def test_validate_static_malformed2(self): """Test static user/pass authentication with malformed config.""" config = "anchor.jsonloader.conf._config" data = {'auth': {}} with mock.patch.dict(config, data): # can't import until mock'd from anchor import auth with self.assertRaises(http_status.HTTPUnauthorized): auth.validate('baduser', 'badpass')
def test_login_bind_fail(self, mock_connection): """Test all static user/pass authentication paths.""" jsonloader.conf.load_extensions() config = "anchor.jsonloader.conf._config" mock_connection.side_effect = ldap3.LDAPBindError() with mock.patch.dict(config, self.sample_conf): with self.assertRaises(http_status.HTTPUnauthorized): auth.validate("default_ra", "user", "pass")
def test_login_bind_fail(self, mock_connection): """Test all static user/pass authentication paths.""" jsonloader.conf.load_extensions() config = "anchor.jsonloader.conf._config" mock_connection.side_effect = ldap3_exc.LDAPBindError() with mock.patch.dict(config, self.sample_conf): with self.assertRaises(http_status.HTTPUnauthorized): auth.validate('default_ra', 'user', 'pass')
def test_validate_static_malformed1(self): """Test static user/pass authentication with malformed config.""" jsonloader.conf.load_extensions() config = "anchor.jsonloader.conf._config" self.sample_conf_auth['default_auth'] = {'backend': 'static'} data = self.sample_conf with mock.patch.dict(config, data): with self.assertRaises(http_status.HTTPUnauthorized): auth.validate('default_ra', 'baduser', 'badpass')
def test_login_search_fail(self, mock_connection): """Test all static user/pass authentication paths.""" jsonloader.conf.load_extensions() config = "anchor.jsonloader.conf._config" mock_ldc = mock.Mock() mock_connection.return_value = mock_ldc mock_ldc.result = {"result": 1} with mock.patch.dict(config, self.sample_conf): with self.assertRaises(http_status.HTTPUnauthorized): auth.validate("default_ra", "user", "pass")
def test_login_search_fail(self, mock_connection): """Test all static user/pass authentication paths.""" jsonloader.conf.load_extensions() config = "anchor.jsonloader.conf._config" mock_ldc = mock.Mock() mock_connection.return_value = mock_ldc mock_ldc.result = {'result': 1} with mock.patch.dict(config, self.sample_conf): with self.assertRaises(http_status.HTTPUnauthorized): auth.validate('default_ra', 'user', 'pass')
def post(self): ra_name = self.ra_name logger.debug("processing signing request in registration authority %s", ra_name) try: auth_result = auth.validate(ra_name, pecan.request.POST.get('user'), pecan.request.POST.get('secret')) audit.emit_auth_event(ra_name, pecan.request.POST.get('user'), auth_result) except http_status.HTTPUnauthorized: audit.emit_auth_event(ra_name, pecan.request.POST.get('user'), None) raise try: csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'), pecan.request.POST.get('encoding')) certificate_ops.validate_csr(ra_name, auth_result, csr, pecan.request) csr = certificate_ops.fixup_csr(ra_name, csr, pecan.request) cert, fingerprint = certificate_ops.dispatch_sign(ra_name, csr) audit.emit_signing_event(ra_name, pecan.request.POST.get('user'), auth_result, fingerprint=fingerprint) except Exception: audit.emit_signing_event(ra_name, pecan.request.POST.get('user'), auth_result) raise return cert
def recieve_csr(pecan_request): # Check Auth auth_result = auth.validate("default", "myusername", "simplepassword") # Parse and validate CSR new_request = _parse_csr(pecan_request, auth_result, pecan_request.POST.get('user')) logger.info("Certificate Request validated, result: %s ", new_request.toInfoString()) return_str = "Certificate Request Recieved. ID: %d\n" % new_request.request_id # If auto_deny when validation fails is enabled, deny cert if (jsonloader.conf.ra_options["auto_deny_if_validation_fails"] == "True") & (new_request.Valid is False): new_request.Denied = True return_str += "Certificate Request Denied Automatically\n" # If user notification of validation is enabled, add info if jsonloader.conf.ra_options["notify_user_validation_result"] == "True": return_str += "%s\n" % new_request.toInfoString() if new_request.Valid is False: return_str += new_request.validationResultToString() # write request to 'database' with open(jsonloader.conf.ra_options["certdb_file"], 'ab') as fout: fout.write(new_request.serialize()) return return_str
def test_validate_static(self): """Test all static user/pass authentication paths.""" config = "anchor.jsonloader.conf._config" data = { 'auth': { 'static': { 'secret': 'simplepassword', 'user': '******' } } } with mock.patch.dict(config, data): # can't import until mock'd from anchor import auth from anchor.auth import results valid_user = data['auth']['static']['user'] valid_pass = data['auth']['static']['secret'] expected = results.AuthDetails(username=valid_user, groups=[]) self.assertEqual(auth.validate(valid_user, valid_pass), expected) with self.assertRaises(http_status.HTTPUnauthorized): auth.validate(valid_user, 'badpass') with self.assertRaises(http_status.HTTPUnauthorized): auth.validate('baduser', valid_pass) with self.assertRaises(http_status.HTTPUnauthorized): auth.validate('baduser', 'badpass')
def post(self): auth_result = auth.validate(pecan.request.POST.get('user'), pecan.request.POST.get('secret')) csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'), pecan.request.POST.get('encoding')) certificate_ops.validate_csr(auth_result, csr, pecan.request) return certificate_ops.sign(csr)
