WIP

autopush/tests/test_integration.py

@@ -212,7 +212,7 @@ def send_notification(self, channel=None, version=None, data=None,
             if use_header:
                 headers.update({
                     "Content-Type": "application/octet-stream",
-                    "Content-Encoding": "aesgcm-128",
+                    "Content-Encoding": "aesgcm",
                     "Encryption": self._crypto_key,
                     "Crypto-Key": 'keyid="a1"; dh="JcqK-OLkJZlJ3sJJWstJCA"',
                 })

autopush/tests/test_web_validation.py

@@ -150,7 +150,7 @@ def check_result(result):
 
 class TestSimplePushRequestSchema(unittest.TestCase):
     def _make_fut(self):
-        from autopush.web.push_validation import SimplePushRequestSchema
+        from autopush.web.simplepush import SimplePushRequestSchema
         schema = SimplePushRequestSchema()
         schema.context["settings"] = Mock()
         schema.context["log"] = Mock()
@@ -283,7 +283,7 @@ def test_invalid_data_size(self):
 
 class TestWebPushRequestSchema(unittest.TestCase):
     def _make_fut(self):
-        from autopush.web.push_validation import WebPushRequestSchema
+        from autopush.web.webpush import WebPushRequestSchema
         schema = WebPushRequestSchema()
         schema.context["settings"] = Mock()
         schema.context["log"] = Mock()
@@ -324,10 +324,12 @@ def test_no_headers(self):
         schema.context["settings"].router.get_uaid.return_value = dict(
             router_type="webpush",
         )
-        data = self._make_test_data(body="asdfasdf",
-                                    headers={"ttl": "invalid"})
-        result, errors = schema.load(data)
-        eq_(errors, {'headers': {'ttl': [u'Not a valid integer.']}})
+        data = self._make_test_data(body="asdfasdf")
+
+        with assert_raises(InvalidRequest) as cm:
+            schema.load(data)
+
+        eq_(cm.exception.message, "Unknown Content-Encoding")
 
     def test_invalid_simplepush_user(self):
         schema = self._make_fut()
@@ -419,19 +421,10 @@ def test_invalid_header_combo(self):
         info = self._make_test_data(
             headers={
                 "content-encoding": "aesgcm128",
-                "crypto-key": "asdfjialsjdfiasjld",
-            }
-        )
-        with assert_raises(InvalidRequest) as cm:
-            schema.load(info)
-
-        eq_(cm.exception.errno, 110)
-
-        info = self._make_test_data(
-            headers={
-                "encryption-key": "aesgcm128",
-                "crypto-key": "asdfjialsjdfiasjld",
-            }
+                "crypto-key": "dh=asdfjialsjdfiasjld",
+                "encryption-key": "dh=asdfjasidlfjaislf",
+            },
+            body="asdfasdf",
         )
         with assert_raises(InvalidRequest) as cm:
             schema.load(info)
@@ -451,7 +444,12 @@ def test_invalid_data_size(self):
         schema.context["settings"].max_data = 1
 
         with assert_raises(InvalidRequest) as cm:
-            schema.load(self._make_test_data(body="asdfasdfasdfasdfasd"))
+            schema.load(self._make_test_data(
+                headers={
+                    "content-encoding": "aesgcm",
+                    "crypto-key": "dh=asdfjialsjdfiasjld",
+                },
+                body="asdfasdfasdfasdfasd"))
 
         eq_(cm.exception.errno, 104)
 
@@ -489,14 +487,45 @@ def test_valid_data_crypto_padding_stripped(self):
             headers={
                 "authorization": "not vapid",
                 "content-encoding": "aesgcm128",
-                "encryption": "salt=" + padded_value
+                "encryption": "salt=" + padded_value,
+                "encryption-key": "dh=asdfasdfasdf"
             }
         )
 
         result, errors = schema.load(info)
         eq_(errors, {})
         eq_(result["headers"]["encryption"], "salt=asdfjiasljdf")
 
+    def test_invalid_dh_value_for_01_crypto(self):
+        schema = self._make_fut()
+        schema.context["settings"].parse_endpoint.return_value = dict(
+            uaid=dummy_uaid,
+            chid=dummy_chid,
+            public_key="",
+        )
+        schema.context["settings"].router.get_uaid.return_value = dict(
+            router_type="webpush",
+        )
+
+        padded_value = "asdfjiasljdf==="
+
+        info = self._make_test_data(
+            body="asdfasdfasdfasdf",
+            headers={
+                "authorization": "not vapid",
+                "content-encoding": "aesgcm128",
+                "encryption": "salt=" + padded_value,
+                "crypto-key": "dh=asdfasdfasdf"
+            }
+        )
+
+        with assert_raises(InvalidRequest) as cm:
+            schema.load(info)
+
+        eq_(cm.exception.status_code, 401)
+        eq_(cm.exception.message, "dh value in Crypto-Key header not valid "
+            "for 01 or earlier webpush-encryption")
+
     def test_invalid_vapid_crypto_header(self):
         schema = self._make_fut()
         schema.context["settings"].parse_endpoint.return_value = dict(
@@ -565,7 +594,7 @@ def test_invalid_topic(self):
 
