diff options
Diffstat (limited to 'macaroonbakery/tests/test_codec.py')
-rw-r--r-- | macaroonbakery/tests/test_codec.py | 164 |
1 files changed, 89 insertions, 75 deletions
diff --git a/macaroonbakery/tests/test_codec.py b/macaroonbakery/tests/test_codec.py index de1631c..6573266 100644 --- a/macaroonbakery/tests/test_codec.py +++ b/macaroonbakery/tests/test_codec.py @@ -1,95 +1,103 @@ # Copyright 2017 Canonical Ltd. # Licensed under the LGPLv3, see LICENCE file for details. +import base64 from unittest import TestCase -import base64 +import nacl.public import six -import nacl.utils -from nacl.public import PrivateKey -from nacl.encoding import Base64Encoder - -from macaroonbakery import bakery, codec, macaroon, namespace, utils +import macaroonbakery +from macaroonbakery import utils +from macaroonbakery import codec +import macaroonbakery.checkers as checkers class TestCodec(TestCase): def setUp(self): - self.fp_key = nacl.public.PrivateKey.generate() - self.tp_key = nacl.public.PrivateKey.generate() + self.fp_key = macaroonbakery.generate_key() + self.tp_key = macaroonbakery.generate_key() def test_v1_round_trip(self): - tp_info = bakery.ThirdPartyInfo(bakery.BAKERY_V1, - self.tp_key.public_key) - cid = codec.encode_caveat('is-authenticated-user', - b'a random string', - tp_info, - self.fp_key, - None) - - res = codec.decode_caveat(self.tp_key, cid) - self.assertEquals(res, macaroon.ThirdPartyCaveatInfo( + tp_info = macaroonbakery.ThirdPartyInfo( + version=macaroonbakery.BAKERY_V1, + public_key=self.tp_key.public_key) + cid = macaroonbakery.encode_caveat( + 'is-authenticated-user', + b'a random string', + tp_info, + self.fp_key, + None) + res = macaroonbakery.decode_caveat(self.tp_key, cid) + self.assertEquals(res, macaroonbakery.ThirdPartyCaveatInfo( first_party_public_key=self.fp_key.public_key, root_key=b'a random string', condition='is-authenticated-user', caveat=cid, third_party_key_pair=self.tp_key, - version=bakery.BAKERY_V1, - ns=macaroon.legacy_namespace() + version=macaroonbakery.BAKERY_V1, + namespace=macaroonbakery.legacy_namespace() )) def test_v2_round_trip(self): - tp_info = bakery.ThirdPartyInfo(bakery.BAKERY_V2, - self.tp_key.public_key) - cid = codec.encode_caveat('is-authenticated-user', - b'a random string', - tp_info, - self.fp_key, - None) - res = codec.decode_caveat(self.tp_key, cid) - self.assertEquals(res, macaroon.ThirdPartyCaveatInfo( + tp_info = macaroonbakery.ThirdPartyInfo( + version=macaroonbakery.BAKERY_V2, + public_key=self.tp_key.public_key) + cid = macaroonbakery.encode_caveat( + 'is-authenticated-user', + b'a random string', + tp_info, + self.fp_key, + None) + res = macaroonbakery.decode_caveat(self.tp_key, cid) + self.assertEquals(res, macaroonbakery.ThirdPartyCaveatInfo( first_party_public_key=self.fp_key.public_key, root_key=b'a random string', condition='is-authenticated-user', caveat=cid, third_party_key_pair=self.tp_key, - version=bakery.BAKERY_V2, - ns=macaroon.legacy_namespace() + version=macaroonbakery.BAKERY_V2, + namespace=macaroonbakery.legacy_namespace() )) def test_v3_round_trip(self): - tp_info = bakery.ThirdPartyInfo(bakery.BAKERY_V3, - self.tp_key.public_key) - ns = namespace.Namespace() + tp_info = macaroonbakery.ThirdPartyInfo( + version=macaroonbakery.BAKERY_V3, + public_key=self.tp_key.public_key) + ns = checkers.Namespace() ns.register('testns', 'x') - cid = codec.encode_caveat('is-authenticated-user', - b'a random string', - tp_info, - self.fp_key, - ns) - res = codec.decode_caveat(self.tp_key, cid) - self.assertEquals(res, macaroon.ThirdPartyCaveatInfo( + cid = macaroonbakery.encode_caveat( + 'is-authenticated-user', + b'a random string', + tp_info, + self.fp_key, + ns) + res = macaroonbakery.decode_caveat(self.tp_key, cid) + self.assertEquals(res, macaroonbakery.ThirdPartyCaveatInfo( first_party_public_key=self.fp_key.public_key, root_key=b'a random string', condition='is-authenticated-user', caveat=cid, third_party_key_pair=self.tp_key, - version=bakery.BAKERY_V3, - ns=ns + version=macaroonbakery.BAKERY_V3, + namespace=ns )) def test_empty_caveat_id(self): - with self.assertRaises(ValueError) as context: - codec.decode_caveat(self.tp_key, b'') + with self.assertRaises(macaroonbakery.VerificationError) as context: + macaroonbakery.decode_caveat(self.tp_key, b'') self.assertTrue('empty third party caveat' in str(context.exception)) def test_decode_caveat_v1_from_go(self): - tp_key = PrivateKey(base64.b64decode( - 'TSpvLpQkRj+T3JXnsW2n43n5zP/0X4zn0RvDiWC3IJ0=')) - fp_key = PrivateKey(base64.b64decode( - 'KXpsoJ9ujZYi/O2Cca6kaWh65MSawzy79LWkrjOfzcs=')) - fp_key.encode(Base64Encoder) + tp_key = macaroonbakery.PrivateKey( + nacl.public.PrivateKey(base64.b64decode( + 'TSpvLpQkRj+T3JXnsW2n43n5zP/0X4zn0RvDiWC3IJ0='))) + fp_key = macaroonbakery.PrivateKey( + nacl.public.PrivateKey(base64.b64decode( + 'KXpsoJ9ujZYi/O2Cca6kaWh65MSawzy79LWkrjOfzcs='))) + root_key = base64.b64decode('vDxEmWZEkgiNEFlJ+8ruXe3qDSLf1H+o') # This caveat has been generated from the go code # to check the compatibilty + encrypted_cav = six.b( 'eyJUaGlyZFBhcnR5UHVibGljS2V5IjoiOFA3R1ZZc3BlWlN4c' '3hFdmJsSVFFSTFqdTBTSWl0WlIrRFdhWE40cmxocz0iLCJGaX' @@ -100,22 +108,25 @@ class TestCodec(TestCase): 'BORldUUExGdjVla1dWUjA4Uk1sbGJhc3c4VGdFbkhzM0laeVo' '0V2lEOHhRUWdjU3ljOHY4eUt4dEhxejVEczJOYmh1ZDJhUFdt' 'UTVMcVlNWitmZ2FNaTAxdE9DIn0=') - cav = codec.decode_caveat(tp_key, encrypted_cav) - self.assertEquals(cav, macaroon.ThirdPartyCaveatInfo( + cav = macaroonbakery.decode_caveat(tp_key, encrypted_cav) + self.assertEquals(cav, macaroonbakery.ThirdPartyCaveatInfo( condition='caveat condition', first_party_public_key=fp_key.public_key, third_party_key_pair=tp_key, - root_key=b'random', + root_key=root_key, caveat=encrypted_cav, - version=bakery.BAKERY_V1, - ns=macaroon.legacy_namespace() + version=macaroonbakery.BAKERY_V1, + namespace=macaroonbakery.legacy_namespace() )) def test_decode_caveat_v2_from_go(self): - tp_key = PrivateKey(base64.b64decode( - 'TSpvLpQkRj+T3JXnsW2n43n5zP/0X4zn0RvDiWC3IJ0=')) - fp_key = PrivateKey(base64.b64decode( - 'KXpsoJ9ujZYi/O2Cca6kaWh65MSawzy79LWkrjOfzcs=')) + tp_key = macaroonbakery.PrivateKey(nacl.public.PrivateKey( + base64.b64decode( + 