Add test condition for auth-scheme, fix bug in HMAC

2019-03-09 23:56:49 +01:00 · 2019-03-09 23:56:49 +01:00 · 2555707168
--- a/httpsig.go
+++ b/httpsig.go
@ -206,6 +206,7 @@ func newSigner(algo Algorithm, headers []string, scheme SignatureScheme) (Signer
 		m:            m,
 		headers:      headers,
 		targetHeader: scheme,
 		prefix:       scheme.authScheme(),
 	}
 	return c, nil
 }
--- a/httpsig_test.go
+++ b/httpsig_test.go
@ -13,6 +13,7 @@ import (
 const (
 	testUrl     = "foo.net/bar/baz?q=test&r=ok"
 	testUrlPath = "bar/baz"
 	testDate    = "Tue, 07 Jun 2014 20:51:35 GMT"
 	testDigest  = "SHA-256=X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE="
 	testMethod  = "GET"
@ -28,6 +29,7 @@ type httpsigTest struct {
 	pubKeyId                   string
 	expectedAlgorithm          Algorithm
 	expectErrorSigningResponse bool
 	expectRequestPath          bool
 }
 var (
@ -126,6 +128,7 @@ func init() {
 			pubKeyId:                   "pubKeyId",
 			expectedAlgorithm:          RSA_SHA512,
 			expectErrorSigningResponse: true,
 			expectRequestPath:          true,
 		},
 	}
@ -145,42 +148,59 @@ func toHeaderSignatureParameters(k string, vals []string) string {
 	return fmt.Sprintf("%s%s%s%s%s", k, parameterKVSeparater, parameterValueDelimiter, v, parameterValueDelimiter)
 }
-func TestNewSigner(t *testing.T) {
+func TestSignerRequest(t *testing.T) {
-	for _, test := range tests {
+	testFn := func(t *testing.T, test httpsigTest) {
 		s, a, err := NewSigner(test.prefs, test.headers, test.scheme)
 		if err != nil {
-			t.Fatalf("%q: %s", test.name, err)
+			t.Fatalf("%s", err)
 		}
 		if a != test.expectedAlgorithm {
-			t.Fatalf("%q: got %s, want %s", test.name, a, test.expectedAlgorithm)
+			t.Fatalf("got %s, want %s", a, test.expectedAlgorithm)
 		}
 		// Test request signing
 		req, err := http.NewRequest(testMethod, testUrl, nil)
 		if err != nil {
-			t.Fatalf("%q: %s", test.name, err)
+			t.Fatalf("%s", err)
 		}
 		req.Header.Set("Date", testDate)
 		req.Header.Set("Digest", testDigest)
 		err = s.SignRequest(test.privKey, test.pubKeyId, req)
 		if err != nil {
-			t.Fatalf("%q: %s", test.name, err)
+			t.Fatalf("%s", err)
 		}
 		vals, ok := req.Header[string(test.scheme)]
 		if !ok {
-			t.Fatalf("%q: not in header %s", test.name, test.scheme)
+			t.Fatalf("not in header %s", test.scheme)
 		}
 		if len(vals) != 1 {
-			t.Fatalf("%q: too many in header %s: %d", test.name, test.scheme, len(vals))
+			t.Fatalf("too many in header %s: %d", test.scheme, len(vals))
 		}
 		if p := toSignatureParameter(keyIdParameter, test.pubKeyId); !strings.Contains(vals[0], p) {
-			t.Fatalf("%q: %s\ndoes not contain\n%s", test.name, vals[0], p)
+			t.Fatalf("%s\ndoes not contain\n%s", vals[0], p)
 		} else if p := toSignatureParameter(algorithmParameter, string(test.expectedAlgorithm)); !strings.Contains(vals[0], p) {
-			t.Fatalf("%q: %s\ndoes not contain\n%s", test.name, vals[0], p)
+			t.Fatalf("%s\ndoes not contain\n%s", vals[0], p)
 		} else if p := toHeaderSignatureParameters(headersParameter, test.headers); !strings.Contains(vals[0], p) {
-			t.Fatalf("%q: %s\ndoes not contain\n%s", test.name, vals[0], p)
+			t.Fatalf("%s\ndoes not contain\n%s", vals[0], p)
 		} else if !strings.Contains(vals[0], signatureParameter) {
-			t.Fatalf("%q: %s\ndoes not contain\n%s", test.name, vals[0], signatureParameter)
