def testX509WithSloppyInput(self):
"""Test LoadCertificateFromPEM with various forms of sloppy input."""
# This cert is identical to testX509WithSelfSignedCertificate data.
pem = """
-----BEGIN CERTIFICATE-----
MIICDTCCAXagAwIBAgICMDkwDQYJKoZIhvcNAQEFBQAwFDESMBAGA1UEAxMJVGVz
dENlcnQxMB4XDTExMDkwNjE5NTMyNVoXDTIxMDkwMzE5NTMyNVowFDESMBAGA1UE
AxMJVGVzdENlcnQxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCa7S9PpvYh
Utkw9Wu4pnV4B/kD0BaGU3irDZWhIwVEmmFkcF2GtPhSvy12Jthj1M45ME8wpyzW
svXcUMhYac12WsgFXEjqjeWhztlUZVeSUAZQW3MierrDhAR/LAeWyBGYUf6CGan6
O44OCELGJSTEg44/f1Ivj8aPYV7BuSlHawIDAQABo24wbDAdBgNVHQ4EFgQUMhwL
eP1SzD8YCkUFvX+3kC/2iYEwPQYDVR0jBDYwNIAUMhwLeP1SzD8YCkUFvX+3kC/2
iYGhGKQWMBQxEjAQBgNVBAMTCVRlc3RDZXJ0MYICMDkwDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQUFAAOBgQAsMvV0CygBEY2jkTnD/rJ4JbN+yAbpHt17FUi1k972
ww4F3igrInfF6pgk+x866HWQvrZvAXJPdMkG6V0GIaORmNaFVyAHu9bAbDTCYMri
hIYnz+CPRvK8o5NWjeGSDKZ/z5PV8j1jaKcy2S0N5pm3izDQayQdc4chRfInqkzN
Xw==
-----END CERTIFICATE-----"""
# Missing end newline
s = pem
x = x509.LoadCertificateFromPEM(s)
# Well formed input
s = '%s\n' % pem
x = x509.LoadCertificateFromPEM(s)
# Extra newlines and spaces
s = '\n \n%s \n\n' % pem
x = x509.LoadCertificateFromPEM(s)
def testIsSignedBy(self):
server_public_cert_pem = """
-----BEGIN CERTIFICATE-----
MIIDUzCCAjugAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJBVTET
MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
dHkgTHRkMB4XDTE2MDUxMTE1MTkwMFoXDTI2MDUwOTE1MTkwMFowGDEWMBQGA1UE
AwwNc2ltaWFuLXNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMJp0aUHStaAs61hkFUcygA3C5Ka0QEImyvcKzgogMnzhJexTO7MZRTMOsoON59g
Ioqg/TJF7ms+0T0oaf/pPIX2IWuGfushBkAnbBftBuspa//bW3reV1CmEIa/mF1h
Bi05b5FGdYumkuB6CF+1PP6mlbiLkVRehXRs3ASd4ci8lPUrJj8cG0H6g1Af2jVw
O2Zxjc1l/V2hKWsJTS93NM/ht9lgHkqyJ4b96p/vGf9kvnt6b1G1W+GzRll2Z1RT
HYnsSNqjRE1DqEowT92SjIhK/4LlLNjQLHnk6XccAKEEMhD7Hjs2q+s5cHi2JGSl
FjOMpVdVLp57IYqlj5zCqhsCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC
AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFGOa
t7c4f4fp2stvyrxSKjfLNLMcMB8GA1UdIwQYMBaAFBOzAkUMv86yjxXr3IUqyy8u
QEFPMA0GCSqGSIb3DQEBBQUAA4IBAQBi5nOzyaCe3gowCfO6kvDgE93PLPdp3BMY
3gAvmjufEea4GiU/6ZLiuCVShGFOIcx7xj87zQysGjfgkn0iJvfkp9/zRefKhrRQ
XXlNIsEV06mQEdbL/so9sN0OGEC/jqXXhpRAXLVwHJ7HlkJGDeNgDrFCR/NHN4SQ
2ZdErYZQb/2d2iSaM3Vhw5MAtTDuwmwCfQLPqh88XJaImKHrGXWYDPmBPEqXCcjc
CFX7jUjNcZ/Htzft3Jj7JdBBQdSNROsNASmLDp93XVCF7nve/+g2NyctAupyo9HH
