def testDigest(self):
"""
Test digest authentication.
Act as a server supporting digest authentication and expect the
C{digest} field to be filled with a sha1 digest of the concatenated
stream session identifier and password. Then act as if authentication
succeeds.
"""
def onAuthGet(iq):
"""
Called when the initializer sent a query for authentication methods.
The response informs the client that digest authentication is
supported.
"""
# Create server response
response = xmlstream.toResponse(iq, 'result')
response.addElement(('jabber:iq:auth', 'query'))
response.query.addElement('username')
response.query.addElement('digest')
response.query.addElement('resource')
# Set up an observer for the next request we expect.
d = self.waitFor(IQ_AUTH_SET, onAuthSet)
# Send server response
self.pipe.source.send(response)
return d
def onAuthSet(iq):
"""
Called when the initializer sent the authentication request.
The server checks the credentials and responds with an empty result
signalling success.
"""
self.assertEquals('user', unicode(iq.query.username))
self.assertEquals(sha1('12345secret').hexdigest(),
unicode(iq.query.digest).encode('utf-8'))
self.assertEquals('resource', unicode(iq.query.resource))
# Send server response
response = xmlstream.toResponse(iq, 'result')
self.pipe.source.send(response)
# Digest authentication relies on the stream session identifier. Set it.
self.xmlstream.sid = u'12345'
# Set up an observer for the request for authentication fields
d1 = self.waitFor(IQ_AUTH_GET, onAuthGet)
# Start the initializer
d2 = self.init.initialize()
return defer.gatherResults([d1, d2])
def testPlainText(self):
"""
Test plain-text authentication.
Act as a server supporting plain-text authentication and expect the
C{password} field to be filled with the password. Then act as if
authentication succeeds.
"""
def onAuthGet(iq):
"""
Called when the initializer sent a query for authentication methods.
The response informs the client that plain-text authentication
is supported.
"""
# Create server response
response = xmlstream.toResponse(iq, 'result')
response.addElement(('jabber:iq:auth', 'query'))
response.query.addElement('username')
response.query.addElement('password')
response.query.addElement('resource')
# Set up an observer for the next request we expect.
d = self.waitFor(IQ_AUTH_SET, onAuthSet)
# Send server response
self.pipe.source.send(response)
return d
def onAuthSet(iq):
"""
Called when the initializer sent the authentication request.
The server checks the credentials and responds with an empty result
signalling success.
"""
self.assertEquals('user', unicode(iq.query.username))
self.assertEquals('secret', unicode(iq.query.password))
self.assertEquals('resource', unicode(iq.query.resource))
# Send server response
response = xmlstream.toResponse(iq, 'result')
self.pipe.source.send(response)
# Set up an observer for the request for authentication fields
d1 = self.waitFor(IQ_AUTH_GET, onAuthGet)
# Start the initializer
d2 = self.init.initialize()
return defer.gatherResults([d1, d2])
def testFailure(self):
"""
Set up a stream, and act as if session establishment fails.
"""
def onSession(iq):
response = error.StanzaError('forbidden').toResponse(iq)
self.pipe.source.send(response)
d1 = self.waitFor(IQ_SESSION_SET, onSession)
d2 = self.init.start()
self.assertFailure(d2, error.StanzaError)
return defer.gatherResults([d1, d2])
def testSuccess(self):
"""
Set up a stream, and act as if session establishment succeeds.
"""
def onSession(iq):
response = xmlstream.toResponse(iq, 'result')
self.pipe.source.send(response)
d1 = self.waitFor(IQ_SESSION_SET, onSession)
d2 = self.init.start()
return defer.gatherResults([d1, d2])
def testFailure(self):
"""
Set up a stream, and act as if resource binding fails.
"""
def onBind(iq):
response = error.StanzaError('conflict').toResponse(iq)
self.pipe.source.send(response)
d1 = self.waitFor(IQ_BIND_SET, onBind)
d2 = self.init.start()
self.assertFailure(d2, error.StanzaError)
return defer.gatherResults([d1, d2])
def testFailAuth(self):
"""
Test initializer failure to authenticate.
"""
def onAuthGet(iq):
"""
Called when the initializer sent a query for authentication methods.
The response informs the client that plain-text authentication
is supported.
"""
# Send server response
response = xmlstream.toResponse(iq, 'result')
response.addElement(('jabber:iq:auth', 'query'))
response.query.addElement('username')
response.query.addElement('password')
response.query.addElement('resource')
# Set up an observer for the next request we expect.
d = self.waitFor(IQ_AUTH_SET, onAuthSet)
# Send server response
self.pipe.source.send(response)
return d
def onAuthSet(iq):
"""
Called when the initializer sent the authentication request.
The server checks the credentials and responds with a not-authorized
stanza error.