+			t.Fatalf("%s\ndoes not contain\n%s", vals[0], signatureParameter)
 		}
 		// For schemes with an authScheme, enforce its is present and at the beginning
 		if len(test.scheme.authScheme()) > 0 {
 			if !strings.HasPrefix(vals[0], test.scheme.authScheme()) {
 				t.Fatalf("%s\ndoes not start with\n%s", vals[0], test.scheme.authScheme())
 			}
 		}
 	}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
 			testFn(t, test)
 		})
 	}
 }
 func TestSignerResponse(t *testing.T) {
 	testFn := func(t *testing.T, test httpsigTest) {
 		s, _, err := NewSigner(test.prefs, test.headers, test.scheme)
 		// Test response signing
 		resp := httptest.NewRecorder()
 		resp.HeaderMap.Set("Date", testDate)
@ -189,27 +209,38 @@ func TestNewSigner(t *testing.T) {
 		if test.expectErrorSigningResponse {
 			if err != nil {
 				// Skip rest of testing
-				continue
+				return
 			} else {
-				t.Fatalf("%q: expected error, got nil", test.name)
+				t.Fatalf("expected error, got nil")
 			}
 		}
-		vals, ok = resp.HeaderMap[string(test.scheme)]
+		vals, ok := resp.HeaderMap[string(test.scheme)]
 		if !ok {
-			t.Fatalf("%q: not in header %s", test.name, test.scheme)
+			t.Fatalf("not in header %s", test.scheme)
 		}
 		if len(vals) != 1 {
-			t.Fatalf("%q: too many in header %s: %d", test.name, test.scheme, len(vals))
+			t.Fatalf("too many in header %s: %d", test.scheme, len(vals))
 		}
 		if p := toSignatureParameter(keyIdParameter, test.pubKeyId); !strings.Contains(vals[0], p) {
-			t.Fatalf("%q: %s\ndoes not contain\n%s", test.name, vals[0], p)
+			t.Fatalf("%s\ndoes not contain\n%s", vals[0], p)
 		} else if p := toSignatureParameter(algorithmParameter, string(test.expectedAlgorithm)); !strings.Contains(vals[0], p) {
-			t.Fatalf("%q: %s\ndoes not contain\n%s", test.name, vals[0], p)
+			t.Fatalf("%s\ndoes not contain\n%s", vals[0], p)
 		} else if p := toHeaderSignatureParameters(headersParameter, test.headers); !strings.Contains(vals[0], p) {
-			t.Fatalf("%q: %s\ndoes not contain\n%s", test.name, vals[0], p)
+			t.Fatalf("%s\ndoes not contain\n%s", vals[0], p)
 		} else if !strings.Contains(vals[0], signatureParameter) {
-			t.Fatalf("%q: %s\ndoes not contain\n%s", test.name, vals[0], signatureParameter)
+			t.Fatalf("%s\ndoes not contain\n%s", vals[0], signatureParameter)
 		}
 		// For schemes with an authScheme, enforce its is present and at the beginning
 		if len(test.scheme.authScheme()) > 0 {
 			if !strings.HasPrefix(vals[0], test.scheme.authScheme()) {
 				t.Fatalf("%s\ndoes not start with\n%s", vals[0], test.scheme.authScheme())
 			}
 		}
 	}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
 			testFn(t, test)
 		})
 	}
 }
@ -234,22 +265,25 @@ func TestNewSignerRequestMissingHeaders(t *testing.T) {
 		},
 	}
 	for _, test := range failingTests {
 		t.Run(test.name, func(t *testing.T) {
 			test := test
 			s, a, err := NewSigner(test.prefs, test.headers, test.scheme)
 			if err != nil {
-			t.Fatalf("%q: %s", test.name, err)
+				t.Fatalf("%s", err)
 			}
 			if a != test.expectedAlgorithm {
-			t.Fatalf("%q: got %s, want %s", test.name, a, test.expectedAlgorithm)
+				t.Fatalf("got %s, want %s", a, test.expectedAlgorithm)
 			}
 			req, err := http.NewRequest(testMethod, testUrl, nil)
 			if err != nil {
-			t.Fatalf("%q: %s", test.name, err)
+				t.Fatalf("%s", err)
 			}
