def test_credentials(self):
logging.debug('')
logging.debug('test_credentials')
# Basic form.
owner = Credentials()
if sys.platform == 'win32' and not HAVE_PYWIN32:
self.assertEqual('%s' % owner, owner.user + ' (transient)')
else:
self.assertEqual('%s' % owner, owner.user)
# Comparison.
user = Credentials()
self.assertEqual(user, owner)
user.user = '******'
self.assertNotEqual(user, owner)
self.assertNotEqual(user, 'xyzzy')
# Thread storage.
try:
del threading.current_thread().credentials # Ensure empty.
except AttributeError:
pass
self.assertEqual(get_credentials(), owner)
# Sign/verify.
encoded = owner.encode()
Credentials.verify(encoded, allowed_users=None) # 'First sighting'.
Credentials.verify(encoded, allowed_users=None) # Cached verification.
data, signature, client_creds = encoded
encoded = (data[:1], signature, client_creds)
assert_raises(self, 'Credentials.verify(encoded, None)', globals(),
locals(), CredentialsError, 'Invalid data')
encoded = (data[:-1], signature, client_creds)
assert_raises(self, 'Credentials.verify(encoded, None)', globals(),
locals(), CredentialsError, 'Invalid signature')
encoded = (data, signature[:-1], client_creds)
assert_raises(self, 'Credentials.verify(encoded, None)', globals(),
locals(), CredentialsError, 'Invalid signature')
newline = data.find('\n') # .user
newline = data.find('\n', newline + 1) # .transient
# Expecting '-'
mangled = data[:newline + 1] + '*' + data[newline + 2:]
encoded = (mangled, signature, client_creds)
assert_raises(self, 'Credentials.verify(encoded, None)', globals(),
locals(), CredentialsError, 'Invalid key')
# Detect mismatched key.
get_key_pair(owner.user, overwrite_cache=True)
spook = Credentials()
encoded = spook.encode()
assert_raises(self, 'Credentials.verify(encoded, None)', globals(),
locals(), CredentialsError, 'Public key mismatch')
# Check if remote access.
self.assertFalse(remote_access())
def set(self, path, value):
"""
Don't allow setting of 'command' or 'resources' by a remote client.
"""
if path in ("command", "resources", "get_access_controller") and remote_access():
self.raise_exception("%r may not be set() remotely" % path, RuntimeError)
return super(ExternalCode, self).set(path, value)
def set(self, path, value, index=None, src=None, force=False):
"""
Don't allow setting of 'command' or 'resources' by a remote client.
"""
if path in ('command', 'resources', 'get_access_controller') \
and remote_access():
self.raise_exception('%r may not be set() remotely' % path,
RuntimeError)
return super(ExternalCode, self).set(path, value, index, src, force)
def test_credentials(self):
logging.debug('')
logging.debug('test_credentials')
# Basic form.
owner = Credentials()
if sys.platform == 'win32' and not HAVE_PYWIN32:
self.assertEqual('%s' % owner, owner.user+' (transient)')
else:
self.assertEqual('%s' % owner, owner.user)
# Comparison.
user = Credentials()
self.assertEqual(user, owner)
user.user = '******'
self.assertNotEqual(user, owner)
self.assertNotEqual(user, 'xyzzy')
# Thread storage.
try:
del threading.current_thread().credentials # Ensure empty.
except AttributeError:
pass
self.assertEqual(get_credentials(), owner)
# Sign/verify.
encoded = owner.encode()
Credentials.verify(encoded, allowed_users=None) # 'First sighting'.
Credentials.verify(encoded, allowed_users=None) # Cached verification.
data, signature, client_creds = encoded
encoded = (data[:1], signature, client_creds)
assert_raises(self, 'Credentials.verify(encoded, None)',
globals(), locals(), CredentialsError, 'Invalid data')
encoded = (data[:-1], signature, client_creds)
assert_raises(self, 'Credentials.verify(encoded, None)',
globals(), locals(), CredentialsError, 'Invalid signature')
encoded = (data, signature[:-1], client_creds)
assert_raises(self, 'Credentials.verify(encoded, None)',
globals(), locals(), CredentialsError, 'Invalid signature')
newline = data.find('\n') # .user
newline = data.find('\n', newline+1) # .transient
# Expecting '-'
mangled = data[:newline+1] + '*' + data[newline+2:]
encoded = (mangled, signature, client_creds)
assert_raises(self, 'Credentials.verify(encoded, None)',
globals(), locals(), CredentialsError, 'Invalid key')
# Detect mismatched key.
get_key_pair(owner.user, overwrite_cache=True)
spook = Credentials()
encoded = spook.encode()
assert_raises(self, 'Credentials.verify(encoded, None)',
globals(), locals(), CredentialsError,
'Public key mismatch')
# Check if remote access.
self.assertFalse(remote_access())