def test_not_equal_on_not_equal_credentials(self): """ Test that the inequality operator returns True when comparing two Authentication structs with different credentials. """ a = contents.Authentication( credentials=[ objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******" ) ) ] ) b = contents.Authentication( credentials=[ objects.Credential( credential_type=enums.CredentialType.DEVICE, credential_value=objects.DeviceCredential( device_serial_number="serNum123456", password="******", device_identifier="devID2233", network_identifier="netID9000", machine_identifier="machineID1", media_identifier="mediaID313" ) ) ] ) self.assertTrue(a != b) self.assertTrue(b != a)
def test_write(self): """ Test that an Authentication struct can be written to a data stream. """ # Test with a single UsernamePasswordCredential. authentication = contents.Authentication(credentials=[ objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******")) ]) stream = utils.BytearrayStream() authentication.write(stream) self.assertEqual(len(self.username_password_encoding), len(stream)) self.assertEqual(str(self.username_password_encoding), str(stream)) # Test with a single DeviceCredential. authentication = contents.Authentication(credentials=[ objects.Credential(credential_type=enums.CredentialType.DEVICE, credential_value=objects.DeviceCredential( device_serial_number="serNum123456", password="******", device_identifier="devID2233", network_identifier="netID9000", machine_identifier="machineID1", media_identifier="mediaID313")) ]) stream = utils.BytearrayStream() authentication.write(stream) self.assertEqual(len(self.device_encoding), len(stream)) self.assertEqual(str(self.device_encoding), str(stream)) # Test with multiple Credentials. authentication = contents.Authentication(credentials=[ objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******")), objects.Credential(credential_type=enums.CredentialType.DEVICE, credential_value=objects.DeviceCredential( device_serial_number="serNum123456", password="******", device_identifier="devID2233", network_identifier="netID9000", machine_identifier="machineID1", media_identifier="mediaID313")) ]) stream = utils.BytearrayStream() authentication.write(stream) self.assertEqual(len(self.multiple_credentials_encoding), len(stream)) self.assertEqual(str(self.multiple_credentials_encoding), str(stream))
def test_invalid_credentials_list(self): """ Test that a TypeError is raised when an invalid list is used to set the credentials of an Authentication struct. """ kwargs = { 'credentials': [ objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******")), 'invalid' ] } self.assertRaisesRegex( TypeError, "Credentials must be a list of Credential structs. Item 2 has " "type: {}".format(type('invalid')), contents.Authentication, **kwargs) authentication = contents.Authentication() args = (authentication, "credentials", [ objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******")), 'invalid' ]) self.assertRaisesRegex( TypeError, "Credentials must be a list of Credential structs. Item 2 has " "type: {}".format(type('invalid')), setattr, *args)
def test_init_with_args(self): """ Test that an Authentication struct can be constructed with arguments. """ authentication = contents.Authentication( credentials=[ objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******" ) ) ] ) self.assertEqual(1, len(authentication.credentials)) self.assertEqual( objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******" ) ), authentication.credentials[0] )
def test_init(self): """ Test that an Authentication struct can be constructed without arguments. """ authentication = contents.Authentication() self.assertEqual([], authentication.credentials)
def test_not_equal_on_type_mismatch(self): """ Test that the inequality operator returns True when comparing two Authentication structs with different types. """ a = contents.Authentication() b = 'invalid' self.assertTrue(a != b) self.assertTrue(b != a)
