forked from allthings-archive/go-aws-auth
-
Notifications
You must be signed in to change notification settings - Fork 1
/
sign3_test.go
111 lines (85 loc) · 3.58 KB
/
sign3_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
package awsauth
import (
"net/http"
"net/url"
"testing"
"time"
"github.com/smartystreets/assertions"
"github.com/smartystreets/assertions/should"
)
func TestSignature3(t *testing.T) {
// http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/RESTAuthentication.html
// http://docs.aws.amazon.com/ses/latest/DeveloperGuide/query-interface-authentication.html
assert := assertions.New(t)
// Given bogus credentials
keys := *testCredV3
// Mock time
now = func() time.Time {
parsed, _ := time.Parse(timeFormatV3, exampleReqTsV3)
return parsed
}
// Given a plain request that is unprepared
request := test_plainRequestV3()
// The request should be prepared to be signed
expectedUnsigned := test_unsignedRequestV3()
prepareRequestV3(request)
assert.So(request, should.Resemble, expectedUnsigned)
// Given a prepared, but unsigned, request
request = test_unsignedRequestV3()
// The absolute path should be extracted correctly
assert.So(request.URL.Path, should.Equal, "/")
// The string to sign should be well-formed
assert.So(stringToSignV3(request), should.Equal, expectedStringToSignV3)
// The resulting signature should be correct
assert.So(signatureV3(stringToSignV3(request), keys), should.Equal, "PjAJ6buiV6l4WyzmmuwtKE59NJXVg5Dr3Sn4PCMZ0Yk=")
// The final signed request should be correctly formed
Sign3(request, keys)
assert.So(request.Header.Get("X-Amzn-Authorization"), should.Resemble, expectedAuthHeaderV3)
}
func test_plainRequestV3() *http.Request {
values := url.Values{}
values.Set("Action", "GetSendStatistics")
values.Set("Version", "2010-12-01")
address := baseUrlV3 + "/?" + values.Encode()
request, err := http.NewRequest("GET", address, nil)
if err != nil {
panic(err)
}
return request
}
func test_unsignedRequestV3() *http.Request {
request := test_plainRequestV3()
request.Header.Set("Content-Type", "application/x-www-form-urlencoded; charset=utf-8")
request.Header.Set("x-amz-date", exampleReqTsV3)
request.Header.Set("Date", exampleReqTsV3)
request.Header.Set("x-amz-nonce", "")
return request
}
func TestVersion3STSRequestPreparer(t *testing.T) {
// Given a plain request with no custom headers
request := test_plainRequestV3()
// And a set of credentials with an STS token
var keys Credentials
keys = *testCredV3WithSTS
// It should include an X-Amz-Security-Token when the request is signed
actualSigned := Sign3(request, keys)
actual := actualSigned.Header.Get("X-Amz-Security-Token")
assert := assertions.New(t)
assert.So(actual, should.NotBeBlank)
assert.So(actual, should.Equal, testCredV4WithSTS.SecurityToken)
}
var (
testCredV3 = &Credentials{
AccessKeyID: "AKIAIOSFODNN7EXAMPLE",
SecretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
}
testCredV3WithSTS = &Credentials{
AccessKeyID: "AKIDEXAMPLE",
SecretAccessKey: "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",
SecurityToken: "AQoDYXdzEHcaoAJ1Aqwx1Sum0iW2NQjXJcWlKR7vuB6lnAeGBaQnjDRZPVyniwc48ml5hx+0qiXenVJdfusMMl9XLhSncfhx9Rb1UF8IAOaQ+CkpWXvoH67YYN+93dgckSVgVEBRByTl/BvLOZhe0ii/pOWkuQtBm5T7lBHRe4Dfmxy9X6hd8L3FrWxgnGV3fWZ3j0gASdYXaa+VBJlU0E2/GmCzn3T+t2mjYaeoInAnYVKVpmVMOrh6lNAeETTOHElLopblSa7TAmROq5xHIyu4a9i2qwjERTwa3Yk4Jk6q7JYVA5Cu7kS8wKVml8LdzzCTsy+elJgvH+Jf6ivpaHt/En0AJ5PZUJDev2+Y5+9j4AYfrmXfm4L73DC1ZJFJrv+Yh+EXAMPLE=",
}
exampleReqTsV3 = "Thu, 14 Aug 2008 17:08:48 GMT"
baseUrlV3 = "https://email.us-east-1.amazonaws.com"
expectedStringToSignV3 = exampleReqTsV3
expectedAuthHeaderV3 = "AWS3-HTTPS AWSAccessKeyId=" + testCredV3.AccessKeyID + ", Algorithm=HmacSHA256, Signature=PjAJ6buiV6l4WyzmmuwtKE59NJXVg5Dr3Sn4PCMZ0Yk="
)