def test_challenge_no_key(self):
"""
Tests challenge function if there is no key for the client.
"""
avatar = RSAAvatar(self.priv_key, None, None)
result = avatar.perspective_auth_challenge()
self.assertEquals(result, -1, 'No public key for client, challenge result should be error (-1)')
def test_response_before_challenge(self):
"""
Test sending a response before a challenge has been created
"""
avatar = RSAAvatar(self.priv_key, None, None, key_size=KEY_SIZE)
result = avatar.perspective_auth_response(None)
self.assertEqual(result, 0, 'auth_response should return error (0) when called before auth_challenge')
def test_key_exchange(self):
"""
Tests the auth function before the client has paired. This triggers
key exchanging.
Verifies:
* remote command "exchange_keys" is sent
* Avatar response is received and decoded
* response triggers client save_key to be called
* server key is received
* response triggers server save_key to be called
* client key is received
"""
client = RSAClient(self.priv_key, self.pub_key_values)
remote = RemoteProxy()
save_key_server = CallProxy(None, False)
save_key_client = CallProxy(None, False)
client.auth(remote, save_key=save_key_client)
args, kwargs, deferred = remote.assertCalled(self, 'exchange_keys')
avatar = RSAAvatar(self.priv_key, self.pub_key_values, self.pub_key, save_key=save_key_server, key_size=KEY_SIZE)
deferred.callback(avatar.perspective_exchange_keys(*args[1:]))
args, kwargs = save_key_server.assertCalled(self)
key = simplejson.loads(''.join(args[0]))
self.assert_(key==self.pub_key_values, 'keys do not match')
args, kwargs = save_key_client.assertCalled(self)
key = simplejson.loads(''.join(args[0]))
self.assert_(key==self.pub_key_values, 'keys do not match')
def test_challenge(self):
"""
Test a normal challenge where both keys are present
"""
avatar = RSAAvatar(self.priv_key, None, self.pub_key, key_size=KEY_SIZE)
challenge = avatar.perspective_auth_challenge()
self.verify_challenge(challenge, avatar.challenge)
def test_response_first_use(self):
"""
Test the response function when first_use_flag is set
"""
avatar = RSAAvatar(self.priv_key, None, None, key_size=KEY_SIZE)
challenge = avatar.perspective_auth_challenge()
result = avatar.perspective_auth_response(None)
self.assertFalse(result, 'auth_response should return None if handshake is successful')
self.assert_(avatar.authenticated, 'avatar.authenticated flag should be True if auth_response succeeds')
def test_response(self):
"""
Test the response function given the correct response
"""
avatar = RSAAvatar(self.priv_key, None, self.pub_key, key_size=KEY_SIZE)
challenge = avatar.perspective_auth_challenge()
response = self.create_response(challenge)
result = avatar.perspective_auth_response(response)
self.assertFalse(result, 'auth_response should return None if handshake is successful')
self.assert_(avatar.authenticated, 'avatar.authenticated flag should be True if auth_response succeeds')
def test_challenge_no_key_first_use(self):
"""
Tests challenge function when there is no key, but the first_use flag is set.
"""
avatar = RSAAvatar(self.priv_key, None, None, key_size=KEY_SIZE)
challenge = avatar.perspective_auth_challenge()
# challenge should be None, no_key_first_use is a flag to allow keyless access the first
# time authenticating, which happens prior to key exchange
self.assertFalse(challenge, avatar.challenge)
def test_success_callback(self):
"""
Test the callback after a successful auth
"""
avatar = RSAAvatar(self.priv_key, None, self.pub_key, authenticated_callback=self.callback, key_size=KEY_SIZE)
challenge = avatar.perspective_auth_challenge()
response = self.create_response(challenge)
result = avatar.perspective_auth_response(response)
self.assert_(self.callback_avatar, 'Callback was not called after success')
self.assertEqual(self.callback_avatar, avatar, 'Callback was not called after success')
def test_bad_response(self):
"""
Test the response function when given an incorrect response
"""
avatar = RSAAvatar(self.priv_key, None, self.pub_key, key_size=KEY_SIZE)
challenge = avatar.perspective_auth_challenge()
#create response that can't be string because its longer than the hash
response = secureRandom(600)
result = avatar.perspective_auth_response(response)
self.assertEqual(result, -1, 'auth_response should return error (-1) when given bad response')
self.assertFalse(avatar.authenticated, 'avatar.authenticated flag should be False if auth_response fails')
def test_get_key(self):
"""
Test getting the server's public key values as chunked json.
Verify:
* chunks deserialize back into key
"""
avatar = RSAAvatar(self.priv_key, self.pub_key_values, self.pub_key, key_size=KEY_SIZE)
chunks = avatar.perspective_get_key()
deserialized = simplejson.loads(''.join(chunks))
self.assert_(self.pub_key_values==deserialized, "deserialized key doesn't match")
def test_auth_challenge_no_server_key(self):
"""
Tests auth_challenge when server key is None.
"""
client = RSAClient(self.priv_key)
avatar = RSAAvatar(self.priv_key, None, self.pub_key, key_size=KEY_SIZE)
remote = RemoteProxy()
challenge = avatar.perspective_auth_challenge()
client.auth_challenge(challenge, remote, None)
#verify that auth_response got called
self.assertEqual(remote.func, 'auth_response', 'Calling auth_challenge should trigger auth_response call on server')
#verify the correct response was sent
self.assertFalse(remote.kwargs['response'], 'Response did not match the expected response')
def test_auth_challenge(self):
"""
Tests a normal challenge string
Verifies:
* remote call is sent
* response equals challenge
"""
client = RSAClient(self.priv_key)
avatar = RSAAvatar(self.priv_key, None, self.pub_key, key_size=KEY_SIZE)
remote = RemoteProxy()
challenge = avatar.perspective_auth_challenge()
client.auth_challenge(challenge, remote, self.pub_key)
#verify that auth_response got called
args, kwargs, deferred = remote.assertCalled(self, 'auth_response')
self.assertEqual(kwargs['response'], avatar.challenge, 'Response did not match the expected response')
def test_auth_challenge_no_server_key(self):
"""
Tests auth_challenge when server key is None.
Verifies:
* remote call is sent
* auth is denied
"""
client = RSAClient(self.priv_key)
avatar = RSAAvatar(self.priv_key, None, self.pub_key, key_size=KEY_SIZE)
remote = RemoteProxy()
challenge = avatar.perspective_auth_challenge()
client.auth_challenge(challenge, remote, None)
#verify that auth_response got called
args, kwargs, deferred = remote.assertCalled(self, 'auth_response')
#verify the correct response was sent
self.assertFalse(kwargs['response'], 'Response did not match the expected response')
