def _bind_external(self, authzid):
if 'EXTERNALAUTH' not in self.cfg:
self.skipTest("EXTERNAL authentication is not set.")
if sys.platform == "win32":
self.skipTest("Windows relies on set certs in its cert store.")
tls_impl = bonsai.get_tls_impl_name()
if tls_impl == "GnuTLS" or tls_impl == "OpenSSL":
curdir = os.path.abspath(os.path.dirname(__file__))
cert_path = os.path.join(curdir, 'testenv', 'certs')
cli = LDAPClient(self.host, tls=True)
cli.set_ca_cert(cert_path + '/cacert.pem')
cli.set_client_cert(cert_path + '/client.pem')
cli.set_client_key(cert_path + '/client.key')
cli.set_credentials('EXTERNAL', (authzid,))
try:
conn = cli.connect()
except (bonsai.errors.ConnectionError, \
bonsai.errors.AuthenticationError):
self.fail()
else:
self.assertNotEqual("anonymous", conn.whoami(),
"EXTERNAL authentication was"
" unsuccessful.")
return conn
else:
self.skipTest("")
def _bind_external(self, authzid):
if 'EXTERNALAUTH' not in self.cfg:
self.skipTest("EXTERNAL authentication is not set.")
if sys.platform == "win32":
self.skipTest("Windows relies on set certs in its cert store.")
tls_impl = bonsai.get_tls_impl_name()
if tls_impl == "GnuTLS" or tls_impl == "OpenSSL":
curdir = os.path.abspath(os.path.dirname(__file__))
cert_path = os.path.join(curdir, 'testenv', 'certs')
cli = LDAPClient("ldap://%s" % self.cfg['SERVER']['hostname'],
tls=True)
cli.set_ca_cert(cert_path + '/cacert.pem')
cli.set_client_cert(cert_path + '/client.pem')
cli.set_client_key(cert_path + '/client.key')
cli.set_credentials('EXTERNAL', (authzid, ))
try:
conn = cli.connect()
except (bonsai.errors.ConnectionError, \
bonsai.errors.AuthenticationError):
self.fail()
else:
self.assertNotEqual(
"anonymous", conn.whoami(), "EXTERNAL authentication was"
" unsuccessful.")
return conn
else:
self.skipTest("")
def test_tls_timeout(url):
""" Test TLS connection timeout. """
client = LDAPClient(url, True)
client.set_cert_policy("ALLOW")
client.set_ca_cert(None)
client.set_ca_cert_dir(None)
with network_delay(9.0):
with pytest.raises(bonsai.TimeoutError):
client.connect(timeout=5.0)
def test_tls(url):
""" Test TLS connection. """
client = LDAPClient(url, True)
client.set_cert_policy("ALLOW")
client.set_ca_cert(None)
client.set_ca_cert_dir(None)
try:
conn = client.connect()
conn.close()
except Exception as exc:
pytest.fail("TLS connection is failed with: %s" % str(exc))
def test_ldap_over_tls(ldaps_url):
""" Test LDAP over TLS connection. """
client = LDAPClient(ldaps_url)
client.set_cert_policy("ALLOW")
client.set_ca_cert(None)
client.set_ca_cert_dir(None)
try:
conn = client.connect()
assert conn is not None
conn.close()
except Exception as exc:
pytest.fail("TLS connection is failed with: %s" % str(exc))
def test_tls(self):
""" Test TLS connection. """
if self.cfg['SERVER']['has_tls'] == 'False':
self.skipTest("TLS is not set.")
client = LDAPClient(self.url, True)
client.set_cert_policy("ALLOW")
client.set_ca_cert(None)
client.set_ca_cert_dir(None)
try:
conn = client.connect()
conn.close()
except Exception as exc:
self.fail("TLS connection is failed with: %s" % str(exc))
def test_tls(self):
""" Test TLS connection. """
if self.cfg['SERVER']['has_tls'] == 'False':
self.skipTest("TLS is not set.")
client = LDAPClient(self.url, True)
client.set_cert_policy("ALLOW")
client.set_ca_cert(None)
client.set_ca_cert_dir(None)
try:
conn = client.connect()
conn.close()
except Exception as exc:
self.fail("TLS connection is failed with: %s" % str(exc))
def _create_external(authzid=None):
tls_impl = bonsai.get_tls_impl_name()
if tls_impl == "GnuTLS" or tls_impl == "OpenSSL":
cfg = get_config()
curdir = os.path.abspath(os.path.dirname(__file__))
cert_path = os.path.join(curdir, "testenv", "certs")
host = "ldap://%s" % cfg["SERVER"]["hostname"]
cli = LDAPClient(host, tls=True)
cli.set_ca_cert(cert_path + "/cacert.pem")
cli.set_client_cert(cert_path + "/client.pem")
cli.set_client_key(cert_path + "/client.key")
cli.set_credentials("EXTERNAL", authz_id=authzid)
return cli.connect()
else:
pytest.skip("")
def _create_external(authzid=None):
tls_impl = bonsai.get_tls_impl_name()
if tls_impl == "GnuTLS" or tls_impl == "OpenSSL":
cfg = get_config()
curdir = os.path.abspath(os.path.dirname(__file__))
cert_path = os.path.join(curdir, "testenv", "certs")
host = "ldap://%s" % cfg["SERVER"]["hostname"]
cli = LDAPClient(host, tls=True)
cli.set_ca_cert(cert_path + "/cacert.pem")
cli.set_client_cert(cert_path + "/client.pem")
cli.set_client_key(cert_path + "/client.key")
cli.set_credentials("EXTERNAL", authz_id=authzid)
return cli.connect()
else:
pytest.skip("")
def test_tls_timeout(self):
""" Test TLS connection timeout. """
if not self.has_tls:
self.skipTest("TLS is not set.")
import multiprocessing
client = LDAPClient(self.url, True)
client.set_cert_policy("ALLOW")
client.set_ca_cert(None)
client.set_ca_cert_dir(None)
proxy = rpc.ServerProxy("http://%s:%d/" % (self.ipaddr, 8000))
proxy.set_delay(9.0, 15)
time.sleep(2.0)
pool = multiprocessing.Pool(processes=1)
try:
result = pool.apply_async(receive_timeout_error, args=(client, ))
result.get(timeout=18.0)
except Exception as exc:
self.assertIsInstance(exc, bonsai.TimeoutError)
else:
self.fail("Failed to receive TimeoutError.")
finally:
pool.terminate()
proxy.remove_delay()
