def test_all(self):
hs = HeaderSigner(key_id='Test', secret=self.key, headers=[
'request-line',
'host',
'date',
'content-type',
'content-md5',
'content-length'
])
unsigned = {
'Host': 'example.com',
'Date': 'Thu, 05 Jan 2012 21:31:40 GMT',
'Content-Type': 'application/json',
'Content-MD5': 'Sd/dVLAcvNLSq16eXua5uQ==',
'Content-Length': '18',
}
signed = hs.sign(unsigned, method='POST',
path='/foo?param=value&pet=dog')
self.assertIn('Date', signed)
self.assertEqual(unsigned['Date'], signed['Date'])
self.assertIn('Authorization', signed)
params = self._parse_auth(signed['Authorization'])
self.assertIn('keyId', params)
self.assertIn('algorithm', params)
self.assertIn('signature', params)
self.assertEqual(params['keyId'], 'Test')
self.assertEqual(params['algorithm'], 'rsa-sha256')
self.assertEqual(params['headers'], 'request-line host date content-type content-md5 content-length')
self.assertEqual(params['signature'], "%s" % b('H/AaTDkJvLELy4i1RujnKlS6dm8QWiJvEpn9cKRMi49kKF+mohZ15z1r+mF+XiKS5kOOscyS83olfBtsVhYjPg2Ei3/D9D4Mvb7bFm9IaLJgYTFFuQCghrKQQFPiqJN320emjHxFowpIm1BkstnEU7lktH/XdXVBo8a6Uteiztw='))
def test_incorrect_headers(self):
HOST = "example.com"
METHOD = "POST"
PATH = '/foo?param=value&pet=dog'
hs = HeaderSigner(secret=self.private_key,
key_id=self.public_key,
headers=[
'request-line', 'host', 'date', 'content-type',
'content-md5', 'content-length'
])
unsigned = {
'Host': HOST,
'Date': 'Thu, 05 Jan 2012 21:31:40 GMT',
'Content-Type': 'application/json',
'Content-MD5': 'Sd/dVLAcvNLSq16eXua5uQ==',
'Content-Length': '18',
}
signed = hs.sign(unsigned, method=METHOD, path=PATH)
hv = HeaderVerifier(headers=signed,
required_headers=["some-other-header"],
host=HOST,
method=METHOD,
path=PATH)
with self.assertRaises(Exception) as ex:
hv.verify_headers()
self.assertEqual(ex.exception.message,
"some-other-header is a required header(s)")
def test_incorrect_headers(self):
HOST = "example.com"
METHOD = "POST"
PATH = '/foo?param=value&pet=dog'
hs = HeaderSigner(secret=self.private_key,
key_id=self.public_key,
headers=[
'request-line',
'host',
'date',
'content-type',
'content-md5',
'content-length'])
unsigned = {
'Host': HOST,
'Date': 'Thu, 05 Jan 2012 21:31:40 GMT',
'Content-Type': 'application/json',
'Content-MD5': 'Sd/dVLAcvNLSq16eXua5uQ==',
'Content-Length': '18',
}
signed = hs.sign(unsigned, method=METHOD,
path=PATH)
hv = HeaderVerifier(headers=signed, required_headers=["some-other-header"], host=HOST, method=METHOD, path=PATH)
with self.assertRaises(Exception) as ex:
hv.verify_headers()
self.assertEqual(ex.exception.message,
"some-other-header is a required header(s)")
def test_all(self):
hs = HeaderSigner(key_id='Test',
secret=self.key,
headers=[
'request-line', 'host', 'date', 'content-type',
'content-md5', 'content-length'
])
unsigned = {
'Host': 'example.com',
'Date': 'Thu, 05 Jan 2012 21:31:40 GMT',
'Content-Type': 'application/json',
'Content-MD5': 'Sd/dVLAcvNLSq16eXua5uQ==',
'Content-Length': '18',
}
