Exemplo n.º 1
0
 def test_authentication_roundtrip_mitm1(self):
     auth_server = server.AuthServer("server_secret", DummyKeyProvider(),
                                     "server.name")
     challenge = auth_server.create_challenge("test")
     try:
         create_response(challenge, "another.server",
                                ssh.SingleKeySigner(test_priv_key))
         self.fail("Should have gotten InvalidInputException")
     except exceptions.InvalidInputException:
         pass
Exemplo n.º 2
0
 def test_authentication_roundtrip_mitm1(self):
     auth_server = server.AuthServer("server_secret", DummyKeyProvider(),
                                     "server.name")
     challenge = auth_server.create_challenge("test")
     try:
         create_response(challenge, "another.server",
                         ssh.SingleKeySigner(test_priv_key))
         self.fail("Should have gotten InvalidInputException")
     except exceptions.InvalidInputException:
         pass
Exemplo n.º 3
0
 def test_authentication_roundtrip_v1(self):
     auth_server = server.AuthServer("server_secret", DummyKeyProvider(),
                                     "server.name")
     challenge = auth_server.create_challenge("test", 1)
     response = create_response(challenge, "server.name",
                                       ssh.SingleKeySigner(test_priv_key))
     token = auth_server.create_token(response)
     self.assertTrue(auth_server.validate_token(token))
Exemplo n.º 4
0
 def test_authentication_roundtrip_v1(self):
     auth_server = server.AuthServer("server_secret", DummyKeyProvider(),
                                     "server.name")
     challenge = auth_server.create_challenge("test", 1)
     response = create_response(challenge, "server.name",
                                ssh.SingleKeySigner(test_priv_key))
     token = auth_server.create_token(response)
     self.assertTrue(auth_server.validate_token(token))
Exemplo n.º 5
0
 def test_authentication_roundtrip_mitm2(self):
     auth_server_a = server.AuthServer("server_secret", DummyKeyProvider(),
                                       "server.name")
     challenge = auth_server_a.create_challenge("test")
     response = create_response(challenge, "server.name",
                                       ssh.SingleKeySigner(test_priv_key))
     auth_server_b = server.AuthServer("server_secret", DummyKeyProvider(),
                                       "another.server")
     try:
         auth_server_b.create_token(response)
         self.fail("should have thrown exception")
     except exceptions.InvalidInputException:
         pass
Exemplo n.º 6
0
 def test_authentication_roundtrip_mitm2(self):
     auth_server_a = server.AuthServer("server_secret", DummyKeyProvider(),
                                       "server.name")
     challenge = auth_server_a.create_challenge("test")
     response = create_response(challenge, "server.name",
                                ssh.SingleKeySigner(test_priv_key))
     auth_server_b = server.AuthServer("server_secret", DummyKeyProvider(),
                                       "another.server")
     try:
         auth_server_b.create_token(response)
         self.fail("should have thrown exception")
     except exceptions.InvalidInputException:
         pass
Exemplo n.º 7
0
 def test_create_token_too_old(self):
     auth_server_a = server.AuthServer("server_secret", DummyKeyProvider(),
                                       "server.name")
     challenge = auth_server_a.create_challenge("test")
     response = create_response(challenge, "server.name",
                                       ssh.SingleKeySigner(test_priv_key))
     auth_server_b = server.AuthServer("server_secret", DummyKeyProvider(),
                                       "server.name",
                                       now_func=lambda: time.time() + 1000)
     try:
         auth_server_b.create_token(response)
         self.fail("Should have issued InvalidInputException, "
                   "challenge too old")
     except exceptions.InvalidInputException:
         pass
Exemplo n.º 8
0
 def test_validate_token_too_new(self):
     auth_server_a = server.AuthServer("server_secret", DummyKeyProvider(),
                                       "server.name")
     challenge = auth_server_a.create_challenge("test")
     response = create_response(challenge, "server.name",
                                       ssh.SingleKeySigner(test_priv_key))
     token = auth_server_a.create_token(response)
     auth_server_b = server.AuthServer("server_secret", DummyKeyProvider(),
                                       "server.name",
                                       now_func=lambda: time.time() - 1000)
     try:
         auth_server_b.validate_token(token)
         self.fail("Should have issued TokenExpiredException, "
                   "token too new")
     except exceptions.TokenExpiredException:
         pass
Exemplo n.º 9
0
def _authenticate(base_url, username, private_key_filename):

