def testX509WithSloppyInput(self): """Test LoadCertificateFromPEM with various forms of sloppy input.""" # This cert is identical to testX509WithSelfSignedCertificate data. pem = """ -----BEGIN CERTIFICATE----- MIICDTCCAXagAwIBAgICMDkwDQYJKoZIhvcNAQEFBQAwFDESMBAGA1UEAxMJVGVz dENlcnQxMB4XDTExMDkwNjE5NTMyNVoXDTIxMDkwMzE5NTMyNVowFDESMBAGA1UE AxMJVGVzdENlcnQxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCa7S9PpvYh Utkw9Wu4pnV4B/kD0BaGU3irDZWhIwVEmmFkcF2GtPhSvy12Jthj1M45ME8wpyzW svXcUMhYac12WsgFXEjqjeWhztlUZVeSUAZQW3MierrDhAR/LAeWyBGYUf6CGan6 O44OCELGJSTEg44/f1Ivj8aPYV7BuSlHawIDAQABo24wbDAdBgNVHQ4EFgQUMhwL eP1SzD8YCkUFvX+3kC/2iYEwPQYDVR0jBDYwNIAUMhwLeP1SzD8YCkUFvX+3kC/2 iYGhGKQWMBQxEjAQBgNVBAMTCVRlc3RDZXJ0MYICMDkwDAYDVR0TBAUwAwEB/zAN BgkqhkiG9w0BAQUFAAOBgQAsMvV0CygBEY2jkTnD/rJ4JbN+yAbpHt17FUi1k972 ww4F3igrInfF6pgk+x866HWQvrZvAXJPdMkG6V0GIaORmNaFVyAHu9bAbDTCYMri hIYnz+CPRvK8o5NWjeGSDKZ/z5PV8j1jaKcy2S0N5pm3izDQayQdc4chRfInqkzN Xw== -----END CERTIFICATE-----""" # Missing end newline s = pem x = x509.LoadCertificateFromPEM(s) # Well formed input s = '%s\n' % pem x = x509.LoadCertificateFromPEM(s) # Extra newlines and spaces s = '\n \n%s \n\n' % pem x = x509.LoadCertificateFromPEM(s)
def testIsSignedBy(self): server_public_cert_pem = """ -----BEGIN CERTIFICATE----- MIIDUzCCAjugAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ dHkgTHRkMB4XDTE2MDUxMTE1MTkwMFoXDTI2MDUwOTE1MTkwMFowGDEWMBQGA1UE AwwNc2ltaWFuLXNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AMJp0aUHStaAs61hkFUcygA3C5Ka0QEImyvcKzgogMnzhJexTO7MZRTMOsoON59g Ioqg/TJF7ms+0T0oaf/pPIX2IWuGfushBkAnbBftBuspa//bW3reV1CmEIa/mF1h Bi05b5FGdYumkuB6CF+1PP6mlbiLkVRehXRs3ASd4ci8lPUrJj8cG0H6g1Af2jVw O2Zxjc1l/V2hKWsJTS93NM/ht9lgHkqyJ4b96p/vGf9kvnt6b1G1W+GzRll2Z1RT HYnsSNqjRE1DqEowT92SjIhK/4LlLNjQLHnk6XccAKEEMhD7Hjs2q+s5cHi2JGSl FjOMpVdVLp57IYqlj5zCqhsCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFGOa t7c4f4fp2stvyrxSKjfLNLMcMB8GA1UdIwQYMBaAFBOzAkUMv86yjxXr3IUqyy8u QEFPMA0GCSqGSIb3DQEBBQUAA4IBAQBi5nOzyaCe3gowCfO6kvDgE93PLPdp3BMY 3gAvmjufEea4GiU/6ZLiuCVShGFOIcx7xj87zQysGjfgkn0iJvfkp9/zRefKhrRQ XXlNIsEV06mQEdbL/so9sN0OGEC/jqXXhpRAXLVwHJ7HlkJGDeNgDrFCR/NHN4SQ 2ZdErYZQb/2d2iSaM3Vhw5MAtTDuwmwCfQLPqh88XJaImKHrGXWYDPmBPEqXCcjc CFX7jUjNcZ/Htzft3Jj7JdBBQdSNROsNASmLDp93XVCF7nve/+g2NyctAupyo9HH niF+vXLOKT7WC3olS6wI6+d1I+rEAaMCbcPC/mx2b0C3n+OThrAg -----END CERTIFICATE----- """ ca_public_cert_pem = """ -----BEGIN CERTIFICATE----- MIIDXTCCAkWgAwIBAgIJAI8pfqfWG6QIMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX aWRnaXRzIFB0eSBMdGQwHhcNMTYwNTExMTUxMjQzWhcNMjYwNTA5MTUxMjQzWjBF MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAq6X3CKITuEGxmPnLbRTYjgvziYqkYOMhbhIMejmOQpg0hmpCpbnZRhI8 cYv/TB1Gzqx2Zjt632eMD8DqXTGFwkCq/CYuDyyfmB5FguAxjdMcPpzrouOeqNaB WR0c20+SxaS0hYOMIkHGGolThdQHtS/52UqLanyRkCL0sp8XhoVI6g0JQ4jr9eYE rjdnlRBK3nkQKulHhhbBpxBFBsnU3wNTNNc2a5tgiOrKl/4Xq4Lt5VMRMoE66P02 NnKOFOWAAzcOukWWkoAaGiRleHxEA9HkJnxUETLKj9GEzLrxee1IwWDaYkv0yOIM KEJwFR7T0tQnwzUQ9USVFnpgl4LOrQIDAQABo1AwTjAdBgNVHQ4EFgQUE7MCRQy/ zrKPFevchSrLLy5AQU8wHwYDVR0jBBgwFoAUE7MCRQy/zrKPFevchSrLLy5AQU8w DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEASUYXxloSIB3fgHOD5rx2 RrzYMHW07/SOJPCNGIEDS7/QClxIpzPF34BpvyeCWh4sgunDtHHgRkQ/433qe9lc ek5ixxSXVkYaIhb6dCJJNT5pKHBs7mwM/mi8H4bp2bpKIswvs2yBXug/2nkY7BK2 LFmEGaihdRhrOh6FSyWblQn5CUCNQSU5P+zo7BITrPHaJQhOR/cKf7dXCE4Q8glX a07aShkzPd4p6RLauwdrWKvvJD4KgcdMN2h/XDVTdwPUIwro382p0NMyA46lUgn3 6ocQocuktfeNuYIDFqRPC7HKH1ihyoTS9XrfwyNennAIl5ODglMaYuBRI6OpxUAC 1Q== -----END CERTIFICATE----- """ ca_cert = x509.LoadCertificateFromPEM(ca_public_cert_pem) cert = x509.LoadCertificateFromPEM(server_public_cert_pem) cert.CheckValidity() self.assertTrue(cert.IsSignedBy(ca_cert))
def testX509SubjectKnownOids(self): """Use a self-signed cert and load it. Check OIDs. The cert was generated as follows: openssl genrsa 1024 > host.key openssl req -new -x509 -subj \ /CN=_cn_/C=US/L=_l_/ST=NY/O=_o_/OU=_ou_/emailAddress=_emailaddress_/DC=_dc_ \ -nodes -sha1 \ -days 365 -key host.key -set_serial 12345 > host.cert """ s = """ -----BEGIN CERTIFICATE----- MIIC2zCCAkSgAwIBAgICMDkwDQYJKoZIhvcNAQEFBQAwgYkxDTALBgNVBAMMBF9j bl8xCzAJBgNVBAYTAlVTMQwwCgYDVQQHDANfbF8xCzAJBgNVBAgMAk5ZMQwwCgYD VQQKDANfb18xDTALBgNVBAsMBF9vdV8xHTAbBgkqhkiG9w0BCQEWDl9lbWFpbGFk ZHJlc3NfMRQwEgYKCZImiZPyLGQBGRYEX2RjXzAeFw0xNDA3MTExNDU2MDhaFw0y NDA3MDgxNDU2MDhaMIGJMQ0wCwYDVQQDDARfY25fMQswCQYDVQQGEwJVUzEMMAoG A1UEBwwDX2xfMQswCQYDVQQIDAJOWTEMMAoGA1UECgwDX29fMQ0wCwYDVQQLDARf b3VfMR0wGwYJKoZIhvcNAQkBFg5fZW1haWxhZGRyZXNzXzEUMBIGCgmSJomT8ixk ARkWBF9kY18wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPMwxsyuen866REz P4AZbErBkzCS0+aWSrz/Qy7Lup4/zESgcd1bDIiP22yn5/HKBfYoe06DzGfi0fV+ 7a+K0alrJI1ZrH6TcmJnS7HNZo5cABwvpm3c7ddprPgtRqggMXj1fuMgEtwewoVi qs7RYt7p4VGLoWuj4zFhzgl+LKrnAgMBAAGjUDBOMB0GA1UdDgQWBBTsXLjH3R1W K5L+k9AmuqiOczoRLzAfBgNVHSMEGDAWgBTsXLjH3R1WK5L+k9AmuqiOczoRLzAM BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBANz4q1NtjB3e/Inh3exaky8i HBrHDY2/3eVnU2bv/gPPdFxA3rFUpxoC7a15wiiVa9uvGeplqeJ9ioDJSTXkWkS1 AHtYlWyrqlLr3qziOWTTCQhMZBxLSLx1TUYkfeeiJIoA8ZBp5i9KyKRIiSdzR7qZ ujvfJAGJoIOC4OIor+fk -----END CERTIFICATE----- """ x = x509.LoadCertificateFromPEM(s) x.CheckAll() self.assertEqual(('CN=_cn_,C=US,L=_l_,ST=NY,O=_o_,OU=_ou_,' 'emailAddress=_emailaddress_,DC=_dc_'), x.GetSubject())
