예제 #1
0
    def setUp(self):
        self.perm_add = Permission.objects.get(codename='add_acmechallenge')
        self.perm_change = Permission.objects.get(
            codename='change_acmechallenge')
        self.perm_delete = Permission.objects.get(
            codename='delete_acmechallenge')

        self.user_joe = User.objects.create_user(username='******')
        self.user_joe.is_staff = False
        self.user_joe.save()

        self.user_certbot = User.objects.create_user(username='******')
        self.user_certbot.is_staff = True
        self.user_certbot.save()
        self.user_certbot.user_permissions.add(self.perm_add)
        self.user_certbot.user_permissions.add(self.perm_change)
        self.user_certbot.user_permissions.add(self.perm_delete)

        _priv, _pub = generate_key_pair()
        self.priv_key_joe = _priv
        PublicKey.objects.create(key=_pub,
                                 comment='Test Key',
                                 user=self.user_joe)

        _priv, _pub = generate_key_pair()
        self.priv_key_certbot = _priv
        PublicKey.objects.create(key=_pub,
                                 comment='Test Key',
                                 user=self.user_certbot)
 def test_generate_from_key_string(self):
     private1, public1 = generate_key_pair()
     private2, public2 = generate_key_pair()
     header = create_auth_header('foo', key=private1)
     self.assertTrue(header.startswith('JWT '))
     token = header.split(' ', 1)[1]
     self.assertFalse(verify(token, public2))
     self.assertTrue(verify(token, public1))
예제 #3
0
 def test_generate_from_key_string(self):
     private1, public1 = generate_key_pair()
     private2, public2 = generate_key_pair()
     header = create_auth_header('foo', key=private1)
     self.assertTrue(header.startswith('JWT '))
     token = header.split(' ', 1)[1]
     self.assertFalse(verify(token, public2))
     self.assertTrue(verify(token, public1))
    def test_perform_existing_key(self, mock_get_utility):
        self.config.django_public_ip_logging_ok = True
        self.config.django_username = '******'
        self.config.django_key_directory = self.temp_dir

        priv, pub = generate_key_pair()
        keypath = os.path.join(self.temp_dir,
                               'certbot_django_id_rsa_examplecom')
        with open(keypath, 'w') as keyfile:
            keyfile.write(priv)

        with requests_mock.mock() as m:
            m.post('http://example.com/.well-known/challenges/',
                   json={},
                   status_code=201)
            actual = self.auth.perform(self.achalls)
            expected = [
                achall.response(achall.account_key) for achall in self.achalls
            ]
            self.assertEqual(actual, expected)
            self.assertEqual(m.call_count, 1)

        for i, (args, kwargs) in enumerate(
                mock_get_utility().notification.call_args_list):
            self.assertEqual("" in args[0])
            self.assertFalse(kwargs['wrap'])
예제 #5
0
    def test_generate_new_key(self):
        private, public = auth.generate_key_pair()

        private = private.strip().split('\n')
        self.assertEqual(private[0], '-----BEGIN PRIVATE KEY-----')
        self.assertEqual(private[27], '-----END PRIVATE KEY-----')

        public = public.strip().split('\n')
        self.assertEqual(public[0], '-----BEGIN PUBLIC KEY-----')
        self.assertEqual(public[8], '-----END PUBLIC KEY-----')
    def test_bad_keys(self):
        private1, public1 = generate_key_pair()
        private2, public2 = generate_key_pair()

        t = token.sign('guido', private1)
        token_data = token.verify(t, public1)
        self.assertTrue(token_data)

        t = token.sign('guido', private2)
        token_data = token.verify(t, public2)
        self.assertTrue(token_data)

        t = token.sign('guido', private1)
        token_data = token.verify(t, public2)
        self.assertFalse(token_data)

        t = token.sign('guido', private2)
        token_data = token.verify(t, public1)
        self.assertFalse(token_data)
예제 #7
0
    def test_bad_keys(self):
        private1, public1 = generate_key_pair()
        private2, public2 = generate_key_pair()

        t = token.sign('guido', private1)
        token_data = token.verify(t, public1)
        self.assertTrue(token_data)

        t = token.sign('guido', private2)
        token_data = token.verify(t, public2)
        self.assertTrue(token_data)

        t = token.sign('guido', private1)
        token_data = token.verify(t, public2)
        self.assertFalse(token_data)

        t = token.sign('guido', private2)
        token_data = token.verify(t, public1)
        self.assertFalse(token_data)
    def test_bad_nonce(self):
        private, public = generate_key_pair()

        t = token.sign('guido', private, generate_nonce=lambda username, iat: 1)
        token_data = token.verify(t, public, validate_nonce=lambda username, iat, nonce: nonce == 1)
        self.assertTrue(token_data)

        t = token.sign('guido', private, generate_nonce=lambda username, iat: 1)
        token_data = token.verify(t, public, validate_nonce=lambda username, iat, nonce: nonce == 2)
        self.assertFalse(token_data)

        t = token.sign('guido', private, generate_nonce=lambda username, iat: 2)
        token_data = token.verify(t, public, validate_nonce=lambda username, iat, nonce: nonce == 1)
        self.assertFalse(token_data)
    def test_bad_iat(self):
        private, public = generate_key_pair()

        t = token.sign('guido', private, iat=time.time())
        token_data = token.verify(t, public)
        self.assertTrue(token_data)

