Exemple #1
0
func BuildHTTPHeader(r *http.Request, content []byte) {
	if r.ContentLength > 0 {
		r.Header.Set("Content-Type", check.SupportedContentType)

		hash := md5.New()
		hash.Write(content)
		hashBytes := hash.Sum(nil)
		hashBase64 := base64.StdEncoding.EncodeToString(hashBytes)

		r.Header.Set("Content-MD5", hashBase64)
	}

	r.Header.Set("Date", time.Now().Format(time.RFC1123))

	stringToSign, err := check.BuildStringToSign(r, "1")
	if err != nil {
		Fatalln("Error creating authorization", err)
	}

	s := config.ShelterConfig.RESTServer.Secrets["1"]
	s, err = secret.Decrypt(s)
	if err != nil {
		Fatalln("Error retrieving secret", err)
	}

	signature := check.GenerateSignature(stringToSign, s)
	r.Header.Set("Authorization", fmt.Sprintf("%s %d:%s", check.SupportedNamespace, 1, signature))
}
Exemple #2
0
func send(shelterRequest shelterRequest) (*http.Request, *http.Response, error) {
	var request *http.Request
	var err error

	if len(shelterRequest.body) > 0 {
		if request, err = http.NewRequest(shelterRequest.method, shelterRequest.url,
			strings.NewReader(shelterRequest.body)); err != nil {

			return request, nil, fmt.Errorf("Error creating request. Details: %s", err)
		}

		hash := md5.New()
		hash.Write([]byte(shelterRequest.body))
		hashBytes := hash.Sum(nil)
		hashBase64 := base64.StdEncoding.EncodeToString(hashBytes)

		request.Header.Add("Content-MD5", hashBase64)

	} else {
		if request, err = http.NewRequest(shelterRequest.method, shelterRequest.url, nil); err != nil {
			return request, nil, fmt.Errorf("Error creating request. Details: %s", err)
		}
	}

	request.Header.Add("Accept", check.SupportedContentType)
	request.Header.Add("Accept-Charset", check.SupportedCharset)
	request.Header.Add("Accept-Language", "en-us")
	request.Header.Add("Content-Type", check.SupportedContentType+"; charset="+check.SupportedCharset)
	request.Header.Add("Date", time.Now().Format(time.RFC1123))

	stringToSign, err := check.BuildStringToSign(request, "key01")
	if err != nil {
		return request, nil, fmt.Errorf("Error creating authorization. Details: %s", err)
	}

	authorization := check.GenerateSignature(stringToSign, shelterRequest.secret)
	request.Header.Add("Authorization", fmt.Sprintf("%s %s:%s", check.SupportedNamespace, "key01", authorization))

	transport := &http.Transport{
		TLSClientConfig:    &tls.Config{InsecureSkipVerify: true},
		DisableCompression: true,
	}

	client := http.Client{
		Transport: transport,
	}

	response, err := client.Do(request)
	if err != nil {
		return request, nil, fmt.Errorf("Error sending request. Details: %s", err)
	}

	// Add again the body for the dump
	request.Body = ioutil.NopCloser(strings.NewReader(shelterRequest.body))
	return request, response, nil
}
func TestValidatorBefore(t *testing.T) {
	var validatorHandler MockValidatorHandler
	validator := NewValidator(&validatorHandler)

	config.ShelterConfig.RESTServer.Secrets = map[string]string{
		"1": "ohV43/9bKlVNaXeNTqEuHQp57LCPCQ==",
		"2": "xJVO/OLkL35GnFTSDtQaVqZfOE8rtw==",
	}

