def test_client_auth_with_same_credentials(): """If someone attempts to make a connection using the same exact credentials as the server, that connection should succeed and the headers should be set appropriately.""" key_path = PACKAGE_PATH / 'passwords/test/resources/server/server.key' ca_path = PACKAGE_PATH / 'passwords/test/resources/server/ca.crt' cert_path = PACKAGE_PATH / 'passwords/test/resources/server/server.crt' with local_server(key_path, cert_path, ca_path) as host: result = requests.get(host + api_v0_1('hello'), verify=str(ca_path), cert=(cert_path, key_path)) assert result.status_code == 200 result = requests.get(host + api_v0_1('headers'), verify=str(ca_path), cert=(cert_path, key_path)) assert result.json()['X-ISSUER'] == 'Kovalev Systems CA' assert result.json()['X-USER'] == 'Eugenes Test Server'
def test_client_auth_with_valid_credentials(): """If someone attempts to make a connection using valid client credentials, that connection should succeed and the headers should be set appropriately.""" server_key_path = PACKAGE_PATH / 'passwords/test/resources/server/server.key' ca_path = PACKAGE_PATH / 'passwords/test/resources/server/ca.crt' server_cert_path = PACKAGE_PATH / 'passwords/test/resources/server/server.crt' alice_key_path = PACKAGE_PATH / 'passwords/test/resources/alice/alice.key' alice_cert_path = PACKAGE_PATH / 'passwords/test/resources/alice/alice.crt' with local_server(server_key_path, server_cert_path, ca_path) as host: result = requests.get(host + api_v0_1('hello'), verify=str(ca_path), cert=(alice_cert_path, alice_key_path)) assert result.status_code == 200 result = requests.get(host + api_v0_1('headers'), verify=str(ca_path), cert=(alice_cert_path, alice_key_path)) assert result.json()['X-ISSUER'] == 'Kovalev Systems CA' assert result.json()['X-USER'] == 'Alice'
def test_sha512_validation(test_input, expected_success: bool, expected_status_code: int): app = APP.test_client() r = app.get(api_v0_1('is_password_known/{}').format(test_input)) print(r.data) assert r.status_code == expected_status_code r = json.loads(r.data, encoding='utf-8') if not expected_success: assert "message" in r
def test_self_signed_cert_client(): """If someone attempts to make a connection using a self-signed certificate, this should fail.""" server_key_path = PACKAGE_PATH / 'passwords/test/resources/server/server.key' ca_path = PACKAGE_PATH / 'passwords/test/resources/server/ca.crt' server_cert_path = PACKAGE_PATH / 'passwords/test/resources/server/server.crt' eve_key_path = PACKAGE_PATH / 'passwords/test/resources/eve/eve.key' eve_cert_path = PACKAGE_PATH / 'passwords/test/resources/eve/eve.crt' with local_server(server_key_path, server_cert_path, ca_path) as host: requests.get(host + api_v0_1('hello'), verify=str(ca_path), cert=(eve_cert_path, eve_key_path))
def test_malicious_ca_client(): """If someone attempts to make a connection using a certificate with the same CA name, but incorrect signature this should fail.""" server_key_path = PACKAGE_PATH / 'passwords/test/resources/server/server.key' ca_path = PACKAGE_PATH / 'passwords/test/resources/server/ca.crt' server_cert_path = PACKAGE_PATH / 'passwords/test/resources/server/server.crt' mallory_key_path = PACKAGE_PATH / 'passwords/test/resources/mallory/mallory.key' mallory_cert_path = PACKAGE_PATH / 'passwords/test/resources/mallory/mallory.crt' with local_server(server_key_path, server_cert_path, ca_path) as host: requests.get(host + api_v0_1('hello'), verify=str(ca_path), cert=(mallory_cert_path, mallory_key_path))
def test_known_password(mocker, test_input: str, expected_result: bool): configure_app(APP, {'database': {'hostname': 'some-host', 'db_name': 'passwords', 'username': '******', 'password': '******'}}) mocker.patch.object(psycopg2, 'connect') psycopg2.connect().__enter__().cursor().__enter__().fetchone\ .return_value = IsKnownResult(expected_result) app = APP.test_client() r = app.get(api_v0_1('is_password_known/{}').format(test_input)) assert r.status_code == 200 r = json.loads(r.data, encoding='utf-8') assert r['data']['is_known'] == expected_result
def test_hello(): app = APP.test_client() r = json.loads(app.get(api_v0_1('hello')).data, encoding='utf-8') assert r['data'] == 'Hello, world!'