def test_incorrect_headers(self):
HOST = "example.com"
METHOD = "POST"
PATH = '/foo?param=value&pet=dog'
hs = HeaderSigner(secret=self.sign_secret,
key_id="Test",
algorithm=self.algorithm,
headers=[
'(request-target)',
'host',
'date',
'content-type',
'content-md5',
'content-length'])
unsigned = {
'Host': HOST,
'Date': 'Thu, 05 Jan 2012 21:31:40 GMT',
'Content-Type': 'application/json',
'Content-MD5': 'Sd/dVLAcvNLSq16eXua5uQ==',
'Content-Length': '18',
}
signed = hs.sign(unsigned, method=METHOD, path=PATH)
hv = HeaderVerifier(headers=signed, secret=self.verify_secret, required_headers=["some-other-header"], host=HOST, method=METHOD, path=PATH)
with self.assertRaises(Exception) as ex:
hv.verify()
def test_signed_headers(self):
HOST = self.header_host
METHOD = self.test_method
PATH = self.test_path
hs = HeaderSigner(key_id="Test",
secret=self.sign_secret,
algorithm=self.algorithm,
sign_header=self.sign_header,
headers=[
'(request-target)', 'host', 'date',
'content-type', 'digest', 'content-length'
],
sign_algorithm=self.sign_algorithm)
unsigned = {
'Host': HOST,
'Date': self.header_date,
'Content-Type': self.header_content_type,
'Digest': self.header_digest,
'Content-Length': self.header_content_length,
}
signed = hs.sign(unsigned, method=METHOD, path=PATH)
hv = HeaderVerifier(headers=signed,
secret=self.verify_secret,
host=HOST,
method=METHOD,
path=PATH,
sign_header=self.sign_header,
sign_algorithm=self.sign_algorithm)
self.assertTrue(hv.verify())
def test_rsa_pubkey_fail(self):
from httpsig.sign import HeaderSigner
private_key_path = os.path.join(os.path.dirname(__file__),
'private_key2.pem')
with open(private_key_path, 'rb') as f:
private_key = f.read()
HOST = "example.com"
METHOD = "GET"
PATH = '/foo?param=value&pet=dog'
hs = HeaderSigner(key_id=KEYID,
secret=private_key,
algorithm=self.auth.ALGORITHM,
headers=[
'(request-target)', 'host', 'date',
'content-type', 'content-md5', 'content-length'
])
unsigned = {
'Host': HOST,
'Date': 'Thu, 05 Jan 2012 21:31:40 GMT',
'Content-Type': 'application/json',
'Content-MD5': 'Sd/dVLAcvNLSq16eXua5uQ==',
'Content-Length': '18',
}
signed = hs.sign(unsigned, method=METHOD, path=PATH)
# convert headers to DJANGO format and create request
DJ_HEADERS = {}
for key, value in six.iteritems(signed):
DJ_HEADERS.update({self.auth.header_canonical(key): value})
request = RequestFactory().get(PATH, {}, **DJ_HEADERS)
self.assertRaises(AuthenticationFailed, self.auth.authenticate,
request)
def test_incorrect_headers(self):
HOST = self.header_host
METHOD = self.test_method
PATH = self.test_path
hs = HeaderSigner(secret=self.sign_secret,
key_id="Test",
algorithm=self.algorithm,
sign_header=self.sign_header,
headers=[
'(request-target)',
'host',
'date',
'content-type',
'digest',
'content-length'])
unsigned = {
'Host': HOST,
'Date': self.header_date,
'Content-Type': self.header_content_type,
'Digest': self.header_digest,
'Content-Length': self.header_content_length,
}
signed = hs.sign(unsigned, method=METHOD, path=PATH)
hv = HeaderVerifier(headers=signed, secret=self.verify_secret,
required_headers=["some-other-header"],
host=HOST, method=METHOD, path=PATH,
sign_header=self.sign_header)
