def test_ossec_auth_configurations(get_configuration, configure_environment,
configure_sockets_environment):
"""Check that every input message in authd port generates the adequate output
Parameters
----------
test_case : list
List of test_cases, dict with following keys:
- expect: What we are expecting to happen
1. open_error: Should fail when trying to do ssl handshake
2. output: Expects an output message from the manager
- ciphers: Value for ssl ciphers
- protocol: Value for ssl protocol
- input: message that will be tried to send to the manager
- output: expected response (if any)
"""
current_test = get_current_test()
test_case = ssl_configuration_tests[current_test]['test_case']
override_wazuh_conf(get_configuration)
for config in test_case:
address, family, connection_protocol = receiver_sockets_params[0]
SSL_socket = SocketController(address,
family=family,
connection_protocol=connection_protocol,
open_at_start=False)
ciphers = config['ciphers']
protocol = config['protocol']
SSL_socket.set_ssl_configuration(ciphers=ciphers,
connection_protocol=protocol)
expect = config['expect']
try:
SSL_socket.open()
except ssl.SSLError as exception:
if expect == 'open_error':
# We expected the error here, check message
assert config['error'] in str(
exception), 'Expected message does not match!'
continue
else:
# We did not expect this error, fail test
raise
SSL_socket.send(config['input'], size=False)
if expect == 'output':
# Output is expected
expected = config['output']
if expected:
response = SSL_socket.receive().decode()
assert response, 'Failed connection stage {}: {}'.format(
test_case.index(config) + 1, config['stage'])
assert response[:len(expected)] == expected, \
'Failed test case stage {}: {}'.format(test_case.index(config) + 1, config['stage'])
return
def test_authd_ssl_certs(get_configuration, generate_ca_certificate):
"""
"""
verify_host = (get_configuration['metadata']['verify_host'] == 'yes')
option = get_configuration['metadata']['sim_option']
override_wazuh_conf(get_configuration)
address, family, connection_protocol = receiver_sockets_params[0]
SSL_socket = SocketController(address,
family=family,
connection_protocol=connection_protocol,
open_at_start=False)
if option != 'NO CERT':
SSL_socket.set_ssl_configuration(certificate=SSL_AGENT_CERT,
keyfile=SSL_AGENT_PRIVATE_KEY)
try:
SSL_socket.open()
if option in ['NO CERT', 'INCORRECT CERT']:
raise AssertionError(
f'Agent was enable to connect without using any certificate or an incorrect one!'
)
except ssl.SSLError as exception:
if option in ['NO CERT', 'INCORRECT CERT']:
# Expected to happen
return
else:
raise AssertionError(
f'Option {option} expected successful socket connection but it failed'
)
SSL_socket.send(INPUT_MESSAGE, size=False)
try:
response = ''
timeout = time.time() + 10
while response == '':
response = SSL_socket.receive().decode()
if time.time() > timeout:
raise ConnectionResetError(
'Manager did not respond to sent message!')
if option in ['INCORRECT HOST'] and verify_host:
raise AssertionError(
f'An incorrect host was able to register using the verify_host option'
)
except ConnectionResetError as exception:
if option in ['INCORRECT HOST'] and verify_host:
# Expected
return
else:
raise
assert response[:len(OUPUT_MESSAGE)] == OUPUT_MESSAGE, (
f'Option {option} response from manager did not match expected')
return