def test_verify():
    timestamp = 12347456
    shr = SignedHttpRequest(SIGN_KEY)
    result = shr.sign(alg=ALG, time_stamp=12347456, **DEFAULT_DATA)
    signature = shr.verify(signature=result, **DEFAULT_DATA)

    assert signature["ts"] == timestamp
def test_verify_not_strict(key, value, monkeypatch):
    shr = SignedHttpRequest(SIGN_KEY)
    result = shr.sign(alg=ALG, **TEST_DATA)
    monkeypatch.setitem(TEST_DATA, key, value)
    shr.verify(signature=result,
               strict_query_params_verification=False,
               strict_headers_verification=False, **TEST_DATA)
Esempio n. 3
0
def test_verify():
    timestamp = 12347456
    shr = SignedHttpRequest(SIGN_KEY)
    result = shr.sign(alg=ALG, time_stamp=12347456, **DEFAULT_DATA)
    signature = shr.verify(signature=result, **DEFAULT_DATA)

    assert signature["ts"] == timestamp
Esempio n. 4
0
def test_verify_fail(param, value):
    shr = SignedHttpRequest(SIGN_KEY)
    result = shr.sign(alg=ALG, **DEFAULT_DATA)

    wrong_data = DEFAULT_DATA.copy()
    wrong_data[param] = value
    with pytest.raises(ValidationError):
        shr.verify(signature=result, **wrong_data)
def test_verify_with_too_few(param):
    test_data = copy.deepcopy(DEFAULT_DATA)
    test_data[param]["foo"] = "bar"  # insert extra param
    shr = SignedHttpRequest(SIGN_KEY)
    result = shr.sign(alg=ALG, **test_data)

    with pytest.raises(ValidationError):
        shr.verify(signature=result, **DEFAULT_DATA)
Esempio n. 6
0
def test_verify_with_too_few(param):
    test_data = copy.deepcopy(DEFAULT_DATA)
    test_data[param]["foo"] = "bar"  # insert extra param
    shr = SignedHttpRequest(SIGN_KEY)
    result = shr.sign(alg=ALG, **test_data)

    with pytest.raises(ValidationError):
        shr.verify(signature=result, **DEFAULT_DATA)
def test_verify_strict(key, value, monkeypatch):
    shr = SignedHttpRequest(SIGN_KEY)
    result = shr.sign(alg=ALG, **TEST_DATA)
    monkeypatch.setitem(TEST_DATA, key, value)
    with pytest.raises(ValidationError):
        shr.verify(signature=result,
                   strict_query_params_verification=True,
                   strict_headers_verification=True, **TEST_DATA)
Esempio n. 8
0
    def eval_signed_http_request(self, pop_token, access_token, method, url,
                                 headers, body=''):
        kwargs = sign_http_args(method, url, headers, body)

        shr = SignedHttpRequest(self.token2key[access_token][0])
        return shr.verify(signature=pop_token,
                          strict_query_params_verification=True,
                          strict_headers_verification=True, **kwargs)
def test_verify_fail(param, value):
    shr = SignedHttpRequest(SIGN_KEY)
    result = shr.sign(alg=ALG, **DEFAULT_DATA)

    wrong_data = DEFAULT_DATA.copy()
    wrong_data[param] = value
    with pytest.raises(ValidationError):
        shr.verify(signature=result, **wrong_data)
Esempio n. 10
0
    def eval_signed_http_request(self, pop_token, access_token, method, url,
                                 headers, body=''):
        kwargs = sign_http_args(method, url, headers, body)

        shr = SignedHttpRequest(self.token2key[access_token][0])
        return shr.verify(signature=pop_token,
                          strict_query_params_verification=True,
                          strict_headers_verification=True, **kwargs)
Esempio n. 11
0
def test_verify_reject_jws_wo_typ_pop():
    method = "GET"

