コード例 #1
0
 def step_cert_activate(self):
     with XRDSSTTest() as app:
         cert_controller = CertController()
         cert_controller.app = app
         for security_server in self.config["security_server"]:
             configuration = cert_controller.create_api_config(security_server, self.config)
             cert_controller.remote_activate_certificate(configuration, security_server)
コード例 #2
0
    def test_internal_tsl_download(self):
        class MockTsl:
            def __init__(self, status, data):
                self.status = status
                self.data = data

        def mocked_download_tsl(self, **kwargs):
            return MockTsl(
                200,
                b'0\x82\x02\x890\x82\x01q\x02\x01\x000D1\x0b0\t\x06\x03U\x04\x06\x13\x02FI1\x0c0\n\x06\x03U\x04\n\x0c\x03UNS1\x180\x16\x06\x03U\x04\x05\x13\x0fDEV/UNS-SS5/GOV1\r0\x0b\x06\x03U\x04\x03\x0c\x0498760\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xb3\x18w\xd4P\x16%\x9d\xc5\x0b\xc2m\x82-l\x1a\xc9\x90\x1b-\xa2\xa1f}\x86\x11AW\xca\xdf\xfb\xd9P\x93N\xcf\xaa\xa9[#\x10\x12\xe3\x1b\x07\n\xc2#9t\x8d\xda"\xb4\x93\xf7\xa9\xde;\x98\xf1,\xef\x89S\xb7\xad\xab\x00\xbbwm\xffr\x19\xb1d\xdf/\xe2\xa1\x14\xd3\xa8\xbf\xfe\xa5:\xab,\xab\xd0\x01\x813}\xe5\xe2\x12)y\xc6\x9d\xea\x96\xbe\xb2\xa81\x99\xdc/Z\x12\xe2\xfdZ&OB\xed\xf3\x8f\xbc\xca\x92lL\x1eJt\xe5\x7f\xbd\xe5\x83W\x19\x95\x9d\x8fv\xac\xdb\x03V1\xff\x80\xaf\xb1Qs\x97O\xd7\x98\x966\xf4\xb3\xff\xfaA6\xf6\xd6\xd6\x9b\xcf\xb2\x94\xb0\xbc\xb9\xf2\\\xfcct\x12`\x8e\xebh8\xc7\xf1 \x93\xd01D\xc1\xc6\xb8\xc4\xf6^\xb5\xa8\xe3\x87~^\xea\x812\x85\xf7\xd7\x99\xd2\xd4\x06\xadvo\xd7\x8ea\xbb\x16\x08\x9c\xc9\x15|;\xacl\xf4\xb7\x88\x9e\x9c\xd2.k\xda\xa4K\xd8\xea\xcf\xac\x8a)\x8dm\x9d#\xad\xd7\xe7-\x02\x03\x01\x00\x01\xa0\x000\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x003!\xa0M\x9bC\xa9\xe5\x8c\x86G\xcf\xc4\xee\xeaoW\x96\xd9\x8e\xd2\nz2\x05\xb7\xaa\xf3\xe0Vi\xf3\x0c\xc4\x1ay\x9eU \x12\xbf\xaen\x88\x04D0O\x19BJy\x88\xd6\xf7\x95w\x9a\x04w\xf4XQz\xceg2\x96\xc1\xdf\xbas\xf8\xb3\xd5~&\xc7:\'\x83}6\x0b\xddE\x15l\xd3H7\x8c6J\x9cf\x0f\xa6y\x7f\xab\xef"\'\xa4\xca\xf4\xf9\xd0\xddf\xf1\xdd4\x10\xe9\xf1;g\x08=\xd1\x17\xabva\xd6\xdb%\x19\xe1*mA\xca\xcc\xa7\x07m\xeb&k\xcaB\xa5\xb8\x93\x11]\xe9x\xcd\xa4\x90\x80\xb2\x9d\x91\x8d\x92}\xca\xd5,\xc8\x7f\x8dT\xa1h\x92\x8bv\x1c\xb8\x17\x7f\xe2\xa3\xdaL\x02<D8\xe4\xd1\xc5bYW\xa5_\nEl}\x93U\x96\t$\\yr6\x0f\x88\xe4\xd8\x96\x81\xe1A\x1f\xe7\x02\x9a\xa6\x19\xff\xdc\x8e\x95\x9e\x89kLAN\xcf\xf4n\x15\xb2\x99\xf5v\xd9\x89\xb7v4$\xce\xf1\xdapr\xd1\x16\x18\x84C\xb3\x1c'
            )

        with XRDSSTTest() as app:
            with mock.patch('xrdsst.api.system_api.SystemApi.download_system_certificate', new=mocked_download_tsl):
                cert_controller = CertController()
                cert_controller.app = app
                cert_controller.load_config = (lambda: self.ss_config)

