You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

184 lines
7.3 KiB

# Copyright 2016 Google Inc. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""Unit tests for oauth2client._pure_python_crypt."""
import os
import mock
from pyasn1_modules import pem
import rsa
import six
import unittest2
from oauth2client import _helpers
from oauth2client import _pure_python_crypt
from oauth2client import crypt
class TestRsaVerifier(unittest2.TestCase):
PUBLIC_KEY_FILENAME = os.path.join(os.path.dirname(__file__),
'data', 'privatekey.pub')
PUBLIC_CERT_FILENAME = os.path.join(os.path.dirname(__file__),
'data', 'public_cert.pem')
PRIVATE_KEY_FILENAME = os.path.join(os.path.dirname(__file__),
'data', 'privatekey.pem')
def _load_public_key_bytes(self):
with open(self.PUBLIC_KEY_FILENAME, 'rb') as fh:
return fh.read()
def _load_public_cert_bytes(self):
with open(self.PUBLIC_CERT_FILENAME, 'rb') as fh:
return fh.read()
def _load_private_key_bytes(self):
with open(self.PRIVATE_KEY_FILENAME, 'rb') as fh:
return fh.read()
def test_verify_success(self):
to_sign = b'foo'
signer = crypt.RsaSigner.from_string(self._load_private_key_bytes())
actual_signature = signer.sign(to_sign)
verifier = crypt.RsaVerifier.from_string(
self._load_public_key_bytes(), is_x509_cert=False)
self.assertTrue(verifier.verify(to_sign, actual_signature))
def test_verify_unicode_success(self):
to_sign = u'foo'
signer = crypt.RsaSigner.from_string(self._load_private_key_bytes())
actual_signature = signer.sign(to_sign)
verifier = crypt.RsaVerifier.from_string(
self._load_public_key_bytes(), is_x509_cert=False)
self.assertTrue(verifier.verify(to_sign, actual_signature))
def test_verify_failure(self):
verifier = crypt.RsaVerifier.from_string(
self._load_public_key_bytes(), is_x509_cert=False)
bad_signature1 = b''
self.assertFalse(verifier.verify(b'foo', bad_signature1))
bad_signature2 = b'a'
self.assertFalse(verifier.verify(b'foo', bad_signature2))
def test_from_string_pub_key(self):
public_key = self._load_public_key_bytes()
verifier = crypt.RsaVerifier.from_string(
public_key, is_x509_cert=False)
self.assertIsInstance(verifier, crypt.RsaVerifier)
self.assertIsInstance(verifier._pubkey, rsa.key.PublicKey)
def test_from_string_pub_key_unicode(self):
public_key = _helpers._from_bytes(self._load_public_key_bytes())
verifier = crypt.RsaVerifier.from_string(
public_key, is_x509_cert=False)
self.assertIsInstance(verifier, crypt.RsaVerifier)
self.assertIsInstance(verifier._pubkey, rsa.key.PublicKey)
def test_from_string_pub_cert(self):
public_cert = self._load_public_cert_bytes()
verifier = crypt.RsaVerifier.from_string(
public_cert, is_x509_cert=True)
self.assertIsInstance(verifier, crypt.RsaVerifier)
self.assertIsInstance(verifier._pubkey, rsa.key.PublicKey)
def test_from_string_pub_cert_unicode(self):
public_cert = _helpers._from_bytes(self._load_public_cert_bytes())
verifier = crypt.RsaVerifier.from_string(
public_cert, is_x509_cert=True)
self.assertIsInstance(verifier, crypt.RsaVerifier)
self.assertIsInstance(verifier._pubkey, rsa.key.PublicKey)
def test_from_string_pub_cert_failure(self):
cert_bytes = self._load_public_cert_bytes()
true_der = rsa.pem.load_pem(cert_bytes, 'CERTIFICATE')
with mock.patch('rsa.pem.load_pem',
return_value=true_der + b'extra') as load_pem:
with self.assertRaises(ValueError):
crypt.RsaVerifier.from_string(cert_bytes, is_x509_cert=True)
load_pem.assert_called_once_with(cert_bytes, 'CERTIFICATE')
class TestRsaSigner(unittest2.TestCase):
PKCS1_KEY_FILENAME = os.path.join(os.path.dirname(__file__),
'data', 'privatekey.pem')
PKCS8_KEY_FILENAME = os.path.join(os.path.dirname(__file__),
'data', 'pem_from_pkcs12.pem')
PKCS12_KEY_FILENAME = os.path.join(os.path.dirname(__file__),
'data', 'privatekey.p12')
def _load_pkcs1_key_bytes(self):
with open(self.PKCS1_KEY_FILENAME, 'rb') as fh:
return fh.read()
def _load_pkcs8_key_bytes(self):
with open(self.PKCS8_KEY_FILENAME, 'rb') as fh:
return fh.read()
def _load_pkcs12_key_bytes(self):
with open(self.PKCS12_KEY_FILENAME, 'rb') as fh:
return fh.read()
def test_from_string_pkcs1(self):
key_bytes = self._load_pkcs1_key_bytes()
signer = crypt.RsaSigner.from_string(key_bytes)
self.assertIsInstance(signer, crypt.RsaSigner)
self.assertIsInstance(signer._key, rsa.key.PrivateKey)
def test_from_string_pkcs1_unicode(self):
key_bytes = _helpers._from_bytes(self._load_pkcs1_key_bytes())
signer = crypt.RsaSigner.from_string(key_bytes)
self.assertIsInstance(signer, crypt.RsaSigner)
self.assertIsInstance(signer._key, rsa.key.PrivateKey)
def test_from_string_pkcs8(self):
key_bytes = self._load_pkcs8_key_bytes()
signer = crypt.RsaSigner.from_string(key_bytes)
self.assertIsInstance(signer, crypt.RsaSigner)
self.assertIsInstance(signer._key, rsa.key.PrivateKey)
def test_from_string_pkcs8_extra_bytes(self):
key_bytes = self._load_pkcs8_key_bytes()
_, pem_bytes = pem.readPemBlocksFromFile(
six.StringIO(_helpers._from_bytes(key_bytes)),
_pure_python_crypt._PKCS8_MARKER)
with mock.patch('pyasn1.codec.der.decoder.decode') as mock_decode:
key_info, remaining = None, 'extra'
mock_decode.return_value = (key_info, remaining)
with self.assertRaises(ValueError):
crypt.RsaSigner.from_string(key_bytes)
# Verify mock was called.
mock_decode.assert_called_once_with(
pem_bytes, asn1Spec=_pure_python_crypt._PKCS8_SPEC)
def test_from_string_pkcs8_unicode(self):
key_bytes = _helpers._from_bytes(self._load_pkcs8_key_bytes())
signer = crypt.RsaSigner.from_string(key_bytes)
self.assertIsInstance(signer, crypt.RsaSigner)
self.assertIsInstance(signer._key, rsa.key.PrivateKey)
def test_from_string_pkcs12(self):
key_bytes = self._load_pkcs12_key_bytes()
with self.assertRaises(ValueError):
crypt.RsaSigner.from_string(key_bytes)
def test_from_string_bogus_key(self):
key_bytes = 'bogus-key'
with self.assertRaises(ValueError):
crypt.RsaSigner.from_string(key_bytes)