def test_pass(self, verify_certificate_chain, check_signature): check_signature.return_value = True self.verifier = certs.ReceiptVerifier(valid_issuers='f.c') self.verifier.certs = {'http://f.c': { 'jwk': [{'alg': 'RSA', 'exp':'AQAB', 'mod': 'AQAB'}] } } self.verifier.verify(self.combine(self.get_cert(), self.get_receipt()))
def test_chain(self): self.verifier = certs.ReceiptVerifier(valid_issuers='f.c') self.verifier.certs = {'http://f.c': { 'jwk': [{'alg': 'RSA', 'exp':'AQAB', 'mod': 'AQAB'}] }} cert = mock.Mock() cert.payload = {'iss': 'http://f.c', 'exp': time() + 100, 'jwk': [cert]} ok_(self.verifier.verify_certificate_chain([cert]))
def test_chain_expired(self): self.verifier = certs.ReceiptVerifier(valid_issuers='f.c') self.verifier.certs = {'http://f.c': { 'jwk': [{'alg': 'RSA', 'exp':'AQAB', 'mod': 'AQAB'}] }} cert = mock.Mock() cert.payload = {'iss': 'http://f.c', 'exp': time() - 100, 'jwk': [cert]} self.failUnlessRaises(ExpiredSignatureError, self.verifier.verify_certificate_chain, [cert])
def decode_receipt(receipt): """ Cracks the receipt using the private key. This will probably change to using the cert at some point, especially when we get the HSM. """ with statsd.timer('services.decode'): if settings.SIGNING_SERVER_ACTIVE: verifier = certs.ReceiptVerifier() if not verifier.verify(receipt): raise VerificationError() return jwt.decode(receipt.split('~')[1], verify=False) else: key = jwt.rsa_load(settings.WEBAPPS_RECEIPT_KEY) raw = jwt.decode(receipt, key) return raw
def decode_receipt(receipt): """ Cracks the receipt using the private key. This will probably change to using the cert at some point, especially when we get the HSM. """ with statsd.timer('services.decode'): if settings.SIGNING_SERVER_ACTIVE: verifier = certs.ReceiptVerifier() try: result = verifier.verify(receipt) except ExpiredSignatureError: # Until we can do something meaningful with this, just ignore. return jwt.decode(receipt.split('~')[1], verify=False) if not result: raise VerificationError() return jwt.decode(receipt.split('~')[1], verify=False) else: key = jwt.rsa_load(settings.WEBAPPS_RECEIPT_KEY) raw = jwt.decode(receipt, key) return raw
def test_chain_empty(self): self.verifier = certs.ReceiptVerifier(valid_issuers='f.c') self.failUnlessRaises(ValueError, self.verifier.verify_certificate_chain, None )
def test_not_certificate_issuer(self): self.verifier = certs.ReceiptVerifier(valid_issuers='f.c') ok_(self.verifier.check_certificate_issuer, 'http://f.b')
def test_expired(self): self.verifier = certs.ReceiptVerifier() self.failUnlessRaises(certs.ExpiredSignatureError, self.verifier.verify, self.combine(self.get_cert(), self.get_receipt(exp=1)) )