	data := []struct {
		Headers           map[string]string
		Body              string
		LanguagePacks     messages.LanguagePacks
		Authorize         bool
		SecretId          string
		RetunError        error
		ExpectedCode      int
		ExpectedMessageId string
	}{
		{
			Headers: map[string]string{
				"Accept-Language": "XXXX",
				"Date":            time.Now().Format(time.RFC1123),
			},
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:         true,
			SecretId:          "1",
			ExpectedCode:      http.StatusNotAcceptable,
			ExpectedMessageId: "accept-language-error",
		},
		{
			Headers: map[string]string{
				"Accept-Language": "XXXX",
				"Date":            time.Now().Format(time.RFC1123),
			},
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:         true,
			SecretId:          "1",
			RetunError:        errors.New("Low level error!"),
			ExpectedCode:      http.StatusInternalServerError,
			ExpectedMessageId: "accept-language-error",
		},
		{
			Headers: map[string]string{
				"Accept-Language": "en-US",
				"Accept":          "XXXX",
				"Date":            time.Now().Format(time.RFC1123),
			},
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:         true,
			SecretId:          "1",
			ExpectedCode:      http.StatusNotAcceptable,
			ExpectedMessageId: "accept-error",
		},
		{
			Headers: map[string]string{
				"Accept-Language": "en-US",
				"Accept":          "XXXX",
				"Date":            time.Now().Format(time.RFC1123),
			},
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:         true,
			SecretId:          "1",
			RetunError:        errors.New("Low level error!"),
			ExpectedCode:      http.StatusInternalServerError,
			ExpectedMessageId: "accept-error",
		},
		{
			Headers: map[string]string{
				"Accept-Language": "en-US",
				"Accept":          "application/vnd.shelter+json",
				"Accept-Charset":  "XXXX",
				"Date":            time.Now().Format(time.RFC1123),
			},
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:         true,
			SecretId:          "1",
			ExpectedCode:      http.StatusNotAcceptable,
			ExpectedMessageId: "accept-charset-error",
		},
		{
			Headers: map[string]string{
				"Accept-Language": "en-US",
				"Accept":          "application/vnd.shelter+json",
				"Accept-Charset":  "XXXX",
				"Date":            time.Now().Format(time.RFC1123),
			},
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:         true,
			SecretId:          "1",
			RetunError:        errors.New("Low level error!"),
			ExpectedCode:      http.StatusInternalServerError,
			ExpectedMessageId: "accept-charset-error",
		},
		{
			Headers: map[string]string{
				"Accept-Language": "en-US",
				"Accept":          "application/vnd.shelter+json",
				"Accept-Charset":  "utf-8",
				"Content-Type":    "XXXX",
				"Date":            time.Now().Format(time.RFC1123),
			},
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:         true,
			SecretId:          "1",
			ExpectedCode:      http.StatusBadRequest,
			ExpectedMessageId: "invalid-content-type",
		},
		{
			Headers: map[string]string{
				"Accept-Language": "en-US",
				"Accept":          "application/vnd.shelter+json",
				"Accept-Charset":  "utf-8",
				"Content-Type":    "XXXX",
				"Date":            time.Now().Format(time.RFC1123),
			},
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:         true,
			SecretId:          "1",
			RetunError:        errors.New("Low level error!"),
			ExpectedCode:      http.StatusInternalServerError,
			ExpectedMessageId: "invalid-content-type",
		},
		{
			Headers: map[string]string{
				"Accept-Language": "en-US",
				"Accept":          "application/vnd.shelter+json",
				"Accept-Charset":  "utf-8",
				"Content-Type":    "application/vnd.shelter+json",
				"Content-MD5":     "XXXX",
				"Date":            time.Now().Format(time.RFC1123),
			},
			Body: "This is a test!",
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:         true,
			SecretId:          "1",
			ExpectedCode:      http.StatusBadRequest,
			ExpectedMessageId: "invalid-content-md5",
		},
		{
			Headers: map[string]string{
				"Accept-Language": "en-US",
				"Accept":          "application/vnd.shelter+json",
				"Accept-Charset":  "utf-8",
				"Content-Type":    "application/vnd.shelter+json",
				"Content-MD5":     "XXXX",
				"Date":            time.Now().Format(time.RFC1123),
			},
			Body: "This is a test!",
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:         true,
			SecretId:          "1",
			RetunError:        errors.New("Low level error!"),
			ExpectedCode:      http.StatusInternalServerError,
			ExpectedMessageId: "invalid-content-md5",
		},
		{
			Headers: map[string]string{
				"Accept-Language": "en-US",
				"Accept":          "application/vnd.shelter+json",
				"Accept-Charset":  "utf-8",
				"Content-Type":    "application/vnd.shelter+json",
				"Content-MD5":     "cC7coLIYHBXUV+rKw53jmw==",
				"Date":            "XXXX",
			},
			Body: "This is a test!",
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:         true,
			SecretId:          "1",
			ExpectedCode:      http.StatusBadRequest,
			ExpectedMessageId: "invalid-header-date",
		},
		{
			Headers: map[string]string{
				"Accept-Language": "en-US",
				"Accept":          "application/vnd.shelter+json",
				"Accept-Charset":  "utf-8",
				"Content-Type":    "application/vnd.shelter+json",
				"Content-MD5":     "cC7coLIYHBXUV+rKw53jmw==",
				"Date":            "XXXX",
			},
			Body: "This is a test!",
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:         true,
			SecretId:          "1",
			RetunError:        errors.New("Low level error!"),
			ExpectedCode:      http.StatusInternalServerError,
			ExpectedMessageId: "invalid-header-date",
		},
		{
			Headers: map[string]string{
				"Accept-Language": "en-US",
				"Accept":          "application/vnd.shelter+json",
