def test_negative_validatity_duration(self): toks = delegation_pb2.SubtokenList(subtokens=[ fake_subtoken_proto('user:[email protected]', validity_duration=-3600), ]) with self.assertRaises(delegation.BadTokenError): delegation.check_subtoken_list(toks, FAKE_IDENT)
def test_not_active_yet(self): now = int(utils.time_time()) toks = delegation_pb2.SubtokenList(subtokens=[ fake_subtoken_proto( 'user:[email protected]', creation_time=now+120), ]) with self.assertRaises(delegation.BadTokenError): delegation.check_subtoken_list(toks, FAKE_IDENT)
def test_expired(self): now = int(utils.time_time()) toks = delegation_pb2.SubtokenList(subtokens=[ fake_subtoken_proto( 'user:[email protected]', creation_time=now-120, validity_duration=60), ]) with self.assertRaises(delegation.BadTokenError): delegation.check_subtoken_list(toks, FAKE_IDENT)
def test_not_active_yet(self): now = int(utils.time_time()) toks = delegation_pb2.SubtokenList(subtokens=[ fake_subtoken_proto('user:[email protected]', creation_time=now + 120), ]) with self.assertRaises(delegation.BadTokenError): delegation.check_subtoken_list(toks, FAKE_IDENT)
def test_expired(self): now = int(utils.time_time()) toks = delegation_pb2.SubtokenList(subtokens=[ fake_subtoken_proto('user:[email protected]', creation_time=now - 120, validity_duration=60), ]) with self.assertRaises(delegation.BadTokenError): delegation.check_subtoken_list(toks, FAKE_IDENT)
def test_expiration_moment(self): now = utils.utcnow() self.mock_now(now) toks = delegation_pb2.SubtokenList(subtokens=[ fake_subtoken_proto('user:[email protected]', validity_duration=3600), ]) # Active at now + 3599. self.mock_now(now, 3599) self.assertTrue(delegation.check_subtoken_list(toks, FAKE_IDENT)) # Expired at now + 3601. self.mock_now(now, 3601) with self.assertRaises(delegation.BadTokenError): delegation.check_subtoken_list(toks, FAKE_IDENT)
def test_allowed_clock_drift(self): now = utils.utcnow() self.mock_now(now) toks = delegation_pb2.SubtokenList(subtokens=[ fake_subtoken_proto('user:[email protected]'), ]) # Works -29 sec before activation. self.mock_now(now, -29) self.assertTrue(delegation.check_subtoken_list(toks, FAKE_IDENT)) # Doesn't work before that. self.mock_now(now, -31) with self.assertRaises(delegation.BadTokenError): delegation.check_subtoken_list(toks, FAKE_IDENT)
def test_allowed_clock_drift(self): now = utils.utcnow() self.mock_now(now) toks = delegation_pb2.SubtokenList(subtokens=[ fake_subtoken_proto('user:[email protected]'), ]) # Works -29 sec before activation. self.mock_now(now, -29) self.assertTrue(delegation.check_subtoken_list(toks, FAKE_IDENT)) # Doesn't work before that. self.mock_now(now, -31) with self.assertRaises(delegation.BadTokenError): delegation.check_subtoken_list(toks, FAKE_IDENT)
def test_subtoken_services(self): toks = delegation_pb2.SubtokenList(subtokens=[ fake_subtoken_proto('user:[email protected]', services=['service:app-id']), ]) # Passes. self.mock(model, 'get_service_self_identity', lambda: model.Identity.from_bytes('service:app-id')) self.assertTrue(delegation.check_subtoken_list(toks, FAKE_IDENT)) # Fails. self.mock(model, 'get_service_self_identity', lambda: model.Identity.from_bytes('service:another-app-id')) with self.assertRaises(delegation.BadTokenError): delegation.check_subtoken_list(toks, FAKE_IDENT)
def test_expiration_moment(self): now = utils.utcnow() self.mock_now(now) toks = delegation_pb2.SubtokenList(subtokens=[ fake_subtoken_proto('user:[email protected]', validity_duration=3600), ]) # Active at now + 3599. self.mock_now(now, 3599) self.assertTrue(delegation.check_subtoken_list(toks, FAKE_IDENT)) # Expired at now + 3601. self.mock_now(now, 3601) with self.assertRaises(delegation.BadTokenError): delegation.check_subtoken_list(toks, FAKE_IDENT)
