コード例 #1
0
class TestDummyVerifier(unittest.TestCase, VerifierTestCases):

    def setUp(self):
        with warnings.catch_warnings(record=True):
            warnings.simplefilter("default")
            self.verifier = DummyVerifier()

    def test_verification_of_valid_dummy_assertion(self):
        audience = "http://example.com"
        assertion = self.verifier.make_assertion("*****@*****.**", audience)
        self.assertTrue(self.verifier.verify(assertion))
        self.assertTrue(self.verifier.verify(assertion, audience))
        self.assertRaises(AudienceMismatchError,
                          self.verifier.verify, assertion, "http://moz.com")

    def test_verification_of_untrusted_issuer(self):
        audience = "http://example.com"
        issuer = "moz.com"
        # Assertions for @moz.com addresses can come from moz.com
        assertion = self.verifier.make_assertion("*****@*****.**", audience,
                                                 issuer=issuer)
        self.assertTrue(self.verifier.verify(assertion, audience))
        # But assertions for other addresses cannot.
        assertion = self.verifier.make_assertion("*****@*****.**", audience,
                                                 issuer=issuer)
        self.assertRaises(InvalidSignatureError,
                          self.verifier.verify, assertion, audience)

    def test_verification_of_expired_dummy_assertion(self):
        audience = "http://example.com"
        now = (time.time() * 1000)
        assertion = self.verifier.make_assertion("*****@*****.**", audience,
                                                 exp=now - 1)
        self.assertTrue(self.verifier.verify(assertion, now=now - 2))
        self.assertRaises(ExpiredSignatureError,
                          self.verifier.verify, assertion)

    def test_verification_of_dummy_assertion_with_bad_assertion_sig(self):
        audience = "http://example.com"
        assertion = self.verifier.make_assertion("*****@*****.**", audience,
                                                 assertion_sig="BADTOTHEBONE")
        self.assertRaises(InvalidSignatureError,
                          self.verifier.verify, assertion)

    def test_verification_of_dummy_assertion_with_bad_certificate_sig(self):
        audience = "http://example.com"
        assertion = self.verifier.make_assertion("*****@*****.**", audience,
                                                 certificate_sig="CORRUPTUS")
        self.assertRaises(InvalidSignatureError,
                          self.verifier.verify, assertion)
コード例 #2
0
ファイル: test_verifiers.py プロジェクト: junkafarian/PyVEP
 def test_cache_eviction_based_on_time(self):
     cache = FIFOCache(cache_timeout=0.1)
     verifier = DummyVerifier(cache=cache)
     # Prime the cache by verifying an assertion.
     assertion = self.verifier.make_assertion("*****@*****.**", "")
     self.assertTrue(verifier.verify(assertion))
     # Make it error out if re-fetching the keys
     def fetch_public_key(hostname):
         raise RuntimeError("key fetch disabled")
     verifier.fetch_public_key = fetch_public_key
     # It should be in the cache, so this works fine.
     verifier.verify(assertion)
     # But after sleeping it gets evicted and the error is triggered.
     time.sleep(0.1)
     self.assertRaises(RuntimeError, verifier.verify, assertion)
コード例 #3
0
ファイル: test_verifiers.py プロジェクト: junkafarian/PyVEP
    def test_cache_eviction_based_on_time(self):
        cache = FIFOCache(cache_timeout=0.1)
        verifier = DummyVerifier(cache=cache)
        # Prime the cache by verifying an assertion.
        assertion = self.verifier.make_assertion("*****@*****.**", "")
        self.assertTrue(verifier.verify(assertion))

