def test_signed_request_verify_failure_invalid_signature(self):
request_data = data.copy()
signed = SecureEnough.signed_request_create(request_data, secret=app_secret)
self.assertRaises(
insecure_but_secure_enough.InvalidSignature,
lambda: SecureEnough.signed_request_verify(signed, secret=app_secret_wrong)
)
def test_signed_request_create_invalid_algoritm(self):
request_data = data.copy()
request_data['algorithm'] = 'md5'
self.assertRaises(
insecure_but_secure_enough.InvalidAlgorithm,
lambda: SecureEnough.signed_request_create(request_data, secret=app_secret)
)
def test_signed_request_verify_failure_invalid_signature(self):
request_data = data.copy()
signed = SecureEnough.signed_request_create(request_data,
secret=app_secret)
self.assertRaises(
insecure_but_secure_enough.InvalidSignature, lambda: SecureEnough.
signed_request_verify(signed, secret=app_secret_wrong))
def test_signed_request_create_and_verify_with_timeout(self):
request_data = data.copy()
issued_at = int(time())
signed = SecureEnough.signed_request_create(request_data, secret=app_secret, issued_at=issued_at)
(verified, payload) = SecureEnough.signed_request_verify(signed, secret=app_secret, timeout=100)
self.assertTrue(verified)
self.assertTrue(_validate_signed_request_payload(payload, request_data))
def test_signed_request_create_invalid_algoritm(self):
request_data = data.copy()
request_data['algorithm'] = 'md5'
self.assertRaises(
insecure_but_secure_enough.InvalidAlgorithm,
lambda: SecureEnough.signed_request_create(request_data,
secret=app_secret))
def test_signed_request_create_and_verify_with_timeout_failure(self):
request_data = data.copy()
# pretend to issue this earlier...
issued_at = int(time()) - 10000
signed = SecureEnough.signed_request_create(request_data, secret=app_secret, issued_at=issued_at)
(verified, payload) = SecureEnough.signed_request_verify(signed, secret=app_secret, timeout=1000)
self.assertFalse(verified)
self.assertTrue(_validate_signed_request_payload(payload, request_data))
def test_signed_request_create_and_verify(self):
request_data = data.copy()
signed = SecureEnough.signed_request_create(request_data,
secret=app_secret)
(verified,
payload) = SecureEnough.signed_request_verify(signed,
secret=app_secret)
self.assertTrue(verified)
self.assertTrue(_validate_signed_request_payload(
payload, request_data))
def test_signed_request_invalid__json(self):
request_data = data.copy()
issued_at = int(time())
signed = SecureEnough.signed_request_create(request_data, secret=app_secret, issued_at=issued_at)
# alter the payload
signed = signed[::-1]
self.assertRaises(
insecure_but_secure_enough.InvalidPayload,
lambda: SecureEnough.signed_request_verify(signed, secret=app_secret)
)
def test_signed_request_create_and_verify_with_timeout(self):
request_data = data.copy()
issued_at = int(time())
signed = SecureEnough.signed_request_create(request_data,
secret=app_secret,
issued_at=issued_at)
(verified,
payload) = SecureEnough.signed_request_verify(signed,
secret=app_secret,
timeout=100)
self.assertTrue(verified)
self.assertTrue(_validate_signed_request_payload(
payload, request_data))
def test_signed_request_invalid__json(self):
request_data = data.copy()
issued_at = int(time())
signed = SecureEnough.signed_request_create(request_data,
secret=app_secret,
issued_at=issued_at)
# alter the payload
signed = signed[::-1]
self.assertRaises(
insecure_but_secure_enough.InvalidPayload,
lambda: SecureEnough.signed_request_verify(signed,
secret=app_secret))
def test_signed_request_create_and_verify_with_timeout_failure(self):
request_data = data.copy()