def test_handle_message_loop_with_authentication_failure( self, request_mock, cert_mock): """ Test that the correct logging and error handling occurs when an authentication error is generated while processing a request. """ data = utils.BytearrayStream(()) cert_mock.return_value = 'test_certificate' kmip_engine = engine.KmipEngine() kmip_engine._logger = mock.MagicMock() kmip_session = session.KmipSession(kmip_engine, None, None, name='name', enable_tls_client_auth=False) kmip_session.authenticate = mock.MagicMock() kmip_session.authenticate.side_effect = exceptions.PermissionDenied( "Authentication failed.") kmip_session._engine = mock.MagicMock() kmip_session._engine.default_protocol_version = \ kmip_engine.default_protocol_version kmip_session._logger = mock.MagicMock() kmip_session._connection = mock.MagicMock() kmip_session._receive_request = mock.MagicMock(return_value=data) kmip_session._send_response = mock.MagicMock() fake_version = contents.ProtocolVersion(1, 2) fake_credential = objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******")) fake_header = messages.RequestHeader( protocol_version=fake_version, authentication=contents.Authentication( credentials=[fake_credential])) fake_request = messages.RequestMessage() fake_request.request_header = fake_header fake_request.read = mock.MagicMock() request_mock.return_value = fake_request kmip_session._handle_message_loop() kmip_session._receive_request.assert_called_once_with() fake_request.read.assert_called_once_with( data, kmip_version=enums.KMIPVersion.KMIP_1_2) kmip_session.authenticate.assert_called_once_with( "test_certificate", fake_request) kmip_session._logger.warning.assert_called_once_with( "Authentication failed.") kmip_session._engine.build_error_response.assert_called_once_with( fake_version, enums.ResultReason.AUTHENTICATION_NOT_SUCCESSFUL, "An error occurred during client authentication. " "See server logs for more information.") kmip_session._logger.exception.assert_not_called() self.assertTrue(kmip_session._send_response.called)
def read(self, istream, kmip_version=enums.KMIPVersion.KMIP_1_0): super(RequestHeader, self).read( istream, kmip_version=kmip_version ) tstream = BytearrayStream(istream.read(self.length)) self.protocol_version = contents.ProtocolVersion() self.protocol_version.read(tstream, kmip_version=kmip_version) kmip_version = contents.protocol_version_to_kmip_version( self.protocol_version ) # Read the maximum response size if it is present if self.is_tag_next(Tags.MAXIMUM_RESPONSE_SIZE, tstream): self.maximum_response_size = contents.MaximumResponseSize() self.maximum_response_size.read(tstream, kmip_version=kmip_version) # Read the asynchronous indicator if it is present if self.is_tag_next(Tags.ASYNCHRONOUS_INDICATOR, tstream): self.asynchronous_indicator = contents.AsynchronousIndicator() self.asynchronous_indicator.read( tstream, kmip_version=kmip_version ) # Read the authentication if it is present if self.is_tag_next(Tags.AUTHENTICATION, tstream): self.authentication = contents.Authentication() self.authentication.read(tstream, kmip_version=kmip_version) # Read the batch error continuation option if it is present if self.is_tag_next(Tags.BATCH_ERROR_CONTINUATION_OPTION, tstream): self.batch_error_cont_option = BatchErrorContinuationOption() self.batch_error_cont_option.read( tstream, kmip_version=kmip_version ) # Read the batch order option if it is present if self.is_tag_next(Tags.BATCH_ORDER_OPTION, tstream): self.batch_order_option = contents.BatchOrderOption() self.batch_order_option.read(tstream, kmip_version=kmip_version) # Read the time stamp if it is present if self.is_tag_next(Tags.TIME_STAMP, tstream): self.time_stamp = contents.TimeStamp() self.time_stamp.read(tstream, kmip_version=kmip_version) self.batch_count = contents.BatchCount() self.batch_count.read(tstream, kmip_version=kmip_version) self.is_oversized(tstream)
def test_write_missing_credentials(self): """ Test that a ValueError gets raised when attempting to write a Authentication struct missing credentials data to a data stream. """ authentication = contents.Authentication() stream = utils.BytearrayStream() args = (stream, ) self.assertRaisesRegex(ValueError, "Authentication struct missing credentials.", authentication.write, *args)
def test_authenticate_against_slugs(self, mock_connector): """ Test that the session correctly handles authentication with SLUGS. """ mock_instance = mock.MagicMock() mock_instance.authenticate.return_value = ("John Doe", ["Group A"]) mock_connector.return_value = mock_instance kmip_session = session.KmipSession( None, None, ("127.0.0.1", 48026), name='TestSession', auth_settings=[( "auth:slugs", {"enabled": "True", "url": "test_url"} )] ) kmip_session._logger = mock.MagicMock() fake_credential = objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******" ) ) fake_request = messages.RequestMessage( request_header=messages.RequestHeader( authentication=contents.Authentication( credentials=[fake_credential] ) ) ) result = kmip_session.authenticate( "fake_certificate", fake_request ) mock_connector.assert_any_call("test_url") kmip_session._logger.debug.assert_any_call( "Authenticating with plugin: auth:slugs" ) mock_instance.authenticate.assert_any_call( "fake_certificate", (("127.0.0.1", 48026), kmip_session._session_time), fake_request.request_header.authentication.credentials ) kmip_session._logger.debug( "Authentication succeeded for client identity: John Doe" ) self.assertEqual(2, len(result)) self.assertEqual("John Doe", result[0]) self.assertEqual(["Group A"], result[1])
