def test_short_client_token_encode_known_value(self):
"""Verify that the encoding algorithm gives a known value on known
input.
"""
value = self.authdata._encode_short_client_token(
"a library", "a patron identifier", 1234.5
)
# Note the colon characters that replaced the plus signs in
# what would otherwise be normal base64 text. Similarly for
# the semicolon which replaced the slash, and the at sign which
# replaced the equals sign.
eq_('a library|1234.5|a patron identifier|YoNGn7f38mF531KSWJ;o1H0Z3chbC:uTE:t7pAwqYxM@',
value
)
# Dissect the known value to show how it works.
token, signature = value.rsplit("|", 1)
# Signature is base64-encoded in a custom way that avoids
# triggering an Adobe bug ; token is not.
signature = AuthdataUtility.adobe_base64_decode(signature)
# The token comes from the library name, the patron identifier,
# and the time of creation.
eq_("a library|1234.5|a patron identifier", token)
# The signature comes from signing the token with the
# secret associated with this library.
expect_signature = self.authdata.short_token_signer.sign(
token, self.authdata.short_token_signing_key
)
eq_(expect_signature, signature)
def test_adobe_base64_encode_decode(self):
"""Test our special variant of base64 encoding designed to avoid
triggering an Adobe bug.
"""
value = "!\tFN6~'Es52?X!#)Z*_S"
encoded = AuthdataUtility.adobe_base64_encode(value)
eq_('IQlGTjZ:J0VzNTI;WCEjKVoqX1M@', encoded)
# This is like normal base64 encoding, but with a colon
# replacing the plus character, a semicolon replacing the
# slash, an at sign replacing the equal sign and the final
# newline stripped.
eq_(
encoded.replace(":", "+").replace(";", "/").replace("@", "=") +
"\n", base64.encodestring(value))
# We can reverse the encoding to get the original value.
eq_(value, AuthdataUtility.adobe_base64_decode(encoded))