def test_zcert():
ctx = zctx.new()
if os.path.exists(TESTDIR):
# delete data from a previous test run
shutil.rmtree(TESTDIR)
os.mkdir(TESTDIR)
# Create a simple certificate with metadata
cert = zcert.new()
zcert.set_meta(cert, "email", "*****@*****.**")
zcert.set_meta(cert, "name", "Pieter Hintjens")
zcert.set_meta(cert, "organization", "iMatix Corporation")
zcert.set_meta(cert, "version", "1")
assert zcert.meta(cert, "email") == "*****@*****.**"
# Check the dup and eq methods
shadow = zcert.dup(cert)
assert zcert.eq(cert, shadow)
del shadow
# Check we can save and load certificate
cert_file = os.path.join(TESTDIR, "mycert.txt")
zcert.save(cert, cert_file)
assert os.path.exists(cert_file)
cert_secret_file = os.path.join(TESTDIR, "mycert.txt_secret")
assert os.path.exists(cert_secret_file)
# Load certificate, will in fact load secret one
shadow = zcert.load(cert_file)
assert shadow
assert zcert.eq(cert, shadow)
del shadow
del ctx
# Delete all test files
shutil.rmtree(TESTDIR)
def test_zcert():
ctx = zctx.new()
if os.path.exists(TESTDIR):
# delete data from a previous test run
shutil.rmtree(TESTDIR)
os.mkdir(TESTDIR)
# Create a simple certificate with metadata
cert = zcert.new()
zcert.set_meta(cert, "email", "*****@*****.**")
zcert.set_meta(cert, "name", "Pieter Hintjens")
zcert.set_meta(cert, "organization", "iMatix Corporation")
zcert.set_meta(cert, "version", "1")
assert zcert.meta(cert, "email") == "*****@*****.**"
# Check the dup and eq methods
shadow = zcert.dup(cert)
assert zcert.eq(cert, shadow)
del shadow
# Check we can save and load certificate
cert_file = os.path.join(TESTDIR, "mycert.txt")
zcert.save(cert, cert_file)
assert os.path.exists(cert_file)
cert_secret_file = os.path.join(TESTDIR, "mycert.txt_secret")
assert os.path.exists(cert_secret_file)
# Load certificate, will in fact load secret one
shadow = zcert.load(cert_file)
assert shadow
assert zcert.eq(cert, shadow)
del shadow
del ctx
# Delete all test files
shutil.rmtree(TESTDIR)
def test_zauth(verbose=False):
if os.path.exists(TESTDIR):
# delete data from a previous test run
shutil.rmtree(TESTDIR)
os.mkdir(TESTDIR)
# Install the authenticator
ctx = zctx.new()
auth = zauth.new(ctx)
zauth.set_verbose(auth, verbose)
# A default NULL connection should always success, and not go
# through our authentication infrastructure at all.
server = zsocket.new(ctx, zmq.PUSH)
client = zsocket.new(ctx, zmq.PULL)
zsocket.set_reconnect_ivl(client, 1000) # slow down reconnect attempts
success = s_can_connect(server, client)
