aptly/vendor/github.com/smira/go-aws-auth/sign3_test.go

package awsauth

import (
	"net/http"
	"net/url"
	"testing"
	"time"

	. "github.com/smartystreets/goconvey/convey"
)

func TestSignature3(t *testing.T) {
	// http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/RESTAuthentication.html
	// http://docs.aws.amazon.com/ses/latest/DeveloperGuide/query-interface-authentication.html

	Convey("Given bogus credentials", t, func() {
		keys := *testCredV3

		// Mock time
		now = func() time.Time {
			parsed, _ := time.Parse(timeFormatV3, exampleReqTsV3)
			return parsed
		}

		Convey("Given a plain request that is unprepared", func() {
			request := test_plainRequestV3()

			Convey("The request should be prepared to be signed", func() {
				expectedUnsigned := test_unsignedRequestV3()
				prepareRequestV3(request)
				So(request, ShouldResemble, expectedUnsigned)
			})
		})

		Convey("Given a prepared, but unsigned, request", func() {
			request := test_unsignedRequestV3()

			Convey("The absolute path should be extracted correctly", func() {
				So(request.URL.Path, ShouldEqual, "/")
			})

			Convey("The string to sign should be well-formed", func() {
				actual := stringToSignV3(request)
				So(actual, ShouldEqual, expectedStringToSignV3)
			})

			Convey("The resulting signature should be correct", func() {
				actual := signatureV3(stringToSignV3(request), keys)
				So(actual, ShouldEqual, "PjAJ6buiV6l4WyzmmuwtKE59NJXVg5Dr3Sn4PCMZ0Yk=")
			})

			Convey("The final signed request should be correctly formed", func() {
				Sign3(request, keys)
				actual := request.Header.Get("X-Amzn-Authorization")
				So(actual, ShouldResemble, expectedAuthHeaderV3)
			})
		})
	})
}

func test_plainRequestV3() *http.Request {
	values := url.Values{}
	values.Set("Action", "GetSendStatistics")
	values.Set("Version", "2010-12-01")

	url := baseUrlV3 + "/?" + values.Encode()

	request, err := http.NewRequest("GET", url, nil)
	if err != nil {
		panic(err)
	}

	return request
}

func test_unsignedRequestV3() *http.Request {
	request := test_plainRequestV3()
	request.Header.Set("Content-Type", "application/x-www-form-urlencoded; charset=utf-8")
	request.Header.Set("x-amz-date", exampleReqTsV3)
	request.Header.Set("Date", exampleReqTsV3)
	request.Header.Set("x-amz-nonce", "")
	return request
}

func TestVersion3STSRequestPreparer(t *testing.T) {
	Convey("Given a plain request with no custom headers", t, func() {
		request := test_plainRequestV3()

		Convey("And a set of credentials with an STS token", func() {
			var keys Credentials
			keys = *testCredV3WithSTS

			Convey("It should include an X-Amz-Security-Token when the request is signed", func() {
				actualSigned := Sign3(request, keys)
				actual := actualSigned.Header.Get("X-Amz-Security-Token")

				So(actual, ShouldNotBeBlank)
				So(actual, ShouldEqual, testCredV4WithSTS.SecurityToken)

			})
		})
	})

}

var (
	testCredV3 = &Credentials{
		AccessKeyID:     "AKIAIOSFODNN7EXAMPLE",
		SecretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
	}

	testCredV3WithSTS = &Credentials{
		AccessKeyID:     "AKIDEXAMPLE",
		SecretAccessKey: "wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY",
		SecurityToken:   "AQoDYXdzEHcaoAJ1Aqwx1Sum0iW2NQjXJcWlKR7vuB6lnAeGBaQnjDRZPVyniwc48ml5hx+0qiXenVJdfusMMl9XLhSncfhx9Rb1UF8IAOaQ+CkpWXvoH67YYN+93dgckSVgVEBRByTl/BvLOZhe0ii/pOWkuQtBm5T7lBHRe4Dfmxy9X6hd8L3FrWxgnGV3fWZ3j0gASdYXaa+VBJlU0E2/GmCzn3T+t2mjYaeoInAnYVKVpmVMOrh6lNAeETTOHElLopblSa7TAmROq5xHIyu4a9i2qwjERTwa3Yk4Jk6q7JYVA5Cu7kS8wKVml8LdzzCTsy+elJgvH+Jf6ivpaHt/En0AJ5PZUJDev2+Y5+9j4AYfrmXfm4L73DC1ZJFJrv+Yh+EXAMPLE=",
	}

	exampleReqTsV3         = "Thu, 14 Aug 2008 17:08:48 GMT"
	baseUrlV3              = "https://email.us-east-1.amazonaws.com"
	expectedStringToSignV3 = exampleReqTsV3
	expectedAuthHeaderV3   = "AWS3-HTTPS AWSAccessKeyId=" + testCredV3.AccessKeyID + ", Algorithm=HmacSHA256, Signature=PjAJ6buiV6l4WyzmmuwtKE59NJXVg5Dr3Sn4PCMZ0Yk="
)