def _SetRequiredIssuer(self, pem_file): """Set settings.REQUIRED_ISSUER to the issuer in this PEM cert. Args: pem_file: str, pem formatted certificate """ try: cert = x509.LoadCertificateFromPEM(pem_file) if cert.GetMayActAsCA(): required_issuer = cert.GetIssuer() settings_module.REQUIRED_ISSUER = required_issuer except x509.Error: pass
def _LoadCert(self, certstr): """Load a certificate and return a cert object. Args: certstr: str, cert in PEM format Returns: x509.X509Certificate instance Raises: ValueError: if the cert is malformed """ try: cert = x509.LoadCertificateFromPEM(certstr) except x509.Error, e: raise ValueError(str(e))
def CheckValuePemX509Cert(self, k, v): """Check whether v meets PEM cert validation for setting k. Args: k: str, name. v: any value. Returns: None if the value is appropriate and can be set. Raises: ValueError: if the value is not appropriately formed to be set for k. """ try: unused = x509.LoadCertificateFromPEM(v) except x509.Error, e: raise ValueError(str(e))
def testX509WithSelfSignedCertificate(self): """Use a self-generated cert and load it. The cert was generated as follows: openssl genrsa 1024 > host.key openssl req -new -x509 -subj /CN=TestCert1 -nodes -sha1 \ -days 365 -key host.key -set_serial 12345 > host.cert """ s = """ -----BEGIN CERTIFICATE----- MIICDTCCAXagAwIBAgICMDkwDQYJKoZIhvcNAQEFBQAwFDESMBAGA1UEAxMJVGVz dENlcnQxMB4XDTExMDkwNjE5NTMyNVoXDTIxMDkwMzE5NTMyNVowFDESMBAGA1UE AxMJVGVzdENlcnQxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCa7S9PpvYh Utkw9Wu4pnV4B/kD0BaGU3irDZWhIwVEmmFkcF2GtPhSvy12Jthj1M45ME8wpyzW svXcUMhYac12WsgFXEjqjeWhztlUZVeSUAZQW3MierrDhAR/LAeWyBGYUf6CGan6 O44OCELGJSTEg44/f1Ivj8aPYV7BuSlHawIDAQABo24wbDAdBgNVHQ4EFgQUMhwL eP1SzD8YCkUFvX+3kC/2iYEwPQYDVR0jBDYwNIAUMhwLeP1SzD8YCkUFvX+3kC/2 iYGhGKQWMBQxEjAQBgNVBAMTCVRlc3RDZXJ0MYICMDkwDAYDVR0TBAUwAwEB/zAN BgkqhkiG9w0BAQUFAAOBgQAsMvV0CygBEY2jkTnD/rJ4JbN+yAbpHt17FUi1k972 ww4F3igrInfF6pgk+x866HWQvrZvAXJPdMkG6V0GIaORmNaFVyAHu9bAbDTCYMri hIYnz+CPRvK8o5NWjeGSDKZ/z5PV8j1jaKcy2S0N5pm3izDQayQdc4chRfInqkzN Xw== -----END CERTIFICATE----- """ x = x509.LoadCertificateFromPEM(s) x.CheckAll() self.assertEqual(12345, x.GetSerialNumber()) self.assertEqual('CN=TestCert1', x.GetIssuer()) self.assertEqual('CN=TestCert1', x.GetSubject()) # note: the default when creating a x509 cert with openssl(1) is True