Extra test for content length

2019-11-12 18:21:52 +00:00 · 2019-11-12 18:21:52 +00:00 · 80a0560fed
parent a688f2aeab
commit 80a0560fed
2 changed files with 13 additions and 3 deletions
--- a/httpsig.py
+++ b/httpsig.py
@ -50,7 +50,8 @@ def signPostHeaders(dateStr: str,privateKeyPem: str, \
        headers={'(request-target)': f'post {path}','host': toDomain,'date': dateStr,'content-type': 'application/json'}
    else:
        bodyDigest=messageContentDigest(messageBodyJsonStr)
-        headers={'(request-target)': f'post {path}','host': toDomain,'date': dateStr,'digest': f'SHA-256={bodyDigest}','content-type': 'application/activity+json'}
+        contentLength=len(messageBodyJsonStr)
+        headers={'(request-target)': f'post {path}','host': toDomain,'date': dateStr,'digest': f'SHA-256={bodyDigest}','content-type': 'application/activity+json','content-length': str(contentLength)}
    privateKeyPem=RSA.import_key(privateKeyPem)
    #headers.update({
    #    '(request-target)': f'post {path}',
--- a/tests.py
+++ b/tests.py
@ -114,7 +114,8 @@ def testHttpsigBase(withDigest):
                            boxpath, httpPrefix, None)
    else:
        bodyDigest = messageContentDigest(messageBodyJsonStr)
-        headers = {'host': headersDomain,'date': dateStr,'digest': f'SHA-256={bodyDigest}','content-type': contentType}
+        contentLength=len(messageBodyJsonStr)
+        headers = {'host': headersDomain,'date': dateStr,'digest': f'SHA-256={bodyDigest}','content-type': contentType,'content-length': str(contentLength)}
        signatureHeader = \
            signPostHeaders(dateStr,privateKeyPem, nickname, \
                            domain, port, \
@ -125,6 +126,12 @@ def testHttpsigBase(withDigest):
    assert verifyPostHeaders(httpPrefix,publicKeyPem,headers, \
                             boxpath,False,None, \
                             messageBodyJsonStr,False)
+    if withDigest:
+        # everything correct except for content-length
+        headers['content-length']=str(contentLength+2)
+        assert verifyPostHeaders(httpPrefix,publicKeyPem,headers, \
+                                 boxpath,False,None, \
+                                 messageBodyJsonStr,False) == False
    assert verifyPostHeaders(httpPrefix,publicKeyPem,headers, \
                             '/parambulator'+boxpath,False,None, \
                             messageBodyJsonStr,False) == False
@ -137,12 +144,14 @@ def testHttpsigBase(withDigest):
    else:
        # correct domain but fake message
        messageBodyJsonStr = '{"a key": "a value", "another key": "Fake GNUs", "yet another key": "More Fake GNUs"}'
+        contentLength=len(messageBodyJsonStr)
        bodyDigest = messageContentDigest(messageBodyJsonStr)
-        headers = {'host': domain,'date': dateStr,'digest': f'SHA-256={bodyDigest}','content-type': contentType}
+        headers = {'host': domain,'date': dateStr,'digest': f'SHA-256={bodyDigest}','content-type': contentType,'content-length': str(contentLength)}
    headers['signature'] = signatureHeader
    assert verifyPostHeaders(httpPrefix,publicKeyPem,headers, \
                             boxpath,True,None, \
                             messageBodyJsonStr,False) == False
+
    os.chdir(baseDir)
    shutil.rmtree(path)