3
final class PhutilOAuth1FutureTestCase extends PhutilTestCase {
5
public function testOAuth1SigningWithOldSpecExmaples() {
7
// NOTE: These examples are from an old version of the OAuth 1 spec,
8
// so they might not be totally accurate.
10
$uri = 'https://photos.example.net/request_token';
11
$future = id(new PhutilOAuth1Future($uri))
12
->setTimestamp(1191242090)
13
->setNonce('hsu94j3884jdopsl')
14
->setConsumerKey('dpf43f3p2l4k3l03')
15
->setConsumerSecret(new PhutilOpaqueEnvelope('kd94hf93k423kf44'))
16
->setSignatureMethod('PLAINTEXT');
18
$this->assertEqual('kd94hf93k423kf44&', $future->getSignature());
21
$uri = 'http://photos.example.net/photos';
23
'file' => 'vacation.jpg',
27
$future = id(new PhutilOAuth1Future($uri, $data))
29
->setTimestamp(1191242096)
30
->setNonce('kllo9940pd9333jh')
31
->setConsumerKey('dpf43f3p2l4k3l03')
32
->setConsumerSecret(new PhutilOpaqueEnvelope('kd94hf93k423kf44'))
33
->setSignatureMethod('HMAC-SHA1')
34
->setToken('nnch734d00sl2jdk')
35
->setTokenSecret('pfkkdhi9sl3r4s00');
37
$this->assertEqual('tR3+Ty81lMeYAr/Fid0kMTYa/WM=', $future->getSignature());
40
public function testOAuth1SigningWithTwitterExamples() {
42
// NOTE: This example is from Twitter.
43
// https://dev.twitter.com/docs/auth/creating-signature
45
$uri = 'https://api.twitter.com/1/statuses/update.json?'.
46
'include_entities=true';
48
'status' => 'Hello Ladies + Gentlemen, a signed OAuth request!',
51
$future = id(new PhutilOAuth1Future($uri, $data))
53
->setConsumerKey('xvz1evFS4wEEPTGEFPHBog')
55
new PhutilOpaqueEnvelope('kAcSOqF21Fu85e7zjz7ZN2U4ZRhfV3WpwPAoE3Z7kBw'))
56
->setNonce('kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg')
57
->setSignatureMethod('HMAC-SHA1')
58
->setTimestamp(1318622958)
59
->setToken('370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb')
60
->setTokenSecret('LswwdoUaIvS8ltyTt5jkRh4J50vUPVVHtR2YPi5kE');
62
$this->assertEqual('tnnArxj06cWHq44gCs1OSKk/jLY=', $future->getSignature());
65
public function testOAuth1SigningWithJIRAExamples() {
67
// NOTE: This is an emprically example against JIRA v6.0.6, in that the
68
// code seems to work when actually authing. It primarily serves as a check
69
// of the RSA-SHA1 signature method.
71
$public_key = <<<EOKEY
72
-----BEGIN PUBLIC KEY-----
73
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAz/cLggl8VtHsZAtQudfz
74
