def test_verify_auth_token_servers(self): # Setup Key Pair pub1, priv1 = crypto.gen_key_pair() pub2, priv2 = crypto.gen_key_pair() # Setup Servers servers = ["https://test.server"] manager = utility.SigkeyManager() # Test Verify - Pass manager.cache[servers[0]] = pub1 accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) + 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype = "test_obj" objuid = uuid.uuid4() token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid) out = utility.verify_auth_token_servers(token, servers, objperm, objtype, objuid, manager=manager) self.assertEqual(out, servers[0]) # Test Verify - Fail (no servers) manager.cache[servers[0]] = pub1 accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) - 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype = "test_obj" objuid = uuid.uuid4() token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid) out = utility.verify_auth_token_servers(token, [], objperm, objtype, objuid, manager=manager) self.assertIsNone(out) # Test Verify - Fail (bad sig) manager.cache[servers[0]] = pub1 accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) - 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype = "test_obj" objuid = uuid.uuid4() token = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid) out = utility.verify_auth_token_servers(token, servers, objperm, objtype, objuid, manager=manager) self.assertIsNone(out)
def encode_decode(priv, pub, accountuid, clientuid, expiration, objperm, objtype, objuid): token = utility.encode_auth_token(priv, accountuid, clientuid, expiration, objperm, objtype, objuid) self.assertIsInstance(token, str) self.assertGreater(len(token), 0) val = utility.decode_auth_token(pub, token) self.assertIsInstance(val, dict) self.assertGreater(len(val), 0) self.assertEqual(val[utility.AUTHZ_KEY_ACCOUNTUID], accountuid) self.assertEqual(val[utility.AUTHZ_KEY_CLIENTUID], clientuid) self.assertEqual(val[utility.AUTHZ_KEY_EXPIRATION], expiration) self.assertEqual(val[utility.AUTHZ_KEY_OBJPERM], objperm) self.assertEqual(val[utility.AUTHZ_KEY_OBJTYPE], objtype) self.assertEqual(val[utility.AUTHZ_KEY_OBJUID], objuid if objuid else None)
def test_verify_auth_token_sigkey(self): # Setup Key Pair pub1, priv1 = crypto.gen_key_pair() pub2, priv2 = crypto.gen_key_pair() # Test Verify - Pass accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) + 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype = "test_obj" objuid = uuid.uuid4() token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid) out = utility.verify_auth_token_sigkey(token, pub1, objperm, objtype, objuid) self.assertTrue(out) # Test Verify - Fail (bad sig) accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) - 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype = "test_obj" objuid = uuid.uuid4() token = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid) out = utility.verify_auth_token_sigkey(token, pub1, objperm, objtype, objuid) self.assertFalse(out) # Test Verify - Fail (expiration) accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) - 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype = "test_obj" objuid = uuid.uuid4() token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid) out = utility.verify_auth_token_sigkey(token, pub1, objperm, objtype, objuid) self.assertFalse(out) # Test Verify - Fail (objperm) accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) + 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm1 = "test_perm1" objperm2 = "test_perm2" objtype = "test_obj" objuid = uuid.uuid4() token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm1, objtype, objuid) out = utility.verify_auth_token_sigkey(token, pub1, objperm2, objtype, objuid) self.assertFalse(out) # Test Verify - Fail (objtype) accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) + 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype1 = "test_obj1" objtype2 = "test_obj2" objuid = uuid.uuid4() token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype1, objuid) out = utility.verify_auth_token_sigkey(token, pub1, objperm, objtype2, objuid) self.assertFalse(out) # Test Verify - Fail (objuid) accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) + 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype = "test_obj" objuid1 = uuid.uuid4() objuid2 = uuid.uuid4() token = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid1) out = utility.verify_auth_token_sigkey(token, pub1, objperm, objtype, objuid2) self.assertFalse(out)
def test_verify_auth_token_list(self): # Setup Key Pair pub1, priv1 = crypto.gen_key_pair() pub2, priv2 = crypto.gen_key_pair() pub3, priv3 = crypto.gen_key_pair() # Setup Servers servers = ["https://test.server.one", "https://test.server.two"] manager = utility.SigkeyManager() # Test Verify - Pass (Single) manager.cache[servers[0]] = pub1 manager.cache[servers[1]] = pub2 accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) + 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype = "test_obj" objuid = uuid.uuid4() token1 = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid) token2 = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid) tokens = [token1, token2] cnt = utility.verify_auth_token_list(tokens, servers, 1, objperm, objtype, objuid, manager=manager) self.assertEqual(cnt, 1) # Test Verify - Pass (Multiple) manager.cache[servers[0]] = pub1 manager.cache[servers[1]] = pub2 accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) + 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype = "test_obj" objuid = uuid.uuid4() token1 = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid) token2 = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid) tokens = [token1, token2] cnt = utility.verify_auth_token_list(tokens, servers, 2, objperm, objtype, objuid, manager=manager) self.assertEqual(cnt, 2) # Test Verify - Pass (Bad tokens) manager.cache[servers[0]] = pub1 manager.cache[servers[1]] = pub2 accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) + 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype = "test_obj" objuid = uuid.uuid4() token1 = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid) token2 = utility.encode_auth_token(priv3, accountuid, clientuid, expiration, objperm, objtype, objuid) tokens = [token1, token2] cnt = utility.verify_auth_token_list(tokens, servers, 1, objperm, objtype, objuid, manager=manager) self.assertEqual(cnt, 1) # Test Verify - Fail (Not enough tokens) manager.cache[servers[0]] = pub1 manager.cache[servers[1]] = pub2 accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) + 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype = "test_obj" objuid = uuid.uuid4() token1 = utility.encode_auth_token(priv1, accountuid, clientuid, expiration, objperm, objtype, objuid) token2 = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid) tokens = [token1, token2] self.assertRaises( utility.TokenVerificationFailed, utility.verify_auth_token_list, tokens, servers, 3, objperm, objtype, objuid, manager=manager, ) # Test Verify - Fail (Bad tokens) manager.cache[servers[0]] = pub1 manager.cache[servers[1]] = pub2 accountuid = uuid.uuid4() clientuid = uuid.uuid4() expiration = int(datetime.datetime.now().timestamp()) + 60 expiration = datetime.datetime.fromtimestamp(expiration) objperm = "test_perm" objtype = "test_obj" objuid = uuid.uuid4() token1 = utility.encode_auth_token(priv2, accountuid, clientuid, expiration, objperm, objtype, objuid) token2 = utility.encode_auth_token(priv3, accountuid, clientuid, expiration, objperm, objtype, objuid) tokens = [token1, token2] self.assertRaises( utility.TokenVerificationFailed, utility.verify_auth_token_list, tokens, servers, 2, objperm, objtype, objuid, manager=manager, )