Basic logic for signing/verifying requests

2025-10-05 05:49:24 +02:00 · 2018-03-24 15:20:15 +01:00 · 2018-03-24 15:20:15 +01:00 · aa7365b71f
commit aa7365b71f
parent ae65190364
7 changed files with 98 additions and 2 deletions
--- a/api/tests/federation/test_signing.py
+++ b/api/tests/federation/test_signing.py
@ -0,0 +1,34 @@
+import cryptography.exceptions
+import io
+import pytest
+import requests_http_signature
+
+from funkwhale_api.federation import signing
+
+
+def test_can_sign_and_verify_request(factories):
+    private, public = factories['federation.KeyPair']()
+    auth = factories['federation.SignatureAuth'](key=private)
+    request = factories['federation.SignedRequest'](
+        auth=auth
+    )
+    prepared_request = request.prepare()
+    assert 'date' in prepared_request.headers
+    assert 'authorization' in prepared_request.headers
+    assert prepared_request.headers['authorization'].startswith('Signature')
+    assert requests_http_signature.HTTPSignatureAuth.verify(
+        prepared_request,
+        key_resolver=lambda **kwargs: public
+    ) is None
+
+
+def test_verify_fails_with_wrong_key(factories):
+    wrong_private, wrong_public = factories['federation.KeyPair']()
+    request = factories['federation.SignedRequest']()
+    prepared_request = request.prepare()
+
+    with pytest.raises(cryptography.exceptions.InvalidSignature):
+        requests_http_signature.HTTPSignatureAuth.verify(
+            prepared_request,
+            key_resolver=lambda **kwargs: wrong_public
+        )