def test_incorrect_headers(self):
HOST = self.header_host
METHOD = self.test_method
PATH = self.test_path
hs = HeaderSigner(secret=self.sign_secret,
key_id="Test",
algorithm=self.algorithm,
sign_header=self.sign_header,
headers=[
'(request-target)', 'host', 'date',
'content-type', 'digest', 'content-length'
],
sign_algorithm=self.sign_algorithm)
unsigned = {
'Host': HOST,
'Date': self.header_date,
'Content-Type': self.header_content_type,
'Digest': self.header_digest,
'Content-Length': self.header_content_length,
}
signed = hs.sign(unsigned, method=METHOD, path=PATH)
hv = HeaderVerifier(headers=signed,
secret=self.verify_secret,
required_headers=["some-other-header"],
host=HOST,
method=METHOD,
path=PATH,
sign_header=self.sign_header,
sign_algorithm=self.sign_algorithm)
with self.assertRaises(ValueError) as e:
hv.verify()
self.assertEqual(str(e.exception),
'some-other-header is a required header(s)')
def test_signed_headers(self):
HOST = self.header_host
METHOD = self.test_method
PATH = self.test_path
hs = HeaderSigner(key_id="Test",
secret=self.sign_secret,
algorithm=self.algorithm,
sign_header=self.sign_header,
headers=[
'(request-target)', 'host', 'date',
'content-type', 'digest', 'content-length'
],
sign_algorithm=self.sign_algorithm)
unsigned = {
'Host': HOST,
'Date': self.header_date,
'Content-Type': self.header_content_type,
'Digest': self.header_digest,
'Content-Length': self.header_content_length,
}
signed = hs.sign(unsigned, method=METHOD, path=PATH)
hv = HeaderVerifier(headers=signed,
secret=self.verify_secret,
host=HOST,
method=METHOD,
path=PATH,
sign_header=self.sign_header,
sign_algorithm=self.sign_algorithm)
self.assertTrue(hv.verify())
def test_extra_auth_headers(self):
HOST = "example.com"
METHOD = "POST"
PATH = '/foo?param=value&pet=dog'
hs = HeaderSigner(key_id="Test",
secret=self.sign_secret,
sign_header=self.sign_header,
algorithm=self.algorithm,
headers=[
'(request-target)', 'host', 'date',
'content-type', 'digest', 'content-length'
],
sign_algorithm=self.sign_algorithm)
unsigned = {
'Host': HOST,
'Date': self.header_date,
'Content-Type': self.header_content_type,
'Digest': self.header_digest,
'Content-Length': self.header_content_length,
}
signed = hs.sign(unsigned, method=METHOD, path=PATH)
hv = HeaderVerifier(headers=signed,
secret=self.verify_secret,
method=METHOD,
path=PATH,
sign_header=self.sign_header,
required_headers=['date', '(request-target)'],
sign_algorithm=self.sign_algorithm)
self.assertTrue(hv.verify())
def test_rsa_pubkey_fail(self):
from httpsig.sign import HeaderSigner
private_key_path = os.path.join(os.path.dirname(__file__),
'private_key2.pem')
with open(private_key_path, 'rb') as f:
private_key = f.read()
HOST = "example.com"
METHOD = "GET"
PATH = '/foo?param=value&pet=dog'
hs = HeaderSigner(key_id=KEYID,
secret=private_key,
algorithm=self.auth.ALGORITHM,
headers=[
'(request-target)', 'host', 'date',
'content-type', 'content-md5', 'content-length'
])
unsigned = {
'Host': HOST,
'Date': 'Thu, 05 Jan 2012 21:31:40 GMT',
'Content-Type': 'application/json',
'Content-MD5': 'Sd/dVLAcvNLSq16eXua5uQ==',
'Content-Length': '18',
}
signed = hs.sign(unsigned, method=METHOD, path=PATH)
# convert headers to DJANGO format and create request
DJ_HEADERS = {}
for key, value in six.iteritems(signed):
