def test_nonce_validation(self): nm = SignedNonceManager(timeout=0.1) request = make_request(HTTP_USER_AGENT="good-user") # malformed nonces should be invalid self.failIf(nm.is_valid_nonce("", request)) self.failIf(nm.is_valid_nonce("IHACKYOU", request)) # immediately-generated nonces should be valid. nonce = nm.generate_nonce(request) self.failUnless(nm.is_valid_nonce(nonce, request)) # tampered-with nonces should be invalid self.failIf(nm.is_valid_nonce(nonce + "IHACKYOU", request)) # nonces are only valid for specific user-agent request2 = make_request(HTTP_USER_AGENT="nasty-hacker") self.failIf(nm.is_valid_nonce(nonce, request2)) # expired nonces should be invalid self.failUnless(nm.is_valid_nonce(nonce, request)) time.sleep(0.1) self.failIf(nm.is_valid_nonce(nonce, request))
def test_nonce_validation(self): nm = SignedNonceManager(timeout=0.1) request = make_request(HTTP_USER_AGENT="good-user") # malformed nonces should be invalid self.failIf(nm.is_valid_nonce("", request)) self.failIf(nm.is_valid_nonce("IHACKYOU", request)) # immediately-generated nonces should be valid. nonce = nm.generate_nonce(request) self.failUnless(nm.is_valid_nonce(nonce, request)) # tampered-with nonces should be invalid self.failIf(nm.is_valid_nonce(nonce + "IHACKYOU", request)) # nonces are only valid for specific user-agent request2 = make_request(HTTP_USER_AGENT="nasty-hacker") self.failIf(nm.is_valid_nonce(nonce, request2)) # expired nonces should be invalid self.failUnless(nm.is_valid_nonce(nonce, request)) time.sleep(0.1) self.failIf(nm.is_valid_nonce(nonce, request))
def test_next_nonce_generation(self): nm = SignedNonceManager(soft_timeout=0.1) request = make_request() nonce1 = nm.generate_nonce(request) self.failUnless(nm.is_valid_nonce(nonce1, request)) # next-nonce is not generated until the soft timeout expires. self.assertEquals(nm.get_next_nonce(nonce1, request), None) time.sleep(0.1) nonce2 = nm.get_next_nonce(nonce1, request) self.assertNotEquals(nonce2, None) self.assertNotEquals(nonce2, nonce1) self.failUnless(nm.is_valid_nonce(nonce1, request)) self.failUnless(nm.is_valid_nonce(nonce2, request))
def test_pseudorandom_bytes(self): nm = SignedNonceManager() request = make_request() nonce1 = nm.generate_nonce(request) nonce2 = nm.generate_nonce(request) for size in (4, 8, 32, 64, 212, 1234): # We should be able to generate strings of any size. self.assertEquals(len(nm.get_prandom_bytes(nonce1, size)), size) # We should get the same bytes from the same nonce. self.assertEquals(nm.get_prandom_bytes(nonce1, size), nm.get_prandom_bytes(nonce1, size)) self.assertEquals(nm.get_prandom_bytes(nonce2, size), nm.get_prandom_bytes(nonce2, size)) # We should get different bytes from different nonces. self.assertNotEquals(nm.get_prandom_bytes(nonce1, size), nm.get_prandom_bytes(nonce2, size))
def __init__(self, realm, nonce_manager=None, domain=None, algorithm=None, get_password=None, get_verifier=None, groupfinder=None): if nonce_manager is None: nonce_manager = SignedNonceManager() if algorithm is None: algorithm = "SRP-1024-SHA1" self.realm = realm self.nonce_manager = nonce_manager self.domain = domain self.algorithm = algorithm self.get_password = get_password self.get_verifier = get_verifier self.groupfinder = groupfinder
