def test_verify_auth_token_servers(self):

        # Setup Key Pair
        pub1, priv1 = crypto.gen_key_pair()
        pub2, priv2 = crypto.gen_key_pair()

        # Setup Servers
        servers = ["https://test.server"]
        manager = utility.SigkeyManager()

        # Test Verify - Pass
        manager.cache[servers[0]] = pub1
        accountuid = uuid.uuid4()
        clientuid = uuid.uuid4()
        expiration = int(datetime.datetime.now().timestamp()) + 60
        expiration = datetime.datetime.fromtimestamp(expiration)
        objperm = "test_perm"
        objtype = "test_obj"
        objuid = uuid.uuid4()
        token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid)
        out = utility.verify_auth_token_servers(token, servers, objperm, objtype, objuid, manager=manager)
        self.assertEqual(out, servers[0])

        # Test Verify - Fail (no servers)
        manager.cache[servers[0]] = pub1
        accountuid = uuid.uuid4()
        clientuid = uuid.uuid4()
        expiration = int(datetime.datetime.now().timestamp()) - 60
        expiration = datetime.datetime.fromtimestamp(expiration)
        objperm = "test_perm"
        objtype = "test_obj"
        objuid = uuid.uuid4()
        token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid)
        out = utility.verify_auth_token_servers(token, [], objperm, objtype, objuid, manager=manager)
        self.assertIsNone(out)

        # Test Verify - Fail (bad sig)
        manager.cache[servers[0]] = pub1
        accountuid = uuid.uuid4()
        clientuid = uuid.uuid4()
        expiration = int(datetime.datetime.now().timestamp()) - 60
        expiration = datetime.datetime.fromtimestamp(expiration)
        objperm = "test_perm"
        objtype = "test_obj"
        objuid = uuid.uuid4()
        token = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid)
        out = utility.verify_auth_token_servers(token, servers, objperm, objtype, objuid, manager=manager)
        self.assertIsNone(out)
        def encode_decode(priv, pub, accountuid, clientuid, expiration, objperm, objtype, objuid):

            token = utility.encode_auth_token(priv, accountuid, clientuid, expiration, objperm, objtype, objuid)

            self.assertIsInstance(token, str)
            self.assertGreater(len(token), 0)

            val = utility.decode_auth_token(pub, token)

            self.assertIsInstance(val, dict)
            self.assertGreater(len(val), 0)

            self.assertEqual(val[utility.AUTHZ_KEY_ACCOUNTUID], accountuid)
            self.assertEqual(val[utility.AUTHZ_KEY_CLIENTUID], clientuid)
            self.assertEqual(val[utility.AUTHZ_KEY_EXPIRATION], expiration)
            self.assertEqual(val[utility.AUTHZ_KEY_OBJPERM], objperm)
            self.assertEqual(val[utility.AUTHZ_KEY_OBJTYPE], objtype)
            self.assertEqual(val[utility.AUTHZ_KEY_OBJUID], objuid if objuid else None)
    def test_verify_auth_token_sigkey(self):

        # Setup Key Pair
        pub1, priv1 = crypto.gen_key_pair()
        pub2, priv2 = crypto.gen_key_pair()

        # Test Verify - Pass
        accountuid = uuid.uuid4()
        clientuid = uuid.uuid4()
        expiration = int(datetime.datetime.now().timestamp()) + 60
        expiration = datetime.datetime.fromtimestamp(expiration)
        objperm = "test_perm"
        objtype = "test_obj"
        objuid = uuid.uuid4()
        token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid)
        out = utility.verify_auth_token_sigkey(token, pub1, objperm, objtype, objuid)
        self.assertTrue(out)

        # Test Verify - Fail (bad sig)
        accountuid = uuid.uuid4()
        clientuid = uuid.uuid4()
        expiration = int(datetime.datetime.now().timestamp()) - 60
        expiration = datetime.datetime.fromtimestamp(expiration)
        objperm = "test_perm"
        objtype = "test_obj"
        objuid = uuid.uuid4()
        token = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid)
        out = utility.verify_auth_token_sigkey(token, pub1, objperm, objtype, objuid)
        self.assertFalse(out)

        # Test Verify - Fail (expiration)
        accountuid = uuid.uuid4()
        clientuid = uuid.uuid4()
        expiration = int(datetime.datetime.now().timestamp()) - 60
        expiration = datetime.datetime.fromtimestamp(expiration)
        objperm = "test_perm"
        objtype = "test_obj"
        objuid = uuid.uuid4()
        token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid)
        out = utility.verify_auth_token_sigkey(token, pub1, objperm, objtype, objuid)
        self.assertFalse(out)

        # Test Verify - Fail (objperm)
        accountuid = uuid.uuid4()
        clientuid = uuid.uuid4()
        expiration = int(datetime.datetime.now().timestamp()) + 60
        expiration = datetime.datetime.fromtimestamp(expiration)
        objperm1 = "test_perm1"
        objperm2 = "test_perm2"
        objtype = "test_obj"
        objuid = uuid.uuid4()
        token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm1, objtype, objuid)
        out = utility.verify_auth_token_sigkey(token, pub1, objperm2, objtype, objuid)
        self.assertFalse(out)

