def tearDown(self):
# revert to original server_config.json
os.system("mv -f %s_orig %s" % (self.serverConfigFile, self.serverConfigFile))
# restart server
my_env = os.environ.copy()
lib.restart_irods_server(env=my_env)
def test_ssl_iput_with_rods_env(self):
lib.run_command('openssl genrsa -out server.key')
lib.run_command('openssl req -batch -new -key server.key -out server.csr')
lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365')
lib.run_command('openssl dhparam -2 -out dhparams.pem 100') # normally 2048, but smaller size here for speed
service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json')
with lib.file_backed_up(service_account_environment_file_path):
server_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
}
lib.update_json_file_from_dict(service_account_environment_file_path, server_update)
client_update = {
'irods_client_server_policy': 'CS_NEG_REQUIRE',
'irods_ssl_verify_server': 'none',
}
session_env_backup = copy.deepcopy(self.admin.environment_file_contents)
self.admin.environment_file_contents.update(client_update)
filename = 'encryptedfile.txt'
filepath = lib.create_local_testfile(filename)
self.admin.assert_icommand(['iinit', self.admin.password])
self.admin.assert_icommand(['iput', filename])
self.admin.assert_icommand(['ils', '-L', filename], 'STDOUT', filename)
self.admin.environment_file_contents = session_env_backup
for f in ['server.key', 'server.csr', 'chain.pem', 'dhparams.pem']:
os.unlink(f)
lib.restart_irods_server()
def test_authentication_PAM_without_negotiation(self):
## set up client and server side for ssl handshake
# server side certificate setup
os.system("openssl genrsa -out server.key")
# os.system("openssl req -batch -new -key server.key -out server.csr") # if use external CA
# self-signed certificate
os.system("openssl req -batch -new -x509 -key server.key -out server.crt -days 365")
os.system("mv server.crt chain.pem")
os.system("openssl dhparam -2 -out dhparams.pem 100") # normally 2048, but smaller size here for speed
# server side environment variables
os.environ['irodsSSLCertificateChainFile'] = lib.get_irods_top_level_dir() + '/tests/pydevtest/chain.pem'
os.environ['irodsSSLCertificateKeyFile'] = lib.get_irods_top_level_dir() + '/tests/pydevtest/server.key'
os.environ['irodsSSLDHParamsFile'] = lib.get_irods_top_level_dir() + '/tests/pydevtest/dhparams.pem'
# client side environment variables
self.auth_session.environment_file_contents['irods_ssl_verify_server'] = 'none'
self.auth_session.environment_file_contents['irods_authentication_scheme'] = 'PaM'
# server reboot to pick up new irodsEnv settings
lib.restart_irods_server()
# do the reauth
self.auth_session.assert_icommand(['iinit', self.auth_session.password])
# connect and list some files
self.auth_session.assert_icommand('icd')
self.auth_session.assert_icommand('ils -L', 'STDOUT', 'home')
# reset client environment to original
del self.auth_session.environment_file_contents['irods_authentication_scheme']
# clean up
for file in ['server.key', 'chain.pem', 'dhparams.pem']:
os.unlink(file)
def test_authentication_PAM_with_server_params(self):
## set up client and server side for ssl handshake
# server side certificate setup
os.system('openssl genrsa -out server.key')
os.system('openssl req -batch -new -x509 -key server.key -out server.crt -days 365')
os.system('mv server.crt chain.pem')
os.system('openssl dhparam -2 -out dhparams.pem 100') # normally 2048, but smaller size here for speed
# server side environment variables
os.environ['irodsSSLCertificateChainFile'] = lib.get_irods_top_level_dir() + '/tests/pydevtest/chain.pem'
os.environ['irodsSSLCertificateKeyFile'] = lib.get_irods_top_level_dir() + '/tests/pydevtest/server.key'
os.environ['irodsSSLDHParamsFile'] = lib.get_irods_top_level_dir() + '/tests/pydevtest/dhparams.pem'
# client side environment variables
backup_env_contents = copy.deepcopy(self.auth_session.environment_file_contents)
self.auth_session.environment_file_contents['irods_ssl_verify_server'] = 'none'
self.auth_session.environment_file_contents['irods_client_server_policy'] = 'CS_NEG_REQUIRE'
