Beispiel #1
0
 def setUp(self):
     ''' Validate the Authurization header has the correct format '''
     method = "POST"
     host = "example.com"
     path = "/path/to/resource"
     port = "8080"
     self.request = SignedRequest(method, host, path, port)
     # This doesn't have to be decoded on the other side.  It just has to be ascii printable
     self.nonce = hexlify(os.urandom(32))
     self.timestamp = str(int(time.time()))
     # This doesn't have to be decoded on the other side.  It just has to be ascii printable
     self.key_id = hexlify(os.urandom(32))
     self.key = hexlify(os.urandom(40))
Beispiel #2
0
class TestRequest(unittest.TestCase):
    """ Verify request objects behave as expected """
    def setUp(self):
        ''' Validate the Authurization header has the correct format '''
        method = "POST"
        host = "example.com"
        path = "/path/to/resource"
        port = "8080"
        self.request = SignedRequest(method, host, path, port)
        # This doesn't have to be decoded on the other side.  It just has to be ascii printable
        self.nonce = hexlify(os.urandom(32))
        self.timestamp = str(int(time.time()))
        # This doesn't have to be decoded on the other side.  It just has to be ascii printable
        self.key_id = hexlify(os.urandom(32))
        self.key = hexlify(os.urandom(40))

    def test_request_valid(self):
        ''' Validate the request header validates correctly '''
        auth_header = self.request.get_signed_header(self.nonce,
                                                     self.timestamp,
                                                     self.key_id, self.key)
        self.assertTrue(
            self.request.verify_signed_header(auth_header[1], self.key),
            "Verify a signed request header authenticates properly.")
        self.assertFalse(
            self.request.verify_signed_header(auth_header[1], self.key[:-1]),
            "Verify a tampered with key or request doesn't verify properly")

        self.request.method = b"GET"
        self.assertFalse(
            self.request.verify_signed_header(auth_header[1], self.key),
            "Verify a tampered with key or request doesn't verify properly")

        self.request.method, self.request.path = b"POST", b"/not/path"
        self.assertFalse(
            self.request.verify_signed_header(auth_header[1], self.key),
            "Verify a tampered with key or request doesn't verify properly")

    def test_request_unicode(self):
        ''' Validate the request validates with unicode correctly '''
        self.key = u'¬˚∆œ∑¬˚œ∑´¬œ∑´∆˚∆ç∂√å∫∂√˚´∑ˆø'
        auth_header = self.request.get_signed_header(self.nonce,
                                                     self.timestamp,
                                                     self.key_id, self.key)
        self.assertTrue(
            self.request.verify_signed_header(auth_header[1], self.key))

    def test_get_auth_header_values(self):
        ''' Validate the Auth Header properly parses into dictionary '''
        header = 'MAC id="123", ts="123", nonce="nonce", mac="2tduYjW+ZTdQyN/aOQxk3fVBnaaNs5qMmnDVIfvp16g="'
        expect = dict(id="123",
                      ts="123",
                      nonce="nonce",
                      mac="2tduYjW+ZTdQyN/aOQxk3fVBnaaNs5qMmnDVIfvp16g=")
        actual = get_auth_header_values(header)
        self.assertEqual(expect, actual, 'Assert header values are equivalent')
Beispiel #3
0
 def setUp(self):
     ''' Validate the Authurization header has the correct format '''
     method = "POST"
     host = "example.com"
     path = "/path/to/resource"
     port = "8080"
     self.request = SignedRequest(method, host, path, port)
     # This doesn't have to be decoded on the other side.  It just has to be ascii printable
     self.nonce = hexlify(os.urandom(32))
     self.timestamp = str(int(time.time()))
     # This doesn't have to be decoded on the other side.  It just has to be ascii printable
     self.key_id = hexlify(os.urandom(32))
     self.key = hexlify(os.urandom(40))
Beispiel #4
0
class TestRequest(unittest.TestCase):
    """ Verify request objects behave as expected """

    def setUp(self):
        ''' Validate the Authurization header has the correct format '''
        method = "POST"
        host = "example.com"
        path = "/path/to/resource"
        port = "8080"
        self.request = SignedRequest(method, host, path, port)
        # This doesn't have to be decoded on the other side.  It just has to be ascii printable
        self.nonce = hexlify(os.urandom(32))
        self.timestamp = str(int(time.time()))
        # This doesn't have to be decoded on the other side.  It just has to be ascii printable
        self.key_id = hexlify(os.urandom(32))
        self.key = hexlify(os.urandom(40))

    def test_request_valid(self):
        ''' Validate the request header validates correctly '''
        auth_header = self.request.get_signed_header(self.nonce, self.timestamp, self.key_id, self.key)
        self.assertTrue(self.request.verify_signed_header(auth_header[1], self.key),
                        "Verify a signed request header authenticates properly.")
        self.assertFalse(self.request.verify_signed_header(auth_header[1], self.key[:-1]),
                         "Verify a tampered with key or request doesn't verify properly")
        self.request.method = "GET"
        self.assertFalse(self.request.verify_signed_header(auth_header[1], self.key),
                         "Verify a tampered with key or request doesn't verify properly")
        self.request.method, self.request.path = "POST", "/not/path"
        self.assertFalse(self.request.verify_signed_header(auth_header[1], self.key),
                         "Verify a tampered with key or request doesn't verify properly")

    def test_request_unicode(self):
        ''' Validate the request validates with unicode correctly '''
        self.key = u'¬˚∆œ∑¬˚œ∑´¬œ∑´∆˚∆ç∂√å∫∂√˚´∑ˆø'
        auth_header = self.request.get_signed_header(self.nonce, self.timestamp, self.key_id, self.key)
        self.assertTrue(self.request.verify_signed_header(auth_header[1], self.key))

    def test_get_auth_header_values(self):
        ''' Validate the Auth Header properly parses into dictionary '''
        header = 'MAC id="123", ts="123", nonce="nonce", mac="2tduYjW+ZTdQyN/aOQxk3fVBnaaNs5qMmnDVIfvp16g="'
        expect = dict(id="123", ts="123", nonce="nonce", mac="2tduYjW+ZTdQyN/aOQxk3fVBnaaNs5qMmnDVIfvp16g=")
        actual = get_auth_header_values(header)
        self.assertEqual(expect, actual, 'Assert header values are equivalent')