def post(self): ra_name = self.ra_name logger.debug("processing signing request in registration authority %s", ra_name) auth_result = auth.validate(ra_name, pecan.request.POST.get('user'), pecan.request.POST.get('secret')) csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'), pecan.request.POST.get('encoding')) certificate_ops.validate_csr(ra_name, auth_result, csr, pecan.request) return certificate_ops.dispatch_sign(ra_name, csr)
def test_login_good(self, mock_connection): """Test all static user/pass authentication paths.""" jsonloader.conf.load_extensions() config = "anchor.jsonloader.conf._config" mock_ldc = mock.Mock() mock_connection.return_value = mock_ldc mock_ldc.result = {"result": 0} mock_ldc.response = [{"attributes": {}}] with mock.patch.dict(config, self.sample_conf): expected = results.AuthDetails(username="******", groups=[]) self.assertEqual(auth.validate("default_ra", "user", "pass"), expected)
def test_login_good(self, mock_connection): """Test all static user/pass authentication paths.""" jsonloader.conf.load_extensions() config = "anchor.jsonloader.conf._config" mock_ldc = mock.Mock() mock_connection.return_value = mock_ldc mock_ldc.result = {'result': 0} mock_ldc.response = [{'attributes': {}}] with mock.patch.dict(config, self.sample_conf): expected = results.AuthDetails(username='******', groups=[]) self.assertEqual(auth.validate('default_ra', 'user', 'pass'), expected)
def test_login_good_with_groups(self, mock_connection): """Test all static user/pass authentication paths.""" jsonloader.conf.load_extensions() config = "anchor.jsonloader.conf._config" mock_ldc = mock.Mock() mock_connection.return_value = mock_ldc mock_ldc.result = {'result': 0} mock_ldc.response = [{ 'attributes': { 'memberOf': [ u'CN=some_group,OU=Groups,DC=example,DC=com', u'CN=other_group,OU=Groups,DC=example,DC=com' ] } }] with mock.patch.dict(config, self.sample_conf): expected = results.AuthDetails( username='******', groups=[u'some_group', u'other_group']) self.assertEqual(auth.validate('default_ra', 'user', 'pass'), expected)
def test_login_good_with_groups(self, mock_connection): """Test all static user/pass authentication paths.""" jsonloader.conf.load_extensions() config = "anchor.jsonloader.conf._config" mock_ldc = mock.Mock() mock_connection.return_value = mock_ldc mock_ldc.result = {"result": 0} mock_ldc.response = [ { "attributes": { "memberOf": [ u"CN=some_group,OU=Groups,DC=example,DC=com", u"CN=other_group,OU=Groups,DC=example,DC=com", ] } } ] with mock.patch.dict(config, self.sample_conf): expected = results.AuthDetails(username="******", groups=[u"some_group", u"other_group"]) self.assertEqual(auth.validate("default_ra", "user", "pass"), expected)
def test_validate_static(self): """Test all static user/pass authentication paths.""" config = "anchor.jsonloader.conf._config" data = {'auth': {'static': {'secret': 'simplepassword', 'user': '******'}}} with mock.patch.dict(config, data): # can't import until mock'd from anchor import auth from anchor.auth import results valid_user = data['auth']['static']['user'] valid_pass = data['auth']['static']['secret'] expected = results.AuthDetails(username=valid_user, groups=[]) self.assertEqual(auth.validate(valid_user, valid_pass), expected) with self.assertRaises(http_status.HTTPUnauthorized): auth.validate(valid_user, 'badpass') with self.assertRaises(http_status.HTTPUnauthorized): auth.validate('baduser', valid_pass) with self.assertRaises(http_status.HTTPUnauthorized): auth.validate('baduser', 'badpass')
def test_validate_static(self): """Test all static user/pass authentication paths.""" jsonloader.conf.load_extensions() config = "anchor.jsonloader.conf._config" self.sample_conf_auth['default_auth'] = { "backend": "static", "user": "******", "secret": "simplepassword" } data = self.sample_conf with mock.patch.dict(config, data): valid_user = self.sample_conf_auth['default_auth']['user'] valid_pass = self.sample_conf_auth['default_auth']['secret'] expected = results.AuthDetails(username=valid_user, groups=[]) self.assertEqual(auth.validate('default_ra', valid_user, valid_pass), expected) with self.assertRaises(http_status.HTTPUnauthorized): auth.validate('default_ra', valid_user, 'badpass') with self.assertRaises(http_status.HTTPUnauthorized): auth.validate('default_ra', 'baduser', valid_pass) with self.assertRaises(http_status.HTTPUnauthorized): auth.validate('default_ra', 'baduser', 'badpass')
def test_validate_static(self): """Test all static user/pass authentication paths.""" jsonloader.conf.load_extensions() config = "anchor.jsonloader.conf._config" self.sample_conf_auth['default_auth'] = { "backend": "static", "user": "******", "secret": "simplepassword" } data = self.sample_conf with mock.patch.dict(config, data): valid_user = self.sample_conf_auth['default_auth']['user'] valid_pass = self.sample_conf_auth['default_auth']['secret'] expected = results.AuthDetails(username=valid_user, groups=[]) self.assertEqual( auth.validate('default_ra', valid_user, valid_pass), expected) with self.assertRaises(http_status.HTTPUnauthorized): auth.validate('default_ra', valid_user, 'badpass') with self.assertRaises(http_status.HTTPUnauthorized): auth.validate('default_ra', 'baduser', valid_pass) with self.assertRaises(http_status.HTTPUnauthorized): auth.validate('default_ra', 'baduser', 'badpass')