def test_validate_static_malformed2(self):
"""Test static user/pass authentication with malformed config."""
config = "anchor.jsonloader.conf._config"
data = {'auth': {}}
with mock.patch.dict(config, data):
# can't import until mock'd
from anchor import auth
with self.assertRaises(http_status.HTTPUnauthorized):
auth.validate('baduser', 'badpass')
def test_login_bind_fail(self, mock_connection):
"""Test all static user/pass authentication paths."""
jsonloader.conf.load_extensions()
config = "anchor.jsonloader.conf._config"
mock_connection.side_effect = ldap3.LDAPBindError()
with mock.patch.dict(config, self.sample_conf):
with self.assertRaises(http_status.HTTPUnauthorized):
auth.validate("default_ra", "user", "pass")
def test_login_bind_fail(self, mock_connection):
"""Test all static user/pass authentication paths."""
jsonloader.conf.load_extensions()
config = "anchor.jsonloader.conf._config"
mock_connection.side_effect = ldap3_exc.LDAPBindError()
with mock.patch.dict(config, self.sample_conf):
with self.assertRaises(http_status.HTTPUnauthorized):
auth.validate('default_ra', 'user', 'pass')
def test_validate_static_malformed2(self):
"""Test static user/pass authentication with malformed config."""
config = "anchor.jsonloader.conf._config"
data = {'auth': {}}
with mock.patch.dict(config, data):
# can't import until mock'd
from anchor import auth
with self.assertRaises(http_status.HTTPUnauthorized):
auth.validate('baduser', 'badpass')
def test_validate_static_malformed1(self):
"""Test static user/pass authentication with malformed config."""
jsonloader.conf.load_extensions()
config = "anchor.jsonloader.conf._config"
self.sample_conf_auth['default_auth'] = {'backend': 'static'}
data = self.sample_conf
with mock.patch.dict(config, data):
with self.assertRaises(http_status.HTTPUnauthorized):
auth.validate('default_ra', 'baduser', 'badpass')
def test_validate_static_malformed1(self):
"""Test static user/pass authentication with malformed config."""
jsonloader.conf.load_extensions()
config = "anchor.jsonloader.conf._config"
self.sample_conf_auth['default_auth'] = {'backend': 'static'}
data = self.sample_conf
with mock.patch.dict(config, data):
with self.assertRaises(http_status.HTTPUnauthorized):
auth.validate('default_ra', 'baduser', 'badpass')
def test_login_search_fail(self, mock_connection):
"""Test all static user/pass authentication paths."""
jsonloader.conf.load_extensions()
config = "anchor.jsonloader.conf._config"
mock_ldc = mock.Mock()
mock_connection.return_value = mock_ldc
mock_ldc.result = {"result": 1}
with mock.patch.dict(config, self.sample_conf):
with self.assertRaises(http_status.HTTPUnauthorized):
auth.validate("default_ra", "user", "pass")
def test_login_search_fail(self, mock_connection):
"""Test all static user/pass authentication paths."""
jsonloader.conf.load_extensions()
config = "anchor.jsonloader.conf._config"
mock_ldc = mock.Mock()
mock_connection.return_value = mock_ldc
mock_ldc.result = {'result': 1}
with mock.patch.dict(config, self.sample_conf):
with self.assertRaises(http_status.HTTPUnauthorized):
auth.validate('default_ra', 'user', 'pass')
def post(self):
ra_name = self.ra_name
logger.debug("processing signing request in registration authority %s",
ra_name)
try:
auth_result = auth.validate(ra_name,
pecan.request.POST.get('user'),
pecan.request.POST.get('secret'))
audit.emit_auth_event(ra_name, pecan.request.POST.get('user'),
auth_result)
except http_status.HTTPUnauthorized:
audit.emit_auth_event(ra_name, pecan.request.POST.get('user'),
None)
raise
try:
csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'),
pecan.request.POST.get('encoding'))
certificate_ops.validate_csr(ra_name, auth_result, csr,
pecan.request)
csr = certificate_ops.fixup_csr(ra_name, csr, pecan.request)
cert, fingerprint = certificate_ops.dispatch_sign(ra_name, csr)
audit.emit_signing_event(ra_name,
pecan.request.POST.get('user'),
auth_result,
fingerprint=fingerprint)
except Exception:
audit.emit_signing_event(ra_name, pecan.request.POST.get('user'),
auth_result)
raise
return cert
def post(self):
ra_name = self.ra_name
logger.debug("processing signing request in registration authority %s",
ra_name)
try:
auth_result = auth.validate(ra_name,
pecan.request.POST.get('user'),
pecan.request.POST.get('secret'))
audit.emit_auth_event(ra_name, pecan.request.POST.get('user'),
auth_result)
except http_status.HTTPUnauthorized:
audit.emit_auth_event(ra_name, pecan.request.POST.get('user'),
None)
raise
