def testServerStep2SplitMessageFailure(self):
"""Test the second step of Auth1 authentication.
In this test, _SplitMessage() failed and raises MessageError,
failing auth immediately.
"""
auth1 = base.Auth1()
m = 'data that was signed'
s_b64 = 'signature, b64d'
with mock.patch.object(
auth1, '_SplitMessage', side_effect=base.MessageError):
self.assertEqual(base.State.INPUT, auth1.State())
self.assertEqual(base.AuthState.UNKNOWN, auth1.AuthState())
auth1.Input(m=m, s=s_b64)
self.assertEqual(base.AuthState.FAIL, auth1.AuthState())
self.assertEqual(base.State.INPUT, auth1.State())
def GetTestClass(self):
return base.Auth1()
def testWalkthrough(self):
"""Test the first step of Auth1 authentication."""
auth1 = base.Auth1()
# Step1 Server
cn = GetRandomInt()
auth1.LoadSelfKey(test_settings.SERVER_PRIVATE_KEY_PEM)
auth1._ca_pem = test_settings.CA_PUBLIC_CERT_PEM
self.assertEqual(base.State.INPUT, auth1.State())
self.assertEqual(base.AuthState.UNKNOWN, auth1.AuthState())
auth1.Input(n=str(cn))
self.assertEqual(base.State.OUTPUT, auth1.State())
output = auth1.Output().split()
self.assertEquals(str(cn), output[0])
signature = array.array('B', base64.urlsafe_b64decode(output[2]))
data = array.array('B', output[0] + ' ' + output[1])
cert = x509.LoadCertificateFromPEM(
test_settings.SERVER_PUBLIC_CERT_PEM)
pk = cert.GetPublicKey()
self.assertTrue(pk.hashAndVerify(signature, data))
self.assertEqual(base.State.INPUT, auth1.State())
# despite the output of a signed data, we are NOT authenticated yet
self.assertEqual(base.AuthState.UNKNOWN, auth1.AuthState())
# Step1 Client
auth1client = base.Auth1Client()
auth1client._session.Set('cn', str(cn))
auth1client.LoadSelfKey(CLIENT_PRIVATE_KEY)
auth1client.LoadSelfCert(CLIENT_CERTIFICATE)
auth1client._server_cert_pem = test_settings.SERVER_PUBLIC_CERT_PEM
auth1client._ca_pem = test_settings.CA_PUBLIC_CERT_PEM
self.assertEqual(auth1client.DefaultState(), auth1client.State())
self.assertEqual(base.AuthState.UNKNOWN, auth1client.AuthState())
auth1client.Input(m=' '.join(output))
self.assertEqual(base.State.OUTPUT, auth1client.State())
output = auth1client.Output()
self.assertTrue(output['m'])
self.assertTrue(output['s'])
self.assertEqual(auth1client.DefaultState(), auth1client.State())
# Step2 Server
self.assertEqual(base.State.INPUT, auth1.State())
self.assertEqual(base.AuthState.UNKNOWN, auth1.AuthState())
auth1.Input(m=output['m'], s=output['s'])
self.assertEqual(base.State.OUTPUT, auth1.State())
token = auth1.Output()
self.assertTrue(token)
self.assertEqual(base.AuthState.OK, auth1.AuthState())
self.assertEqual(base.State.INPUT, auth1.State())
# Step3 Client
self.assertEqual(auth1client.DefaultState(), auth1client.State())
self.assertEqual(base.AuthState.UNKNOWN, auth1client.AuthState())
auth1client.Input(t=base.Auth1.TOKEN)
self.assertEqual(base.AuthState.OK, auth1client.AuthState())
self.assertEqual(auth1client.DefaultState(), auth1client.State())