				"Accept-Charset":  "utf-8",
				"Content-Type":    "application/vnd.shelter+json",
				"Content-MD5":     "cC7coLIYHBXUV+rKw53jmw==",
				"Date":            time.Now().Add(-1 * time.Hour).Format(time.RFC1123),
			},
			Body: "This is a test!",
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:         true,
			SecretId:          "1",
			ExpectedCode:      http.StatusBadRequest,
			ExpectedMessageId: "invalid-date-time-frame",
		},
		{
			Headers: map[string]string{
				"Accept-Language": "en-US",
				"Accept":          "application/vnd.shelter+json",
				"Accept-Charset":  "utf-8",
				"Content-Type":    "application/vnd.shelter+json",
				"Content-MD5":     "cC7coLIYHBXUV+rKw53jmw==",
				"Date":            time.Now().Add(-1 * time.Hour).Format(time.RFC1123),
			},
			Body: "This is a test!",
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:         true,
			SecretId:          "1",
			RetunError:        errors.New("Low level error!"),
			ExpectedCode:      http.StatusInternalServerError,
			ExpectedMessageId: "invalid-date-time-frame",
		},
		{
			Headers: map[string]string{
				"Accept-Language": "en-US",
				"Accept":          "application/vnd.shelter+json",
				"Accept-Charset":  "utf-8",
				"Content-Type":    "application/vnd.shelter+json",
				"Content-MD5":     "cC7coLIYHBXUV+rKw53jmw==",
				"Date":            time.Now().Format(time.RFC1123),
			},
			Body: "This is a test!",
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:    true,
			SecretId:     "2",
			ExpectedCode: http.StatusUnauthorized,
		},
		{
			Headers: map[string]string{
				"Accept-Language": "en-US",
				"Accept":          "application/vnd.shelter+json",
				"Accept-Charset":  "utf-8",
				"Content-MD5":     "cC7coLIYHBXUV+rKw53jmw==",
				"Date":            time.Now().Format(time.RFC1123),
			},
			Body: "This is a test!",
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:         true,
			SecretId:          "1",
			ExpectedCode:      http.StatusBadRequest,
			ExpectedMessageId: "content-type-missing",
		},
		{
			Headers: map[string]string{
				"Accept-Language": "en-US",
				"Accept":          "application/vnd.shelter+json",
				"Accept-Charset":  "utf-8",
				"Content-Type":    "application/vnd.shelter+json",
				"Date":            time.Now().Format(time.RFC1123),
			},
			Body: "This is a test!",
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:         true,
			SecretId:          "1",
			ExpectedCode:      http.StatusBadRequest,
			ExpectedMessageId: "content-md5-missing",
		},
		{
			Headers: map[string]string{
				"Accept-Language": "en-US",
				"Accept":          "application/vnd.shelter+json",
				"Accept-Charset":  "utf-8",
				"Content-Type":    "application/vnd.shelter+json",
				"Content-MD5":     "cC7coLIYHBXUV+rKw53jmw==",
			},
			Body: "This is a test!",
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:         true,
			SecretId:          "1",
			ExpectedCode:      http.StatusBadRequest,
			ExpectedMessageId: "date-missing",
		},
		{
			Headers: map[string]string{
				"Accept-Language": "en-US",
				"Accept":          "application/vnd.shelter+json",
				"Accept-Charset":  "utf-8",
				"Content-Type":    "application/vnd.shelter+json",
				"Content-MD5":     "cC7coLIYHBXUV+rKw53jmw==",
				"Date":            time.Now().Format(time.RFC1123),
			},
			Body: "This is a test!",
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:         false,
			SecretId:          "1",
			ExpectedCode:      http.StatusBadRequest,
			ExpectedMessageId: "authorization-missing",
		},
		{
			Headers: map[string]string{
				"Accept-Language": "en-US",
				"Accept":          "application/vnd.shelter+json",
				"Accept-Charset":  "utf-8",
				"Content-Type":    "application/vnd.shelter+json",
				"Content-MD5":     "cC7coLIYHBXUV+rKw53jmw==",
				"Date":            time.Now().Format(time.RFC1123),
				"Authorization":   "XXXX",
			},
			Body: "This is a test!",
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:         false,
			SecretId:          "1",
			ExpectedCode:      http.StatusBadRequest,
			ExpectedMessageId: "invalid-authorization",
		},
		{
			Headers: map[string]string{
				"Accept-Language": "en-US",
				"Accept":          "application/vnd.shelter+json",
				"Accept-Charset":  "utf-8",
				"Content-Type":    "application/vnd.shelter+json",
				"Content-MD5":     "cC7coLIYHBXUV+rKw53jmw==",
				"Date":            time.Now().Format(time.RFC1123),
			},
			Body: "This is a test!",
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:         true,
			SecretId:          "3",
			ExpectedCode:      http.StatusBadRequest,
			ExpectedMessageId: "secret-not-found",
		},
		{
			Headers: map[string]string{
				"Accept-Language": "en-US",
				"Accept":          "application/vnd.shelter+json",
				"Accept-Charset":  "utf-8",
				"Content-Type":    "application/vnd.shelter+json",
				"Content-MD5":     "cC7coLIYHBXUV+rKw53jmw==",
				"Date":            time.Now().Format(time.RFC1123),
			},
			Body: "This is a test!",
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:         false,
			SecretId:          "1",
			RetunError:        errors.New("Low level error!"),
			ExpectedCode:      http.StatusInternalServerError,
			ExpectedMessageId: "authorization-missing",
		},
		{
			Headers: map[string]string{
				"Accept-Language": "en-US",
				"Accept":          "application/vnd.shelter+json",
				"Accept-Charset":  "utf-8",
				"Content-Type":    "application/vnd.shelter+json",
				"Content-MD5":     "cC7coLIYHBXUV+rKw53jmw==",
				"Date":            time.Now().Format(time.RFC1123),
			},
			Body: "This is a test!",
			LanguagePacks: messages.LanguagePacks{
				Default: "en-US",
				Packs: []messages.LanguagePack{
					{
						GenericName:  "en",
						SpecificName: "en-US",
					},
				},
			},
			Authorize:    true,
			SecretId:     "1",
			ExpectedCode: http.StatusOK,
		},
	}

