Update tests to hs2019 and add one deprecated test using old keys

Author: fulder

httpsig/tests/rsa_private.pem httpsig/tests/rsa_private_1024.pemhttpsig/tests/rsa_private.pem renamed to httpsig/tests/rsa_private_1024.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQB7eXXK+gSpDXsvZkcXd19X85iemJd0KywRH+/W+1J1j8pd+O1l
+H2He8GLaDFCwFijTvTmptfMYB2XyvG8/tPpaSzaIbSBlKXWxSo1fdUMf2e7SbqVr
+Fi5DolPrIfRpVqw4iqnTZZ46Y2vfa57Ee3NRF5zoagMS9BM7nfuCKvzZcUK81V75
+hup5kpMHW1ofBZAPwQMm8CoXD1bpM+acN1N+63vgTY2QyUq2yJOI3HJvyFZTw+Sj
+/ialYtDvDTluBH98i4504OIA6z0SCijF11irvAOSPc0GVXB8HjtUlqbD0BD6Hyqg
+MeXgi9nGJhJDnJDiCVlPwg6Ni+h3nW/sXXopAgMBAAECggEANkOg8v2CAtG7647l
+e3io3DxgPIMPPKykhzoj67Uz/hqdc0MtAZ4TIyk+KFn1NA3pD3U/3EfseAj4Uv9h
+XPwqcnhPlRFwhUT9RldfXi5ou5zJio26ASAUYQD8JIAdrBW9RnQaQp+MNFjxVZU0
+h2FBwse/25yLkU7XDQJXQFOoH988Dpozz1y8q11NxurakR67+xtqO5KG7FZdwCsN
+W2Z7gTm7T59NYdHevFi2b91hdBdLWCn9RPduEvRViQY5KzzkT6cg493G3vCPXxCy
+9C9aCNF7PXghy/im7dLz+H28xYls3KPOJve2dmvox2+aPH66TgXkfj/kfULJmHZq
+el3dIQKBgQDAxiqPcEF1Fq4UOoipCvcpiyz0gdFFw1x58km9GOpDdDK1bqcFc2z/
+GEoauWVl/PZZJdmht1zzkg4R3Izpbsg1IFxd3m7KbcfOK2bA9h2QPmjW8OwSu4/h
+/l8mDsNF5crOdBnUHacgHhL1SJx323Yu3z9PmiN9wLW1gyYkh82SzQKBgQCj+LWP
+1DZdsHOs224CjGjfj02PsaV5RNgD7Qqk5VcQFHzmJTAqoroPzJNjUD1sUnXXJHI0
+JL533giIsxQxnyca1qtxaO6KA4baykQtKKQqKTWhE2oowS1howHRbLShq1Hxvw9S
+QSS0ZAo5DyjZLMkVnlB+v7sXJR8X0Ru8qHKczQKBgQCBMEy1c/VqEpj21YNgRgj9
+vleSRK2KozIGR2lDYL8eFXEmRdGIxaH2EsEWx8g8YRp3A/aleczBLtBfB/8nMSba
+86TzA24cGxYcBNoH1uhZEnoQEcUjiK8UNPRu/NXAsg8H7KaikHy/+WebGd5CNMEv
+CE3VeubuD4e27P1S3e/WwQKBgDzgGjASvjhcSSXUtWv2yvyszEPb1S5Hk9cpSvlb
+N859fL1I8y/xCBjTf6iwYo1zs9Iy8r9PIPOJmCuAKLAfgToilrXdGipdEtTpoRQO
+8ZvBfuqVNaV5yqpkBUnGDO20mBCjOUH1c3YRagYzDZxLV0BSbVoRPpliK8AA30ZU
+V3DFAoGAfaPc8p6o7tCaPMpRxynIAvgIqg4sIBJdX/G4Q+SZeZR/mFlfpuhY4kzh
+CL+RKAhOyOaYsSxlk4vB954y4UZFl6/t2W6gNxouelA77TgV2/rjx/fLk06J+RIF
+QQkiAXwUZ2xpmdnUk+UREBwrB3LoU9kZM6fKX/LB4QEZuOmbERQ=
+-----END RSA PRIVATE KEY-----

