From 255c910842126fd55ac1c0f933ab1d016f534e27 Mon Sep 17 00:00:00 2001 From: Bruno Wagner Goncalves Date: Mon, 4 Aug 2014 17:51:59 -0300 Subject: Imported bitmask libraries to service --- service/test/bitmask_libraries/__init__.py | 0 .../test/bitmask_libraries/abstract_leap_test.py | 26 ++++ service/test/bitmask_libraries/leap_srp_test.py | 106 +++++++++++++ service/test/bitmask_libraries/nicknym_test.py | 19 +++ service/test/bitmask_libraries/provider_test.py | 170 +++++++++++++++++++++ service/test/bitmask_libraries/session_test.py | 49 ++++++ service/test/bitmask_libraries/smtp_test.py | 77 ++++++++++ service/test/bitmask_libraries/soledad_test.py | 54 +++++++ 8 files changed, 501 insertions(+) create mode 100644 service/test/bitmask_libraries/__init__.py create mode 100644 service/test/bitmask_libraries/abstract_leap_test.py create mode 100644 service/test/bitmask_libraries/leap_srp_test.py create mode 100644 service/test/bitmask_libraries/nicknym_test.py create mode 100644 service/test/bitmask_libraries/provider_test.py create mode 100644 service/test/bitmask_libraries/session_test.py create mode 100644 service/test/bitmask_libraries/smtp_test.py create mode 100644 service/test/bitmask_libraries/soledad_test.py (limited to 'service/test/bitmask_libraries') diff --git a/service/test/bitmask_libraries/__init__.py b/service/test/bitmask_libraries/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/service/test/bitmask_libraries/abstract_leap_test.py b/service/test/bitmask_libraries/abstract_leap_test.py new file mode 100644 index 00000000..007fe06a --- /dev/null +++ b/service/test/bitmask_libraries/abstract_leap_test.py @@ -0,0 +1,26 @@ +import os +import tempfile +import unittest +from uuid import uuid4 +from mock import Mock, MagicMock + + +class AbstractLeapTest(unittest.TestCase): + uuid = str(uuid4()) + session_id = str(uuid4()) + token = str(uuid4()) + + leap_home = os.path.join(tempfile.mkdtemp(), 'leap') + + config = Mock(leap_home=leap_home, ca_cert_bundle='/some/path/to/ca_cert', gpg_binary='/path/to/gpg') + provider = Mock(config=config, server_name='some-server.test', domain='some-server.test', + api_uri='https://api.some-server.test:4430', api_version='1') + soledad = Mock() + soledad_session = Mock(soledad=soledad) + srp_session = Mock(user_name='test_user', api_server_name='some-server.test', uuid=uuid, session_id=session_id, token=token) + + nicknym = MagicMock() + + soledad_account = MagicMock() + + mail_fetcher_mock = MagicMock() diff --git a/service/test/bitmask_libraries/leap_srp_test.py b/service/test/bitmask_libraries/leap_srp_test.py new file mode 100644 index 00000000..a8b5b3fb --- /dev/null +++ b/service/test/bitmask_libraries/leap_srp_test.py @@ -0,0 +1,106 @@ +import sys +import os +sys.path.insert(0, os.environ['APP_ROOT']) + +import json +import unittest +import binascii +from urlparse import parse_qs + +from httmock import urlmatch, all_requests, HTTMock, response +from requests.exceptions import Timeout +import srp + +from app.bitmask_libraries.leap_srp import LeapSecureRemotePassword, LeapAuthException + + + +(salt_bytes, verification_key_bytes) = srp.create_salted_verification_key('username', 'password', hash_alg=srp.SHA256, ng_type=srp.NG_1024) +verifier = None + + +@all_requests +def not_found_mock(url, request): + return {'status_code': 404, + 'content': 'foobar'} + + +@all_requests +def timeout_mock(url, request): + raise Timeout() + +@urlmatch(netloc=r'(.