def check(self, token) -> bool: log("check(%s)", repr(token)) assert self.challenge_sent try: from gssapi import creds as gsscreds from gssapi import sec_contexts as gssctx except ImportError as e: log("check(..)", exc_info=True) log.warn("Warning: cannot use gss authentication:") log.warn(" %s", e) return False server_creds = gsscreds.Credentials(usage='accept') server_ctx = gssctx.SecurityContext(creds=server_creds) server_ctx.step(token) return server_ctx.complete
def test_defer_step_error_on_method(self): gssctx.SecurityContext.__DEFER_STEP_ERRORS__ = True bdgs = gb.ChannelBindings(application_data=b'abcxyz') client_ctx = self._create_client_ctx(lifetime=400, channel_bindings=bdgs) client_token = client_ctx.step() self.assertIsInstance(client_token, bytes) bdgs.application_data = b'defuvw' server_ctx = gssctx.SecurityContext(creds=self.server_creds, channel_bindings=bdgs) self.assertIsInstance(server_ctx.step(client_token), bytes) self.assertRaises(gb.BadChannelBindingsError, server_ctx.encrypt, b"test")
def test_bad_channel_bindings_raises_error(self): bdgs = gb.ChannelBindings(application_data=b'abcxyz', initiator_address_type=gb.AddressType.ip, initiator_address=b'127.0.0.1', acceptor_address_type=gb.AddressType.ip, acceptor_address=b'127.0.0.1') client_ctx = self._create_client_ctx(lifetime=400, channel_bindings=bdgs) client_token = client_ctx.step() client_token.should_be_a(bytes) bdgs.acceptor_address = b'127.0.1.0' server_ctx = gssctx.SecurityContext(creds=self.server_creds, channel_bindings=bdgs) server_ctx.step.should_raise(gb.BadChannelBindingsError, client_token)
def test_defer_step_error_on_complete_property_access(self): gssctx.SecurityContext.__DEFER_STEP_ERRORS__ = True bdgs = gb.ChannelBindings(application_data=b'abcxyz') client_ctx = self._create_client_ctx(lifetime=400, channel_bindings=bdgs) client_token = client_ctx.step() client_token.should_be_a(bytes) bdgs.application_data = b'defuvw' server_ctx = gssctx.SecurityContext(creds=self.server_creds, channel_bindings=bdgs) server_ctx.step(client_token).should_be_a(bytes) def check_complete(): return server_ctx.complete check_complete.should_raise(gb.BadChannelBindingsError)
def test_channel_bindings(self): bdgs = gb.ChannelBindings(application_data=b'abcxyz', initiator_address_type=gb.AddressType.ip, initiator_address=b'127.0.0.1', acceptor_address_type=gb.AddressType.ip, acceptor_address=b'127.0.0.1') client_ctx = self._create_client_ctx(lifetime=400, channel_bindings=bdgs) client_token = client_ctx.step() self.assertIsInstance(client_token, bytes) server_ctx = gssctx.SecurityContext(creds=self.server_creds, channel_bindings=bdgs) server_token = server_ctx.step(client_token) self.assertIsInstance(server_token, bytes) client_ctx.step(server_token)
def create_sec_context(): gssctx.SecurityContext(usage='accept', name=self.target_name)
def test_create_new_accept(self): server_ctx = gssctx.SecurityContext(creds=self.server_creds) server_ctx.usage.should_be('accept')
def test_create_from_other(self): raw_client_ctx, raw_server_ctx = self._create_completed_contexts() high_level_ctx = gssctx.SecurityContext(raw_client_ctx) high_level_ctx.target_name.should_be(self.target_name)
def _create_client_ctx(self, **kwargs): return gssctx.SecurityContext(name=self.target_name, **kwargs)
def test_create_new_accept(self): server_ctx = gssctx.SecurityContext(creds=self.server_creds) self.assertEqual(server_ctx.usage, "accept")