        # Make it error out if re-fetching the keys
        def fetch_public_key(hostname):
            raise RuntimeError("key fetch disabled")

        verifier.fetch_public_key = fetch_public_key
        # It should be in the cache, so this works fine.
        verifier.verify(assertion)
        # But after sleeping it gets evicted and the error is triggered.
        time.sleep(0.1)
        self.assertRaises(RuntimeError, verifier.verify, assertion)
コード例 #4
0
ファイル: test_verifiers.py プロジェクト: junkafarian/PyVEP
 def test_cache_eviction_during_write(self):
     cache = FIFOCache(cache_timeout=0.1)
     verifier = DummyVerifier(cache=cache)
     # Prime the cache by verifying an assertion.
     assertion1 = self.verifier.make_assertion("*****@*****.**", "", "1.com")
     self.assertTrue(verifier.verify(assertion1))
     self.assertEquals(len(cache), 1)
     # Let that cached key expire
     time.sleep(0.1)
     # Now grab a different key; caching it should purge the expired key.
     assertion2 = self.verifier.make_assertion("*****@*****.**", "", "2.com")
     self.assertTrue(verifier.verify(assertion2))
     self.assertEquals(len(cache), 1)
     # Check that only the second entry is in cache.
     def fetch_public_key(hostname):
         raise RuntimeError("key fetch disabled")
     verifier.fetch_public_key = fetch_public_key
     self.assertTrue(verifier.verify(assertion2))
     self.assertRaises(RuntimeError, verifier.verify, assertion1)
コード例 #5
0
ファイル: test_verifiers.py プロジェクト: junkafarian/PyVEP
 def test_cache_eviction_based_on_size(self):
     cache = FIFOCache(max_size=2)
     verifier = DummyVerifier(cache=cache)
     # Prime the cache by verifying some assertions.
     assertion1 = self.verifier.make_assertion("*****@*****.**", "", "1.com")
     self.assertTrue(verifier.verify(assertion1))
     assertion2 = self.verifier.make_assertion("*****@*****.**", "", "2.com")
     self.assertTrue(verifier.verify(assertion2))
     self.assertEquals(len(cache), 2)
     # Hitting a third host should evict the first public key.
     assertion3 = self.verifier.make_assertion("*****@*****.**", "", "3.com")
     self.assertTrue(verifier.verify(assertion3))
     self.assertEquals(len(cache), 2)
     # Make it error out if re-fetching any keys
     def fetch_public_key(hostname):
         raise RuntimeError("key fetch disabled")
     verifier.fetch_public_key = fetch_public_key
     # It should have to re-fetch for 1, but not 2.
     self.assertTrue(verifier.verify(assertion2))
     self.assertRaises(RuntimeError, verifier.verify, assertion1)
コード例 #6
0
ファイル: test_verifiers.py プロジェクト: junkafarian/PyVEP
    def test_cache_eviction_during_write(self):
        cache = FIFOCache(cache_timeout=0.1)
        verifier = DummyVerifier(cache=cache)
        # Prime the cache by verifying an assertion.
        assertion1 = self.verifier.make_assertion("*****@*****.**", "", "1.com")
        self.assertTrue(verifier.verify(assertion1))
        self.assertEquals(len(cache), 1)
        # Let that cached key expire
        time.sleep(0.1)
        # Now grab a different key; caching it should purge the expired key.
        assertion2 = self.verifier.make_assertion("*****@*****.**", "", "2.com")
        self.assertTrue(verifier.verify(assertion2))
        self.assertEquals(len(cache), 1)

        # Check that only the second entry is in cache.
        def fetch_public_key(hostname):
            raise RuntimeError("key fetch disabled")

        verifier.fetch_public_key = fetch_public_key
        self.assertTrue(verifier.verify(assertion2))
        self.assertRaises(RuntimeError, verifier.verify, assertion1)
コード例 #7
0
ファイル: test_verifiers.py プロジェクト: junkafarian/PyVEP
    def test_cache_eviction_based_on_size(self):
        cache = FIFOCache(max_size=2)
        verifier = DummyVerifier(cache=cache)
        # Prime the cache by verifying some assertions.
        assertion1 = self.verifier.make_assertion("*****@*****.**", "", "1.com")
        self.assertTrue(verifier.verify(assertion1))
        assertion2 = self.verifier.make_assertion("*****@*****.**", "", "2.com")
        self.assertTrue(verifier.verify(assertion2))
        self.assertEquals(len(cache), 2)
        # Hitting a third host should evict the first public key.
        assertion3 = self.verifier.make_assertion("*****@*****.**", "", "3.com")
        self.assertTrue(verifier.verify(assertion3))
        self.assertEquals(len(cache), 2)

