def test_not_equal_on_not_equal_credentials(self):
"""
Test that the inequality operator returns True when comparing two
Authentication structs with different credentials.
"""
a = contents.Authentication(
credentials=[
objects.Credential(
credential_type=enums.CredentialType.USERNAME_AND_PASSWORD,
credential_value=objects.UsernamePasswordCredential(
username="******",
password="******"
)
)
]
)
b = contents.Authentication(
credentials=[
objects.Credential(
credential_type=enums.CredentialType.DEVICE,
credential_value=objects.DeviceCredential(
device_serial_number="serNum123456",
password="******",
device_identifier="devID2233",
network_identifier="netID9000",
machine_identifier="machineID1",
media_identifier="mediaID313"
)
)
]
)
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_write(self):
"""
Test that an Authentication struct can be written to a data stream.
"""
# Test with a single UsernamePasswordCredential.
authentication = contents.Authentication(credentials=[
objects.Credential(
credential_type=enums.CredentialType.USERNAME_AND_PASSWORD,
credential_value=objects.UsernamePasswordCredential(
username="******", password="******"))
])
stream = utils.BytearrayStream()
authentication.write(stream)
self.assertEqual(len(self.username_password_encoding), len(stream))
self.assertEqual(str(self.username_password_encoding), str(stream))
# Test with a single DeviceCredential.
authentication = contents.Authentication(credentials=[
objects.Credential(credential_type=enums.CredentialType.DEVICE,
credential_value=objects.DeviceCredential(
device_serial_number="serNum123456",
password="******",
device_identifier="devID2233",
network_identifier="netID9000",
machine_identifier="machineID1",
media_identifier="mediaID313"))
])
stream = utils.BytearrayStream()
authentication.write(stream)
self.assertEqual(len(self.device_encoding), len(stream))
self.assertEqual(str(self.device_encoding), str(stream))
# Test with multiple Credentials.
authentication = contents.Authentication(credentials=[
objects.Credential(
credential_type=enums.CredentialType.USERNAME_AND_PASSWORD,
credential_value=objects.UsernamePasswordCredential(
username="******", password="******")),
objects.Credential(credential_type=enums.CredentialType.DEVICE,
credential_value=objects.DeviceCredential(
device_serial_number="serNum123456",
password="******",
device_identifier="devID2233",
network_identifier="netID9000",
machine_identifier="machineID1",
media_identifier="mediaID313"))
])
stream = utils.BytearrayStream()
authentication.write(stream)
self.assertEqual(len(self.multiple_credentials_encoding), len(stream))
self.assertEqual(str(self.multiple_credentials_encoding), str(stream))
def test_invalid_credentials_list(self):
"""
Test that a TypeError is raised when an invalid list is used to set
the credentials of an Authentication struct.
"""
kwargs = {
'credentials': [
objects.Credential(
credential_type=enums.CredentialType.USERNAME_AND_PASSWORD,
credential_value=objects.UsernamePasswordCredential(
username="******", password="******")), 'invalid'
]
}
self.assertRaisesRegex(
TypeError,
"Credentials must be a list of Credential structs. Item 2 has "
"type: {}".format(type('invalid')), contents.Authentication,
**kwargs)
authentication = contents.Authentication()
args = (authentication, "credentials", [
objects.Credential(
credential_type=enums.CredentialType.USERNAME_AND_PASSWORD,
credential_value=objects.UsernamePasswordCredential(
username="******", password="******")), 'invalid'
])
self.assertRaisesRegex(
TypeError,
"Credentials must be a list of Credential structs. Item 2 has "
"type: {}".format(type('invalid')), setattr, *args)
def test_init_with_args(self):
"""
Test that an Authentication struct can be constructed with arguments.
