예제 #1
0
    def test_incorrect_headers(self):
        HOST = "example.com"
        METHOD = "POST"
        PATH = '/foo?param=value&pet=dog'
        hs = HeaderSigner(secret=self.sign_secret,
                          key_id="Test",
                          algorithm=self.algorithm,
                          headers=[
                            '(request-target)',
                            'host',
                            'date',
                            'content-type',
                            'content-md5',
                            'content-length'])
        unsigned = {
            'Host': HOST,
            'Date': 'Thu, 05 Jan 2012 21:31:40 GMT',
            'Content-Type': 'application/json',
            'Content-MD5': 'Sd/dVLAcvNLSq16eXua5uQ==',
            'Content-Length': '18',
        }
        signed = hs.sign(unsigned, method=METHOD, path=PATH)

        hv = HeaderVerifier(headers=signed, secret=self.verify_secret, required_headers=["some-other-header"], host=HOST, method=METHOD, path=PATH)
        with self.assertRaises(Exception) as ex:
            hv.verify()
예제 #2
0
    def test_signed_headers(self):
        HOST = self.header_host
        METHOD = self.test_method
        PATH = self.test_path
        hs = HeaderSigner(key_id="Test",
                          secret=self.sign_secret,
                          algorithm=self.algorithm,
                          sign_header=self.sign_header,
                          headers=[
                              '(request-target)', 'host', 'date',
                              'content-type', 'digest', 'content-length'
                          ],
                          sign_algorithm=self.sign_algorithm)
        unsigned = {
            'Host': HOST,
            'Date': self.header_date,
            'Content-Type': self.header_content_type,
            'Digest': self.header_digest,
            'Content-Length': self.header_content_length,
        }
        signed = hs.sign(unsigned, method=METHOD, path=PATH)

        hv = HeaderVerifier(headers=signed,
                            secret=self.verify_secret,
                            host=HOST,
                            method=METHOD,
                            path=PATH,
                            sign_header=self.sign_header,
                            sign_algorithm=self.sign_algorithm)
        self.assertTrue(hv.verify())
    def test_rsa_pubkey_fail(self):

        from httpsig.sign import HeaderSigner

        private_key_path = os.path.join(os.path.dirname(__file__),
                                        'private_key2.pem')
        with open(private_key_path, 'rb') as f:
            private_key = f.read()

        HOST = "example.com"
        METHOD = "GET"
        PATH = '/foo?param=value&pet=dog'
        hs = HeaderSigner(key_id=KEYID,
                          secret=private_key,
                          algorithm=self.auth.ALGORITHM,
                          headers=[
                              '(request-target)', 'host', 'date',
                              'content-type', 'content-md5', 'content-length'
                          ])
        unsigned = {
            'Host': HOST,
            'Date': 'Thu, 05 Jan 2012 21:31:40 GMT',
            'Content-Type': 'application/json',
            'Content-MD5': 'Sd/dVLAcvNLSq16eXua5uQ==',
            'Content-Length': '18',
        }
        signed = hs.sign(unsigned, method=METHOD, path=PATH)

        # convert headers to DJANGO format and create request
        DJ_HEADERS = {}
        for key, value in six.iteritems(signed):
            DJ_HEADERS.update({self.auth.header_canonical(key): value})
        request = RequestFactory().get(PATH, {}, **DJ_HEADERS)
        self.assertRaises(AuthenticationFailed, self.auth.authenticate,
                          request)
예제 #4
0
    def test_incorrect_headers(self):
        HOST = self.header_host
        METHOD = self.test_method
        PATH = self.test_path
        hs = HeaderSigner(secret=self.sign_secret,
                          key_id="Test",
                          algorithm=self.algorithm,
                          sign_header=self.sign_header,
                          headers=[
                              '(request-target)',
                              'host',
                              'date',
                              'content-type',
                              'digest',
                              'content-length'])
        unsigned = {
            'Host': HOST,
            'Date': self.header_date,
            'Content-Type': self.header_content_type,
            'Digest': self.header_digest,
            'Content-Length': self.header_content_length,
        }
        signed = hs.sign(unsigned, method=METHOD, path=PATH)

