def test_PLAIN_bad_pass_no_authzid(self): if "PLAIN" not in gsasl_client_mechanisms: raise unittest.SkipTest("GSASL has no PLAIN support") pwdb = PasswordDatabase("username", "bad") authenticator = sasl.server_authenticator_factory("PLAIN", pwdb) with self.assertRaises(OurSASLError) as err: self.try_with_gsasl("PLAIN", authenticator, {}) self.assertEqual(err.exception.args[0], "not-authorized")
def test_PLAIN_good_pass_no_authzid(self): if "PLAIN" not in gsasl_client_mechanisms: raise unittest.SkipTest("GSASL has no PLAIN support") pwdb = PasswordDatabase("username", "good") authenticator = sasl.server_authenticator_factory("PLAIN", pwdb) ok, props = self.try_with_gsasl("PLAIN", authenticator, {}) self.assertTrue(ok) self.assertFalse(props.get("authzid"))
def test_SCRAM_SHA_1_bad_pass_no_authzid(self): if "SCRAM-SHA-1" not in gsasl_client_mechanisms: raise unittest.SkipTest("GSASL has no SCRAM-SHA-1 support") pwdb = PasswordDatabase("username", "bad") authenticator = sasl.server_authenticator_factory("SCRAM-SHA-1", pwdb) auth_prop = {} with self.assertRaises(OurSASLError) as err: self.try_with_gsasl("SCRAM-SHA-1", authenticator, auth_prop, ["--no-cb"]) self.assertEqual(err.exception.args[0], "not-authorized")
def test_SCRAM_SHA_1_good_pass_authzid(self): if "SCRAM-SHA-1" not in gsasl_client_mechanisms: raise unittest.SkipTest( "GSASL has no SCRAM-SHA-1 support") pwdb = PasswordDatabase("username", "good") authenticator = sasl.server_authenticator_factory("SCRAM-SHA-1", pwdb) auth_prop = { } ok, props = self.try_with_gsasl("SCRAM-SHA-1", authenticator, auth_prop, [ "--no-cb", "--authorization-id=zid"]) self.assertTrue(ok) self.assertEqual(props.get("authzid"), "zid")
def test_SCRAM_SHA_1_good_pass_no_authzid(self): if "SCRAM-SHA-1" not in gsasl_client_mechanisms: raise unittest.SkipTest("GSASL has no SCRAM-SHA-1 support") pwdb = PasswordDatabase("username", "good") authenticator = sasl.server_authenticator_factory("SCRAM-SHA-1", pwdb) auth_prop = {"enabled_mechanisms": ["SCRAM-SHA-1"]} ok, props = self.try_with_gsasl("SCRAM-SHA-1", authenticator, auth_prop, ["--no-cb"]) self.assertTrue(ok) self.assertIsNone(props.get("authzid"))
def test_SCRAM_SHA_1_bad_pass_no_authzid(self): if "SCRAM-SHA-1" not in gsasl_client_mechanisms: raise unittest.SkipTest( "GSASL has no SCRAM-SHA-1 support") pwdb = PasswordDatabase("username", "bad") authenticator = sasl.server_authenticator_factory("SCRAM-SHA-1", pwdb) auth_prop = { } with self.assertRaises(OurSASLError) as err: self.try_with_gsasl("SCRAM-SHA-1", authenticator, auth_prop, [ "--no-cb"]) self.assertEqual(err.exception.args[0], "not-authorized")
def test_SCRAM_SHA_1_good_pass_downgrade(self): if "SCRAM-SHA-1" not in gsasl_client_mechanisms: raise unittest.SkipTest( "GSASL has no SCRAM-SHA-1 support") pwdb = PasswordDatabase("username", "good") authenticator = sasl.server_authenticator_factory("SCRAM-SHA-1", pwdb) auth_prop = { "enabled_mechanisms": ["SCRAM-SHA-1", "SCRAM-SHA-1-PLUS"]} cb_data = b"0123456789ab" with self.assertRaises(OurSASLError) as err: self.try_with_gsasl("SCRAM-SHA-1", authenticator, auth_prop, extra_data = standard_b64encode(cb_data)) self.assertEqual(err.exception.args[0], "not-authorized")
