Merge branch 'additional-key-tests'

fulder · fulder · commit 3ec216ee56d9 · 2020-08-25T17:25:59.000+02:00
diff --git a/httpsig/tests/rsa_private_2.pem b/httpsig/tests/rsa_private_2.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEA42O9foFVWSgIjh+uUn3Up2hF54tbv48deni0ju+kFqYJVzxw
+G23fFSplbhUzL1eilBLRQWC18fGKe1Ae28mgfvtjHM+oN3omuKZMyqzTppOQKMt8
+GifGiX9mzdaOhYDozkER16b4UptFuUYYeOZR397jpvQD485YZ/bQoZRoBe641HWe
+MeryU/4ByIFnJXLnezURe+SbIlQWmt87FPrTVAuCMFP9IlN8fGBZ5DOeudkrW/vd
+Hkh9MG+CGjiNAFDgko0zJr24YS0KotCGA8g/0ARs5KWnIRpiAkvJD9WrLORfLeM/
+3GDWVO9bg4bDjh53ktSmMegUlXZEU4mYtMSorwIDAQABAoIBAQCMQbFYnp3uaGse
+fxwfdc39lKvJroPhHH2qVVnJ8Lbd4XxRes4LnTHE9GmsBReVVBDMFO9NzEFuAvbQ
+KRNfrnZ43Ma9trijv4yyyKEFQqUqUkrRXvIlj/M+TH805+rxHhp7XleLFUqGaZAQ
+P9RIfohx9iGlkU307gpJ1kvJ3qhrPzLM1oaMIGzB26LnUeiFRx2nhi2mMv/wqkhm
+muZ+vFLABJQu+CLDAz112EwkjLyhzv+aGVEdpNU6jVeG7ej9Bxm5chau9SIWj4Sg
+Eg6Jq/YswQ1QFb/RBoNuftr7Pr8x+DnOx0AW4P/nrqsVvmCf2QKhHE+bB01IvMn9
+F8Ss97DBAoGBAPK0QcOGwLYTYkzcRSuA4RWlUq9huQ96Ssy3y5vwgrzosfV1T9Y/
+yF6vwijZeTV/B/Ew/pBcRPgEl1exNibByg0qPApfL9V9xv+oMjEZr5WQoeQhff8D
+hpeP1znbNZKaJzFAAHE1p8mAmSPjggKd+M1F/zH86sads2istp7kE5oNAoGBAO/Y
+tW259w9mtEx82Pw3zGsMhn+ca6Vetn+igthhmfjBBm+TrKVe1RTTN+Pz7JxOp3jU
+wVhdw8Sa7pigMpSVDvcSHXt0cVs9d5pOoEQFInGnC9Y4A9auvL+5uT/AspKQqlwJ
+8lE4ugU5xelfnd4UnTbTZsA0pEmpRWYz9cUleUqrAoGBAJb3MtTpc+ONiR6gANJ/
+lwJ81ELNOWx8OBzA0oCMCPZyk4dH0kJFaGAlWVNJetCg1JLdU+r9ydSwHmdojnNr
+JUAtHi2hacKVOvv5ZkcOYB5bWafqgVHnooeR7GFLjjZDds92rQ++PUDkod0l/c+c
+7Y7Z1FQGqw6iN1+L1whcfCjdAoGALQwhv1MfQQhEMt18D5sXTL/UfyFM4olwc3Z9
+ZtCmD5+Jaulskr7F/JxTMgA9X3oyYDJtggBSZZnH2Gi2N0vrvKHtYaOUKtPXo+bC
+mSPxvTDnuztYFTlKgCQM1BmIMJj1NkYz+edSoOqh7lwkFXL/uC1qbg01EhS10SVP
+MtD///MCgYEA4dMkdsM4pDauvHsfiGH0kuSV8doWpyZIcRXpZk5aSVKxQY1X0RXu
+ra38P+PzSfAx1Wpo1tU5k+I0aRKImZv7EB7gwrsGnpFoDL5VzTfJrZh8u9TKrqaz
+RuPfYlljHQ7GXO528c6ePdaaDCwNvtqAXRPm0AFiemaQP5s5cc2u2l8=
+-----END RSA PRIVATE KEY-----
diff --git a/httpsig/tests/rsa_public_2.pem b/httpsig/tests/rsa_public_2.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA42O9foFVWSgIjh+uUn3U
+p2hF54tbv48deni0ju+kFqYJVzxwG23fFSplbhUzL1eilBLRQWC18fGKe1Ae28mg
+fvtjHM+oN3omuKZMyqzTppOQKMt8GifGiX9mzdaOhYDozkER16b4UptFuUYYeOZR
+397jpvQD485YZ/bQoZRoBe641HWeMeryU/4ByIFnJXLnezURe+SbIlQWmt87FPrT
+VAuCMFP9IlN8fGBZ5DOeudkrW/vdHkh9MG+CGjiNAFDgko0zJr24YS0KotCGA8g/
+0ARs5KWnIRpiAkvJD9WrLORfLeM/3GDWVO9bg4bDjh53ktSmMegUlXZEU4mYtMSo
+rwIDAQAB
+-----END PUBLIC KEY-----
diff --git a/httpsig/tests/test_signature.py b/httpsig/tests/test_signature.py
@@ -35,6 +35,11 @@ def setUp(self):
         with open(self.key_path_1024, 'rb') as f:
             self.key_1024 = f.read()
 