        hv = HeaderVerifier(headers=signed, secret=self.verify_secret,
                            required_headers=["some-other-header"],
                            host=HOST, method=METHOD, path=PATH,
                            sign_header=self.sign_header)
        with self.assertRaises(Exception):
            hv.verify()
예제 #5
0
 def test_extra_auth_headers(self):
     HOST = "example.com"
     METHOD = "POST"
     PATH = '/foo?param=value&pet=dog'
     hs = HeaderSigner(key_id="Test",
                       secret=self.sign_secret,
                       sign_header=self.sign_header,
                       algorithm=self.algorithm,
                       headers=[
                           '(request-target)', 'host', 'date',
                           'content-type', 'digest', 'content-length'
                       ],
                       sign_algorithm=self.sign_algorithm)
     unsigned = {
         'Host': HOST,
         'Date': self.header_date,
         'Content-Type': self.header_content_type,
         'Digest': self.header_digest,
         'Content-Length': self.header_content_length,
     }
     signed = hs.sign(unsigned, method=METHOD, path=PATH)
     hv = HeaderVerifier(headers=signed,
                         secret=self.verify_secret,
                         method=METHOD,
                         path=PATH,
                         sign_header=self.sign_header,
                         required_headers=['date', '(request-target)'],
                         sign_algorithm=self.sign_algorithm)
     self.assertTrue(hv.verify())
예제 #6
0
 def test_all(self):
     hs = HeaderSigner(key_id='Test', secret=self.key, headers=[
         '(request-line)',
         'host',
         'date',
         'content-type',
         'content-md5',
         'content-length'
     ])
     unsigned = {
         'Host': 'example.com',
         'Date': 'Thu, 05 Jan 2012 21:31:40 GMT',
         'Content-Type': 'application/json',
         'Content-MD5': 'Sd/dVLAcvNLSq16eXua5uQ==',
         'Content-Length': '18',
     }
     signed = hs.sign(unsigned, method='POST', path='/foo?param=value&pet=dog')
     
     self.assertIn('Date', signed)
     self.assertEqual(unsigned['Date'], signed['Date'])
     self.assertIn('Authorization', signed)
     params = self._parse_auth(signed['Authorization'])
     self.assertIn('keyId', params)
     self.assertIn('algorithm', params)
     self.assertIn('signature', params)
     self.assertEqual(params['keyId'], 'Test')
     self.assertEqual(params['algorithm'], 'rsa-sha256')
     self.assertEqual(params['headers'], '(request-line) host date content-type content-md5 content-length')
     self.assertEqual(params['signature'], 'vYJio4AxbN38TKdzE1Qk/3qXhzTaBS7zUIPCqV+NsjLSf8ZK/19L9ErTz8FYBAW8Gko2dEaU70McrIO33k0PUlPsWvbGn/IhnU14rvSPF/F+AnFVFeA9ivvvyVZQYYYp17fnNfiCzHrvUn+VnqMhRKA15Nr8KKwt9Eqi36wQ8Vg=')
예제 #7
0
    def test_incorrect_headers(self):
        HOST = self.header_host
        METHOD = self.test_method
        PATH = self.test_path
        hs = HeaderSigner(secret=self.sign_secret,
                          key_id="Test",
                          algorithm=self.algorithm,
                          sign_header=self.sign_header,
                          headers=[
                              '(request-target)', 'host', 'date',
                              'content-type', 'digest', 'content-length'
                          ],
                          sign_algorithm=self.sign_algorithm)
        unsigned = {
            'Host': HOST,
            'Date': self.header_date,
            'Content-Type': self.header_content_type,
            'Digest': self.header_digest,
            'Content-Length': self.header_content_length,
        }
        signed = hs.sign(unsigned, method=METHOD, path=PATH)

        hv = HeaderVerifier(headers=signed,
                            secret=self.verify_secret,
                            required_headers=["some-other-header"],
                            host=HOST,
                            method=METHOD,
                            path=PATH,
                            sign_header=self.sign_header,
                            sign_algorithm=self.sign_algorithm)
        with self.assertRaises(ValueError) as e:
            hv.verify()
        self.assertEqual(str(e.exception),
                         'some-other-header is a required header(s)')
예제 #8
0
    def test_signed_headers(self):
        HOST = self.header_host
        METHOD = self.test_method
        PATH = self.test_path
        hs = HeaderSigner(
                key_id="Test",
                secret=self.sign_secret,
                algorithm=self.algorithm,
                sign_header=self.sign_header,
                headers=[
                    '(request-target)',
                    'host',
                    'date',
                    'content-type',
                    'digest',
                    'content-length'
                ])
        unsigned = {
            'Host': HOST,
            'Date': self.header_date,
            'Content-Type': self.header_content_type,
            'Digest': self.header_digest,
            'Content-Length': self.header_content_length,
        }
        signed = hs.sign(unsigned, method=METHOD, path=PATH)

