def tearDown(self): # revert to original server_config.json os.system("mv -f %s_orig %s" % (self.serverConfigFile, self.serverConfigFile)) # restart server my_env = os.environ.copy() lib.restart_irods_server(env=my_env)
def test_ssl_iput_with_rods_env(self): lib.run_command('openssl genrsa -out server.key') lib.run_command('openssl req -batch -new -key server.key -out server.csr') lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365') lib.run_command('openssl dhparam -2 -out dhparams.pem 100') # normally 2048, but smaller size here for speed service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json') with lib.file_backed_up(service_account_environment_file_path): server_update = { 'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'), 'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'), 'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'), } lib.update_json_file_from_dict(service_account_environment_file_path, server_update) client_update = { 'irods_client_server_policy': 'CS_NEG_REQUIRE', 'irods_ssl_verify_server': 'none', } session_env_backup = copy.deepcopy(self.admin.environment_file_contents) self.admin.environment_file_contents.update(client_update) filename = 'encryptedfile.txt' filepath = lib.create_local_testfile(filename) self.admin.assert_icommand(['iinit', self.admin.password]) self.admin.assert_icommand(['iput', filename]) self.admin.assert_icommand(['ils', '-L', filename], 'STDOUT', filename) self.admin.environment_file_contents = session_env_backup for f in ['server.key', 'server.csr', 'chain.pem', 'dhparams.pem']: os.unlink(f) lib.restart_irods_server()
def test_authentication_PAM_without_negotiation(self): ## set up client and server side for ssl handshake # server side certificate setup os.system("openssl genrsa -out server.key") # os.system("openssl req -batch -new -key server.key -out server.csr") # if use external CA # self-signed certificate os.system("openssl req -batch -new -x509 -key server.key -out server.crt -days 365") os.system("mv server.crt chain.pem") os.system("openssl dhparam -2 -out dhparams.pem 100") # normally 2048, but smaller size here for speed # server side environment variables os.environ['irodsSSLCertificateChainFile'] = lib.get_irods_top_level_dir() + '/tests/pydevtest/chain.pem' os.environ['irodsSSLCertificateKeyFile'] = lib.get_irods_top_level_dir() + '/tests/pydevtest/server.key' os.environ['irodsSSLDHParamsFile'] = lib.get_irods_top_level_dir() + '/tests/pydevtest/dhparams.pem' # client side environment variables self.auth_session.environment_file_contents['irods_ssl_verify_server'] = 'none' self.auth_session.environment_file_contents['irods_authentication_scheme'] = 'PaM' # server reboot to pick up new irodsEnv settings lib.restart_irods_server() # do the reauth self.auth_session.assert_icommand(['iinit', self.auth_session.password]) # connect and list some files self.auth_session.assert_icommand('icd') self.auth_session.assert_icommand('ils -L', 'STDOUT', 'home') # reset client environment to original del self.auth_session.environment_file_contents['irods_authentication_scheme'] # clean up for file in ['server.key', 'chain.pem', 'dhparams.pem']: os.unlink(file)
def test_authentication_PAM_with_server_params(self): ## set up client and server side for ssl handshake # server side certificate setup os.system('openssl genrsa -out server.key') os.system('openssl req -batch -new -x509 -key server.key -out server.crt -days 365') os.system('mv server.crt chain.pem') os.system('openssl dhparam -2 -out dhparams.pem 100') # normally 2048, but smaller size here for speed # server side environment variables os.environ['irodsSSLCertificateChainFile'] = lib.get_irods_top_level_dir() + '/tests/pydevtest/chain.pem' os.environ['irodsSSLCertificateKeyFile'] = lib.get_irods_top_level_dir() + '/tests/pydevtest/server.key' os.environ['irodsSSLDHParamsFile'] = lib.get_irods_top_level_dir() + '/tests/pydevtest/dhparams.pem' # client side environment variables backup_env_contents = copy.deepcopy(self.auth_session.environment_file_contents) self.auth_session.environment_file_contents['irods_ssl_verify_server'] = 'none' self.auth_session.environment_file_contents['irods_client_server_policy'] = 'CS_NEG_REQUIRE' self.auth_session.environment_file_contents['irods_authentication_scheme'] = 'PaM' # add