def test_nonce_uniqueness(self): init = OAuth.get_nonce() l = [] for i in range(0, 100000): l.append(init + OAuth.get_nonce()) self.assertEqual(self.list_duplicates(l), [])
def test_signature_base_string2(self): body = "<?xml version=\"1.0\" encoding=\"Windows-1252\"?><ns2:TerminationInquiryRequest xmlns:ns2=\"http://mastercard.com/termination\"><AcquirerId>1996</AcquirerId><TransactionReferenceNumber>1</TransactionReferenceNumber><Merchant><Name>TEST</Name><DoingBusinessAsName>TEST</DoingBusinessAsName><PhoneNumber>5555555555</PhoneNumber><NationalTaxId>1234567890</NationalTaxId><Address><Line1>5555 Test Lane</Line1><City>TEST</City><CountrySubdivision>XX</CountrySubdivision><PostalCode>12345</PostalCode><Country>USA</Country></Address><Principal><FirstName>John</FirstName><LastName>Smith</LastName><NationalId>1234567890</NationalId><PhoneNumber>5555555555</PhoneNumber><Address><Line1>5555 Test Lane</Line1><City>TEST</City><CountrySubdivision>XX</CountrySubdivision><PostalCode>12345</PostalCode><Country>USA</Country></Address><DriversLicense><Number>1234567890</Number><CountrySubdivision>XX</CountrySubdivision></DriversLicense></Principal></Merchant></ns2:TerminationInquiryRequest>" url = "https://sandbox.api.mastercard.com/fraud/merchant/v1/termination-inquiry?Format=XML&PageOffset=0&PageLength=10" method = "POST" oauth_parameters = OAuthParameters() oauth_parameters.set_oauth_consumer_key( "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx") oauth_parameters.set_oauth_nonce("1111111111111111111") oauth_parameters.set_oauth_timestamp("1111111111") oauth_parameters.set_oauth_version("1.0") oauth_parameters.set_oauth_body_hash("body/hash") encoded_hash = Util.base64_encode(Util.sha256_encode(body)) oauth_parameters.set_oauth_body_hash(encoded_hash) oauth_parameters_base = oauth_parameters.get_base_parameters_dict() merge_parameters = oauth_parameters_base.copy() norm_params = Util.normalize_params("", merge_parameters) # print(oauth_parameters_base) query_params = OAuth.get_query_params(url) # print(query_params) normalize_params = Util.normalize_params("", query_params) base_string = OAuth.get_base_string( url, method, oauth_parameters, oauth_parameters.get_base_parameters_dict()) expected = "POST&https%3A%2F%2Fsandbox.api.mastercard.com%2Ffraud%2Fmerchant%2Fv1%2Ftermination-inquiry&Format%3DXML%26PageLength%3D10%26PageOffset%3D0%26oauth_body_hash%3Dh2Pd7zlzEZjZVIKB4j94UZn%2FxxoR3RoCjYQ9%2FJdadGQ%253D%26oauth_consumer_key%3Dxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%26oauth_nonce%3D1111111111111111111%26oauth_timestamp%3D1111111111%26oauth_version%3D1.0" self.maxDiff = None self.assertEqual(expected, base_string)
def test_oauth_parameters(self): uri = "https://sandbox.api.mastercard.com/fraud/merchant/v1/termination-inquiry?Format=XML&PageOffset=0" method = "POST" parameters = OAuth().get_oauth_parameters(uri, method, "payload", self.consumer_key, self.signing_key) # print(parameters) consumer_key = parameters.get_oauth_consumer_key()
def test_oauth_parameters(self): uri = "https://sandbox.api.mastercard.com/fraud/merchant/v1/termination-inquiry?Format=XML&PageOffset=0" method = "POST" parameters = OAuth().get_oauth_parameters(uri, method, 'payload', 'dummy', OAuthTest.signing_key) consumer_key = parameters.get_oauth_consumer_key() self.assertEqual("dummy", consumer_key)
def test_get_authorization_header_should_return_empty_string_body_hash( self): header = OAuth().get_authorization_header('https://www.example.com', 'GET', None, 'dummy', OAuthTest.signing_key) self.assertTrue( '47DEQpj8HBSa%2B%2FTImW%2B5JCeuQeRkm5NMpJWZG3hSuFU%3D' in header)