+        self.other_key_path = os.path.join(
+            os.path.dirname(__file__), 'rsa_private_2.pem')
+        with open(self.other_key_path, 'rb') as f:
+            self.other_key = f.read()
+
     def test_default(self):
         hs = sign.HeaderSigner(key_id='Test', secret=self.key_2048, sign_algorithm=PSS(hash_algorithm="sha512", salt_length=0))
         unsigned = {
@@ -53,6 +58,25 @@ def test_default(self):
         self.assertEqual(params['algorithm'], 'hs2019')
         self.assertEqual(params['signature'], 'T8+Cj3Zp2cBDm2r8/loPgfHUSSFXXyZJNxxbNx1NvKVz/r5T4z6pVxhl9rqk8WfYHMdlh2aT5hCrYKvhs88Jy0DDmeUP4nELWRsO1BF0oAqHfcrbEikZQL7jA6z0guVaLr0S5QRGmd1K5HUEkP/vYEOns+FRL+JrFG4dNJNESvG5iyKUoaXfoZCFdqtzLlIteEAL7dW/kaX/dE116wfpbem1eCABuGopRhuFtjqLKVjuUVwyP/zSYTqd9j+gDhinkAifTJPxbGMh0b5LZdNCqw5irT9NkTcTFRXDp8ioX8r805Z9QhjT7H+rSo350U2LsAFoQ9ttryPBOoMPCiQTlw==')  # noqa: E501
 