server_config.json settings serverConfigFile = lib.get_irods_config_dir() + "/server_config.json" with open(serverConfigFile) as f: contents = json.load(f) os.system("cp %s %sOrig" % (serverConfigFile, serverConfigFile)) contents['pam_password_length'] = 20 contents['pam_no_extend'] = False contents['pam_password_min_time'] = 121 contents['pam_password_max_time'] = 1209600 with open(serverConfigFile, 'w') as f: json.dump(contents, f) # server reboot to pick up new irodsEnv and server settings lib.restart_irods_server() # do the reauth self.auth_session.assert_icommand(['iinit', self.auth_session.password]) # connect and list some files self.auth_session.assert_icommand("icd") self.auth_session.assert_icommand("ils -L", 'STDOUT', "home") # reset client environment to original self.auth_session.environment_file_contents = backup_env_contents # clean up for file in ['server.key', 'chain.pem', 'dhparams.pem']: os.unlink(file) # reset server_config.json to original os.system('mv %sOrig %s' % (serverConfigFile, serverConfigFile)) # server reboot to revert to previous server configuration os.system(lib.get_irods_top_level_dir() + '/iRODS/irodsctl stop') os.system(lib.get_irods_top_level_dir() + '/tests/zombiereaper.sh') os.system(lib.get_irods_top_level_dir() + '/iRODS/irodsctl start')
def test_ssl_iput_small_and_large_files(self): # set up client and server side for ssl handshake # server side certificate setup os.system("openssl genrsa -out server.key 2> /dev/null") os.system("openssl req -batch -new -key server.key -out server.csr") os.system("openssl req -batch -new -x509 -key server.key -out server.crt -days 365") os.system("mv server.crt chain.pem") # normally 2048, but smaller size here for speed os.system("openssl dhparam -2 -out dhparams.pem 100 2> /dev/null") # server side environment variables os.environ['irodsSSLCertificateChainFile'] = lib.get_irods_top_level_dir() + "/tests/pydevtest/chain.pem" os.environ['irodsSSLCertificateKeyFile'] = lib.get_irods_top_level_dir() + "/tests/pydevtest/server.key" os.environ['irodsSSLDHParamsFile'] = lib.get_irods_top_level_dir() + "/tests/pydevtest/dhparams.pem" # client side environment variables os.environ['irodsSSLVerifyServer'] = "none" # add client irodsEnv settings clientEnvFile = self.admin.local_session_dir + "/irods_environment.json" os.system("cp %s %sOrig" % (clientEnvFile, clientEnvFile)) env = {} env['irods_client_server_policy'] = 'CS_NEG_REQUIRE' lib.update_json_file_from_dict(clientEnvFile, env) # server reboot to pick up new irodsEnv settings lib.restart_irods_server() # do the encrypted put filename = "encryptedfile.txt" filepath = lib.create_local_testfile(filename) self.admin.assert_icommand(['iinit', self.admin.password]) # reinitialize # small file self.admin.assert_icommand("iput " + filename) # encrypted put - small file self.admin.assert_icommand("ils -L " + filename, 'STDOUT', filename) # should be listed # large file largefilename = "BIGencryptedfile.txt" output = commands.getstatusoutput('dd if=/dev/zero of=' + largefilename + ' bs=1M count=60') assert output[0] == 0, "dd did not successfully exit" #os.system("ls -al "+largefilename) self.admin.assert_icommand("iput " + largefilename) # encrypted put - large file self.admin.assert_icommand("ils -L " + largefilename, 'STDOUT', largefilename) # should be listed # reset client environment to not require SSL os.system("mv %sOrig %s" % (clientEnvFile, clientEnvFile)) # clean up os.system("rm server.key server.csr chain.pem dhparams.pem") os.remove(filename) os.remove(largefilename) # restart iRODS server without altered environment lib.restart_irods_server()
def test_authentication_PAM_with_server_params(self): lib.run_command('openssl genrsa -out server.key') lib.run_command('openssl req -batch -new -key server.key -out server.csr') lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365') lib.run_command('openssl dhparam -2 -out dhparams.pem 1024') # normally 2048, but smaller size here for speed service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json') with lib.file_backed_up(service_account_environment_file_path): server_update = { 'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'), 'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'), 'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'), 'irods_ssl_verify_server': 