summaryrefslogtreecommitdiff
path: root/src/leap/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/crypto')
-rw-r--r--src/leap/crypto/tests/test_srpregister.py139
-rw-r--r--src/leap/crypto/tests/wrongcert.pem33
2 files changed, 100 insertions, 72 deletions
diff --git a/src/leap/crypto/tests/test_srpregister.py b/src/leap/crypto/tests/test_srpregister.py
index 5ba7306f..f70382ce 100644
--- a/src/leap/crypto/tests/test_srpregister.py
+++ b/src/leap/crypto/tests/test_srpregister.py
@@ -27,8 +27,9 @@ import os
import sys
from mock import MagicMock
-from nose.twistedtools import reactor, threaded_reactor, stop_reactor
+from nose.twistedtools import reactor, deferred
from twisted.python import log
+from twisted.internet import threads
from leap.common.testing.https_server import where
from leap.config.providerconfig import ProviderConfig
@@ -89,19 +90,6 @@ class SRPTestCase(unittest.TestCase):
cls.register = srpregister.SRPRegister(provider_config=provider)
cls.auth = srpauth.SRPAuth(provider)
- cls._auth_instance = cls.auth.__dict__['_SRPAuth__instance']
- cls.authenticate = cls._auth_instance.authenticate
- cls.logout = cls._auth_instance.logout
-
- # run!
- threaded_reactor()
-
- @classmethod
- def tearDownClass(cls):
- """
- Stops reactor when tearing down the class
- """
- stop_reactor()
# helper methods
@@ -114,6 +102,41 @@ class SRPTestCase(unittest.TestCase):
# Register tests
+ def test_none_port(self):
+ provider = ProviderConfig()
+ provider.get_api_uri = MagicMock()
+ provider.get_api_uri.return_value = "http://localhost/"
+ loaded = provider.load(path=os.path.join(
+ _here, "test_provider.json"))
+ if not loaded:
+ raise ImproperlyConfiguredError(
+ "Could not load test provider config")
+
+ register = srpregister.SRPRegister(provider_config=provider)
+ self.assertEquals(register._port, "443")
+
+ @deferred()
+ def test_wrong_cert(self):
+ provider = ProviderConfig()
+ loaded = provider.load(path=os.path.join(
+ _here, "test_provider.json"))
+ provider.get_ca_cert_path = MagicMock()
+ provider.get_ca_cert_path.return_value = os.path.join(
+ _here,
+ "wrongcacert.pem")
+ provider.get_api_uri = MagicMock()
+ provider.get_api_uri.return_value = self._get_https_uri()
+ if not loaded:
+ raise ImproperlyConfiguredError(
+ "Could not load test provider config")
+
+ register = srpregister.SRPRegister(provider_config=provider)
+ d = threads.deferToThread(register.register_user, "foouser_firsttime",
+ "barpass")
+ d.addCallback(self.assertFalse)
+ return d
+
+ @deferred()
def test_register_user(self):
"""
Checks if the registration of an unused name works as expected when
@@ -121,17 +144,31 @@ class SRPTestCase(unittest.TestCase):
when we request a user that is taken.
"""
# pristine registration
- ok = self.register.register_user("foouser_firsttime", "barpass")
- self.assertTrue(ok)
-
+ d = threads.deferToThread(self.register.register_user,
+ "foouser_firsttime",
+ "barpass")
+ d.addCallback(self.assertTrue)
+ return d
+
+ @deferred()
+ def test_second_register_user(self):
# second registration attempt with the same user should return errors
- ok = self.register.register_user("foouser_second", "barpass")
- self.assertTrue(ok)
+ d = threads.deferToThread(self.register.register_user,
+ "foouser_second",
+ "barpass")
+ d.addCallback(self.assertTrue)
# FIXME currently we are catching this in an upper layer,
# we could bring the error validation to the SRPRegister class
- ok = self.register.register_user("foouser_second", "barpass")
-
+ def register_wrapper(_):
+ return threads.deferToThread(self.register.register_user,
+ "foouser_second",
+ "barpass")
+ d.addCallback(register_wrapper)
+ d.addCallback(self.assertFalse)
+ return d
+
+ @deferred()
def test_correct_http_uri(self):
"""
Checks that registration autocorrect http uris to https ones.
@@ -151,57 +188,15 @@ class SRPTestCase(unittest.TestCase):
raise ImproperlyConfiguredError(
"Could not load test provider config")
- self.register = srpregister.SRPRegister(provider_config=provider)
+ register = srpregister.SRPRegister(provider_config=provider)
# ... and we check that we're correctly taking the HTTPS protocol
# instead
- self.assertEquals(self.register._get_registration_uri(),
- HTTPS_URI)
- ok = self.register.register_user("test_failhttp", "barpass")
- self.assertTrue(ok)
-
- # XXX need to assert that _get_registration_uri was called too
-
- # Auth tests
-
- def test_auth(self):
- """
- Checks whether a pair of valid credentials is able to be authenticated.
- """
- TEST_USER = "register_test_auth"
- TEST_PASS = "pass"
-
- # pristine registration, should go well
- ok = self.register.register_user(TEST_USER, TEST_PASS)
- self.assertTrue(ok)
-
- self.authenticate(TEST_USER, TEST_PASS)
- with self.assertRaises(AssertionError):
- # AssertionError: already logged in
- # We probably could take this as its own exception
- self.authenticate(TEST_USER, TEST_PASS)
-
- self.logout()
-
- # cannot log out two times in a row (there's no session)
- with self.assertRaises(AssertionError):
- self.logout()
-
- def test_auth_with_bad_credentials(self):
- """
- Checks that auth does not succeed with bad credentials.
