def test_promote_failure_to_authentication_failure(self): smmock = aiosasl.SASLStateMachine(SASLInterfaceMock( self, [ ("auth;SCRAM-SHA-1-PLUS", b"p=tls-unique,,"+self.client_first_message_bare, "challenge", self.server_first_message), ("response", self.client_final_message_without_proof + b",p="+base64.b64encode(self.client_proof), "failure", ("credentials-expired", None)) ])) with self.assertRaises(aiosasl.AuthenticationFailure) as ctx: self._run( smmock, aiosasl.SCRAMPLUS( self._provide_credentials, TLSUnique(self._tls_connection) ) ) self.assertEqual( "credentials-expired", ctx.exception.opaque_error )
def test_malformed_reply(self): smmock = aiosasl.SASLStateMachine(SASLInterfaceMock( self, [ ("auth;SCRAM-SHA-1-PLUS", b"p=tls-unique,,"+self.client_first_message_bare, "challenge", b"s=hut,t=hefu,c=kup,d=onny"), ("abort", None, "failure", ("aborted", None)) ])) with self.assertRaises(aiosasl.SASLFailure) as ctx: self._run( smmock, aiosasl.SCRAMPLUS( self._provide_credentials, TLSUnique(self._tls_connection) ) ) self.assertIn( "malformed", str(ctx.exception).lower() )
def test_reject_protocol_violation(self): smmock = aiosasl.SASLStateMachine(SASLInterfaceMock( self, [ ("auth;SCRAM-SHA-1-PLUS", b"p=tls-unique,,"+self.client_first_message_bare, "challenge", self.server_first_message), ("response", self.client_final_message_without_proof + b",p="+base64.b64encode(self.client_proof), "challenge", b"foo"), ("response", b"", "success", b"bar") ])) with self.assertRaisesRegexp(aiosasl.SASLFailure, "protocol violation") as ctx: self._run( smmock, aiosasl.SCRAMPLUS( self._provide_credentials, TLSUnique(self._tls_connection) ) ) self.assertEqual( None, ctx.exception.opaque_error )
def test_invalid_signature(self): smmock = aiosasl.SASLStateMachine(SASLInterfaceMock( self, [ ("auth;SCRAM-SHA-1-PLUS", b"p=tls-unique,,"+self.client_first_message_bare, "challenge", self.server_first_message), ("response", self.client_final_message_without_proof + b",p="+base64.b64encode(self.client_proof), "success", b"v="+base64.b64encode(b"fnord")) ])) with self.assertRaises(aiosasl.SASLFailure) as ctx: self._run( smmock, aiosasl.SCRAMPLUS( self._provide_credentials, TLSUnique(self._tls_connection) ) ) self.assertIsNone(ctx.exception.opaque_error) self.assertIn( "signature", str(ctx.exception).lower() )
def test_other_malformed_reply(self): smmock = aiosasl.SASLStateMachine(SASLInterfaceMock( self, [ ("auth;SCRAM-SHA-1-PLUS", b"p=tls-unique,,"+self.client_first_message_bare, "challenge", b"i=sometext,s=ABC,r=Zm9vAAAAAAAAAAAAAAAA3rfcNHYJY1ZVvWVs7j"), ("abort", None, "failure", ("aborted", None)) ])) with self.assertRaises(aiosasl.SASLFailure) as ctx: self._run( smmock, aiosasl.SCRAMPLUS( self._provide_credentials, TLSUnique(self._tls_connection) ) ) self.assertIn( "malformed", str(ctx.exception).lower() )
def test_extract_cb_data(self): mock_conn = unittest.mock.Mock() provider = TLSUnique(mock_conn) with unittest.mock.patch.object( mock_conn, "get_finished") as get_finished: get_finished.return_value = b"foobar" cb_data = provider.extract_cb_data() self.assertSequenceEqual( get_finished.mock_calls, [ unittest.mock.call() ] ) self.assertEqual(cb_data, b"foobar")
def test_rfc(self): smmock = aiosasl.SASLStateMachine(SASLInterfaceMock( self, [ ("auth;SCRAM-SHA-1-PLUS", b"p=tls-unique,,"+self.client_first_message_bare, "challenge", self.server_first_message), ("response", self.client_final_message_without_proof + b",p="+base64.b64encode(self.client_proof), "success", b"v="+base64.b64encode(self.server_signature)) ])) self.assertTrue(self._run( smmock, aiosasl.SCRAMPLUS( self._provide_credentials, TLSUnique(self._tls_connection) ) ))
def test_incorrect_nonce(self): smmock = aiosasl.SASLStateMachine(SASLInterfaceMock( self, [ ("auth;SCRAM-SHA-1-PLUS", b"p=tls-unique,,"+self.client_first_message_bare, "challenge", b"r=foobar,s="+base64.b64encode(self.salt)+b",i=4096"), ("abort", None, "failure", ("aborted", None)) ])) with self.assertRaisesRegexp(aiosasl.SASLFailure, "nonce") as ctx: self._run( smmock, aiosasl.SCRAMPLUS( self._provide_credentials, TLSUnique(self._tls_connection) ) ) self.assertIsNone(ctx.exception.opaque_error)
def test_cb_name(self): mock_conn = unittest.mock.Mock() provider = TLSUnique(mock_conn) self.assertEqual(provider.cb_name, b"tls-unique")