def test_authorization_trust_request(self):
"""
Test the AuthorizationTrustRequestHandler returns an
AuthorizationTrustResponse if the AuthorizationTrustRequest should be
approved.
"""
auth_trust_request = AuthorizationTrustRequest(
roles=[RoleType.Value("NETWORK")], public_key="public_key")
roles = {"network": AuthorizationType.TRUST}
network = MockNetwork(roles,
connection_status={
"connection_id":
ConnectionStatus.CONNECTION_REQUEST
})
permission_verifer = MockPermissionVerifier()
gossip = MockGossip()
handler = AuthorizationTrustRequestHandler(network, permission_verifer,
gossip)
handler_status = handler.handle("connection_id",
auth_trust_request.SerializeToString())
self.assertEqual(handler_status.status, HandlerStatus.RETURN)
self.assertEqual(handler_status.message_type,
validator_pb2.Message.AUTHORIZATION_TRUST_RESPONSE)
def test_authorization_trust_request_bad_last_message(self):
"""
Test the AuthorizationTrustRequestHandler returns an
AuthorizationViolation and closes the connection if the last message
was not a ConnectionRequest.
"""
auth_trust_request = AuthorizationTrustRequest(
roles=[RoleType.Value("NETWORK")],
public_key="public_key")
roles = {"network": AuthorizationType.TRUST}
network = MockNetwork(
roles,
connection_status={"connection_id":
"other"})
permission_verifer = MockPermissionVerifier()
gossip = MockGossip()
handler = AuthorizationTrustRequestHandler(
network, permission_verifer, gossip)
handler_status = handler.handle(
"connection_id",
auth_trust_request.SerializeToString())
self.assertEqual(handler_status.status, HandlerStatus.RETURN_AND_CLOSE)
self.assertEqual(
handler_status.message_type,
validator_pb2.Message.AUTHORIZATION_VIOLATION)
def do_authorization_challenge_submit():
"""
Test the AuthorizationChallengeSubmitHandler returns an
AuthorizationChallengeResult.
"""
context = create_context('secp256k1')
private_key = context.new_random_private_key()
crypto_factory = CryptoFactory(context)
signer = crypto_factory.new_signer(private_key)
payload = os.urandom(10)
signature = signer.sign(payload)
auth_challenge_submit = AuthorizationChallengeSubmit(
public_key=signer.get_public_key().as_hex(),
signature=signature,
roles=[RoleType.Value("NETWORK")])
roles = {"network": AuthorizationType.TRUST}
network = MockNetwork(roles,
connection_status={
"connection_id":
ConnectionStatus.AUTH_CHALLENGE_REQUEST
})
permission_verifer = MockPermissionVerifier()
gossip = MockGossip()
handler = AuthorizationChallengeSubmitHandler(network, permission_verifer,
gossip,
{"connection_id": payload})
handler_status = handler.handle("connection_id",
auth_challenge_submit.SerializeToString())
return handler_status
def test_authorization_challenge_submit(self):
"""
Test the AuthorizationChallengeSubmitHandler returns an
AuthorizationViolation and closes the connection if the permission
verifier does not permit the public_key.
"""
private_key = signing.generate_private_key()
public_key = signing.generate_public_key(private_key)
payload = os.urandom(10)
signature = signing.sign(payload, private_key)
auth_challenge_submit = AuthorizationChallengeSubmit(
public_key=public_key,
payload=payload,
signature=signature,
roles=[RoleType.Value("NETWORK")])
roles = {"network": AuthorizationType.TRUST}
network = MockNetwork(roles,
connection_status={
"connection_id":
ConnectionStatus.AUTH_CHALLENGE_REQUEST
})
permission_verifer = MockPermissionVerifier(allow=False)
gossip = MockGossip()
handler = AuthorizationChallengeSubmitHandler(network,
permission_verifer,
gossip)
handler_status = handler.handle(
"connection_id", auth_challenge_submit.SerializeToString())
self.assertEqual(handler_status.status, HandlerStatus.RETURN_AND_CLOSE)
self.assertEqual(handler_status.message_type,
validator_pb2.Message.AUTHORIZATION_VIOLATION)
def test_authorization_challenge_submit_bad_last_message(self):
"""
Test the AuthorizationChallengeSubmitHandler returns an
AuthorizationViolation and closes the connection if the last message
was not AuthorizaitonChallengeRequest.