def test_SCRAM_SHA_1_PLUS_bad_pass_no_authzid(self): if "SCRAM-SHA-1-PLUS" not in gsasl_client_mechanisms: raise unittest.SkipTest( "GSASL has no SCRAM-SHA-1-PLUS support") pwdb = PasswordDatabase("username", "bad") authenticator = sasl.server_authenticator_factory("SCRAM-SHA-1-PLUS", pwdb) cb_data = b"0123456789ab" auth_prop = { "channel-binding": {"tls-unique": cb_data} } with self.assertRaises(OurSASLError) as err: self.try_with_gsasl("SCRAM-SHA-1-PLUS", authenticator, auth_prop, extra_data = standard_b64encode(cb_data)) self.assertEqual(err.exception.args[0], "not-authorized")
def test_SCRAM_SHA_1_PLUS_good_pass_authzid(self): if "SCRAM-SHA-1-PLUS" not in gsasl_client_mechanisms: raise unittest.SkipTest( "GSASL has no SCRAM-SHA-1-PLUS support") pwdb = PasswordDatabase("username", "good") authenticator = sasl.server_authenticator_factory("SCRAM-SHA-1-PLUS", pwdb) cb_data = b"0123456789ab" auth_prop = { "channel-binding": {"tls-unique": cb_data} } ok, props = self.try_with_gsasl("SCRAM-SHA-1-PLUS", authenticator, auth_prop, ["--authorization-id=zid"], extra_data = standard_b64encode(cb_data)) self.assertTrue(ok) self.assertEqual(props.get("authzid"), "zid")
def test_SCRAM_SHA_1_quoting(self): if "SCRAM-SHA-1" not in gsasl_client_mechanisms: raise unittest.SkipTest("GSASL has no SCRAM-SHA-1 support") pwdb = PasswordDatabase("pi=3,14", "good") authenticator = sasl.server_authenticator_factory("SCRAM-SHA-1", pwdb) auth_prop = {} ok, props = self.try_with_gsasl( "SCRAM-SHA-1", authenticator, auth_prop, ["--no-cb", "--authorization-id=e=2,72"], username="******") self.assertTrue(ok) self.assertEqual(props.get("authzid"), "e=2,72")
def test_SCRAM_SHA_1_good_pass_downgrade(self): if "SCRAM-SHA-1" not in gsasl_client_mechanisms: raise unittest.SkipTest("GSASL has no SCRAM-SHA-1 support") pwdb = PasswordDatabase("username", "good") authenticator = sasl.server_authenticator_factory("SCRAM-SHA-1", pwdb) auth_prop = {"enabled_mechanisms": ["SCRAM-SHA-1", "SCRAM-SHA-1-PLUS"]} cb_data = b"0123456789ab" with self.assertRaises(OurSASLError) as err: self.try_with_gsasl("SCRAM-SHA-1", authenticator, auth_prop, extra_data=standard_b64encode(cb_data)) self.assertEqual(err.exception.args[0], "not-authorized")
def test_SCRAM_SHA_1_PLUS_bad_pass_no_authzid(self): if "SCRAM-SHA-1-PLUS" not in gsasl_client_mechanisms: raise unittest.SkipTest("GSASL has no SCRAM-SHA-1-PLUS support") pwdb = PasswordDatabase("username", "bad") authenticator = sasl.server_authenticator_factory( "SCRAM-SHA-1-PLUS", pwdb) cb_data = b"0123456789ab" auth_prop = {"channel-binding": {"tls-unique": cb_data}} with self.assertRaises(OurSASLError) as err: self.try_with_gsasl("SCRAM-SHA-1-PLUS", authenticator, auth_prop, extra_data=standard_b64encode(cb_data)) self.assertEqual(err.exception.args[0], "not-authorized")