try:
csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'),
pecan.request.POST.get('encoding'))
certificate_ops.validate_csr(ra_name, auth_result, csr,
pecan.request)
csr = certificate_ops.fixup_csr(ra_name, csr, pecan.request)
cert, fingerprint = certificate_ops.dispatch_sign(ra_name, csr)
audit.emit_signing_event(ra_name, pecan.request.POST.get('user'),
auth_result, fingerprint=fingerprint)
except Exception:
audit.emit_signing_event(ra_name, pecan.request.POST.get('user'),
auth_result)
raise
return cert
def recieve_csr(pecan_request):
# Check Auth
auth_result = auth.validate("default",
"myusername",
"simplepassword")
# Parse and validate CSR
new_request = _parse_csr(pecan_request, auth_result,
pecan_request.POST.get('user'))
logger.info("Certificate Request validated, result: %s ",
new_request.toInfoString())
return_str = "Certificate Request Recieved. ID: %d\n" % new_request.request_id
# If auto_deny when validation fails is enabled, deny cert
if (jsonloader.conf.ra_options["auto_deny_if_validation_fails"] == "True") & (new_request.Valid is False):
new_request.Denied = True
return_str += "Certificate Request Denied Automatically\n"
# If user notification of validation is enabled, add info
if jsonloader.conf.ra_options["notify_user_validation_result"] == "True":
return_str += "%s\n" % new_request.toInfoString()
if new_request.Valid is False:
return_str += new_request.validationResultToString()
# write request to 'database'
with open(jsonloader.conf.ra_options["certdb_file"], 'ab') as fout:
fout.write(new_request.serialize())
return return_str
def test_validate_static(self):
"""Test all static user/pass authentication paths."""
config = "anchor.jsonloader.conf._config"
data = {
'auth': {
'static': {
'secret': 'simplepassword',
'user': '******'
}
}
}
with mock.patch.dict(config, data):
# can't import until mock'd
from anchor import auth
from anchor.auth import results
valid_user = data['auth']['static']['user']
valid_pass = data['auth']['static']['secret']
expected = results.AuthDetails(username=valid_user, groups=[])
self.assertEqual(auth.validate(valid_user, valid_pass), expected)
with self.assertRaises(http_status.HTTPUnauthorized):
auth.validate(valid_user, 'badpass')
with self.assertRaises(http_status.HTTPUnauthorized):
auth.validate('baduser', valid_pass)
with self.assertRaises(http_status.HTTPUnauthorized):
auth.validate('baduser', 'badpass')
def post(self):
auth_result = auth.validate(pecan.request.POST.get('user'),
pecan.request.POST.get('secret'))
csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'),
pecan.request.POST.get('encoding'))
certificate_ops.validate_csr(auth_result, csr, pecan.request)
return certificate_ops.sign(csr)
def post(self):
auth_result = auth.validate(pecan.request.POST.get('user'),
pecan.request.POST.get('secret'))
csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'),
pecan.request.POST.get('encoding'))
certificate_ops.validate_csr(auth_result, csr, pecan.request)
return certificate_ops.sign(csr)
def post(self):
ra_name = self.ra_name
logger.debug("processing signing request in registration authority %s",
ra_name)
auth_result = auth.validate(ra_name, pecan.request.POST.get('user'),
pecan.request.POST.get('secret'))
csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'),
pecan.request.POST.get('encoding'))
certificate_ops.validate_csr(ra_name, auth_result, csr, pecan.request)
return certificate_ops.dispatch_sign(ra_name, csr)
def post(self):
ra_name = self.ra_name
logger.debug("processing signing request in registration authority %s",
ra_name)
auth_result = auth.validate(ra_name,
pecan.request.POST.get('user'),
pecan.request.POST.get('secret'))
csr = certificate_ops.parse_csr(pecan.request.POST.get('csr'),
pecan.request.POST.get('encoding'))
certificate_ops.validate_csr(ra_name, auth_result, csr, pecan.request)
return certificate_ops.dispatch_sign(ra_name, csr)
def test_login_good(self, mock_connection):
"""Test all static user/pass authentication paths."""
jsonloader.conf.load_extensions()
config = "anchor.jsonloader.conf._config"
mock_ldc = mock.Mock()
mock_connection.return_value = mock_ldc
mock_ldc.result = {"result": 0}
mock_ldc.response = [{"attributes": {}}]
with mock.patch.dict(config, self.sample_conf):
expected = results.AuthDetails(username="******", groups=[])
self.assertEqual(auth.validate("default_ra", "user", "pass"), expected)
def test_login_good(self, mock_connection):
"""Test all static user/pass authentication paths."""