        # Make it error out if re-fetching any keys
        def fetch_public_key(hostname):
            raise RuntimeError("key fetch disabled")

        verifier.fetch_public_key = fetch_public_key
        # It should have to re-fetch for 1, but not 2.
        self.assertTrue(verifier.verify(assertion2))
        self.assertRaises(RuntimeError, verifier.verify, assertion1)
コード例 #8
0
ファイル: test_verifiers.py プロジェクト: tarekziade/PyVEP
class TestDummyVerifier(unittest.TestCase, VerifierTestCases):

    def setUp(self):
        with warnings.catch_warnings(record=True) as w:
            warnings.simplefilter("always")
            self.verifier = DummyVerifier()
        # There should be no warnings from the dummy verifier.
        self.assertEquals(len(w), 0)

    def test_verification_of_valid_dummy_assertion(self):
        audience = "http://example.com"
        assertion = self.verifier.make_assertion("*****@*****.**", audience)
        self.assertTrue(self.verifier.verify(assertion))
        self.assertTrue(self.verifier.verify(assertion, audience))
        self.assertRaises(AudienceMismatchError,
                          self.verifier.verify, assertion, "http://moz.com")

    def test_verification_of_oldstyle_dummy_assertion(self):
        audience = "http://example.com"
        assertion = self.verifier.make_assertion("*****@*****.**", audience,
                                                 new_style=False)
        self.assertTrue(self.verifier.verify(assertion))
        self.assertTrue(self.verifier.verify(assertion, audience))
        self.assertRaises(AudienceMismatchError,
                          self.verifier.verify, assertion, "http://moz.com")

    def test_verification_of_untrusted_issuer(self):
        audience = "http://example.com"
        issuer = "moz.com"
        # Assertions for @moz.com addresses can come from moz.com
        assertion = self.verifier.make_assertion("*****@*****.**", audience,
                                                 issuer=issuer)
        self.assertTrue(self.verifier.verify(assertion, audience))
        # But assertions for other addresses cannot.
        assertion = self.verifier.make_assertion("*****@*****.**", audience,
                                                 issuer=issuer)
        self.assertRaises(InvalidSignatureError,
                          self.verifier.verify, assertion, audience)

    def test_verification_of_expired_dummy_assertion(self):
        audience = "http://example.com"
        now = (time.time() * 1000)
        assertion = self.verifier.make_assertion("*****@*****.**", audience,
                                                 exp=now - 1)
        self.assertTrue(self.verifier.verify(assertion, now=now - 2))
        self.assertRaises(ExpiredSignatureError,
                          self.verifier.verify, assertion)

    def test_verification_of_dummy_assertion_with_bad_assertion_sig(self):
        audience = "http://example.com"
        assertion = self.verifier.make_assertion("*****@*****.**", audience,
                                                 assertion_sig="BADTOTHEBONE")
        self.assertRaises(InvalidSignatureError,
                          self.verifier.verify, assertion)

    def test_verification_of_dummy_assertion_with_bad_certificate_sig(self):
        audience = "http://example.com"
        assertion = self.verifier.make_assertion("*****@*****.**", audience,
                                                 certificate_sig="CORRUPTUS")
        self.assertRaises(InvalidSignatureError,
                          self.verifier.verify, assertion)

    def test_cache_eviction_based_on_time(self):
        cache = FIFOCache(cache_timeout=0.1)
        verifier = DummyVerifier(cache=cache)
        # Prime the cache by verifying an assertion.
        assertion = self.verifier.make_assertion("*****@*****.**", "")
        self.assertTrue(verifier.verify(assertion))
        # Make it error out if re-fetching the keys

        def fetch_public_key(hostname):
            raise RuntimeError("key fetch disabled")

        verifier.fetch_public_key = fetch_public_key
        # It should be in the cache, so this works fine.
        verifier.verify(assertion)
        # But after sleeping it gets evicted and the error is triggered.
        time.sleep(0.1)
        self.assertRaises(RuntimeError, verifier.verify, assertion)

