def test_valid_http_signature_ec_p521(self):
privkey_path = self.ec_p521_key_path
signing_cfg = signing.HttpSigningConfiguration(
key_id="my-key-id",
signing_scheme=signing.SCHEME_HS2019,
private_key_path=privkey_path,
private_key_passphrase=self.private_key_passphrase,
hash_algorithm=signing.HASH_SHA512,
signed_headers=[
signing.HEADER_REQUEST_TARGET,
signing.HEADER_CREATED,
]
)
config = Configuration(host=HOST, signing_info=signing_cfg)
# Set the OAuth2 acces_token to None. Here we are interested in testing
# the HTTP signature scheme.
config.access_token = None
api_client = petstore_api.ApiClient(config)
pet_api = PetApi(api_client)
mock_pool = MockPoolManager(self)
api_client.rest_client.pool_manager = mock_pool
mock_pool.set_signing_config(signing_cfg)
mock_pool.expect_request('POST', 'http://petstore.swagger.io/v2/pet',
body=json.dumps(api_client.sanitize_for_serialization(self.pet)),
headers={'Content-Type': r'application/json',
'Authorization': r'Signature keyId="my-key-id",algorithm="hs2019",created=[0-9]+,'
r'headers="\(request-target\) \(created\)",'
r'signature="[a-zA-Z0-9+/=]+"',
'User-Agent': r'OpenAPI-Generator/1.0.0/python'},
preload_content=True, timeout=None)
pet_api.add_pet(self.pet)
def test_invalid_configuration(self):
# Signing scheme must be valid.
with self.assertRaises(Exception) as cm:
signing_cfg = signing.HttpSigningConfiguration(
key_id="my-key-id",
signing_scheme='foo',
private_key_path=self.ec_p521_key_path)
self.assertTrue(
re.match('Unsupported security scheme', str(cm.exception)),
'Exception message: {0}'.format(str(cm.exception)))
# Signing scheme must be specified.
with self.assertRaises(Exception) as cm:
signing_cfg = signing.HttpSigningConfiguration(
key_id="my-key-id",
private_key_path=self.ec_p521_key_path,
signing_scheme=None)
self.assertTrue(
re.match('Unsupported security scheme', str(cm.exception)),
'Exception message: {0}'.format(str(cm.exception)))
# Private key passphrase is missing but key is encrypted.
with self.assertRaises(Exception) as cm:
signing_cfg = signing.HttpSigningConfiguration(
key_id="my-key-id",
signing_scheme=signing.SCHEME_HS2019,
private_key_path=self.ec_p521_key_path,
)
self.assertTrue(
re.match('Not a valid clear PKCS#8 structure', str(cm.exception)),
'Exception message: {0}'.format(str(cm.exception)))
# File containing private key must exist.
with self.assertRaises(Exception) as cm:
signing_cfg = signing.HttpSigningConfiguration(
key_id="my-key-id",
signing_scheme=signing.SCHEME_HS2019,
private_key_path='foobar',
)
self.assertTrue(
re.match('Private key file does not exist', str(cm.exception)),
'Exception message: {0}'.format(str(cm.exception)))
# The max validity must be a positive value.
with self.assertRaises(Exception) as cm:
signing_cfg = signing.HttpSigningConfiguration(
key_id="my-key-id",
signing_scheme=signing.SCHEME_HS2019,
private_key_path=self.ec_p521_key_path,
signature_max_validity=timedelta(hours=-1))
self.assertTrue(
re.match('The signature max validity must be a positive value',
str(cm.exception)),
'Exception message: {0}'.format(str(cm.exception)))
# Cannot include the 'Authorization' header.
with self.assertRaises(Exception) as cm:
signing_cfg = signing.HttpSigningConfiguration(
key_id="my-key-id",
signing_scheme=signing.SCHEME_HS2019,
private_key_path=self.ec_p521_key_path,
signed_headers=['Authorization'])
self.assertTrue(
re.match("'Authorization' header cannot be included",
str(cm.exception)),
'Exception message: {0}'.format(str(cm.exception)))
# Cannot specify duplicate headers.
with self.assertRaises(Exception) as cm:
signing_cfg = signing.HttpSigningConfiguration(
key_id="my-key-id",
signing_scheme=signing.SCHEME_HS2019,
private_key_path=self.ec_p521_key_path,
signed_headers=['Host', 'Date', 'Host'])
self.assertTrue(
re.match('Cannot have duplicates in the signed_headers parameter',
str(cm.exception)),
'Exception message: {0}'.format(str(cm.exception)))