niF+vXLOKT7WC3olS6wI6+d1I+rEAaMCbcPC/mx2b0C3n+OThrAg
-----END CERTIFICATE-----
"""
ca_public_cert_pem = """
-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJAI8pfqfWG6QIMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTYwNTExMTUxMjQzWhcNMjYwNTA5MTUxMjQzWjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAq6X3CKITuEGxmPnLbRTYjgvziYqkYOMhbhIMejmOQpg0hmpCpbnZRhI8
cYv/TB1Gzqx2Zjt632eMD8DqXTGFwkCq/CYuDyyfmB5FguAxjdMcPpzrouOeqNaB
WR0c20+SxaS0hYOMIkHGGolThdQHtS/52UqLanyRkCL0sp8XhoVI6g0JQ4jr9eYE
rjdnlRBK3nkQKulHhhbBpxBFBsnU3wNTNNc2a5tgiOrKl/4Xq4Lt5VMRMoE66P02
NnKOFOWAAzcOukWWkoAaGiRleHxEA9HkJnxUETLKj9GEzLrxee1IwWDaYkv0yOIM
KEJwFR7T0tQnwzUQ9USVFnpgl4LOrQIDAQABo1AwTjAdBgNVHQ4EFgQUE7MCRQy/
zrKPFevchSrLLy5AQU8wHwYDVR0jBBgwFoAUE7MCRQy/zrKPFevchSrLLy5AQU8w
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEASUYXxloSIB3fgHOD5rx2
RrzYMHW07/SOJPCNGIEDS7/QClxIpzPF34BpvyeCWh4sgunDtHHgRkQ/433qe9lc
ek5ixxSXVkYaIhb6dCJJNT5pKHBs7mwM/mi8H4bp2bpKIswvs2yBXug/2nkY7BK2
LFmEGaihdRhrOh6FSyWblQn5CUCNQSU5P+zo7BITrPHaJQhOR/cKf7dXCE4Q8glX
a07aShkzPd4p6RLauwdrWKvvJD4KgcdMN2h/XDVTdwPUIwro382p0NMyA46lUgn3
6ocQocuktfeNuYIDFqRPC7HKH1ihyoTS9XrfwyNennAIl5ODglMaYuBRI6OpxUAC
1Q==
-----END CERTIFICATE-----
"""
ca_cert = x509.LoadCertificateFromPEM(ca_public_cert_pem)
cert = x509.LoadCertificateFromPEM(server_public_cert_pem)
cert.CheckValidity()
self.assertTrue(cert.IsSignedBy(ca_cert))
def testX509SubjectKnownOids(self):
"""Use a self-signed cert and load it. Check OIDs.
The cert was generated as follows:
openssl genrsa 1024 > host.key
openssl req -new -x509 -subj \
/CN=_cn_/C=US/L=_l_/ST=NY/O=_o_/OU=_ou_/emailAddress=_emailaddress_/DC=_dc_ \
-nodes -sha1 \
-days 365 -key host.key -set_serial 12345 > host.cert
"""
s = """
-----BEGIN CERTIFICATE-----
MIIC2zCCAkSgAwIBAgICMDkwDQYJKoZIhvcNAQEFBQAwgYkxDTALBgNVBAMMBF9j
bl8xCzAJBgNVBAYTAlVTMQwwCgYDVQQHDANfbF8xCzAJBgNVBAgMAk5ZMQwwCgYD
VQQKDANfb18xDTALBgNVBAsMBF9vdV8xHTAbBgkqhkiG9w0BCQEWDl9lbWFpbGFk
ZHJlc3NfMRQwEgYKCZImiZPyLGQBGRYEX2RjXzAeFw0xNDA3MTExNDU2MDhaFw0y
NDA3MDgxNDU2MDhaMIGJMQ0wCwYDVQQDDARfY25fMQswCQYDVQQGEwJVUzEMMAoG
A1UEBwwDX2xfMQswCQYDVQQIDAJOWTEMMAoGA1UECgwDX29fMQ0wCwYDVQQLDARf
b3VfMR0wGwYJKoZIhvcNAQkBFg5fZW1haWxhZGRyZXNzXzEUMBIGCgmSJomT8ixk
ARkWBF9kY18wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPMwxsyuen866REz
P4AZbErBkzCS0+aWSrz/Qy7Lup4/zESgcd1bDIiP22yn5/HKBfYoe06DzGfi0fV+