	for _, item := range data {
		var r *http.Request
		var err error

		if len(item.Body) > 0 {
			r, err = http.NewRequest("GET", "/test", strings.NewReader(item.Body))
		} else {
			r, err = http.NewRequest("GET", "/test", nil)
		}

		if err != nil {
			t.Fatal(err)
		}

		for key, value := range item.Headers {
			r.Header.Set(key, value)
		}

		if item.Authorize {
			// Don't check BuildStringToSign errors, because it will be checked by each test
			stringToSign, _ := check.BuildStringToSign(r, item.SecretId)
			signature := check.GenerateSignature(stringToSign, "abc123")
			r.Header.Set("Authorization", fmt.Sprintf("shelter %s:%s", item.SecretId, signature))
		}

		validatorHandler.ReturnError = item.RetunError
		validatorHandler.MessageId = ""

		messages.ShelterRESTLanguagePacks = item.LanguagePacks
		messages.ShelterRESTLanguagePack =
			messages.ShelterRESTLanguagePacks.Select(messages.ShelterRESTLanguagePacks.Default)

		w := httptest.NewRecorder()
		validator.Before(w, r)

		if w.Code != item.ExpectedCode {
			t.Errorf("Wrong status code for headers '%v'. "+
				"Expected %d and got %d", item.Headers, item.ExpectedCode, w.Code)
		}

		if validatorHandler.MessageId != item.ExpectedMessageId {
			t.Errorf("Wrong message id for headers '%v'. "+
				"Expected %s and got %s", item.Headers, item.ExpectedMessageId, validatorHandler.MessageId)
		}
	}
}