def setUp(self):
self.logger = FakeLogger()
try:
self.mdb = VCCS_MongoDB('127.0.0.1', 27017, self.logger, collection="TEST_vccs_auth_credstore_TEST")
except:
raise unittest.SkipTest("requires accessible MongoDB server on 127.0.0.1")
self.cred_data = {'type': 'password',
'kdf': 'PBKDF2-HMAC-SHA512',
'status': 'active',
'version': 'NDNv1',
'derived_key': 'aa' * (512 / 8),
'key_handle': 0x2000,
'iterations': 100,
'credential_id': 4711,
'salt': '12345678901234567890123456789012',
}
def setUp(self):
self.logger = FakeLogger()
try:
self.mdb = VCCS_MongoDB("127.0.0.1", 27017, self.logger, collection="TEST_vccs_auth_credstore_TEST")
except:
raise unittest.SkipTest("requires accessible MongoDB server on 127.0.0.1")
self.cred_data = {
"type": "password",
"kdf": "PBKDF2-HMAC-SHA512",
"status": "active",
"version": "NDNv1",
"derived_key": "aa" * (512 / 8),
"key_handle": 0x2000,
"iterations": 100,
"credential_id": 4711,
"salt": "12345678901234567890123456789012",
}
def main(myname='vccs_authbackend'):
"""
Initialize everything and start the authentication backend.
:param myname: String used for logging
"""
args = parse_args()
# initialize various components
config = vccs_auth.config.VCCSAuthConfig(args.config_file, args.debug)
logger = VCCSLogger(myname, config)
kdf = ndnkdf.NDNKDF(config.nettle_path)
hsm_lock = threading.RLock()
hasher = vccs_auth.hasher.hasher_from_string(config.yhsm_device,
hsm_lock,
debug=config.debug)
credstore = VCCSAuthCredentialStoreMongoDB(config.mongodb_uri, logger)
cherry_conf = {
'server.thread_pool': config.num_threads,
'server.socket_host': config.listen_addr,
'server.socket_port': config.listen_port,
# enables X-Forwarded-For, since BCP is to run this server
# behind a webserver that handles SSL
'tools.proxy.on': True,
}
if config.logdir:
cherry_conf['log.access_file'] = os.path.join(config.logdir,
'access.log')
cherry_conf['log.error_file'] = os.path.join(config.logdir,
'error.log')
else:
sys.stderr.write("NOTE: Config option 'logdir' not set.\n")
cherry_conf['log.screen'] = True
cherrypy.config.update(cherry_conf)
logger.logger.info(
"Starting server listening on {!s}:{!s} (loglevel {!r})".format(
config.listen_addr, config.listen_port,
logger.logger.getEffectiveLevel()))
cherrypy.quickstart(AuthBackend(hasher, kdf, logger, credstore, config))
def setUp(self):
self.logger = FakeLogger()
try:
self.mdb = VCCS_MongoDB('127.0.0.1',
27017,
self.logger,
collection="TEST_vccs_auth_credstore_TEST")
except:
raise unittest.SkipTest(
"requires accessible MongoDB server on 127.0.0.1")
self.cred_data = {
'type': 'password',
'kdf': 'PBKDF2-HMAC-SHA512',
'status': 'active',
'version': 'NDNv1',
'derived_key': 'aa' * (512 / 8),
'key_handle': 0x2000,
'iterations': 100,
'credential_id': 4711,
'salt': '12345678901234567890123456789012',
}
class TestCredStore(unittest.TestCase):
def setUp(self):
self.logger = FakeLogger()
try:
self.mdb = VCCS_MongoDB('127.0.0.1',
27017,
self.logger,
collection="TEST_vccs_auth_credstore_TEST")
except:
raise unittest.SkipTest(
"requires accessible MongoDB server on 127.0.0.1")
self.cred_data = {
'type': 'password',
'kdf': 'PBKDF2-HMAC-SHA512',
'status': 'active',
'version': 'NDNv1',
'derived_key': 'aa' * (512 / 8),
'key_handle': 0x2000,
'iterations': 100,
'credential_id': 4711,
'salt': '12345678901234567890123456789012',
}
def test_mdb_aaa_empty_collection(self):
"""
Empty collection of any leftovers from previous runs.
"""
res = self.mdb.credentials.remove()
self.assertEqual(res['err'], None)
def test_mdb_add_credential(self):
"""
Test adding a credential to MongoDB credential store.
"""
cred = vccs_auth.credential.from_dict(self.cred_data, None)
id_ = self.mdb.add_credential(cred)
print("Added credential -> id : {!r}".format(id_))
cred2 = self.mdb.get_credential(self.cred_data['credential_id'])
print("Fetched credential :\n{}".format(pformat(cred2)))
self.assertEqual(cred2.to_dict(), self.cred_data)
def test_mdb_add_duplicate_credential(self):
"""
Test adding a duplicate credential to MongoDB credential store.
"""
this_id = 9797
data = self.cred_data
data['credential_id'] = this_id
cred = vccs_auth.credential.from_dict(data, None)
self.mdb.add_credential(cred)
cred.derived_key(new='bb' * (512 / 8))
print cred.to_dict()
self.assertFalse(self.mdb.add_credential(cred))
def test_mdb_get_unknown_credential(self):
"""
Test fetching unknown credential.
"""
res = self.mdb.get_credential(1234567890)
self.assertEqual(res, None)
def test_mdb_revoking_credential(self):
"""
Test revoking a credential.
"""
this_id = 9898
data = self.cred_data
data['credential_id'] = this_id
cred = vccs_auth.credential.from_dict(data, None)
self.mdb.add_credential(cred)
# assert no exception
cred2 = self.mdb.get_credential(this_id)
print("Revoking credential :\n{}".format(pformat(cred2)))
cred2.revoke({'reason': 'unit testing'})
self.mdb.update_credential(cred2)
# assert exception when fetching revoked credential
with self.assertRaises(vccs_auth.credential.VCCSAuthCredentialError):
self.mdb.get_credential(this_id)
# assert exception when trying to activate credential again
with self.assertRaises(ValueError):
cred2.status('active')
def test_mdb_credential_repr(self):
"""
Test the __repr__ method of a credential.
"""
cred = vccs_auth.credential.from_dict(self.cred_data, None)
res = repr(cred)
print "Credential : {!r}".format(res)
self.assertTrue(hex(self.cred_data['key_handle']) in res)
self.assertTrue(self.cred_data['type'] in res)
class TestCredStore(unittest.TestCase):
def setUp(self):
self.logger = FakeLogger()
try:
self.mdb = VCCS_MongoDB('127.0.0.1', 27017, self.logger, collection="TEST_vccs_auth_credstore_TEST")
except:
raise unittest.SkipTest("requires accessible MongoDB server on 127.0.0.1")
self.cred_data = {'type': 'password',
'kdf': 'PBKDF2-HMAC-SHA512',
'status': 'active',
'version': 'NDNv1',
'derived_key': 'aa' * (512 / 8),
'key_handle': 0x2000,
'iterations': 100,
'credential_id': 4711,
'salt': '12345678901234567890123456789012',
}
def test_mdb_aaa_empty_collection(self):
"""
Empty collection of any leftovers from previous runs.
"""
res = self.mdb.credentials.remove()
self.assertEqual(res['err'], None)
def test_mdb_add_credential(self):
"""
Test adding a credential to MongoDB credential store.
"""
cred = vccs_auth.credential.from_dict(self.cred_data, None)
id_ = self.mdb.add_credential(cred)
print("Added credential -> id : {!r}".format(id_))
cred2 = self.mdb.get_credential(self.cred_data['credential_id'])
print("Fetched credential :\n{}".format(pformat(cred2)))
self.assertEqual(cred2.to_dict(), self.cred_data)
def test_mdb_add_duplicate_credential(self):
"""
Test adding a duplicate credential to MongoDB credential store.
"""
this_id = 9797
data = self.cred_data
data['credential_id'] = this_id
cred = vccs_auth.credential.from_dict(data, None)
self.mdb.add_credential(cred)
cred.derived_key(new='bb' * (512 / 8))
print cred.to_dict()
self.assertFalse(self.mdb.add_credential(cred))
def test_mdb_get_unknown_credential(self):
"""
Test fetching unknown credential.
