def testClientStep0(self):
"""Test Step0 of the client auth."""
auth1client = base.Auth1Client()
self.assertEqual(auth1client.DefaultState(), auth1client.State())
self.assertEqual(base.AuthState.UNKNOWN, auth1client.AuthState())
auth1client.Input()
self.assertEqual(base.State.OUTPUT, auth1client.State())
output = auth1client.Output()
self.assertTrue(output)
self.assertEqual(auth1client.DefaultState(), auth1client.State())
def GetTestClass(self):
return base.Auth1Client()
def testWalkthrough(self):
"""Test the first step of Auth1 authentication."""
auth1 = base.Auth1()
# Step1 Server
cn = GetRandomInt()
auth1.LoadSelfKey(test_settings.SERVER_PRIVATE_KEY_PEM)
auth1._ca_pem = test_settings.CA_PUBLIC_CERT_PEM
self.assertEqual(base.State.INPUT, auth1.State())
self.assertEqual(base.AuthState.UNKNOWN, auth1.AuthState())
auth1.Input(n=str(cn))
self.assertEqual(base.State.OUTPUT, auth1.State())
output = auth1.Output().split()
self.assertEquals(str(cn), output[0])
signature = array.array('B', base64.urlsafe_b64decode(output[2]))
data = array.array('B', output[0] + ' ' + output[1])
cert = x509.LoadCertificateFromPEM(
test_settings.SERVER_PUBLIC_CERT_PEM)
pk = cert.GetPublicKey()
self.assertTrue(pk.hashAndVerify(signature, data))
self.assertEqual(base.State.INPUT, auth1.State())
# despite the output of a signed data, we are NOT authenticated yet
self.assertEqual(base.AuthState.UNKNOWN, auth1.AuthState())
# Step1 Client
auth1client = base.Auth1Client()
auth1client._session.Set('cn', str(cn))
auth1client.LoadSelfKey(CLIENT_PRIVATE_KEY)
auth1client.LoadSelfCert(CLIENT_CERTIFICATE)
auth1client._server_cert_pem = test_settings.SERVER_PUBLIC_CERT_PEM
auth1client._ca_pem = test_settings.CA_PUBLIC_CERT_PEM
self.assertEqual(auth1client.DefaultState(), auth1client.State())
self.assertEqual(base.AuthState.UNKNOWN, auth1client.AuthState())
auth1client.Input(m=' '.join(output))
self.assertEqual(base.State.OUTPUT, auth1client.State())
output = auth1client.Output()
self.assertTrue(output['m'])
self.assertTrue(output['s'])
self.assertEqual(auth1client.DefaultState(), auth1client.State())
# Step2 Server
self.assertEqual(base.State.INPUT, auth1.State())
self.assertEqual(base.AuthState.UNKNOWN, auth1.AuthState())
auth1.Input(m=output['m'], s=output['s'])
self.assertEqual(base.State.OUTPUT, auth1.State())
token = auth1.Output()
self.assertTrue(token)
self.assertEqual(base.AuthState.OK, auth1.AuthState())
self.assertEqual(base.State.INPUT, auth1.State())
# Step3 Client
self.assertEqual(auth1client.DefaultState(), auth1client.State())
self.assertEqual(base.AuthState.UNKNOWN, auth1client.AuthState())
auth1client.Input(t=base.Auth1.TOKEN)
self.assertEqual(base.AuthState.OK, auth1client.AuthState())
self.assertEqual(auth1client.DefaultState(), auth1client.State())