        # Test Verify - Fail (objtype)
        accountuid = uuid.uuid4()
        clientuid = uuid.uuid4()
        expiration = int(datetime.datetime.now().timestamp()) + 60
        expiration = datetime.datetime.fromtimestamp(expiration)
        objperm = "test_perm"
        objtype1 = "test_obj1"
        objtype2 = "test_obj2"
        objuid = uuid.uuid4()
        token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype1, objuid)
        out = utility.verify_auth_token_sigkey(token, pub1, objperm, objtype2, objuid)
        self.assertFalse(out)

        # Test Verify - Fail (objuid)
        accountuid = uuid.uuid4()
        clientuid = uuid.uuid4()
        expiration = int(datetime.datetime.now().timestamp()) + 60
        expiration = datetime.datetime.fromtimestamp(expiration)
        objperm = "test_perm"
        objtype = "test_obj"
        objuid1 = uuid.uuid4()
        objuid2 = uuid.uuid4()
        token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid1)
        out = utility.verify_auth_token_sigkey(token, pub1, objperm, objtype, objuid2)
        self.assertFalse(out)
    def test_verify_auth_token_list(self):

        # Setup Key Pair
        pub1, priv1 = crypto.gen_key_pair()
        pub2, priv2 = crypto.gen_key_pair()
        pub3, priv3 = crypto.gen_key_pair()

        # Setup Servers
        servers = ["https://test.server.one", "https://test.server.two"]
        manager = utility.SigkeyManager()

        # Test Verify - Pass (Single)
        manager.cache[servers[0]] = pub1
        manager.cache[servers[1]] = pub2
        accountuid = uuid.uuid4()
        clientuid = uuid.uuid4()
        expiration = int(datetime.datetime.now().timestamp()) + 60
        expiration = datetime.datetime.fromtimestamp(expiration)
        objperm = "test_perm"
        objtype = "test_obj"
        objuid = uuid.uuid4()
        token1 = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid)
        token2 = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid)
        tokens = [token1, token2]
        cnt = utility.verify_auth_token_list(tokens, servers, 1, objperm, objtype, objuid, manager=manager)
        self.assertEqual(cnt, 1)

        # Test Verify - Pass (Multiple)
        manager.cache[servers[0]] = pub1
        manager.cache[servers[1]] = pub2
        accountuid = uuid.uuid4()
        clientuid = uuid.uuid4()
        expiration = int(datetime.datetime.now().timestamp()) + 60
        expiration = datetime.datetime.fromtimestamp(expiration)
        objperm = "test_perm"
        objtype = "test_obj"
        objuid = uuid.uuid4()
        token1 = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid)
        token2 = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid)
        tokens = [token1, token2]
        cnt = utility.verify_auth_token_list(tokens, servers, 2, objperm, objtype, objuid, manager=manager)
        self.assertEqual(cnt, 2)

        # Test Verify - Pass (Bad tokens)
        manager.cache[servers[0]] = pub1
        manager.cache[servers[1]] = pub2
        accountuid = uuid.uuid4()
        clientuid = uuid.uuid4()
        expiration = int(datetime.datetime.now().timestamp()) + 60
        expiration = datetime.datetime.fromtimestamp(expiration)
        objperm = "test_perm"
        objtype = "test_obj"
        objuid = uuid.uuid4()
        token1 = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid)
        token2 = utility.encode_auth_token(priv3, accountuid, clientuid, expiration, objperm, objtype, objuid)
        tokens = [token1, token2]
        cnt = utility.verify_auth_token_list(tokens, servers, 1, objperm, objtype, objuid, manager=manager)
        self.assertEqual(cnt, 1)

        # Test Verify - Fail (Not enough tokens)
        manager.cache[servers[0]] = pub1
        manager.cache[servers[1]] = pub2
        accountuid = uuid.uuid4()
        clientuid = uuid.uuid4()
        expiration = int(datetime.datetime.now().timestamp()) + 60
        expiration = datetime.datetime.fromtimestamp(expiration)
        objperm = "test_perm"
        objtype = "test_obj"
        objuid = uuid.uuid4()
        token1 = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid)
        token2 = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid)
        tokens = [token1, token2]
        self.assertRaises(
            utility.TokenVerificationFailed,
            utility.verify_auth_token_list,
            tokens,
            servers,
            3,
            objperm,
            objtype,
            objuid,
            manager=manager,
        )

        # Test Verify - Fail (Bad tokens)
        manager.cache[servers[0]] = pub1
        manager.cache[servers[1]] = pub2
        accountuid = uuid.uuid4()
        clientuid = uuid.uuid4()
        expiration = int(datetime.datetime.now().timestamp()) + 60
        expiration = datetime.datetime.fromtimestamp(expiration)
        objperm = "test_perm"
        objtype = "test_obj"
        objuid = uuid.uuid4()
        token1 = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid)
        token2 = utility.encode_auth_token(priv3, accountuid, clientuid, expiration, objperm, objtype, objuid)
        tokens = [token1, token2]
        self.assertRaises(
            utility.TokenVerificationFailed,
            utility.verify_auth_token_list,
            tokens,
            servers,
            2,
            objperm,
            objtype,
            objuid,
            manager=manager,
        )