 			req.Header.Set("Date", testDate)
 			err = s.SignRequest(test.privKey, test.pubKeyId, req)
 			if err == nil {
-			t.Fatalf("%q: expect error but got nil", test.name)
+				t.Fatalf("expect error but got nil")
 			}
 		})
 	}
 }
@ -275,59 +309,67 @@ func TestNewSignerResponseMissingHeaders(t *testing.T) {
 		},
 	}
 	for _, test := range failingTests {
 		t.Run(test.name, func(t *testing.T) {
 			test := test
 			s, a, err := NewSigner(test.prefs, test.headers, test.scheme)
 			if err != nil {
-			t.Fatalf("%q: %s", test.name, err)
+				t.Fatalf("%s", err)
 			}
 			if a != test.expectedAlgorithm {
-			t.Fatalf("%q: got %s, want %s", test.name, a, test.expectedAlgorithm)
+				t.Fatalf("got %s, want %s", a, test.expectedAlgorithm)
 			}
 			resp := httptest.NewRecorder()
 			resp.HeaderMap.Set("Date", testDate)
 			resp.HeaderMap.Set("Digest", testDigest)
 			err = s.SignResponse(test.privKey, test.pubKeyId, resp)
 			if err != nil {
-			t.Fatalf("%q: expected error, got nil", test.name)
+				t.Fatalf("expected error, got nil")
 			}
 		})
 	}
 }
 func TestNewVerifier(t *testing.T) {
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
 			test := test
 			// Prepare
 			req, err := http.NewRequest(testMethod, testUrl, nil)
 			if err != nil {
-			t.Fatalf("%q: %s", test.name, err)
+				t.Fatalf("%s", err)
 			}
 			req.Header.Set("Date", testDate)
 			req.Header.Set("Digest", testDigest)
 			s, _, err := NewSigner(test.prefs, test.headers, test.scheme)
 			if err != nil {
-			t.Fatalf("%q: %s", test.name, err)
+				t.Fatalf("%s", err)
 			}
 			err = s.SignRequest(test.privKey, test.pubKeyId, req)
 			if err != nil {
-			t.Fatalf("%q: %s", test.name, err)
+				t.Fatalf("%s", err)
 			}
 			// Test verification
 			v, err := NewVerifier(req)
 			if err != nil {
-			t.Fatalf("%q: %s", test.name, err)
+				t.Fatalf("%s", err)
 			}
 			if v.KeyId() != test.pubKeyId {
-			t.Fatalf("%q: got %s, want %s", test.name, v.KeyId(), test.pubKeyId)
+				t.Fatalf("got %s, want %s", v.KeyId(), test.pubKeyId)
 			}
 			err = v.Verify(test.pubKey, test.expectedAlgorithm)
 			if err != nil {
-			t.Fatalf("%q: %s", test.name, err)
+				t.Fatalf("%s", err)
 			}
 		})
 	}
 }
 func TestNewResponseVerifier(t *testing.T) {
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
 			test := test
 			if test.expectErrorSigningResponse {
-			continue
+				return
 			}
 			// Prepare
 			resp := httptest.NewRecorder()
@ -335,23 +377,24 @@ func TestNewResponseVerifier(t *testing.T) {
 			resp.HeaderMap.Set("Digest", testDigest)
 			s, _, err := NewSigner(test.prefs, test.headers, test.scheme)
 			if err != nil {
-			t.Fatalf("%q: %s", test.name, err)
+				t.Fatalf("%s", err)
 			}
 			err = s.SignResponse(test.privKey, test.pubKeyId, resp)
 			if err != nil {
-			t.Fatalf("%q: %s", test.name, err)
+				t.Fatalf("%s", err)
 			}
 			// Test verification
 			v, err := NewResponseVerifier(resp.Result())
 			if err != nil {
-			t.Fatalf("%q: %s", test.name, err)
+				t.Fatalf("%s", err)
 			}
 			if v.KeyId() != test.pubKeyId {
-			t.Fatalf("%q: got %s, want %s", test.name, v.KeyId(), test.pubKeyId)
+				t.Fatalf("got %s, want %s", v.KeyId(), test.pubKeyId)
 			}
 			err = v.Verify(test.pubKey, test.expectedAlgorithm)
 			if err != nil {
-			t.Fatalf("%q: %s", test.name, err)
+				t.Fatalf("%s", err)
 			}
 		})
 	}
 }