Beispiel #1
0
 def test_negative_validatity_duration(self):
     toks = delegation_pb2.SubtokenList(subtokens=[
         fake_subtoken_proto('user:[email protected]',
                             validity_duration=-3600),
     ])
     with self.assertRaises(delegation.BadTokenError):
         delegation.check_subtoken_list(toks, FAKE_IDENT)
Beispiel #2
0
 def test_not_active_yet(self):
   now = int(utils.time_time())
   toks = delegation_pb2.SubtokenList(subtokens=[
     fake_subtoken_proto(
         'user:[email protected]', creation_time=now+120),
   ])
   with self.assertRaises(delegation.BadTokenError):
     delegation.check_subtoken_list(toks, FAKE_IDENT)
Beispiel #3
0
 def test_expired(self):
   now = int(utils.time_time())
   toks = delegation_pb2.SubtokenList(subtokens=[
     fake_subtoken_proto(
         'user:[email protected]', creation_time=now-120, validity_duration=60),
   ])
   with self.assertRaises(delegation.BadTokenError):
     delegation.check_subtoken_list(toks, FAKE_IDENT)
Beispiel #4
0
 def test_not_active_yet(self):
     now = int(utils.time_time())
     toks = delegation_pb2.SubtokenList(subtokens=[
         fake_subtoken_proto('user:[email protected]',
                             creation_time=now + 120),
     ])
     with self.assertRaises(delegation.BadTokenError):
         delegation.check_subtoken_list(toks, FAKE_IDENT)
Beispiel #5
0
 def test_expired(self):
     now = int(utils.time_time())
     toks = delegation_pb2.SubtokenList(subtokens=[
         fake_subtoken_proto('user:[email protected]',
                             creation_time=now - 120,
                             validity_duration=60),
     ])
     with self.assertRaises(delegation.BadTokenError):
         delegation.check_subtoken_list(toks, FAKE_IDENT)
Beispiel #6
0
 def test_expiration_moment(self):
   now = utils.utcnow()
   self.mock_now(now)
   toks = delegation_pb2.SubtokenList(subtokens=[
     fake_subtoken_proto('user:[email protected]', validity_duration=3600),
   ])
   # Active at now + 3599.
   self.mock_now(now, 3599)
   self.assertTrue(delegation.check_subtoken_list(toks, FAKE_IDENT))
   # Expired at now + 3601.
   self.mock_now(now, 3601)
   with self.assertRaises(delegation.BadTokenError):
     delegation.check_subtoken_list(toks, FAKE_IDENT)
Beispiel #7
0
 def test_allowed_clock_drift(self):
   now = utils.utcnow()
   self.mock_now(now)
   toks = delegation_pb2.SubtokenList(subtokens=[
     fake_subtoken_proto('user:[email protected]'),
   ])
   # Works -29 sec before activation.
   self.mock_now(now, -29)
   self.assertTrue(delegation.check_subtoken_list(toks, FAKE_IDENT))
   # Doesn't work before that.
   self.mock_now(now, -31)
   with self.assertRaises(delegation.BadTokenError):
     delegation.check_subtoken_list(toks, FAKE_IDENT)
Beispiel #8
0
 def test_allowed_clock_drift(self):
     now = utils.utcnow()
     self.mock_now(now)
     toks = delegation_pb2.SubtokenList(subtokens=[
         fake_subtoken_proto('user:[email protected]'),
     ])
     # Works -29 sec before activation.
     self.mock_now(now, -29)
     self.assertTrue(delegation.check_subtoken_list(toks, FAKE_IDENT))
     # Doesn't work before that.
     self.mock_now(now, -31)
     with self.assertRaises(delegation.BadTokenError):
         delegation.check_subtoken_list(toks, FAKE_IDENT)
Beispiel #9
0
 def test_subtoken_services(self):
     toks = delegation_pb2.SubtokenList(subtokens=[
         fake_subtoken_proto('user:[email protected]',
                             services=['service:app-id']),
     ])
     # Passes.
     self.mock(model, 'get_service_self_identity',
               lambda: model.Identity.from_bytes('service:app-id'))
     self.assertTrue(delegation.check_subtoken_list(toks, FAKE_IDENT))
     # Fails.
     self.mock(model, 'get_service_self_identity',
               lambda: model.Identity.from_bytes('service:another-app-id'))
     with self.assertRaises(delegation.BadTokenError):
         delegation.check_subtoken_list(toks, FAKE_IDENT)
Beispiel #10
0
 def test_expiration_moment(self):
     now = utils.utcnow()
     self.mock_now(now)
     toks = delegation_pb2.SubtokenList(subtokens=[
         fake_subtoken_proto('user:[email protected]',
                             validity_duration=3600),
     ])