def test_subtoken_services(self): toks = delegation_pb2.SubtokenList(subtokens=[ fake_subtoken_proto( 'user:[email protected]', services=['service:app-id']), ]) # Passes. self.mock( model, 'get_service_self_identity', lambda: model.Identity.from_bytes('service:app-id')) self.assertTrue(delegation.check_subtoken_list(toks, FAKE_IDENT)) # Fails. self.mock( model, 'get_service_self_identity', lambda: model.Identity.from_bytes('service:another-app-id')) with self.assertRaises(delegation.BadTokenError): delegation.check_subtoken_list(toks, FAKE_IDENT)
def test_subtoken_audience(self): groups = {'abc': ['user:[email protected]']} self.mock(api, 'is_group_member', lambda g, i: i.to_bytes() in groups.get(g, [])) toks = delegation_pb2.SubtokenList(subtokens=[ fake_subtoken_proto('user:[email protected]', audience=['user:[email protected]', 'group:abc']), ]) # Works. make_id = model.Identity.from_bytes self.assertTrue( delegation.check_subtoken_list(toks, make_id('user:[email protected]'))) self.assertTrue( delegation.check_subtoken_list(toks, make_id('user:[email protected]'))) # Other ids are rejected. with self.assertRaises(delegation.BadTokenError): delegation.check_subtoken_list(toks, make_id('user:[email protected]'))
def test_subtoken_audience(self): groups = {'abc': ['user:[email protected]']} self.mock( api, 'is_group_member', lambda g, i: i.to_bytes() in groups.get(g, [])) toks = delegation_pb2.SubtokenList(subtokens=[ fake_subtoken_proto( 'user:[email protected]', audience=['user:[email protected]', 'group:abc']), ]) # Works. make_id = model.Identity.from_bytes self.assertTrue( delegation.check_subtoken_list(toks, make_id('user:[email protected]'))) self.assertTrue( delegation.check_subtoken_list(toks, make_id('user:[email protected]'))) # Other ids are rejected. with self.assertRaises(delegation.BadTokenError): delegation.check_subtoken_list(toks, make_id('user:[email protected]'))
def test_token_chain(self): toks = delegation_pb2.SubtokenList(subtokens=[ fake_subtoken_proto( 'user:[email protected]', audience=['user:[email protected]']), fake_subtoken_proto( 'user:[email protected]', audience=['user:[email protected]']), ]) make_id = model.Identity.from_bytes ident = delegation.check_subtoken_list(toks, make_id('user:[email protected]')) self.assertEqual(make_id('user:[email protected]'), ident)
def test_token_chain(self): toks = delegation_pb2.SubtokenList(subtokens=[ fake_subtoken_proto('user:[email protected]', audience=['user:[email protected]']), fake_subtoken_proto('user:[email protected]', audience=['user:[email protected]']), ]) make_id = model.Identity.from_bytes ident = delegation.check_subtoken_list(toks, make_id('user:[email protected]')) self.assertEqual(make_id('user:[email protected]'), ident)
def test_negative_validatity_duration(self): toks = delegation_pb2.SubtokenList(subtokens=[ fake_subtoken_proto('user:[email protected]', validity_duration=-3600), ]) with self.assertRaises(delegation.BadTokenError): delegation.check_subtoken_list(toks, FAKE_IDENT)
def test_passes_validation(self): toks = delegation_pb2.SubtokenList(subtokens=[ fake_subtoken_proto('user:[email protected]'), ]) ident = delegation.check_subtoken_list(toks, FAKE_IDENT) self.assertEqual('user:[email protected]', ident.to_bytes())
def test_passes_validation(self): toks = delegation_pb2.SubtokenList(subtokens=[ fake_subtoken_proto('user:[email protected]'), ]) ident = delegation.check_subtoken_list(toks, FAKE_IDENT) self.assertEqual('user:[email protected]', ident.to_bytes())