def test_init_from_config(self):
sess = session.ServerSession(config={})
with self.assertRaises(AttributeError):
getattr(sess, "test_service")
sess = session.ServerSession(
identity_credentials=self.id_credentials,
config=self.fake_config,
)
self.assertTrue(hasattr(sess, "test_service"))
def setUp(self):
mock_keypair = keychain.Keypair.from_secret_pem(
key_bytes=TestSession.id_key_bytes)
self.credentials = keychain.Credentials('me', mock_keypair)
self.model = {
'test_method': {
'endpoint': 'https://myservice/my/endpoint',
'method': 'GET',
'arguments': {
'in_jwt': {
'location': 'jwt',
'required': True,
},
'in_url': {
'location': 'url',
'required': True,
},
'optional': {
'location': 'jwt',
'required': False,
},
'optional_in_url': {
'location': 'url',
'required': False,
},
},
}
}
self.session = session.ServerSession(self.credentials)
self.service_creator = service.ServiceCreator()
self.service = self.service_creator.create_service_class(
'svc', self.model, self.session)
def test_reset_keys(self, mock_request):
sess = session.ServerSession(
identity_credentials=self.id_credentials,
oneid_credentials=self.oneid_credentials,
project_credentials=self.project_credentials,
config=self.fake_config,
)
authenticated_data = sess.prepare_message(a=1,
b=2,
rekey_credentials=[
self.resetA_credentials,
self.resetB_credentials,
self.resetC_credentials,
])
keypairs = [
self.oneid_credentials.keypair,
self.project_credentials.keypair,
self.resetA_credentials.keypair,
self.resetB_credentials.keypair,
self.resetC_credentials.keypair,
]
verified = jwts.verify_jws(authenticated_data, keypairs)
self.assertIsInstance(verified, dict)
def test_prepare_message_encrypted_session(self, mock_request):
peer_credentials = self.alt_credentials
sess = session.ServerSession(
identity_credentials=self.id_credentials,
oneid_credentials=self.oneid_credentials,
project_credentials=self.project_credentials,
peer_credentials=peer_credentials,
config=self.fake_config,
)
jws = sess.prepare_message(
a=1,
b=2,
)
keypairs = [
self.oneid_credentials.keypair,
self.project_credentials.keypair,
]
jwe = jwts.verify_jws(jws, keypairs)
claims = jwes.decrypt_jwe(jwe, peer_credentials.keypair)
self.assertIsInstance(claims, dict)
self.assertIn('a', claims)
self.assertIn('b', claims)
def test_prepare_message_no_project(self):
sess = session.ServerSession(
identity_credentials=self.server_credentials,
oneid_credentials=self.oneid_credentials)
with self.assertRaises(AttributeError):
sess.prepare_message()
def test_service_request(self, mock_request):
sess = session.ServerSession(
identity_credentials=self.id_credentials,
config=self.fake_config,
)
test_method = sess.test_service.test_method()
self.assertEqual(test_method, "tested")
def test_verify_message_failed_cosign(self, mock_request):
message = jwts.make_jwt({'c': 3}, self.id_credentials.keypair)
sess = session.ServerSession(
identity_credentials=self.alt_credentials,
oneid_credentials=self.oneid_credentials,
project_credentials=self.project_credentials,
config=self.fake_config,
)
with self.assertRaises(exceptions.InvalidAuthentication):
sess.verify_message(message, self.id_credentials)
def test_verify_message_no_device_creds(self, mock_request):
message = jwts.make_jwt({'c': 3}, self.id_credentials.keypair)
sess = session.ServerSession(
identity_credentials=self.alt_credentials,
oneid_credentials=self.oneid_credentials,
project_credentials=self.project_credentials,
config=self.fake_config,
)
with self.assertRaises(AttributeError):
sess.verify_message(message, None)
def test_prepare_message_failed_cosign(self, mock_request):
sess = session.ServerSession(
identity_credentials=self.id_credentials,
oneid_credentials=self.oneid_credentials,
project_credentials=self.project_credentials,
config=self.fake_config,
)
with self.assertRaises(exceptions.InvalidAuthentication):
sess.prepare_message(a=1, b=2)
def test_service_class_with_project_creds(self):
mock_proj_keypair = keychain.Keypair.from_secret_pem(
key_bytes=TestSession.proj_key_bytes)
proj_credentials = keychain.Credentials('proj-id', mock_proj_keypair)
sess = session.ServerSession(self.credentials,
project_credentials=proj_credentials)
svc = self.service_creator.create_service_class(
'svc', self.model, sess)
self.assertEqual(svc.__class__.__name__, "svc")
self.assertTrue(hasattr(svc, "test_method"))
def test_verify_message_jws(self, mock_request):
message = jwts.make_jws({'c': 3}, [self.id_credentials.keypair])
sess = session.ServerSession(
identity_credentials=self.alt_credentials,
oneid_credentials=self.oneid_credentials,
project_credentials=self.project_credentials,
config=self.fake_config,
)
claims = sess.verify_message(message, self.id_credentials)
self.assertIsInstance(claims, dict)
self.assertIn("c", claims)
self.assertEqual(claims.get("c"), 3)
def test_verify_message_from_device_key_only(self, mock_request):
message = jwts.make_jwt({'c': 3}, self.id_credentials.keypair)
sess = session.ServerSession(
identity_credentials=self.
alt_credentials, # id_cred needed for device/oneid
oneid_credentials=self.oneid_credentials,
project_credentials=self.project_credentials,
config=self.fake_config,
)
claims = sess.verify_message(message,
self.id_credentials,
get_oneid_cosignature=False)
self.assertIsInstance(claims, dict)
self.assertIn("c", claims)
self.assertEqual(claims.get("c"), 3)
def test_prepare_message(self):
sess = session.ServerSession(
identity_credentials=self.server_credentials,
oneid_credentials=self.oneid_credentials,
project_credentials=self.project_credentials)
authenticated_data = sess.prepare_message(
oneid_response=self.oneid_response)
keypairs = [
self.oneid_credentials.keypair,
self.project_credentials.keypair,
]
verified = jwts.verify_jws(authenticated_data, keypairs)
self.assertIsInstance(verified, dict)