'none', } lib.update_json_file_from_dict(service_account_environment_file_path, server_update) client_update = { 'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'), 'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'), 'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'), 'irods_ssl_verify_server': 'none', 'irods_authentication_scheme': 'PaM', 'irods_client_server_policy': 'CS_NEG_REQUIRE', } auth_session_env_backup = copy.deepcopy(self.auth_session.environment_file_contents) self.auth_session.environment_file_contents.update(client_update) server_config_filename = lib.get_irods_config_dir() + '/server_config.json' with lib.file_backed_up(server_config_filename): server_config_update = { 'pam_password_length': 20, 'pam_no_extend': False, 'pam_password_min_time': 121, 'pam_password_max_time': 1209600, } lib.update_json_file_from_dict(server_config_filename, server_config_update) lib.restart_irods_server() # the test self.auth_session.assert_icommand(['iinit', self.auth_session.password]) self.auth_session.assert_icommand("icd") self.auth_session.assert_icommand("ils -L", 'STDOUT_SINGLELINE', "home") self.auth_session.environment_file_contents = auth_session_env_backup for file in ['tests/pydevtest/server.key', 'tests/pydevtest/chain.pem', 'tests/pydevtest/dhparams.pem']: os.unlink(os.path.join(lib.get_irods_top_level_dir(), file)) lib.restart_irods_server()
def test_authentication_PAM_with_server_params(self): lib.run_command('openssl genrsa -out server.key') lib.run_command('openssl req -batch -new -key server.key -out server.csr') lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365') lib.run_command('openssl dhparam -2 -out dhparams.pem 100') # normally 2048, but smaller size here for speed service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json') with lib.file_backed_up(service_account_environment_file_path): server_update = { 'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'), 'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'), 'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'), 'irods_ssl_verify_server': 'none', } lib.update_json_file_from_dict(service_account_environment_file_path, server_update) client_update = { 'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'), 'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'), 'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'), 'irods_ssl_verify_server': 'none', 'irods_authentication_scheme': 'PaM', 'irods_client_server_policy': 'CS_NEG_REQUIRE', } auth_session_env_backup = copy.deepcopy(self.auth_session.environment_file_contents) self.auth_session.environment_file_contents.update(client_update) server_config_filename = lib.get_irods_config_dir() + '/server_config.json' with lib.file_backed_up(server_config_filename): server_config_update = { 'pam_password_length': 20, 'pam_no_extend': False, 'pam_password_min_time': 121, 'pam_password_max_time': 1209600, } lib.update_json_file_from_dict(server_config_filename, server_config_update) lib.restart_irods_server() # the test self.auth_session.assert_icommand(['iinit', self.auth_session.password]) self.auth_session.assert_icommand("icd") self.auth_session.assert_icommand("ils -L", 'STDOUT_SINGLELINE', "home") self.auth_session.environment_file_contents = auth_session_env_backup for file in ['tests/pydevtest/server.key', 'tests/pydevtest/chain.pem', 'tests/pydevtest/dhparams.pem']: os.unlink(os.path.join(lib.get_irods_top_level_dir(), file)) lib.restart_irods_server()
def setUp(self): # add Xmsg settings to server_config.json shutil.copyfile(self.serverConfigFile, self.serverConfigFileBackup) contents = lib.open_and_load_json_ascii(self.serverConfigFile) update = { 'xmsg_host': self.xmsgHost, 'xmsg_port': self.xmsgPort, } lib.update_json_file_from_dict(self.serverConfigFile, update) # apparently needed by the server too... my_env = os.environ.copy() my_env['XMSG_HOST'] = self.xmsgHost my_env['XMSG_PORT'] = str(self.xmsgPort) lib.restart_irods_server(env=my_env)
