bug: fix crypto-key separator

Coverage to 100%

Author: jrconlin

python/vapid/__init__.py

@@ -21,21 +21,22 @@ class Vapid(object):
     _private_key = None
     _public_key = None
 
-    def __init__(self, private_key_file=None):
+    def __init__(self, private_key_file=None, private_key=None):
         """Initialize VAPID using an optional file containing a private key
         in PEM format.
 
         :param private_key_file: The name of the file containing the
         private key
         """
         if private_key_file:
+            private_key = open(private_key_file).read()
+        if private_key:
             try:
-                self.private_key = ecdsa.SigningKey.from_pem(
-                    open(private_key_file).read())
+                self._private_key = ecdsa.SigningKey.from_pem(private_key)
             except Exception, exc:
                 logging.error("Could not open private key file: %s", repr(exc))
                 raise VapidException(exc)
-            self.pubilcKey = self.private_key.get_verifying_key()
+            self._pubilcKey = self._private_key.get_verifying_key()
 
     @property
     def private_key(self):
@@ -72,15 +73,12 @@ def save_public_key(self, key_file):
 
         :param key_file: The name of the file to save the public key
         """
-        file = open(key_file, "w")
-        file.write(self.public_key.to_pem())
-        file.close()
+        with open(key_file, "w") as file:
+            file.write(self.public_key.to_pem())
+            file.close()
 
     def validate(self, token):
-        try:
-            return jws.verify(token, self.public_key, algorithms=["ES256"]);
-        except Exception as e:
-            raise VapidException(e)
+        return base64.urlsafe_b64encode(self.private_key.sign(token))
 
     def sign(self, claims, crypto_key=None):
         """Sign a set of claims.
@@ -105,11 +103,9 @@ def sign(self, claims, crypto_key=None):
         pkey = 'p256ecdsa='
         pkey += base64.urlsafe_b64encode(self.public_key.to_string())
         if crypto_key:
-            crypto_key = crypto_key + ';' + pkey
+            crypto_key = crypto_key + ',' + pkey
         else:
             crypto_key = pkey
 
         return {"Authorization": "Bearer " + sig.strip('='),
                 "Crypto-Key": crypto_key}
-
-

python/vapid/tests/test_vapid.py

@@ -1,12 +1,9 @@
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
 import base64
 import os
 import json
 import unittest
 from nose.tools import eq_, ok_
+from mock import patch
 
 from jose import jws
 from vapid import Vapid, VapidException
@@ -26,8 +23,12 @@
 
 
 def setUp(self):
-    open('/tmp/private', 'w').write(T_PRIVATE)
-    open('/tmp/public', 'w').write(T_PUBLIC)
+    ff = open('/tmp/private', 'w')
+    ff.write(T_PRIVATE)
+    ff.close()
+    ff = open('/tmp/public', 'w')
+    ff.write(T_PUBLIC)
+    ff.close()
 
 
 def tearDown(self):
@@ -37,9 +38,18 @@ def tearDown(self):
 
 class VapidTestCase(unittest.TestCase):
     def test_init(self):
-        v = Vapid("/tmp/private")
-        eq_(v.private_key.to_pem(), T_PRIVATE)
-        eq_(v.public_key.to_pem(), T_PUBLIC)
+        v1 = Vapid(private_key_file="/tmp/private")
+        eq_(v1.private_key.to_pem(), T_PRIVATE)
+        eq_(v1.public_key.to_pem(), T_PUBLIC)
+        v2 = Vapid(private_key=T_PRIVATE)
+        eq_(v2.private_key.to_pem(), T_PRIVATE)
+        eq_(v2.public_key.to_pem(), T_PUBLIC)
+
+    @patch("ecdsa.SigningKey.from_pem", side_effect=Exception)
+    def test_init_bad_priv(self, mm):
+        self.assertRaises(Exception,
+                          Vapid,
+                          private_key_file="/tmp/private")
 
     def test_private(self):
         v = Vapid()
@@ -63,22 +73,46 @@ def test_gen_key(self):
         ok_(v.public_key)
         ok_(v.private_key)
 
+    def test_save_key(self):
+        v = Vapid()
+        v.save_key("/tmp/p2")
+        os.unlink("/tmp/p2")
+
+    def test_save_public_key(self):
+        v = Vapid()
+        v.generate_keys()
+        v.save_public_key("/tmp/p2")
+        os.unlink("/tmp/p2")
+
     def test_validate(self):
         v = Vapid("/tmp/private")
-        claims = {"aud": "example.com", "sub": "admin@example.com"}
-        result = jws.sign(claims, v.private_key, algorithm="ES256")
-        msg = v.validate(result)
-        eq_(claims, json.loads(msg))
+        msg = "foobar"
+        vtoken = v.validate(msg)
+        ok_(v.public_key.verify(base64.urlsafe_b64decode(vtoken), msg))
 
     def test_sign(self):
         v = Vapid("/tmp/private")
         claims = {"aud": "example.com", "sub": "admin@example.com"}
-        result = v.sign(claims)
+        result = v.sign(claims, "id=previous")
         eq_(result['Crypto-Key'],
+            'id=previous,'
             'p256ecdsa=EJwJZq_GN8jJbo1GGpyU70hmP2hbWAUpQFKDBy'
             'KB81yldJ9GTklBM5xqEwuPM7VuQcyiLDhvovthPIXx-gsQRQ==')
         items = jws.verify(result['Authorization'][7:],
                            v.public_key,
                            algorithms=["ES256"])
         eq_(json.loads(items), claims)
+        result = v.sign(claims)
+        eq_(result['Crypto-Key'],
+            'p256ecdsa=EJwJZq_GN8jJbo1GGpyU70hmP2hbWAUpQFKDBy'
+            'KB81yldJ9GTklBM5xqEwuPM7VuQcyiLDhvovthPIXx-gsQRQ==')
+
+    def test_bad_sign(self):
+        v = Vapid("/tmp/private")
+        self.assertRaises(VapidException,
+                          v.sign,
+                          {'sub': "a@e.c"})
+        self.assertRaises(VapidException,
+                          v.sign,
+                          {'aud': "https://e.c"})