self.assertTrue(x.GetMayActAsCA()) self.assertEqual(x.GetKeyUsage(), None) self.assertEqual( _b64(x.GetFieldsData()), ('MIIBdqADAgECAgIwOTANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDEwlUZXN0Q2Vyd' 'DEwHhcNMTEwOTA2MTk1MzI1WhcNMjEwOTAzMTk1MzI1WjAUMRIwEAYDVQQDEwlUZX' 'N0Q2VydDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJrtL0+m9iFS2TD1a7i' 'mdXgH+QPQFoZTeKsNlaEjBUSaYWRwXYa0+FK/LXYm2GPUzjkwTzCnLNay9dxQyFhp' 'zXZayAVcSOqN5aHO2VRlV5JQBlBbcyJ6usOEBH8sB5bIEZhR/oIZqfo7jg4IQsYlJ' 'MSDjj9/Ui+Pxo9hXsG5KUdrAgMBAAGjbjBsMB0GA1UdDgQWBBQyHAt4/VLMPxgKRQ' 'W9f7eQL/aJgTA9BgNVHSMENjA0gBQyHAt4/VLMPxgKRQW9f7eQL/aJgaEYpBYwFDE' 'SMBAGA1UEAxMJVGVzdENlcnQxggIwOTAMBgNVHRMEBTADAQH/') ) self.assertEqual( _b64(x.GetSignatureData()), ('LDL1dAsoARGNo5E5w/6yeCWzfsgG6R7dexVItZPe9sMOBd4oKyJ3xeqYJPsfOuh1k' 'L62bwFyT3TJBuldBiGjkZjWhVcgB7vWwGw0wmDK4oSGJ8/gj0byvKOTVo3hkgymf8' '+T1fI9Y2inMtktDeaZt4sw0GskHXOHIUXyJ6pMzV8=') )
def testLoadCertificateFromPEM(self): """Test LoadCertificateFromPEM().""" header = 'BEGIN CERTIFICATE' footer = 'END CERTIFICATE' pem_input = 'pem_input' pem_output = ['---header---', 'base64', '---footer---'] self.mox.StubOutWithMock(x509, 'LoadPemGeneric') self.mox.StubOutWithMock(x509, 'LoadCertificateFromBase64') x509.LoadPemGeneric(pem_input, header, footer).AndReturn(pem_output) x509.LoadCertificateFromBase64('base64').AndReturn('ok') self.mox.ReplayAll() self.assertEqual(x509.LoadCertificateFromPEM(pem_input), 'ok') self.mox.VerifyAll()
def _GetPems(self, pem_settings=None): """Returns a dictionary of PEM validation.""" if not pem_settings: pem_settings = {} pems = PEM.copy() pem_keys = PEM.keys() pem_keys.sort() # orders ca_* to be seen first ca_cert = None for name in pem_keys: if name in pem_settings: pem = pem_settings[name] else: pem = getattr(settings_module, name.upper(), None) pems[name]['pem'] = pem if pem: # TODO(user): move to settings module validation. try: if 'key' in name: settings_module.CheckValuePemRsaPrivateKey(name, pem) elif 'cert' in name: settings_module.CheckValuePemX509Cert(name, pem) try: cert = x509.LoadCertificateFromPEM(pem) cert.CheckValidity() if name == 'ca_public_cert_pem': if not cert.GetMayActAsCA(): raise ValueError('CA flag not set') ca_cert = cert elif name == 'server_public_cert_pem': if ca_cert is not None: if not cert.IsSignedBy(ca_cert): raise ValueError( 'Signature does not match CA cert') # TODO(user): verify that server_{public,private} are a pair. except x509.Error, e: raise ValueError(str(e)) else: raise ValueError('Unknown PEM name') pems[name][VALIDATION] = VALID except ValueError, e: pems[name][VALIDATION] = str(e)