7a+K0alrJI1ZrH6TcmJnS7HNZo5cABwvpm3c7ddprPgtRqggMXj1fuMgEtwewoVi
qs7RYt7p4VGLoWuj4zFhzgl+LKrnAgMBAAGjUDBOMB0GA1UdDgQWBBTsXLjH3R1W
K5L+k9AmuqiOczoRLzAfBgNVHSMEGDAWgBTsXLjH3R1WK5L+k9AmuqiOczoRLzAM
BgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBANz4q1NtjB3e/Inh3exaky8i
HBrHDY2/3eVnU2bv/gPPdFxA3rFUpxoC7a15wiiVa9uvGeplqeJ9ioDJSTXkWkS1
AHtYlWyrqlLr3qziOWTTCQhMZBxLSLx1TUYkfeeiJIoA8ZBp5i9KyKRIiSdzR7qZ
ujvfJAGJoIOC4OIor+fk
-----END CERTIFICATE-----
"""
x = x509.LoadCertificateFromPEM(s)
x.CheckAll()
self.assertEqual(('CN=_cn_,C=US,L=_l_,ST=NY,O=_o_,OU=_ou_,'
'emailAddress=_emailaddress_,DC=_dc_'),
x.GetSubject())
def _SetRequiredIssuer(self, pem_file):
"""Set settings.REQUIRED_ISSUER to the issuer in this PEM cert.
Args:
pem_file: str, pem formatted certificate
"""
try:
cert = x509.LoadCertificateFromPEM(pem_file)
if cert.GetMayActAsCA():
required_issuer = cert.GetIssuer()
settings_module.REQUIRED_ISSUER = required_issuer
except x509.Error:
pass
def _LoadCert(self, certstr):
"""Load a certificate and return a cert object.
Args:
certstr: str, cert in PEM format
Returns:
x509.X509Certificate instance
Raises:
ValueError: if the cert is malformed
"""
try:
cert = x509.LoadCertificateFromPEM(certstr)
except x509.Error, e:
raise ValueError(str(e))
def CheckValuePemX509Cert(self, k, v):
"""Check whether v meets PEM cert validation for setting k.
Args:
k: str, name.
v: any value.
Returns:
None if the value is appropriate and can be set.
Raises:
ValueError: if the value is not appropriately formed to be set for k.
"""
try:
unused = x509.LoadCertificateFromPEM(v)
except x509.Error, e:
raise ValueError(str(e))
def testX509WithSelfSignedCertificate(self):
"""Use a self-generated cert and load it.
The cert was generated as follows:
openssl genrsa 1024 > host.key
openssl req -new -x509 -subj /CN=TestCert1 -nodes -sha1 \
-days 365 -key host.key -set_serial 12345 > host.cert
"""
s = """
-----BEGIN CERTIFICATE-----
MIICDTCCAXagAwIBAgICMDkwDQYJKoZIhvcNAQEFBQAwFDESMBAGA1UEAxMJVGVz
dENlcnQxMB4XDTExMDkwNjE5NTMyNVoXDTIxMDkwMzE5NTMyNVowFDESMBAGA1UE
AxMJVGVzdENlcnQxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCa7S9PpvYh
Utkw9Wu4pnV4B/kD0BaGU3irDZWhIwVEmmFkcF2GtPhSvy12Jthj1M45ME8wpyzW
svXcUMhYac12WsgFXEjqjeWhztlUZVeSUAZQW3MierrDhAR/LAeWyBGYUf6CGan6
O44OCELGJSTEg44/f1Ivj8aPYV7BuSlHawIDAQABo24wbDAdBgNVHQ4EFgQUMhwL
eP1SzD8YCkUFvX+3kC/2iYEwPQYDVR0jBDYwNIAUMhwLeP1SzD8YCkUFvX+3kC/2
