diff options
Diffstat (limited to 'core')
-rw-r--r-- | core/tests/__init__.py | 0 | ||||
-rw-r--r-- | core/tests/conftest.py | 9 | ||||
-rw-r--r-- | core/tests/test_signatures.py | 156 |
3 files changed, 0 insertions, 165 deletions
diff --git a/core/tests/__init__.py b/core/tests/__init__.py deleted file mode 100644 index e69de29..0000000 --- a/core/tests/__init__.py +++ /dev/null diff --git a/core/tests/conftest.py b/core/tests/conftest.py deleted file mode 100644 index ab8d6ea..0000000 --- a/core/tests/conftest.py +++ /dev/null @@ -1,9 +0,0 @@ -import pytest -from pyld import jsonld - -from core.ld import builtin_document_loader - - -@pytest.fixture(scope="session", autouse=True) -def ldloader(): - jsonld.set_document_loader(builtin_document_loader) diff --git a/core/tests/test_signatures.py b/core/tests/test_signatures.py deleted file mode 100644 index 2d480b7..0000000 --- a/core/tests/test_signatures.py +++ /dev/null @@ -1,156 +0,0 @@ -import pytest -from asgiref.sync import async_to_sync -from django.test.client import RequestFactory -from pytest_httpx import HTTPXMock - -from core.signatures import HttpSignature, LDSignature, VerificationError - -# Our testing-only keypair -private_key = """-----BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCzNJa9JIxQpOtQ -z8UQKXDPREF9DyBliGu3uPWo6DMnkOm7hoh2+nOryrWDqWOFaVK//n7kltHXUEbm -U3exh0/0iWfzx2AbNrI04csAvW/hRvHbHBnVTotSxzqTd3ESkpcSW4xVuz9aCcFR -kW3unSCO3fF0Lh8Jsy9N/CT6oTnwG+ZpeGvHVbh9xfR5Ww6zA7z8A6B17hbzdMd/ -3qUPijyIb5se4cWVtGg/ZJ0X1syn9u9kpwUjhHlyWH/esMRHxPuW49BPZPhhKs1+ -t//4xgZcRX515qFqPS2EtYgZAfh7M3TRv8uCSzL4TT+8ka9IUwKdV6TFaqH27bAG -KyJQfGaTAgMBAAECggEALZY5qFjlRtiFMfQApdlc5KTw4d7Yt2tqN3zaJUMYTD7d -boJNMbMJfNCetyT+d6Aw2D1ly0GglNzLhGkEQElzKfpQUt/Lj3CtCa3Mpd4K2Wxi -NwJhgfUulPqwaHYQchCPVLCsNNziw0VLA7Rymionb6B+/TaEV8PYy0ZSo90ir3UD -CL5t+IWgIPiy6pk1wGOmeB+tU4+V7/hFel+vPFNahafqVhLE311dfx2aOfweAEfN -e4JoPeJP1/fB+BVZMyVSAraKz6wheymBBNKKn/vpFsdd6it2AP4UZeFp6ma9wT9t -nk65IpHg1MBxazQd7621GrPH+ZnhMg62H/FEj6rIDQKBgQC1w1fEbk+zjI54DXU8 -FAe5cJbZS89fMP5CtzlWKzTzfdaavT+5cUYp3XAv37tSGsqYAXxY+4bHGa+qdCQO -I41cmylWGNX2e29/p2BspDPM6YQ0Z21MxFRBTWvHFrhd0bF1cXKBKPttdkKvzOEP -6uNy+/QtRNn9xF/ZjaMHcyPPTQKBgQD8ZdOmZ3TMsYJchAjjseN8S+Objw2oZzmK -6I1ULJBz3DWiyCUfir+pMjSH4fsAf9zrHkiM7xUgMByTukVRt16BrT7TlEBanAxc -/AKdNB3f0pza829LCz1lMAUn+ngZLTmRR+1rQFXqTjhB+0peJzKiMli+9BBhL9Ry -jMeTuLHdXwKBgGiz9kL5KIBNX2RYnEfXYfu4l6zktrgnCNB1q1mv2fjJbG4GxkaU -sc47+Pwa7VUGid22PWMkwSa/7SlLbdmXMT8/QjiOZfJueHQYfrsWe6B2g+mMCrJG -BiL37jXpKJsiyA7XIxaz/OG5VgDfDGaW8B60dJv/JXPBQ1WW+Wq5MM+hAoGAAUdS -xykHAnJzwpw4n06rZFnOEV+sJgo/1GBRNvfy02NuMiDpbzt4tRa4BWgzqVD8gYRp -wa0EYmFcA7OR3lQbenSyOMgre0oHFgGA0eMNs7CRctqA2dR4vyZ7IDS4nwgHnqDK -pxxwUvuKdWsceVWhgAjZQj5iRtvDK8Fi0XDCFekCgYALTU1v5iMIpaRAe+eyA2B1 -42qm4B/uhXznvOu2YXU6iJFmMgHGYgpa+Dq8uUjKtpn/LIFeX1KN0hH8z/0LW3gB -e7tN7taW0oLK3RQcEMfkZ7diE9x3LGqo/xMxsZMtxAr88p5eMEU/nxxznOqq+W9b -qxRbXYzEtHz+cW9+FZkyVw== ------END PRIVATE KEY-----""" - -public_key = """-----BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszSWvSSMUKTrUM/FEClw -z0RBfQ8gZYhrt7j1qOgzJ5Dpu4aIdvpzq8q1g6ljhWlSv/5+5JbR11BG5lN3sYdP -9Iln88dgGzayNOHLAL1v4Ubx2xwZ1U6LUsc6k3dxEpKXEluMVbs/WgnBUZFt7p0g -jt3xdC4fCbMvTfwk+qE58BvmaXhrx1W4fcX0eVsOswO8/AOgde4W83THf96lD4o8 -iG+bHuHFlbRoP2SdF9bMp/bvZKcFI4R5clh/3rDER8T7luPQT2T4YSrNfrf/+MYG -XEV+deahaj0thLWIGQH4ezN00b/Lgksy+E0/vJGvSFMCnVekxWqh9u2wBisiUHxm -kwIDAQAB ------END PUBLIC KEY-----""" - -public_key_id = "https://example.com/test-actor#test-key" - - -def test_sign_ld(): - """ - Tests signing JSON-LD documents by round-tripping them through the - verifier. - """ - # Create the signature - document = { - "id": "https://example.com/test-create", - "type": "Create", - "actor": "https://example.com/test-actor", - "object": { - "id": "https://example.com/test-object", - "type": "Note", - }, - } - signature_section = LDSignature.create_signature( - document, - private_key, - public_key_id, - ) - # Check it and assign it to the document - assert "signatureValue" in signature_section - assert signature_section["type"] == "RsaSignature2017" - document["signature"] = signature_section - # Now verify it ourselves - LDSignature.verify_signature(document, public_key) - - -def test_verifying_ld(): - """ - Tests verifying JSON-LD signatures from a known-good document - """ - document = { - "id": "https://example.com/test-create", - "type": "Create", - "actor": "https://example.com/test-actor", - "object": {"id": "https://example.com/test-object", "type": "Note"}, - "signature": { - "@context": "https://w3id.org/identity/v1", - "creator": "https://example.com/test-actor#test-key", - "created": "2022-11-12T21:41:47Z", - "signatureValue": "nTHfkHqG4hegfnjpHucXtXDLDaIKi2Duk+NeCzqTtkjf4NneXsofbZY2tGew4uAooEe1UeM23PIyjWYnR16KwcD4YY8nMj8L3xY2czwQPScMM9n+KhSHzkWfX+iI4FWKbjpPI8M53EtTRJU+1qEjjmGUx03Ip0vfvT5821etIgvY4wLNhg3y7R8fevnNux+BeytcEV6gM4awJJ6RK0xrWGLyTgDNon5V5aNUjwcV/UVPy9UAQi1KYWtA74/F0Y4oPzL5CTudPpyiViyVHZQaal4r+ExzgSvGztqKxQeT1ya6gLXxbm1YQ+8UiGVSS8zoGhMFDEZWVsRPv7e0jm5wfA==", - "type": "RsaSignature2017", - }, - } - # Ensure it verifies with correct data - LDSignature.verify_signature(document, public_key) - # Mutate it slightly and ensure it does not verify - with pytest.raises(VerificationError): - document["actor"] = "https://example.com/evil-actor" - LDSignature.verify_signature(document, public_key) - - -def test_sign_http(httpx_mock: HTTPXMock): - """ - Tests signing HTTP requests by round-tripping them through our verifier - """ - # Create document - document = { - "id": "https://example.com/test-create", - "type": "Create", - "actor": "https://example.com/test-actor", - "object": { - "id": "https://example.com/test-object", - "type": "Note", - }, - } - # Send the signed request to the mock library - httpx_mock.add_response() - async_to_sync(HttpSignature.signed_request)( - uri="https://example.com/test-actor", - body=document, - private_key=private_key, - key_id=public_key_id, - ) - # Retrieve it and construct a fake request object - outbound_request = httpx_mock.get_request() - fake_request = RequestFactory().post( - path="/test-actor", - data=outbound_request.content, - content_type=outbound_request.headers["content-type"], - HTTP_HOST="example.com", - HTTP_DATE=outbound_request.headers["date"], - HTTP_SIGNATURE=outbound_request.headers["signature"], - HTTP_DIGEST=outbound_request.headers["digest"], - ) - # Verify that - HttpSignature.verify_request(fake_request, public_key) - - -def test_verify_http(): - """ - Tests verifying HTTP requests against a known good example - """ - # Make our predictable request - fake_request = RequestFactory().post( - path="/test-actor", - data=b'{"id": "https://example.com/test-create", "type": "Create", "actor": "https://example.com/test-actor", "object": {"id": "https://example.com/test-object", "type": "Note"}}', - content_type="application/json", - HTTP_HOST="example.com", - HTTP_DATE="Sat, 12 Nov 2022 21:57:18 GMT", - HTTP_SIGNATURE='keyId="https://example.com/test-actor#test-key",headers="(request-target) host date digest content-type",signature="IRduYoDJIh90mprjUgOIdxY1iaBWHs5ou9vsDlcmSekg6DXMZTiXjmZxbNIrnpEbNFu3wTcqz1nv9H97Gp7orbYMuHm6j2ecxsvzSr37T9jxBbt3Ov3xSfuYWwhv6PuTWNxHtUQWNuAIc3wHDAQt8Flnak/uHe7swoAq4uHq2kt18iMW6CEV9XA5ESFho2HSUgRaifoNxJlIWbHYPJiP0t9aktgGBkpQoZ8ulOj3Ew4RwC1lwk9kzWiLIjU4tSAie8RbIy2g0aUvA1tQh9Uge1by3o7+349SL5iooj+B6WSCEvvjEl52wo3xoEQmv0ptYuSPLUgB9tP8q7DoHEc8Dw==",algorithm="rsa-sha256"', - HTTP_DIGEST="SHA-256=07sIbQ3GlOHWMbFMNajtPNtmUQXXu20UuvrIYLlI3kc=", - ) - # Verify that - HttpSignature.verify_request(fake_request, public_key, skip_date=True) |