fN14/xZgtUxA/J10jVwaz30etSiTY1QmeUbL09XKM7NyIL432+AbJkLEJ/EF6NIh
75
XkqrtrDvi+48zcSl0zwHthGjESLve9o0i9m1EjEaztnv8EdaNuXkUtYfEMUm9KEk
76
iocXTdyLszdtrGOPY1h4qQUrgxO0JY0bBoRa6PqiGe7M/3yvstbW0DGNGvNvLaq7
77
k54tPCDKWGKphoEQ6wxd5Hk30LEKn0dqZ5i11ZYal4bfj7UkvjiA5bgAAZmyQ1IV
78
CqzMQsPLwAlw/8xyu9EnCE49odmPKn/cbvY5vhoRwDbHDsOuwEPvoFCV9hoXvWhT
79
GfWcxDihkgBVDzqHZYgCctTjr+4eZvryBOemPK4FaiEHQ4ZQswX6KT5tW7HcjaQ3
80
kGz2pgOstLBGu9EN6t4kmFDLFOzWEYM5CfSuaE54pnfNJNXuTER/a1S8NCnjrVtH
81
/h9B2OoNAIUvyLYMhsL7L/0sr8+Sjnoyg+R3rQZZAEJlAiXLtxjD8HGefNPUe8Md
82
pEO2GyKD9Z/Vxc5HyIikxqo/+pfjJsOEvbqZg3sHZpTb77+kpCic3CdmXhw8HiXg
83
KP9BUSF1iTShnz72zMDDws9t4O3EVFVNLH3Imty8uW1KtSzQbfXO1yNFlZXrn4fy
84
54Bwm3hGUO1PNaWg+4F2J8ECAwEAAQ==
85
-----END PUBLIC KEY-----
88
$private_key = <<<EOKEY
89
-----BEGIN RSA PRIVATE KEY-----
90
MIIJJwIBAAKCAgEAz/cLggl8VtHsZAtQudfzfN14/xZgtUxA/J10jVwaz30etSiT
91
Y1QmeUbL09XKM7NyIL432+AbJkLEJ/EF6NIhXkqrtrDvi+48zcSl0zwHthGjESLv
92
e9o0i9m1EjEaztnv8EdaNuXkUtYfEMUm9KEkiocXTdyLszdtrGOPY1h4qQUrgxO0
93
JY0bBoRa6PqiGe7M/3yvstbW0DGNGvNvLaq7k54tPCDKWGKphoEQ6wxd5Hk30LEK
94
n0dqZ5i11ZYal4bfj7UkvjiA5bgAAZmyQ1IVCqzMQsPLwAlw/8xyu9EnCE49odmP
95
Kn/cbvY5vhoRwDbHDsOuwEPvoFCV9hoXvWhTGfWcxDihkgBVDzqHZYgCctTjr+4e
96
ZvryBOemPK4FaiEHQ4ZQswX6KT5tW7HcjaQ3kGz2pgOstLBGu9EN6t4kmFDLFOzW
97
EYM5CfSuaE54pnfNJNXuTER/a1S8NCnjrVtH/h9B2OoNAIUvyLYMhsL7L/0sr8+S
98
jnoyg+R3rQZZAEJlAiXLtxjD8HGefNPUe8MdpEO2GyKD9Z/Vxc5HyIikxqo/+pfj
99
JsOEvbqZg3sHZpTb77+kpCic3CdmXhw8HiXgKP9BUSF1iTShnz72zMDDws9t4O3E
100
VFVNLH3Imty8uW1KtSzQbfXO1yNFlZXrn4fy54Bwm3hGUO1PNaWg+4F2J8ECAwEA
101
AQKCAgAHV8e2PbOANUVNewDMrw1P2VoOV7HudNTOlpio7RmdPeO5rccWeMArBA7q
102
WeAb1zguY8kBIHaU8UKPznjQ8apv898AQlsS68SF122rebEkApdpYXxnORsl3PgB
103
vm4d46APMdXDnnZjXmAWbX+kn5P0uDRgcWsVVt2ueo1zioooHaCdrjJsKQFNR5sW
104
ItNaaw4d7z8c520KSNWcn//K8v5QhgM+3kGGwWUO9LuuMO+Xw5fu7HFdkl31bnTt
105
J7GkrAR0xIaZmNEkS0zkwZKDwgAwMk28BcHJ9AtjXMqoSwg/yNNwRYhCjeUwnc0I
106
I0+BI+3/XXVsIHnzhSTmXaF89JQKhEfOHv8asdlcLmqxDJ3EKAfPFXdRbsn5a7AJ
107
Jr8ZaTrZzUpK6WBXeyIAsk+8Gc7Pv4KNHynTDirnRHQW6fQKdmxzeD3tlfu4y2NZ
108
wWiu3taruxF7O331fvkIZ0s8ba3U/wtNmLwDPbhiF/V+PBjRgWcciWO6GfiZpqrY
109
RjS1nKpeLaklb9frdBtoS2FkpRs4zrokQOHLvuDwSPvnwlWy6XyiSGuPTn4VIlmA
110
lgi8eCY+dOYk6WFGzCCmeXBvJrjh7votz3atW00DLxDpDosor2e616yZd7TolbK/
111
ee7FoFI3rLMjQbWAcEF5Jxmgi/gkqFS8uaUFifrr6wN9dOtcSQKCAQEA9fRTUJM2
112
7dRddmC7VDQ4kuYowEh9Drs8R93S5r3GVmlEh9wrkzkkmUYSCEC6ZBzTsavfbYjp
