def test_init_with_args(self): """ Test that an Authentication struct can be constructed with arguments. """ authentication = contents.Authentication( credentials=[ objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******" ) ) ] ) self.assertEqual(1, len(authentication.credentials)) self.assertEqual( objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******" ) ), authentication.credentials[0] )
def test_invalid_credentials_list(self): """ Test that a TypeError is raised when an invalid list is used to set the credentials of an Authentication struct. """ kwargs = { 'credentials': [ objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******")), 'invalid' ] } self.assertRaisesRegex( TypeError, "Credentials must be a list of Credential structs. Item 2 has " "type: {}".format(type('invalid')), contents.Authentication, **kwargs) authentication = contents.Authentication() args = (authentication, "credentials", [ objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******")), 'invalid' ]) self.assertRaisesRegex( TypeError, "Credentials must be a list of Credential structs. Item 2 has " "type: {}".format(type('invalid')), setattr, *args)
def test_write(self): """ Test that an Authentication struct can be written to a data stream. """ # Test with a single UsernamePasswordCredential. authentication = contents.Authentication(credentials=[ objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******")) ]) stream = utils.BytearrayStream() authentication.write(stream) self.assertEqual(len(self.username_password_encoding), len(stream)) self.assertEqual(str(self.username_password_encoding), str(stream)) # Test with a single DeviceCredential. authentication = contents.Authentication(credentials=[ objects.Credential(credential_type=enums.CredentialType.DEVICE, credential_value=objects.DeviceCredential( device_serial_number="serNum123456", password="******", device_identifier="devID2233", network_identifier="netID9000", machine_identifier="machineID1", media_identifier="mediaID313")) ]) stream = utils.BytearrayStream() authentication.write(stream) self.assertEqual(len(self.device_encoding), len(stream)) self.assertEqual(str(self.device_encoding), str(stream)) # Test with multiple Credentials. authentication = contents.Authentication(credentials=[ objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******")), objects.Credential(credential_type=enums.CredentialType.DEVICE, credential_value=objects.DeviceCredential( device_serial_number="serNum123456", password="******", device_identifier="devID2233", network_identifier="netID9000", machine_identifier="machineID1", media_identifier="mediaID313")) ]) stream = utils.BytearrayStream() authentication.write(stream) self.assertEqual(len(self.multiple_credentials_encoding), len(stream)) self.assertEqual(str(self.multiple_credentials_encoding), str(stream))
def test_not_equal_on_not_equal_credentials(self): """ Test that the inequality operator returns True when comparing two Authentication structs with different credentials. """ a = contents.Authentication( credentials=[ objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******" ) ) ] ) b = contents.Authentication( credentials=[ objects.Credential( credential_type=enums.CredentialType.DEVICE, credential_value=objects.DeviceCredential( device_serial_number="serNum123456", password="******", device_identifier="devID2233", network_identifier="netID9000", machine_identifier="machineID1", media_identifier="mediaID313" ) ) ] ) self.assertTrue(a != b) self.assertTrue(b != a)
def create_username_password_credential(value): username = value.get('Username') password = value.get('Password') return objects.UsernamePasswordCredential( username=username, password=password )
def test_handle_message_loop_with_authentication_failure( self, request_mock, cert_mock): """ Test that the correct logging and error handling occurs when an authentication error is generated while processing a request. """ data = utils.BytearrayStream(()) cert_mock.return_value = 'test_certificate' kmip_engine = engine.KmipEngine() kmip_engine._logger = mock.MagicMock() kmip_session = session.KmipSession(kmip_engine, None, None, name='name', enable_tls_client_auth=False) kmip_session.authenticate = mock.MagicMock() kmip_session.authenticate.side_effect = exceptions.PermissionDenied( "Authentication failed.") kmip_session._engine = mock.MagicMock() kmip_session._engine.default_protocol_version = \ kmip_engine.default_protocol_version kmip_session._logger = mock.MagicMock() kmip_session._connection = mock.MagicMock() kmip_session._receive_request = mock.MagicMock(return_value=data) kmip_session._send_response = mock.MagicMock() fake_version = contents.ProtocolVersion(1, 2) fake_credential = objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******")) fake_header = messages.RequestHeader( protocol_version=fake_version, authentication=contents.Authentication( credentials=[fake_credential])) fake_request = messages.RequestMessage() fake_request.request_header = fake_header fake_request.read = mock.MagicMock() request_mock.return_value = fake_request kmip_session._handle_message_loop() kmip_session._receive_request.assert_called_once_with() fake_request.read.assert_called_once_with( data, kmip_version=enums.KMIPVersion.KMIP_1_2) kmip_session.authenticate.assert_called_once_with( "test_certificate", fake_request) kmip_session._logger.warning.assert_called_once_with( "Authentication failed.") kmip_session._engine.build_error_response.assert_called_once_with( fake_version, enums.ResultReason.AUTHENTICATION_NOT_SUCCESSFUL, "An error occurred during client authentication. " "See server logs for more information.") kmip_session._logger.exception.assert_not_called() self.assertTrue(kmip_session._send_response.called)
def test_authenticate_against_slugs(self, mock_connector): """ Test that the session correctly handles authentication with SLUGS. """ mock_instance = mock.MagicMock() mock_instance.authenticate.return_value = ("John Doe", ["Group A"]) mock_connector.return_value = mock_instance kmip_session = session.KmipSession( None, None, ("127.0.0.1", 48026), name='TestSession', auth_settings=[( "auth:slugs", {"enabled": "True", "url": "test_url"} )] ) kmip_session._logger = mock.MagicMock() fake_credential = objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******" ) ) fake_request = messages.RequestMessage( request_header=messages.RequestHeader( authentication=contents.Authentication( credentials=[fake_credential] ) ) ) result = kmip_session.authenticate( "fake_certificate", fake_request ) mock_connector.assert_any_call("test_url") kmip_session._logger.debug.assert_any_call( "Authenticating with plugin: auth:slugs" ) mock_instance.authenticate.assert_any_call( "fake_certificate", (("127.0.0.1", 48026), kmip_session._session_time), fake_request.request_header.authentication.credentials ) kmip_session._logger.debug( "Authentication succeeded for client identity: John Doe" ) self.assertEqual(2, len(result)) self.assertEqual("John Doe", result[0]) self.assertEqual(["Group A"], result[1])
def test_authenticate_against_slugs_with_failure(self, mock_connector): """ Test that the session correctly handles a SLUGS authentication error. """ mock_instance = mock.MagicMock() test_exception = exceptions.PermissionDenied( "Unrecognized user ID: John Doe" ) mock_instance.authenticate.side_effect = test_exception mock_connector.return_value = mock_instance kmip_session = session.KmipSession( None, None, ("127.0.0.1", 48026), name='TestSession', auth_settings=[( "auth:slugs", {"enabled": "True", "url": "test_url"} )] ) kmip_session._logger = mock.MagicMock() fake_credential = objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******" ) ) fake_request = messages.RequestMessage( request_header=messages.RequestHeader( authentication=contents.Authentication( credentials=[fake_credential] ) ) ) args = ("fake_certificate", fake_request) self.assertRaisesRegexp( exceptions.PermissionDenied, "Authentication failed.", kmip_session.authenticate, *args ) mock_connector.assert_any_call("test_url") kmip_session._logger.debug.assert_any_call( "Authenticating with plugin: auth:slugs" ) kmip_session._logger.warning.assert_any_call("Authentication failed.") kmip_session._logger.exception.assert_any_call(test_exception)
def test_str(self): """ Test that str can be applied to an Authentication struct. """ # Test with a UsernamePasswordCredential. authentication = contents.Authentication(credentials=[ objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******")) ]) expected = str({ "credentials": [{ "credential_type": enums.CredentialType.USERNAME_AND_PASSWORD, "credential_value": str({ "username": "******", "password": "******" }) }] }) observed = str(authentication) self.assertEqual(expected, observed) # Test with a DeviceCredential. authentication = contents.Authentication(credentials=[ objects.Credential(credential_type=enums.CredentialType.DEVICE, credential_value=objects.DeviceCredential( device_serial_number="serNum123456", password="******", device_identifier="devID2233", network_identifier="netID9000", machine_identifier="machineID1", media_identifier="mediaID313")) ]) expected = str({ "credentials": [{ "credential_type": enums.CredentialType.DEVICE, "credential_value": str({ "device_serial_number": "serNum123456", "password": "******", "device_identifier": "devID2233", "network_identifier": "netID9000", "machine_identifier": "machineID1", "media_identifier": "mediaID313" }) }] }) observed = str(authentication) self.assertEqual(expected, observed) # Test with multiple Credentials. authentication = contents.Authentication(credentials=[ objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******")), objects.Credential(credential_type=enums.CredentialType.DEVICE, credential_value=objects.DeviceCredential( device_serial_number="serNum123456", password="******", device_identifier="devID2233", network_identifier="netID9000", machine_identifier="machineID1", media_identifier="mediaID313")) ]) expected = str({ "credentials": [{ "credential_type": enums.CredentialType.USERNAME_AND_PASSWORD, "credential_value": str({ "username": "******", "password": "******" }) }, { "credential_type": enums.CredentialType.DEVICE, "credential_value": str({ "device_serial_number": "serNum123456", "password": "******", "device_identifier": "devID2233", "network_identifier": "netID9000", "machine_identifier": "machineID1", "media_identifier": "mediaID313" }) }] }) observed = str(authentication) self.assertEqual(expected, observed)