    try:
        with open(private_key_filename) as f:
            signer = ssh.SingleKeySigner(f.read())
    except:
        sys.stderr.write("ERROR: Key file must be a passphraseless private key " "generated by ssh-keygen")
        sys.exit(1)

    challenge = _auth_get(base_url, "request:%s" % client.create_request(username))
    hostname = urlparse.urlparse(base_url).netloc
    if hostname.index(":") != -1:
        # netloc might contain port information as well
        hostname = hostname[: hostname.index(":")]
    response = client.create_response(challenge, hostname, signer)
    return _auth_get(base_url, "response:" + response)
Exemplo n.º 10
0
 def test_create_token_too_old(self):
     auth_server_a = server.AuthServer("server_secret", DummyKeyProvider(),
                                       "server.name")
     challenge = auth_server_a.create_challenge("test")
     response = create_response(challenge, "server.name",
                                ssh.SingleKeySigner(test_priv_key))
     auth_server_b = server.AuthServer("server_secret",
                                       DummyKeyProvider(),
                                       "server.name",
                                       now_func=lambda: time.time() + 1000)
     try:
         auth_server_b.create_token(response)
         self.fail("Should have issued InvalidInputException, "
                   "challenge too old")
     except exceptions.InvalidInputException:
         pass
Exemplo n.º 11
0
 def test_validate_token_too_new(self):
     auth_server_a = server.AuthServer("server_secret", DummyKeyProvider(),
                                       "server.name")
     challenge = auth_server_a.create_challenge("test")
     response = create_response(challenge, "server.name",
                                ssh.SingleKeySigner(test_priv_key))
     token = auth_server_a.create_token(response)
     auth_server_b = server.AuthServer("server_secret",
                                       DummyKeyProvider(),
                                       "server.name",
                                       now_func=lambda: time.time() - 1000)
     try:
         auth_server_b.validate_token(token)
         self.fail("Should have issued TokenExpiredException, "
                   "token too new")
     except exceptions.TokenExpiredException:
         pass
Exemplo n.º 12
0
def _authenticate(base_url, username, private_key_filename):

    try:
        with open(private_key_filename) as f:
            signer = ssh.SingleKeySigner(f.read())
    except:
        sys.stderr.write(
            'ERROR: Key file must be a passphraseless private key '
            'generated by ssh-keygen')
        sys.exit(1)

    challenge = _auth_get(base_url,
                          'request:%s' % client.create_request(username))
    hostname = urlparse.urlparse(base_url).netloc
    if hostname.index(':') != -1:
        # netloc might contain port information as well
        hostname = hostname[:hostname.index(':')]
    response = client.create_response(challenge, hostname, signer)
    return _auth_get(base_url, 'response:' + response)
Exemplo n.º 13
0
    def _challenge_response(self, response, **kwargs):
        """Extracts a CHAP challenge from response headers and forms a response.

        Args:
            response: An instance of requests.Response() with the
                'X-CHAP:challenge' header.
            **kwargs: Keyword arguments to pass with subsequent requests.

        Returns:
            An instance of requests.Response() with the appropriate
                'X-CHAP:token' header.

        Raises:
            HttpCrtAuthError: When the X-CHAP:challenge header is missing.
        """
        if response.status_code / 400 == 1:
            raise HttpCrtAuthError(
                ('%s response in challenge reply. '
                    '(Is the server aware of your username or key?)') %
                response.status_code)
        if 'X-CHAP' not in response.headers:
            raise HttpCrtAuthError('Missing CHAP headers in challenge reply.')

        chap_type, chap_challenge = _parse_chap_header(response.headers)
        if chap_type != 'challenge':
            raise HttpCrtAuthError('Missing CHAP challenge in challenge reply.')

        logging.debug('Sending response to challenge %s', chap_challenge)
        request = _consume_response(response)
        challenge_response = crtauth_client.create_response(
            chap_challenge,
            _crtauth_server_name(request.url),
            self.signer)
        request.headers['X-CHAP'] = 'response:%s' % challenge_response
        token_reply = response.connection.send(request, **kwargs)
        token_reply.history.append(response)
        return token_reply