpSignatureServiceTest.php

<?php
// tests:
// - signature for request that specifies a header but is missing that header
// - signature for request with malformed Signature header
namespace ActivityPub\Test\Auth;

use ActivityPub\Auth\HttpSignatureService;
use PHPUnit\Framework\TestCase;
use Symfony\Component\HttpFoundation\Request;

class HttpSignatureServiceTest extends TestCase
{
    const PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCFENGw33yGihy92pDjZQhl0C3
6rPJj+CvfSC8+q28hxA161QFNUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6
Z4UMR7EOcpfdUE9Hf3m/hs+FUR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJw
oYi+1hqp1fIekaxsyQIDAQAB
-----END PUBLIC KEY-----";

    const PRIVATE_KEY = "-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDCFENGw33yGihy92pDjZQhl0C36rPJj+CvfSC8+q28hxA161QF
NUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6Z4UMR7EOcpfdUE9Hf3m/hs+F
UR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJwoYi+1hqp1fIekaxsyQIDAQAB
AoGBAJR8ZkCUvx5kzv+utdl7T5MnordT1TvoXXJGXK7ZZ+UuvMNUCdN2QPc4sBiA
QWvLw1cSKt5DsKZ8UETpYPy8pPYnnDEz2dDYiaew9+xEpubyeW2oH4Zx71wqBtOK
kqwrXa/pzdpiucRRjk6vE6YY7EBBs/g7uanVpGibOVAEsqH1AkEA7DkjVH28WDUg
f1nqvfn2Kj6CT7nIcE3jGJsZZ7zlZmBmHFDONMLUrXR/Zm3pR5m0tCmBqa5RK95u
412jt1dPIwJBANJT3v8pnkth48bQo/fKel6uEYyboRtA5/uHuHkZ6FQF7OUkGogc
mSJluOdc5t6hI1VsLn0QZEjQZMEOWr+wKSMCQQCC4kXJEsHAve77oP6HtG/IiEn7
kpyUXRNvFsDE0czpJJBvL/aRFUJxuRK91jhjC68sA7NsKMGg5OXb5I5Jj36xAkEA
gIT7aFOYBFwGgQAQkWNKLvySgKbAZRTeLBacpHMuQdl1DfdntvAyqpAZ0lY0RKmW
G6aFKaqQfOXKCyWoUiVknQJAXrlgySFci/2ueKlIE1QqIiLSZ8V8OlpFLRnb1pzI
7U1yQXnTAEFYM560yJlzUpOb1V4cScGd365tiSMvxLOvTA==
-----END RSA PRIVATE KEY-----";

    private $httpSignatureService;

    public function setUp()
    {
        $this->httpSignatureService = new HttpSignatureService();
    }

    private static function getRequest()
    {
        $request = Request::create(
            'https://example.com/foo',
            Request::METHOD_POST,
            array( 'param' => 'value', 'pet' => 'dog' ),
            array(),
            array(),
            array(),
            '{"hello": "world"}'
        );
        $request->headers->set( 'host', 'example.com' );
        $request->headers->set( 'content-type', 'application/json' );
        $request->headers->set(
            'digest', 'SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE='
        );
        $request->headers->set( 'content-length', 18 );
        $request->headers->set( 'date', 'Sun, 05 Jan 2014 21:31:40 GMT' );
        return $request;
    }

    public function testItVerifies()
    {
        $request = self::getRequest();
        $authHeader = 'Signature keyId="Test",algorithm="rsa-sha256",signature="SjWJWbWN7i0wzBvtPl8rbASWz5xQW6mcJmn+ibttBqtifLN7Sazz6m79cNfwwb8DMJ5cou1s7uEGKKCs+FLEEaDV5lp7q25WqS+lavg7T8hc0GppauB6hbgEKTwblDHYGEtbGmtdHgVCk9SuS13F0hZ8FD0k/5OxEPXe5WozsbM="';
        $request->headers->set( 'authorization', $authHeader );
        $verified = $this->httpSignatureService->verify( $request, self::PUBLIC_KEY );
        $this->assertTrue( $verified );
    }
}
?>
[WIP] Begin implementing http sig signing/verification 2019-01-14 16:12:47 +00:00			`<?php`
			`// tests:`
			`// - signature for request that specifies a header but is missing that header`
			`// - signature for request with malformed Signature header`
			`namespace ActivityPub\Test\Auth;`