self.auth_session.environment_file_contents['irods_authentication_scheme'] = 'PaM'
# add server_config.json settings
serverConfigFile = lib.get_irods_config_dir() + "/server_config.json"
with open(serverConfigFile) as f:
contents = json.load(f)
os.system("cp %s %sOrig" % (serverConfigFile, serverConfigFile))
contents['pam_password_length'] = 20
contents['pam_no_extend'] = False
contents['pam_password_min_time'] = 121
contents['pam_password_max_time'] = 1209600
with open(serverConfigFile, 'w') as f:
json.dump(contents, f)
# server reboot to pick up new irodsEnv and server settings
lib.restart_irods_server()
# do the reauth
self.auth_session.assert_icommand(['iinit', self.auth_session.password])
# connect and list some files
self.auth_session.assert_icommand("icd")
self.auth_session.assert_icommand("ils -L", 'STDOUT', "home")
# reset client environment to original
self.auth_session.environment_file_contents = backup_env_contents
# clean up
for file in ['server.key', 'chain.pem', 'dhparams.pem']:
os.unlink(file)
# reset server_config.json to original
os.system('mv %sOrig %s' % (serverConfigFile, serverConfigFile))
# server reboot to revert to previous server configuration
os.system(lib.get_irods_top_level_dir() + '/iRODS/irodsctl stop')
os.system(lib.get_irods_top_level_dir() + '/tests/zombiereaper.sh')
os.system(lib.get_irods_top_level_dir() + '/iRODS/irodsctl start')
def test_ssl_iput_small_and_large_files(self):
# set up client and server side for ssl handshake
# server side certificate setup
os.system("openssl genrsa -out server.key 2> /dev/null")
os.system("openssl req -batch -new -key server.key -out server.csr")
os.system("openssl req -batch -new -x509 -key server.key -out server.crt -days 365")
os.system("mv server.crt chain.pem")
# normally 2048, but smaller size here for speed
os.system("openssl dhparam -2 -out dhparams.pem 100 2> /dev/null")
# server side environment variables
os.environ['irodsSSLCertificateChainFile'] = lib.get_irods_top_level_dir() + "/tests/pydevtest/chain.pem"
os.environ['irodsSSLCertificateKeyFile'] = lib.get_irods_top_level_dir() + "/tests/pydevtest/server.key"
os.environ['irodsSSLDHParamsFile'] = lib.get_irods_top_level_dir() + "/tests/pydevtest/dhparams.pem"
# client side environment variables
os.environ['irodsSSLVerifyServer'] = "none"
# add client irodsEnv settings
clientEnvFile = self.admin.local_session_dir + "/irods_environment.json"
os.system("cp %s %sOrig" % (clientEnvFile, clientEnvFile))
env = {}
env['irods_client_server_policy'] = 'CS_NEG_REQUIRE'
lib.update_json_file_from_dict(clientEnvFile, env)
# server reboot to pick up new irodsEnv settings
lib.restart_irods_server()
# do the encrypted put
filename = "encryptedfile.txt"
filepath = lib.create_local_testfile(filename)
self.admin.assert_icommand(['iinit', self.admin.password]) # reinitialize
# small file
self.admin.assert_icommand("iput " + filename) # encrypted put - small file
self.admin.assert_icommand("ils -L " + filename, 'STDOUT', filename) # should be listed
# large file
largefilename = "BIGencryptedfile.txt"
output = commands.getstatusoutput('dd if=/dev/zero of=' + largefilename + ' bs=1M count=60')
assert output[0] == 0, "dd did not successfully exit"
#os.system("ls -al "+largefilename)
self.admin.assert_icommand("iput " + largefilename) # encrypted put - large file
self.admin.assert_icommand("ils -L " + largefilename, 'STDOUT', largefilename) # should be listed
# reset client environment to not require SSL
os.system("mv %sOrig %s" % (clientEnvFile, clientEnvFile))
# clean up
os.system("rm server.key server.csr chain.pem dhparams.pem")
os.remove(filename)
os.remove(largefilename)
# restart iRODS server without altered environment
lib.restart_irods_server()
def test_authentication_PAM_with_server_params(self):
lib.run_command('openssl genrsa -out server.key')
lib.run_command('openssl req -batch -new -key server.key -out server.csr')
lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365')