def test_next_nonce_generation(self): nm = SignedNonceManager(soft_timeout=0.1) request = make_request() nonce1 = nm.generate_nonce(request) self.failUnless(nm.is_valid_nonce(nonce1, request)) # next-nonce is not generated until the soft timeout expires. self.assertEquals(nm.get_next_nonce(nonce1, request), None) time.sleep(0.1) nonce2 = nm.get_next_nonce(nonce1, request) self.assertNotEquals(nonce2, None) self.assertNotEquals(nonce2, nonce1) self.failUnless(nm.is_valid_nonce(nonce1, request)) self.failUnless(nm.is_valid_nonce(nonce2, request))
def test_pseudorandom_bytes(self): nm = SignedNonceManager() request = make_request() nonce1 = nm.generate_nonce(request) nonce2 = nm.generate_nonce(request) for size in (4, 8, 32, 64, 212, 1234): # We should be able to generate strings of any size. self.assertEquals(len(nm.get_prandom_bytes(nonce1, size)), size) # We should get the same bytes from the same nonce. self.assertEquals(nm.get_prandom_bytes(nonce1, size), nm.get_prandom_bytes(nonce1, size)) self.assertEquals(nm.get_prandom_bytes(nonce2, size), nm.get_prandom_bytes(nonce2, size)) # We should get different bytes from different nonces. self.assertNotEquals(nm.get_prandom_bytes(nonce1, size), nm.get_prandom_bytes(nonce2, size))
def test_auto_purging_of_expired_nonces(self): nm = SignedNonceManager(timeout=0.2) request = make_request() nonce1 = nm.generate_nonce(request) nm.set_nonce_count(nonce1, 1) time.sleep(0.1) # nonce1 hasn't expired, so adding a new one won't purge it nonce2 = nm.generate_nonce(request) nm.set_nonce_count(nonce2, 1) self.assertEquals(nm.get_nonce_count(nonce1), 1) time.sleep(0.1) # nonce1 has expired, it should be purged when adding another. # nonce2 hasn't expired so it should remain in memory. nonce3 = nm.generate_nonce(request) nm.set_nonce_count(nonce3, 1) self.assertEquals(nm.get_nonce_count(nonce1), None) self.assertEquals(nm.get_nonce_count(nonce2), 1)
def test_nonce_count_management(self): nm = SignedNonceManager(timeout=0.1) request = make_request() nonce1 = nm.generate_nonce(request) self.assertEquals(nm.get_nonce_count(nonce1), None) nm.set_nonce_count(nonce1, 1) self.assertEquals(nm.get_nonce_count(nonce1), 1) # purging won't remove it until it has expired. nm._purge_expired_nonces() self.assertEquals(nm.get_nonce_count(nonce1), 1) time.sleep(0.1) nm._purge_expired_nonces() self.assertEquals(nm.get_nonce_count(nonce1), None)
def test_auto_purging_of_expired_nonces(self): nm = SignedNonceManager(timeout=0.2) request = make_request() nonce1 = nm.generate_nonce(request) nm.set_nonce_count(nonce1, 1) time.sleep(0.1) # nonce1 hasn't expired, so adding a new one won't purge it nonce2 = nm.generate_nonce(request) nm.set_nonce_count(nonce2, 1) self.assertEquals(nm.get_nonce_count(nonce1), 1) time.sleep(0.1) # nonce1 has expired, it should be purged when adding another. # nonce2 hasn't expired so it should remain in memory. nonce3 = nm.generate_nonce(request) nm.set_nonce_count(nonce3, 1) self.assertEquals(nm.get_nonce_count(nonce1), None) self.assertEquals(nm.get_nonce_count(nonce2), 1)
def test_nonce_count_management(self): nm = SignedNonceManager(timeout=0.1) request = make_request() nonce1 = nm.generate_nonce(request) self.assertEquals(nm.get_nonce_count(nonce1), None) nm.set_nonce_count(nonce1, 1) self.assertEquals(nm.get_nonce_count(nonce1), 1) # purging won't remove it until it has expired. nm._purge_expired_nonces() self.assertEquals(nm.get_nonce_count(nonce1), 1) time.sleep(0.1) nm._purge_expired_nonces() self.assertEquals(nm.get_nonce_count(nonce1), None)