def test_read_missing_credentials(self): """ Test that a ValueError gets raised when attempting to read an Authentication struct from a data stream missing credentials data. """ authentication = contents.Authentication() self.assertEqual([], authentication.credentials) args = (self.encoding_missing_credentials, ) self.assertRaisesRegex(ValueError, "Authentication encoding missing credentials.", authentication.read, *args)
def test_authenticate_against_slugs_with_failure(self, mock_connector): """ Test that the session correctly handles a SLUGS authentication error. """ mock_instance = mock.MagicMock() test_exception = exceptions.PermissionDenied( "Unrecognized user ID: John Doe" ) mock_instance.authenticate.side_effect = test_exception mock_connector.return_value = mock_instance kmip_session = session.KmipSession( None, None, ("127.0.0.1", 48026), name='TestSession', auth_settings=[( "auth:slugs", {"enabled": "True", "url": "test_url"} )] ) kmip_session._logger = mock.MagicMock() fake_credential = objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******" ) ) fake_request = messages.RequestMessage( request_header=messages.RequestHeader( authentication=contents.Authentication( credentials=[fake_credential] ) ) ) args = ("fake_certificate", fake_request) self.assertRaisesRegexp( exceptions.PermissionDenied, "Authentication failed.", kmip_session.authenticate, *args ) mock_connector.assert_any_call("test_url") kmip_session._logger.debug.assert_any_call( "Authenticating with plugin: auth:slugs" ) kmip_session._logger.warning.assert_any_call("Authentication failed.") kmip_session._logger.exception.assert_any_call(test_exception)
def test_invalid_credentials(self): """ Test that a TypeError is raised when an invalid value is used to set the credentials of an Authentication struct. """ kwargs = {'credentials': 'invalid'} self.assertRaisesRegex( TypeError, "Credentials must be a list of Credential structs.", contents.Authentication, **kwargs) authentication = contents.Authentication() args = (authentication, "credentials", 'invalid') self.assertRaisesRegex( TypeError, "Credentials must be a list of Credential structs.", setattr, *args)
def test_str(self): """ Test that str can be applied to an Authentication struct. """ # Test with a UsernamePasswordCredential. authentication = contents.Authentication(credentials=[ objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******")) ]) expected = str({ "credentials": [{ "credential_type": enums.CredentialType.USERNAME_AND_PASSWORD, "credential_value": str({ "username": "******", "password": "******" }) }] }) observed = str(authentication) self.assertEqual(expected, observed) # Test with a DeviceCredential. authentication = contents.Authentication(credentials=[ objects.Credential(credential_type=enums.CredentialType.DEVICE, credential_value=objects.DeviceCredential( device_serial_number="serNum123456", password="******", device_identifier="devID2233", network_identifier="netID9000", machine_identifier="machineID1", media_identifier="mediaID313")) ]) expected = str({ "credentials": [{ "credential_type": enums.CredentialType.DEVICE, "credential_value": str({ "device_serial_number": "serNum123456", "password": "******", "device_identifier": "devID2233", "network_identifier": "netID9000", "machine_identifier": "machineID1", "media_identifier": "mediaID313" }) }] }) observed = str(authentication) self.assertEqual(expected, observed) # Test with multiple Credentials. authentication = contents.Authentication(credentials=[ objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******")), objects.Credential(credential_type=enums.CredentialType.DEVICE, credential_value=objects.DeviceCredential( device_serial_number="serNum123456", password="******", device_identifier="devID2233", network_identifier="netID9000", machine_identifier="machineID1", media_identifier="mediaID313")) ]) expected = str({ "credentials": [{ "credential_type": enums.CredentialType.USERNAME_AND_PASSWORD, "credential_value": str({ "username": "******", "password": "******" }) }, { "credential_type": enums.CredentialType.DEVICE, "credential_value": str({ "device_serial_number": "serNum123456", "password": "******", "device_identifier": "devID2233", "network_identifier": "netID9000", "machine_identifier": "machineID1", "media_identifier": "mediaID313" }) }] }) observed = str(authentication) self.assertEqual(expected, observed)
