def test_proof_of_possession( self ): transport_id = 'encrypted_tcp' transport_request = self.make_tcp_transport_request(self.session_list, transport_id, obj_id='1', command_id='echo', test_param='hi') response_transport_packets = self.remoting.process_packet(self.iface_registry, self.server, self.session_list, transport_request) challenge = self.pick_pop_channelge_from_responses(transport_id, response_transport_packets) identity_1 = Identity.generate(fast=True) identity_2 = Identity.generate(fast=True) pop_record_1 = tPopRecord( identity_1.get_public_key().to_der(), identity_1.sign(challenge)) pop_record_2 = tPopRecord( identity_2.get_public_key().to_der(), identity_2.sign(challenge + b'x')) # make invlid signature; verification must fail transport_request = self.encode_pop_transport_request(transport_id, challenge, [pop_record_1, pop_record_2]) response_transport_packets = self.remoting.process_packet(self.iface_registry, self.server, self.session_list, transport_request) session = self.session_list.get_transport_session(transport_id) self.assertIn(identity_1.get_public_key(), session.peer_public_keys) self.assertNotIn(identity_2.get_public_key(), session.peer_public_keys)
def test_unauthorized_request_reprocess( self ): transport_id = 'encrypted_tcp' transport_request = self.make_tcp_transport_request(self.session_list, transport_id, obj_id='1', command_id='required_auth') response_transport_packets = self.remoting.process_packet( self.iface_registry, self.server, self.session_list, transport_request) challenge = self.pick_pop_channelge_from_responses(transport_id, response_transport_packets) authorized_peer_identity pop_record = tPopRecord( authorized_peer_identity.get_public_key().to_der(), authorized_peer_identity.sign(challenge)) transport_request = self.encode_pop_transport_request(transport_id, challenge, [pop_record]) response_transport_packets = self.remoting.process_packet( self.iface_registry, self.server, self.session_list, transport_request) response = self.decode_tcp_transport_response(self.session_list, transport_id, response_transport_packets) self.assertIsNotNone(response) # now, after pop is received, first request must be processed self.assertEqual('ok', response.result.test_result)