"""
authentication = contents.Authentication(
credentials=[
objects.Credential(
credential_type=enums.CredentialType.USERNAME_AND_PASSWORD,
credential_value=objects.UsernamePasswordCredential(
username="******",
password="******"
)
)
]
)
self.assertEqual(1, len(authentication.credentials))
self.assertEqual(
objects.Credential(
credential_type=enums.CredentialType.USERNAME_AND_PASSWORD,
credential_value=objects.UsernamePasswordCredential(
username="******",
password="******"
)
),
authentication.credentials[0]
)
def test_init(self):
"""
Test that an Authentication struct can be constructed without
arguments.
"""
authentication = contents.Authentication()
self.assertEqual([], authentication.credentials)
def test_not_equal_on_type_mismatch(self):
"""
Test that the inequality operator returns True when comparing two
Authentication structs with different types.
"""
a = contents.Authentication()
b = 'invalid'
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_handle_message_loop_with_authentication_failure(
self, request_mock, cert_mock):
"""
Test that the correct logging and error handling occurs when an
authentication error is generated while processing a request.
"""
data = utils.BytearrayStream(())
cert_mock.return_value = 'test_certificate'
kmip_engine = engine.KmipEngine()
kmip_engine._logger = mock.MagicMock()
kmip_session = session.KmipSession(kmip_engine,
None,
None,
name='name',
enable_tls_client_auth=False)
kmip_session.authenticate = mock.MagicMock()
kmip_session.authenticate.side_effect = exceptions.PermissionDenied(
"Authentication failed.")
kmip_session._engine = mock.MagicMock()
kmip_session._engine.default_protocol_version = \
kmip_engine.default_protocol_version
kmip_session._logger = mock.MagicMock()
kmip_session._connection = mock.MagicMock()
kmip_session._receive_request = mock.MagicMock(return_value=data)
kmip_session._send_response = mock.MagicMock()
fake_version = contents.ProtocolVersion(1, 2)
fake_credential = objects.Credential(
credential_type=enums.CredentialType.USERNAME_AND_PASSWORD,
credential_value=objects.UsernamePasswordCredential(
username="******", password="******"))
fake_header = messages.RequestHeader(
protocol_version=fake_version,
authentication=contents.Authentication(
credentials=[fake_credential]))
fake_request = messages.RequestMessage()
fake_request.request_header = fake_header
fake_request.read = mock.MagicMock()
request_mock.return_value = fake_request
kmip_session._handle_message_loop()
kmip_session._receive_request.assert_called_once_with()
fake_request.read.assert_called_once_with(
data, kmip_version=enums.KMIPVersion.KMIP_1_2)
kmip_session.authenticate.assert_called_once_with(
"test_certificate", fake_request)
kmip_session._logger.warning.assert_called_once_with(
"Authentication failed.")
kmip_session._engine.build_error_response.assert_called_once_with(
fake_version, enums.ResultReason.AUTHENTICATION_NOT_SUCCESSFUL,
"An error occurred during client authentication. "
"See server logs for more information.")
kmip_session._logger.exception.assert_not_called()
self.assertTrue(kmip_session._send_response.called)
def read(self, istream, kmip_version=enums.KMIPVersion.KMIP_1_0):
super(RequestHeader, self).read(
istream,
kmip_version=kmip_version
)
tstream = BytearrayStream(istream.read(self.length))
self.protocol_version = contents.ProtocolVersion()
self.protocol_version.read(tstream, kmip_version=kmip_version)
kmip_version = contents.protocol_version_to_kmip_version(
self.protocol_version
)
# Read the maximum response size if it is present
if self.is_tag_next(Tags.MAXIMUM_RESPONSE_SIZE, tstream):
self.maximum_response_size = contents.MaximumResponseSize()
self.maximum_response_size.read(tstream, kmip_version=kmip_version)
# Read the asynchronous indicator if it is present
if self.is_tag_next(Tags.ASYNCHRONOUS_INDICATOR, tstream):
self.asynchronous_indicator = contents.AsynchronousIndicator()
self.asynchronous_indicator.read(
tstream,
kmip_version=kmip_version
)
# Read the authentication if it is present
if self.is_tag_next(Tags.AUTHENTICATION, tstream):
self.authentication = contents.Authentication()
self.authentication.read(tstream, kmip_version=kmip_version)
# Read the batch error continuation option if it is present
if self.is_tag_next(Tags.BATCH_ERROR_CONTINUATION_OPTION, tstream):
self.batch_error_cont_option = BatchErrorContinuationOption()
self.batch_error_cont_option.read(
tstream,
kmip_version=kmip_version
)
# Read the batch order option if it is present
if self.is_tag_next(Tags.BATCH_ORDER_OPTION, tstream):
self.batch_order_option = contents.BatchOrderOption()
self.batch_order_option.read(tstream, kmip_version=kmip_version)
# Read the time stamp if it is present
if self.is_tag_next(Tags.TIME_STAMP, tstream):
self.time_stamp = contents.TimeStamp()
self.time_stamp.read(tstream, kmip_version=kmip_version)
self.batch_count = contents.BatchCount()
self.batch_count.read(tstream, kmip_version=kmip_version)
self.is_oversized(tstream)
def test_write_missing_credentials(self):
"""
Test that a ValueError gets raised when attempting to write a
Authentication struct missing credentials data to a data stream.
