def test_expires(self):
get_cached_token = lambda k: token_cache[k]
token_cache = TokenCache()
token_cache['key'] = (current_time_millis() + 500, 'token')
sleep_millis(300)
token = get_cached_token('key')
nt.assert_equal('token', token)
sleep_millis(300)
nt.assert_equal(1, len(token_cache)) # token still in cache, but expired
nt.assert_raises(KeyError, get_cached_token, 'key')
def __set_headers(self, m_request):
"""
For testing purpose, this method setups the mocked request.
"""
m_request.META = {}
m_request.META[EZSECURITY_HEADER_USER_INFO] = serialize_to_json(
ProxyUserToken(notAfter=current_time_millis() + 10000))
m_request.META[EZSECURITY_HEADER_SIGNATURE] = \
"EZSECURITY_HEADER_SIGNATURE"
return m_request
def make_token(self):
x509 = X509Info(
subject = self.ez_props.get(MOCK_USER_DN)
)
token = ProxyUserToken(
x509=x509,
issuedBy="EzSecurity",
issuedTo="EFE",
notAfter=current_time_millis() + 720000 # 720000 = 12 mins
)
return token
def test_evict(self):
token_cache = TokenCache(500)
get_cached_token = lambda k: token_cache[k]
token_cache['key'] = (current_time_millis() + 800, 'token') # longer enough to pass 1st evict
sleep_millis(300) # before 1st evict
nt.assert_equal('token', get_cached_token('key'))
sleep_millis(300) # short enough so not expired
nt.assert_equal('token', get_cached_token('key')) # 1st eviction will not delete
sleep_millis(600)
nt.assert_equal(0, len(token_cache)) # token was evicted in 2nd round.
nt.assert_raises(KeyError, get_cached_token, 'key')
def test_validate_current_request(self):
"""
Tests EzSecurityClient.validateCurrentRequest.
"""
ezclient = self.get_client()
x509 = X509Info(
subject=ezclient.ez_props.get(MOCK_USER_DN)
)
token = ProxyUserToken(
x509=x509,
issuedBy="EzSecurity",
issuedTo="EFE",
notAfter=current_time_millis() + 720000 # 720000 = 12 mins
)
dn = util.serialize_to_json(token)
# sig = util.ssl_sign(dn, self.rsa)
sig = ezclient._mock_service_sign(dn)
headers = {
HTTP_HEADER_USER_INFO: dn,
HTTP_HEADER_SIGNATURE: sig
}
self.assertTrue(ezclient.validate_current_request(headers))
def test__mock_service_sign(self):
"""
Tests EzSecurityClient._mock_service_sign
"""
ezclient = self.get_client()
# test with mock = True
x509 = X509Info(
subject=ezclient.ez_props.get(MOCK_USER_DN)
)
token = ProxyUserToken(
x509=x509,
issuedBy="EzSecurity",
issuedTo="EFE",
notAfter=current_time_millis() + 720000 # 720000 = 12 mins
)
dn = util.serialize_to_json(token)
sig1 = util.ssl_sign(dn, self.rsa) # manually loaded service priv key
sig2 = ezclient._mock_service_sign(dn)
self.assertEqual(sig1, sig2)
# test with mock = False
ezclient.mock = False
self.assertRaises(ValueError, ezclient._mock_service_sign, dn)
def requestToken(self, request, signature):
"""
Responds with an instance of EzSecurityToken that is specific to the
request type.
:param request:
:param signature:
:return:
"""
token = None
assert isinstance(request, TokenRequest), \
"request object is not an instance of TokenRequest"
try:
# user info
if request.type == TokenType.USER:
logger.debug("Token requested of type USER.")
# prep EzSecurityPrincipal
proxyToken = getattr(request.proxyPrincipal, 'proxyToken', "")
token_principal = EzSecurityPrincipal(
principal= proxyToken,
name="Joe User",
externalID="joe.user"
)
# prep Authorizations
formal_authorizations = ['A', 'B', 'C']
authorizations = Authorizations(
formalAuthorizations=formal_authorizations
)
# prep externalProjectGroups
external_project_groups = {
'EzBake': ['Core'],
'42six': ['Dev', 'Emp'],
'Nothing': ['groups', 'group2']
}
# prep externalCommunities
community_membership = CommunityMembership(
name='EzBake',
type='office',
organization='EzBake',
topics=['topic1', 'topic2'],
regions=['region1', 'region2', 'region3'],
flags={
'ACIP': True
},
groups=[]
)
external_communities = {'EzBake': community_membership}
# prep EzSecurityToken
token = EzSecurityToken(
tokenPrincipal=token_principal,
authorizations=authorizations,
citizenship="USA",
authorizationLevel="low",
organization="EzBake",
externalProjectGroups=external_project_groups,
externalCommunities=external_communities
)
# app info
elif request.type == TokenType.APP:
logger.debug("Token requested of type APP.")
# respond with app information
if request.securityId == 'SecurityClientTest':
# prep EzSecurityPrincipal
token_principal = EzSecurityPrincipal(
principal=request.securityId
)
# prep Authorizations
formal_authorizations = ['A', 'B', 'C']
authorizations = Authorizations(
formalAuthorizations=formal_authorizations
)
# prep AuthorizationLevel
authorization_level = 'low'
else:
# prep Authorizations
formal_authorizations = []
authorizations = Authorizations(
formalAuthorizations=formal_authorizations
)
# prep AuthorizationLevel
authorization_level = ''
token_principal = None
token = EzSecurityToken(
tokenPrincipal=token_principal,
authorizations=authorizations,
authorizationLevel=authorization_level
)
# prep ValidityCaveats
if token:
validity_caveats = ValidityCaveats(
issuedFor=request.targetSecurityId,
issuedTo=request.securityId,
notAfter=util.current_time_millis() + 600 * 1000
)
token.validity = validity_caveats
data = util.serialize_token(token)
token.validity.signature = base64.b64encode(ossl.sign(self.rsa, data, 'sha256'))
token.validate()
return token
except Exception, e:
traceback.format_exc()
logger.exception("ERROR: Unable to process: %s" % e.message)
raise
def _make_dn(subject):
x509 = X509Info(subject=subject)
token = ProxyUserToken(x509=x509,
issuedBy="EzSecurity", issuedTo="EFE",
notAfter=util.current_time_millis() + 720000)
return jsonpickle.encode(token)
def thread_1(self):
cache = TokenCache()
sleep_millis(200)
cache['key'] = (current_time_millis()+1000, 'token')
sleep_millis(400)
def test_singleton(self):
token_cache1 = TokenCache(100)
token_cache2 = TokenCache(200)
nt.assert_equal(token_cache1, token_cache2)
token_cache1['key'] = (current_time_millis() + 10000, 'token')
nt.assert_equal('token', token_cache2['key'])