def test_authentication_PAM_without_negotiation(self): lib.run_command('openssl genrsa -out server.key') lib.run_command('openssl req -batch -new -key server.key -out server.csr') lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365') lib.run_command('openssl dhparam -2 -out dhparams.pem 1024') # normally 2048, but smaller size here for speed service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json') with lib.file_backed_up(service_account_environment_file_path): server_update = { 'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'), 'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'), 'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'), 'irods_ssl_verify_server': 'none', } lib.update_json_file_from_dict(service_account_environment_file_path, server_update) client_update = { 'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'), 'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'), 'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'), 'irods_ssl_verify_server': 'none', 'irods_authentication_scheme': 'PaM', } # now the actual test auth_session_env_backup = copy.deepcopy(self.auth_session.environment_file_contents) self.auth_session.environment_file_contents.update(client_update) # server reboot to pick up new irodsEnv settings lib.restart_irods_server() # do the reauth self.auth_session.assert_icommand(['iinit', self.auth_session.password]) # connect and list some files self.auth_session.assert_icommand('icd') self.auth_session.assert_icommand('ils -L', 'STDOUT_SINGLELINE', 'home') # reset client environment to original self.auth_session.environment_file_contents = auth_session_env_backup # clean up for file in ['tests/pydevtest/server.key', 'tests/pydevtest/chain.pem', 'tests/pydevtest/dhparams.pem']: os.unlink(os.path.join(lib.get_irods_top_level_dir(), file)) # server reboot to pick up new irodsEnv and server settings lib.restart_irods_server()
def setUp(self): # add Xmsg settings to server_config.json with open(self.serverConfigFile) as f: contents = json.load(f) os.system('cp {0} {0}_orig'.format(self.serverConfigFile)) contents["xmsg_host"] = self.xmsgHost contents["xmsg_port"] = self.xmsgPort with open(self.serverConfigFile, 'w') as f: json.dump(contents, f) # apparently needed by the server too... my_env = os.environ.copy() my_env['XMSG_HOST'] = self.xmsgHost my_env['XMSG_PORT'] = str(self.xmsgPort) # restart server with Xmsg lib.restart_irods_server(env=my_env)
def test_authentication_PAM_without_negotiation(self): lib.run_command('openssl genrsa -out server.key') lib.run_command('openssl req -batch -new -key server.key -out server.csr') lib.run_command('openssl req -batch -new -x509 -key server.key -out chain.pem -days 365') lib.run_command('openssl dhparam -2 -out dhparams.pem 100') # normally 2048, but smaller size here for speed service_account_environment_file_path = os.path.expanduser('~/.irods/irods_environment.json') with lib.file_backed_up(service_account_environment_file_path): server_update = { 'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'), 'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'), 'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'), 'irods_ssl_verify_server': 'none', } lib.update_json_file_from_dict(service_account_environment_file_path, server_update) client_update = { 'irods_ssl_certificate_chain_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/chain.pem'), 'irods_ssl_certificate_key_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/server.key'), 'irods_ssl_dh_params_file': os.path.join(lib.get_irods_top_level_dir(), 'tests/pydevtest/dhparams.pem'), 'irods_ssl_verify_server': 'none', 'irods_authentication_scheme': 'PaM', } # now the actual test auth_session_env_backup = copy.deepcopy(self.auth_session.environment_file_contents) self.auth_session.environment_file_contents.update(client_update) # server reboot to pick up new irodsEnv settings lib.restart_irods_server() # do the reauth self.auth_session.assert_icommand(['iinit', self.auth_session.password]) # connect and list some files self.auth_session.assert_icommand('icd') self.auth_session.assert_icommand('ils -L', 'STDOUT_SINGLELINE', 'home') # reset client environment to original self.auth_session.environment_file_contents = auth_session_env_backup # clean up for file in ['tests/pydevtest/server.key', 'tests/pydevtest/chain.pem', 'tests/pydevtest/dhparams.pem']: os.unlink(os.path.join(lib.get_irods_top_level_dir(), file)) # server reboot to pick up new irodsEnv and server settings lib.restart_irods_server()
def tearDown(self): os.rename(self.serverConfigFileBackup, self.serverConfigFile) lib.restart_irods_server()