signed = hs.sign_headers(unsigned,
method='POST',
path='/foo?param=value&pet=dog')
self.assertIn('Date', signed)
self.assertEqual(unsigned['Date'], signed['Date'])
self.assertIn('Authorization', signed)
params = self._parse_auth(signed['Authorization'])
self.assertIn('keyId', params)
self.assertIn('algorithm', params)
self.assertIn('signature', params)
self.assertEqual(params['keyId'], 'Test')
self.assertEqual(params['algorithm'], 'rsa-sha256')
self.assertEqual(
params['headers'],
'request-line host date content-type content-md5 content-length')
self.assertEqual(
params['signature'],
'H/AaTDkJvLELy4i1RujnKlS6dm8QWiJvEpn9cKRMi49kKF+mohZ15z1r+mF+XiKS5kOOscyS83olfBtsVhYjPg2Ei3/D9D4Mvb7bFm9IaLJgYTFFuQCghrKQQFPiqJN320emjHxFowpIm1BkstnEU7lktH/XdXVBo8a6Uteiztw='
)
def test_default(self):
# signer = HeaderSigner(secret=self.private_key)
# verifier = HeaderVerifier(public_key=self.public_key)
hs = HeaderSigner(key_id=self.public_key, secret=self.private_key)
unsigned = {'Date': 'Thu, 05 Jan 2012 21:31:40 GMT'}
signed = hs.sign(unsigned)
hv = HeaderVerifier(headers=signed)
self.assertTrue(hv.verify_headers())
def test_default(self):
# signer = HeaderSigner(secret=self.private_key)
# verifier = HeaderVerifier(public_key=self.public_key)
hs = HeaderSigner(key_id=self.public_key, secret=self.private_key)
unsigned = {
'Date': 'Thu, 05 Jan 2012 21:31:40 GMT'
}
signed = hs.sign(unsigned)
hv = HeaderVerifier(headers=signed)
self.assertTrue(hv.verify_headers())
def __init__(self, key_header, key_id, secret, hash_algorithm='sha256'):
"""
:param key_header: the name of header containing the key id
:param key_id: the key id
:param secret: the secret shared with server
:param hash_algorithm: a hash algorithm in sha1, sha256, sha512 (defaults to sha256)
"""
super(HmacHttpSignature, self).__init__(key_header, key_id)
headers = [h.lower() for h in self.default_headers + [self.key]]
algorithm = 'hmac-%s' % hash_algorithm
self.header_signer = HeaderSigner(key_id=key_id,
secret=b(secret),
algorithm=algorithm,
headers=headers)
def test_default(self):
hs = HeaderSigner(key_id='Test', secret=self.key)
unsigned = {
'Date': 'Thu, 05 Jan 2012 21:31:40 GMT'
}
signed = hs.sign(unsigned)
self.assertIn('Date', signed)
self.assertEqual(unsigned['Date'], signed['Date'])
self.assertIn('Authorization', signed)
params = self._parse_auth(signed['Authorization'])
self.assertIn('keyId', params)
self.assertIn('algorithm', params)
self.assertIn('signature', params)
self.assertEqual(params['keyId'], 'Test')
self.assertEqual(params['algorithm'], 'rsa-sha256')
self.assertEqual(params['signature'], "%s" % b('ATp0r26dbMIxOopqw0OfABDT7CKMIoENumuruOtarj8n/97Q3htHFYpH8yOSQk3Z5zh8UxUym6FYTb5+A0Nz3NRsXJibnYi7brE/4tx5But9kkFGzG+xpUmimN4c3TMN7OFH//+r8hBf7BT9/GmHDUVZT2JzWGLZES2xDOUuMtA='))
class HmacHttpSignature(ApiKey):
""" Britney middleware that add to request an Authorization header containing an http signature,
construct with an HMAC sign algorithm signature.
