def test_verify_not_strict(key, value, monkeypatch):
shr = SignedHttpRequest(SIGN_KEY)
result = shr.sign(alg=ALG, **TEST_DATA)
monkeypatch.setitem(TEST_DATA, key, value)
shr.verify(signature=result,
strict_query_params_verification=False,
strict_headers_verification=False, **TEST_DATA)
def test_verify():
timestamp = 12347456
shr = SignedHttpRequest(SIGN_KEY)
result = shr.sign(alg=ALG, time_stamp=12347456, **DEFAULT_DATA)
signature = shr.verify(signature=result, **DEFAULT_DATA)
assert signature["ts"] == timestamp
def test_verify():
timestamp = 12347456
shr = SignedHttpRequest(SIGN_KEY)
result = shr.sign(alg=ALG, time_stamp=12347456, **DEFAULT_DATA)
signature = shr.verify(signature=result, **DEFAULT_DATA)
assert signature["ts"] == timestamp
def test_verify_fail(param, value):
shr = SignedHttpRequest(SIGN_KEY)
result = shr.sign(alg=ALG, **DEFAULT_DATA)
wrong_data = DEFAULT_DATA.copy()
wrong_data[param] = value
with pytest.raises(ValidationError):
shr.verify(signature=result, **wrong_data)
def test_verify_fail(param, value):
shr = SignedHttpRequest(SIGN_KEY)
result = shr.sign(alg=ALG, **DEFAULT_DATA)
wrong_data = DEFAULT_DATA.copy()
wrong_data[param] = value
with pytest.raises(ValidationError):
shr.verify(signature=result, **wrong_data)
def test_verify_with_too_few(param):
test_data = copy.deepcopy(DEFAULT_DATA)
test_data[param]["foo"] = "bar" # insert extra param
shr = SignedHttpRequest(SIGN_KEY)
result = shr.sign(alg=ALG, **test_data)
with pytest.raises(ValidationError):
shr.verify(signature=result, **DEFAULT_DATA)
def test_verify_with_too_few(param):
test_data = copy.deepcopy(DEFAULT_DATA)
test_data[param]["foo"] = "bar" # insert extra param
shr = SignedHttpRequest(SIGN_KEY)
result = shr.sign(alg=ALG, **test_data)
with pytest.raises(ValidationError):
shr.verify(signature=result, **DEFAULT_DATA)
def test_verify_strict(key, value, monkeypatch):
shr = SignedHttpRequest(SIGN_KEY)
result = shr.sign(alg=ALG, **TEST_DATA)
monkeypatch.setitem(TEST_DATA, key, value)
with pytest.raises(ValidationError):
shr.verify(signature=result,
strict_query_params_verification=True,
strict_headers_verification=True, **TEST_DATA)
def test_verify_not_strict(param):
shr = SignedHttpRequest(SIGN_KEY)
result = shr.sign(alg=ALG, **DEFAULT_DATA)
request_with_extra_params = copy.deepcopy(DEFAULT_DATA)
request_with_extra_params[param]["foo"] = "bar" # insert extra param
shr.verify(
signature=result, strict_query_params_verification=False, strict_headers_verification=False, **DEFAULT_DATA
)
def test_verify_not_strict(param):
shr = SignedHttpRequest(SIGN_KEY)
result = shr.sign(alg=ALG, **DEFAULT_DATA)
request_with_extra_params = copy.deepcopy(DEFAULT_DATA)
request_with_extra_params[param]["foo"] = "bar" # insert extra param
shr.verify(signature=result,
strict_query_params_verification=False,
strict_headers_verification=False,
**DEFAULT_DATA)
def _sign_registration_request(self, registration_request):
# type (FederationRegistrationRequest) -> str
"""
Sign registration request.
:param registration_request: registration request
:return: signed registration request
"""
signer = SignedHttpRequest(self.intermediate_key)
return signer.sign(self.intermediate_key.alg, body=registration_request.to_json())
def test_verify_strict_with_too_many(param):
shr = SignedHttpRequest(SIGN_KEY)
result = shr.sign(alg=ALG, **DEFAULT_DATA)
request_with_extra_params = copy.deepcopy(DEFAULT_DATA)
request_with_extra_params[param]["foo"] = "bar" # insert extra param
with pytest.raises(ValidationError):
shr.verify(signature=result,
strict_query_params_verification=True,
strict_headers_verification=True,
**request_with_extra_params)
def test_verify_strict_with_too_many(param):
shr = SignedHttpRequest(SIGN_KEY)
result = shr.sign(alg=ALG, **DEFAULT_DATA)
request_with_extra_params = copy.deepcopy(DEFAULT_DATA)
request_with_extra_params[param]["foo"] = "bar" # insert extra param
with pytest.raises(ValidationError):
shr.verify(
signature=result,
strict_query_params_verification=True,
strict_headers_verification=True,
**request_with_extra_params
)
def __call__(self, method, url, **kwargs):
try:
body = kwargs["body"]
except KeyError:
body = None
try:
headers = kwargs["headers"]
except KeyError:
headers = {}
_kwargs = sign_http_args(method, url, headers, body)
shr = SignedHttpRequest(self.key)
kwargs["Authorization"] = "pop {}".format(shr.sign(alg=self.alg, **_kwargs))
return kwargs
def __call__(self, method, url, **kwargs):
try:
body = kwargs['body']
except KeyError:
body = None
try:
headers = kwargs['headers']
except KeyError:
headers = {}
_kwargs = sign_http_args(method, url, headers, body)
shr = SignedHttpRequest(self.key)
kwargs['Authorization'] = 'pop {}'.format(shr.sign(alg=self.alg,
**_kwargs))
return kwargs
def test_verify_fail_wrong_key():
shr = SignedHttpRequest(SIGN_KEY)
result = shr.sign(alg=ALG, **DEFAULT_DATA)
with pytest.raises(ValidationError):
rshr = SignedHttpRequest(SYMKey(key="wrong_key", alg="HS256"))
rshr.verify(signature=result, **DEFAULT_DATA)
def test_verify_fail_wrong_key():
shr = SignedHttpRequest(SIGN_KEY)
result = shr.sign(alg=ALG, **DEFAULT_DATA)
with pytest.raises(ValidationError):
rshr = SignedHttpRequest(SYMKey(key="wrong_key", alg="HS256"))
rshr.verify(signature=result, **DEFAULT_DATA)
def test_verify_fail(key, value, monkeypatch):
shr = SignedHttpRequest(SIGN_KEY)
result = shr.sign(alg=ALG, **TEST_DATA)
monkeypatch.setitem(TEST_DATA, key, value)
with pytest.raises(ValidationError):
shr.verify(signature=result, **TEST_DATA)
def test_sign_specifies_jws_typ_pop():
shr = SignedHttpRequest(SIGN_KEY)
result = shr.sign(alg=ALG, body="abcdef")
assert JWT().unpack(result).headers["typ"] == "pop"
def test_verify_fail_on_missing_body():
shr = SignedHttpRequest(SIGN_KEY)
result = shr.sign(alg=ALG, body="abcdef")
with pytest.raises(ValidationError):
shr.verify(signature=result)
def test_verify_fail_on_missing_body():
shr = SignedHttpRequest(SIGN_KEY)
result = shr.sign(alg=ALG, body="abcdef")
with pytest.raises(ValidationError):
shr.verify(signature=result)
def test_sign_specifies_jws_typ_pop():
shr = SignedHttpRequest(SIGN_KEY)
result = shr.sign(alg=ALG, body="abcdef")
assert JWT().unpack(result).headers["typ"] == "pop"