        hv = HeaderVerifier(
                headers=signed, secret=self.verify_secret,
                host=HOST, method=METHOD, path=PATH,
                sign_header=self.sign_header)
        self.assertTrue(hv.verify())
예제 #9
0
    def test_incorrect_headers(self):
        HOST = "example.com"
        METHOD = "POST"
        PATH = '/foo?param=value&pet=dog'
        hs = HeaderSigner(secret=self.sign_secret,
                          key_id="Test",
                          algorithm=self.algorithm,
                          headers=[
                              '(request-target)', 'host', 'date',
                              'content-type', 'content-md5', 'content-length'
                          ])
        unsigned = {
            'Host': HOST,
            'Date': 'Thu, 05 Jan 2012 21:31:40 GMT',
            'Content-Type': 'application/json',
            'Content-MD5': 'Sd/dVLAcvNLSq16eXua5uQ==',
            'Content-Length': '18',
        }
        signed = hs.sign(unsigned, method=METHOD, path=PATH)

        hv = HeaderVerifier(headers=signed,
                            secret=self.verify_secret,
                            required_headers=["some-other-header"],
                            host=HOST,
                            method=METHOD,
                            path=PATH)
        with self.assertRaises(Exception) as ex:
            hv.verify()
예제 #10
0
 def test_extra_auth_headers(self):
     HOST = "example.com"
     METHOD = "POST"
     PATH = '/foo?param=value&pet=dog'
     hs = HeaderSigner(
             key_id="Test",
             secret=self.sign_secret,
             sign_header=self.sign_header,
             algorithm=self.algorithm, headers=[
                 '(request-target)',
                 'host',
                 'date',
                 'content-type',
                 'digest',
                 'content-length'
             ])
     unsigned = {
         'Host': HOST,
         'Date': self.header_date,
         'Content-Type': self.header_content_type,
         'Digest': self.header_digest,
         'Content-Length': self.header_content_length,
     }
     signed = hs.sign(unsigned, method=METHOD, path=PATH)
     hv = HeaderVerifier(
             headers=signed,
             secret=self.verify_secret,
             method=METHOD,
             path=PATH,
             sign_header=self.sign_header,
             required_headers=['date', '(request-target)'])
     self.assertTrue(hv.verify())
예제 #11
0
 def test_extra_auth_headers(self):
     HOST = "example.com"
     METHOD = "POST"
     PATH = '/foo?param=value&pet=dog'
     hs = HeaderSigner(key_id="Test",
                       secret=self.sign_secret,
                       algorithm=self.algorithm,
                       headers=[
                           '(request-target)', 'host', 'date',
                           'content-type', 'content-md5', 'content-length'
                       ])
     unsigned = {
         'Host': HOST,
         'Date': 'Thu, 05 Jan 2012 21:31:40 GMT',
         'Content-Type': 'application/json',
         'Content-MD5': 'Sd/dVLAcvNLSq16eXua5uQ==',
         'Content-Length': '18',
     }
     signed = hs.sign(unsigned, method=METHOD, path=PATH)
     hv = HeaderVerifier(headers=signed,
                         secret=self.verify_secret,
                         method=METHOD,
                         path=PATH,
                         required_headers=['date', '(request-target)'])
     self.assertTrue(hv.verify())
예제 #12
0
 def test_default(self):
     unsigned = {
         'Date': 'Thu, 05 Jan 2012 21:31:40 GMT'
     }
     
     hs = HeaderSigner(key_id="Test", secret=self.sign_secret, algorithm=self.algorithm)
     signed = hs.sign(unsigned)
     hv = HeaderVerifier(headers=signed, secret=self.verify_secret)
     self.assertTrue(hv.verify())
예제 #13
0
    def test_default(self):
        unsigned = {'Date': 'Thu, 05 Jan 2012 21:31:40 GMT'}

        hs = HeaderSigner(key_id="Test",
                          secret=self.sign_secret,
                          algorithm=self.algorithm)
        signed = hs.sign(unsigned)
        hv = HeaderVerifier(headers=signed, secret=self.verify_secret)
        self.assertTrue(hv.verify())
예제 #14
0
    def test_default(self):
        unsigned = {'Date': self.header_date}