assert success
# When we set a domain on the server, we switch on authentication
# for NULL sockets, but with no policies, the client connection will
# be allowed.
server = zsocket.new(ctx, zmq.PUSH)
zsocket.set_zap_domain(server, 'global')
success = s_can_connect(server, client)
assert success, "Unexpected connection failure: no authenticator test"
# Blacklist 127.0.0.1, connection should fail
zauth.deny(auth, "127.0.0.1")
success = s_can_connect(server, client)
assert not success, "Unexpected connection success: blacklist test"
# Whitelist our address, which overrides the blacklist
zauth.allow (auth, "127.0.0.1")
success = s_can_connect(server, client)
assert success, "Unexpected connection failure: whitelist test"
# Try PLAIN authentication
password_file = os.path.join(TESTDIR, "password-file")
fd = open(password_file, "w")
fd.write("admin=Password\n")
fd.close()
zsocket.set_plain_server(server, 1)
zsocket.set_plain_username(client, "admin")
zsocket.set_plain_password(client, "Password")
success = s_can_connect(server, client)
assert not success, "Unexpected connection success: Test no password-file set"
zauth.configure_plain(auth, "*", password_file)
success = s_can_connect(server, client)
assert success, "Unexpected connection failure: Test password-file set and valid client username and password"
zsocket.set_plain_password (client, "Bogus")
success = s_can_connect(server, client)
assert not success, "Unexpected connection success: Test invalid password"
server_cert = zcert.new()
zcert.apply(server_cert, server)
zsocket.set_curve_server(server, 1)
client_cert = zcert.new()
zcert.apply(client_cert, client)
server_key = zcert.public_txt(server_cert)
zsocket.set_curve_serverkey(client, server_key)
# We've not set-up any authentication, connection will fail
success = s_can_connect(server, client)
assert not success, "Unexpected connection success: Test no curve authentication set"
# Test CURVE_ALLOW_ANY
zauth.configure_curve(auth, "*", zauth.CURVE_ALLOW_ANY)
success = s_can_connect(server, client)
assert success, "Unexpected connection failure: CURVE_ALLOW_ANY test"
# Test full client authentication using certificates
certificate_file = os.path.join(TESTDIR, "mycert.txt")
zcert.save_public(client_cert, certificate_file)
zauth.configure_curve(auth, "*", TESTDIR)
success = s_can_connect(server, client)
assert success, "Unexpected connection failure: client authentication test"
del server_cert
del client_cert
# Remove the authenticator and check a normal connection works
del auth
success = s_can_connect(server, client)
assert success, "Unexpected connection failure: no authenticator test"
del ctx
# Delete all test files
shutil.rmtree(TESTDIR)
def test_zauth(verbose=False):
if os.path.exists(TESTDIR):
# delete data from a previous test run
shutil.rmtree(TESTDIR)
os.mkdir(TESTDIR)
# Install the authenticator
ctx = zctx.new()
auth = zauth.new(ctx)
zauth.set_verbose(auth, verbose)
# A default NULL connection should always success, and not go
# through our authentication infrastructure at all.
server = zsocket.new(ctx, zmq.PUSH)
client = zsocket.new(ctx, zmq.PULL)
zsocket.set_reconnect_ivl(client, 1000) # slow down reconnect attempts
success = s_can_connect(server, client)
assert success
# When we set a domain on the server, we switch on authentication
# for NULL sockets, but with no policies, the client connection will
# be allowed.
server = zsocket.new(ctx, zmq.PUSH)
zsocket.set_zap_domain(server, 'global')
success = s_can_connect(server, client)
assert success, "Unexpected connection failure: no authenticator test"
# Blacklist 127.0.0.1, connection should fail
zauth.deny(auth, "127.0.0.1")
success = s_can_connect(server, client)
assert not success, "Unexpected connection success: blacklist test"
# Whitelist our address, which overrides the blacklist
zauth.allow(auth, "127.0.0.1")
success = s_can_connect(server, client)
assert success, "Unexpected connection failure: whitelist test"
# Try PLAIN authentication
password_file = os.path.join(TESTDIR, "password-file")
fd = open(password_file, "w")
fd.write("admin=Password\n")
fd.close()
zsocket.set_plain_server(server, 1)
zsocket.set_plain_username(client, "admin")
zsocket.set_plain_password(client, "Password")
success = s_can_connect(server, client)
assert not success, "Unexpected connection success: Test no password-file set"
zauth.configure_plain(auth, "*", password_file)
success = s_can_connect(server, client)
assert success, "Unexpected connection failure: Test password-file set and valid client username and password"
zsocket.set_plain_password(client, "Bogus")
success = s_can_connect(server, client)
assert not success, "Unexpected connection success: Test invalid password"
server_cert = zcert.new()
zcert.apply(server_cert, server)
zsocket.set_curve_server(server, 1)
client_cert = zcert.new()
zcert.apply(client_cert, client)
server_key = zcert.public_txt(server_cert)
zsocket.set_curve_serverkey(client, server_key)
# We've not set-up any authentication, connection will fail
success = s_can_connect(server, client)
assert not success, "Unexpected connection success: Test no curve authentication set"
# Test CURVE_ALLOW_ANY
zauth.configure_curve(auth, "*", zauth.CURVE_ALLOW_ANY)
success = s_can_connect(server, client)
assert success, "Unexpected connection failure: CURVE_ALLOW_ANY test"
# Test full client authentication using certificates
certificate_file = os.path.join(TESTDIR, "mycert.txt")
zcert.save_public(client_cert, certificate_file)
zauth.configure_curve(auth, "*", TESTDIR)
success = s_can_connect(server, client)
assert success, "Unexpected connection failure: client authentication test"
del server_cert
del client_cert
# Remove the authenticator and check a normal connection works
del auth
success = s_can_connect(server, client)
assert success, "Unexpected connection failure: no authenticator test"
del ctx
# Delete all test files
shutil.rmtree(TESTDIR)