httpsig/tests/rsa_private_2048.pem

@@ -3,4 +3,4 @@ MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCFENGw33yGihy92pDjZQhl0C3
 6rPJj+CvfSC8+q28hxA161QFNUd13wuCTUcq0Qd2qsBe/2hFyc2DCJJg0h1L78+6
 Z4UMR7EOcpfdUE9Hf3m/hs+FUR45uBJeDK1HSFHD8bHKD6kv8FPGfJTotc+2xjJw
 oYi+1hqp1fIekaxsyQIDAQAB
------END PUBLIC KEY-----
+-----END PUBLIC KEY-----

httpsig/tests/rsa_public.pem httpsig/tests/rsa_public_1024.pemhttpsig/tests/rsa_public.pem renamed to httpsig/tests/rsa_public_1024.pem

@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBITANBgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQB7eXXK+gSpDXsvZkcXd19X
+85iemJd0KywRH+/W+1J1j8pd+O1lH2He8GLaDFCwFijTvTmptfMYB2XyvG8/tPpa
+SzaIbSBlKXWxSo1fdUMf2e7SbqVrFi5DolPrIfRpVqw4iqnTZZ46Y2vfa57Ee3NR
+F5zoagMS9BM7nfuCKvzZcUK81V75hup5kpMHW1ofBZAPwQMm8CoXD1bpM+acN1N+
+63vgTY2QyUq2yJOI3HJvyFZTw+Sj/ialYtDvDTluBH98i4504OIA6z0SCijF11ir
+vAOSPc0GVXB8HjtUlqbD0BD6HyqgMeXgi9nGJhJDnJDiCVlPwg6Ni+h3nW/sXXop
+AgMBAAE=
+-----END PUBLIC KEY-----

httpsig/tests/rsa_public_2048.pem

@@ -10,7 +10,7 @@
 
 sys.path.insert(0, os.path.join(os.path.dirname(__file__), '..'))
 
-sign.DEFAULT_SIGN_ALGORITHM = "rsa-sha256"
+sign.DEFAULT_SIGN_ALGORITHM = "hs2019"
 
 
 class TestSign(unittest.TestCase):
@@ -19,17 +19,22 @@ class TestSign(unittest.TestCase):
     header_host = 'example.com'
     header_date = 'Thu, 05 Jan 2014 21:31:40 GMT'
     header_content_type = 'application/json'
-    header_digest = 'SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE='
+    header_digest = 'SHA-512=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE='
     header_content_length = '18'
 
     def setUp(self):
-        self.key_path = os.path.join(
-            os.path.dirname(__file__), 'rsa_private.pem')
-        with open(self.key_path, 'rb') as f:
-            self.key = f.read()
+        self.key_path_2048 = os.path.join(
+            os.path.dirname(__file__), 'rsa_private_2048.pem')
+        with open(self.key_path_2048, 'rb') as f:
+            self.key_2048 = f.read()
+
+        self.key_path_1024 = os.path.join(
+            os.path.dirname(__file__), 'rsa_private_1024.pem')
+        with open(self.key_path_1024, 'rb') as f:
+            self.key_1024 = f.read()
 