113
ruATrsR5cjhFzl7RFodP/Jkpfr1oQdtwOsIF7XY+kMcO129MAn/sCbkc/Jb7tZBo
114
oc4XLlIU50dWf33EPZb+h61rxDTLvhd7KnVYlfOpLIfVkG25w5B4P8KNbK86qxyB
115
+iOpM7MIXCTguWivChXoEsL/scCIuITowYp7lCz4FAdHpoEm6bwfosl2YhSqfge+
116
WgA73FGM9E1QHn6Lw93BmtaDdcCyfD4QTZRKIrVryRIIUNoRwOi6YnyIgSNelUEU
117
2k3ymIpoosG0iwKCAQEA2HWBojkX7KkulSWeHApTSGkox8oWYm72BS5SdZtCZltI
118
N08dDtOCYUh+868HhNDiiCXBTsnvvF8yRcKLFU3aUBhrJSS8ObO0Topt7rH6xZze
119
jLuBUHaJhhem2HBl1hCvec++cgpsxY2GIACQN2jiwm1u8cKIdTVCsHgZlnlMTGCi
120
QdAwVIUy/oXnQ2lnd91sCArARSwViUxsfOkwxQJOBiHix8otbR5FZiZRUxGXnXj+
121
HFrt2QtFlDTNpTwAYCAjsb1E4VQJB/LCTEmiGXAd4qxDTrEfasSDIOLTuWohz9q0
122
nkLXKAHTRiZTT/JW62pahQLG6XcNuDySRSIG/LTCYwKCAQACx+ltPszfMYiA/yT/
123
FbwSBSIu0mL/mKRc16g7zaeBcJ1Cv/2KI5pDVWR8zWaOHTlTh/L1xReHT6dJUZVh
124
8jrv02ifzZXc8Epk0XVtUTLapzjz72NTtbx4ORzt5k5f6cTnIjnkWqakNbVTY8Ay
125
wT68IErou11TYWWXiVVIZ/GPkFYZE/E0vLBwep0gFfEWH3gD45NRPfhGQML3/603
126
hX84+XMJNSgzlhrYAqpJE8+h6JPvH/cKGu73dfxfpi3hZE+/WiZ3WFURpXEH07A5
127
Tup5/cpMw6QdwREpcq1R9E2w4t1XuR9n3ZlUeLK8sKTy2h+c/i5il6LJuRnmGaKH
128
PJNzAoIBAECMMd8FNXwuKyTwtchYz+L88Ns7CRfLTPPYj2BgrxlEyTEtF1Yvfmay
129
LqFOJWjWvWaqE44CK8o5fQ1OaRkuQRa3YWQPI031p6PwJb4TNtus3rSKyZIL9xCU
130
hv1t7wA5s4oYiAsLzsnOXRu370mGrnAaIAZZ40VIX52uArtbaoQwINKNWYwquD0s
131
Av2YNfGJhsiTJCi8b6OktYk+JHvrJwcvHahEQu2SJFHExWWHDnY3+VbNSrX5ZYM/
132
h79pOBdyHhLHhP3IiHTlUEldf8gkJdVNVzjlGqBE/3FUEpzs6C5KYqf6+JwGh1EY
133
5qkldAP5kAqv/E7sYJv6/Ac/kWPUJ08CggEAYNGB/MxBYjRdJ2F3wk2IE2AgsQRA
134
jcXhPnkMSlvWvmyYMDc1GWSbbfeyCbKZN1Lsxlen79Hre3ceJ8r2H4kg+B2Zlt7g
135
7sLZCeNA2yl8jLttCkHacramIZ8jDvauS3+2UKL/r/hzpqEwiUkCcI9qLNwDQFxs
136
nNXE0ISoMvcPWNJcghoH9zx9EQ5rpLPSImWlc9GjjKkJJ8hjwdp4s0janJUojLRX
137
6tdI84ziz6fr/HmFYEDkgttL0EFnSDBG+atth14eLjASloLrlobEcEhwmuvJJ3rS
138
xIGlOymzmWzoj2NxVK8H9GLcOG6ftULAMTZgUwayjTLxCLrErlRUVkM7Pg==
139
-----END RSA PRIVATE KEY-----
142
$uri = 'http://local.aphront.com:8090/plugins/servlet/oauth/request-token';
145
$future = id(new PhutilOAuth1Future($uri, $data))
146
->setConsumerKey('quackquack')
147
->setPrivateKey(new PhutilOpaqueEnvelope($private_key))
148
->setTimestamp('1375984131')
149
->setNonce('iamaduck')
150
->setSignatureMethod('RSA-SHA1');
152
// The actual signature is 684 bytes and begins "QwigfVxpOm0AKoWJkFRwbyseso
153
// VJobhiXpyY0J79Kzki+vwlT4Xz2Tr4vlwDLsra5gJbfdeme4qJ2rE..."
155
'5e63e65237e2b8078426996d5ef1a706',
156
md5($future->getSignature()));