    signature_without_typ = JWS(json.dumps(dict(m=method)), alg=ALG).sign_compact([SIGN_KEY])
    shr = SignedHttpRequest(SIGN_KEY)
    with pytest.raises(ValidationError) as exc:
        shr.verify(signature_without_typ, method=method)

    assert "typ" in str(exc.value)
Esempio n. 12
0
def test_verify_not_strict(param):
    shr = SignedHttpRequest(SIGN_KEY)
    result = shr.sign(alg=ALG, **DEFAULT_DATA)

    request_with_extra_params = copy.deepcopy(DEFAULT_DATA)
    request_with_extra_params[param]["foo"] = "bar"  # insert extra param
    shr.verify(
        signature=result, strict_query_params_verification=False, strict_headers_verification=False, **DEFAULT_DATA
    )
Esempio n. 13
0
    def _sign_registration_request(self, registration_request):
        # type (FederationRegistrationRequest) -> str
        """
        Sign registration request.

        :param registration_request: registration request
        :return: signed registration request
        """
        signer = SignedHttpRequest(self.intermediate_key)
        return signer.sign(self.intermediate_key.alg, body=registration_request.to_json())
Esempio n. 14
0
def test_verify_not_strict(param):
    shr = SignedHttpRequest(SIGN_KEY)
    result = shr.sign(alg=ALG, **DEFAULT_DATA)

    request_with_extra_params = copy.deepcopy(DEFAULT_DATA)
    request_with_extra_params[param]["foo"] = "bar"  # insert extra param
    shr.verify(signature=result,
               strict_query_params_verification=False,
               strict_headers_verification=False,
               **DEFAULT_DATA)
Esempio n. 15
0
def test_verify_reject_jws_wo_typ_pop():
    method = "GET"

    signature_without_typ = JWS(json.dumps(dict(m=method)),
                                alg=ALG).sign_compact([SIGN_KEY])
    shr = SignedHttpRequest(SIGN_KEY)
    with pytest.raises(ValidationError) as exc:
        shr.verify(signature_without_typ, method=method)

    assert "typ" in str(exc.value)
Esempio n. 16
0
def test_verify_strict_with_too_many(param):
    shr = SignedHttpRequest(SIGN_KEY)
    result = shr.sign(alg=ALG, **DEFAULT_DATA)

    request_with_extra_params = copy.deepcopy(DEFAULT_DATA)
    request_with_extra_params[param]["foo"] = "bar"  # insert extra param
    with pytest.raises(ValidationError):
        shr.verify(signature=result,
                   strict_query_params_verification=True,
                   strict_headers_verification=True,
                   **request_with_extra_params)
Esempio n. 17
0
def test_verify_strict_with_too_many(param):
    shr = SignedHttpRequest(SIGN_KEY)
    result = shr.sign(alg=ALG, **DEFAULT_DATA)

    request_with_extra_params = copy.deepcopy(DEFAULT_DATA)
    request_with_extra_params[param]["foo"] = "bar"  # insert extra param
    with pytest.raises(ValidationError):
        shr.verify(
            signature=result,
            strict_query_params_verification=True,
            strict_headers_verification=True,
            **request_with_extra_params
        )
Esempio n. 18
0
    def __call__(self, method, url, **kwargs):
        try:
            body = kwargs["body"]
        except KeyError:
            body = None
        try:
            headers = kwargs["headers"]
        except KeyError:
            headers = {}

        _kwargs = sign_http_args(method, url, headers, body)
        shr = SignedHttpRequest(self.key)
        kwargs["Authorization"] = "pop {}".format(shr.sign(alg=self.alg, **_kwargs))
        return kwargs
Esempio n. 19
0
    def __call__(self, method, url, **kwargs):
        try:
            body = kwargs['body']
        except KeyError:
            body = None
        try:
            headers = kwargs['headers']
        except KeyError:
            headers = {}