     def test_default(self):
-        hs = sign.HeaderSigner(key_id='Test', secret=self.key)
+        hs = sign.HeaderSigner(key_id='Test', secret=self.key_2048, sign_algorithm="PSS", salt_length=0)
         unsigned = {
             'Date': self.header_date
         }
@@ -43,11 +48,11 @@ def test_default(self):
         self.assertIn('algorithm', params)
         self.assertIn('signature', params)
         self.assertEqual(params['keyId'], 'Test')
-        self.assertEqual(params['algorithm'], 'rsa-sha256')
-        self.assertEqual(params['signature'], 'jKyvPcxB4JbmYY4mByyBY7cZfNl4OW9HpFQlG7N4YcJPteKTu4MWCLyk+gIr0wDgqtLWf9NLpMAMimdfsH7FSWGfbMFSrsVTHNTk0rK3usrfFnti1dxsM4jl0kYJCKTGI/UWkqiaxwNiKqGcdlEDrTcUhhsFsOIo8VhddmZTZ8w=')  # noqa: E501
+        self.assertEqual(params['algorithm'], 'hs2019')
+        self.assertEqual(params['signature'], 'T8+Cj3Zp2cBDm2r8/loPgfHUSSFXXyZJNxxbNx1NvKVz/r5T4z6pVxhl9rqk8WfYHMdlh2aT5hCrYKvhs88Jy0DDmeUP4nELWRsO1BF0oAqHfcrbEikZQL7jA6z0guVaLr0S5QRGmd1K5HUEkP/vYEOns+FRL+JrFG4dNJNESvG5iyKUoaXfoZCFdqtzLlIteEAL7dW/kaX/dE116wfpbem1eCABuGopRhuFtjqLKVjuUVwyP/zSYTqd9j+gDhinkAifTJPxbGMh0b5LZdNCqw5irT9NkTcTFRXDp8ioX8r805Z9QhjT7H+rSo350U2LsAFoQ9ttryPBOoMPCiQTlw==')  # noqa: E501
 
     def test_basic(self):
-        hs = sign.HeaderSigner(key_id='Test', secret=self.key, headers=[
+        hs = sign.HeaderSigner(key_id='Test', secret=self.key_2048, sign_algorithm="PSS", salt_length=0, headers=[
             '(request-target)',
             'host',
             'date',
@@ -68,13 +73,13 @@ def test_basic(self):
         self.assertIn('algorithm', params)
         self.assertIn('signature', params)
         self.assertEqual(params['keyId'], 'Test')
-        self.assertEqual(params['algorithm'], 'rsa-sha256')
+        self.assertEqual(params['algorithm'], 'hs2019')
         self.assertEqual(
             params['headers'], '(request-target) host date')
-        self.assertEqual(params['signature'], 'HUxc9BS3P/kPhSmJo+0pQ4IsCo007vkv6bUm4Qehrx+B1Eo4Mq5/6KylET72ZpMUS80XvjlOPjKzxfeTQj4DiKbAzwJAb4HX3qX6obQTa00/qPDXlMepD2JtTw33yNnm/0xV7fQuvILN/ys+378Ysi082+4xBQFwvhNvSoVsGv4=')  # noqa: E501
+        self.assertEqual(params['signature'], 'KkF4oeOJJH9TaYjQdaU634G7AVmM5Bf3fnfJCBZ7G0H5puW5XlQTpduA+TgouKOJhbv4aRRpunPzCHUxUjEvrR3TSALqW1EOsBwCVIusE9CnrhL7vUOvciIDai/jI15RsfR9+XyTmOSFbsI07E8mmywr3nLeWX6AAFDMO2vWc21zZxrSc13vFfAkVvFhXLxO4g0bBm6Z4m5/9ytWtdE0Gf3St2kY8aZTedllRCS8cMx8GVAIw/qYGeIlGKUCZKxrFxnviN7gfxixwova6lcxpppIo+WXxEiwMJfSQBlx0WGn3A3twCv6TsIxPOVUEW4jcogDh+jGFf1aGdVyHquTRQ==')  # noqa: E501
 