def test_SCRAM_SHA_1_PLUS_good_pass_authzid(self): if "SCRAM-SHA-1-PLUS" not in gsasl_client_mechanisms: raise unittest.SkipTest("GSASL has no SCRAM-SHA-1-PLUS support") pwdb = PasswordDatabase("username", "good") authenticator = sasl.server_authenticator_factory( "SCRAM-SHA-1-PLUS", pwdb) cb_data = b"0123456789ab" auth_prop = {"channel-binding": {"tls-unique": cb_data}} ok, props = self.try_with_gsasl("SCRAM-SHA-1-PLUS", authenticator, auth_prop, ["--authorization-id=zid"], extra_data=standard_b64encode(cb_data)) self.assertTrue(ok) self.assertEqual(props.get("authzid"), "zid")
def test_DIGEST_MD5_bad_pass_no_authzid(self): if "DIGEST-MD5" not in gsasl_client_mechanisms: raise unittest.SkipTest( "GSASL has no DIGEST-MD5 support") pwdb = PasswordDatabase("username", "bad") authenticator = sasl.server_authenticator_factory("DIGEST-MD5", pwdb) auth_prop = { "service-type": "xmpp", "service-domain": "pyxmpp.jajcus.net", "service-hostname": "test.pyxmpp.jajcus.net", } with self.assertRaises(OurSASLError) as err: self.try_with_gsasl("DIGEST-MD5", authenticator, auth_prop, [ "--service=xmpp", "--realm=jajcus.net", "--host=test.pyxmpp.jajcus.net", "--service-name=pyxmpp.jajcus.net", "--quality-of-protection=qop-auth"]) self.assertEqual(err.exception.args[0], "not-authorized")
def test_DIGEST_MD5_good_pass_no_authzid(self): if "DIGEST-MD5" not in gsasl_client_mechanisms: raise unittest.SkipTest( "GSASL has no DIGEST-MD5 support") pwdb = PasswordDatabase("username", "good") authenticator = sasl.server_authenticator_factory("DIGEST-MD5", pwdb) auth_prop = { "service-type": "xmpp", "service-domain": "pyxmpp.jajcus.net", "service-hostname": "test.pyxmpp.jajcus.net", } ok, props = self.try_with_gsasl("DIGEST-MD5", authenticator, auth_prop, [ "--service=xmpp", "--realm=jajcus.net", "--host=test.pyxmpp.jajcus.net", "--service-name=pyxmpp.jajcus.net", "--quality-of-protection=qop-auth"]) self.assertTrue(ok) self.assertIsNone(props.get("authzid"))
def test_DIGEST_MD5_bad_pass_no_authzid(self): if "DIGEST-MD5" not in gsasl_client_mechanisms: raise unittest.SkipTest("GSASL has no DIGEST-MD5 support") pwdb = PasswordDatabase("username", "bad") authenticator = sasl.server_authenticator_factory("DIGEST-MD5", pwdb) auth_prop = { "service-type": u"xmpp", "service-domain": u"pyxmpp.jajcus.net", "service-hostname": u"test.pyxmpp.jajcus.net", } with self.assertRaises(OurSASLError) as err: self.try_with_gsasl("DIGEST-MD5", authenticator, auth_prop, [ "--service=xmpp", "--realm=jajcus.net", "--host=test.pyxmpp.jajcus.net", "--service-name=pyxmpp.jajcus.net", "--quality-of-protection=qop-auth" ]) self.assertEqual(err.exception.args[0], "not-authorized")
def test_DIGEST_MD5_good_pass_authzid(self): if "DIGEST-MD5" not in gsasl_client_mechanisms: raise unittest.SkipTest("GSASL has no DIGEST-MD5 support") pwdb = PasswordDatabase("username", "good") authenticator = sasl.server_authenticator_factory("DIGEST-MD5", pwdb) auth_prop = { "service-type": u"xmpp", "service-domain": u"pyxmpp.jajcus.net", "service-hostname": u"test.pyxmpp.jajcus.net", } ok, props = self.try_with_gsasl( "DIGEST-MD5", authenticator, auth_prop, [ "--service=xmpp", "--realm=jajcus.net", "--host=test.pyxmpp.jajcus.net", "--service-name=pyxmpp.jajcus.net", "--quality-of-protection=qop-auth", "--authorization-id=zid" ]) self.assertTrue(ok) self.assertEqual(props.get("authzid"), "zid")