egroupware/api/tests/Mail/CredentialsTest.php

104 lines
3.4 KiB
PHP
Raw Normal View History

<?php
/**
* EGroupware Api: Mail account credentials tests
*
* @link http://www.stylite.de
* @package api
* @subpackage mail
* @author Ralf Becker <rb-AT-stylite.de>
* @copyright (c) 2016 by Ralf Becker <rb-AT-stylite.de>
* @author Stylite AG <info@stylite.de>
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
* @version $Id$
*/
namespace EGroupware\Api\Mail;
use EGroupware\Api;
use PHPUnit\Framework\TestCase;
use ReflectionClass;
use EGroupware\Api\Mail\Credentials;
/**
* Mail account credentials tests
*
* Only testing en&decryption of mail passwords so far.
* Further tests would need database.
*/
class CredentialsTest extends TestCase
{
/**
* Test new 16.1 AES password encryption with OpenSSL
*/
public function testAes()
{
$mail_password = 'RälfÜber12345678sdddfd';
$account_id = $GLOBALS['egw_info']['user']['account_id'] = 1;
Api\Cache::setSession('phpgwapi', 'password', base64_encode('HMqUHxzMBjjvXppV'));
// test encryption with fixed salt
$pw_encrypted = 'IaaBeu6LiIa+iFBnHYroXA==4lp30Z4B20OdUYnFrxM3lo4b+bsf5wQITdyM1eMP6PM=';
$pw_enc = null;
$this->assertEquals($pw_encrypted, self::callProtectedMethod('encrypt_openssl_aes', __NAMESPACE__.'\\Credentials',
array($mail_password, $account_id, &$pw_enc, null, base64_decode(substr($pw_encrypted, 0, Credentials::SALT_LEN64)))),
'AES encrypt with fixed salt');
// test encryption&descryption with random salt
$pw_encrypted_rs = self::callProtectedMethod('encrypt', __NAMESPACE__.'\\Credentials',
array($mail_password, $account_id, &$pw_enc));
$row = array(
'account_id' => $account_id,
'cred_password' => $pw_encrypted_rs,
'cred_pw_enc' => $pw_enc,
);
$this->assertEquals($mail_password, self::callProtectedMethod('decrypt', __NAMESPACE__.'\\Credentials',
array($row)), 'AES decrypt with random salt');
}
/**
* Test old 14.x tripledes password encryption with mcrypt (if available) and openssl
*/
public function testTripledes()
{
$mail_password = 'RälfÜber12345678sdddfd';
$account_id = $GLOBALS['egw_info']['user']['account_id'] = 1;
Api\Cache::setSession('phpgwapi', 'password', base64_encode('HMqUHxzMBjjvXppV'));
$pw_encrypted = 'Y7QwLIqS6MP61hS8/e4i0wCdtpQP6kZ2';
// if mycrypt is available check encrypting too
if (check_load_extension('mcrypt'))
{
$pw_enc = null;
$this->assertEquals($pw_encrypted, self::callProtectedMethod('encrypt_mcrypt_3des', __NAMESPACE__.'\\Credentials',
array($mail_password, $account_id, &$pw_enc)), 'tripledes encryption with mcrypt');
}
else
{
$pw_enc = Credentials::USER;
}
// otherwise only check decrypting with openssl
$row = array(
'account_id' => $account_id,
'cred_password' => $pw_encrypted,
'cred_pw_enc' => $pw_enc,
);
$this->assertEquals($mail_password, self::callProtectedMethod('decrypt', __NAMESPACE__.'\\Credentials',
array($row)), 'tripledes decryption with openssl');
if (check_load_extension('mcrypt'))
{
$this->assertEquals($mail_password, self::callProtectedMethod('decrypt_mcrypt_3des', __NAMESPACE__.'\\Credentials',
array($row)), 'tripledes decryption with mcrypt');
}
}
protected static function callProtectedMethod($name, $classname, $params)
{
$class = new ReflectionClass($classname);
$method = $class->getMethod($name);
$method->setAccessible(true);
$obj = new $classname();
return $method->invokeArgs($obj, $params);
}
}