     def test_all(self):
-        hs = sign.HeaderSigner(key_id='Test', secret=self.key, headers=[
+        hs = sign.HeaderSigner(key_id='Test', secret=self.key_2048, sign_algorithm="PSS", salt_length=0,  headers=[
             '(request-target)',
             'host',
             'date',
@@ -101,8 +106,26 @@ def test_all(self):
         self.assertIn('algorithm', params)
         self.assertIn('signature', params)
         self.assertEqual(params['keyId'], 'Test')
-        self.assertEqual(params['algorithm'], 'rsa-sha256')
+        self.assertEqual(params['algorithm'], 'hs2019')
         self.assertEqual(
             params['headers'],
             '(request-target) host date content-type digest content-length')
-        self.assertEqual(params['signature'], 'Ef7MlxLXoBovhil3AlyjtBwAL9g4TN3tibLj7uuNB3CROat/9KaeQ4hW2NiJ+pZ6HQEOx9vYZAyi+7cmIkmJszJCut5kQLAwuX+Ms/mUFvpKlSo9StS2bMXDBNjOh4Auj774GFj4gwjS+3NhFeoqyr/MuN6HsEnkvn6zdgfE2i0=')  # noqa: E501
+        self.assertEqual(params['signature'], 'Ur8ehf0YlxBIRyXJG+iBBubrMlxWxDqpYgEaABq5ukcant30Gygkrs4ujFWxlR8pbBS/kDewYdlNhJOsVva2Y/ZSmardYHWYuSw3QjW0KON7nfVT/hijDFCAAzDDOqS6uSJimWmyko23bt2XDydMS2ekGoRFXxQcCtd2piWDpwaHneZiUu4njoiyRVZo9dLWMe9i9QR/14tjWO+PinfSlo1Bs1uMKGjx3EDRSw76cMHXb0VURzVf08ShBxsnts8o/l8TPNyMgcqeEuNaMFTr3rMMpfkeLtBcBljqnvPjusAPmzJxi6aElophSmuPpwSgC/QCHOxT99mEObrf0VDRNw==')  # noqa: E501
+
+    def test_default_deprecated_256(self):
+        hs = sign.HeaderSigner(key_id='Test', secret=self.key_1024, algorithm="rsa-sha256")
+        unsigned = {
+            'Date': self.header_date
+        }
+        signed = hs.sign(unsigned)
+        self.assertIn('Date', signed)
+        self.assertEqual(unsigned['Date'], signed['Date'])
+        self.assertIn('Authorization', signed)
+        auth = parse_authorization_header(signed['authorization'])
+        params = auth[1]
+        self.assertIn('keyId', params)
+        self.assertIn('algorithm', params)
+        self.assertIn('signature', params)
+        self.assertEqual(params['keyId'], 'Test')
+        self.assertEqual(params['algorithm'], 'rsa-sha256')
+        self.assertEqual(params['signature'], 'jKyvPcxB4JbmYY4mByyBY7cZfNl4OW9HpFQlG7N4YcJPteKTu4MWCLyk+gIr0wDgqtLWf9NLpMAMimdfsH7FSWGfbMFSrsVTHNTk0rK3usrfFnti1dxsM4jl0kYJCKTGI/UWkqiaxwNiKqGcdlEDrTcUhhsFsOIo8VhddmZTZ8w=')  # noqa: E501

httpsig/tests/test_signature.py

@@ -11,7 +11,7 @@ class TestUtils(unittest.TestCase):
 
     def test_get_fingerprint(self):
         with open(os.path.join(
-                os.path.dirname(__file__), 'rsa_public.pem'), 'r') as k:
+                os.path.dirname(__file__), 'rsa_public_1024.pem'), 'r') as k:
             key = k.read()
         fingerprint = get_fingerprint(key)
         self.assertEqual(

httpsig/tests/test_utils.py

@@ -43,11 +43,12 @@ def setUp(self):
         self.algorithm = "hmac-sha1"
         self.sign_secret = secret
         self.verify_secret = secret
+        self.sign_algorithm = None
 
     def test_basic_sign(self):
-        signer = Signer(secret=self.sign_secret, algorithm=self.algorithm)
+        signer = Signer(secret=self.sign_secret, algorithm=self.algorithm, sign_algorithm=self.sign_algorithm)
         verifier = Verifier(
-                secret=self.verify_secret, algorithm=self.algorithm)
+                secret=self.verify_secret, algorithm=self.algorithm, sign_algorithm=self.sign_algorithm)
 