     # Active at now + 3599.
     self.mock_now(now, 3599)
     self.assertTrue(delegation.check_subtoken_list(toks, FAKE_IDENT))
     # Expired at now + 3601.
     self.mock_now(now, 3601)
     with self.assertRaises(delegation.BadTokenError):
         delegation.check_subtoken_list(toks, FAKE_IDENT)
Beispiel #11
0
 def test_subtoken_services(self):
   toks = delegation_pb2.SubtokenList(subtokens=[
     fake_subtoken_proto(
         'user:[email protected]', services=['service:app-id']),
   ])
   # Passes.
   self.mock(
       model, 'get_service_self_identity',
       lambda: model.Identity.from_bytes('service:app-id'))
   self.assertTrue(delegation.check_subtoken_list(toks, FAKE_IDENT))
   # Fails.
   self.mock(
       model, 'get_service_self_identity',
       lambda: model.Identity.from_bytes('service:another-app-id'))
   with self.assertRaises(delegation.BadTokenError):
     delegation.check_subtoken_list(toks, FAKE_IDENT)
Beispiel #12
0
 def test_subtoken_audience(self):
     groups = {'abc': ['user:[email protected]']}
     self.mock(api, 'is_group_member',
               lambda g, i: i.to_bytes() in groups.get(g, []))
     toks = delegation_pb2.SubtokenList(subtokens=[
         fake_subtoken_proto('user:[email protected]',
                             audience=['user:[email protected]', 'group:abc']),
     ])
     # Works.
     make_id = model.Identity.from_bytes
     self.assertTrue(
         delegation.check_subtoken_list(toks, make_id('user:[email protected]')))
     self.assertTrue(
         delegation.check_subtoken_list(toks, make_id('user:[email protected]')))
     # Other ids are rejected.
     with self.assertRaises(delegation.BadTokenError):
         delegation.check_subtoken_list(toks, make_id('user:[email protected]'))
Beispiel #13
0
 def test_subtoken_audience(self):
   groups = {'abc': ['user:[email protected]']}
   self.mock(
       api, 'is_group_member', lambda g, i: i.to_bytes() in groups.get(g, []))
   toks = delegation_pb2.SubtokenList(subtokens=[
     fake_subtoken_proto(
         'user:[email protected]', audience=['user:[email protected]', 'group:abc']),
   ])
   # Works.
   make_id = model.Identity.from_bytes
   self.assertTrue(
       delegation.check_subtoken_list(toks, make_id('user:[email protected]')))
   self.assertTrue(
       delegation.check_subtoken_list(toks, make_id('user:[email protected]')))
   # Other ids are rejected.
   with self.assertRaises(delegation.BadTokenError):
     delegation.check_subtoken_list(toks, make_id('user:[email protected]'))
Beispiel #14
0
 def test_token_chain(self):
   toks = delegation_pb2.SubtokenList(subtokens=[
     fake_subtoken_proto(
         'user:[email protected]', audience=['user:[email protected]']),
     fake_subtoken_proto(
         'user:[email protected]', audience=['user:[email protected]']),
   ])
   make_id = model.Identity.from_bytes
   ident = delegation.check_subtoken_list(toks, make_id('user:[email protected]'))
   self.assertEqual(make_id('user:[email protected]'), ident)
Beispiel #15
0
 def test_token_chain(self):
     toks = delegation_pb2.SubtokenList(subtokens=[
         fake_subtoken_proto('user:[email protected]',
                             audience=['user:[email protected]']),
         fake_subtoken_proto('user:[email protected]',
                             audience=['user:[email protected]']),
     ])
     make_id = model.Identity.from_bytes
     ident = delegation.check_subtoken_list(toks,
                                            make_id('user:[email protected]'))
     self.assertEqual(make_id('user:[email protected]'), ident)
Beispiel #16
0
 def test_negative_validatity_duration(self):
   toks = delegation_pb2.SubtokenList(subtokens=[
     fake_subtoken_proto('user:[email protected]', validity_duration=-3600),
   ])
   with self.assertRaises(delegation.BadTokenError):
     delegation.check_subtoken_list(toks, FAKE_IDENT)
Beispiel #17
0
 def test_passes_validation(self):
   toks = delegation_pb2.SubtokenList(subtokens=[
     fake_subtoken_proto('user:[email protected]'),
   ])
   ident = delegation.check_subtoken_list(toks, FAKE_IDENT)
   self.assertEqual('user:[email protected]', ident.to_bytes())
Beispiel #18
0
 def test_passes_validation(self):
     toks = delegation_pb2.SubtokenList(subtokens=[
         fake_subtoken_proto('user:[email protected]'),
     ])
     ident = delegation.check_subtoken_list(toks, FAKE_IDENT)
     self.assertEqual('user:[email protected]', ident.to_bytes())