 class TestWebPushRequestSchemaUsingVapid(unittest.TestCase):
     def _make_fut(self):
-        from autopush.web.push_validation import WebPushRequestSchema
+        from autopush.web.webpush import WebPushRequestSchema
         from autopush.settings import AutopushSettings
         schema = WebPushRequestSchema()
         schema.context["log"] = Mock()
@@ -617,7 +646,7 @@ def test_valid_vapid_crypto_header(self):
                 token="asdfasdf",
             ),
             headers={
-                "content-encoding": "aes128",
+                "content-encoding": "aesgcm",
                 "encryption": "salt=stuff",
                 "authorization": auth,
                 "crypto-key": ckey
@@ -648,7 +677,7 @@ def test_valid_vapid_crypto_header_webpush(self):
                 token="asdfasdf",
             ),
             headers={
-                "content-encoding": "aes128",
+                "content-encoding": "aesgcm",
                 "encryption": "salt=stuff",
                 "authorization": auth,
                 "crypto-key": ckey
@@ -659,7 +688,7 @@ def test_valid_vapid_crypto_header_webpush(self):
         eq_(errors, {})
         ok_("jwt" in result)
 
-    @patch("autopush.web.push_validation.extract_jwt")
+    @patch("autopush.web.webpush.extract_jwt")
     def test_invalid_vapid_crypto_header(self, mock_jwt):
         schema = self._make_fut()
         mock_jwt.side_effect = ValueError("Unknown public key "
@@ -682,7 +711,7 @@ def test_invalid_vapid_crypto_header(self, mock_jwt):
                 token="asdfasdf",
             ),
             headers={
-                "content-encoding": "aes128",
+                "content-encoding": "aesgcm",
                 "encryption": "salt=stuff",
                 "authorization": auth,
                 "crypto-key": ckey
@@ -695,7 +724,7 @@ def test_invalid_vapid_crypto_header(self, mock_jwt):
         eq_(cm.exception.status_code, 401)
         eq_(cm.exception.errno, 109)
 
-    @patch("autopush.web.push_validation.extract_jwt")
+    @patch("autopush.web.webpush.extract_jwt")
     def test_invalid_encryption_header(self, mock_jwt):
         schema = self._make_fut()
         mock_jwt.side_effect = ValueError("Unknown public key "
@@ -718,7 +747,7 @@ def test_invalid_encryption_header(self, mock_jwt):
                 token="asdfasdf",
             ),
             headers={
-                "content-encoding": "aes128",
+                "content-encoding": "aesgcm",
                 "encryption": "foo=stuff",
                 "authorization": auth,
                 "crypto-key": ckey
@@ -731,7 +760,7 @@ def test_invalid_encryption_header(self, mock_jwt):
         eq_(cm.exception.status_code, 401)
         eq_(cm.exception.errno, 110)
 
-    @patch("autopush.web.push_validation.extract_jwt")
+    @patch("autopush.web.webpush.extract_jwt")
     def test_invalid_encryption_jwt(self, mock_jwt):
         schema = self._make_fut()
         # use a deeply superclassed error to make sure that it gets picked up.
@@ -754,7 +783,7 @@ def test_invalid_encryption_jwt(self, mock_jwt):
                 token="asdfasdf",
             ),
             headers={
-                "content-encoding": "aes128",
+                "content-encoding": "aesgcm",
                 "encryption": "salt=stuff",
                 "authorization": auth,
                 "crypto-key": ckey
@@ -767,7 +796,7 @@ def test_invalid_encryption_jwt(self, mock_jwt):
         eq_(cm.exception.status_code, 401)
         eq_(cm.exception.errno, 109)
 
-    @patch("autopush.web.push_validation.extract_jwt")
+    @patch("autopush.web.webpush.extract_jwt")
     def test_invalid_crypto_key_header_content(self, mock_jwt):
         schema = self._make_fut()
         mock_jwt.side_effect = ValueError("Unknown public key "
@@ -823,7 +852,7 @@ def test_expired_vapid_header(self):
                 token="asdfasdf",
             ),
             headers={
-                "content-encoding": "aes128",
+                "content-encoding": "aesgcm",
                 "encryption": "salt=stuff",
                 "authorization": auth,
                 "crypto-key": ckey
@@ -857,7 +886,7 @@ def test_missing_vapid_header(self):
                 token="asdfasdf",
             ),
             headers={
-                "content-encoding": "aes128",
+                "content-encoding": "aesgcm",
                 "encryption": "salt=stuff",
                 "crypto-key": ckey
             }
@@ -890,7 +919,7 @@ def test_bogus_vapid_header(self):
                 token="asdfasdf",
             ),
             headers={
-                "content-encoding": "aes128",
+                "content-encoding": "aesgcm",
                 "encryption": "salt=stuff",
                 "crypto-key": ckey,
                 "authorization": "bogus crap"