iYGhGKQWMBQxEjAQBgNVBAMTCVRlc3RDZXJ0MYICMDkwDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQUFAAOBgQAsMvV0CygBEY2jkTnD/rJ4JbN+yAbpHt17FUi1k972
ww4F3igrInfF6pgk+x866HWQvrZvAXJPdMkG6V0GIaORmNaFVyAHu9bAbDTCYMri
hIYnz+CPRvK8o5NWjeGSDKZ/z5PV8j1jaKcy2S0N5pm3izDQayQdc4chRfInqkzN
Xw==
-----END CERTIFICATE-----
"""
x = x509.LoadCertificateFromPEM(s)
x.CheckAll()
self.assertEqual(12345, x.GetSerialNumber())
self.assertEqual('CN=TestCert1', x.GetIssuer())
self.assertEqual('CN=TestCert1', x.GetSubject())
# note: the default when creating a x509 cert with openssl(1) is True
self.assertTrue(x.GetMayActAsCA())
self.assertEqual(x.GetKeyUsage(), None)
self.assertEqual(
_b64(x.GetFieldsData()),
('MIIBdqADAgECAgIwOTANBgkqhkiG9w0BAQUFADAUMRIwEAYDVQQDEwlUZXN0Q2Vyd'
'DEwHhcNMTEwOTA2MTk1MzI1WhcNMjEwOTAzMTk1MzI1WjAUMRIwEAYDVQQDEwlUZX'
'N0Q2VydDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJrtL0+m9iFS2TD1a7i'
'mdXgH+QPQFoZTeKsNlaEjBUSaYWRwXYa0+FK/LXYm2GPUzjkwTzCnLNay9dxQyFhp'
'zXZayAVcSOqN5aHO2VRlV5JQBlBbcyJ6usOEBH8sB5bIEZhR/oIZqfo7jg4IQsYlJ'
'MSDjj9/Ui+Pxo9hXsG5KUdrAgMBAAGjbjBsMB0GA1UdDgQWBBQyHAt4/VLMPxgKRQ'
'W9f7eQL/aJgTA9BgNVHSMENjA0gBQyHAt4/VLMPxgKRQW9f7eQL/aJgaEYpBYwFDE'
'SMBAGA1UEAxMJVGVzdENlcnQxggIwOTAMBgNVHRMEBTADAQH/')
)
self.assertEqual(
_b64(x.GetSignatureData()),
('LDL1dAsoARGNo5E5w/6yeCWzfsgG6R7dexVItZPe9sMOBd4oKyJ3xeqYJPsfOuh1k'
'L62bwFyT3TJBuldBiGjkZjWhVcgB7vWwGw0wmDK4oSGJ8/gj0byvKOTVo3hkgymf8'
'+T1fI9Y2inMtktDeaZt4sw0GskHXOHIUXyJ6pMzV8=')
)
def testLoadCertificateFromPEM(self):
"""Test LoadCertificateFromPEM()."""
header = 'BEGIN CERTIFICATE'
footer = 'END CERTIFICATE'
pem_input = 'pem_input'
pem_output = ['---header---', 'base64', '---footer---']
self.mox.StubOutWithMock(x509, 'LoadPemGeneric')
self.mox.StubOutWithMock(x509, 'LoadCertificateFromBase64')
x509.LoadPemGeneric(pem_input, header, footer).AndReturn(pem_output)
x509.LoadCertificateFromBase64('base64').AndReturn('ok')
self.mox.ReplayAll()
self.assertEqual(x509.LoadCertificateFromPEM(pem_input), 'ok')
self.mox.VerifyAll()
def _GetPems(self, pem_settings=None):
"""Returns a dictionary of PEM validation."""
if not pem_settings:
pem_settings = {}
pems = PEM.copy()
pem_keys = PEM.keys()
pem_keys.sort() # orders ca_* to be seen first
ca_cert = None
for name in pem_keys:
if name in pem_settings:
pem = pem_settings[name]
else:
pem = getattr(settings_module, name.upper(), None)
pems[name]['pem'] = pem
if pem:
