Google Git
Sign in
chromium / external / googleappengine / python / 2e4b3c86045dfc772570f162708e4f060bfa38ae / . / php / sdk / google / appengine / api / app_identity / AppIdentityServiceTest.php
blob: 61c3b31f6189525198b3eea5830a602b5e25bc7d [file] [log] [blame]
<?php
/**
* Copyright 2007 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* PHP Unit tests for the AppIdentityService.
*
*/
use google\appengine\AppIdentityServiceError\ErrorCode;
use google\appengine\api\app_identity\AppIdentityService;
use google\appengine\testing\ApiProxyTestBase;
/**
* Unittest for AppIdentityService class.
*/
class AppIdentityServiceTest extends ApiProxyTestBase {
public function setUp() {
parent::setUp();
$this->_SERVER = $_SERVER;
}
public function testDown() {
$_SERVER = $this->_SERVER;
parent::tearDown();
}
public function testSignForApp() {
$req = new \google\appengine\SignForAppRequest();
$req->setBytesToSign('these are the bytes');
$resp = new \google\appengine\SignForAppResponse();
$resp->setSignatureBytes('signed bytes.');
$resp->setKeyName('the key_name');
$this->apiProxyMock->expectCall('app_identity_service',
'SignForApp',
$req,
$resp);
$sign_bytes = 'these are the bytes';
$sign_result = AppIdentityService::signForApp($sign_bytes);
$this->assertEquals($sign_result['key_name'], 'the key_name');
$this->assertEquals($sign_result['signature'], 'signed bytes.');
$this->apiProxyMock->verify();
}
public function testInvalidBytesToSign() {
$this->setExpectedException('\InvalidArgumentException');
$sign_result = AppIdentityService::signForApp(1.0);
}
public function testGetPublicCertificates() {
$req = new \google\appengine\GetPublicCertificateForAppRequest();
$resp = new \google\appengine\GetPublicCertificateForAppResponse();
$cert = $resp->mutablePublicCertificateList(0);
$cert->setKeyName('key1');
$cert->setX509CertificatePem('cert1');
$cert = $resp->mutablePublicCertificateList(1);
$cert->setKeyName('key2');
$cert->setX509CertificatePem('cert2');
$this->apiProxyMock->expectCall('app_identity_service',
'GetPublicCertificatesForApp',
$req,
$resp);
$certs = AppIdentityService::getPublicCertificates();
$cert = $certs[0];
$this->assertEquals($cert->getCertificateName(), 'key1');
$this->assertEquals($cert->getX509CertificateInPemFormat(), 'cert1');
$cert = $certs[1];
$this->assertEquals($cert->getCertificateName(), 'key2');
$this->assertEquals($cert->getX509CertificateInPemFormat(), 'cert2');
$this->apiProxyMock->verify();
}
public function testGetServiceAccountName() {
$req = new \google\appengine\GetServiceAccountNameRequest();
$service_account_result = 'foobar@gserviceaccount.google.com';
$resp = new \google\appengine\GetServiceAccountNameResponse();
$resp->setServiceAccountName($service_account_result);
$this->apiProxyMock->expectCall('app_identity_service',
'GetServiceAccountName',
$req,
$resp);
$service_account = AppIdentityService::getServiceAccountName();
$this->assertEquals($service_account, $service_account_result);
$this->apiProxyMock->verify();
}
private function expectGetAccessTokenRequest($scopes, $cached,
$exception = null) {
$req = new \google\appengine\MemcacheGetRequest();
$memcache_key = AppIdentityService::MEMCACHE_KEY_PREFIX .
AppIdentityService::DOMAIN_SEPARATOR .