*\.)?leap\.local$') +def srp_login_server_simulator_mock(url, request): + global verifier + + data = parse_qs(request.body) + if 'login' in data: + # SRP Authentication Step 1 + A = binascii.unhexlify(data.get('A')[0]) + + verifier = srp.Verifier('username', salt_bytes, verification_key_bytes, A, hash_alg=srp.SHA256, ng_type=srp.NG_1024) + (salt, B) = verifier.get_challenge() + + content = { + 'salt': binascii.hexlify(salt), + 'B': binascii.hexlify(B) + } + + return {'status_code': 200, + 'content': json.dumps(content)} + + else: + # SRP Authentication Step 2 + data = parse_qs(request.body) + client_auth = binascii.unhexlify(data.get('client_auth')[0]) + + M2 = verifier.verify_session(client_auth) + + if not verifier.authenticated(): + return {'status_code': 404, + 'content': ''} + + content = { + 'M2': binascii.hexlify(M2), + 'id': 'some id', + 'token': 'some token' + } + headers = { + 'Content-Type': 'application/json', + 'Set-Cookie': '_session_id=some_session_id;'} + return response(200, content, headers, None, 5, request) + + +class LeapSRPTest(unittest.TestCase): + + def test_status_code_is_checked(self): + with HTTMock(not_found_mock): + lsrp = LeapSecureRemotePassword() + self.assertRaises(LeapAuthException, lsrp.authenticate, 'https://api.leap.local', 'username', 'password') + + def test_invalid_username(self): + with HTTMock(srp_login_server_simulator_mock): + lsrp = LeapSecureRemotePassword() + self.assertRaises(LeapAuthException, lsrp.authenticate, 'https://api.leap.local', 'invalid_user', 'password') + + def test_invalid_password(self): + with HTTMock(srp_login_server_simulator_mock): + lsrp = LeapSecureRemotePassword() + self.assertRaises(LeapAuthException, lsrp.authenticate, 'https://api.leap.local', 'username', 'invalid') + + def test_login(self): + with HTTMock(srp_login_server_simulator_mock): + lsrp = LeapSecureRemotePassword() + leap_session = lsrp.authenticate('https://api.leap.local', 'username', 'password') + + self.assertIsNotNone(leap_session) + self.assertEqual('username', leap_session.user_name) + self.assertEqual('1', leap_session.api_version) + self.assertEqual('https://api.leap.local', leap_session.api_server_name) + self.assertEqual('some token', leap_session.token) + self.assertEqual('some_session_id', leap_session.session_id) + + def test_timeout(self): + with HTTMock(timeout_mock): + lrsp = LeapSecureRemotePassword() + self.assertRaises(LeapAuthException, lrsp.authenticate, 'https://api.leap.local', 'username', 'password') diff --git a/service/test/bitmask_libraries/nicknym_test.py b/service/test/bitmask_libraries/nicknym_test.py new file mode 100644 index 00000000..a087874a --- /dev/null +++ b/service/test/bitmask_libraries/nicknym_test.py @@ -0,0 +1,19 @@ +from mock import patch + +from app.bitmask_libraries.nicknym import NickNym +from abstract_leap_test import AbstractLeapTest + + +class NickNymTest(AbstractLeapTest): + @patch('app.bitmask_libraries.nicknym.KeyManager.