pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more straightforward crl check function

Browse Source
This commit is contained in:
dandds
2018-08-16 14:45:46 -04:00
parent 2db84fb19a
commit e931560dc6
4 changed files with 41 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
tests/domain/authnid/test_authentication_context.py
View File

@@ -1,6 +1,7 @@
import pytest
from atst.domain.authnid import AuthenticationContext
from atst.domain.authnid.crl import CRLCache
from atst.domain.exceptions import UnauthenticatedError, NotFoundError
from atst.domain.users import Users
@@ -16,7 +17,7 @@ class MockCRLCache():
def test_can_authenticate(monkeypatch):
monkeypatch.setattr("atst.domain.authnid.Validator.validate", lambda s: True)
monkeypatch.setattr("atst.domain.authnid.crl_check", lambda *args: True)
auth_context = AuthenticationContext(
MockCRLCache(), "SUCCESS", DOD_SDN, CERT
)
@@ -24,7 +25,7 @@ def test_can_authenticate(monkeypatch):
def test_unsuccessful_status(monkeypatch):
monkeypatch.setattr("atst.domain.authnid.Validator.validate", lambda s: True)
monkeypatch.setattr("atst.domain.authnid.crl_check", lambda *args: True)
auth_context = AuthenticationContext(
MockCRLCache(), "FAILURE", DOD_SDN, CERT
)
@@ -36,9 +37,10 @@ def test_unsuccessful_status(monkeypatch):
def test_crl_check_fails(monkeypatch):
monkeypatch.setattr("atst.domain.authnid.Validator.validate", lambda s: False)
cache = CRLCache('ssl/client-certs/client-ca.crt', crl_locations=['ssl/client-certs/client-ca.der.crl'])
cert = open("ssl/client-certs/bad-atat.mil.crt", "r").read()
auth_context = AuthenticationContext(
MockCRLCache(), "SUCCESS", DOD_SDN, CERT
cache, "SUCCESS", DOD_SDN, cert
)
with pytest.raises(UnauthenticatedError) as excinfo:
assert auth_context.authenticate()
@@ -48,7 +50,7 @@ def test_crl_check_fails(monkeypatch):
def test_bad_sdn(monkeypatch):
monkeypatch.setattr("atst.domain.authnid.Validator.validate", lambda s: True)
monkeypatch.setattr("atst.domain.authnid.crl_check", lambda *args: True)
auth_context = AuthenticationContext(
MockCRLCache(), "SUCCESS", "abc123", CERT
)
@@ -60,7 +62,7 @@ def test_bad_sdn(monkeypatch):
def test_user_exists(monkeypatch):
monkeypatch.setattr("atst.domain.authnid.Validator.validate", lambda s: True)
monkeypatch.setattr("atst.domain.authnid.crl_check", lambda *args: True)
user = UserFactory.create(**DOD_SDN_INFO)
auth_context = AuthenticationContext(
MockCRLCache(), "SUCCESS", DOD_SDN, CERT
@@ -71,7 +73,7 @@ def test_user_exists(monkeypatch):
def test_creates_user(monkeypatch):
monkeypatch.setattr("atst.domain.authnid.Validator.validate", lambda s: True)
monkeypatch.setattr("atst.domain.authnid.crl_check", lambda *args: True)
# check user does not exist
with pytest.raises(NotFoundError):
Users.get_by_dod_id(DOD_SDN_INFO["dod_id"])
@@ -85,7 +87,7 @@ def test_creates_user(monkeypatch):
def test_user_cert_has_no_email(monkeypatch):
monkeypatch.setattr("atst.domain.authnid.Validator.validate", lambda s: True)
monkeypatch.setattr("atst.domain.authnid.crl_check", lambda *args: True)
cert = open("ssl/client-certs/atat.mil.crt").read()
auth_context = AuthenticationContext(
MockCRLCache(), "SUCCESS", DOD_SDN, cert

12
tests/domain/authnid/test_crl.py
View File

@@ -4,7 +4,7 @@ import re
import os
import shutil
from OpenSSL import crypto, SSL
from atst.domain.authnid.crl import Validator, CRLCache
from atst.domain.authnid.crl import crl_check, CRLCache, CRLException
import atst.domain.authnid.crl.util as util
@@ -39,18 +39,20 @@ def test_can_validate_certificate():
cache = CRLCache('ssl/server-certs/ca-chain.pem', crl_locations=['ssl/client-certs/client-ca.der.crl'])
good_cert = open('ssl/client-certs/atat.mil.crt', 'rb').read()
bad_cert = open('ssl/client-certs/bad-atat.mil.crt', 'rb').read()
assert Validator(cache, good_cert).validate()
assert Validator(cache, bad_cert).validate() == False
assert crl_check(cache, good_cert)
with pytest.raises(CRLException):
crl_check(cache, bad_cert)
def test_can_dynamically_update_crls(tmpdir):
crl_file = tmpdir.join('test.crl')
shutil.copyfile('ssl/client-certs/client-ca.der.crl', crl_file)
cache = CRLCache('ssl/server-certs/ca-chain.pem', crl_locations=[crl_file])
cert = open('ssl/client-certs/atat.mil.crt', 'rb').read()
assert Validator(cache, cert).validate()
assert crl_check(cache, cert)
# override the original CRL with one that revokes atat.mil.crt
shutil.copyfile('tests/fixtures/test.der.crl', crl_file)
assert Validator(cache, cert).validate() == False
with pytest.raises(CRLException):
assert crl_check(cache, cert)
def test_parse_disa_pki_list():
with open('tests/fixtures/disa-pki.html') as disa: