Ejemplo n.º 1
0
def test_token():

    global body
    global TUPLE
    global RS

    policy = "x can access *"  # dummy policy
    provider.set_policy(policy)

    policy = 'all can access * for 2 hours if tokens_per_day < 100'
    provider.set_policy(policy)

    assert policy in provider.get_policy()['response']['policy']

    new_policy = "*@rbccps.org can access resource-yyz-abc for 1 hour"
    assert provider.append_policy(new_policy)['success'] is True

    x = provider.get_policy()['response']['policy']
    assert new_policy in x
    assert policy in x

    r = provider.audit_tokens(5)
    assert r['success'] is True
    audit_report = r['response']
    as_provider = audit_report["as-provider"]

    num_tokens_before = len(as_provider)
    body = [{
        "id":
        "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/" + RS +
        "/resource-xyz-yzz",
        "api":
        "/latest",
        "methods": ["GET"],
        "body": {
            "key": "some-key"
        }
    }, {
        "id":
        "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/abc.com/abc-xyz"
    }]
Ejemplo n.º 2
0
# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4

import os

from init import provider
from init import resource_server

from init import expect_failure

RS = "iisc.iudx.org.in"

policy = "x can access *"  # dummy policy
provider.set_policy(policy)

invalid_policy = "invalid policy *"

expect_failure(True)
assert provider.set_policy(invalid_policy)['success'] is False
expect_failure(False)

r = provider.get_policy()['response']['policy']
assert policy in r
assert invalid_policy not in r

invalid_policy = "invalid policy *"

expect_failure(True)
assert provider.append_policy(invalid_policy)['success'] is False
expect_failure(False)

r = provider.get_policy()['response']['policy']
Ejemplo n.º 3
0
assert r["success"] is True

r = provider.list_group("confidential")
assert r["success"] is True
assert 1 == len(r["response"])
assert "*****@*****.**" == r["response"][0]['consumer']

r = provider.delete_consumer_from_group("*****@*****.**", "confidential")
assert r["success"] is True

r = provider.list_group("confidential")
assert r["success"] is True
assert 0 == len(r["response"])

provider.set_policy(
    'all can access iisc.iudx.org.in/resource-xyz* if consumer-in-group(xyz,confidential)'
)

body = {
    "id":
    "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/iisc.iudx.org.in/resource-xyz-yzz",
}

provider.add_consumer_to_group("*****@*****.**", "confidential", 100)

r = provider.list_group("confidential")
assert 1 == len(r["response"])

r = consumer.get_token(body)
assert r["success"] is True
assert 60 * 60 == r["response"]["expires-in"]
Ejemplo n.º 4
0
    '[email protected] can access rs1.com/x-t/y/z/t/a/b/c for 2 days if country = "IN" OR  api = "/latest"',
    '[email protected] and [email protected] can access rs1.com/x for 5 hours @ 5 INR',
    'a,[email protected], and c can access x/y/z.a.b.c/t for 2 seconds @ 10.5 INR; all can access anything; x can access y',
    '* can access local_server/*/test if ip = "138.212.77.14" OR ip = "::ffff:ada0:d182"',
    '* can access test-server/test-resource/rs1 if body.operation = "select" AND body.on = "everything"',
    '* can access test-server/test-resource/rs2 if api = "/latest" AND method = "GET"',
    '[email protected] can access test/test/* if cert.class = 2 AND cert.issuer.cn = "ca.iudx.org.in"',
    '*@iisc.ac.in can access data/server1/* if cert.class = 3 AND ' +
    'cert.o = "Indian Institute of Science \(IISc\)" AND cert.issuer.cn = "IUDX-sub-CA at iisc.ac.in"',
    '*@rbccps.org can access confidential/data/* if cert.title = "Member of Technical Staff" AND '
    + 'cert.ou = "Robert Bosch Centre for Cyber-Physical Systems \(RBCCPS\)"',
    'person@* can access local/test/1 if tokens_per_day = 300 AND cert.st = "Karnataka"'
]

for rule in rules:
    r = provider.set_policy(rule)
    assert r['success'] is True

policy = "x can access x"
r = provider.set_policy(policy)
assert r['success'] is True

new_policy = "y can access y"
r = provider.set_policy(policy)
assert r['success'] is True

r = provider.revert_policy()
assert r['success'] is True

r = provider.get_policy()
assert r['success'] is True
Ejemplo n.º 5
0
def test_multiple_provider_audit():

    # test audit for multiple providers
    policy = "all can access abc.com/*"
    provider.set_policy(policy)

    policy = 'all can access example.com/test-providers'
    alt_provider.set_policy(policy)

    body = [{
        "id":
        "iisc.ac.in/2052f450ac2dde345335fb18b82e21da92e3388c/example.com/test-providers",
    }, {
        "id":
        "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/abc.com/ABC123"
    }, {
        "id":
        "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/abc.com/abc-xyz"
    }]

    r = consumer.get_token(body)
    access_token = r['response']

    r = alt_provider.audit_tokens(5)
    assert r["success"] is True
    audit_report = r['response']
    as_provider = audit_report["as-provider"]

    token_hash = hashlib.sha256(
        access_token['token'].encode('utf-8')).hexdigest()

    token_hash_found = False
    found = None

    for a in as_provider:
        if a['token-hash'] == token_hash:
            token_hash_found = True
            found = a
            break

    assert token_hash_found is True
    assert found['revoked'] is False

    for r in found['request']:
        assert r['id'].startswith('iisc.ac.in') is True

    # same test with rbccps.org provider
    r = provider.audit_tokens(5)
    assert r["success"] is True
    audit_report = r['response']
    as_provider = audit_report["as-provider"]

    found = None

    for a in as_provider:
        if a['token-hash'] == token_hash:
            found = a
            break

    assert token_hash_found is True
    assert found['revoked'] is False

    for r in found['request']:
        assert r['id'].startswith('rbccps.org') is True
Ejemplo n.º 6
0
def test_revoke_with_token():

    global body
    global TUPLE

    # test revoke API
    r = provider.get_token(body)
    access_token = r['response']

    assert r['success'] is True
    assert None != access_token
    assert 60 * 60 * 2 == access_token['expires-in']

    token = access_token['token']

    if type(token) == TUPLE:
        token = token[0]

    s = token.split("/")

    assert len(s) == 3
    assert s[0] == 'auth.iudx.org.in'

    r = provider.audit_tokens(5)
    assert r["success"] is True
    audit_report = r['response']
    as_consumer = audit_report["as-consumer"]
    num_revoked_before = 0

    for a in as_consumer:
        if a['revoked'] is True:
            num_revoked_before = num_revoked_before + 1

    r = provider.revoke_tokens(token)
    assert r["success"] is True
    assert r["response"]["num-tokens-revoked"] >= 1

    r = provider.audit_tokens(5)
    assert r["success"] is True
    audit_report = r['response']
    as_consumer = audit_report["as-consumer"]
    num_revoked_after = 0

    for a in as_consumer:
        if a['revoked'] is True:
            num_revoked_after = num_revoked_after + 1

    assert num_revoked_before < num_revoked_after

    new_policy = "*@iisc.ac.in can access * for 1 month"
    assert provider.set_policy(new_policy)['success'] is True

    body = [{
        "id": "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs1/r1",
    }, {
        "id": "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs1/r2"
    }]

    r = restricted_consumer.get_token(body)
    access_token = r['response']

    assert r['success'] is True
    assert None != access_token
    assert r['response']['expires-in'] == 60 * 60 * 24 * 30 * 1

    body = [{
        "id": "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs1/r1",
    }, {
        "id": "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs2/r2"
    }]

    expect_failure(True)
    r = restricted_consumer.get_token(body)
    expect_failure(False)

    assert r['success'] is False
    assert r['status_code'] == 403

    # new api tests

    new_policy = "*@iisc.ac.in can access * for 5 months"
    assert provider.set_policy(new_policy)['success'] is True

    body = [
        "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs1/r1",
        "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs2/r2"
    ]

    r = consumer.get_token(body)
    assert r['success'] is True
    assert r['response']['expires-in'] == 60 * 60 * 24 * 30 * 5

    body = "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs1/r1"
    r = consumer.get_token(body)
    assert r['success'] is True
    assert r['response']['expires-in'] == 60 * 60 * 24 * 30 * 5

    body = {
        "id": "rbccps.org/9cf2c2382cf661fc20a4776345a3be7a143a109c/rs1/r1"
    }
    r = consumer.get_token(body)
    assert r['success'] is True
    assert r['response']['expires-in'] == 60 * 60 * 24 * 30 * 5
Ejemplo n.º 7
0
from init import provider
from init import untrusted
from init import resource_server

from init import expect_failure

from init import restricted_consumer

import hashlib

RS = "iisc.iudx.org.in"

TUPLE = type(("x", ))

policy = "x can access *"  # dummy policy
provider.set_policy(policy)

policy = 'all can access * for 2 hours if tokens_per_day < 100'
provider.set_policy(policy)

assert policy in provider.get_policy()['response']['policy']

new_policy = "*@rbccps.org can access resource-yyz-abc for 1 hour"
assert provider.append_policy(new_policy)['success'] is True

x = provider.get_policy()['response']['policy']
assert new_policy in x
assert policy in x

r = provider.audit_tokens(5)
assert r['success'] is True
Ejemplo n.º 8
0
# vim: tabstop=8 expandtab shiftwidth=4 softtabstop=4

from init import provider 

rules = [
	'[email protected] can access rs1.com/x/y/z/t/a/b/c for 2 days',
	'[email protected] can access rs1.com/_x/y/z/t/a/b/c for 2 days if country = "IN" AND api = "/latest"',
	'[email protected] can access rs1.com/x-t/y/z/t/a/b/c for 2 days if country = "IN" OR  api = "/latest"',
	'[email protected] and [email protected] can access rs1.com/x for 5 hours @ 5 INR',
	'a,[email protected], and c can access x/y/z.a.b.c/t for 2 seconds @ 10.5 INR; all can access anything; x can access y',
        '* can access local_server/*/test if ip = "138.212.77.14" OR ip = "::ffff:ada0:d182"',
        '* can access test-server/test-resource/rs1 if body.operation = "select" AND body.on = "everything"',
        '* can access test-server/test-resource/rs2 if api = "/latest" AND method = "GET"',
        '[email protected] can access test/test/* if cert.class = 2 AND cert.issuer.cn = "ca.iudx.org.in"',
        '*@iisc.ac.in can access data/server1/* if cert.class = 3 AND ' +
        'cert.o = "Indian Institute of Science \(IISc\)" AND cert.issuer.cn = "IUDX-sub-CA at iisc.ac.in"',
        '*@rbccps.org can access confidential/data/* if cert.title = "Member of Technical Staff" AND ' +
        'cert.ou = "Robert Bosch Centre for Cyber-Physical Systems \(RBCCPS\)"',
        'person@* can access local/test/1 if tokens_per_day = 300 AND cert.st = "Karnataka"'
]

for rule in rules:
	r = provider.set_policy(rule)
	assert r['success'] is True
Ejemplo n.º 9
0
import os

from init import consumer 
from init import provider 
from init import resource_server

import hashlib

RS = "iisc.iudx.org.in"
if "AUTH_SERVER" in os.environ and os.environ["AUTH_SERVER"] == "localhost":
    RS = "localhost"

TUPLE = type(("x",))

policy = "x can access *" # dummy policy
provider.set_policy(policy)

policy = 'all can access * for 2 hours if tokens_per_day < 100'
provider.set_policy(policy)

assert policy == provider.get_policy()['response']['policy']

new_policy  = "*@rbccps.org can access resource-yyz-abc for 1 hour"
assert True == provider.append_policy(new_policy)['success']

updated_policy = policy + ';' + new_policy
assert updated_policy == provider.get_policy()['response']['policy']

r = provider.audit_tokens(5)
assert r['success'] is True
audit_report        = r['response']