			`use ActivityPub\Auth\HttpSignatureService;`
			`use PHPUnit\Framework\TestCase;`
			`use Symfony\Component\HttpFoundation\Request;`

			`class HttpSignatureServiceTest extends TestCase`
			`{`
			`const PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----`
			`MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCFENGw33yGihy92pDjZQhl0C3`
			`6rPJj+CvfSC8+q28hxA161QFNUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6`
			`Z4UMR7EOcpfdUE9Hf3m/hs+FUR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJw`
			`oYi+1hqp1fIekaxsyQIDAQAB`
			`-----END PUBLIC KEY-----";`

			`const PRIVATE_KEY = "-----BEGIN RSA PRIVATE KEY-----`
			`MIICXgIBAAKBgQDCFENGw33yGihy92pDjZQhl0C36rPJj+CvfSC8+q28hxA161QF`
			`NUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6Z4UMR7EOcpfdUE9Hf3m/hs+F`
			`UR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJwoYi+1hqp1fIekaxsyQIDAQAB`
			`AoGBAJR8ZkCUvx5kzv+utdl7T5MnordT1TvoXXJGXK7ZZ+UuvMNUCdN2QPc4sBiA`
			`QWvLw1cSKt5DsKZ8UETpYPy8pPYnnDEz2dDYiaew9+xEpubyeW2oH4Zx71wqBtOK`
			`kqwrXa/pzdpiucRRjk6vE6YY7EBBs/g7uanVpGibOVAEsqH1AkEA7DkjVH28WDUg`
			`f1nqvfn2Kj6CT7nIcE3jGJsZZ7zlZmBmHFDONMLUrXR/Zm3pR5m0tCmBqa5RK95u`
			`412jt1dPIwJBANJT3v8pnkth48bQo/fKel6uEYyboRtA5/uHuHkZ6FQF7OUkGogc`
			`mSJluOdc5t6hI1VsLn0QZEjQZMEOWr+wKSMCQQCC4kXJEsHAve77oP6HtG/IiEn7`
			`kpyUXRNvFsDE0czpJJBvL/aRFUJxuRK91jhjC68sA7NsKMGg5OXb5I5Jj36xAkEA`
			`gIT7aFOYBFwGgQAQkWNKLvySgKbAZRTeLBacpHMuQdl1DfdntvAyqpAZ0lY0RKmW`
			`G6aFKaqQfOXKCyWoUiVknQJAXrlgySFci/2ueKlIE1QqIiLSZ8V8OlpFLRnb1pzI`
			`7U1yQXnTAEFYM560yJlzUpOb1V4cScGd365tiSMvxLOvTA==`
			`-----END RSA PRIVATE KEY-----";`

			`private $httpSignatureService;`

			`public function setUp()`
			`{`
			`$this->httpSignatureService = new HttpSignatureService();`
			`}`

			`private static function getRequest()`
			`{`
			`$request = Request::create(`
			`'https://example.com/foo',`
			`Request::METHOD_POST,`
			`array( 'param' => 'value', 'pet' => 'dog' ),`
			`array(),`
			`array(),`
			`array(),`
			`'{"hello": "world"}'`
			`);`
			`$request->headers->set( 'host', 'example.com' );`
			`$request->headers->set( 'content-type', 'application/json' );`
			`$request->headers->set(`
			`'digest', 'SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE='`
			`);`
			`$request->headers->set( 'content-length', 18 );`
			`$request->headers->set( 'date', 'Sun, 05 Jan 2014 21:31:40 GMT' );`
			`return $request;`
			`}`

			`public function testItVerifies()`
			`{`
			`$request = self::getRequest();`
			`$authHeader = 'Signature keyId="Test",algorithm="rsa-sha256",signature="SjWJWbWN7i0wzBvtPl8rbASWz5xQW6mcJmn+ibttBqtifLN7Sazz6m79cNfwwb8DMJ5cou1s7uEGKKCs+FLEEaDV5lp7q25WqS+lavg7T8hc0GppauB6hbgEKTwblDHYGEtbGmtdHgVCk9SuS13F0hZ8FD0k/5OxEPXe5WozsbM="';`
			`$request->headers->set( 'authorization', $authHeader );`
			`$verified = $this->httpSignatureService->verify( $request, self::PUBLIC_KEY );`
			`$this->assertTrue( $verified );`
			`}`
			`}`
			`?>`