"""
context = create_context('secp256k1')
private_key = context.new_random_private_key()
crypto_factory = CryptoFactory(context)
signer = crypto_factory.new_signer(private_key)
payload = os.urandom(10)
signature = signer.sign(payload)
auth_challenge_submit = AuthorizationChallengeSubmit(
public_key=signer.get_public_key().as_hex(),
signature=signature,
roles=[RoleType.Value("NETWORK")])
roles = {"network": AuthorizationType.TRUST}
network = MockNetwork(roles,
connection_status={"connection_id": "other"})
permission_verifer = MockPermissionVerifier()
gossip = MockGossip()
handler = AuthorizationChallengeSubmitHandler(
network, permission_verifer, gossip, {"connection_id": payload})
handler_status = handler.handle(
"connection_id", auth_challenge_submit.SerializeToString())
self.assertEqual(handler_status.status, HandlerStatus.RETURN_AND_CLOSE)
self.assertEqual(handler_status.message_type,
validator_pb2.Message.AUTHORIZATION_VIOLATION)
def test_authorization_trust_request_not_permitted(self):
"""
Test the AuthorizationTrustRequestHandler returns an
AuthorizationViolation and closes the connection if the permission
verifier does not permit the connections public key.
"""
auth_trust_request = AuthorizationTrustRequest(
roles=[RoleType.Value("NETWORK")], public_key="public_key")
roles = {"network": AuthorizationType.TRUST}
network = MockNetwork(roles,
connection_status={
"connection_id":
ConnectionStatus.CONNECTION_REQUEST
})
# say that connection is not permitted
permission_verifer = MockPermissionVerifier(allow=False)
gossip = MockGossip()
handler = AuthorizationTrustRequestHandler(network, permission_verifer,
gossip)
handler_status = handler.handle("connection_id",
auth_trust_request.SerializeToString())
self.assertEqual(handler_status.status, HandlerStatus.RETURN_AND_CLOSE)
self.assertEqual(handler_status.message_type,
validator_pb2.Message.AUTHORIZATION_VIOLATION)
def test_ping_handler(self):
"""
Test the PingHandler allows a ping from a connection who has not
finished authorization and returns a NetworkAck. Also test that
if that connection sends another ping in a short time period, the
connection is deemed malicious, an AuthorizationViolation is returned,
and the connection is closed.
"""
ping = PingRequest()
network = MockNetwork({},
connection_status={"connection_id":
None})
handler = PingHandler(network)
handler_status = handler.handle("connection_id",
ping.SerializeToString())
self.assertEqual(handler_status.status, HandlerStatus.RETURN)
self.assertEqual(
handler_status.message_type,
validator_pb2.Message.PING_RESPONSE)
handler_status = handler.handle("connection_id",
ping.SerializeToString())
self.assertEqual(handler_status.status, HandlerStatus.RETURN_AND_CLOSE)
self.assertEqual(
handler_status.message_type,
validator_pb2.Message.AUTHORIZATION_VIOLATION)
def do_connect():
connect_message = ConnectionRequest(endpoint="endpoint")
roles = {"network": AuthorizationType.TRUST}
network = MockNetwork(roles)
handler = ConnectHandler(network)
handler_status = handler.handle("connection_id",
connect_message.SerializeToString())
return handler_status
def do_ping_handler():
"""
Test the PingHandler returns a NetworkAck if the connection has
has finished authorization.
"""
ping = PingRequest()
network = MockNetwork(
{}, connection_status={"connection_id": ConnectionStatus.CONNECTED})
handler = PingHandler(network)
handler_status = handler.handle("connection_id", ping.SerializeToString())
return handler_status
def test_connect_bad_endpoint(self):
"""
Test the ConnectHandler correctly responds to a ConnectionRequest.
"""
connect_message = ConnectionRequest(endpoint="tcp://0.0.0.0:8800")
roles = {"network": AuthorizationType.TRUST}
network = MockNetwork(roles)
handler = ConnectHandler(network)
handler_status = handler.handle("connection_id",
connect_message.SerializeToString())
self.assertEqual(handler_status.status, HandlerStatus.RETURN_AND_CLOSE)
self.assertEqual(
handler_status.message_type,
validator_pb2.Message.AUTHORIZATION_CONNECTION_RESPONSE)
def test_ping_handler(self):
"""
Test the PingHandler returns a NetworkAck if the connection has
has finished authorization.
