1
# vim: tabstop=4 shiftwidth=4 softtabstop=4
3
# Copyright 2012 OpenStack Foundation
5
# Licensed under the Apache License, Version 2.0 (the "License"); you may
6
# not use this file except in compliance with the License. You may obtain
7
# a copy of the License at
9
# http://www.apache.org/licenses/LICENSE-2.0
11
# Unless required by applicable law or agreed to in writing, software
12
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
13
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
14
# License for the specific language governing permissions and limitations
17
from __future__ import unicode_literals
21
from keystoneclient.contrib.ec2 import utils
24
class Ec2SignerTest(testtools.TestCase):
27
super(Ec2SignerTest, self).setUp()
28
self.access = '966afbde20b84200ae4e62e09acf46b2'
29
self.secret = '89cdf9e94e2643cab35b8b8ac5a51f83'
30
self.signer = utils.Ec2Signer(self.secret)
33
super(Ec2SignerTest, self).tearDown()
35
def test_v4_creds_header(self):
36
auth_str = 'AWS4-HMAC-SHA256 blah'
37
credentials = {'host': '127.0.0.1',
41
'headers': {'Authorization': auth_str}}
42
self.assertTrue(self.signer._v4_creds(credentials))
44
def test_v4_creds_param(self):
45
credentials = {'host': '127.0.0.1',
48
'params': {'X-Amz-Algorithm': 'AWS4-HMAC-SHA256'},
50
self.assertTrue(self.signer._v4_creds(credentials))
52
def test_v4_creds_false(self):
53
credentials = {'host': '127.0.0.1',
56
'params': {'SignatureVersion': '0',
57
'AWSAccessKeyId': self.access,
58
'Timestamp': '2012-11-27T11:47:02Z',
60
self.assertFalse(self.signer._v4_creds(credentials))
62
def test_generate_0(self):
63
"""Test generate function for v0 signature."""
64
credentials = {'host': '127.0.0.1',
67
'params': {'SignatureVersion': '0',
68
'AWSAccessKeyId': self.access,
69
'Timestamp': '2012-11-27T11:47:02Z',
71
signature = self.signer.generate(credentials)
72
expected = 'SmXQEZAUdQw5glv5mX8mmixBtas='
73
self.assertEqual(signature, expected)
75
def test_generate_1(self):
76
"""Test generate function for v1 signature."""
77
credentials = {'host': '127.0.0.1',
80
'params': {'SignatureVersion': '1',
81
'AWSAccessKeyId': self.access}}
82
signature = self.signer.generate(credentials)
83
expected = 'VRnoQH/EhVTTLhwRLfuL7jmFW9c='
84
self.assertEqual(signature, expected)
86
def test_generate_v2_SHA256(self):
87
"""Test generate function for v2 signature, SHA256."""
88
credentials = {'host': '127.0.0.1',
91
'params': {'SignatureVersion': '2',
92
'AWSAccessKeyId': self.access}}
93
signature = self.signer.generate(credentials)
94
expected = 'odsGmT811GffUO0Eu13Pq+xTzKNIjJ6NhgZU74tYX/w='
95
self.assertEqual(signature, expected)
97
def test_generate_v2_SHA1(self):
98
"""Test generate function for v2 signature, SHA1."""
99
credentials = {'host': '127.0.0.1',
102
'params': {'SignatureVersion': '2',
103
'AWSAccessKeyId': self.access}}
104
self.signer.hmac_256 = None
105
signature = self.signer.generate(credentials)
106
expected = 'ZqCxMI4ZtTXWI175743mJ0hy/Gc='
107
self.assertEqual(signature, expected)
109
def test_generate_v4(self):
110
"""Test v4 generator with data from AWS docs example.
113
http://docs.aws.amazon.com/general/latest/gr/
114
sigv4-create-canonical-request.html
116
http://docs.aws.amazon.com/general/latest/gr/
117
sigv4-signed-request-examples.html
119
# Create a new signer object with the AWS example key
120
secret = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
121
signer = utils.Ec2Signer(secret)
123
body_hash = ('b6359072c78d70ebee1e81adcbab4f0'
124
'1bf2c23245fa365ef83fe8f1f955085e2')
125
auth_str = ('AWS4-HMAC-SHA256 '
126
'Credential=AKIAIOSFODNN7EXAMPLE/20110909/'
127
'us-east-1/iam/aws4_request,'
128
'SignedHeaders=content-type;host;x-amz-date,')
129
headers = {'Content-type':
130
'application/x-www-form-urlencoded; charset=utf-8',
131
'X-Amz-Date': '20110909T233600Z',
132
'Host': 'iam.amazonaws.com',
133
'Authorization': auth_str}
134
# Note the example in the AWS docs is inconsistent, previous
135
# examples specify no query string, but the final POST example
136
# does, apparently incorrectly since an empty parameter list
137
# aligns all steps and the final signature with the examples
139
credentials = {'host': 'iam.amazonaws.com',
144
'body_hash': body_hash}
145
signature = signer.generate(credentials)
146
expected = ('ced6826de92d2bdeed8f846f0bf508e8'
147
'559e98e4b0199114b84c54174deb456c')
148
self.assertEqual(signature, expected)
150
def test_generate_v4_port(self):
151
"""Test v4 generator with host:port format."""