with self.assertRaises(Exception):
hv.verify()
def test_extra_auth_headers(self):
HOST = "example.com"
METHOD = "POST"
PATH = '/foo?param=value&pet=dog'
hs = HeaderSigner(key_id="Test",
secret=self.sign_secret,
sign_header=self.sign_header,
algorithm=self.algorithm,
headers=[
'(request-target)', 'host', 'date',
'content-type', 'digest', 'content-length'
],
sign_algorithm=self.sign_algorithm)
unsigned = {
'Host': HOST,
'Date': self.header_date,
'Content-Type': self.header_content_type,
'Digest': self.header_digest,
'Content-Length': self.header_content_length,
}
signed = hs.sign(unsigned, method=METHOD, path=PATH)
hv = HeaderVerifier(headers=signed,
secret=self.verify_secret,
method=METHOD,
path=PATH,
sign_header=self.sign_header,
required_headers=['date', '(request-target)'],
sign_algorithm=self.sign_algorithm)
self.assertTrue(hv.verify())
def test_all(self):
hs = HeaderSigner(key_id='Test', secret=self.key, headers=[
'(request-line)',
'host',
'date',
'content-type',
'content-md5',
'content-length'
])
unsigned = {
'Host': 'example.com',
'Date': 'Thu, 05 Jan 2012 21:31:40 GMT',
'Content-Type': 'application/json',
'Content-MD5': 'Sd/dVLAcvNLSq16eXua5uQ==',
'Content-Length': '18',
}
signed = hs.sign(unsigned, method='POST', path='/foo?param=value&pet=dog')
self.assertIn('Date', signed)
self.assertEqual(unsigned['Date'], signed['Date'])
self.assertIn('Authorization', signed)
params = self._parse_auth(signed['Authorization'])
self.assertIn('keyId', params)
self.assertIn('algorithm', params)
self.assertIn('signature', params)
self.assertEqual(params['keyId'], 'Test')
self.assertEqual(params['algorithm'], 'rsa-sha256')
self.assertEqual(params['headers'], '(request-line) host date content-type content-md5 content-length')
self.assertEqual(params['signature'], 'vYJio4AxbN38TKdzE1Qk/3qXhzTaBS7zUIPCqV+NsjLSf8ZK/19L9ErTz8FYBAW8Gko2dEaU70McrIO33k0PUlPsWvbGn/IhnU14rvSPF/F+AnFVFeA9ivvvyVZQYYYp17fnNfiCzHrvUn+VnqMhRKA15Nr8KKwt9Eqi36wQ8Vg=')
def test_incorrect_headers(self):
HOST = self.header_host
METHOD = self.test_method
PATH = self.test_path
hs = HeaderSigner(secret=self.sign_secret,
key_id="Test",
algorithm=self.algorithm,
sign_header=self.sign_header,
headers=[
'(request-target)', 'host', 'date',
'content-type', 'digest', 'content-length'
],
sign_algorithm=self.sign_algorithm)
unsigned = {
'Host': HOST,
'Date': self.header_date,
'Content-Type': self.header_content_type,
'Digest': self.header_digest,
'Content-Length': self.header_content_length,
}
signed = hs.sign(unsigned, method=METHOD, path=PATH)
hv = HeaderVerifier(headers=signed,
secret=self.verify_secret,
required_headers=["some-other-header"],
host=HOST,
method=METHOD,
path=PATH,
sign_header=self.sign_header,
sign_algorithm=self.sign_algorithm)
with self.assertRaises(ValueError) as e:
hv.verify()
self.assertEqual(str(e.exception),
'some-other-header is a required header(s)')
def test_signed_headers(self):
HOST = self.header_host
METHOD = self.test_method
PATH = self.test_path
hs = HeaderSigner(
key_id="Test",
secret=self.sign_secret,
algorithm=self.algorithm,
sign_header=self.sign_header,
headers=[
'(request-target)',
'host',
'date',
'content-type',