                # cert_controller.get_server_status = (lambda x, y: StatusTestData.server_status_essentials_complete)
                reported_downloads = cert_controller.download_internal_tsl()

                assert len(reported_downloads) == 2
                assert reported_downloads[0].security_server.count("ssX") == 1
                assert reported_downloads[1].security_server.count("ssY") == 1

                assert cert_controller.app._last_rendered[1].count('ssY') == 2
                # Check file creation
                ssY_cert = list(filter(lambda s: s.count('ssY') > 0, map(lambda s: s.strip(), cert_controller.app._last_rendered[1].split('│')))).pop()

                assert ssY_cert == reported_downloads[1].fs_loc
                assert os.path.exists(ssY_cert)
 def step_cert_download_internal_tsl(self):
     with XRDSSTTest() as app:
         cert_controller = CertController()
         cert_controller.app = app
         cert_controller.load_config = (lambda: self.config)
         result = cert_controller.download_internal_tsl()
         assert len(result) == 1
コード例 #4
0
 def step_cert_download_internal_tsl(self):
     with XRDSSTTest() as app:
         cert_controller = CertController()
         cert_controller.app = app
         for security_server in self.config["security_server"]:
             ss_configuration = cert_controller.create_api_config(security_server, self.config)
             result = cert_controller.remote_download_internal_tsl(ss_configuration, security_server)
             assert len(result) == 1
コード例 #5
0
    def test_cert_register_nonresolving_url(self):
        with XRDSSTTest() as app:
            cert_controller = CertController()
            cert_controller.app = app
            cert_controller.load_config = (lambda: self.ss_config)
            cert_controller.register()

            out, err = self.capsys.readouterr()
            assert out.count("SKIPPED 'ssX': no connectivity") > 0
コード例 #6
0
    def test_cert_import_nonexisting_certs(self):
        with XRDSSTTest() as app:
            cert_controller = CertController()
            cert_controller.app = app
            cert_controller.load_config = (lambda: self.ss_config)
            cert_controller.get_server_status = (lambda x, y: StatusTestData.server_status_essentials_complete)
            cert_controller.import_()

            out, err = self.capsys.readouterr()
            assert out.count("references non-existent file") > 0

            with self.capsys.disabled():
                sys.stdout.write(out)
                sys.stderr.write(err)
    def step_cert_download_csrs(self):
        with XRDSSTTest() as app:
            cert_controller = CertController()
            cert_controller.app = app
            cert_controller.load_config = (lambda: self.config)
            result = cert_controller.download_csrs()
            assert len(result) == 2
            assert result[0].fs_loc != result[1].fs_loc

            return [
                ('sign',
                 next(csr.fs_loc for csr in result if csr.key_type == 'SIGN')),
                ('auth',
                 next(csr.fs_loc for csr in result if csr.key_type == 'AUTH')),
            ]
コード例 #8
0
    def test_cert_register_multiple_certs_for_auth_key(self):
        with XRDSSTTest() as app:
            with mock.patch('xrdsst.api.tokens_api.TokensApi.get_token',
                            return_value=CertTestData.single_key_with_multiple_registrable_auth_cert_response):
                cert_controller = CertController()
                cert_controller.app = app
                cert_controller.load_config = (lambda: self.ss_config_with_authcert())
                cert_controller.get_server_status = (lambda x, y: StatusTestData.server_status_essentials_complete)
                cert_controller.register()

                out, err = self.capsys.readouterr()
                assert out.count("Multiple certificates to 'REGISTER' for key") > 0

                with self.capsys.disabled():
                    sys.stdout.write(out)
                    sys.stderr.write(err)
コード例 #9
0
    def test_cert_register_multiple_auth_labelled_keys(self):
        with XRDSSTTest() as app:
            with mock.patch('xrdsst.api.tokens_api.TokensApi.get_token',
                            return_value=CertTestData.multiple_keys_labelled_as_auth_response):
                cert_controller = CertController()
                cert_controller.app = app
                cert_controller.load_config = (lambda: self.ss_config_with_authcert())
                cert_controller.get_server_status = (lambda x, y: StatusTestData.server_status_essentials_complete)
                cert_controller.register()

                out, err = self.capsys.readouterr()
                assert out.count("multiple authentication keys") > 0

                with self.capsys.disabled():
                    sys.stdout.write(out)
                    sys.stderr.write(err)
コード例 #10
0
    def step_cert_download_csrs(self):
        with XRDSSTTest() as app:
            cert_controller = CertController()
            cert_controller.app = app
            signed_certs = []
            for security_server in self.config["security_server"]:
                ss_configuration = cert_controller.create_api_config(security_server, self.config)
                result = cert_controller.remote_download_csrs(ss_configuration, security_server)
                assert len(result) == 3
                assert result[0].fs_loc != result[1].fs_loc

                for csr in result:
                    if csr.key_type == 'SIGN':
                        signed_certs.append(('sign', csr.fs_loc))
                    else:
                        signed_certs.append(('auth', csr.fs_loc))
            return signed_certs
コード例 #11
0
    def test_csr_download(self):
        class MockCsr:
            def __init__(self, status, data):
                self.status = status
                self.data = data

        def mocked_download_csr(self, id, csr_id, **kwargs):
            if csr_id == '6766344A138328780CE721979868EAD7981B3BD5':  # auth
                return MockCsr(
                    200,
                    b'0\x82\x02\x890\x82\x01q\x02\x01\x000D1\x0b0\t\x06\x03U\x04\x06\x13\x02FI1\x0c0\n\x06\x03U\x04\n\x0c\x03UNS1\x180\x16\x06\x03U\x04\x05\x13\x0fDEV/UNS-SS5/GOV1\r0\x0b\x06\x03U\x04\x03\x0c\x0498760\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xb3\x18w\xd4P\x16%\x9d\xc5\x0b\xc2m\x82-l\x1a\xc9\x90\x1b-\xa2\xa1f}\x86\x11AW\xca\xdf\xfb\xd9P\x93N\xcf\xaa\xa9[#\x10\x12\xe3\x1b\x07\n\xc2#9t\x8d\xda"\xb4\x93\xf7\xa9\xde;\x98\xf1,\xef\x89S\xb7\xad\xab\x00\xbbwm\xffr\x19\xb1d\xdf/\xe2\xa1\x14\xd3\xa8\xbf\xfe\xa5:\xab,\xab\xd0\x01\x813}\xe5\xe2\x12)y\xc6\x9d\xea\x96\xbe\xb2\xa81\x99\xdc/Z\x12\xe2\xfdZ&OB\xed\xf3\x8f\xbc\xca\x92lL\x1eJt\xe5\x7f\xbd\xe5\x83W\x19\x95\x9d\x8fv\xac\xdb\x03V1\xff\x80\xaf\xb1Qs\x97O\xd7\x98\x966\xf4\xb3\xff\xfaA6\xf6\xd6\xd6\x9b\xcf\xb2\x94\xb0\xbc\xb9\xf2\\\xfcct\x12`\x8e\xebh8\xc7\xf1 \x93\xd01D\xc1\xc6\xb8\xc4\xf6^\xb5\xa8\xe3\x87~^\xea\x812\x85\xf7\xd7\x99\xd2\xd4\x06\xadvo\xd7\x8ea\xbb\x16\x08\x9c\xc9\x15|;\xacl\xf4\xb7\x88\x9e\x9c\xd2.k\xda\xa4K\xd8\xea\xcf\xac\x8a)\x8dm\x9d#\xad\xd7\xe7-\x02\x03\x01\x00\x01\xa0\x000\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x003!\xa0M\x9bC\xa9\xe5\x8c\x86G\xcf\xc4\xee\xeaoW\x96\xd9\x8e\xd2\nz2\x05\xb7\xaa\xf3\xe0Vi\xf3\x0c\xc4\x1ay\x9eU \x12\xbf\xaen\x88\x04D0O\x19BJy\x88\xd6\xf7\x95w\x9a\x04w\xf4XQz\xceg2\x96\xc1\xdf\xbas\xf8\xb3\xd5~&\xc7:\'\x83}6\x0b\xddE\x15l\xd3H7\x8c6J\x9cf\x0f\xa6y\x7f\xab\xef"\'\xa4\xca\xf4\xf9\xd0\xddf\xf1\xdd4\x10\xe9\xf1;g\x08=\xd1\x17\xabva\xd6\xdb%\x19\xe1*mA\xca\xcc\xa7\x07m\xeb&k\xcaB\xa5\xb8\x93\x11]\xe9x\xcd\xa4\x90\x80\xb2\x9d\x91\x8d\x92}\xca\xd5,\xc8\x7f\x8dT\xa1h\x92\x8bv\x1c\xb8\x17\x7f\xe2\xa3\xdaL\x02<D8\xe4\xd1\xc5bYW\xa5_\nEl}\x93U\x96\t$\\yr6\x0f\x88\xe4\xd8\x96\x81\xe1A\x1f\xe7\x02\x9a\xa6\x19\xff\xdc\x8e\x95\x9e\x89kLAN\xcf\xf4n\x15\xb2\x99\xf5v\xd9\x89\xb7v4$\xce\xf1\xdapr\xd1\x16\x18\x84C\xb3\x1c'
                )