def testX509SubjectKnownOids(self): """Use a self-signed cert and load it. Check OIDs. The cert was generated as follows: openssl genrsa 1024 > host.key openssl req -new -x509 -subj \ /CN=_cn_/C=US/L=_l_/ST=NY/O=_o_/OU=_ou_/emailAddress=_emailaddress_/DC=_dc_ \ -nodes -sha1 \ -days 365 -key host.key -set_serial 12345 > host.cert """ s = """ -----BEGIN CERTIFICATE----- MIIDdjCCAt+gAwIBAgICMDkwDQYJKoZIhvcNAQEFBQAwgYkxDTALBgNVBAMUBF9j bl8xCzAJBgNVBAYTAlVTMQwwCgYDVQQHFANfbF8xCzAJBgNVBAgTAk5ZMQwwCgYD VQQKFANfb18xDTALBgNVBAsUBF9vdV8xHTAbBgkqhkiG9w0BCQEWDl9lbWFpbGFk ZHJlc3NfMRQwEgYKCZImiZPyLGQBGRYEX2RjXzAeFw0xNDA3MTExNDI4NTRaFw0x ODA3MTAxNDI4NTRaMIGJMQ0wCwYDVQQDFARfY25fMQswCQYDVQQGEwJVUzEMMAoG A1UEBxQDX2xfMQswCQYDVQQIEwJOWTEMMAoGA1UEChQDX29fMQ0wCwYDVQQLFARf b3VfMR0wGwYJKoZIhvcNAQkBFg5fZW1haWxhZGRyZXNzXzEUMBIGCgmSJomT8ixk ARkWBF9kY18wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANnOGMnYCWBoUqIL KI5hhKB+eNLONdcMjv60JmGwD3RzIMzZJuiM2YBCwTRSnIipAjxGvGMe/l4NabKb 3hh9+tZ7sDu8cvZdkdt39ztrVmSc/8EC0fSbR6Ee07T8tMNUPLJLJ6R4+cH1RjjH /aDpQ6Y75BFrTncRHsKMJ0iwn1ChAgMBAAGjgeowgecwHQYDVR0OBBYEFD/PBRME GMryoxgn4jXJ1c6+qmBIMIG3BgNVHSMEga8wgayAFD/PBRMEGMryoxgn4jXJ1c6+ qmBIoYGPpIGMMIGJMQ0wCwYDVQQDFARfY25fMQswCQYDVQQGEwJVUzEMMAoGA1UE BxQDX2xfMQswCQYDVQQIEwJOWTEMMAoGA1UEChQDX29fMQ0wCwYDVQQLFARfb3Vf MR0wGwYJKoZIhvcNAQkBFg5fZW1haWxhZGRyZXNzXzEUMBIGCgmSJomT8ixkARkW BF9kY1+CAjA5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAttrBNWc1 NydjFkUViWJqSWe28eIRtPj8hUIcZx3Z0nSMLQpSO7xDz949NNup6DdiA6yA4Orl n9pAbLs8ib9g8t7IT3iVvuVXK4C9RJkFLHh/Bi7zgn589BXht/szba97C2ET25ja UTmZpDzn/zPzT32kxxddHIFFuwN6/RYrYjA= -----END CERTIFICATE----- """ x = x509.LoadCertificateFromPEM(s) x.CheckAll() self.assertEqual( ('CN=_cn_,C=US,L=_l_,ST=NY,O=_o_,OU=_ou_,' 'emailAddress=_emailaddress_,DC=_dc_'), x.GetSubject())
def _ValidatePuppetSslCert(self, cert_dir_path, cert_fname): """Validates and returns true if a given Puppet SSL cert is valid. Args: cert_dir_path: str path to cert dir. cert_fname: str filename of the cert. Returns: Boolean, True if the cert is validated. Raises: PuppetSslCertError: there was an error reading the cert. """ required_issuer = self._ca_params.required_issuer logging.debug( '_ValidatePuppetSslCert: required_issuer %s', required_issuer) try: cert_path = os.path.join(cert_dir_path, cert_fname) logging.debug('_ValidatePuppetSslCert: %s', cert_path) f = open(cert_path, 'r') s = f.read() f.close() x = x509.LoadCertificateFromPEM(s) issuer = x.GetIssuer() logging.debug('Looking at issuer %s', issuer) # Check issuer match. if issuer != required_issuer: # no match at all. msg = 'Skipping cert %s, unknown issuer' % cert_fname logging.warning(msg) logging.warning( 'Expected: "%s" Received: "%s"', required_issuer, issuer) raise PuppetSslCertError(msg) except IOError, e: logging.debug('Skipped cert %s, IO Error %s', cert_fname, str(e)) raise PuppetSslCertError(str(e))