'digest',
'content-length'
])
unsigned = {
'Host': HOST,
'Date': self.header_date,
'Content-Type': self.header_content_type,
'Digest': self.header_digest,
'Content-Length': self.header_content_length,
}
signed = hs.sign(unsigned, method=METHOD, path=PATH)
hv = HeaderVerifier(
headers=signed, secret=self.verify_secret,
host=HOST, method=METHOD, path=PATH,
sign_header=self.sign_header)
self.assertTrue(hv.verify())
def test_incorrect_headers(self):
HOST = "example.com"
METHOD = "POST"
PATH = '/foo?param=value&pet=dog'
hs = HeaderSigner(secret=self.sign_secret,
key_id="Test",
algorithm=self.algorithm,
headers=[
'(request-target)', 'host', 'date',
'content-type', 'content-md5', 'content-length'
])
unsigned = {
'Host': HOST,
'Date': 'Thu, 05 Jan 2012 21:31:40 GMT',
'Content-Type': 'application/json',
'Content-MD5': 'Sd/dVLAcvNLSq16eXua5uQ==',
'Content-Length': '18',
}
signed = hs.sign(unsigned, method=METHOD, path=PATH)
hv = HeaderVerifier(headers=signed,
secret=self.verify_secret,
required_headers=["some-other-header"],
host=HOST,
method=METHOD,
path=PATH)
with self.assertRaises(Exception) as ex:
hv.verify()
def test_extra_auth_headers(self):
HOST = "example.com"
METHOD = "POST"
PATH = '/foo?param=value&pet=dog'
hs = HeaderSigner(
key_id="Test",
secret=self.sign_secret,
sign_header=self.sign_header,
algorithm=self.algorithm, headers=[
'(request-target)',
'host',
'date',
'content-type',
'digest',
'content-length'
])
unsigned = {
'Host': HOST,
'Date': self.header_date,
'Content-Type': self.header_content_type,
'Digest': self.header_digest,
'Content-Length': self.header_content_length,
}
signed = hs.sign(unsigned, method=METHOD, path=PATH)
hv = HeaderVerifier(
headers=signed,
secret=self.verify_secret,
method=METHOD,
path=PATH,
sign_header=self.sign_header,
required_headers=['date', '(request-target)'])
self.assertTrue(hv.verify())
def test_extra_auth_headers(self):
HOST = "example.com"
METHOD = "POST"
PATH = '/foo?param=value&pet=dog'
hs = HeaderSigner(key_id="Test",
secret=self.sign_secret,
algorithm=self.algorithm,
headers=[
'(request-target)', 'host', 'date',
'content-type', 'content-md5', 'content-length'
])
unsigned = {
'Host': HOST,
'Date': 'Thu, 05 Jan 2012 21:31:40 GMT',
'Content-Type': 'application/json',
'Content-MD5': 'Sd/dVLAcvNLSq16eXua5uQ==',
'Content-Length': '18',
}
signed = hs.sign(unsigned, method=METHOD, path=PATH)
hv = HeaderVerifier(headers=signed,
secret=self.verify_secret,
method=METHOD,
path=PATH,
required_headers=['date', '(request-target)'])
self.assertTrue(hv.verify())
def test_default(self):
unsigned = {
'Date': 'Thu, 05 Jan 2012 21:31:40 GMT'
}
hs = HeaderSigner(key_id="Test", secret=self.sign_secret, algorithm=self.algorithm)
signed = hs.sign(unsigned)
hv = HeaderVerifier(headers=signed, secret=self.verify_secret)
self.assertTrue(hv.verify())
def test_default(self):
unsigned = {'Date': 'Thu, 05 Jan 2012 21:31:40 GMT'}
hs = HeaderSigner(key_id="Test",
secret=self.sign_secret,
algorithm=self.algorithm)
signed = hs.sign(unsigned)
hv = HeaderVerifier(headers=signed, secret=self.verify_secret)
self.assertTrue(hv.verify())
def test_default(self):
unsigned = {'Date': self.header_date}
