diff options
author | Danny Hermes <daniel.j.hermes@gmail.com> | 2015-08-25 16:49:39 -0700 |
---|---|---|
committer | Danny Hermes <daniel.j.hermes@gmail.com> | 2015-09-01 09:58:33 -0700 |
commit | b0c459f040e977e9e957ede3f592b281b6cec53d (patch) | |
tree | 2bbd37098d29757181f3dbc6037edc84ffa5b665 /tests/test_crypt.py | |
parent | 4c56131ea2966c6772d47fb1020bbf899ff8d3bf (diff) | |
download | oauth2client-b0c459f040e977e9e957ede3f592b281b6cec53d.tar.gz |
Refactor certificate checking in crypt.verify_signed_jwt_with_certs.
Moved check into protected function _verify_signature.
Diffstat (limited to 'tests/test_crypt.py')
-rw-r--r-- | tests/test_crypt.py | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/tests/test_crypt.py b/tests/test_crypt.py index 0b2e10d..4f066a3 100644 --- a/tests/test_crypt.py +++ b/tests/test_crypt.py @@ -74,3 +74,84 @@ class Test_pkcs12_key_as_pem(unittest.TestCase): self.assertRaises(crypto.Error, crypt.pkcs12_key_as_pem, credentials.private_key, credentials.private_key_password) + + +class Test__verify_signature(unittest.TestCase): + + def test_success_single_cert(self): + cert_value = 'cert-value' + certs = {None: cert_value} + message = object() + signature = object() + + verifier = mock.MagicMock() + verifier.verify = mock.MagicMock(name='verify', return_value=True) + with mock.patch('oauth2client.crypt.Verifier') as Verifier: + Verifier.from_string = mock.MagicMock(name='from_string', + return_value=verifier) + result = crypt._verify_signature(message, signature, certs) + self.assertEqual(result, None) + + # Make sure our mocks were called as expected. + Verifier.from_string.assert_called_once_with(cert_value, + is_x509_cert=True) + verifier.verify.assert_called_once_with(message, signature) + + def test_success_multiple_certs(self): + cert_value1 = 'cert-value1' + cert_value2 = 'cert-value2' + cert_value3 = 'cert-value3' + certs = _MockOrderedDict(cert_value1, cert_value2, cert_value3) + message = object() + signature = object() + + verifier = mock.MagicMock() + # Use side_effect to force all 3 cert values to be used by failing + # to verify on the first two. + verifier.verify = mock.MagicMock(name='verify', + side_effect=[False, False, True]) + with mock.patch('oauth2client.crypt.Verifier') as Verifier: + Verifier.from_string = mock.MagicMock(name='from_string', + return_value=verifier) + result = crypt._verify_signature(message, signature, certs) + self.assertEqual(result, None) + + # Make sure our mocks were called three times. + expected_from_string_calls = [ + mock.call(cert_value1, is_x509_cert=True), + mock.call(cert_value2, is_x509_cert=True), + mock.call(cert_value3, is_x509_cert=True), + ] + self.assertEqual(Verifier.from_string.mock_calls, + expected_from_string_calls) + expected_verify_calls = [mock.call(message, signature)] * 3 + self.assertEqual(verifier.verify.mock_calls, + expected_verify_calls) + + def test_failure(self): + cert_value = 'cert-value' + certs = {None: cert_value} + message = object() + signature = object() + + verifier = mock.MagicMock() + verifier.verify = mock.MagicMock(name='verify', return_value=False) + with mock.patch('oauth2client.crypt.Verifier') as Verifier: + Verifier.from_string = mock.MagicMock(name='from_string', + return_value=verifier) + self.assertRaises(crypt.AppIdentityError, crypt._verify_signature, + message, signature, certs) + + # Make sure our mocks were called as expected. + Verifier.from_string.assert_called_once_with(cert_value, + is_x509_cert=True) + verifier.verify.assert_called_once_with(message, signature) + + +class _MockOrderedDict(object): + + def __init__(self, *values): + self._values = values + + def values(self): + return self._values |