"""
authentication = contents.Authentication()
stream = utils.BytearrayStream()
args = (stream, )
self.assertRaisesRegex(ValueError,
"Authentication struct missing credentials.",
authentication.write, *args)
def test_authenticate_against_slugs(self, mock_connector):
"""
Test that the session correctly handles authentication with SLUGS.
"""
mock_instance = mock.MagicMock()
mock_instance.authenticate.return_value = ("John Doe", ["Group A"])
mock_connector.return_value = mock_instance
kmip_session = session.KmipSession(
None,
None,
("127.0.0.1", 48026),
name='TestSession',
auth_settings=[(
"auth:slugs",
{"enabled": "True", "url": "test_url"}
)]
)
kmip_session._logger = mock.MagicMock()
fake_credential = objects.Credential(
credential_type=enums.CredentialType.USERNAME_AND_PASSWORD,
credential_value=objects.UsernamePasswordCredential(
username="******",
password="******"
)
)
fake_request = messages.RequestMessage(
request_header=messages.RequestHeader(
authentication=contents.Authentication(
credentials=[fake_credential]
)
)
)
result = kmip_session.authenticate(
"fake_certificate",
fake_request
)
mock_connector.assert_any_call("test_url")
kmip_session._logger.debug.assert_any_call(
"Authenticating with plugin: auth:slugs"
)
mock_instance.authenticate.assert_any_call(
"fake_certificate",
(("127.0.0.1", 48026), kmip_session._session_time),
fake_request.request_header.authentication.credentials
)
kmip_session._logger.debug(
"Authentication succeeded for client identity: John Doe"
)
self.assertEqual(2, len(result))
self.assertEqual("John Doe", result[0])
self.assertEqual(["Group A"], result[1])
def test_read_missing_credentials(self):
"""
Test that a ValueError gets raised when attempting to read an
Authentication struct from a data stream missing credentials data.
"""
authentication = contents.Authentication()
self.assertEqual([], authentication.credentials)
args = (self.encoding_missing_credentials, )
self.assertRaisesRegex(ValueError,
"Authentication encoding missing credentials.",
authentication.read, *args)
def test_authenticate_against_slugs_with_failure(self, mock_connector):
"""
Test that the session correctly handles a SLUGS authentication error.
"""
mock_instance = mock.MagicMock()
test_exception = exceptions.PermissionDenied(
"Unrecognized user ID: John Doe"
)
mock_instance.authenticate.side_effect = test_exception
mock_connector.return_value = mock_instance
kmip_session = session.KmipSession(
None,
None,
("127.0.0.1", 48026),
name='TestSession',
auth_settings=[(
"auth:slugs",
{"enabled": "True", "url": "test_url"}
)]
)
kmip_session._logger = mock.MagicMock()
fake_credential = objects.Credential(
credential_type=enums.CredentialType.USERNAME_AND_PASSWORD,
credential_value=objects.UsernamePasswordCredential(
username="******",
password="******"
)
)
fake_request = messages.RequestMessage(
request_header=messages.RequestHeader(
authentication=contents.Authentication(
credentials=[fake_credential]
)
)
)
args = ("fake_certificate", fake_request)
self.assertRaisesRegexp(
exceptions.PermissionDenied,
"Authentication failed.",
kmip_session.authenticate,
*args
)
mock_connector.assert_any_call("test_url")
kmip_session._logger.debug.assert_any_call(
"Authenticating with plugin: auth:slugs"
)
kmip_session._logger.warning.assert_any_call("Authentication failed.")