hs = HeaderSigner(key_id="Test",
secret=self.sign_secret,
algorithm=self.algorithm)
signed = hs.sign(unsigned)
hv = HeaderVerifier(headers=signed, secret=self.verify_secret)
self.assertTrue(hv.verify())
def test_default(self):
unsigned = {
'Date': self.header_date
}
hs = HeaderSigner(
key_id="Test", secret=self.sign_secret, algorithm=self.algorithm,
sign_header=self.sign_header)
signed = hs.sign(unsigned)
hv = HeaderVerifier(
headers=signed, secret=self.verify_secret, sign_header=self.sign_header)
self.assertTrue(hv.verify())
def test_mix_default_256_1(self):
unsigned = {'Date': self.header_date}
hs = HeaderSigner(key_id="Test",
secret=self.other_private_key,
algorithm='rsa-sha256',
sign_header=self.sign_header)
signed = hs.sign(unsigned)
hv = HeaderVerifier(headers=signed,
secret=self.public_key,
sign_header=self.sign_header)
self.assertFalse(hv.verify())
def test_correct_derived_algorithm(self):
unsigned = {'Date': self.header_date}
hs = HeaderSigner(key_id="Test",
secret=self.sign_secret,
algorithm=self.algorithm,
sign_header=self.sign_header,
sign_algorithm=self.sign_algorithm)
signed = hs.sign(unsigned)
hv = HeaderVerifier(headers=signed,
secret=self.verify_secret,
sign_header=self.sign_header,
algorithm="hs2019",
sign_algorithm=self.sign_algorithm)
self.assertTrue(hv.verify())
def test_algorithm_mismatch(self):
unsigned = {'Date': self.header_date}
hs = HeaderSigner(key_id="Test",
secret=self.sign_secret,
algorithm=self.algorithm,
sign_header=self.sign_header,
sign_algorithm=self.sign_algorithm)
signed = hs.sign(unsigned)
hv = HeaderVerifier(headers=signed,
secret=self.verify_secret,
sign_header=self.sign_header,
algorithm="rsa-sha256",
sign_algorithm=self.sign_algorithm)
self.assertFalse(hv.verify())
def test_default(self):
hs = HeaderSigner(key_id='Test', secret=self.key)
unsigned = {
'Date': 'Thu, 05 Jan 2012 21:31:40 GMT'
}
signed = hs.sign(unsigned)
self.assertIn('Date', signed)
self.assertEqual(unsigned['Date'], signed['Date'])
self.assertIn('Authorization', signed)
params = self._parse_auth(signed['Authorization'])
self.assertIn('keyId', params)
self.assertIn('algorithm', params)
self.assertIn('signature', params)
self.assertEqual(params['keyId'], 'Test')
self.assertEqual(params['algorithm'], 'rsa-sha256')
self.assertEqual(params['signature'], 'ATp0r26dbMIxOopqw0OfABDT7CKMIoENumuruOtarj8n/97Q3htHFYpH8yOSQk3Z5zh8UxUym6FYTb5+A0Nz3NRsXJibnYi7brE/4tx5But9kkFGzG+xpUmimN4c3TMN7OFH//+r8hBf7BT9/GmHDUVZT2JzWGLZES2xDOUuMtA=')
def test_extra_auth_headers(self):
HOST = "example.com"
METHOD = "POST"
PATH = '/foo?param=value&pet=dog'
hs = HeaderSigner(key_id="Test", secret=self.sign_secret, algorithm=self.algorithm, headers=[
'(request-target)',
'host',
'date',
'content-type',
'content-md5',
'content-length'
])
unsigned = {
'Host': HOST,
'Date': 'Thu, 05 Jan 2012 21:31:40 GMT',
'Content-Type': 'application/json',
'Content-MD5': 'Sd/dVLAcvNLSq16eXua5uQ==',
'Content-Length': '18',
}
signed = hs.sign(unsigned, method=METHOD, path=PATH)
hv = HeaderVerifier(headers=signed, secret=self.verify_secret, method=METHOD, path=PATH, required_headers=['date', '(request-target)'])
self.assertTrue(hv.verify())
