diff options
| author | Steven Hardy <shardy@redhat.com> | 2013-04-03 17:14:30 +0100 |
|---|---|---|
| committer | Steven Hardy <shardy@redhat.com> | 2013-04-09 09:41:58 +0100 |
| commit | 5c37d85944d9eed73ec6dd6254842108386bcc4f (patch) | |
| tree | 84e1327d5c680eb8070a1df327c261ecbc11168c /tests/test_ec2utils.py | |
| parent | b7adf5b96b9f749f2f16ccdf4b9cae40f8e76b7b (diff) | |
| download | python-keystoneclient-5c37d85944d9eed73ec6dd6254842108386bcc4f.tar.gz | |
Ec2Signer: Initial support for v4 signature verification
Adds initial support for verifying AWS v4 signatures, tested with
the latest boto trunk (which now uses v4 signatures by default)
Change-Id: Id163363e259cf08aa251a7a00ff4293b742cbef6
blueprint: ec2signer-v4signatures
Diffstat (limited to 'tests/test_ec2utils.py')
| -rw-r--r-- | tests/test_ec2utils.py | 72 |
1 files changed, 70 insertions, 2 deletions
diff --git a/tests/test_ec2utils.py b/tests/test_ec2utils.py index b0bd4df..a3c36fa 100644 --- a/tests/test_ec2utils.py +++ b/tests/test_ec2utils.py @@ -27,6 +27,36 @@ class Ec2SignerTest(testtools.TestCase): self.secret = '89cdf9e94e2643cab35b8b8ac5a51f83' self.signer = Ec2Signer(self.secret) + def tearDown(self): + super(Ec2SignerTest, self).tearDown() + + def test_v4_creds_header(self): + auth_str = 'AWS4-HMAC-SHA256 blah' + credentials = {'host': '127.0.0.1', + 'verb': 'GET', + 'path': '/v1/', + 'params': {}, + 'headers': {'Authorization': auth_str}} + self.assertTrue(self.signer._v4_creds(credentials)) + + def test_v4_creds_param(self): + credentials = {'host': '127.0.0.1', + 'verb': 'GET', + 'path': '/v1/', + 'params': {'X-Amz-Algorithm': 'AWS4-HMAC-SHA256'}, + 'headers': {}} + self.assertTrue(self.signer._v4_creds(credentials)) + + def test_v4_creds_false(self): + credentials = {'host': '127.0.0.1', + 'verb': 'GET', + 'path': '/v1/', + 'params': {'SignatureVersion': '0', + 'AWSAccessKeyId': self.access, + 'Timestamp': '2012-11-27T11:47:02Z', + 'Action': 'Foo'}} + self.assertFalse(self.signer._v4_creds(credentials)) + def test_generate_0(self): """Test generate function for v0 signature""" credentials = {'host': '127.0.0.1', @@ -40,8 +70,6 @@ class Ec2SignerTest(testtools.TestCase): expected = 'SmXQEZAUdQw5glv5mX8mmixBtas=' self.assertEqual(signature, expected) - pass - def test_generate_1(self): """Test generate function for v1 signature""" credentials = {'host': '127.0.0.1', @@ -75,3 +103,43 @@ class Ec2SignerTest(testtools.TestCase): signature = self.signer.generate(credentials) expected = 'ZqCxMI4ZtTXWI175743mJ0hy/Gc=' self.assertEqual(signature, expected) + + def test_generate_v4(self): + """ + Test v4 generator with data from AWS docs example, see: + http://docs.aws.amazon.com/general/latest/gr/ + sigv4-create-canonical-request.html + and + http://docs.aws.amazon.com/general/latest/gr/ + sigv4-signed-request-examples.html + """ + # Create a new signer object with the AWS example key + secret = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY' + signer = Ec2Signer(secret) + + body_hash = ('b6359072c78d70ebee1e81adcbab4f0' + '1bf2c23245fa365ef83fe8f1f955085e2') + auth_str = ('AWS4-HMAC-SHA256 ' + 'Credential=AKIAIOSFODNN7EXAMPLE/20110909/' + 'us-east-1/iam/aws4_request,' + 'SignedHeaders=content-type;host;x-amz-date,') + headers = {'Content-type': + 'application/x-www-form-urlencoded; charset=utf-8', + 'X-Amz-Date': '20110909T233600Z', + 'Host': 'iam.amazonaws.com', + 'Authorization': auth_str} + # Note the example in the AWS docs is inconsistent, previous + # examples specify no query string, but the final POST example + # does, apparently incorrectly since an empty parameter list + # aligns all steps and the final signature with the examples + params = {} + credentials = {'host': 'iam.amazonaws.com', + 'verb': 'POST', + 'path': '/', + 'params': params, + 'headers': headers, + 'body_hash': body_hash} + signature = signer.generate(credentials) + expected = ('ced6826de92d2bdeed8f846f0bf508e8' + '559e98e4b0199114b84c54174deb456c') + self.assertEqual(signature, expected) |