kmip_session._logger.exception.assert_any_call(test_exception)
def test_invalid_credentials(self):
"""
Test that a TypeError is raised when an invalid value is used to set
the credentials of an Authentication struct.
"""
kwargs = {'credentials': 'invalid'}
self.assertRaisesRegex(
TypeError, "Credentials must be a list of Credential structs.",
contents.Authentication, **kwargs)
authentication = contents.Authentication()
args = (authentication, "credentials", 'invalid')
self.assertRaisesRegex(
TypeError, "Credentials must be a list of Credential structs.",
setattr, *args)
def test_str(self):
"""
Test that str can be applied to an Authentication struct.
"""
# Test with a UsernamePasswordCredential.
authentication = contents.Authentication(credentials=[
objects.Credential(
credential_type=enums.CredentialType.USERNAME_AND_PASSWORD,
credential_value=objects.UsernamePasswordCredential(
username="******", password="******"))
])
expected = str({
"credentials": [{
"credential_type":
enums.CredentialType.USERNAME_AND_PASSWORD,
"credential_value":
str({
"username": "******",
"password": "******"
})
}]
})
observed = str(authentication)
self.assertEqual(expected, observed)
# Test with a DeviceCredential.
authentication = contents.Authentication(credentials=[
objects.Credential(credential_type=enums.CredentialType.DEVICE,
credential_value=objects.DeviceCredential(
device_serial_number="serNum123456",
password="******",
device_identifier="devID2233",
network_identifier="netID9000",
machine_identifier="machineID1",
media_identifier="mediaID313"))
])
expected = str({
"credentials": [{
"credential_type":
enums.CredentialType.DEVICE,
"credential_value":
str({
"device_serial_number": "serNum123456",
"password": "******",
"device_identifier": "devID2233",
"network_identifier": "netID9000",
"machine_identifier": "machineID1",
"media_identifier": "mediaID313"
})
}]
})
observed = str(authentication)
self.assertEqual(expected, observed)
# Test with multiple Credentials.
authentication = contents.Authentication(credentials=[
objects.Credential(
credential_type=enums.CredentialType.USERNAME_AND_PASSWORD,
credential_value=objects.UsernamePasswordCredential(
username="******", password="******")),
objects.Credential(credential_type=enums.CredentialType.DEVICE,
credential_value=objects.DeviceCredential(
device_serial_number="serNum123456",
password="******",
device_identifier="devID2233",
network_identifier="netID9000",
machine_identifier="machineID1",
media_identifier="mediaID313"))
])
expected = str({
"credentials": [{
"credential_type":
enums.CredentialType.USERNAME_AND_PASSWORD,
"credential_value":
str({
"username": "******",
"password": "******"
})
}, {
"credential_type":
enums.CredentialType.DEVICE,
"credential_value":
str({
"device_serial_number": "serNum123456",
"password": "******",
"device_identifier": "devID2233",
"network_identifier": "netID9000",
"machine_identifier": "machineID1",
"media_identifier": "mediaID313"
})
}]
})
observed = str(authentication)
self.assertEqual(expected, observed)
def test_repr(self):
"""
Test that repr can be applied to an Authentication struct.