    def test_cache_eviction_based_on_size(self):
        cache = FIFOCache(max_size=2)
        verifier = DummyVerifier(cache=cache)
        # Prime the cache by verifying some assertions.
        assertion1 = self.verifier.make_assertion("*****@*****.**", "", "1.com")
        self.assertTrue(verifier.verify(assertion1))
        assertion2 = self.verifier.make_assertion("*****@*****.**", "", "2.com")
        self.assertTrue(verifier.verify(assertion2))
        self.assertEquals(len(cache), 2)
        # Hitting a third host should evict the first public key.
        assertion3 = self.verifier.make_assertion("*****@*****.**", "", "3.com")
        self.assertTrue(verifier.verify(assertion3))
        self.assertEquals(len(cache), 2)
        # Make it error out if re-fetching any keys

        def fetch_public_key(hostname):
            raise RuntimeError("key fetch disabled")

        verifier.fetch_public_key = fetch_public_key
        # It should have to re-fetch for 1, but not 2.
        self.assertTrue(verifier.verify(assertion2))
        self.assertRaises(RuntimeError, verifier.verify, assertion1)

    def test_cache_eviction_during_write(self):
        cache = FIFOCache(cache_timeout=0.1)
        verifier = DummyVerifier(cache=cache)
        # Prime the cache by verifying an assertion.
        assertion1 = self.verifier.make_assertion("*****@*****.**", "", "1.com")
        self.assertTrue(verifier.verify(assertion1))
        self.assertEquals(len(cache), 1)
        # Let that cached key expire
        time.sleep(0.1)
        # Now grab a different key; caching it should purge the expired key.
        assertion2 = self.verifier.make_assertion("*****@*****.**", "", "2.com")
        self.assertTrue(verifier.verify(assertion2))
        self.assertEquals(len(cache), 1)
        # Check that only the second entry is in cache.

        def fetch_public_key(hostname):
            raise RuntimeError("key fetch disabled")

        verifier.fetch_public_key = fetch_public_key
        self.assertTrue(verifier.verify(assertion2))
        self.assertRaises(RuntimeError, verifier.verify, assertion1)
コード例 #9
0
ファイル: test_verifiers.py プロジェクト: junkafarian/PyVEP
class TestDummyVerifier(unittest.TestCase, VerifierTestCases):
    def setUp(self):
        with warnings.catch_warnings(record=True) as w:
            warnings.simplefilter("always")
            self.verifier = DummyVerifier()
        # There should be no warnings from the dummy verifier.
        self.assertEquals(len(w), 0)

    def test_verification_of_valid_dummy_assertion(self):
        audience = "http://example.com"
        assertion = self.verifier.make_assertion("*****@*****.**", audience)
        self.assertTrue(self.verifier.verify(assertion))
        self.assertTrue(self.verifier.verify(assertion, audience))
        self.assertRaises(AudienceMismatchError, self.verifier.verify,
                          assertion, "http://moz.com")

    def test_verification_of_oldstyle_dummy_assertion(self):
        audience = "http://example.com"
        assertion = self.verifier.make_assertion("*****@*****.**",
                                                 audience,
                                                 new_style=False)
        self.assertTrue(self.verifier.verify(assertion))
        self.assertTrue(self.verifier.verify(assertion, audience))
        self.assertRaises(AudienceMismatchError, self.verifier.verify,
                          assertion, "http://moz.com")

    def test_verification_of_untrusted_issuer(self):
        audience = "http://example.com"
        issuer = "moz.com"
        # Assertions for @moz.com addresses can come from moz.com
        assertion = self.verifier.make_assertion("*****@*****.**",
                                                 audience,
                                                 issuer=issuer)
        self.assertTrue(self.verifier.verify(assertion, audience))
        # But assertions for other addresses cannot.
        assertion = self.verifier.make_assertion("*****@*****.**",
                                                 audience,
                                                 issuer=issuer)
        self.assertRaises(InvalidSignatureError, self.verifier.verify,
                          assertion, audience)