        hs = HeaderSigner(key_id="Test",
                          secret=self.sign_secret,
                          algorithm=self.algorithm)
        signed = hs.sign(unsigned)
        hv = HeaderVerifier(headers=signed, secret=self.verify_secret)
        self.assertTrue(hv.verify())
예제 #15
0
    def test_default(self):
        unsigned = {
            'Date': self.header_date
        }

        hs = HeaderSigner(
            key_id="Test", secret=self.sign_secret, algorithm=self.algorithm,
            sign_header=self.sign_header)
        signed = hs.sign(unsigned)
        hv = HeaderVerifier(
            headers=signed, secret=self.verify_secret, sign_header=self.sign_header)
        self.assertTrue(hv.verify())
예제 #16
0
    def test_mix_default_256_1(self):
        unsigned = {'Date': self.header_date}

        hs = HeaderSigner(key_id="Test",
                          secret=self.other_private_key,
                          algorithm='rsa-sha256',
                          sign_header=self.sign_header)
        signed = hs.sign(unsigned)
        hv = HeaderVerifier(headers=signed,
                            secret=self.public_key,
                            sign_header=self.sign_header)
        self.assertFalse(hv.verify())
예제 #17
0
    def test_correct_derived_algorithm(self):
        unsigned = {'Date': self.header_date}

        hs = HeaderSigner(key_id="Test",
                          secret=self.sign_secret,
                          algorithm=self.algorithm,
                          sign_header=self.sign_header,
                          sign_algorithm=self.sign_algorithm)
        signed = hs.sign(unsigned)

        hv = HeaderVerifier(headers=signed,
                            secret=self.verify_secret,
                            sign_header=self.sign_header,
                            algorithm="hs2019",
                            sign_algorithm=self.sign_algorithm)
        self.assertTrue(hv.verify())
예제 #18
0
    def test_algorithm_mismatch(self):
        unsigned = {'Date': self.header_date}

        hs = HeaderSigner(key_id="Test",
                          secret=self.sign_secret,
                          algorithm=self.algorithm,
                          sign_header=self.sign_header,
                          sign_algorithm=self.sign_algorithm)
        signed = hs.sign(unsigned)

        hv = HeaderVerifier(headers=signed,
                            secret=self.verify_secret,
                            sign_header=self.sign_header,
                            algorithm="rsa-sha256",
                            sign_algorithm=self.sign_algorithm)
        self.assertFalse(hv.verify())
예제 #19
0
 def test_default(self):
     hs = HeaderSigner(key_id='Test', secret=self.key)
     unsigned = {
         'Date': 'Thu, 05 Jan 2012 21:31:40 GMT'
     }
     signed = hs.sign(unsigned)
     self.assertIn('Date', signed)
     self.assertEqual(unsigned['Date'], signed['Date'])
     self.assertIn('Authorization', signed)
     params = self._parse_auth(signed['Authorization'])
     self.assertIn('keyId', params)
     self.assertIn('algorithm', params)
     self.assertIn('signature', params)
     self.assertEqual(params['keyId'], 'Test')
     self.assertEqual(params['algorithm'], 'rsa-sha256')
     self.assertEqual(params['signature'], 'ATp0r26dbMIxOopqw0OfABDT7CKMIoENumuruOtarj8n/97Q3htHFYpH8yOSQk3Z5zh8UxUym6FYTb5+A0Nz3NRsXJibnYi7brE/4tx5But9kkFGzG+xpUmimN4c3TMN7OFH//+r8hBf7BT9/GmHDUVZT2JzWGLZES2xDOUuMtA=')
예제 #20
0
 def test_extra_auth_headers(self):
     HOST = "example.com"
     METHOD = "POST"
     PATH = '/foo?param=value&pet=dog'
     hs = HeaderSigner(key_id="Test", secret=self.sign_secret, algorithm=self.algorithm, headers=[
         '(request-target)',
         'host',
         'date',
         'content-type',
         'content-md5',
         'content-length'
     ])
     unsigned = {
         'Host': HOST,
         'Date': 'Thu, 05 Jan 2012 21:31:40 GMT',
         'Content-Type': 'application/json',
         'Content-MD5': 'Sd/dVLAcvNLSq16eXua5uQ==',
         'Content-Length': '18',
     }
     signed = hs.sign(unsigned, method=METHOD, path=PATH)
     hv = HeaderVerifier(headers=signed, secret=self.verify_secret, method=METHOD, path=PATH, required_headers=['date', '(request-target)'])
     self.assertTrue(hv.verify())