def test_authentication_roundtrip_mitm1(self): auth_server = server.AuthServer("server_secret", DummyKeyProvider(), "server_name") challenge = auth_server.create_challenge("test") try: server.create_response(challenge, "another_server", ssh.SingleKeySigner(test_priv_key)) self.fail("Should have gotten InvalidInputException") except exceptions.InvalidInputException: pass
def test_authentication_roundtrip(self): auth_server = server.AuthServer("server_secret", DummyKeyProvider(), "server_name") challenge = auth_server.create_challenge("test") response = server.create_response(challenge, "server_name", ssh.SingleKeySigner(test_priv_key)) token = auth_server.create_token(response) self.assertTrue(auth_server.validate_token(token))
def test_authentication_roundtrip_mitm2(self): auth_server_a = server.AuthServer("server_secret", DummyKeyProvider(), "server_name") challenge = auth_server_a.create_challenge("test") response = server.create_response(challenge, "server_name", ssh.SingleKeySigner(test_priv_key)) auth_server_b = server.AuthServer("server_secret", DummyKeyProvider(), "another_server") try: auth_server_b.create_token(response) self.fail("should have thrown exception") except exceptions.InvalidInputException: pass
def test_create_token_too_old(self): auth_server_a = server.AuthServer("server_secret", DummyKeyProvider(), "server_name") challenge = auth_server_a.create_challenge("test") response = server.create_response(challenge, "server_name", ssh.SingleKeySigner(test_priv_key)) auth_server_b = server.AuthServer( "server_secret", DummyKeyProvider(), "server_name", now_func=lambda: time.time() + 1000 ) try: auth_server_b.create_token(response) self.fail("Should have issued InvalidInputException, " "challenge too old") except exceptions.InvalidInputException: pass
def test_validate_token_too_new(self): auth_server_a = server.AuthServer("server_secret", DummyKeyProvider(), "server_name") challenge = auth_server_a.create_challenge("test") response = server.create_response(challenge, "server_name", ssh.SingleKeySigner(test_priv_key)) token = auth_server_a.create_token(response) auth_server_b = server.AuthServer( "server_secret", DummyKeyProvider(), "server_name", now_func=lambda: time.time() - 1000 ) try: auth_server_b.validate_token(token) self.fail("Should have issued TokenExpiredException, " "token too new") except exceptions.TokenExpiredException: pass