        _kwargs = sign_http_args(method, url, headers, body)
        shr = SignedHttpRequest(self.key)
        kwargs['Authorization'] = 'pop {}'.format(shr.sign(alg=self.alg,
                                                           **_kwargs))
        return kwargs
Esempio n. 20
0
    def userinfo_endpoint(self, request, **kwargs):
        access_token = self._parse_access_token(request)
        shr = SignedHttpRequest(self._get_client_public_key(access_token))
        http_signature = self._parse_signature(request)
        try:
            shr.verify(http_signature,
                       method=request["method"],
                       host=request["host"], path=request["path"],
                       query_params=request["query"],
                       headers=request["headers"],
                       body=request["body"],
                       strict_query_param_verification=True,
                       strict_headers_verification=False)
        except ValidationError:
            return self._error_response("access_denied",
                                        descr="Could not verify proof of "
                                              "possession")

        return self._do_user_info(self.access_tokens[access_token], **kwargs)
Esempio n. 21
0
    def userinfo_endpoint(self, request, **kwargs):
        access_token = self._parse_access_token(request)
        shr = SignedHttpRequest(self._get_client_public_key(access_token))
        http_signature = self._parse_signature(request)
        try:
            shr.verify(http_signature,
                       method=request["method"],
                       host=request["host"],
                       path=request["path"],
                       query_params=request["query"],
                       headers=request["headers"],
                       body=request["body"],
                       strict_query_param_verification=True,
                       strict_headers_verification=False)
        except ValidationError:
            return self._error_response("access_denied",
                                        descr="Could not verify proof of "
                                        "possession")

        return self._do_user_info(self.access_tokens[access_token], **kwargs)
def test_verify_fail(key, value, monkeypatch):
    shr = SignedHttpRequest(SIGN_KEY)
    result = shr.sign(alg=ALG, **TEST_DATA)
    monkeypatch.setitem(TEST_DATA, key, value)
    with pytest.raises(ValidationError):
        shr.verify(signature=result, **TEST_DATA)
Esempio n. 23
0
def test_verify_fail_wrong_key():
    shr = SignedHttpRequest(SIGN_KEY)
    result = shr.sign(alg=ALG, **DEFAULT_DATA)
    with pytest.raises(ValidationError):
        rshr = SignedHttpRequest(SYMKey(key="wrong_key", alg="HS256"))
        rshr.verify(signature=result, **DEFAULT_DATA)
Esempio n. 24
0
def test_sign_empty_http_req():
    with pytest.raises(ValueError):
        SignedHttpRequest(SIGN_KEY).sign(ALG)
Esempio n. 25
0
def test_sign_specifies_jws_typ_pop():
    shr = SignedHttpRequest(SIGN_KEY)
    result = shr.sign(alg=ALG, body="abcdef")
    assert JWT().unpack(result).headers["typ"] == "pop"
Esempio n. 26
0
def test_verify_fail_on_missing_body():
    shr = SignedHttpRequest(SIGN_KEY)
    result = shr.sign(alg=ALG, body="abcdef")
    with pytest.raises(ValidationError):
        shr.verify(signature=result)
Esempio n. 27
0
def test_verify_fail_on_missing_body():
    shr = SignedHttpRequest(SIGN_KEY)
    result = shr.sign(alg=ALG, body="abcdef")
    with pytest.raises(ValidationError):
        shr.verify(signature=result)
Esempio n. 28
0
def test_sign_specifies_jws_typ_pop():
    shr = SignedHttpRequest(SIGN_KEY)
    result = shr.sign(alg=ALG, body="abcdef")
    assert JWT().unpack(result).headers["typ"] == "pop"
Esempio n. 29
0
def test_verify_fail_wrong_key():
    shr = SignedHttpRequest(SIGN_KEY)
    result = shr.sign(alg=ALG, **DEFAULT_DATA)
    with pytest.raises(ValidationError):
        rshr = SignedHttpRequest(SYMKey(key="wrong_key", alg="HS256"))
        rshr.verify(signature=result, **DEFAULT_DATA)