# pretend to issue this earlier...
issued_at = int(time()) - 10000
signed = SecureEnough.signed_request_create(request_data,
secret=app_secret,
issued_at=issued_at)
(verified,
payload) = SecureEnough.signed_request_verify(signed,
secret=app_secret,
timeout=1000)
self.assertFalse(verified)
self.assertTrue(_validate_signed_request_payload(
payload, request_data))
def ise_signed_request_roundtrip():
signed = SecureEnough.signed_request_create(payload,
secret=global_app_secret)
valid = SecureEnough.signed_request_verify(signed,
secret=global_app_secret)
factories['ise-signing'] = SecureEnough(
app_secret = global_app_secret,
use_rsa_encryption = False,
use_obfuscation = False
)
# ##
# ## store some values for decryption tests
computed = {}
computed['ise-rsa'] = factories['ise-rsa'].encode(payload, hashtime=False)
computed['ise-aes'] = factories['ise-aes'].encode(payload, hashtime=False)
computed['ise-signing:serialized_plaintext_encode'] = factories['ise-signing'].serialized_plaintext_encode(payload)
computed['ise-signing:hmac_sha1_encode'] = factories['ise-signing'].hmac_sha1_encode(payload)
computed['ise-signing:hmac_sha256_encode'] = factories['ise-signing'].hmac_sha256_encode(payload)
computed['ise-signing:signed_request'] = SecureEnough.signed_request_create(payload, secret=global_app_secret)
# ## store the tests
tests = {}
# ##
# ## the test routines
# #
# # ise - RSA
# #
def ise_rsa_encrypt():
signed = factories['ise-rsa'].encode(payload, hashtime=False)
def test_signed_request_verify_failure_invalid_algoritm(self):
request_data = data.copy()
self.assertRaises(
insecure_but_secure_enough.InvalidAlgorithm,
lambda: SecureEnough.signed_request_create(request_data, secret=app_secret, algorithm='md5')
)
def ise_signed_request_encode():
signed = SecureEnough.signed_request_create(payload, secret=global_app_secret)
def test_signed_request_create_and_verify(self):
request_data = data.copy()
signed = SecureEnough.signed_request_create(request_data, secret=app_secret)
(verified, payload) = SecureEnough.signed_request_verify(signed, secret=app_secret)
self.assertTrue(verified)
self.assertTrue(_validate_signed_request_payload(payload, request_data))
def ise_signed_request_encode():
signed = SecureEnough.signed_request_create(payload,
secret=global_app_secret)
def test_signed_request_verify_failure_invalid_algoritm(self):
request_data = data.copy()
self.assertRaises(
insecure_but_secure_enough.InvalidAlgorithm,
lambda: SecureEnough.signed_request_create(
request_data, secret=app_secret, algorithm='md5'))
def ise_signed_request_roundtrip():
signed = SecureEnough.signed_request_create(payload, secret=global_app_secret)
valid = SecureEnough.signed_request_verify(signed, secret=global_app_secret)
signed_sha256 = signingFactory.encode(data, hashtime=True, hmac_algorithm="HMAC-SHA256")
signed_sha256_validated = signingFactory.decode(signed_sha256, hashtime=True, hmac_algorithm="HMAC-SHA256")
print(" data - %s" % data)
print(" payload - %s" % signed_sha256)
print(" validated - %s" % signed_sha256_validated)
print("")
print("**********************************************************************")
print("")
print("")
print("Illustrating Signed Requests...")
print("This is another implementation of HMAC-256, but in a format that is compatible with Facebook and some other sites")
print("Note this is a classmethod, not an object method")
print("Note that we return a tuple (valid, payload) AND the payload contains the algorithm")
request_signed = SecureEnough.signed_request_create(data, secret='123')
request_verified = SecureEnough.signed_request_verify(request_signed, secret='123')
print(" data - %s" % data)
print(" payload | %s" % request_signed)
print(" validated | %s" % str(request_verified))
print("")
print("")
print("**********************************************************************")
print("")
print("Illustrating Shortcuts...")
print("----")
serialized_plaintext_encode = signingFactory.serialized_plaintext_encode(data)
serialized_plaintext_decode = signingFactory.serialized_plaintext_decode(serialized_plaintext_encode)
print("")
print(" validated - %s" % signed_sha256_validated)
print("")
print("**********************************************************************")
print("")
print("")
print("Illustrating Signed Requests...")
print(
"This is another implementation of HMAC-256, but in a format that is compatible with Facebook and some other sites"
)
print("Note this is a classmethod, not an object method")
print(
"Note that we return a tuple (valid, payload) AND the payload contains the algorithm"
)
request_signed = SecureEnough.signed_request_create(data, secret='123')
request_verified = SecureEnough.signed_request_verify(request_signed,
secret='123')
print(" data - %s" % data)
print(" payload | %s" % request_signed)
print(" validated | %s" % str(request_verified))
print("")
print("")
print("**********************************************************************")
print("")
print("Illustrating Shortcuts...")
print("----")
serialized_plaintext_encode = signingFactory.serialized_plaintext_encode(data)
serialized_plaintext_decode = signingFactory.serialized_plaintext_decode(
factories['ise-signing'] = SecureEnough(app_secret=global_app_secret,
use_rsa_encryption=False,
use_obfuscation=False)
# ##
# ## store some values for decryption tests
computed = {}
computed['ise-rsa'] = factories['ise-rsa'].encode(payload, hashtime=False)
computed['ise-aes'] = factories['ise-aes'].encode(payload, hashtime=False)
computed['ise-signing:serialized_plaintext_encode'] = factories[
'ise-signing'].serialized_plaintext_encode(payload)
computed['ise-signing:hmac_sha1_encode'] = factories[
'ise-signing'].hmac_sha1_encode(payload)
computed['ise-signing:hmac_sha256_encode'] = factories[
'ise-signing'].hmac_sha256_encode(payload)
computed['ise-signing:signed_request'] = SecureEnough.signed_request_create(
payload, secret=global_app_secret)
# ## store the tests
tests = {}
# ##
# ## the test routines
# #
# # ise - RSA
# #
def ise_rsa_encrypt():
signed = factories['ise-rsa'].encode(payload, hashtime=False)