class NetworkSyncConnectionTestCase(TestCase): def setUp(self): self.profile = "facilitydata" self.root_scope_def = ScopeDefinition.objects.create( id="rootcert", profile=self.profile, version=1, primary_scope_param_key="mainpartition", description="Root cert for ${mainpartition}.", read_filter_template="", write_filter_template="", read_write_filter_template="${mainpartition}", ) self.subset_scope_def = ScopeDefinition.objects.create( id="subcert", profile=self.profile, version=1, primary_scope_param_key="", description= "Subset cert under ${mainpartition} for ${subpartition}.", read_filter_template="${mainpartition}", write_filter_template="${mainpartition}:${subpartition}", read_write_filter_template="", ) self.root_cert = Certificate.generate_root_certificate( self.root_scope_def.id) self.subset_cert = Certificate( parent=self.root_cert, profile=self.profile, scope_definition=self.subset_scope_def, scope_version=self.subset_scope_def.version, scope_params=json.dumps({ "mainpartition": self.root_cert.id, "subpartition": "abracadabra" }), private_key=Key(), ) self.root_cert.sign_certificate(self.subset_cert) self.subset_cert.save() self.controller = MorangoProfileController('facilitydata') self.network_connection = self.controller.create_network_connection( '127.0.0.1') @mock_patch_decorator def test_creating_sync_session_successful(self): self.assertEqual(SyncSession.objects.filter(active=True).count(), 0) NetworkSyncConnection._request.return_value.json.return_value = { 'signature': 'sig', 'local_fsic': '{}' } self.network_connection.create_sync_session(self.subset_cert, self.root_cert) self.assertEqual(SyncSession.objects.filter(active=True).count(), 1) @mock_patch_decorator def test_creating_sync_session_cert_fails_to_verify(self): Certificate.verify.return_value = False with self.assertRaises(CertificateSignatureInvalid): self.network_connection.create_sync_session( self.subset_cert, self.root_cert) @mock_patch_decorator def test_get_remote_certs(self): # mock certs being returned by server certs = self.subset_cert.get_ancestors(include_self=True) cert_serialized = json.dumps( CertificateSerializer(certs, many=True).data) NetworkSyncConnection._request.return_value.json.return_value = json.loads( cert_serialized) # we want to see if the models are created (not saved) successfully remote_certs = self.network_connection.get_remote_certificates('abc') self.assertSetEqual(set(certs), set(remote_certs)) @mock_patch_decorator def test_csr(self): # mock a "signed" cert being returned by server cert_serialized = json.dumps( CertificateSerializer(self.subset_cert).data) NetworkSyncConnection._request.return_value.json.return_value = json.loads( cert_serialized) self.subset_cert.delete() # we only want to make sure the "signed" cert is saved with mock.patch.object(Key, "get_private_key_string", return_value=self.subset_cert.private_key. get_private_key_string()): self.network_connection.certificate_signing_request( self.root_cert, '', '') self.assertTrue( Certificate.objects.filter( id=json.loads(cert_serialized)['id']).exists()) @mock_patch_decorator def test_get_cert_chain(self): # mock a cert chain being returned by server certs = self.subset_cert.get_ancestors(include_self=True) original_cert_count = certs.count() cert_serialized = json.dumps( CertificateSerializer(certs, many=True).data) NetworkSyncConnection._request.return_value.json.return_value = json.loads( cert_serialized) Certificate.objects.all().delete() # we only want to make sure the cert chain is saved self.network_connection._get_certificate_chain(certs[1]) self.assertEqual(Certificate.objects.count(), original_cert_count)
class NetworkSyncConnectionTestCase(LiveServerTestCase): def setUp(self): self.profile = "facilitydata" self.root_scope_def = ScopeDefinition.objects.create( id="rootcert", profile=self.profile, version=1, primary_scope_param_key="mainpartition", description="Root cert for ${mainpartition}.", read_filter_template="", write_filter_template="", read_write_filter_template="${mainpartition}", ) self.subset_scope_def = ScopeDefinition.objects.create( id="subcert", profile=self.profile, version=1, primary_scope_param_key="", description= "Subset cert under ${mainpartition} for ${subpartition}.", read_filter_template="${mainpartition}", write_filter_template="${mainpartition}:${subpartition}", read_write_filter_template="", ) self.root_cert = Certificate.generate_root_certificate( self.root_scope_def.id) self.subset_cert = Certificate( parent=self.root_cert, profile=self.profile, scope_definition=self.subset_scope_def, scope_version=self.subset_scope_def.version, scope_params=json.dumps({ "mainpartition": self.root_cert.id, "subpartition": "abracadabra" }), private_key=Key(), ) self.root_cert.sign_certificate(self.subset_cert) self.subset_cert.save() self.unsaved_cert = Certificate( parent=self.root_cert, profile=self.profile, scope_definition=self.subset_scope_def, scope_version=self.subset_scope_def.version, scope_params=json.dumps({ "mainpartition": self.root_cert.id, "subpartition": "other" }), public_key=Key(), ) self.root_cert.sign_certificate(self.unsaved_cert) self.controller = MorangoProfileController('facilitydata') self.network_connection = self.controller.create_network_connection( self.live_server_url) self.key = SharedKey.get_or_create_shared_key() @mock.patch.object(SyncSession.objects, 'create', return_value=None) def test_creating_sync_session_successful(self, mock_object): self.assertEqual(SyncSession.objects.filter(active=True).count(), 0) self.network_connection.create_sync_session(self.subset_cert, self.root_cert) self.assertEqual(SyncSession.objects.filter(active=True).count(), 1) @mock.patch.object(NetworkSyncConnection, '_create_sync_session') @mock.patch.object(Certificate, 'verify', return_value=False) def test_creating_sync_session_cert_fails_to_verify( self, mock_verify, mock_create): mock_create.return_value.json.return_value = {} with self.assertRaises(CertificateSignatureInvalid): self.network_connection.create_sync_session( self.subset_cert, self.root_cert) def test_get_remote_certs(self): certs = self.subset_cert.get_ancestors(include_self=True) remote_certs = self.network_connection.get_remote_certificates( self.root_cert.id) self.assertSetEqual(set(certs), set(remote_certs)) @mock.patch.object(NetworkSyncConnection, '_request') def test_csr(self, mock_request): # mock a "signed" cert being returned by server cert_serialized = json.dumps( CertificateSerializer(self.subset_cert).data) mock_request.return_value.json.return_value = json.loads( cert_serialized) self.subset_cert.delete() # we only want to make sure the "signed" cert is saved with mock.patch.object(Key, "get_private_key_string", return_value=self.subset_cert.private_key. get_private_key_string()): self.network_connection.certificate_signing_request( self.root_cert, '', '') self.assertTrue( Certificate.objects.filter( id=json.loads(cert_serialized)['id']).exists()) @override_settings(ALLOW_CERTIFICATE_PUSHING=True) def test_push_signed_client_certificate_chain(self): cert = self.network_connection.push_signed_client_certificate_chain( self.root_cert, self.subset_scope_def.id, { "mainpartition": self.root_cert.id, "subpartition": "abracadabra" }) self.assertEqual(cert.private_key, None) self.assertTrue(Certificate.objects.filter(id=cert.id).exists()) @override_settings(ALLOW_CERTIFICATE_PUSHING=True) def test_push_signed_client_certificate_chain_publickey_error(self): with mock.patch.object(NetworkSyncConnection, '_get_public_key'): NetworkSyncConnection._get_public_key.return_value.json.return_value = [ { 'public_key': Key().get_public_key_string() } ] with self.assertRaises(HTTPError) as e: self.network_connection.push_signed_client_certificate_chain( self.root_cert, self.subset_scope_def.id, { "mainpartition": self.root_cert.id, "subpartition": "abracadabra" }) self.assertEqual(e.exception.response.status_code, 400) @override_settings(ALLOW_CERTIFICATE_PUSHING=True) def test_push_signed_client_certificate_chain_bad_cert(self): with self.assertRaises(HTTPError) as e: self.network_connection.push_signed_client_certificate_chain( self.root_cert, self.subset_scope_def.id, {"bad": "scope_params"}) self.assertEqual(e.exception.response.status_code, 400) @override_settings(ALLOW_CERTIFICATE_PUSHING=True) @mock.patch.object(NetworkSyncConnection, '_get_nonce') def test_push_signed_client_certificate_chain_nonce_error( self, mock_nonce): mock_nonce.return_value.json.return_value = {'id': uuid.uuid4().hex} with self.assertRaises(HTTPError) as e: self.network_connection.push_signed_client_certificate_chain( self.root_cert, self.subset_scope_def.id, { "mainpartition": self.root_cert.id, "subpartition": "abracadabra" }) self.assertEqual(e.exception.response.status_code, 403) def test_push_signed_client_certificate_chain_not_allowed(self): with self.assertRaises(MorangoServerDoesNotAllowNewCertPush) as e: self.network_connection.push_signed_client_certificate_chain( self.root_cert, self.subset_scope_def.id, { "mainpartition": self.root_cert.id, "subpartition": "abracadabra" }) self.assertEqual(e.exception.response.status_code, 403) def test_get_cert_chain(self): response = self.network_connection._get_certificate_chain( self.subset_cert) data = response.json() self.assertEqual(len(data), Certificate.objects.count()) self.assertEqual(data[0]['id'], self.root_cert.id) self.assertEqual(data[1]['id'], self.subset_cert.id)