jsonloader.conf.load_extensions()
config = "anchor.jsonloader.conf._config"
mock_ldc = mock.Mock()
mock_connection.return_value = mock_ldc
mock_ldc.result = {'result': 0}
mock_ldc.response = [{'attributes': {}}]
with mock.patch.dict(config, self.sample_conf):
expected = results.AuthDetails(username='******', groups=[])
self.assertEqual(auth.validate('default_ra', 'user', 'pass'),
expected)
def test_login_good_with_groups(self, mock_connection):
"""Test all static user/pass authentication paths."""
jsonloader.conf.load_extensions()
config = "anchor.jsonloader.conf._config"
mock_ldc = mock.Mock()
mock_connection.return_value = mock_ldc
mock_ldc.result = {'result': 0}
mock_ldc.response = [{
'attributes': {
'memberOf': [
u'CN=some_group,OU=Groups,DC=example,DC=com',
u'CN=other_group,OU=Groups,DC=example,DC=com'
]
}
}]
with mock.patch.dict(config, self.sample_conf):
expected = results.AuthDetails(
username='******', groups=[u'some_group', u'other_group'])
self.assertEqual(auth.validate('default_ra', 'user', 'pass'),
expected)
def test_login_good_with_groups(self, mock_connection):
"""Test all static user/pass authentication paths."""
jsonloader.conf.load_extensions()
config = "anchor.jsonloader.conf._config"
mock_ldc = mock.Mock()
mock_connection.return_value = mock_ldc
mock_ldc.result = {"result": 0}
mock_ldc.response = [
{
"attributes": {
"memberOf": [
u"CN=some_group,OU=Groups,DC=example,DC=com",
u"CN=other_group,OU=Groups,DC=example,DC=com",
]
}
}
]
with mock.patch.dict(config, self.sample_conf):
expected = results.AuthDetails(username="******", groups=[u"some_group", u"other_group"])
self.assertEqual(auth.validate("default_ra", "user", "pass"), expected)
def test_validate_static(self):
"""Test all static user/pass authentication paths."""
config = "anchor.jsonloader.conf._config"
data = {'auth': {'static': {'secret': 'simplepassword',
'user': '******'}}}
with mock.patch.dict(config, data):
# can't import until mock'd
from anchor import auth
from anchor.auth import results
valid_user = data['auth']['static']['user']
valid_pass = data['auth']['static']['secret']
expected = results.AuthDetails(username=valid_user, groups=[])
self.assertEqual(auth.validate(valid_user, valid_pass), expected)
with self.assertRaises(http_status.HTTPUnauthorized):
auth.validate(valid_user, 'badpass')
with self.assertRaises(http_status.HTTPUnauthorized):
auth.validate('baduser', valid_pass)
with self.assertRaises(http_status.HTTPUnauthorized):
auth.validate('baduser', 'badpass')
def test_validate_static(self):
"""Test all static user/pass authentication paths."""
jsonloader.conf.load_extensions()
config = "anchor.jsonloader.conf._config"
self.sample_conf_auth['default_auth'] = {
"backend": "static",
"user": "******",
"secret": "simplepassword"
}
data = self.sample_conf
with mock.patch.dict(config, data):
valid_user = self.sample_conf_auth['default_auth']['user']
valid_pass = self.sample_conf_auth['default_auth']['secret']
expected = results.AuthDetails(username=valid_user, groups=[])
self.assertEqual(auth.validate('default_ra', valid_user,
valid_pass), expected)
with self.assertRaises(http_status.HTTPUnauthorized):
auth.validate('default_ra', valid_user, 'badpass')
with self.assertRaises(http_status.HTTPUnauthorized):
auth.validate('default_ra', 'baduser', valid_pass)
with self.assertRaises(http_status.HTTPUnauthorized):
auth.validate('default_ra', 'baduser', 'badpass')
def test_validate_static(self):
"""Test all static user/pass authentication paths."""
jsonloader.conf.load_extensions()
config = "anchor.jsonloader.conf._config"
self.sample_conf_auth['default_auth'] = {
"backend": "static",
"user": "******",
"secret": "simplepassword"
}
data = self.sample_conf
with mock.patch.dict(config, data):
valid_user = self.sample_conf_auth['default_auth']['user']
valid_pass = self.sample_conf_auth['default_auth']['secret']
expected = results.AuthDetails(username=valid_user, groups=[])
self.assertEqual(
auth.validate('default_ra', valid_user, valid_pass), expected)
with self.assertRaises(http_status.HTTPUnauthorized):
auth.validate('default_ra', valid_user, 'badpass')
with self.assertRaises(http_status.HTTPUnauthorized):
auth.validate('default_ra', 'baduser', valid_pass)
with self.assertRaises(http_status.HTTPUnauthorized):
auth.validate('default_ra', 'baduser', 'badpass')