    def test_verification_of_expired_dummy_assertion(self):
        audience = "http://example.com"
        now = (time.time() * 1000)
        assertion = self.verifier.make_assertion("*****@*****.**",
                                                 audience,
                                                 exp=now - 1)
        self.assertTrue(self.verifier.verify(assertion, now=now - 2))
        self.assertRaises(ExpiredSignatureError, self.verifier.verify,
                          assertion)

    def test_verification_of_dummy_assertion_with_bad_assertion_sig(self):
        audience = "http://example.com"
        assertion = self.verifier.make_assertion("*****@*****.**",
                                                 audience,
                                                 assertion_sig="BADTOTHEBONE")
        self.assertRaises(InvalidSignatureError, self.verifier.verify,
                          assertion)

    def test_verification_of_dummy_assertion_with_bad_certificate_sig(self):
        audience = "http://example.com"
        assertion = self.verifier.make_assertion("*****@*****.**",
                                                 audience,
                                                 certificate_sig="CORRUPTUS")
        self.assertRaises(InvalidSignatureError, self.verifier.verify,
                          assertion)

    def test_cache_eviction_based_on_time(self):
        cache = FIFOCache(cache_timeout=0.1)
        verifier = DummyVerifier(cache=cache)
        # Prime the cache by verifying an assertion.
        assertion = self.verifier.make_assertion("*****@*****.**", "")
        self.assertTrue(verifier.verify(assertion))

        # Make it error out if re-fetching the keys
        def fetch_public_key(hostname):
            raise RuntimeError("key fetch disabled")

        verifier.fetch_public_key = fetch_public_key
        # It should be in the cache, so this works fine.
        verifier.verify(assertion)
        # But after sleeping it gets evicted and the error is triggered.
        time.sleep(0.1)
        self.assertRaises(RuntimeError, verifier.verify, assertion)

    def test_cache_eviction_based_on_size(self):
        cache = FIFOCache(max_size=2)
        verifier = DummyVerifier(cache=cache)
        # Prime the cache by verifying some assertions.
        assertion1 = self.verifier.make_assertion("*****@*****.**", "", "1.com")
        self.assertTrue(verifier.verify(assertion1))
        assertion2 = self.verifier.make_assertion("*****@*****.**", "", "2.com")
        self.assertTrue(verifier.verify(assertion2))
        self.assertEquals(len(cache), 2)
        # Hitting a third host should evict the first public key.
        assertion3 = self.verifier.make_assertion("*****@*****.**", "", "3.com")
        self.assertTrue(verifier.verify(assertion3))
        self.assertEquals(len(cache), 2)

        # Make it error out if re-fetching any keys
        def fetch_public_key(hostname):
            raise RuntimeError("key fetch disabled")

        verifier.fetch_public_key = fetch_public_key
        # It should have to re-fetch for 1, but not 2.
        self.assertTrue(verifier.verify(assertion2))
        self.assertRaises(RuntimeError, verifier.verify, assertion1)

    def test_cache_eviction_during_write(self):
        cache = FIFOCache(cache_timeout=0.1)
        verifier = DummyVerifier(cache=cache)
        # Prime the cache by verifying an assertion.
        assertion1 = self.verifier.make_assertion("*****@*****.**", "", "1.com")
        self.assertTrue(verifier.verify(assertion1))
        self.assertEquals(len(cache), 1)
        # Let that cached key expire
        time.sleep(0.1)
        # Now grab a different key; caching it should purge the expired key.
        assertion2 = self.verifier.make_assertion("*****@*****.**", "", "2.com")
        self.assertTrue(verifier.verify(assertion2))
        self.assertEquals(len(cache), 1)

        # Check that only the second entry is in cache.
        def fetch_public_key(hostname):
            raise RuntimeError("key fetch disabled")

        verifier.fetch_public_key = fetch_public_key
        self.assertTrue(verifier.verify(assertion2))
        self.assertRaises(RuntimeError, verifier.verify, assertion1)