152
# Create a new signer object with the AWS example key
153
secret = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
154
signer = utils.Ec2Signer(secret)
156
body_hash = ('b6359072c78d70ebee1e81adcbab4f0'
157
'1bf2c23245fa365ef83fe8f1f955085e2')
158
auth_str = ('AWS4-HMAC-SHA256 '
159
'Credential=AKIAIOSFODNN7EXAMPLE/20110909/'
160
'us-east-1/iam/aws4_request,'
161
'SignedHeaders=content-type;host;x-amz-date,')
162
headers = {'Content-type':
163
'application/x-www-form-urlencoded; charset=utf-8',
164
'X-Amz-Date': '20110909T233600Z',
166
'Authorization': auth_str}
167
# Note the example in the AWS docs is inconsistent, previous
168
# examples specify no query string, but the final POST example
169
# does, apparently incorrectly since an empty parameter list
170
# aligns all steps and the final signature with the examples
172
credentials = {'host': 'foo:8000',
177
'body_hash': body_hash}
178
signature = signer.generate(credentials)
180
expected = ('26dd92ea79aaa49f533d13b1055acdc'
181
'd7d7321460d64621f96cc79c4f4d4ab2b')
182
self.assertEqual(signature, expected)
184
def test_generate_v4_port_strip(self):
185
"""Test v4 generator with host:port format, but for an old
186
(<2.9.3) version of boto, where the port should be stripped
187
to match boto behavior.
189
# Create a new signer object with the AWS example key
190
secret = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
191
signer = utils.Ec2Signer(secret)
193
body_hash = ('b6359072c78d70ebee1e81adcbab4f0'
194
'1bf2c23245fa365ef83fe8f1f955085e2')
195
auth_str = ('AWS4-HMAC-SHA256 '
196
'Credential=AKIAIOSFODNN7EXAMPLE/20110909/'
197
'us-east-1/iam/aws4_request,'
198
'SignedHeaders=content-type;host;x-amz-date,')
199
headers = {'Content-type':
200
'application/x-www-form-urlencoded; charset=utf-8',
201
'X-Amz-Date': '20110909T233600Z',
203
'Authorization': auth_str,
204
'User-Agent': 'Boto/2.9.2 (linux2)'}
205
# Note the example in the AWS docs is inconsistent, previous
206
# examples specify no query string, but the final POST example
207
# does, apparently incorrectly since an empty parameter list
208
# aligns all steps and the final signature with the examples
210
credentials = {'host': 'foo:8000',
215
'body_hash': body_hash}
216
signature = signer.generate(credentials)
218
expected = ('9a4b2276a5039ada3b90f72ea8ec1745'
219
'14b92b909fb106b22ad910c5d75a54f4')
220
self.assertEqual(expected, signature)
222
def test_generate_v4_port_nostrip(self):
223
"""Test v4 generator with host:port format, but for an new
224
(>=2.9.3) version of boto, where the port should not be stripped.
226
# Create a new signer object with the AWS example key
227
secret = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
228
signer = utils.Ec2Signer(secret)
230
body_hash = ('b6359072c78d70ebee1e81adcbab4f0'
231
'1bf2c23245fa365ef83fe8f1f955085e2')
232
auth_str = ('AWS4-HMAC-SHA256 '
233
'Credential=AKIAIOSFODNN7EXAMPLE/20110909/'
234
'us-east-1/iam/aws4_request,'
235
'SignedHeaders=content-type;host;x-amz-date,')
236
headers = {'Content-type':
237
'application/x-www-form-urlencoded; charset=utf-8',
238
'X-Amz-Date': '20110909T233600Z',
240
'Authorization': auth_str,
241
'User-Agent': 'Boto/2.9.3 (linux2)'}
242
# Note the example in the AWS docs is inconsistent, previous
243
# examples specify no query string, but the final POST example
244
# does, apparently incorrectly since an empty parameter list
245
# aligns all steps and the final signature with the examples
247
credentials = {'host': 'foo:8000',
252
'body_hash': body_hash}
253
signature = signer.generate(credentials)
255
expected = ('26dd92ea79aaa49f533d13b1055acdc'
256
'd7d7321460d64621f96cc79c4f4d4ab2b')
257
self.assertEqual(expected, signature)