- """
- TEST_USER = "register_test_auth"
- TEST_PASS = "pass"
-
- # non-existent credentials, should fail
- with self.assertRaises(srpauth.SRPAuthenticationError):
- self.authenticate("baduser_1", "passwrong")
-
- # good user, bad password, should fail
- with self.assertRaises(srpauth.SRPAuthenticationError):
- self.authenticate(TEST_USER, "passwrong")
-
- # bad user, good password, should fail too :)
- with self.assertRaises(srpauth.SRPAuthenticationError):
- self.authenticate("myunclejoe", TEST_PASS)
+ reg_uri = register._get_registration_uri()
+ self.assertEquals(reg_uri, HTTPS_URI)
+ register._get_registration_uri = MagicMock(return_value=HTTPS_URI)
+ d = threads.deferToThread(register.register_user, "test_failhttp",
+ "barpass")
+ d.addCallback(self.assertTrue)
+
+ return d
diff --git a/src/leap/crypto/tests/wrongcert.pem b/src/leap/crypto/tests/wrongcert.pem
new file mode 100644
index 00000000..e6cff38a
--- /dev/null
+++ b/src/leap/crypto/tests/wrongcert.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFtTCCA52gAwIBAgIJAIWZus5EIXNtMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTMwNjI1MTc0NjExWhcNMTgwNjI1MTc0NjExWjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+CgKCAgEA2ObM7ESjyuxFZYD/Y68qOPQgjgggW+cdXfBpU2p4n7clsrUeMhWdW40Y
+77Phzor9VOeqs3ZpHuyLzsYVp/kFDm8tKyo2ah5fJwzL0VCSLYaZkUQQ7GNUmTCk
+furaxl8cQx/fg395V7/EngsS9B3/y5iHbctbA4MnH3jaotO5EGeo6hw7/eyCotQ9
+KbBV9GJMcY94FsXBCmUB+XypKklWTLhSaS6Cu4Fo8YLW6WmcnsyEOGS2F7WVf5at
+7CBWFQZHaSgIBLmc818/mDYCnYmCVMFn/6Ndx7V2NTlz+HctWrQn0dmIOnCUeCwS
+wXq9PnBR1rSx/WxwyF/WpyjOFkcIo7vm72kS70pfrYsXcZD4BQqkXYj3FyKnPt3O
+ibLKtCxL8/83wOtErPcYpG6LgFkgAAlHQ9MkUi5dbmjCJtpqQmlZeK1RALdDPiB3
+K1KZimrGsmcE624dJxUIOJJpuwJDy21F8kh5ZAsAtE1prWETrQYNElNFjQxM83rS
+ZR1Ql2MPSB4usEZT57+KvpEzlOnAT3elgCg21XrjSFGi14hCEao4g2OEZH5GAwm5
+frf6UlSRZ/g3tLTfI8Hv1prw15W2qO+7q7SBAplTODCRk+Yb0YoA2mMM/QXBUcXs
+vKEDLSSxzNIBi3T62l39RB/ml+gPKo87ZMDivex1ZhrcJc3Yu3sCAwEAAaOBpzCB
+pDAdBgNVHQ4EFgQUPjE+4pun+8FreIdpoR8v6N7xKtUwdQYDVR0jBG4wbIAUPjE+
+4pun+8FreIdpoR8v6N7xKtWhSaRHMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpT
+b21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGSCCQCF
+mbrORCFzbTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4ICAQCpvCPdtvXJ
+muTj379TZuCJs7/l0FhA7AHa1WAlHjsXHaA7N0+3ZWAbdtXDsowal6S+ldgU/kfV
+Lq7NrRq+amJWC7SYj6cvVwhrSwSvu01fe/TWuOzHrRv1uTfJ/VXLonVufMDd9opo
+bhqYxMaxLdIx6t/MYmZH4Wpiq0yfZuv//M8i7BBl/qvaWbLhg0yVAKRwjFvf59h6
+6tRFCLddELOIhLDQtk8zMbioPEbfAlKdwwP8kYGtDGj6/9/YTd/oTKRdgHuwyup3
+m0L20Y6LddC+tb0WpK5EyrNbCbEqj1L4/U7r6f/FKNA3bx6nfdXbscaMfYonKAKg
+1cRrRg45sErmCz0QyTnWzXyvbjR4oQRzyW3kJ1JZudZ+AwOi00J5FYa3NiLuxl1u
+gIGKWSrASQWhEdpa1nlCgX7PhdaQgYjEMpQvA0GCA0OF5JDu8en1yZqsOt1hCLIN
+lkz/5jKPqrclY5hV99bE3hgCHRmIPNHCZG3wbZv2yJKxJX1YLMmQwAmSh2N7YwGG
+yXRvCxQs5ChPHyRairuf/5MZCZnSVb45ppTVuNUijsbflKRUgfj/XvfqQ22f+C9N
+Om2dmNvAiS2TOIfuP47CF2OUa5q4plUwmr+nyXQGM0SIoHNCj+MBdFfb3oxxAtI+
+SLhbnzQv5e84Doqz3YF0XW8jyR7q8GFLNA==
+-----END CERTIFICATE-----