def setUp(self): self.logger = FakeLogger() try: self.mdb = VCCS_MongoDB('127.0.0.1', 27017, self.logger, collection="TEST_vccs_auth_credstore_TEST") except: raise unittest.SkipTest("requires accessible MongoDB server on 127.0.0.1") self.cred_data = {'type': 'password', 'kdf': 'PBKDF2-HMAC-SHA512', 'status': 'active', 'version': 'NDNv1', 'derived_key': 'aa' * (512 / 8), 'key_handle': 0x2000, 'iterations': 100, 'credential_id': 4711, 'salt': '12345678901234567890123456789012', }
def setUp(self): self.logger = FakeLogger() try: self.mdb = VCCS_MongoDB("127.0.0.1", 27017, self.logger, collection="TEST_vccs_auth_credstore_TEST") except: raise unittest.SkipTest("requires accessible MongoDB server on 127.0.0.1") self.cred_data = { "type": "password", "kdf": "PBKDF2-HMAC-SHA512", "status": "active", "version": "NDNv1", "derived_key": "aa" * (512 / 8), "key_handle": 0x2000, "iterations": 100, "credential_id": 4711, "salt": "12345678901234567890123456789012", }
def main(myname='vccs_authbackend'): """ Initialize everything and start the authentication backend. :param myname: String used for logging """ args = parse_args() # initialize various components config = vccs_auth.config.VCCSAuthConfig(args.config_file, args.debug) logger = VCCSLogger(myname, config) kdf = ndnkdf.NDNKDF(config.nettle_path) hsm_lock = threading.RLock() hasher = vccs_auth.hasher.hasher_from_string(config.yhsm_device, hsm_lock, debug=config.debug) credstore = VCCSAuthCredentialStoreMongoDB(config.mongodb_uri, logger) cherry_conf = { 'server.thread_pool': config.num_threads, 'server.socket_host': config.listen_addr, 'server.socket_port': config.listen_port, # enables X-Forwarded-For, since BCP is to run this server # behind a webserver that handles SSL 'tools.proxy.on': True, } if config.logdir: cherry_conf['log.access_file'] = os.path.join(config.logdir, 'access.log') cherry_conf['log.error_file'] = os.path.join(config.logdir, 'error.log') else: sys.stderr.write("NOTE: Config option 'logdir' not set.\n") cherry_conf['log.screen'] = True cherrypy.config.update(cherry_conf) logger.logger.info( "Starting server listening on {!s}:{!s} (loglevel {!r})".format( config.listen_addr, config.listen_port, logger.logger.getEffectiveLevel())) cherrypy.quickstart(AuthBackend(hasher, kdf, logger, credstore, config))
def setUp(self): self.logger = FakeLogger() try: self.mdb = VCCS_MongoDB('127.0.0.1', 27017, self.logger, collection="TEST_vccs_auth_credstore_TEST") except: raise unittest.SkipTest( "requires accessible MongoDB server on 127.0.0.1") self.cred_data = { 'type': 'password', 'kdf': 'PBKDF2-HMAC-SHA512', 'status': 'active', 'version': 'NDNv1', 'derived_key': 'aa' * (512 / 8), 'key_handle': 0x2000, 'iterations': 100, 'credential_id': 4711, 'salt': '12345678901234567890123456789012', }
class TestCredStore(unittest.TestCase): def setUp(self): self.logger = FakeLogger() try: self.mdb = VCCS_MongoDB('127.0.0.1', 27017, self.logger, collection="TEST_vccs_auth_credstore_TEST") except: raise unittest.SkipTest( "requires accessible MongoDB server on 127.0.0.1") self.cred_data = { 'type': 'password', 'kdf': 'PBKDF2-HMAC-SHA512', 'status': 'active', 'version': 'NDNv1', 'derived_key': 'aa' * (512 / 8), 'key_handle': 0x2000, 'iterations': 100, 'credential_id': 4711, 'salt': '12345678901234567890123456789012', } def test_mdb_aaa_empty_collection(self): """ Empty collection of any leftovers from previous runs. """ res = self.mdb.credentials.remove() self.assertEqual(res['err'], None) def test_mdb_add_credential(self): """ Test adding a credential to MongoDB credential