class TestLocalVerifier(unittest.TestCase, VerifierTestCases):
def setUp(self):
with warnings.catch_warnings(record=True):
warnings.simplefilter("default")
self.verifier = LocalVerifier()
def test_expired_assertion(self):
super(TestLocalVerifier, self).test_expired_assertion()
# It'll verify OK if we wind back the clock.
data = self.verifier.verify(EXPIRED_ASSERTION, now=0)
self.assertEquals(data["audience"], "http://myfavoritebeer.org")
# And will fail if we give the wrong audience.
self.assertRaises(AudienceMismatchError,
self.verifier.verify, EXPIRED_ASSERTION, "h", 0)
def test_expired_assertion_dev(self):
super(TestLocalVerifier, self).test_expired_assertion_dev()
# It'll verify OK if we wind back the clock.
data = self.verifier.verify(EXPIRED_ASSERTION_DEV, now=0)
self.assertEquals(data["audience"], "http://dev.myfavoritebeer.org")
# And will fail if we give the wrong audience.
self.assertRaises(AudienceMismatchError,
self.verifier.verify, EXPIRED_ASSERTION_DEV, "h", 0)
def test_error_while_fetching_public_key(self):
def fetch_public_key(hostname):
raise RuntimeError("TESTING")
self.verifier.fetch_public_key = fetch_public_key
self.assertRaises(ConnectionError,
self.verifier.verify, EXPIRED_ASSERTION, now=0)
def test_missing_host_meta_document(self):
def urlopen(url, data):
raise RuntimeError("404 Not Found")
self.verifier.urlopen = urlopen
self.assertRaises(ConnectionError,
self.verifier.verify, EXPIRED_ASSERTION, now=0)
def test_malformed_host_meta_document(self):
def urlopen(url, data):
class response(object):
@staticmethod
def read():
return "I AINT NO XML, FOOL!"
return response
self.verifier.urlopen = urlopen
self.assertRaises(ConnectionError,
self.verifier.verify, EXPIRED_ASSERTION, now=0)
def test_host_meta_with_no_key_link(self):
def urlopen(url, data):
class response(object):
@staticmethod
def read():
return "<Meta>"\
" <Link rel='not the key link' href='haha' />"\
"</Meta>"
return response
self.verifier.urlopen = urlopen
self.assertRaises(ConnectionError,
self.verifier.verify, EXPIRED_ASSERTION, now=0)
def test_host_meta_with_key_link(self):
# The browserid.org server doesn't currently have host-meta.
# This simulates it with a link to the known public key URL.
called = []
orig_urlopen = self.verifier.urlopen
def urlopen(url, data):
if called:
return orig_urlopen("https://browserid.org/pk")
called.append(True)
class response(object):
@staticmethod
def read():
rel = self.verifier.HOST_META_REL_PUBKEY
return "<Meta>"\
" <Link rel='" + rel + "' href='haha' />"\
"</Meta>"
return response
self.verifier.urlopen = urlopen
self.assertTrue(self.verifier.verify(EXPIRED_ASSERTION, now=0))
def test_handling_of_invalid_content_length_header_from_server(self):
def urlopen(url, data):
class response(object):
@staticmethod
def info():
return {"Content-Length": "forty-two"}
@staticmethod
def read(size):
raise RuntimeError # pragma: nocover
return response
self.verifier.urlopen = urlopen
self.assertRaises(ConnectionError,
self.verifier.verify, EXPIRED_ASSERTION, now=0)
def test_error_handling_in_verify_certificate_chain(self):
self.assertRaises(ValueError,
self.verifier.verify_certificate_chain, [])
certs = decode_json_bytes(EXPIRED_ASSERTION)["certificates"]
certs = [JWT.parse(cert) for cert in certs]
self.assertRaises(ExpiredSignatureError,
self.verifier.verify_certificate_chain, certs)
self.assertTrue(self.verifier.verify_certificate_chain(certs, 0))