def test_repr(self): """ Test that repr can be applied to an Authentication struct. """ # Test with a UsernamePasswordCredential. authentication = contents.Authentication(credentials=[ objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******")) ]) expected = ("Authentication(" "credentials=[" "Credential(" "credential_type=CredentialType.USERNAME_AND_PASSWORD, " "credential_value=UsernamePasswordCredential(" "username='******', " "password='******'))])") observed = repr(authentication) self.assertEqual(expected, observed) # Test with a DeviceCredential. authentication = contents.Authentication(credentials=[ objects.Credential(credential_type=enums.CredentialType.DEVICE, credential_value=objects.DeviceCredential( device_serial_number="serNum123456", password="******", device_identifier="devID2233", network_identifier="netID9000", machine_identifier="machineID1", media_identifier="mediaID313")) ]) expected = ("Authentication(" "credentials=[" "Credential(" "credential_type=CredentialType.DEVICE, " "credential_value=DeviceCredential(" "device_serial_number='serNum123456', " "password='******', " "device_identifier='devID2233', " "network_identifier='netID9000', " "machine_identifier='machineID1', " "media_identifier='mediaID313'))])") observed = repr(authentication) self.assertEqual(expected, observed) # Test with multiple Credentials. authentication = contents.Authentication(credentials=[ objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******")), objects.Credential(credential_type=enums.CredentialType.DEVICE, credential_value=objects.DeviceCredential( device_serial_number="serNum123456", password="******", device_identifier="devID2233", network_identifier="netID9000", machine_identifier="machineID1", media_identifier="mediaID313")) ]) expected = ("Authentication(" "credentials=[" "Credential(" "credential_type=CredentialType.USERNAME_AND_PASSWORD, " "credential_value=UsernamePasswordCredential(" "username='******', " "password='******')), " "Credential(" "credential_type=CredentialType.DEVICE, " "credential_value=DeviceCredential(" "device_serial_number='serNum123456', " "password='******', " "device_identifier='devID2233', " "network_identifier='netID9000', " "machine_identifier='machineID1', " "media_identifier='mediaID313'))])") observed = repr(authentication) self.assertEqual(expected, observed)
def test_read(self): """ Test that an Authentication struct can be read from a data stream. """ # Test with a single UsernamePasswordCredential. authentication = contents.Authentication() self.assertEqual([], authentication.credentials) authentication.read(self.username_password_encoding) self.assertEqual(1, len(authentication.credentials)) self.assertEqual( objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******")), authentication.credentials[0]) # Test with a single DeviceCredential. authentication = contents.Authentication() self.assertEqual([], authentication.credentials) authentication.read(self.device_encoding) self.assertEqual(1, len(authentication.credentials)) self.assertEqual( objects.Credential(credential_type=enums.CredentialType.DEVICE, credential_value=objects.DeviceCredential( device_serial_number="serNum123456", password="******", device_identifier="devID2233", network_identifier="netID9000", machine_identifier="machineID1", media_identifier="mediaID313")), authentication.credentials[0]) # Test with multiple Credentials. authentication = contents.Authentication() self.assertEqual([], authentication.credentials) authentication.read(self.multiple_credentials_encoding) self.assertEqual(2, len(authentication.credentials)) self.assertEqual( objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******")), authentication.credentials[0]) self.assertEqual( objects.Credential(credential_type=enums.CredentialType.DEVICE, credential_value=objects.DeviceCredential( device_serial_number="serNum123456", password="******", device_identifier="devID2233", network_identifier="netID9000", machine_identifier="machineID1", media_identifier="mediaID313")), authentication.credentials[1])