145ce108ab
*) Move all logic related to secure transport of trace info to osprofiler/utils.py *) Add to methods singed_pack, signed_unpack that hides all complexity of packing data, generating hmac, and validating hmac data. *) Cover osprofiler/utils.py by separated tests *) Remove mess from WSGI middleware and add_trace_id_header *) Simplify web tests *) Disable possibility to setup empty hmac keys, cause of security reasons Change-Id: I86112eb0b6f0f01222a4f84985edd74a1881e89a
79 lines
2.7 KiB
Python
79 lines
2.7 KiB
Python
# Copyright 2014 Mirantis Inc.
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import base64
|
|
import hashlib
|
|
import hmac
|
|
|
|
from osprofiler import utils
|
|
from tests import test
|
|
|
|
|
|
class UtilsTestCase(test.TestCase):
|
|
|
|
def test_binary_encode_and_decode(self):
|
|
self.assertEqual("text",
|
|
utils.binary_decode(utils.binary_encode("text")))
|
|
|
|
def test_binary_encode_invalid_type(self):
|
|
self.assertRaises(TypeError, utils.binary_encode, 1234)
|
|
|
|
def test_binary_encode_binary_type(self):
|
|
binary = utils.binary_encode("text")
|
|
self.assertEqual(binary, utils.binary_encode(binary))
|
|
|
|
def test_binary_decode_invalid_type(self):
|
|
self.assertRaises(TypeError, utils.binary_decode, 1234)
|
|
|
|
def test_binary_decode_text_type(self):
|
|
self.assertEqual("text", utils.binary_decode("text"))
|
|
|
|
def test_generate_hmac(self):
|
|
hmac_key = "secrete"
|
|
data = "my data"
|
|
|
|
h = hmac.new(utils.binary_encode(hmac_key), digestmod=hashlib.sha1)
|
|
h.update(utils.binary_encode(data))
|
|
|
|
self.assertEqual(h.hexdigest(), utils.generate_hmac(data, hmac_key))
|
|
|
|
def test_signed_pack_unpack(self):
|
|
hmac = "secret"
|
|
data = {"some": "data"}
|
|
|
|
packed_data, hmac_data = utils.signed_pack(data, hmac)
|
|
|
|
self.assertEqual(utils.signed_unpack(packed_data, hmac_data, hmac),
|
|
data)
|
|
|
|
def test_signed_unpack_wrong_key(self):
|
|
data = {"some": "data"}
|
|
packed_data, hmac_data = utils.signed_pack(data, "secret")
|
|
|
|
self.assertIsNone(utils.signed_unpack(packed_data, hmac_data, "wrong"))
|
|
|
|
def test_signed_unpack_no_key_or_hmac_data(self):
|
|
data = {"some": "data"}
|
|
packed_data, hmac_data = utils.signed_pack(data, "secret")
|
|
self.assertIsNone(utils.signed_unpack(packed_data, hmac_data, None))
|
|
self.assertIsNone(utils.signed_unpack(packed_data, None, "secret"))
|
|
|
|
def test_signed_unpack_invalid_json(self):
|
|
hmac = "secret"
|
|
data = base64.urlsafe_b64encode(utils.binary_encode("not_a_json"))
|
|
hmac_data = utils.generate_hmac(data, hmac)
|
|
|
|
self.assertIsNone(utils.signed_unpack(data, hmac_data, hmac))
|