        # IAT tolerance exists to account for clock drift between disparate systems.
        tolerance = token.TIMESTAMP_TOLERANCE + 1

        t = token.sign('guido', private, iat=time.time() - tolerance)
        token_data = token.verify(t, public)
        self.assertFalse(token_data)

        t = token.sign('guido', private, iat=time.time() + tolerance)
        token_data = token.verify(t, public)
        self.assertFalse(token_data)
예제 #10
0
    def test_perform_bad_auth(self, mock_get_utility):
        self.config.django_public_ip_logging_ok = True
        self.config.django_username = '******'
        self.config.django_key_directory = self.temp_dir

        priv, pub = generate_key_pair()
        keypath = os.path.join(self.temp_dir,
                               'certbot_django_id_rsa_examplecom')
        with open(keypath, 'w') as keyfile:
            keyfile.write(priv)

        with requests_mock.mock() as m:
            m.post('http://example.com/.well-known/challenges/',
                   json={},
                   status_code=403)
            self.assertRaises(errors.PluginError, self.auth.perform,
                              self.achalls)
예제 #11
0
    def test_bad_iat(self):
        private, public = generate_key_pair()

        t = token.sign('guido', private, iat=time.time())
        token_data = token.verify(t, public)
        self.assertTrue(token_data)

        # IAT tolerance exists to account for clock drift between disparate systems.
        tolerance = token.TIMESTAMP_TOLERANCE + 1

        t = token.sign('guido', private, iat=time.time() - tolerance)
        token_data = token.verify(t, public)
        self.assertFalse(token_data)

        t = token.sign('guido', private, iat=time.time() + tolerance)
        token_data = token.verify(t, public)
        self.assertFalse(token_data)
예제 #12
0
    def test_cleanup(self):
        self.config.django_public_ip_logging_ok = True
        self.config.django_username = '******'
        self.config.django_key_directory = self.temp_dir

        priv, pub = generate_key_pair()
        keypath = os.path.join(self.temp_dir,
                               'certbot_django_id_rsa_examplecom')
        with open(keypath, 'w') as keyfile:
            keyfile.write(priv)

        with requests_mock.mock() as m:
            m.post('http://example.com/.well-known/challenges/',
                   json={},
                   status_code=201)
            m.delete(re.compile(
                'example\.com/\.well-known/challenges/[A-Za-z0-9]+/$'),
                     json={},
                     status_code=204)
            self.auth.perform(self.achalls)
            self.auth.cleanup(self.achalls)
            self.assertEqual(m.call_count, 2)
예제 #13
0
    def test_bad_nonce(self):
        private, public = generate_key_pair()

        t = token.sign('guido',
                       private,
                       generate_nonce=lambda username, iat: 1)
        token_data = token.verify(
            t, public, validate_nonce=lambda username, iat, nonce: nonce == 1)
        self.assertTrue(token_data)

        t = token.sign('guido',
                       private,
                       generate_nonce=lambda username, iat: 1)
        token_data = token.verify(
            t, public, validate_nonce=lambda username, iat, nonce: nonce == 2)
        self.assertFalse(token_data)

        t = token.sign('guido',
                       private,
                       generate_nonce=lambda username, iat: 2)
        token_data = token.verify(
            t, public, validate_nonce=lambda username, iat, nonce: nonce == 1)
        self.assertFalse(token_data)
예제 #14
0
    def _get_private_key(self, domain):
        filename = 'certbot_django_id_rsa_{}'.format(domain).replace('.', '')
        private_key_file = os.path.join(self._get_key_dir(), filename)
        private_key = None

        try:
            with open(private_key_file, 'r') as keyfile:
                private_key = keyfile.read()
        except (IOError, OSError):
            if self.config.noninteractive_mode:
                raise errors.PluginError('Could not read file from %s' % self._get_key_dir())

        if not private_key:
            private_key, public_key = generate_key_pair()
            try:
                logger.info('Trying to load private key: %s' % private_key_file)
                with open(private_key_file, 'w') as keyfile:
                    keyfile.write(private_key)
            except (IOError, OSError):
                raise errors.PluginError('Could not write private key to %s' % self._get_key_dir())
            msg = (
                "Couldn't read private key from {private_key_file}, so a new key has been generated and saved. "
                "Please go your website ({url}) and add the following public key to the user '{username}'. "
                "Please also make sure that '{username}' is a staff user and has permission to add and "
                "delete AcmeChallenge objects."
                "\n\n"
                "{public_key}"
            )
            msg = msg.format(
                private_key_file=private_key_file,
                url="http://{}/admin/asymmetric_jwt_auth/publickey/add/".format(domain),
                username=self._get_username(),
                public_key=public_key)
            display = zope.component.getUtility(interfaces.IDisplay)
            display.notification(msg, wrap=False, force_interactive=True)

        return private_key
예제 #15
0
 def test_roundtrip(self):
     private, public = generate_key_pair()
     t = token.sign('guido', private)
     token_data = token.verify(t, public)
     self.assertTrue(token_data)
     self.assertEqual(token_data.get('username'), 'guido')
예제 #16
0
 def test_get_claimed_username(self):
     private, public = generate_key_pair()
     t = token.sign('guido', private)
     self.assertEqual(token.get_claimed_username(t), 'guido')
 def test_get_claimed_username(self):
     private, public = generate_key_pair()
     t = token.sign('guido', private)
     self.assertEqual(token.get_claimed_username(t), 'guido')
 def test_roundtrip(self):
     private, public = generate_key_pair()
     t = token.sign('guido', private)
     token_data = token.verify(t, public)
     self.assertTrue(token_data)
     self.assertEqual(token_data.get('username'), 'guido')
예제 #19
0
 def handle_noargs(self, **options):
     pem_private, pem_public = generate_key_pair()
     print(pem_private)
     print(pem_public)