def test_authentication_roundtrip_mitm2(self): auth_server_a = server.AuthServer("server_secret", DummyKeyProvider(), "server.name") challenge = auth_server_a.create_challenge("test") response = create_response(challenge, "server.name", ssh.SingleKeySigner(test_priv_key)) auth_server_b = server.AuthServer("server_secret", DummyKeyProvider(), "another.server") try: auth_server_b.create_token(response) self.fail("should have thrown exception") except exceptions.InvalidInputException: pass
def test_create_token_too_old(self): auth_server_a = server.AuthServer("server_secret", DummyKeyProvider(), "server.name") challenge = auth_server_a.create_challenge("test") response = create_response(challenge, "server.name", ssh.SingleKeySigner(test_priv_key)) auth_server_b = server.AuthServer("server_secret", DummyKeyProvider(), "server.name", now_func=lambda: time.time() + 1000) try: auth_server_b.create_token(response) self.fail("Should have issued InvalidInputException, " "challenge too old") except exceptions.InvalidInputException: pass
def test_create_challenge_no_legacy_support(self): auth_server = server.AuthServer("secret", DummyKeyProvider(), "server.name", lowest_supported_version=1) self.assertRaises(exceptions.ProtocolVersionError, auth_server.create_challenge, "noa")
def test_create_token_invalid_duration(self): auth_server = server.AuthServer("server_secret", DummyKeyProvider(), "server.name") token = auth_server._make_token("some_user", int(time.time()) + 3600) self.assertRaises(exceptions.InvalidInputException, auth_server.validate_token, token)
def test_validate_token_wrong_secret(self): token = "dgAAAJgtmNoqST9RaxayI7UP5-GLviUDAAAAFHQAAABUJYr_VCWLPQAAAAR0ZXN0" auth_server = server.AuthServer("server_secret", DummyKeyProvider(), "server.name", now_func=lambda: 1411746561.058992) auth_server.validate_token(token) auth_server = server.AuthServer("wrong_secret", DummyKeyProvider(), "server.name", now_func=lambda: 1411746561.058992) try: auth_server.validate_token(token) self.fail("Should have gotten InvalidInputException") except exceptions.InvalidInputException: pass
def test_validate_token_too_new(self): auth_server_a = server.AuthServer("server_secret", DummyKeyProvider(), "server.name") challenge = auth_server_a.create_challenge("test") response = create_response(challenge, "server.name", ssh.SingleKeySigner(test_priv_key)) token = auth_server_a.create_token(response) auth_server_b = server.AuthServer("server_secret", DummyKeyProvider(), "server.name", now_func=lambda: time.time() - 1000) try: auth_server_b.validate_token(token) self.fail("Should have issued TokenExpiredException, " "token too new") except exceptions.TokenExpiredException: pass
def test_authentication_roundtrip_v1(self): auth_server = server.AuthServer("server_secret", DummyKeyProvider(), "server.name") challenge = auth_server.create_challenge("test", 1) response = create_response(challenge, "server.name", ssh.SingleKeySigner(test_priv_key)) token = auth_server.create_token(response) self.assertTrue(auth_server.validate_token(token))
def test_create_challenge_v1(self): auth_server = server.AuthServer("secret", DummyKeyProvider(), "server.name") challenge = auth_server.create_challenge("noa", 1) cb = ssh.base64url_decode(challenge) decoded_challenge = msgpack_protocol.Challenge.deserialize(cb) self.assertEquals("\xfb\xa1\xeao\xd3y", decoded_challenge.fingerprint)
def test_create_token_invalid_input(self): auth_server = server.AuthServer("gurka", DummyKeyProvider(), "server.name") for t in ("2tYneWsOm88qu_Trzahw2r6ZLg37oepv03mykGS-HdcnWJLuUMDOmfVI" "Wl5n3U6qt6Fub2E", "random"): try: auth_server.create_token(t) self.fail("Input is invalid, should have thrown exception") except exceptions.ProtocolError: pass
def test_authentication_roundtrip_mitm1(self): auth_server = server.AuthServer("server_secret", DummyKeyProvider(), "server.name") challenge = auth_server.create_challenge("test") try: create_response(challenge, "another.server", ssh.SingleKeySigner(test_priv_key)) self.fail("Should have gotten InvalidInputException") except exceptions.InvalidInputException: pass
def test_create_challenge(self): auth_server = server.AuthServer("gurka", DummyKeyProvider(), "server.name") s = auth_server.create_challenge("noa") cb = ssh.base64url_decode(s) verifiable_payload = protocol.VerifiablePayload.deserialize(cb) challenge = protocol.Challenge.deserialize(verifiable_payload.payload) self.assertEquals("\xfb\xa1\xeao\xd3y", challenge.fingerprint)
def main(): setup_logging() parser = argparse.ArgumentParser('drserv-server', description='The drserv service') parser.add_argument('--config', action='store', default='/etc/drserv.yml', help='the config file') config = read_config(parser.parse_args().config) auth_server = server.AuthServer(config['crtauth_secret'], key_provider.FileKeyProvider( config['keys_dir']), config['service_name'], lowest_supported_version=1) DrservServer(config['listen_port'], config['target_basedir'], config['index_command'], auth_server).serve_forever()