+    def test_other_default(self):
+        hs = sign.HeaderSigner(key_id='Test', secret=self.other_key)
+        unsigned = {
+            'Date': self.header_date
+        }
+        signed = hs.sign(unsigned)
+        self.assertIn('Date', signed)
+        self.assertEqual(unsigned['Date'], signed['Date'])
+        self.assertIn('Authorization', signed)
+        auth = parse_authorization_header(signed['authorization'])
+        params = auth[1]
+        self.assertIn('keyId', params)
+        self.assertIn('algorithm', params)
+        self.assertIn('signature', params)
+        self.assertEqual(params['keyId'], 'Test')
+        self.assertEqual(params['algorithm'], 'rsa-sha256')
+        self.assertEqual(params['signature'],
+                         'GY3Yyuj92xScIb2QbDUWxIW/fg7ZP8rxURltbpouTGxTo+ZRDHO9BbfN6YQeP1Z0VJBEA0dgynuzQs2bVBJavTcoEgvttzznAIj9ypfI6n35Uzeid+9gepa0pfBom6qnoNbblMNsHt7hXBfrpe5EwfEKmpqZgivjJZ53p9gD1NAhlioty/m1MFu1J5wEjpgX466R2PmR10yl22rMcv3mbEPV5ijqLTViDW18DchLyHR+fItzRtor2yLv7QgBSw+gVJu0dVeKeL9kwPxsaurzODgYsFsjZOJvuP9nKPJOdH3PI6eDhpfwjmwhjbSTte3bjkbw0w5tlWuA8m5l1gzyBQ==')
+
     def test_basic(self):
         hs = sign.HeaderSigner(key_id='Test', secret=self.key_2048, sign_algorithm=PSS(salt_length=0), headers=[
             '(request-target)',
diff --git a/httpsig/tests/test_verify.py b/httpsig/tests/test_verify.py
@@ -7,6 +7,7 @@
 from httpsig.sign_algorithms import PSS
 from httpsig.verify import HeaderVerifier, Verifier
 
+
 sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..'))
 
 
@@ -242,3 +243,73 @@ def setUp(self):
         self.sign_secret = private_key
         self.verify_secret = public_key
         self.sign_algorithm = PSS(salt_length=0)
+
+
+class TestSignAndVerify(unittest.TestCase):
+    header_date = 'Thu, 05 Jan 2014 21:31:40 GMT'
+    sign_header = 'authorization'
+
+    def setUp(self):
+        with open(os.path.join(os.path.dirname(__file__), 'rsa_private.pem'), 'rb') as f:
+            self.private_key = f.read()
+
+        with open(os.path.join(os.path.dirname(__file__), 'rsa_public.pem'), 'rb') as f:
+            self.public_key = f.read()
+
+        with open(os.path.join(os.path.dirname(__file__), 'rsa_private_2.pem'), 'rb') as f:
+            self.other_private_key = f.read()
+
+        with open(os.path.join(os.path.dirname(__file__), 'rsa_public_2.pem'), 'rb') as f:
+            self.other_public_key = f.read()
+
+    def test_default(self):
+        unsigned = {
+            'Date': self.header_date
+        }
+
+        hs = HeaderSigner(
+            key_id="Test", secret=self.private_key, algorithm='rsa-sha1',
+            sign_header=self.sign_header)
+        signed = hs.sign(unsigned)
+        hv = HeaderVerifier(
+            headers=signed, secret=self.public_key, sign_header=self.sign_header)
+        self.assertTrue(hv.verify())
+
+    def test_other_default(self):
+        unsigned = {
+            'Date': self.header_date
+        }
+
+        hs = HeaderSigner(
+            key_id="Test", secret=self.other_private_key, algorithm='rsa-sha256',
+            sign_header=self.sign_header)
+        signed = hs.sign(unsigned)
+        hv = HeaderVerifier(
+            headers=signed, secret=self.other_public_key, sign_header=self.sign_header)
+        self.assertTrue(hv.verify())
+
+    def test_mix_default_1_256(self):
+        unsigned = {
+            'Date': self.header_date
+        }
+
+        hs = HeaderSigner(
+            key_id="Test", secret=self.private_key, algorithm='rsa-sha1',
+            sign_header=self.sign_header)
+        signed = hs.sign(unsigned)
+        hv = HeaderVerifier(
+            headers=signed, secret=self.other_public_key, sign_header=self.sign_header)
+        self.assertFalse(hv.verify())
+
+    def test_mix_default_256_1(self):
+        unsigned = {
+            'Date': self.header_date
+        }
+
+        hs = HeaderSigner(
+            key_id="Test", secret=self.other_private_key, algorithm='rsa-sha256',
+            sign_header=self.sign_header)
+        signed = hs.sign(unsigned)
+        hv = HeaderVerifier(
+            headers=signed, secret=self.public_key, sign_header=self.sign_header)
+        self.assertFalse(hv.verify())