__init__', return_value=None) + def test_that_keymanager_is_created(self, init_mock): + #given + + #when + NickNym(self.provider, self.config, self.soledad_session, self.srp_session) + + #then + init_mock.assert_called_with('test_user@some-server.test', 'https://nicknym.some-server.test:6425/', + self.soledad, self.session_id, '/some/path/to/ca_cert', + 'https://api.some-server.test:4430', '1', self.uuid, + '/path/to/gpg') diff --git a/service/test/bitmask_libraries/provider_test.py b/service/test/bitmask_libraries/provider_test.py new file mode 100644 index 00000000..16abbd0d --- /dev/null +++ b/service/test/bitmask_libraries/provider_test.py @@ -0,0 +1,170 @@ +import json + +from httmock import all_requests, HTTMock, urlmatch +from requests import HTTPError + +from app.bitmask_libraries.config import LeapConfig +from app.bitmask_libraries.provider import LeapProvider +from abstract_leap_test import AbstractLeapTest + + +@all_requests +def not_found_mock(url, request): + return {'status_code': 404, + 'content': 'foobar'} + +@urlmatch(netloc=r'(.*\.)?some-provider\.test$', path='/provider.json') +def provider_json_mock(url, request): + return provider_json_response("SHA256: 06e2300bdbc118c290eda0dc977c24080718f4eeca68c8b0ad431872a2baa22d") + + +@urlmatch(netloc=r'(.*\.)?some-provider\.test$', path='/provider.json') +def provider_json_invalid_fingerprint_mock(url, request): + return provider_json_response("SHA256: 0123456789012345678901234567890123456789012345678901234567890123") + + +def provider_json_response(fingerprint): + content = { + "api_uri": "https://api.some-provider.test:4430", + "api_version": "1", + "ca_cert_fingerprint": fingerprint, + "ca_cert_uri": "https://some-provider.test/ca.crt", + "domain": "some-provider.test", + "services": [ + "mx" + ] + } + return { + "status_code": 200, + "content": json.dumps(content) + } + + +@urlmatch(netloc=r'api\.some-provider\.test:4430$', path='/1/config/soledad-service.json') +def soledad_json_mock(url, request): + content = { + "some key": "some value", + } + return { + "status_code": 200, + "content": json.dumps(content) + } + +@urlmatch(netloc=r'api\.some-provider\.test:4430$', path='/1/config/smtp-service.json') +def smtp_json_mock(url, request): + content = { + "hosts": { + "leap-mx": { + "hostname": "mx.some-provider.test", + "ip_address": "0.0.0.0", + "port": 465 + } + }, + "locations": { + }, + "serial": 1, + "version": 1 + } + return { + "status_code": 200, + "content": json.dumps(content) + } + + +@urlmatch(netloc=r'(.*\.)?some-provider\.test$', path='/ca.crt') +def ca_cert_mock(url, request): + return { + "status_code": 200, + "content": ca_crt + } + + +ca_crt = """ +-----BEGIN CERTIFICATE----- +MIIFbzCCA1egAwIBAgIBATANBgkqhkiG9w0BAQ0FADBKMREwDwYDVQQKDAhXYXpv +a2F6aTEaMBgGA1UECwwRaHR0cHM6Ly9kZmkubG9jYWwxGTAXBgNVBAMMEFdhem9r +YXppIFJvb3QgQ0EwHhcNMTQwMzI1MDAwMDAwWhcNMjQwMzI1MDAwMDAwWjBKMREw +DwYDVQQKDAhXYXpva2F6aTEaMBgGA1UECwwRaHR0cHM6Ly9kZmkubG9jYWwxGTAX +BgNVBAMMEFdhem9rYXppIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw +ggIKAoICAQDSPyaslC6SNVsKpGoXllInPXbjiq7rJaV08Xg+64FJU/257BZZEJ/j +r33r0xlt2kj85PcbPySLKy0omXAQt9bs273hwAQXExdY41FxMD3wP/dmLqd55KYa +LDV4GUw0QPZ0QUyWVrRHkrdCDyjpRG+6GbowmtygJKLflYmUFC1PYQ3492esr0jC ++Q6L6+/D2+hBiH3NPI22Yk0kQmuPfnu2pvo+EYQ3It81qZE0Jo8u/BqOMgN2f9DS +GvSNfZcKAP18A41/VRrYFa/WUcdDxt/uP5nO1dm2vfLorje3wcMGtGRcDKG/+GAm +S0nYKKQeWYc6z5SDvPM1VlNdn1gOejhAoggT3Hr5Dq8kxW/lQZbOz+HLbz15qGjz +gL4KHKuDE6hOuqxpHdMTY4WZBBQ8/6ICBxaXH9587/nNDdZiom+XukVD4mrSMJS7 +PRr14Hw57433AJDJcZRwZNRRAGgDPNsCoR2caKB6/Uwkp+dWVndj5Ad8MEjyM1yV ++fYU6PSQWNig7qqN5VhNY+zUCcez5gL6volMuW00iOkXISW4lBrcZmEAQTTcWT1D +U7EkLlwITQce63LcuvK7ZWsEm5XCqD+yUz9oQfugmIhxAlTdqt3De9FA0WT9WxGt +zLeswCNKjnMpRgTerq6elwB03EBJVc7k1QRn4+s6C30sXR12dYnEMwIDAQABo2Aw +XjAdBgNVHQ4EFgQU8ItSdI5pSqMDjgRjgYI3Nj0SwxQwDgYDVR0PAQH/BAQDAgIE +MAwGA1UdEwQFMAMBAf8wHwYDVR0jBBgwFoAU8ItSdI5pSqMDjgRjgYI3Nj0SwxQw +DQYJKoZIhvcNAQENBQADggIBALdSPUrIqyIlSMr4R7pWd6Ep0BZH5RztVUcoXtei +x2MFi/rsw7aL9qZqACYIE8Gkkh6Z6GQph0fIqhAlNFvJXKkguL3ri5xh0XmPfbv/ +OLIvaUAixATivdm8ro/IqYQWdL3P6mDZOv4O6POdBEJ9JLc9RXUt1LiQ5Xb9QiLs +l/yOthhp5dJHqC8s6CDEUHRe3s9Q/4cwNB4td47I+mkLsNtVNXqi4lOzuQamqiFt +cFIqOLTFtBJ7G3k9iaDuN6RPS6LMRbqabwg4gafQTmJ+roHpnsaiHkfomI4MZOVi +TLQKOAJ3/pRGm5cGzkzQ+z4sUiCSQxtIWs7EnQCCE8agqpef6zArAvKEO+139+f2 +u1BhWOm/aHT5a3INnJEbuFr8V9MlbZSxSzU3UH7hby+9PxWKYesc6KUAu6Icooci +gEQqrVhVKmfaYMLL7UZHhw56yv/6B10SSmeAMiJhtTExjjrTRLSCaKCPa2ISAUDB +aPR3t8ZoUESWRAFQGj5NvWOomTaXfyE8Or2WfNemvdlWsKvlLeVsjts+iaTgQRU9 +VXcrUhrHhaXhYXeWrWkDDcl8VUlDWXzoUGV9SczOGwr6hONJWMn1HNxNV7ywFWf0 +QXH1g3LBW7qNgRaGhbIX4a1WoNQDmbbKaLgKWs74atZ8o4A2aUEjomclgZWPsc5l +VeJ6 +-----END CERTIFICATE----- +""" + + +class LeapProviderTest(AbstractLeapTest): + def setUp(self): + self.config = LeapConfig(verify_ssl=False, leap_home='/tmp/foobar', ca_cert_bundle='/tmp/ca.crt') + + def test_provider_fetches_provider_json(self): + with HTTMock(provider_json_mock): + provider = LeapProvider('some-provider.test', self.config) + + self.assertEqual("1", provider.api_version) + self.assertEqual("some-provider.test", provider.domain) + self.assertEqual("https://api.some-provider.test:4430", provider.api_uri) + self.assertEqual("https://some-provider.test/ca.crt", provider.ca_cert_uri) + self.assertEqual("SHA256: 06e2300bdbc118c290eda0dc977c24080718f4eeca68c8b0ad431872a2baa22d", + provider.ca_cert_fingerprint) + self.assertEqual(["mx"], provider.services) + + def test_provider_json_throws_exception_on_status_code(self): + with HTTMock(not_found_mock): + self.assertRaises(HTTPError, LeapProvider, 'some-provider.test', self.config) + + def test_fetch_soledad_json(self): + with HTTMock(provider_json_mock, soledad_json_mock, not_found_mock): + provider = LeapProvider('some-provider.test', self.config) + soledad = provider.fetch_soledad_json() + + self.assertEqual("some value", soledad.get('some key')) + + def test_throw_exception_for_fetch_soledad_status_code(self): + with HTTMock(provider_json_mock, not_found_mock): + provider = LeapProvider('some-provider.test', self.config) + + self.assertRaises(HTTPError, provider.fetch_soledad_json) + + def test_fetch_smtp_json(self): + with HTTMock(provider_json_mock, smtp_json_mock, not_found_mock): + provider = LeapProvider('some-provider.test', self.config) + smtp = provider.fetch_smtp_json() + self.assertEqual('mx.some-provider.test', smtp.get('hosts').get('leap-mx').get('hostname')) + + def test_throw_exception_for_fetch_smtp_status_code(self): + with HTTMock(provider_json_mock, not_found_mock): + provider = LeapProvider('some-provider.test', self.config) + self.assertRaises(HTTPError, provider.fetch_smtp_json) + + def test_fetch_valid_certificate(self): + with HTTMock(provider_json_mock, ca_cert_mock, not_found_mock): + provider = LeapProvider('some-provider.test', self.config) + provider.fetch_valid_certificate() + + def