lib.run_command('openssl dhparam -2 -out dhparams.pem 1024') # normally 2048, but smaller size here for speed
service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json')
with lib.file_backed_up(service_account_environment_file_path):
server_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
}
lib.update_json_file_from_dict(service_account_environment_file_path, server_update)
client_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
'irods_authentication_scheme': 'PaM',
'irods_client_server_policy': 'CS_NEG_REQUIRE',
}
auth_session_env_backup = copy.deepcopy(self.auth_session.environment_file_contents)
self.auth_session.environment_file_contents.update(client_update)
server_config_filename = lib.get_irods_config_dir() + '/server_config.json'
with lib.file_backed_up(server_config_filename):
server_config_update = {
'pam_password_length': 20,
'pam_no_extend': False,
'pam_password_min_time': 121,
'pam_password_max_time': 1209600,
}
lib.update_json_file_from_dict(server_config_filename, server_config_update)
lib.restart_irods_server()
# the test
self.auth_session.assert_icommand(['iinit', self.auth_session.password])
self.auth_session.assert_icommand("icd")
self.auth_session.assert_icommand("ils -L", 'STDOUT_SINGLELINE', "home")
self.auth_session.environment_file_contents = auth_session_env_backup
for file in ['tests/pydevtest/server.key', 'tests/pydevtest/chain.pem', 'tests/pydevtest/dhparams.pem']:
os.unlink(os.path.join(lib.get_irods_top_level_dir(), file))
lib.restart_irods_server()
def test_authentication_PAM_with_server_params(self):
lib.run_command('openssl genrsa -out server.key')
lib.run_command('openssl req -batch -new -key server.key -out server.csr')
lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365')
lib.run_command('openssl dhparam -2 -out dhparams.pem 100') # normally 2048, but smaller size here for speed
service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json')
with lib.file_backed_up(service_account_environment_file_path):
server_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
}
lib.update_json_file_from_dict(service_account_environment_file_path, server_update)
client_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
'irods_authentication_scheme': 'PaM',
'irods_client_server_policy': 'CS_NEG_REQUIRE',
}
auth_session_env_backup = copy.deepcopy(self.auth_session.environment_file_contents)
self.auth_session.environment_file_contents.update(client_update)
server_config_filename = lib.get_irods_config_dir() + '/server_config.json'
with lib.file_backed_up(server_config_filename):
server_config_update = {
'pam_password_length': 20,
'pam_no_extend': False,
'pam_password_min_time': 121,
'pam_password_max_time': 1209600,
}
lib.update_json_file_from_dict(server_config_filename, server_config_update)
lib.restart_irods_server()
# the test
self.auth_session.assert_icommand(['iinit', self.auth_session.password])
self.auth_session.assert_icommand("icd")
self.auth_session.assert_icommand("ils -L", 'STDOUT_SINGLELINE', "home")
self.auth_session.environment_file_contents = auth_session_env_backup
for file in ['tests/pydevtest/server.key', 'tests/pydevtest/chain.pem', 'tests/pydevtest/dhparams.pem']:
os.unlink(os.path.join(lib.get_irods_top_level_dir(), file))
lib.restart_irods_server()
def setUp(self):
# add Xmsg settings to server_config.json
shutil.copyfile(self.serverConfigFile, self.serverConfigFileBackup)
contents = lib.open_and_load_json_ascii(self.serverConfigFile)
update = {
'xmsg_host': self.xmsgHost,
'xmsg_port': self.xmsgPort,
}
lib.update_json_file_from_dict(self.serverConfigFile, update)
# apparently needed by the server too...
my_env = os.environ.copy()
my_env['XMSG_HOST'] = self.xmsgHost
my_env['XMSG_PORT'] = str(self.xmsgPort)
lib.restart_irods_server(env=my_env)
def setUp(self):
# add Xmsg settings to server_config.json
shutil.copyfile(self.serverConfigFile, self.serverConfigFileBackup)
contents = lib.open_and_load_json_ascii(self.serverConfigFile)
update = {
'xmsg_host': self.xmsgHost,
'xmsg_port': self.xmsgPort,
}
lib.update_json_file_from_dict(self.serverConfigFile, update)