DJ_HEADERS.update({self.auth.header_canonical(key): value})
request = RequestFactory().get(PATH, {}, **DJ_HEADERS)
self.assertRaises(AuthenticationFailed, self.auth.authenticate,
request)
def test_incorrect_headers(self):
HOST = "example.com"
METHOD = "POST"
PATH = '/foo?param=value&pet=dog'
hs = HeaderSigner(secret=self.sign_secret,
key_id="Test",
algorithm=self.algorithm,
headers=[
'(request-target)', 'host', 'date',
'content-type', 'content-md5', 'content-length'
])
unsigned = {
'Host': HOST,
'Date': 'Thu, 05 Jan 2012 21:31:40 GMT',
'Content-Type': 'application/json',
'Content-MD5': 'Sd/dVLAcvNLSq16eXua5uQ==',
'Content-Length': '18',
}
signed = hs.sign(unsigned, method=METHOD, path=PATH)
hv = HeaderVerifier(headers=signed,
secret=self.verify_secret,
required_headers=["some-other-header"],
host=HOST,
method=METHOD,
path=PATH)
with self.assertRaises(Exception) as ex:
hv.verify()
def test_extra_auth_headers(self):
HOST = "example.com"
METHOD = "POST"
PATH = '/foo?param=value&pet=dog'
hs = HeaderSigner(key_id="Test",
secret=self.sign_secret,
algorithm=self.algorithm,
headers=[
'(request-target)', 'host', 'date',
'content-type', 'content-md5', 'content-length'
])
unsigned = {
'Host': HOST,
'Date': 'Thu, 05 Jan 2012 21:31:40 GMT',
'Content-Type': 'application/json',
'Content-MD5': 'Sd/dVLAcvNLSq16eXua5uQ==',
'Content-Length': '18',
}
signed = hs.sign(unsigned, method=METHOD, path=PATH)
hv = HeaderVerifier(headers=signed,
secret=self.verify_secret,
method=METHOD,
path=PATH,
required_headers=['date', '(request-target)'])
self.assertTrue(hv.verify())
def test_default(self):
unsigned = {'Date': 'Thu, 05 Jan 2012 21:31:40 GMT'}
hs = HeaderSigner(key_id="Test",
secret=self.sign_secret,
algorithm=self.algorithm)
signed = hs.sign(unsigned)
hv = HeaderVerifier(headers=signed, secret=self.verify_secret)
self.assertTrue(hv.verify())
def test_default(self):
unsigned = {'Date': self.header_date}
hs = HeaderSigner(key_id="Test",
secret=self.sign_secret,
algorithm=self.algorithm)
signed = hs.sign(unsigned)
hv = HeaderVerifier(headers=signed, secret=self.verify_secret)
self.assertTrue(hv.verify())
def test_mix_default_256_1(self):
unsigned = {'Date': self.header_date}
hs = HeaderSigner(key_id="Test",
secret=self.other_private_key,
algorithm='rsa-sha256',
sign_header=self.sign_header)
signed = hs.sign(unsigned)
hv = HeaderVerifier(headers=signed,
secret=self.public_key,
sign_header=self.sign_header)
self.assertFalse(hv.verify())
def test_correct_derived_algorithm(self):
unsigned = {'Date': self.header_date}
hs = HeaderSigner(key_id="Test",
secret=self.sign_secret,
algorithm=self.algorithm,
sign_header=self.sign_header,
sign_algorithm=self.sign_algorithm)
signed = hs.sign(unsigned)
hv = HeaderVerifier(headers=signed,
secret=self.verify_secret,
sign_header=self.sign_header,
algorithm="hs2019",
sign_algorithm=self.sign_algorithm)
self.assertTrue(hv.verify())
def test_algorithm_mismatch(self):
unsigned = {'Date': self.header_date}
hs = HeaderSigner(key_id="Test",
secret=self.sign_secret,
algorithm=self.algorithm,
sign_header=self.sign_header,
sign_algorithm=self.sign_algorithm)
signed = hs.sign(unsigned)
hv = HeaderVerifier(headers=signed,
secret=self.verify_secret,
sign_header=self.sign_header,
algorithm="rsa-sha256",
sign_algorithm=self.sign_algorithm)
self.assertFalse(hv.verify())