# TODO(user): move to settings module validation.
try:
if 'key' in name:
settings_module.CheckValuePemRsaPrivateKey(name, pem)
elif 'cert' in name:
settings_module.CheckValuePemX509Cert(name, pem)
try:
cert = x509.LoadCertificateFromPEM(pem)
cert.CheckValidity()
if name == 'ca_public_cert_pem':
if not cert.GetMayActAsCA():
raise ValueError('CA flag not set')
ca_cert = cert
elif name == 'server_public_cert_pem':
if ca_cert is not None:
if not cert.IsSignedBy(ca_cert):
raise ValueError(
'Signature does not match CA cert')
# TODO(user): verify that server_{public,private} are a pair.
except x509.Error, e:
raise ValueError(str(e))
else:
raise ValueError('Unknown PEM name')
pems[name][VALIDATION] = VALID
except ValueError, e:
pems[name][VALIDATION] = str(e)
def testX509SubjectKnownOids(self):
"""Use a self-signed cert and load it. Check OIDs.
The cert was generated as follows:
openssl genrsa 1024 > host.key
openssl req -new -x509 -subj \
/CN=_cn_/C=US/L=_l_/ST=NY/O=_o_/OU=_ou_/emailAddress=_emailaddress_/DC=_dc_ \
-nodes -sha1 \
-days 365 -key host.key -set_serial 12345 > host.cert
"""
s = """
-----BEGIN CERTIFICATE-----
MIIDdjCCAt+gAwIBAgICMDkwDQYJKoZIhvcNAQEFBQAwgYkxDTALBgNVBAMUBF9j
bl8xCzAJBgNVBAYTAlVTMQwwCgYDVQQHFANfbF8xCzAJBgNVBAgTAk5ZMQwwCgYD
VQQKFANfb18xDTALBgNVBAsUBF9vdV8xHTAbBgkqhkiG9w0BCQEWDl9lbWFpbGFk
ZHJlc3NfMRQwEgYKCZImiZPyLGQBGRYEX2RjXzAeFw0xNDA3MTExNDI4NTRaFw0x
ODA3MTAxNDI4NTRaMIGJMQ0wCwYDVQQDFARfY25fMQswCQYDVQQGEwJVUzEMMAoG
A1UEBxQDX2xfMQswCQYDVQQIEwJOWTEMMAoGA1UEChQDX29fMQ0wCwYDVQQLFARf
b3VfMR0wGwYJKoZIhvcNAQkBFg5fZW1haWxhZGRyZXNzXzEUMBIGCgmSJomT8ixk
ARkWBF9kY18wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANnOGMnYCWBoUqIL
KI5hhKB+eNLONdcMjv60JmGwD3RzIMzZJuiM2YBCwTRSnIipAjxGvGMe/l4NabKb
3hh9+tZ7sDu8cvZdkdt39ztrVmSc/8EC0fSbR6Ee07T8tMNUPLJLJ6R4+cH1RjjH
/aDpQ6Y75BFrTncRHsKMJ0iwn1ChAgMBAAGjgeowgecwHQYDVR0OBBYEFD/PBRME
GMryoxgn4jXJ1c6+qmBIMIG3BgNVHSMEga8wgayAFD/PBRMEGMryoxgn4jXJ1c6+
qmBIoYGPpIGMMIGJMQ0wCwYDVQQDFARfY25fMQswCQYDVQQGEwJVUzEMMAoGA1UE
BxQDX2xfMQswCQYDVQQIEwJOWTEMMAoGA1UEChQDX29fMQ0wCwYDVQQLFARfb3Vf
MR0wGwYJKoZIhvcNAQkBFg5fZW1haWxhZGRyZXNzXzEUMBIGCgmSJomT8ixkARkW
BF9kY1+CAjA5MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAttrBNWc1
NydjFkUViWJqSWe28eIRtPj8hUIcZx3Z0nSMLQpSO7xDz949NNup6DdiA6yA4Orl
n9pAbLs8ib9g8t7IT3iVvuVXK4C9RJkFLHh/Bi7zgn589BXht/szba97C2ET25ja
UTmZpDzn/zPzT32kxxddHIFFuwN6/RYrYjA=
-----END CERTIFICATE-----
"""
x = x509.LoadCertificateFromPEM(s)
x.CheckAll()
self.assertEqual(
('CN=_cn_,C=US,L=_l_,ST=NY,O=_o_,OU=_ou_,'
'emailAddress=_emailaddress_,DC=_dc_'), x.GetSubject())
def _ValidatePuppetSslCert(self, cert_dir_path, cert_fname):
"""Validates and returns true if a given Puppet SSL cert is valid.