         GOOD = b"this is a test"
         BAD = b"this is not the signature you were looking for..."
@@ -64,10 +65,10 @@ def test_default(self):
 
         hs = HeaderSigner(
             key_id="Test", secret=self.sign_secret, algorithm=self.algorithm,
-            sign_header=self.sign_header)
+            sign_header=self.sign_header, sign_algorithm=self.sign_algorithm)
         signed = hs.sign(unsigned)
         hv = HeaderVerifier(
-            headers=signed, secret=self.verify_secret, sign_header=self.sign_header)
+            headers=signed, secret=self.verify_secret, sign_header=self.sign_header, sign_algorithm=self.sign_algorithm)
         self.assertTrue(hv.verify())
 
     def test_signed_headers(self):
@@ -86,7 +87,8 @@ def test_signed_headers(self):
                     'content-type',
                     'digest',
                     'content-length'
-                ])
+                ],
+                sign_algorithm=self.sign_algorithm)
         unsigned = {
             'Host': HOST,
             'Date': self.header_date,
@@ -99,7 +101,7 @@ def test_signed_headers(self):
         hv = HeaderVerifier(
                 headers=signed, secret=self.verify_secret,
                 host=HOST, method=METHOD, path=PATH,
-                sign_header=self.sign_header)
+                sign_header=self.sign_header, sign_algorithm=self.sign_algorithm)
         self.assertTrue(hv.verify())
 
     def test_incorrect_headers(self):
@@ -116,7 +118,8 @@ def test_incorrect_headers(self):
                               'date',
                               'content-type',
                               'digest',
-                              'content-length'])
+                              'content-length'],
+                          sign_algorithm=self.sign_algorithm)
         unsigned = {
             'Host': HOST,
             'Date': self.header_date,
@@ -129,7 +132,7 @@ def test_incorrect_headers(self):
         hv = HeaderVerifier(headers=signed, secret=self.verify_secret,
                             required_headers=["some-other-header"],
                             host=HOST, method=METHOD, path=PATH,
-                            sign_header=self.sign_header)
+                            sign_header=self.sign_header, sign_algorithm=self.sign_algorithm)
         with self.assertRaises(Exception):
             hv.verify()
 
@@ -148,7 +151,8 @@ def test_extra_auth_headers(self):
                     'content-type',
                     'digest',
                     'content-length'
-                ])
+                ],
+                sign_algorithm=self.sign_algorithm)
         unsigned = {
             'Host': HOST,
             'Date': self.header_date,
@@ -163,7 +167,8 @@ def test_extra_auth_headers(self):
                 method=METHOD,
                 path=PATH,
                 sign_header=self.sign_header,
-                required_headers=['date', '(request-target)'])
+                required_headers=['date', '(request-target)'],
+                sign_algorithm=self.sign_algorithm)
         self.assertTrue(hv.verify())
 
 
@@ -186,20 +191,21 @@ class TestVerifyRSASHA1(TestVerifyHMACSHA1):
     def setUp(self):
         private_key_path = os.path.join(
                             os.path.dirname(__file__),
-                            'rsa_private.pem')
+            'rsa_private_1024.pem')
         with open(private_key_path, 'rb') as f:
             private_key = f.read()
 
         public_key_path = os.path.join(
                             os.path.dirname(__file__),
-                            'rsa_public.pem')
+            'rsa_public_1024.pem')
         with open(public_key_path, 'rb') as f:
             public_key = f.read()
 
         self.keyId = "Test"
         self.algorithm = "rsa-sha1"
         self.sign_secret = private_key
         self.verify_secret = public_key
+        self.sign_algorithm = None
 
 
 class TestVerifyRSASHA256(TestVerifyRSASHA1):
@@ -218,3 +224,26 @@ def setUp(self):
 
 class TestVerifyRSASHA512ChangeHeader(TestVerifyRSASHA1):
     sign_header = 'Signature'
+
+
+class TestVerifyHS2019PSS(TestVerifyHMACSHA1):
+
+    def setUp(self):
+        private_key_path = os.path.join(
+                            os.path.dirname(__file__),
+            'rsa_private_2048.pem')
+        with open(private_key_path, 'rb') as f:
+            private_key = f.read()
+
+        public_key_path = os.path.join(
+                            os.path.dirname(__file__),
+            'rsa_public_2048.pem')
+        with open(public_key_path, 'rb') as f:
+            public_key = f.read()
+
+        self.keyId = "Test"
+        self.algorithm = "hs2019"
+        self.sign_secret = private_key
+        self.verify_secret = public_key
+        self.sign_algorithm = "PSS"
+