def test_expires(self): get_cached_token = lambda k: token_cache[k] token_cache = TokenCache() token_cache['key'] = (current_time_millis() + 500, 'token') sleep_millis(300) token = get_cached_token('key') nt.assert_equal('token', token) sleep_millis(300) nt.assert_equal(1, len(token_cache)) # token still in cache, but expired nt.assert_raises(KeyError, get_cached_token, 'key')
def __set_headers(self, m_request): """ For testing purpose, this method setups the mocked request. """ m_request.META = {} m_request.META[EZSECURITY_HEADER_USER_INFO] = serialize_to_json( ProxyUserToken(notAfter=current_time_millis() + 10000)) m_request.META[EZSECURITY_HEADER_SIGNATURE] = \ "EZSECURITY_HEADER_SIGNATURE" return m_request
def make_token(self): x509 = X509Info( subject = self.ez_props.get(MOCK_USER_DN) ) token = ProxyUserToken( x509=x509, issuedBy="EzSecurity", issuedTo="EFE", notAfter=current_time_millis() + 720000 # 720000 = 12 mins ) return token
def test_evict(self): token_cache = TokenCache(500) get_cached_token = lambda k: token_cache[k] token_cache['key'] = (current_time_millis() + 800, 'token') # longer enough to pass 1st evict sleep_millis(300) # before 1st evict nt.assert_equal('token', get_cached_token('key')) sleep_millis(300) # short enough so not expired nt.assert_equal('token', get_cached_token('key')) # 1st eviction will not delete sleep_millis(600) nt.assert_equal(0, len(token_cache)) # token was evicted in 2nd round. nt.assert_raises(KeyError, get_cached_token, 'key')
def test_validate_current_request(self): """ Tests EzSecurityClient.validateCurrentRequest. """ ezclient = self.get_client() x509 = X509Info( subject=ezclient.ez_props.get(MOCK_USER_DN) ) token = ProxyUserToken( x509=x509, issuedBy="EzSecurity", issuedTo="EFE", notAfter=current_time_millis() + 720000 # 720000 = 12 mins ) dn = util.serialize_to_json(token) # sig = util.ssl_sign(dn, self.rsa) sig = ezclient._mock_service_sign(dn) headers = { HTTP_HEADER_USER_INFO: dn, HTTP_HEADER_SIGNATURE: sig } self.assertTrue(ezclient.validate_current_request(headers))
def test__mock_service_sign(self): """ Tests EzSecurityClient._mock_service_sign """ ezclient = self.get_client() # test with mock = True x509 = X509Info( subject=ezclient.ez_props.get(MOCK_USER_DN) ) token = ProxyUserToken( x509=x509, issuedBy="EzSecurity", issuedTo="EFE", notAfter=current_time_millis() + 720000 # 720000 = 12 mins ) dn = util.serialize_to_json(token) sig1 = util.ssl_sign(dn, self.rsa) # manually loaded service priv key sig2 = ezclient._mock_service_sign(dn) self.assertEqual(sig1, sig2) # test with mock = False ezclient.mock = False self.assertRaises(ValueError, ezclient._mock_service_sign, dn)
def requestToken(self, request, signature): """ Responds with an instance of EzSecurityToken that is specific to the request type. :param request: :param signature: :return: """ token = None assert isinstance(request, TokenRequest), \ "request object is not an instance of TokenRequest" try: # user info if request.type == TokenType.USER: logger.debug("Token requested of type USER.") # prep EzSecurityPrincipal proxyToken = getattr(request.proxyPrincipal, 'proxyToken', "") token_principal = EzSecurityPrincipal( principal= proxyToken, name="Joe User", externalID="joe.user" ) # prep Authorizations formal_authorizations = ['A', 'B', 'C'] authorizations = Authorizations( formalAuthorizations=formal_authorizations ) # prep externalProjectGroups external_project_groups = { 'EzBake': ['Core'], '42six': ['Dev', 'Emp'], 'Nothing': ['groups', 'group2'] } # prep externalCommunities community_membership = CommunityMembership( name='EzBake', type='office', organization='EzBake', topics=['topic1', 'topic2'], regions=['region1', 'region2', 'region3'], flags={ 'ACIP': True }, groups=[] ) external_communities = {'EzBake': community_membership} # prep EzSecurityToken token = EzSecurityToken( tokenPrincipal=token_principal, authorizations=authorizations, citizenship="USA", authorizationLevel="low", organization="EzBake", externalProjectGroups=external_project_groups, externalCommunities=external_communities ) # app info elif request.type == TokenType.APP: logger.debug("Token requested of type APP.") # respond with app information if request.securityId == 'SecurityClientTest': # prep EzSecurityPrincipal token_principal = EzSecurityPrincipal( principal=request.securityId ) # prep Authorizations formal_authorizations = ['A', 'B', 'C'] authorizations = Authorizations( formalAuthorizations=formal_authorizations ) # prep AuthorizationLevel authorization_level = 'low' else: # prep Authorizations formal_authorizations = [] authorizations = Authorizations( formalAuthorizations=formal_authorizations ) # prep AuthorizationLevel authorization_level = '' token_principal = None token = EzSecurityToken( tokenPrincipal=token_principal, authorizations=authorizations, authorizationLevel=authorization_level ) # prep ValidityCaveats if token: validity_caveats = ValidityCaveats( issuedFor=request.targetSecurityId, issuedTo=request.securityId, notAfter=util.current_time_millis() + 600 * 1000 ) token.validity = validity_caveats data = util.serialize_token(token) token.validity.signature = base64.b64encode(ossl.sign(self.rsa, data, 'sha256')) token.validate() return token except Exception, e: traceback.format_exc() logger.exception("ERROR: Unable to process: %s" % e.message) raise
def _make_dn(subject): x509 = X509Info(subject=subject) token = ProxyUserToken(x509=x509, issuedBy="EzSecurity", issuedTo="EFE", notAfter=util.current_time_millis() + 720000) return jsonpickle.encode(token)
def thread_1(self): cache = TokenCache() sleep_millis(200) cache['key'] = (current_time_millis()+1000, 'token') sleep_millis(400)
def test_singleton(self): token_cache1 = TokenCache(100) token_cache2 = TokenCache(200) nt.assert_equal(token_cache1, token_cache2) token_cache1['key'] = (current_time_millis() + 10000, 'token') nt.assert_equal('token', token_cache2['key'])