def testSignMultipleIneligible(self, mock_get_u2f_method): """Test signing with multiple keys registered, but none eligible.""" # Prepare u2f mocks mock_u2f = mock.MagicMock() mock_get_u2f_method.return_value = mock_u2f mock_authenticate = mock.MagicMock() mock_u2f.Authenticate = mock_authenticate mock_authenticate.side_effect = errors.U2FError( errors.U2FError.DEVICE_INELIGIBLE) # Call LocalAuthenticator challenge_item = { 'key': SIGN_SUCCESS['registered_key'], 'challenge': SIGN_SUCCESS['challenge'] } challenge_data = [challenge_item, challenge_item] authenticator = localauthenticator.LocalAuthenticator('testorigin') with self.assertRaises(errors.U2FError) as cm: authenticator.Authenticate(SIGN_SUCCESS['app_id'], challenge_data) self.assertEquals(cm.exception.code, errors.U2FError.DEVICE_INELIGIBLE)
def testSignMultipleSuccess(self, mock_get_u2f_method): """Test signing with multiple keys registered and one is eligible.""" # Prepare u2f mocks mock_u2f = mock.MagicMock() mock_get_u2f_method.return_value = mock_u2f mock_authenticate = mock.MagicMock() mock_u2f.Authenticate = mock_authenticate return_value = model.SignResponse( base64.urlsafe_b64decode(SIGN_SUCCESS['key_handle_encoded']), base64.urlsafe_b64decode(SIGN_SUCCESS['signature_data_encoded']), SIGN_SUCCESS['client_data']) mock_authenticate.side_effect = [ errors.U2FError(errors.U2FError.DEVICE_INELIGIBLE), return_value ] # Call LocalAuthenticator challenge_item = { 'key': SIGN_SUCCESS['registered_key'], 'challenge': SIGN_SUCCESS['challenge'] } challenge_data = [challenge_item, challenge_item] authenticator = localauthenticator.LocalAuthenticator('testorigin') response = authenticator.Authenticate(SIGN_SUCCESS['app_id'], challenge_data) # Validate that u2f authenticate was called with the correct values self.assertTrue(mock_authenticate.called) authenticate_args = mock_authenticate.call_args[0] self.assertEqual(len(authenticate_args), 3) self.assertEqual(authenticate_args[0], SIGN_SUCCESS['app_id']) self.assertEqual(authenticate_args[1], SIGN_SUCCESS['challenge']) registered_keys = authenticate_args[2] self.assertEqual(len(registered_keys), 1) self.assertEqual(registered_keys[0], SIGN_SUCCESS['registered_key']) # Validate authenticator response self.assertEquals(response.get('clientData'), SIGN_SUCCESS['client_data_encoded']) self.assertEquals(response.get('signatureData'), SIGN_SUCCESS['signature_data_encoded']) self.assertEquals(response.get('applicationId'), SIGN_SUCCESS['app_id']) self.assertEquals(response.get('keyHandle'), SIGN_SUCCESS['key_handle_encoded'])
def testSignSuccess(self, mock_get_u2f_method): """Test successful signing with a valid key.""" # Prepare u2f mocks mock_u2f = mock.MagicMock() mock_get_u2f_method.return_value = mock_u2f mock_authenticate = mock.MagicMock() mock_u2f.Authenticate = mock_authenticate mock_authenticate.return_value = model.SignResponse( base64.urlsafe_b64decode(SIGN_SUCCESS['key_handle_encoded']), base64.urlsafe_b64decode(SIGN_SUCCESS['signature_data_encoded']), SIGN_SUCCESS['client_data']) # Call LocalAuthenticator challenge_data = [{ 'key': SIGN_SUCCESS['registered_key'], 'challenge': SIGN_SUCCESS['challenge'] }] authenticator = localauthenticator.LocalAuthenticator('testorigin') self.assertTrue(authenticator.IsAvailable()) response = authenticator.Authenticate(SIGN_SUCCESS['app_id'], challenge_data) # Validate that u2f authenticate was called with the correct values self.assertTrue(mock_authenticate.called) authenticate_args = mock_authenticate.call_args[0] self.assertEqual(len(authenticate_args), 3) self.assertEqual(authenticate_args[0], SIGN_SUCCESS['app_id']) self.assertEqual(authenticate_args[1], SIGN_SUCCESS['challenge']) registered_keys = authenticate_args[2] self.assertEqual(len(registered_keys), 1) self.assertEqual(registered_keys[0], SIGN_SUCCESS['registered_key']) # Validate authenticator response self.assertEquals(response.get('clientData'), SIGN_SUCCESS['client_data_encoded']) self.assertEquals(response.get('signatureData'), SIGN_SUCCESS['signature_data_encoded']) self.assertEquals(response.get('applicationId'), SIGN_SUCCESS['app_id']) self.assertEquals(response.get('keyHandle'), SIGN_SUCCESS['key_handle_encoded'])
def CreateCompositeAuthenticator(origin): authenticators = [customauthenticator.CustomAuthenticator(origin), localauthenticator.LocalAuthenticator(origin)] return CompositeAuthenticator(authenticators)