def test_sign_signature_base_string(self): # expectedSignatureString = "IJeNKYGfUhFtj5OAPRI92uwfjJJLCej3RCMLbp7R6OIYJhtwxnTkloHQ2bgV7fks4GT/A7rkqrgUGk0ewbwIC6nS3piJHyKVc7rvQXZuCQeeeQpFzLRiH3rsb+ZS+AULK+jzDje4Fb+BQR6XmxuuJmY6YrAKkj13Ln4K6bZJlSxOizbNvt+Htnx+hNd4VgaVBeJKcLhHfZbWQxK76nMnjY7nDcM/2R6LUIR2oLG1L9m55WP3bakAvmOr392ulv1+mWCwDAZZzQ4lakDD2BTu0ZaVsvBW+mcKFxYeTq7SyTQMM4lEwFPJ6RLc8jJJ+veJXHekLVzWg4qHRtzNBLz1mA==" expectedSignatureString = "vA7b0GT6r3GrS7Zpvy7PDMKocmG79yvpnp77GK8znpTKcY9xwKP5n4BfoP26068TyIZk9qx5TEzc4FzOKhWZF5pxN77Hne0A7gHNkaueYmfy95qxUBxLRMCevwjs5A0aW1bTW+gu7VL1cLtBYgO9Ks2axUcvxAq6aVRZvMGvFukxaZd+2XD8hE/tBwyEmvQwWO9gr5KJAFslkykjID9zs4gZ+gK0adRCvpcobRfcff+RxbtQctq3cjXwH/Fp3ZymoFtB2J+4hJ3aX4uCkIhJCV4dyWUkvx81vNyf1J5nBjqRtAoOEXOxNrz4o+kzAfcT46EUSQUTjouCO6hJfOVlaA==" signing_string = OAuth.sign_message(self, "baseString", self.signing_key) self.maxDiff = None self.assertEqual(expectedSignatureString, signing_string)
def test_get_authorization_header_should_return_empty_string_body_hash( self): header = OAuth().get_authorization_header(OAuthTest.uri, 'GET', None, 'dummy', OAuthTest.signing_key) self.assertTrue( '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' in header)
def test_oauth_parameters(self): if os.path.exists('./test_key_container.p12'): signing_key = authenticationutils.load_signing_key( "./test_key_container.p12", "Password1") consumer_key = OAuthSigner("YOUR CONSUMER KEY", signing_key) uri = "https://sandbox.api.mastercard.com/fraud/merchant/v1/termination-inquiry?Format=XML&PageOffset=0" method = "POST" parameters = OAuth().get_oauth_parameters(uri, method, "payload", consumer_key, signing_key) # print(parameters) consumer_key = parameters.get_oauth_consumer_key() else: print( "Please add a ./test_key_container.p12 file to enable key tests" )
def test_sign_message(self): baseString = 'POST&https%3A%2F%2Fsandbox.api.mastercard.com%2Ffraud%2Fmerchant%2Fv1%2Ftermination-inquiry&Format%3DXML%26PageLength%3D10%26PageOffset%3D0%26oauth_body_hash%3DWhqqH%252BTU95VgZMItpdq78BWb4cE%253D%26oauth_consumer_key%3Dxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%26oauth_nonce%3D1111111111111111111%26oauth_signature_method%3DRSA-SHA1%26oauth_timestamp%3D1111111111%26oauth_version%3D1.0' signature = OAuth().sign_message(baseString, OAuthTest.signing_key) signature = Util.uri_rfc3986_encode(signature) self.assertEqual( signature, "DvyS3R795sUb%2FcvBfiFYZzPDU%2BRVefW6X%2BAfyu%2B9fxjudQft%2BShXhpounzJxYCwOkkjZWXOR0ICTMn6MOuG04TTtmPMrOxj5feGwD3leMBsi%2B3XxcFLPi8BhZKqgapcAqlGfjEhq0COZ%2FF9aYDcjswLu0zgrTMSTp4cqXYMr9mbQVB4HL%2FjiHni5ejQu9f6JB9wWW%2BLXYhe8F6b4niETtzIe5o77%2B%2BkKK67v9wFIZ9pgREz7ug8K5DlxX0DuwdUKFhsenA5z%2FNNCZrJE%2BtLu0tSjuF5Gsjw5GRrvW33MSoZ0AYfeleh5V3nLGgHrhVjl5%2BiS40pnG2po%2F5hIAUT5ag%3D%3D" )
def sign_request(self, uri, request): # Generates the OAuth header for the request, adds the header to the request and returns the request object oauth_key = OAuth().get_authorization_header(uri, request.method, request.data, self.consumer_key, self.signing_key) request.headers["Authorization"] = oauth_key return request
def test_signature_base_string(self): uri = "https://api.mastercard.com" base_uri = Util.normalize_url(uri) oauth_parameters = OAuthParameters() oauth_parameters.set_oauth_body_hash("body/hash") oauth_parameters.set_oauth_nonce("randomnonce") base_string = OAuth.get_base_string(base_uri, "POST", oauth_parameters.get_base_parameters_dict()) self.assertEqual("POST&https%3A%2F%2Fapi.mastercard.com%2F&oauth_body_hash%3Dbody%2Fhash%26oauth_nonce%3Drandomnonce", base_string);