"""
default_headers = ['Request-Line', 'Host', 'User-Agent', 'Date']
def __init__(self, key_header, key_id, secret, hash_algorithm='sha256'):
"""
:param key_header: the name of header containing the key id
:param key_id: the key id
:param secret: the secret shared with server
:param hash_algorithm: a hash algorithm in sha1, sha256, sha512 (defaults to sha256)
"""
super(HmacHttpSignature, self).__init__(key_header, key_id)
headers = [h.lower() for h in self.default_headers + [self.key]]
algorithm = 'hmac-%s' % hash_algorithm
self.header_signer = HeaderSigner(key_id=key_id,
secret=b(secret),
algorithm=algorithm,
headers=headers)
def process_request(self, environ):
"""
:param environ: the environment of the request
:type environ: dict
"""
super(HmacHttpSignature, self).process_request(environ)
signed_headers = self.header_signer.sign(
environ.get('spore.headers'),
method=environ.get('REQUEST_METHOD'),
path=environ.get('PATH_INFO'))
add_header(environ, 'Authorization', signed_headers['Authorization'])
def test_default(self):
hs = HeaderSigner(key_id='Test', secret=self.key)
unsigned = {'Date': 'Thu, 05 Jan 2012 21:31:40 GMT'}
signed = hs.sign_headers(unsigned)
self.assertIn('Date', signed)
self.assertEqual(unsigned['Date'], signed['Date'])
self.assertIn('Authorization', signed)
params = self._parse_auth(signed['Authorization'])
self.assertIn('keyId', params)
self.assertIn('algorithm', params)
self.assertIn('signature', params)
self.assertEqual(params['keyId'], 'Test')
self.assertEqual(params['algorithm'], 'rsa-sha256')
self.assertEqual(
params['signature'],
'ATp0r26dbMIxOopqw0OfABDT7CKMIoENumuruOtarj8n/97Q3htHFYpH8yOSQk3Z5zh8UxUym6FYTb5+A0Nz3NRsXJibnYi7brE/4tx5But9kkFGzG+xpUmimN4c3TMN7OFH//+r8hBf7BT9/GmHDUVZT2JzWGLZES2xDOUuMtA='
)
def test_extra_auth_headers(self):
HOST = "example.com"
METHOD = "POST"
PATH = '/foo?param=value&pet=dog'
hs = HeaderSigner(key_id=self.public_key,
secret=self.private_key,
headers=[
'request-line', 'host', 'date', 'content-type',
'content-md5', 'content-length'
])
unsigned = {
'Host': HOST,
'Date': 'Thu, 05 Jan 2012 21:31:40 GMT',
'Content-Type': 'application/json',
'Content-MD5': 'Sd/dVLAcvNLSq16eXua5uQ==',
'Content-Length': '18',
}
signed = hs.sign(unsigned, method=METHOD, path=PATH)
hv = HeaderVerifier(headers=signed,
method=METHOD,
path=PATH,
required_headers=['date', 'request-line'])
self.assertTrue(hv.verify_headers())
def test_signed_headers(self):
HOST = "example.com"
METHOD = "POST"
PATH = '/foo?param=value&pet=dog'
hs = HeaderSigner(key_id=self.public_key, secret=self.private_key, headers=[
'request-line',
'host',
'date',
'content-type',
'content-md5',
'content-length'
])
unsigned = {
'Host': HOST,
'Date': 'Thu, 05 Jan 2012 21:31:40 GMT',
'Content-Type': 'application/json',
'Content-MD5': 'Sd/dVLAcvNLSq16eXua5uQ==',
'Content-Length': '18',
}
signed = hs.sign(unsigned, method=METHOD,
path=PATH)
hv = HeaderVerifier(headers=signed, host=HOST, method=METHOD, path=PATH)
self.assertTrue(hv.verify_headers())
def test_date_added(self):
hs = HeaderSigner(key_id='', secret=self.key)
unsigned = {}
signed = hs.sign(unsigned)
self.assertIn('Date', signed)
self.assertIn('Authorization', signed)
def test_date_added(self):
hs = HeaderSigner(key_id='', secret=self.key)
unsigned = {}
signed = hs.sign_headers(unsigned)
self.assertIn('Date', signed)
self.assertIn('Authorization', signed)