test_throw_exception_for_invalid_certificate(self): + with HTTMock(provider_json_invalid_fingerprint_mock, ca_cert_mock, not_found_mock): + provider = LeapProvider('some-provider.test', self.config) + self.assertRaises(Exception, provider.fetch_valid_certificate) diff --git a/service/test/bitmask_libraries/session_test.py b/service/test/bitmask_libraries/session_test.py new file mode 100644 index 00000000..aa5f012d --- /dev/null +++ b/service/test/bitmask_libraries/session_test.py @@ -0,0 +1,49 @@ +from mock import patch + +from app.bitmask_libraries.session import LeapSession +from abstract_leap_test import AbstractLeapTest + + +class SessionTest(AbstractLeapTest): + def test_background_jobs_are_started(self): + self.config.start_background_jobs = True + + with patch('app.bitmask_libraries.session.reactor.callFromThread', new=_execute_func) as _: + self._create_session() + + self.mail_fetcher_mock.start_loop.assert_called_once_with() + + def test_background_jobs_are_not_started(self): + self.config.start_background_jobs = False + + with patch('app.bitmask_libraries.session.reactor.callFromThread', new=_execute_func) as _: + self._create_session() + + self.assertFalse(self.mail_fetcher_mock.start_loop.called) + + def test_that_close_stops_background_jobs(self): + with patch('app.bitmask_libraries.session.reactor.callFromThread', new=_execute_func) as _: + session = self._create_session() + + session.close() + + self.mail_fetcher_mock.stop.assert_called_once_with() + + def test_that_sync_deferes_to_soledad(self): + session = self._create_session() + + session.sync() + + self.soledad_session.sync.assert_called_once_with() + + def test_account_email(self): + session = self._create_session() + self.assertEqual('test_user@some-server.test', session.account_email()) + + def _create_session(self): + return LeapSession(self.provider, self.srp_session, self.soledad_session, self.nicknym, self.soledad_account, + self.mail_fetcher_mock) + + +def _execute_func(func): + func() diff --git a/service/test/bitmask_libraries/smtp_test.py b/service/test/bitmask_libraries/smtp_test.py new file mode 100644 index 00000000..3982a50c --- /dev/null +++ b/service/test/bitmask_libraries/smtp_test.py @@ -0,0 +1,77 @@ +from mock import MagicMock, patch +from abstract_leap_test import AbstractLeapTest +from app.bitmask_libraries.smtp import LeapSmtp +from httmock import all_requests, HTTMock, urlmatch +import os +import sys + +@all_requests +def not_found_mock(url, request): + sys.stderr.write('url=%s\n' % url.netloc) + sys.stderr.write('path=%s\n' % url.path) + return {'status_code': 404, + 'content': 'foobar'} + +@urlmatch(netloc='api.some-server.test:4430', path='/1/cert') +def ca_cert_mock(url, request): + return { + "status_code": 200, + "content": "some content" + } + +class LeapSmtpTest(AbstractLeapTest): + keymanager = MagicMock() + + def setUp(self): + self.provider.fetch_smtp_json.return_value = { + 'hosts': { + 'leap-mx': { + 'hostname': 'smtp.some-sever.test', + 'port': '1234' + } + } + } + self.config.timeout_in_s = 15 + + def test_that_client_cert_gets_downloaded(self): + smtp = LeapSmtp(self.provider, self.keymanager, self.srp_session) + + with HTTMock(ca_cert_mock, not_found_mock): + smtp._download_client_certificates() + + path = self._client_cert_path() + self.assertTrue(os.path.isfile(path)) + + def _client_cert_path(self): + return os.path.join(self.leap_home, 'providers', 'some-server.test', 'keys', 'client', 'smtp.pem') + + @patch('app.bitmask_libraries.smtp.setup_smtp_gateway') + def test_that_start_calls_setup_smtp_gateway(self, gateway_mock): + smtp = LeapSmtp(self.provider, self.keymanager, self.srp_session) + gateway_mock.return_value = (None, None) + with HTTMock(ca_cert_mock, not_found_mock): + smtp.start() + + cert_path = self._client_cert_path() + gateway_mock.assert_called_with(keymanager=self.keymanager, smtp_cert=cert_path, smtp_key=cert_path, userid='test_user@some-server.test', smtp_port='1234', encrypted_only=False, smtp_host='smtp.some-sever.test', port=2014) + + def test_that_client_stop_does_nothing_if_not_started(self): + smtp = LeapSmtp(self.provider, self.keymanager, self.srp_session) + + with HTTMock(not_found_mock): + smtp.stop() + + @patch('app.bitmask_libraries.smtp.setup_smtp_gateway') + def test_that_running_smtp_sevice_is_stopped(self, gateway_mock): + smtp = LeapSmtp(self.provider, self.keymanager, self.srp_session) + + smtp_service = MagicMock() + smtp_port = MagicMock() + gateway_mock.return_value = (smtp_service, smtp_port) + + with HTTMock(ca_cert_mock, not_found_mock): + smtp.start() + smtp.stop() + + smtp_port.stopListening.assert_called_with() + smtp_service.doStop.assert_called_with() diff --git a/service/test/bitmask_libraries/soledad_test.py b/service/test/bitmask_libraries/soledad_test.py new file mode 100644 index 00000000..1c1c105e --- /dev/null +++ b/service/test/bitmask_libraries/soledad_test.py @@ -0,0 +1,54 @@ +from mock import patch +from app.bitmask_libraries.soledad import SoledadSession +from abstract_leap_test import AbstractLeapTest + + +@patch('app.bitmask_libraries.soledad.Soledad') +class SoledadSessionTest(AbstractLeapTest): + + def setUp(self): + #given + self.provider.fetch_soledad_json.return_value = {'hosts': { + 'couch1': { + 'hostname': 'couch1.some-server.test', + 'ip_address': '192.168.1.1', + 'port': 1234 + } + }} + + @patch('app.bitmask_libraries.soledad.Soledad.__init__') + def test_that_soledad_is_created_with_required_params(self, soledad_mock, init_mock): + #when + SoledadSession(self.provider, 'any-passphrase', self.srp_session) + + #then + init_mock.assert_called_with(self.uuid, 'any-passphrase', '%s/soledad/%s.secret' % (self.leap_home, self.uuid), + '%s/soledad/%s.db' % (self.leap_home, self.uuid), + 'https://couch1.some-server.test:1234/user-%s' % self.uuid, + '/some/path/to/ca_cert', self.token) + + def test_that_sync_is_called(self, soledad_mock): + instance = soledad_mock.return_value + instance.server_url = '/foo/bar' + instance.need_sync.return_value = True + soledad_session = SoledadSession(self.provider, 'any-passphrase', self.srp_session) + + #when + soledad_session.sync() + + #then + instance.need_sync.assert_called_with('/foo/bar') + instance.sync.assert_called_with() + + def test_that_sync_not_called_if_not_needed(self, mock): + instance = mock.return_value + instance.server_url = '/foo/bar' + instance.need_sync.return_value = False + soledad_session = SoledadSession(self.provider, 'any-passphrase', self.srp_session) + + #when + soledad_session.sync() + + #then + instance.need_sync.assert_called_with('/foo/bar') + self.assertFalse(instance.sync.called) -- cgit v1.2.3