"""
ping = PingRequest()
network = MockNetwork(
{},
connection_status={"connection_id": ConnectionStatus.CONNECTED})
handler = PingHandler(network)
handler_status = handler.handle("connection_id",
ping.SerializeToString())
self.assertEqual(handler_status.status, HandlerStatus.RETURN)
self.assertEqual(handler_status.message_type,
validator_pb2.Message.PING_RESPONSE)
def test_connect_not_allowing_incoming_connections(self):
"""
Test the ConnectHandler closes a connection if we are not accepting
incoming connections
"""
connect_message = ConnectionRequest(endpoint="endpoint")
roles = {"network": AuthorizationType.TRUST}
network = MockNetwork(roles, allow_inbound=False)
handler = ConnectHandler(network)
handler_status = handler.handle("connection_id",
connect_message.SerializeToString())
self.assertEqual(handler_status.status, HandlerStatus.RETURN_AND_CLOSE)
self.assertEqual(
handler_status.message_type,
validator_pb2.Message.AUTHORIZATION_CONNECTION_RESPONSE)
def test_connect_bad_role_type(self):
"""
Test the ConnectHandler closes the connection if the role has an
unsupported role type.
"""
connect_message = ConnectionRequest(endpoint="endpoint")
roles = {"network": "other"}
network = MockNetwork(roles)
handler = ConnectHandler(network)
handler_status = handler.handle("connection_id",
connect_message.SerializeToString())
self.assertEqual(handler_status.status, HandlerStatus.RETURN_AND_CLOSE)
self.assertEqual(
handler_status.message_type,
validator_pb2.Message.AUTHORIZATION_CONNECTION_RESPONSE)
def test_connect_wrong_previous_message(self):
"""
Test the ConnectHandler closes a connection if any authorization
message has been recieved before this connection request.
"""
connect_message = ConnectionRequest(endpoint="endpoint")
roles = {"network": AuthorizationType.TRUST}
network = MockNetwork(roles,
connection_status={"connection_id": "other"})
handler = ConnectHandler(network)
handler_status = handler.handle("connection_id",
connect_message.SerializeToString())
self.assertEqual(handler_status.status, HandlerStatus.RETURN_AND_CLOSE)
self.assertEqual(
handler_status.message_type,
validator_pb2.Message.AUTHORIZATION_CONNECTION_RESPONSE)
def test_authorization_challenge_request_bad_last_message(self):
"""
Test the AuthorizationChallengeRequestHandler returns an
AuthorizationViolation and closes the connection if the last message
was not a ConnectionRequst
"""
auth_challenge_request = AuthorizationChallengeRequest()
roles = {"network": AuthorizationType.TRUST}
network = MockNetwork(roles,
connection_status={"connection_id": "other"})
handler = AuthorizationChallengeRequestHandler(network)
handler_status = handler.handle(
"connection_id", auth_challenge_request.SerializeToString())
self.assertEqual(handler_status.status, HandlerStatus.RETURN_AND_CLOSE)
self.assertEqual(handler_status.message_type,
validator_pb2.Message.AUTHORIZATION_VIOLATION)
def do_authorization_challenge_request():
"""
Test the AuthorizationChallengeRequestHandler returns an
AuthorizationChallengeResponse.
"""
auth_challenge_request = AuthorizationChallengeRequest()
roles = {"network": AuthorizationType.TRUST}
network = MockNetwork(roles,
connection_status={
"connection_id":
ConnectionStatus.CONNECTION_REQUEST
})
handler = AuthorizationChallengeRequestHandler(network)
handler_status = handler.handle("connection_id",
auth_challenge_request.SerializeToString())
return handler_status
def test_authorization_challenge_request(self):
"""
Test the AuthorizationChallengeRequestHandler returns an
AuthorizationChallengeResponse.
"""
auth_challenge_request = AuthorizationChallengeRequest()
roles = {"network": AuthorizationType.TRUST}
network = MockNetwork(roles,
connection_status={
"connection_id":
ConnectionStatus.CONNECTION_REQUEST
})
handler = AuthorizationChallengeRequestHandler(network)
handler_status = handler.handle(
"connection_id", auth_challenge_request.SerializeToString())
self.assertEqual(handler_status.status, HandlerStatus.RETURN)
self.assertEqual(
handler_status.message_type,
validator_pb2.Message.AUTHORIZATION_CHALLENGE_RESPONSE)
def do_authorization_trust_request():
"""
Test the AuthorizationTrustRequestHandler returns an
AuthorizationTrustResponse if the AuthorizationTrustRequest should be
approved.
"""
auth_trust_request = AuthorizationTrustRequest(
roles=[RoleType.Value("NETWORK")], public_key="public_key")
roles = {"network": AuthorizationType.TRUST}
network = MockNetwork(roles,
connection_status={
"connection_id":
ConnectionStatus.CONNECTION_REQUEST
})
permission_verifer = MockPermissionVerifier()
gossip = MockGossip()
handler = AuthorizationTrustRequestHandler(network, permission_verifer,
gossip)
handler_status = handler.handle("connection_id",
auth_trust_request.SerializeToString())
return handler_status