def test_repr(self): """ Test that repr can be applied to an Authentication struct. """ # Test with a UsernamePasswordCredential. authentication = contents.Authentication(credentials=[ objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******")) ]) expected = ("Authentication(" "credentials=[" "Credential(" "credential_type=CredentialType.USERNAME_AND_PASSWORD, " "credential_value=UsernamePasswordCredential(" "username='******', " "password='******'))])") observed = repr(authentication) self.assertEqual(expected, observed) # Test with a DeviceCredential. authentication = contents.Authentication(credentials=[ objects.Credential(credential_type=enums.CredentialType.DEVICE, credential_value=objects.DeviceCredential( device_serial_number="serNum123456", password="******", device_identifier="devID2233", network_identifier="netID9000", machine_identifier="machineID1", media_identifier="mediaID313")) ]) expected = ("Authentication(" "credentials=[" "Credential(" "credential_type=CredentialType.DEVICE, " "credential_value=DeviceCredential(" "device_serial_number='serNum123456', " "password='******', " "device_identifier='devID2233', " "network_identifier='netID9000', " "machine_identifier='machineID1', " "media_identifier='mediaID313'))])") observed = repr(authentication) self.assertEqual(expected, observed) # Test with multiple Credentials. authentication = contents.Authentication(credentials=[ objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******")), objects.Credential(credential_type=enums.CredentialType.DEVICE, credential_value=objects.DeviceCredential( device_serial_number="serNum123456", password="******", device_identifier="devID2233", network_identifier="netID9000", machine_identifier="machineID1", media_identifier="mediaID313")) ]) expected = ("Authentication(" "credentials=[" "Credential(" "credential_type=CredentialType.USERNAME_AND_PASSWORD, " "credential_value=UsernamePasswordCredential(" "username='******', " "password='******')), " "Credential(" "credential_type=CredentialType.DEVICE, " "credential_value=DeviceCredential(" "device_serial_number='serNum123456', " "password='******', " "device_identifier='devID2233', " "network_identifier='netID9000', " "machine_identifier='machineID1', " "media_identifier='mediaID313'))])") observed = repr(authentication) self.assertEqual(expected, observed)
def test_read(self): """ Test that an Authentication struct can be read from a data stream. """ # Test with a single UsernamePasswordCredential. authentication = contents.Authentication() self.assertEqual([], authentication.credentials) authentication.read(self.username_password_encoding) self.assertEqual(1, len(authentication.credentials)) self.assertEqual( objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******")), authentication.credentials[0]) # Test with a single DeviceCredential. authentication = contents.Authentication() self.assertEqual([], authentication.credentials) authentication.read(self.device_encoding) self.assertEqual(1, len(authentication.credentials)) self.assertEqual( objects.Credential(credential_type=enums.CredentialType.DEVICE, credential_value=objects.DeviceCredential( device_serial_number="serNum123456", password="******", device_identifier="devID2233", network_identifier="netID9000", machine_identifier="machineID1", media_identifier="mediaID313")), authentication.credentials[0]) # Test with multiple Credentials. authentication = contents.Authentication() self.assertEqual([], authentication.credentials) authentication.read(self.multiple_credentials_encoding) self.assertEqual(2, len(authentication.credentials)) self.assertEqual( objects.Credential( credential_type=enums.CredentialType.USERNAME_AND_PASSWORD, credential_value=objects.UsernamePasswordCredential( username="******", password="******")), authentication.credentials[0]) self.assertEqual( objects.Credential(credential_type=enums.CredentialType.DEVICE, credential_value=objects.DeviceCredential( device_serial_number="serNum123456", password="******", device_identifier="devID2233", network_identifier="netID9000", machine_identifier="machineID1", media_identifier="mediaID313")), authentication.credentials[1])