'TSpvLpQkRj+T3JXnsW2n43n5zP/0X4zn0RvDiWC3IJ0='))) + fp_key = macaroonbakery.PrivateKey( + nacl.public.PrivateKey(base64.b64decode( + 'KXpsoJ9ujZYi/O2Cca6kaWh65MSawzy79LWkrjOfzcs='))) + root_key = base64.b64decode('wh0HSM65wWHOIxoGjgJJOFvQKn2jJFhC') # This caveat has been generated from the go code # to check the compatibilty encrypted_cav = base64.urlsafe_b64decode( @@ -123,22 +134,25 @@ class TestCodec(TestCase): 'AvD-xlUf2MdGMgtu7OKRQnCP1OQJk6PKeFWRK26WIBA6DNwKGIHq9xGcHS9IZ' 'Lh0cL6D9qpeKI0mXmCPfnwRQDuVYC8y5gVWd-oCGZaj5TGtk3byp2Vnw6ojmt' 'sULDhY59YA_J_Y0ATkERO5T9ajoRWBxU2OXBoX6bImXA'))) - cav = codec.decode_caveat(tp_key, encrypted_cav) - self.assertEquals(cav, macaroon.ThirdPartyCaveatInfo( + cav = macaroonbakery.decode_caveat(tp_key, encrypted_cav) + self.assertEqual(cav, macaroonbakery.ThirdPartyCaveatInfo( condition='third party condition', first_party_public_key=fp_key.public_key, third_party_key_pair=tp_key, - root_key=b'random', + root_key=root_key, caveat=encrypted_cav, - version=bakery.BAKERY_V2, - ns=macaroon.legacy_namespace() + version=macaroonbakery.BAKERY_V2, + namespace=macaroonbakery.legacy_namespace() )) def test_decode_caveat_v3_from_go(self): - tp_key = PrivateKey(base64.b64decode( - 'TSpvLpQkRj+T3JXnsW2n43n5zP/0X4zn0RvDiWC3IJ0=')) - fp_key = PrivateKey(base64.b64decode( - 'KXpsoJ9ujZYi/O2Cca6kaWh65MSawzy79LWkrjOfzcs=')) + tp_key = macaroonbakery.PrivateKey( + nacl.public.PrivateKey(base64.b64decode( + 'TSpvLpQkRj+T3JXnsW2n43n5zP/0X4zn0RvDiWC3IJ0='))) + fp_key = macaroonbakery.PrivateKey(nacl.public.PrivateKey( + base64.b64decode( + 'KXpsoJ9ujZYi/O2Cca6kaWh65MSawzy79LWkrjOfzcs='))) + root_key = base64.b64decode(b'oqOXI3/Mz/pKjCuFOt2eYxb7ndLq66GY') # This caveat has been generated from the go code # to check the compatibilty encrypted_cav = base64.urlsafe_b64decode( @@ -146,15 +160,15 @@ class TestCodec(TestCase): 'A_D-xlUf2MdGMgtu7OKRQnCP1OQJk6PKeFWRK26WIBA6DNwKGNLeFSkD2M-8A' 'EYvmgVH95GWu7T7caKxKhhOQFcEKgnXKJvYXxz1zin4cZc4Q6C7gVqA-J4_j3' '1LX4VKxymqG62UGPo78wOv0_fKjr3OI6PPJOYOQgBMclemlRF2'))) - cav = codec.decode_caveat(tp_key, encrypted_cav) - self.assertEquals(cav, macaroon.ThirdPartyCaveatInfo( + cav = macaroonbakery.decode_caveat(tp_key, encrypted_cav) + self.assertEquals(cav, macaroonbakery.ThirdPartyCaveatInfo( condition='third party condition', first_party_public_key=fp_key.public_key, third_party_key_pair=tp_key, - root_key=b'random', + root_key=root_key, caveat=encrypted_cav, - version=bakery.BAKERY_V3, - ns=macaroon.legacy_namespace() + version=macaroonbakery.BAKERY_V3, + namespace=macaroonbakery.legacy_namespace() )) def test_encode_decode_varint(self): @@ -169,10 +183,10 @@ class TestCodec(TestCase): for test in tests: data = bytearray() expected = bytearray() - codec._encode_uvarint(test[0], data) + macaroonbakery.encode_uvarint(test[0], data) for v in test[1]: expected.append(v) self.assertEquals(data, expected) - val = codec._decode_uvarint(bytes(data)) + val = codec.decode_uvarint(bytes(data)) self.assertEquals(test[0], val[0]) self.assertEquals(len(test[1]), val[1]) |