1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
|
#!/usr/bin/python
from unittest import TestCase, main
from sys import stderr
from common import createClientWithCerts, connectClient
from nuauth import Nuauth
from nuauth_conf import NuauthConf
from config import config
from os.path import join as path_join
from plaintext import PlaintextUser, PlaintextUserDB
class TestClientCert(TestCase):
def setUp(self):
self.cacert = config.get("test_cert", "cacert")
nuconfig = NuauthConf()
nuconfig["nuauth_user_session_modify_module"]= "\"session_authtype\""
nuconfig["nuauth_tls_auth_by_cert"] = "0"
nuconfig["nuauth_tls_request_cert"] = "0"
nuconfig["nuauth_tls_cacert"] = '"%s"' % self.cacert
nuconfig["nuauth_tls_key"] = '"%s"' % config.get("test_cert", "nuauth_key")
nuconfig["nuauth_tls_cert"] = '"%s"' % config.get("test_cert", "nuauth_cert")
self.config = nuconfig
# Userdb
self.user = PlaintextUser("user", "nopassword", 42, 42)
self.userdb = PlaintextUserDB()
self.userdb.addUser(self.user)
self.userdb.install(self.config)
def tearDown(self):
self.nuauth.stop()
self.client.stop()
def testCertAuthGroupOK(self):
self.config["nuauth_tls_auth_by_cert"] = "2"
self.config["session_authtype_ssl_groups"] = "\"42\""
self.nuauth = Nuauth(self.config)
# Client
self.client = self.user.createClientWithCerts()
self.client.password = "xx%sxx" % self.user.password
self.assert_(connectClient(self.client))
def testCertAuthGroupNOK(self):
self.config["nuauth_tls_auth_by_cert"] = "2"
self.config["session_authtype_ssl_groups"] = "\"100\""
self.nuauth = Nuauth(self.config)
# Client
self.client = self.user.createClientWithCerts()
self.client.password = "xx%sxx" % self.user.password
self.assert_(not connectClient(self.client))
def testWhitelistAuthOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_whitelist_groups"] = "\"42\""
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(connectClient(self.client))
def testWhitelistAuthNOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_whitelist_groups"] = "\"123\""
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(not connectClient(self.client))
def testBlacklistAuthOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_blacklist_groups"] = "\"123\""
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(connectClient(self.client))
def testBlacklistAuthNOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_blacklist_groups"] = "\"42\""
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(not connectClient(self.client))
def testSASLAuthOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_sasl_groups"] = "\"42\""
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(connectClient(self.client))
def testSASLAuthNOK(self):
self.config["nuauth_tls_auth_by_cert"] = 0
self.config["session_authtype_sasl_groups"] = "\"123\""
self.nuauth = Nuauth(self.config)
self.client = self.user.createClientWithCerts()
self.assert_(not connectClient(self.client))
if __name__ == "__main__":
print "Test nuauth authentication policy"
main()
|