# apparently needed by the server too...
my_env = os.environ.copy()
my_env['XMSG_HOST'] = self.xmsgHost
my_env['XMSG_PORT'] = str(self.xmsgPort)
lib.restart_irods_server(env=my_env)
def test_authentication_PAM_without_negotiation(self):
lib.run_command('openssl genrsa -out server.key')
lib.run_command('openssl req -batch -new -key server.key -out server.csr')
lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365')
lib.run_command('openssl dhparam -2 -out dhparams.pem 1024') # normally 2048, but smaller size here for speed
service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json')
with lib.file_backed_up(service_account_environment_file_path):
server_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
}
lib.update_json_file_from_dict(service_account_environment_file_path, server_update)
client_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
'irods_authentication_scheme': 'PaM',
}
# now the actual test
auth_session_env_backup = copy.deepcopy(self.auth_session.environment_file_contents)
self.auth_session.environment_file_contents.update(client_update)
# server reboot to pick up new irodsEnv settings
lib.restart_irods_server()
# do the reauth
self.auth_session.assert_icommand(['iinit', self.auth_session.password])
# connect and list some files
self.auth_session.assert_icommand('icd')
self.auth_session.assert_icommand('ils -L', 'STDOUT_SINGLELINE', 'home')
# reset client environment to original
self.auth_session.environment_file_contents = auth_session_env_backup
# clean up
for file in ['tests/pydevtest/server.key', 'tests/pydevtest/chain.pem', 'tests/pydevtest/dhparams.pem']:
os.unlink(os.path.join(lib.get_irods_top_level_dir(), file))
# server reboot to pick up new irodsEnv and server settings
lib.restart_irods_server()
def setUp(self):
# add Xmsg settings to server_config.json
with open(self.serverConfigFile) as f:
contents = json.load(f)
os.system('cp {0} {0}_orig'.format(self.serverConfigFile))
contents["xmsg_host"] = self.xmsgHost
contents["xmsg_port"] = self.xmsgPort
with open(self.serverConfigFile, 'w') as f:
json.dump(contents, f)
# apparently needed by the server too...
my_env = os.environ.copy()
my_env['XMSG_HOST'] = self.xmsgHost
my_env['XMSG_PORT'] = str(self.xmsgPort)
# restart server with Xmsg
lib.restart_irods_server(env=my_env)
def test_authentication_PAM_without_negotiation(self):
lib.run_command('openssl genrsa -out server.key')
lib.run_command('openssl req -batch -new -key server.key -out server.csr')
lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365')
lib.run_command('openssl dhparam -2 -out dhparams.pem 100') # normally 2048, but smaller size here for speed
service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json')
with lib.file_backed_up(service_account_environment_file_path):
server_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
}
lib.update_json_file_from_dict(service_account_environment_file_path, server_update)
client_update = {
'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'),
'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'),
'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'),
'irods_ssl_verify_server': 'none',
'irods_authentication_scheme': 'PaM',
}
# now the actual test
auth_session_env_backup = copy.deepcopy(self.auth_session.environment_file_contents)
self.auth_session.environment_file_contents.update(client_update)
# server reboot to pick up new irodsEnv settings
lib.restart_irods_server()
# do the reauth
self.auth_session.assert_icommand(['iinit', self.auth_session.password])
# connect and list some files
self.auth_session.assert_icommand('icd')
self.auth_session.assert_icommand('ils -L', 'STDOUT_SINGLELINE', 'home')
# reset client environment to original
self.auth_session.environment_file_contents = auth_session_env_backup
# clean up
for file in ['tests/pydevtest/server.key', 'tests/pydevtest/chain.pem', 'tests/pydevtest/dhparams.pem']:
os.unlink(os.path.join(lib.get_irods_top_level_dir(), file))
# server reboot to pick up new irodsEnv and server settings
lib.restart_irods_server()
def tearDown(self):
os.rename(self.serverConfigFileBackup, self.serverConfigFile)
lib.restart_irods_server()
def tearDown(self):
os.rename(self.serverConfigFileBackup, self.serverConfigFile)
lib.restart_irods_server()