            if csr_id == '1A8E6C45A9D3FDF3BF17769FC0650AA40EFC2CD5':  # sign
                return MockCsr(
                    200,
                    b'0\x82\x02\x890\x82\x01q\x02\x01\x000D1\x0b0\t\x06\x03U\x04\x06\x13\x02FI1\x0c0\n\x06\x03U\x04\n\x0c\x03UNS1\x180\x16\x06\x03U\x04\x05\x13\x0fDEV/UNS-SS5/GOV1\r0\x0b\x06\x03U\x04\x03\x0c\x0498760\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\x9a\x07\x9e\xbe:\x03T\x94\xd3\xbb\x15\x14\xf5>\xa3\x145\x9d\xc8m\x12\x9d\xd3n1\xd9t\x0bw\x0e\xc0x\xa79C\xa2\xe7\xb2\x94\xf6\xbbY\xbc\xe7\xb5\xa7\xc1\xe70\xc5\x91\x87\xbfE\xe1\xec`\x1fR\xbaP\xc3\xb6o\x94*\xa1j\x05\xf3Q*\xfb6\xd3\x1c,g\xd2b\x9f=B\xc8\xa1\x8e\xafya`\x84\xf4\x9c\x14\x13\xc7\xb7\xc1\xa7\x83p\xedq\xa1\x93H\xe8\xfc\x007M{\x91\xc0X\xf4\x94$n\xe3\xfb8\xed\xe2\xed\xad\t\xf8\x1a3B\xc0V\xeb\x07@\xf4 \xafl\n\xdbI\x8a,\x06.\xfdz\xa7\x98$Z%\xc0\xfc\x1d\xe5Q\xdb\xd2\xc4\x9a\xc4\xbdn\x9cxx(\xbc2\xe8Vhm\x14\x06\xd1\xa9&T\x806x\x0fD\xd8~\xe8\x90lg\x1b\x86\x91\xdb\xb1\x109\xb1;(}\xb6\x96\xbb\x1d]\xb9n+<i\x87\xcc\xa9[\x05\xd5\xca\x9c\xe0\xcc\xf9\xf4\xad\xf6{\xee\xb1\xb2\x04Cx*\xb6d9\xce\x9c-d\x98\xc7\xbf\xe8:\xb2fG\xf5N\x8e\n\xcd\x02\x03\x01\x00\x01\xa0\x000\r\x06\t*\x86H\x86\xf7\r\x01\x01\x0b\x05\x00\x03\x82\x01\x01\x00\x8c\x95\xe3\xe3h\xdf\x9a\x11\x8dA\xa8r1\x82\xc7\x05j(z\xdd!,j\xae\x92\xd5\xe5\x8f\x00\xffn\x0f\xa4\x17\xfb\xfc\x04\x88\xf5\x96Y\xdb\xf3ss/%\xfeX\xbc%`QD\xa9 5W\xf2IX\x00\xfa~5\xfb\xd1\x9drn\xf6\xf1J\x99qE\xf6\xf3<\xe97\xc7\xebQ\xdb,j}\x07\xd7T\xea\x05\xdd\xda{e=k\xd0gJ\x07\x84`\xc3E\xbf>:Uk\xcan;g\xc0\xf1\xdf\x81\x94\xd22~\xde\x97\x13\x85\xc8aY\xdc\x1a\x1f\xe4Qg\xb9-\xfc\x15S\xbc\xeb\xe9\xbf\x18\xdbr\x8dD\xc6\xb9F\xd0\x94\xa8\xf8\xd9\xcc5K\x9c$\x8a?\xc7\x0b\xae\x86\x0e\x04R\x19\x0c9\xb0;t\xec(\xf6\'\xe1\x9fky9\xb2\xe1\xd6\xd3\xfc\xdd\xd1\xbf%\xb4(?\xde]\xf7\xd4o`O\xf4\x99v,@\xb5\xb2.\xc0\xae\x97\n\xd2\xa5\xc6\xa2\x98\x14ZA\xdeJK\xfe\xb1\xf6\n\xad\xea\x8fq\xa3\xf3*=)\x04\xc9\x84sK\xa0%!\x07\xba\xa0\xf6\x94'
                )