implode(AppIdentityService::DOMAIN_SEPARATOR, $scopes);
$req->addKey($memcache_key);
$resp = new \google\appengine\MemcacheGetResponse();
if ($cached) {
$item = $resp->addItem();
$item->setKey($memcache_key);
$item->setValue(serialize([
'access_token' => 'foo token',
'expiration_time' => 12345,
]));
$item->setFlags(
\google\appengine\runtime\MemcacheUtils::TYPE_PHP_SERIALIZED);
}
$this->apiProxyMock->expectCall('memcache',
'Get',
$req,
$resp);
if ($cached) {
return;
}
$req = new \google\appengine\GetAccessTokenRequest();
foreach ($scopes as $scope) {
$req->addScope($scope);
}
if (is_null($exception)) {
$resp = new \google\appengine\GetAccessTokenResponse();
$resp->setAccessToken('foo token');
$resp->setExpirationTime(12345);
} else {
$resp = $exception;
}
$this->apiProxyMock->expectCall('app_identity_service',
'GetAccessToken',
$req,
$resp);
if (!is_null($exception)) {
return;
}
$req = new \google\appengine\MemcacheSetRequest();
$item = $req->addItem();
$item->setKey($memcache_key);
$item->setValue(serialize([
'access_token' => $resp->getAccessToken(),
'expiration_time' => $resp->getExpirationTime(),
]));
$item->setExpirationTime($resp->getExpirationTime() - 300);
$item->setFlags(
\google\appengine\runtime\MemcacheUtils::TYPE_PHP_SERIALIZED);
$item->setSetPolicy(1); // Add
$resp = new \google\appengine\MemcacheSetResponse();
$resp->addSetStatus(1); // Stored
$this->apiProxyMock->expectCall('memcache',
'Set',
$req,
$resp);
}
public function testGetAccessTokenCacheHit() {
$scope = 'mail.google.com/send';
self::expectGetAccessTokenRequest(array($scope), true);
$result = AppIdentityService::getAccessToken($scope);
$this->assertEquals($result['access_token'], 'foo token');
$this->assertEquals($result['expiration_time'], 12345);
$this->apiProxyMock->verify();
}
public function testGetAccessTokenCacheMiss() {
$scope = 'mail.google.com/send';
self::expectGetAccessTokenRequest(array($scope), false);
$result = AppIdentityService::getAccessToken($scope);
$this->assertEquals($result['access_token'], 'foo token');
$this->assertEquals($result['expiration_time'], 12345);
$this->apiProxyMock->verify();
}
public function testGetAccessTokenScopes() {
$scope1 = 'mail.google.com/send';
$scope2 = 'google.cloud.scope/foo';
self::expectGetAccessTokenRequest(array($scope1, $scope2), false);
$result = AppIdentityService::getAccessToken([$scope1, $scope2]);
$this->assertEquals($result['access_token'], 'foo token');
$this->assertEquals($result['expiration_time'], 12345);
$this->apiProxyMock->verify();
}
public function testGetAccessTokenInvalidScope() {
$this->setExpectedException('\InvalidArgumentException');
$sign_result = AppIdentityService::getAccessToken(1.0);
}
private function expectMemcacheGetRequest($scopes) {
$req = new \google\appengine\MemcacheGetRequest();
$memcache_key = AppIdentityService::MEMCACHE_KEY_PREFIX .
AppIdentityService::DOMAIN_SEPARATOR .
implode(AppIdentityService::DOMAIN_SEPARATOR, $scopes);
$req->addKey($memcache_key);
$resp = new \google\appengine\MemcacheGetResponse();
$this->apiProxyMock->expectCall('memcache',
'Get',
$req,
$resp);
}
public function testGetAccessTokenInvalidScopeArray() {
$scopes = ["foo", 1];
self::expectMemcacheGetRequest($scopes);
$this->setExpectedException('\InvalidArgumentException');
$sign_result = AppIdentityService::getAccessToken($scopes);
}
public function testGetAccessTokenServiceInvalidScope() {
$req = new \google\appengine\GetAccessTokenRequest();
$scope = 'mail.google.com/invalid-scope';
$req->addScope($scope);
$exception = new \google\appengine\runtime\ApplicationError(
ErrorCode::UNKNOWN_SCOPE, "unknown scope");
$this->setExpectedException('\InvalidArgumentException',
'An unknown scope was supplied.');
self::expectGetAccessTokenRequest(array($scope), false, $exception);
$result = AppIdentityService::getAccessToken($scope);
}
public function testGetAccessTokenGaiaMintNotInitialized() {
$this->executeServiceErrorTest(
ErrorCode::GAIAMINT_NOT_INITIAILIZED,
'There was a GAIA error using the AppIdentity service.');
}
public function testGetAccessTokenServiceNotAnnApp() {
$this->executeServiceErrorTest(ErrorCode::NOT_A_VALID_APP,
'The application is not valid.');
}
public function testGetAccessTokenServiceUnknownError() {
$this->executeServiceErrorTest(
ErrorCode::UNKNOWN_ERROR,
'There was an unknown error using the AppIdentity service.');
}
public function testGetAccessTokenServiceNotAllowed() {
$this->executeServiceErrorTest(ErrorCode::NOT_ALLOWED,
'The call is not allowed.');
}
public function testGetApplicationId() {
putenv("APPLICATION_ID=simple-app-id");
$this->assertEquals("simple-app-id",
AppIdentityService::getApplicationId());
putenv("APPLICATION_ID=domain.com:domain-app-id");
$this->assertEquals("domain.com:domain-app-id",
AppIdentityService::getApplicationId());
putenv("APPLICATION_ID=part~partition-app-id");
$this->assertEquals("partition-app-id",
AppIdentityService::getApplicationId());
putenv("APPLICATION_ID=part~domain.com:display");
$this->assertEquals("domain.com:display",
AppIdentityService::getApplicationId());
}
public function testGetDefaultVersionHostname() {
putenv("DEFAULT_VERSION_HOSTNAME=my-app.appspot.com");
$this->assertEquals("my-app.appspot.com",
AppIdentityService::getDefaultVersionHostname());
}
private function executeServiceErrorTest($error, $expected_response) {
$req = new \google\appengine\GetAccessTokenRequest();
$scope = 'mail.google.com/invalid-scope';
$req->addScope($scope);
$exception = new \google\appengine\runtime\ApplicationError(
$error, "not initialized");
$this->setExpectedException(
'\google\appengine\api\app_identity\AppIdentityException',
$expected_response);
self::expectGetAccessTokenRequest(array($scope), false, $exception);
$result = AppIdentityService::getAccessToken($scope);
}
}