def testWalkthrough(self): """Test the first step of Auth1 authentication.""" auth1 = base.Auth1() # Step1 Server cn = GetRandomInt() auth1.LoadSelfKey(test_settings.SERVER_PRIVATE_KEY_PEM) auth1._ca_pem = test_settings.CA_PUBLIC_CERT_PEM self.assertEqual(base.State.INPUT, auth1.State()) self.assertEqual(base.AuthState.UNKNOWN, auth1.AuthState()) auth1.Input(n=str(cn)) self.assertEqual(base.State.OUTPUT, auth1.State()) output = auth1.Output().split() self.assertEquals(str(cn), output[0]) signature = array.array('B', base64.urlsafe_b64decode(output[2])) data = array.array('B', output[0] + ' ' + output[1]) cert = x509.LoadCertificateFromPEM( test_settings.SERVER_PUBLIC_CERT_PEM) pk = cert.GetPublicKey() self.assertTrue(pk.hashAndVerify(signature, data)) self.assertEqual(base.State.INPUT, auth1.State()) # despite the output of a signed data, we are NOT authenticated yet self.assertEqual(base.AuthState.UNKNOWN, auth1.AuthState()) # Step1 Client auth1client = base.Auth1Client() auth1client._session.Set('cn', str(cn)) auth1client.LoadSelfKey(CLIENT_PRIVATE_KEY) auth1client.LoadSelfCert(CLIENT_CERTIFICATE) auth1client._server_cert_pem = test_settings.SERVER_PUBLIC_CERT_PEM auth1client._ca_pem = test_settings.CA_PUBLIC_CERT_PEM self.assertEqual(auth1client.DefaultState(), auth1client.State()) self.assertEqual(base.AuthState.UNKNOWN, auth1client.AuthState()) auth1client.Input(m=' '.join(output)) self.assertEqual(base.State.OUTPUT, auth1client.State()) output = auth1client.Output() self.assertTrue(output['m']) self.assertTrue(output['s']) self.assertEqual(auth1client.DefaultState(), auth1client.State()) # Step2 Server self.assertEqual(base.State.INPUT, auth1.State()) self.assertEqual(base.AuthState.UNKNOWN, auth1.AuthState()) auth1.Input(m=output['m'], s=output['s']) self.assertEqual(base.State.OUTPUT, auth1.State()) token = auth1.Output() self.assertTrue(token) self.assertEqual(base.AuthState.OK, auth1.AuthState()) self.assertEqual(base.State.INPUT, auth1.State()) # Step3 Client self.assertEqual(auth1client.DefaultState(), auth1client.State()) self.assertEqual(base.AuthState.UNKNOWN, auth1client.AuthState()) auth1client.Input(t=base.Auth1.TOKEN) self.assertEqual(base.AuthState.OK, auth1client.AuthState()) self.assertEqual(auth1client.DefaultState(), auth1client.State())