forked from smarty-archives/go-aws-auth
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsign3_test.go
120 lines (95 loc) · 3.66 KB
/
sign3_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package awsauth
import (
. "github.com/smartystreets/goconvey/convey"
"net/http"
"net/url"
"testing"
"time"
)
func TestSignature3(t *testing.T) {
// http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/RESTAuthentication.html
// http://docs.aws.amazon.com/ses/latest/DeveloperGuide/query-interface-authentication.html
Convey("Given bogus credentials", t, func() {
Keys = testCredV3
// Mock time
now = func() time.Time {
parsed, _ := time.Parse(timeFormatV3, exampleReqTsV3)
return parsed
}
Convey("Given a plain request that is unprepared", func() {
req := test_plainRequestV3()
Convey("The request should be prepared to be signed", func() {
expectedUnsigned := test_unsignedRequestV3()
prepareRequestV3(req)
So(req, ShouldResemble, expectedUnsigned)
})
})
Convey("Given a prepared, but unsigned, request", func() {
req := test_unsignedRequestV3()
Convey("The absolute path should be extracted correctly", func() {
So(req.URL.Path, ShouldEqual, "/")
})
Convey("The string to sign should be well-formed", func() {
actual := stringToSignV3(req)
So(actual, ShouldEqual, expectedStringToSignV3)
})
Convey("The resulting signature should be correct", func() {
actual := signatureV3(stringToSignV3(req))
So(actual, ShouldEqual, "PjAJ6buiV6l4WyzmmuwtKE59NJXVg5Dr3Sn4PCMZ0Yk=")
})
Convey("The final signed request should be correctly formed", func() {
Sign3(req)
actual := req.Header.Get("X-Amzn-Authorization")
So(actual, ShouldResemble, expectedAuthHeaderV3)
})
})
})
}
func test_plainRequestV3() *http.Request {
values := url.Values{}
values.Set("Action", "GetSendStatistics")
values.Set("Version", "2010-12-01")
url := baseUrlV3 + "/?" + values.Encode()
req, err := http.NewRequest("GET", url, nil)
if err != nil {
panic(err)
}
return req
}
func test_unsignedRequestV3() *http.Request {
req := test_plainRequestV3()
req.Header.Set("Content-Type", "application/x-www-form-urlencoded; charset=utf-8")
req.Header.Set("x-amz-date", exampleReqTsV3)
req.Header.Set("Date", exampleReqTsV3)
req.Header.Set("x-amz-nonce", "")
return req
}
func TestVersion3STSRequestPreparer(t *testing.T) {
Convey("Given a plain request with no custom headers", t, func() {
req := test_plainRequestV3()
Convey("And a set of credentials with an STS token", func() {
Keys = testCredV3WithSTS
Convey("It should include an X-Amz-Security-Token when the request is signed", func() {
actualSigned := Sign3(req)
actual := actualSigned.Header.Get("X-Amz-Security-Token")
So(actual, ShouldNotBeBlank)
So(actual, ShouldEqual, testCredV4WithSTS.SecurityToken)
})
})
})
}
var (
testCredV3 = &Credentials{
AccessKeyID: "AKIAIOSFODNN7EXAMPLE",
SecretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
}
testCredV3WithSTS = &Credentials{
AccessKeyID: "AKIDEXAMPLE",
SecretAccessKey: "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",
SecurityToken: "AQoDYXdzEHcaoAJ1Aqwx1Sum0iW2NQjXJcWlKR7vuB6lnAeGBaQnjDRZPVyniwc48ml5hx+0qiXenVJdfusMMl9XLhSncfhx9Rb1UF8IAOaQ+CkpWXvoH67YYN+93dgckSVgVEBRByTl/BvLOZhe0ii/pOWkuQtBm5T7lBHRe4Dfmxy9X6hd8L3FrWxgnGV3fWZ3j0gASdYXaa+VBJlU0E2/GmCzn3T+t2mjYaeoInAnYVKVpmVMOrh6lNAeETTOHElLopblSa7TAmROq5xHIyu4a9i2qwjERTwa3Yk4Jk6q7JYVA5Cu7kS8wKVml8LdzzCTsy+elJgvH+Jf6ivpaHt/En0AJ5PZUJDev2+Y5+9j4AYfrmXfm4L73DC1ZJFJrv+Yh+EXAMPLE=",
}
exampleReqTsV3 = "Thu, 14 Aug 2008 17:08:48 GMT"
baseUrlV3 = "https://email.us-east-1.amazonaws.com"
expectedStringToSignV3 = exampleReqTsV3
expectedAuthHeaderV3 = "AWS3-HTTPS AWSAccessKeyId=" + testCredV3.AccessKeyID + ", Algorithm=HmacSHA256, Signature=PjAJ6buiV6l4WyzmmuwtKE59NJXVg5Dr3Sn4PCMZ0Yk="
)