def test_from_readme(self): if os.path.exists('./test_key_container.p12'): uri = "https://sandbox.api.mastercard.com/fraud/merchant/v1/termination-inquiry?Format=XML&PageOffset=0" method = "POST" signing_key = authenticationutils.load_signing_key("./test_key_container.p12", "Password1") consumer_key = OAuthSigner("uLXKmWNmIkzIGKfA2injnNQqpZaxaBSKxa3ixEVu2f283c95!33b9b2bd960147e387fa6f3f238f07170000000000000000", signing_key) header = OAuth().get_authorization_header(uri, method, "payload", consumer_key, signing_key) else: print("Please add a ./test_key_container.p12 file to enable key tests")
def test_sign_message(self): baseString = 'POST&https%3A%2F%2Fsandbox.api.mastercard.com%2Ffraud%2Fmerchant%2Fv1%2Ftermination-inquiry&Format%3DXML%26PageLength%3D10%26PageOffset%3D0%26oauth_body_hash%3DWhqqH%252BTU95VgZMItpdq78BWb4cE%253D%26oauth_consumer_key%3Dxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%26oauth_nonce%3D1111111111111111111%26oauth_signature_method%3DRSA-SHA1%26oauth_timestamp%3D1111111111%26oauth_version%3D1.0' signature = OAuth().sign_message(baseString, self.signing_key) signature = Util.uri_rfc3986_encode(signature) self.assertEqual( signature, "nqxpgHpye%2BdOEkEbC%2FS3N1%2FCRFlZPHoyRztkRhkCoz7ISNmV9V60TQ7zwS8Q59SGQUGYuoNSVe8SWtNVQTEuRiZfXd6Eme%2BCdHfAt7%2BbNd3UsrcIHl3CJEvx7u70ItW8aOx4F7rjF%2BaIOq%2Bpc0rbuBugF%2BnElGKydpPiQrKKwE5kB3TZKVkYLLCsLU8Ry%2Fjg05d2TcnGTyfYZDchV4ui0uPzR5UH%2Fkb4ni8lchrtAeaGJwCimACIk6qNLoNnz7u9joKHtYeuZhORRVodxKB%2BAolgAQqJBMyLrseJDITmwIRTRSzQ3vclt%2BMvVs1CMbXYuvnDYd5NFv98emJgBC%2FX1A%3D%3D" )
def test_from_readme(self): uri = "https://sandbox.api.mastercard.com/fraud/merchant/v1/termination-inquiry?Format=XML&PageOffset=0" method = "POST" signing_key = authenticationutils.load_signing_key( "./fake-key.p12", "fakepassword") consumer_key = OAuthSigner( "uLXKmWNmIkzIGKfA2injnNQqpZaxaBSKxa3ixEVu2f283c95!33b9b2bd960147e387fa6f3f238f07170000000000000000", signing_key) header = OAuth().get_authorization_header(uri, method, "payload", consumer_key, signing_key)
def test_sign_json_body(self): uri = "https://sandbox.api.mastercard.com/restservices/clients" consumer_key = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" method = "POST" body = { "clientBaseAddressData": { "addressLine1": "Testowa 5", "city": "Warszawa", "postalCode": "23-456" }, "clientContactData": { "phoneNumberMobile": "test" }, "clientNumber": "2019102301", "clientPersonalData": { "countryCode": "BEL", "shortName": "test" }, "embossedData": { "embossedFirstName": "Pavel", "embossedLastName": "TEST" }, "clientType": "PR" } oauth_parameters = OAuthParameters() oauth_parameters.set_oauth_consumer_key(consumer_key) oauth_parameters.set_oauth_nonce("1111111111111111111") oauth_parameters.set_oauth_timestamp('1111111111') oauth_parameters.set_oauth_signature_method("RSA-SHA256") oauth_parameters.set_oauth_version("1.0") oauth_parameters.set_oauth_body_hash( OAuth().get_encoded_body_hash(body)) base_string = OAuth.get_base_string( uri, method, oauth_parameters.get_base_parameters_dict()) signed_body = OAuth.sign_message(self, base_string, self.signing_key) self.assertEqual( "F3zw3Cqjqx3bsHM9BItsqwGkZx1esgsmyUIr8G1/ydbMSvnPzTJ6OeTBhlgln4R7MybyxErUbTaiuRRMD8z6P4WQ/QIRzZefqvcDBJ1e/jgmPIvGUZmM9FsQDRZ1EaTVNIGVfxZDbJS1b7114JtxeCWeAuM/O3Si3EzFNbzQSZr17Cma6qxojv63fKWqd8NqGmq3X5ngeA1/4bo8xveBZO3iSamFjJW9H6Gf8P++paP0+ORJ4YLQ1KQR5hmP53b53fPrXk5/06CmoMGltfHJvrUE8XUCBS/Y8bJehoCw4930VVCtCQ5FBmnX0W5kY/XEoWaHWiYmOIK7QmBztSd2zQ==", signed_body)