"""
res = self.mdb.get_credential(1234567890)
self.assertEqual(res, None)
def test_mdb_revoking_credential(self):
"""
Test revoking a credential.
"""
this_id = 9898
data = self.cred_data
data['credential_id'] = this_id
cred = vccs_auth.credential.from_dict(data, None)
self.mdb.add_credential(cred)
# assert no exception
cred2 = self.mdb.get_credential(this_id)
print("Revoking credential :\n{}".format(pformat(cred2)))
cred2.revoke({'reason': 'unit testing'})
self.mdb.update_credential(cred2)
# assert exception when fetching revoked credential
with self.assertRaises(vccs_auth.credential.VCCSAuthCredentialError):
self.mdb.get_credential(this_id)
# assert exception when trying to activate credential again
with self.assertRaises(ValueError):
cred2.status('active')
def test_mdb_credential_repr(self):
"""
Test the __repr__ method of a credential.
"""
cred = vccs_auth.credential.from_dict(self.cred_data, None)
res = repr(cred)
print "Credential : {!r}".format(res)
self.assertTrue(hex(self.cred_data['key_handle']) in res)
self.assertTrue(self.cred_data['type'] in res)
class TestCredStore(unittest.TestCase):
def setUp(self):
self.logger = FakeLogger()
try:
self.mdb = VCCS_MongoDB("127.0.0.1", 27017, self.logger, collection="TEST_vccs_auth_credstore_TEST")
except:
raise unittest.SkipTest("requires accessible MongoDB server on 127.0.0.1")
self.cred_data = {
"type": "password",
"kdf": "PBKDF2-HMAC-SHA512",
"status": "active",
"version": "NDNv1",
"derived_key": "aa" * (512 / 8),
"key_handle": 0x2000,
"iterations": 100,
"credential_id": 4711,
"salt": "12345678901234567890123456789012",
}
def test_mdb_aaa_empty_collection(self):
"""
Empty collection of any leftovers from previous runs.
"""
res = self.mdb.credentials.remove()
self.assertEqual(res["err"], None)
def test_mdb_add_credential(self):
"""
Test adding a credential to MongoDB credential store.
"""
cred = vccs_auth.credential.from_dict(self.cred_data, None)
id_ = self.mdb.add_credential(cred)
print ("Added credential -> id : {!r}".format(id_))
cred2 = self.mdb.get_credential(self.cred_data["credential_id"])
print ("Fetched credential :\n{}".format(pformat(cred2)))
self.assertEqual(cred2.to_dict(), self.cred_data)
def test_mdb_add_duplicate_credential(self):
"""
Test adding a duplicate credential to MongoDB credential store.
"""
this_id = 9797
data = self.cred_data
data["credential_id"] = this_id
cred = vccs_auth.credential.from_dict(data, None)
self.mdb.add_credential(cred)
cred.derived_key(new="bb" * (512 / 8))
print cred.to_dict()
self.assertFalse(self.mdb.add_credential(cred))
def test_mdb_get_unknown_credential(self):
"""
Test fetching unknown credential.
"""
res = self.mdb.get_credential(1234567890)
self.assertEqual(res, None)
def test_mdb_revoking_credential(self):
"""
Test revoking a credential.
"""
this_id = 9898
data = self.cred_data
data["credential_id"] = this_id
cred = vccs_auth.credential.from_dict(data, None)
self.mdb.add_credential(cred)
# assert no exception
cred2 = self.mdb.get_credential(this_id)
print ("Revoking credential :\n{}".format(pformat(cred2)))
cred2.revoke({"reason": "unit testing"})
self.mdb.update_credential(cred2)
# assert exception when fetching revoked credential
with self.assertRaises(vccs_auth.credential.VCCSAuthCredentialError):
self.mdb.get_credential(this_id)
# assert exception when trying to activate credential again
with self.assertRaises(ValueError):
cred2.status("active")
def test_mdb_credential_repr(self):
"""
Test the __repr__ method of a credential.
"""
cred = vccs_auth.credential.from_dict(self.cred_data, None)
res = repr(cred)
print "Credential : {!r}".format(res)
self.assertTrue(hex(self.cred_data["key_handle"]) in res)
self.assertTrue(self.cred_data["type"] in res)