            raise Exception("No mock for CSR '" + csr_id + "'")

        with XRDSSTTest() as app:
            with mock.patch('xrdsst.api.tokens_api.TokensApi.get_token',
                            return_value=CertTestData.token_with_two_csrs_response):
                with mock.patch('xrdsst.api.keys_api.KeysApi.download_csr', new=mocked_download_csr):
                    cert_controller = CertController()
                    cert_controller.app = app
                    cert_controller.load_config = (lambda: self.ss_config)
                    cert_controller.get_server_status = (lambda x, y: StatusTestData.server_status_essentials_complete)
                    reported_downloads = cert_controller.download_csrs()

                    assert len(reported_downloads) == 2

                    assert cert_controller.app._last_rendered[1].count('ssX-default-auth') == 1
                    assert cert_controller.app._last_rendered[1].count('ssX-default-sign') == 1
                    # Check file creation
                    auth_csr_file = list(filter(lambda s: s.count('ssX-default-auth') > 0,
                                                map(lambda s: s.strip(), cert_controller.app._last_rendered[1].split('│')))).pop()
                    sign_csr_file = list(filter(lambda s: s.count('ssX-default-sign') > 0,
                                                map(lambda s: s.strip(), cert_controller.app._last_rendered[1].split('│')))).pop()
                    assert auth_csr_file == reported_downloads[0].fs_loc or auth_csr_file == reported_downloads[1].fs_loc
                    assert sign_csr_file == reported_downloads[0].fs_loc or auth_csr_file == reported_downloads[1].fs_loc
                    assert auth_csr_file != sign_csr_file
                    assert os.path.exists(auth_csr_file)
                    assert os.path.exists(sign_csr_file)
コード例 #12
0
    def test_cert_activate(self):
        with XRDSSTTest() as app:
            with mock.patch('xrdsst.api.tokens_api.TokensApi.get_token',
                            return_value=CertTestData.single_auth_key_with_cert_token_response):
                with mock.patch('xrdsst.api.token_certificates_api.TokenCertificatesApi.activate_certificate',
                                return_value={}):
                    with mock.patch('xrdsst.api.token_certificates_api.TokenCertificatesApi.get_possible_actions_for_certificate',
                                    return_value=[PossibleAction.DISABLE, PossibleAction.UNREGISTER]):
                        cert_controller = CertController()
                        cert_controller.app = app
                        cert_controller.load_config = (lambda: self.ss_config_with_authcert())
                        cert_controller.get_server_status = (lambda x, y: StatusTestData.server_status_essentials_complete)
                        cert_controller.activate()

                        out, err = self.capsys.readouterr()
                        assert out.count("Activated certificate") > 0

                        with self.capsys.disabled():
                            sys.stdout.write(out)
                            sys.stderr.write(err)
コード例 #13
0
    def test_cert_import_permission_denied(self):
        class PermissionDeniedResponse:
            status = 403
            data = '{"status":403,"error":{"code":"permission_denied"}}'
            reason = None
            def getheaders(self): return None

        with XRDSSTTest() as app:
            with mock.patch('xrdsst.api.tokens_api.TokensApi.get_token',
                            return_value=CertTestData.single_auth_key_with_cert_token_response):
                with mock.patch('xrdsst.api.token_certificates_api.TokenCertificatesApi.import_certificate',
                                side_effect=ApiException(http_resp=PermissionDeniedResponse())):
                    cert_controller = CertController()
                    cert_controller.app = app
                    cert_controller.load_config = (lambda: self.ss_config_with_authcert())
                    cert_controller.get_server_status = (lambda x, y: StatusTestData.server_status_essentials_complete)
                    cert_controller.import_()

                    out, err = self.capsys.readouterr()
                    assert err.count("permission") > 0

                    with self.capsys.disabled():
                        sys.stdout.write(out)
                        sys.stderr.write(err)
コード例 #14
0
 def step_cert_activate(self):
     with XRDSSTTest() as app:
         cert_controller = CertController()
         cert_controller.app = app
         cert_controller.load_config = (lambda: self.config)
         cert_controller.activate()
コード例 #15
0
 def step_cert_import(self):
     with XRDSSTTest() as app:
         cert_controller = CertController()
         cert_controller.app = app
         cert_controller.load_config = (lambda: self.config)
         cert_controller.import_()