def test_sign_signature_base_string(self): if os.path.exists('./test_key_container.p12'): signing_key = authenticationutils.load_signing_key( "./test_key_container.p12", "Password1") consumer_key = OAuthSigner("YOUR CONSUMER KEY", signing_key) expectedSignatureString = "IJeNKYGfUhFtj5OAPRI92uwfjJJLCej3RCMLbp7R6OIYJhtwxnTkloHQ2bgV7fks4GT/A7rkqrgUGk0ewbwIC6nS3piJHyKVc7rvQXZuCQeeeQpFzLRiH3rsb+ZS+AULK+jzDje4Fb+BQR6XmxuuJmY6YrAKkj13Ln4K6bZJlSxOizbNvt+Htnx+hNd4VgaVBeJKcLhHfZbWQxK76nMnjY7nDcM/2R6LUIR2oLG1L9m55WP3bakAvmOr392ulv1+mWCwDAZZzQ4lakDD2BTu0ZaVsvBW+mcKFxYeTq7SyTQMM4lEwFPJ6RLc8jJJ+veJXHekLVzWg4qHRtzNBLz1mA==" signing_string = OAuth.sign_message(self, "baseString", signing_key) self.maxDiff = None self.assertEqual(expectedSignatureString, signing_string) else: print( "Please add a ./test_key_container.p12 file to enable key tests" )
def request_function(*args, **kwargs): # pragma: no cover in_body = kwargs.get("body", None) query_params = kwargs.get("query_params", None) uri = args[1] if query_params: uri += '?' + urlencode(query_params) auth_header = OAuth().get_authorization_header( uri, args[0], in_body, self.consumer_key, self.signing_key) in_headers = kwargs.get("headers", None) if not in_headers: in_headers = dict() kwargs["headers"] = in_headers in_headers["Authorization"] = auth_header return func(*args, **kwargs)
def test_get_timestamp(self): timestamp = OAuth.get_timestamp() self.assertEqual(len(str(timestamp)), 10)
def test_get_nonce(self): nonce = OAuth.get_nonce() self.assertEqual(len(nonce), 16)
def test_get_authorization_header(self): uri = "https://sandbox.api.mastercard.com/fraud/merchant/v1/termination-inquiry?Format=XML&PageOffset=0" method = "POST" header = OAuth().get_authorization_header(uri, method, "payload", self.consumer_key, self.signing_key)
def test_get_authorization_header_should_compute_body_hash(self): header = OAuth().get_authorization_header('https://www.example.com', 'POST', '{}', 'dummy', OAuthTest.signing_key) self.assertTrue( 'RBNvo1WzZ4oRRq0W9%2BhknpT7T8If536DEMBg9hyq%2F4o%3D' in header)
def test_get_authorization_header_nominal(self): header = OAuth().get_authorization_header('https://www.example.com', 'POST', 'payload', 'dummy', OAuthTest.signing_key) self.assertTrue("OAuth" in header) self.assertTrue("dummy" in header)
def test_nonce_length(self): nonce = OAuth.get_nonce() self.assertEqual(16, len(nonce))
def test_get_authorization_header_should_compute_body_hash(self): header = OAuth().get_authorization_header(OAuthTest.uri, 'POST', '{}', 'dummy', OAuthTest.signing_key) self.assertTrue( 'RBNvo1WzZ4oRRq0W9+hknpT7T8If536DEMBg9hyq/4o=' in header)
def test_get_authorization_header_nominal(self): header = OAuth().get_authorization_header(OAuthTest.uri, 'POST', 'payload', 'dummy', OAuthTest.signing_key) self.assertTrue("OAuth" in header) self.assertTrue("dummy" in header)
def test_sign_signature_base_string(self): expectedSignatureString = "IJeNKYGfUhFtj5OAPRI92uwfjJJLCej3RCMLbp7R6OIYJhtwxnTkloHQ2bgV7fks4GT/A7rkqrgUGk0ewbwIC6nS3piJHyKVc7rvQXZuCQeeeQpFzLRiH3rsb+ZS+AULK+jzDje4Fb+BQR6XmxuuJmY6YrAKkj13Ln4K6bZJlSxOizbNvt+Htnx+hNd4VgaVBeJKcLhHfZbWQxK76nMnjY7nDcM/2R6LUIR2oLG1L9m55WP3bakAvmOr392ulv1+mWCwDAZZzQ4lakDD2BTu0ZaVsvBW+mcKFxYeTq7SyTQMM4lEwFPJ6RLc8jJJ+veJXHekLVzWg4qHRtzNBLz1mA==" signing_string = OAuth.sign_message(self, "baseString", OAuthTest.signing_key) self.assertEqual(expectedSignatureString, signing_string)