"""
response = error.StanzaError('not-authorized').toResponse(iq)
self.pipe.source.send(response)
# Set up an observer for the request for authentication fields
d1 = self.waitFor(IQ_AUTH_GET, onAuthGet)
# Start the initializer
d2 = self.init.initialize()
# The initializer should fail with a stanza error.
self.assertFailure(d2, error.StanzaError)
return defer.gatherResults([d1, d2])
def test_handshakeFailure(self):
"""
L{TLSMemoryBIOProtocol} reports errors in the handshake process to the
application-level protocol object using its C{connectionLost} method
and disconnects the underlying transport.
"""
clientConnectionLost = Deferred()
clientFactory = ClientFactory()
clientFactory.protocol = (
lambda: ConnectionLostNotifyingProtocol(clientConnectionLost))
clientContextFactory = HandshakeCallbackContextFactory()
wrapperFactory = TLSMemoryBIOFactory(clientContextFactory, True,
clientFactory)
sslClientProtocol = wrapperFactory.buildProtocol(None)
serverConnectionLost = Deferred()
serverFactory = ServerFactory()
serverFactory.protocol = (
lambda: ConnectionLostNotifyingProtocol(serverConnectionLost))
# This context factory rejects any clients which do not present a
# certificate.
certificateData = FilePath(certPath).getContent()
certificate = PrivateCertificate.loadPEM(certificateData)
serverContextFactory = certificate.options(certificate)
wrapperFactory = TLSMemoryBIOFactory(serverContextFactory, False,
serverFactory)
sslServerProtocol = wrapperFactory.buildProtocol(None)
connectionDeferred = loopbackAsync(sslServerProtocol,
sslClientProtocol)
def cbConnectionLost(protocol):
# The connection should close on its own in response to the error
# induced by the client not supplying the required certificate.
# After that, check to make sure the protocol's connectionLost was
# called with the right thing.
protocol.lostConnectionReason.trap(Error)
clientConnectionLost.addCallback(cbConnectionLost)
serverConnectionLost.addCallback(cbConnectionLost)
# Additionally, the underlying transport should have been told to
# go away.
return gatherResults(
[clientConnectionLost, serverConnectionLost, connectionDeferred])
def testBasic(self):
"""
Set up a stream, and act as if resource binding succeeds.
"""
def onBind(iq):
response = xmlstream.toResponse(iq, 'result')
response.addElement((NS_BIND, 'bind'))
response.bind.addElement('jid',
content='[email protected]/other resource')
self.pipe.source.send(response)
def cb(result):
self.assertEquals(jid.JID('[email protected]/other resource'),
self.authenticator.jid)
d1 = self.waitFor(IQ_BIND_SET, onBind)
d2 = self.init.start()
d2.addCallback(cb)
return defer.gatherResults([d1, d2])
def test_handshakeFailure(self):
"""
L{TLSMemoryBIOProtocol} reports errors in the handshake process to the
application-level protocol object using its C{connectionLost} method
and disconnects the underlying transport.
"""
clientConnectionLost = Deferred()
clientFactory = ClientFactory()
clientFactory.protocol = lambda: ConnectionLostNotifyingProtocol(clientConnectionLost)
clientContextFactory = HandshakeCallbackContextFactory()
wrapperFactory = TLSMemoryBIOFactory(clientContextFactory, True, clientFactory)
sslClientProtocol = wrapperFactory.buildProtocol(None)
serverConnectionLost = Deferred()
serverFactory = ServerFactory()
serverFactory.protocol = lambda: ConnectionLostNotifyingProtocol(serverConnectionLost)
# This context factory rejects any clients which do not present a
# certificate.
certificateData = FilePath(certPath).getContent()
certificate = PrivateCertificate.loadPEM(certificateData)
serverContextFactory = certificate.options(certificate)
wrapperFactory = TLSMemoryBIOFactory(serverContextFactory, False, serverFactory)
sslServerProtocol = wrapperFactory.buildProtocol(None)
connectionDeferred = loopbackAsync(sslServerProtocol, sslClientProtocol)
def cbConnectionLost(protocol):
# The connection should close on its own in response to the error
# induced by the client not supplying the required certificate.
# After that, check to make sure the protocol's connectionLost was
# called with the right thing.
protocol.lostConnectionReason.trap(Error)
clientConnectionLost.addCallback(cbConnectionLost)
serverConnectionLost.addCallback(cbConnectionLost)
# Additionally, the underlying transport should have been told to
# go away.
return gatherResults([clientConnectionLost, serverConnectionLost, connectionDeferred])
def testFailRequestFields(self):
"""
Test initializer failure of request for fields for authentication.
"""
def onAuthGet(iq):
"""
Called when the initializer sent a query for authentication methods.
The server responds that the client is not authorized to authenticate.
"""
response = error.StanzaError('not-authorized').toResponse(iq)
self.pipe.source.send(response)
# Set up an observer for the request for authentication fields
d1 = self.waitFor(IQ_AUTH_GET, onAuthGet)
# Start the initializer
d2 = self.init.initialize()
# The initialized should fail with a stanza error.
self.assertFailure(d2, error.StanzaError)
return defer.gatherResults([d1, d2])