"""
# Test with a UsernamePasswordCredential.
authentication = contents.Authentication(credentials=[
objects.Credential(
credential_type=enums.CredentialType.USERNAME_AND_PASSWORD,
credential_value=objects.UsernamePasswordCredential(
username="******", password="******"))
])
expected = ("Authentication("
"credentials=["
"Credential("
"credential_type=CredentialType.USERNAME_AND_PASSWORD, "
"credential_value=UsernamePasswordCredential("
"username='******', "
"password='******'))])")
observed = repr(authentication)
self.assertEqual(expected, observed)
# Test with a DeviceCredential.
authentication = contents.Authentication(credentials=[
objects.Credential(credential_type=enums.CredentialType.DEVICE,
credential_value=objects.DeviceCredential(
device_serial_number="serNum123456",
password="******",
device_identifier="devID2233",
network_identifier="netID9000",
machine_identifier="machineID1",
media_identifier="mediaID313"))
])
expected = ("Authentication("
"credentials=["
"Credential("
"credential_type=CredentialType.DEVICE, "
"credential_value=DeviceCredential("
"device_serial_number='serNum123456', "
"password='******', "
"device_identifier='devID2233', "
"network_identifier='netID9000', "
"machine_identifier='machineID1', "
"media_identifier='mediaID313'))])")
observed = repr(authentication)
self.assertEqual(expected, observed)
# Test with multiple Credentials.
authentication = contents.Authentication(credentials=[
objects.Credential(
credential_type=enums.CredentialType.USERNAME_AND_PASSWORD,
credential_value=objects.UsernamePasswordCredential(
username="******", password="******")),
objects.Credential(credential_type=enums.CredentialType.DEVICE,
credential_value=objects.DeviceCredential(
device_serial_number="serNum123456",
password="******",
device_identifier="devID2233",
network_identifier="netID9000",
machine_identifier="machineID1",
media_identifier="mediaID313"))
])
expected = ("Authentication("
"credentials=["
"Credential("
"credential_type=CredentialType.USERNAME_AND_PASSWORD, "
"credential_value=UsernamePasswordCredential("
"username='******', "
"password='******')), "
"Credential("
"credential_type=CredentialType.DEVICE, "
"credential_value=DeviceCredential("
"device_serial_number='serNum123456', "
"password='******', "
"device_identifier='devID2233', "
"network_identifier='netID9000', "
"machine_identifier='machineID1', "
"media_identifier='mediaID313'))])")
observed = repr(authentication)
self.assertEqual(expected, observed)
def test_read(self):
"""
Test that an Authentication struct can be read from a data stream.
"""
# Test with a single UsernamePasswordCredential.
authentication = contents.Authentication()
self.assertEqual([], authentication.credentials)
authentication.read(self.username_password_encoding)
self.assertEqual(1, len(authentication.credentials))
self.assertEqual(
objects.Credential(
credential_type=enums.CredentialType.USERNAME_AND_PASSWORD,
credential_value=objects.UsernamePasswordCredential(
username="******", password="******")),
authentication.credentials[0])
# Test with a single DeviceCredential.
authentication = contents.Authentication()
self.assertEqual([], authentication.credentials)
authentication.read(self.device_encoding)
self.assertEqual(1, len(authentication.credentials))
self.assertEqual(
objects.Credential(credential_type=enums.CredentialType.DEVICE,
credential_value=objects.DeviceCredential(
device_serial_number="serNum123456",
password="******",
device_identifier="devID2233",
network_identifier="netID9000",
machine_identifier="machineID1",
media_identifier="mediaID313")),
authentication.credentials[0])
# Test with multiple Credentials.
authentication = contents.Authentication()
self.assertEqual([], authentication.credentials)
authentication.read(self.multiple_credentials_encoding)
self.assertEqual(2, len(authentication.credentials))
self.assertEqual(
objects.Credential(
credential_type=enums.CredentialType.USERNAME_AND_PASSWORD,
credential_value=objects.UsernamePasswordCredential(
username="******", password="******")),
authentication.credentials[0])
self.assertEqual(
objects.Credential(credential_type=enums.CredentialType.DEVICE,
credential_value=objects.DeviceCredential(
device_serial_number="serNum123456",
password="******",
device_identifier="devID2233",
network_identifier="netID9000",
machine_identifier="machineID1",
media_identifier="mediaID313")),
authentication.credentials[1])
