File: sign2_test.go

package info (click to toggle)
golang-github-smira-go-aws-auth 0.0~git20160320.0070896-1.1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, bullseye, bullseye-backports, sid, trixie
  • size: 152 kB
  • sloc: makefile: 2
file content (126 lines) | stat: -rw-r--r-- 4,092 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
package awsauth

import (
	"net/http"
	"net/url"
	"testing"
	"time"

	. "github.com/smartystreets/goconvey/convey"
)

func TestSignature2(t *testing.T) {
	// http://docs.aws.amazon.com/general/latest/gr/signature-version-2.html

	Convey("Given bogus credentials", t, func() {
		keys := *testCredV2

		// Mock time
		now = func() time.Time {
			parsed, _ := time.Parse(timeFormatV2, exampleReqTsV2)
			return parsed
		}

		Convey("Given a plain request that is unprepared", func() {
			request := test_plainRequestV2()

			Convey("The request should be prepared to be signed", func() {
				expectedUnsigned := test_unsignedRequestV2()
				prepareRequestV2(request, keys)
				So(request, ShouldResemble, expectedUnsigned)
			})
		})

		Convey("Given a prepared, but unsigned, request", func() {
			request := test_unsignedRequestV2()

			Convey("The canonical query string should be correct", func() {
				actual := canonicalQueryStringV2(request)
				expected := canonicalQsV2
				So(actual, ShouldEqual, expected)
			})

			Convey("The absolute path should be extracted correctly", func() {
				So(request.URL.Path, ShouldEqual, "/")
			})

			Convey("The string to sign should be well-formed", func() {
				actual := stringToSignV2(request)
				So(actual, ShouldEqual, expectedStringToSignV2)
			})

			Convey("The resulting signature should be correct", func() {
				actual := signatureV2(stringToSignV2(request), keys)
				So(actual, ShouldEqual, "i91nKc4PWAt0JJIdXwz9HxZCJDdiy6cf/Mj6vPxyYIs=")
			})

			Convey("The final signed request should be correctly formed", func() {
				Sign2(request, keys)
				actual := request.URL.String()
				So(actual, ShouldResemble, expectedFinalUrlV2)
			})
		})
	})
}

func TestVersion2STSRequestPreparer(t *testing.T) {
	Convey("Given a plain request ", t, func() {
		request := test_plainRequestV2()

		Convey("And a set of credentials with an STS token", func() {
			var keys Credentials
			keys = *testCredV2WithSTS

			Convey("It should include the SecurityToken parameter when the request is signed", func() {
				actualSigned := Sign2(request, keys)
				actual := actualSigned.URL.Query()["SecurityToken"][0]

				So(actual, ShouldNotBeBlank)
				So(actual, ShouldEqual, testCredV2WithSTS.SecurityToken)

			})
		})
	})

}

func test_plainRequestV2() *http.Request {
	values := url.Values{}
	values.Set("Action", "DescribeJobFlows")
	values.Set("Version", "2009-03-31")

	url := baseUrlV2 + "?" + values.Encode()

	request, err := http.NewRequest("GET", url, nil)
	if err != nil {
		panic(err)
	}

	return request
}

func test_unsignedRequestV2() *http.Request {
	request := test_plainRequestV2()
	newUrl, _ := url.Parse(baseUrlV2 + "/?" + canonicalQsV2)
	request.URL = newUrl
	return request
}

var (
	testCredV2 = &Credentials{
		AccessKeyID:     "AKIAIOSFODNN7EXAMPLE",
		SecretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
	}

	testCredV2WithSTS = &Credentials{
		AccessKeyID:     "AKIDEXAMPLE",
		SecretAccessKey: "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",
		SecurityToken:   "AQoDYXdzEHcaoAJ1Aqwx1Sum0iW2NQjXJcWlKR7vuB6lnAeGBaQnjDRZPVyniwc48ml5hx+0qiXenVJdfusMMl9XLhSncfhx9Rb1UF8IAOaQ+CkpWXvoH67YYN+93dgckSVgVEBRByTl/BvLOZhe0ii/pOWkuQtBm5T7lBHRe4Dfmxy9X6hd8L3FrWxgnGV3fWZ3j0gASdYXaa+VBJlU0E2/GmCzn3T+t2mjYaeoInAnYVKVpmVMOrh6lNAeETTOHElLopblSa7TAmROq5xHIyu4a9i2qwjERTwa3Yk4Jk6q7JYVA5Cu7kS8wKVml8LdzzCTsy+elJgvH+Jf6ivpaHt/En0AJ5PZUJDev2+Y5+9j4AYfrmXfm4L73DC1ZJFJrv+Yh+EXAMPLE=",
	}

	exampleReqTsV2         = "2011-10-03T15:19:30"
	baseUrlV2              = "https://elasticmapreduce.amazonaws.com"
	canonicalQsV2          = "AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Action=DescribeJobFlows&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2011-10-03T15%3A19%3A30&Version=2009-03-31"
	expectedStringToSignV2 = "GET\nelasticmapreduce.amazonaws.com\n/\n" + canonicalQsV2
	expectedFinalUrlV2     = baseUrlV2 + "/?AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Action=DescribeJobFlows&Signature=i91nKc4PWAt0JJIdXwz9HxZCJDdiy6cf%2FMj6vPxyYIs%3D&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2011-10-03T15%3A19%3A30&Version=2009-03-31"
)