def test_equality_of_str(self):
"""Create a duplicate Signature from a string and then check they are equal"""
sig_string = "GET" + "\n" + \
"/mauth/v2/mauth.json" + "\n" + \
"" + "\n" + \
self.app_uuid + "\n" + \
self.mws_time
signature = Signature.from_signature(sig_string)
signature_1 = Signature.from_signature(sig_string)
self.assertEqual(signature, signature_1)
def test_equality_of_req(self):
"""Create a duplicate Signature from a request and then check they are equal"""
request = mock.Mock(headers={
settings.x_mws_time:
self.mws_time,
settings.x_mws_authentication:
"MWS %s:somethingelse" % self.app_uuid
},
path="/mauth/v2/mauth.json?open=1",
method="GET",
data="")
signature = Signature.from_request(request)
signature_1 = Signature.from_request(request)
self.assertEqual(signature, signature_1)
def test_inequality_of_str_and_req(self):
"""Create a Signature from a string and request and then check they are not equal with different path"""
sig_string = "GET" + "\n" + \
"/mauth/v2/authentication_ticket.json" + "\n" + \
"" + "\n" + \
self.app_uuid + "\n" + \
self.mws_time
signature = Signature.from_signature(sig_string)
request = mock.Mock(headers={
settings.x_mws_time:
self.mws_time,
settings.x_mws_authentication:
"MWS %s:somethingelse" % self.app_uuid
},
path="/mauth/v2/mauth.json?open=1",
method="GET",
data="")
signature_1 = Signature.from_request(request)
self.assertNotEqual(signature, signature_1)
def test_creates_from_string(self):
"""Create a Signature from a string"""
# expected string
sig_string = "GET" + "\n" + \
"/mauth/v2/mauth.json" + "\n" + \
"" + "\n" + \
self.app_uuid + "\n" + \
self.mws_time
signature = Signature.from_signature(sig_string)
self.assertEqual("GET", signature.verb)
self.assertEqual(self.app_uuid, signature.app_uuid)
self.assertEqual("/mauth/v2/mauth.json", signature.url_path)
self.assertEqual(self.mws_time, signature.seconds_since_epoch)
def test_create_from_request(self):
"""Create a Signature from a request"""
request = mock.Mock(headers={
settings.x_mws_time:
self.mws_time,
settings.x_mws_authentication:
"MWS %s:somethingelse" % self.app_uuid
},
path="/mauth/v2/mauth.json?open=1",
method="GET",
data="")
signature = Signature.from_request(request)
self.assertEqual("GET", signature.verb)
self.assertEqual(self.app_uuid, signature.app_uuid)
self.assertEqual("/mauth/v2/mauth.json", signature.url_path)
self.assertEqual(self.mws_time, signature.seconds_since_epoch)
def test_does_not_match(self):
"""When supplied with an invalid hash we don't match"""
str_to_sign = "GET" + "\n" + \
"/mauth/v1/mauth.json" + "\n" + \
"" + "\n" + \
self.app_uuid + "\n" + \
self.mws_time
hashed = get_hash(str_to_sign)
request = mock.Mock(headers={
settings.x_mws_time:
self.mws_time,
settings.x_mws_authentication:
"MWS %s:somethingelse" % self.app_uuid
},
path="/mauth/v2/mauth.json?open=1",
method="GET",
data="")
signature_1 = Signature.from_request(request)
self.assertFalse(signature_1.matches(hashed))
def signature_valid(self, request):
"""
Is the signature valid?
:param request: request object
:type request: werkzeug.wrappers.BaseRequest
"""
token, app_uuid, signature, mws_time = mws_attr(request)
expected = Signature.from_request(request=request)
try:
token = self.secure_token_cacher.get(app_uuid=app_uuid)
key_text = token.get('security_token').get('public_key_str')
if "BEGIN PUBLIC KEY" in key_text:
# Load a PKCS#1 PEM-encoded public key
rsakey = RSAPublicKey.load_pkcs1_openssl_pem(keyfile=key_text)
elif "BEGIN RSA PUBLIC KEY" in key_text:
# Loads a PKCS#1.5 PEM-encoded public key
rsakey = RSAPublicKey.load_pkcs1(keyfile=key_text,
format='PEM')
else:
# Unable to identify the key type
self.secure_token_cacher.flush(app_uuid)
raise UnableToAuthenticateError(
"Unable to identify Public Key type from Signature")
padded = rsakey.public_decrypt(signature)
signature_hash = rsakey.unpad_message(padded)
except ValueError as exc:
self.secure_token_cacher.flush(app_uuid)
# importKey raises
raise InauthenticError("Public key decryption of signature "
"failed!: {}".format(exc))
if not expected.matches(signature_hash):
raise InauthenticError(
"Signature verification failed for {}".format(
request.__class__.__name__))
return True