store. """ cred = vccs_auth.credential.from_dict(self.cred_data, None) id_ = self.mdb.add_credential(cred) print("Added credential -> id : {!r}".format(id_)) cred2 = self.mdb.get_credential(self.cred_data['credential_id']) print("Fetched credential :\n{}".format(pformat(cred2))) self.assertEqual(cred2.to_dict(), self.cred_data) def test_mdb_add_duplicate_credential(self): """ Test adding a duplicate credential to MongoDB credential store. """ this_id = 9797 data = self.cred_data data['credential_id'] = this_id cred = vccs_auth.credential.from_dict(data, None) self.mdb.add_credential(cred) cred.derived_key(new='bb' * (512 / 8)) print cred.to_dict() self.assertFalse(self.mdb.add_credential(cred)) def test_mdb_get_unknown_credential(self): """ Test fetching unknown credential. """ res = self.mdb.get_credential(1234567890) self.assertEqual(res, None) def test_mdb_revoking_credential(self): """ Test revoking a credential. """ this_id = 9898 data = self.cred_data data['credential_id'] = this_id cred = vccs_auth.credential.from_dict(data, None) self.mdb.add_credential(cred) # assert no exception cred2 = self.mdb.get_credential(this_id) print("Revoking credential :\n{}".format(pformat(cred2))) cred2.revoke({'reason': 'unit testing'}) self.mdb.update_credential(cred2) # assert exception when fetching revoked credential with self.assertRaises(vccs_auth.credential.VCCSAuthCredentialError): self.mdb.get_credential(this_id) # assert exception when trying to activate credential again with self.assertRaises(ValueError): cred2.status('active') def test_mdb_credential_repr(self): """ Test the __repr__ method of a credential. """ cred = vccs_auth.credential.from_dict(self.cred_data, None) res = repr(cred) print "Credential : {!r}".format(res) self.assertTrue(hex(self.cred_data['key_handle']) in res) self.assertTrue(self.cred_data['type'] in res)
class TestCredStore(unittest.TestCase): def setUp(self): self.logger = FakeLogger() try: self.mdb = VCCS_MongoDB('127.0.0.1', 27017, self.logger, collection="TEST_vccs_auth_credstore_TEST") except: raise unittest.SkipTest("requires accessible MongoDB server on 127.0.0.1") self.cred_data = {'type': 'password', 'kdf': 'PBKDF2-HMAC-SHA512', 'status': 'active', 'version': 'NDNv1', 'derived_key': 'aa' * (512 / 8), 'key_handle': 0x2000, 'iterations': 100, 'credential_id': 4711, 'salt': '12345678901234567890123456789012', } def test_mdb_aaa_empty_collection(self): """ Empty collection of any leftovers from previous runs. """ res = self.mdb.credentials.remove() self.assertEqual(res['err'], None) def test_mdb_add_credential(self): """ Test adding a credential to MongoDB credential store. """ cred = vccs_auth.credential.from_dict(self.cred_data, None) id_ = self.mdb.add_credential(cred) print("Added credential -> id : {!r}".format(id_)) cred2 = self.mdb.get_credential(self.cred_data['credential_id']) print("Fetched credential :\n{}".format(pformat(cred2))) self.assertEqual(cred2.to_dict(), self.cred_data) def test_mdb_add_duplicate_credential(self): """ Test adding a duplicate credential to MongoDB credential store. """ this_id = 9797 data = self.cred_data data['credential_id'] = this_id cred = vccs_auth.credential.from_dict(data, None) self.mdb.add_credential(cred) cred.derived_key(new='bb' * (512 / 8)) print cred.to_dict() self.assertFalse(self.mdb.add_credential(cred)) def test_mdb_get_unknown_credential(self): """ Test fetching unknown credential. """ res = self.mdb.get_credential(1234567890) self.assertEqual(res, None) def test_mdb_revoking_credential(self): """ Test revoking a credential. """ this_id = 9898 data = self.cred_data data['credential_id'] = this_id cred = vccs_auth.credential.from_dict(data, None) self.mdb.add_credential(cred) # assert no exception cred2 = self.mdb.get_credential(this_id) print("Revoking credential :\n{}".format(pformat(cred2))) cred2.revoke({'reason': 'unit testing'}) self.mdb.update_credential(cred2) # assert exception when fetching revoked credential with self.assertRaises(vccs_auth.credential.VCCSAuthCredentialError): self.mdb.get_credential(this_id) # assert exception when trying to activate credential again with self.assertRaises(ValueError): cred2.status('active') def test_mdb_credential_repr(self): """ Test the __repr__ method of a credential. """ cred = vccs_auth.credential.from_dict(self.cred_data, None) res = repr(cred) print "Credential : {!r}".format(res) self.assertTrue(hex(self.cred_data['key_handle']) in res) self.assertTrue(self.cred_data['type'] in res)
class TestCredStore(unittest.TestCase): def setUp(self): self.logger = FakeLogger() try: self.mdb = VCCS_MongoDB("127.0.0.1", 27017, self.logger, collection="TEST_vccs_auth_credstore_TEST") except: raise unittest.SkipTest("requires accessible MongoDB server on 127.0.0.1") self.cred_data = { "type": "password", "kdf": "PBKDF2-HMAC-SHA512", "status": "active", "version": "NDNv1", "derived_key": "aa" * (512 / 8), "key_handle": 0x2000, "iterations": 100, "credential_id": 4711, "salt": "12345678901234567890123456789012", } def test_mdb_aaa_empty_collection(self): """ Empty collection of any leftovers from previous runs. """ res = self.mdb.credentials.remove() self.assertEqual(res["err"], None) def test_mdb_add_credential(self): """ Test adding a credential to MongoDB credential store. """ cred = vccs_auth.credential.from_dict(self.cred_data, None) id_ = self.mdb.add_credential(cred) print ("Added credential -> id : {!r}".format(id_)) cred2 = self.mdb.get_credential(self.cred_data["credential_id"]) print ("Fetched credential :\n{}".format(pformat(cred2))) self.assertEqual(cred2.to_dict(), self.cred_data) def test_mdb_add_duplicate_credential(self): """ Test adding a duplicate credential to MongoDB credential store. """ this_id = 9797 data = self.cred_data data["credential_id"] = this_id cred = vccs_auth.credential.from_dict(data, None) self.mdb.add_credential(cred) cred.derived_key(new="bb" * (512 / 8)) print cred.to_dict() self.assertFalse(self.mdb.add_credential(cred)) def test_mdb_get_unknown_credential(self): """ Test fetching unknown credential. """ res = self.mdb.get_credential(1234567890) self.assertEqual(res, None) def test_mdb_revoking_credential(self): """ Test revoking a credential. """ this_id = 9898 data = self.cred_data data["credential_id"] = this_id cred = vccs_auth.credential.from_dict(data, None) self.mdb.add_credential(cred) # assert no exception cred2 = self.mdb.get_credential(this_id) print ("Revoking credential :\n{}".format(pformat(cred2))) cred2.revoke({"reason": "unit testing"}) self.mdb.update_credential(cred2) # assert exception when fetching revoked credential with self.assertRaises(vccs_auth.credential.VCCSAuthCredentialError): self.mdb.get_credential(this_id) # assert exception when trying to activate credential again with self.assertRaises(ValueError): cred2.status("active") def test_mdb_credential_repr(self): """ Test the __repr__ method of a credential. """ cred = vccs_auth.credential.from_dict(self.cred_data, None) res = repr(cred) print "Credential : {!r}".format(res) self.assertTrue(hex(self.cred_data["key_handle"]) in res) self.assertTrue(self.cred_data["type"] in res)