Args:
cert_dir_path: str path to cert dir.
cert_fname: str filename of the cert.
Returns:
Boolean, True if the cert is validated.
Raises:
PuppetSslCertError: there was an error reading the cert.
"""
required_issuer = self._ca_params.required_issuer
logging.debug(
'_ValidatePuppetSslCert: required_issuer %s', required_issuer)
try:
cert_path = os.path.join(cert_dir_path, cert_fname)
logging.debug('_ValidatePuppetSslCert: %s', cert_path)
f = open(cert_path, 'r')
s = f.read()
f.close()
x = x509.LoadCertificateFromPEM(s)
issuer = x.GetIssuer()
logging.debug('Looking at issuer %s', issuer)
# Check issuer match.
if issuer != required_issuer:
# no match at all.
msg = 'Skipping cert %s, unknown issuer' % cert_fname
logging.warning(msg)
logging.warning(
'Expected: "%s" Received: "%s"', required_issuer, issuer)
raise PuppetSslCertError(msg)
except IOError, e:
logging.debug('Skipped cert %s, IO Error %s', cert_fname, str(e))
raise PuppetSslCertError(str(e))
def testWalkthrough(self):
"""Test the first step of Auth1 authentication."""
auth1 = base.Auth1()
# Step1 Server
cn = GetRandomInt()
auth1.LoadSelfKey(test_settings.SERVER_PRIVATE_KEY_PEM)
auth1._ca_pem = test_settings.CA_PUBLIC_CERT_PEM
self.assertEqual(base.State.INPUT, auth1.State())
self.assertEqual(base.AuthState.UNKNOWN, auth1.AuthState())
auth1.Input(n=str(cn))
self.assertEqual(base.State.OUTPUT, auth1.State())
output = auth1.Output().split()
self.assertEquals(str(cn), output[0])
signature = array.array('B', base64.urlsafe_b64decode(output[2]))
data = array.array('B', output[0] + ' ' + output[1])
cert = x509.LoadCertificateFromPEM(
test_settings.SERVER_PUBLIC_CERT_PEM)
pk = cert.GetPublicKey()
self.assertTrue(pk.hashAndVerify(signature, data))
self.assertEqual(base.State.INPUT, auth1.State())
# despite the output of a signed data, we are NOT authenticated yet
self.assertEqual(base.AuthState.UNKNOWN, auth1.AuthState())
# Step1 Client
auth1client = base.Auth1Client()
auth1client._session.Set('cn', str(cn))
auth1client.LoadSelfKey(CLIENT_PRIVATE_KEY)
auth1client.LoadSelfCert(CLIENT_CERTIFICATE)
auth1client._server_cert_pem = test_settings.SERVER_PUBLIC_CERT_PEM
auth1client._ca_pem = test_settings.CA_PUBLIC_CERT_PEM
self.assertEqual(auth1client.DefaultState(), auth1client.State())
self.assertEqual(base.AuthState.UNKNOWN, auth1client.AuthState())
auth1client.Input(m=' '.join(output))
self.assertEqual(base.State.OUTPUT, auth1client.State())
output = auth1client.Output()
self.assertTrue(output['m'])
self.assertTrue(output['s'])
self.assertEqual(auth1client.DefaultState(), auth1client.State())
# Step2 Server
self.assertEqual(base.State.INPUT, auth1.State())
self.assertEqual(base.AuthState.UNKNOWN, auth1.AuthState())
auth1.Input(m=output['m'], s=output['s'])
self.assertEqual(base.State.OUTPUT, auth1.State())
token = auth1.Output()
self.assertTrue(token)
self.assertEqual(base.AuthState.OK, auth1.AuthState())
self.assertEqual(base.State.INPUT, auth1.State())
# Step3 Client
self.assertEqual(auth1client.DefaultState(), auth1client.State())
self.assertEqual(base.AuthState.UNKNOWN, auth1client.AuthState())
auth1client.Input(t=base.Auth1.TOKEN)
self.assertEqual(base.AuthState.OK, auth1client.AuthState())
self.assertEqual(auth1client.DefaultState(), auth1client.State())
