File: test_tls_client.py

package info (click to toggle)
nufw 2.4.3-2.2
  • links: PTS
  • area: main
  • in suites: wheezy
  • size: 5,728 kB
  • sloc: ansic: 32,174; sh: 10,146; python: 4,176; makefile: 965; perl: 630; lex: 176; php: 168; yacc: 117; xml: 34
file content (128 lines) | stat: -rwxr-xr-x 4,705 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
 
#!/usr/bin/python
from unittest import TestCase, main
from sys import stderr
from common import createClient, createClientWithCerts, connectClient
from nuauth import Nuauth
from nuauth_conf import NuauthConf
from config import config
from os.path import join as path_join
from os.path import abspath
from logging import warning

class TestTLSClient(TestCase):
    def startNuauth(self, dict_args=None):
        self.cacert = abspath(config.get("test_cert", "cacert"))
        self.nuconfig = NuauthConf()
        if dict_args is None:
            dict_args = dict()
        for key in dict_args.keys():
            self.nuconfig[ key ] = dict_args[key]
        self.nuauth = Nuauth(self.nuconfig)


    def stopNuauth(self):
        self.nuauth.stop()

    def tearDown(self):
        #self.client.stop()
        pass

    def testClientFQDNCheck(self):
        self.startNuauth()
        client1 = createClient(more_args=["-H","nuauth.inl.fr","-A", self.cacert])
        client2 = createClient(more_args=["-H","localhost","-A", self.cacert])
        self.assert_(connectClient(client1))
        self.assert_(not connectClient(client2))
        client1.stop()
        client2.stop()
        self.stopNuauth()

    def testClientIgnoreFQDNCheck(self):
        self.startNuauth()
        client1 = createClient(more_args=["-H","nuauth.inl.fr","-A", self.cacert])
        client2 = createClient(more_args=["-H","localhost","-A", self.cacert,"-N"])
        self.assert_(connectClient(client1))
        self.assert_(connectClient(client2))
        client1.stop()
        client2.stop()
        self.stopNuauth()

    def testClientValidCA(self):
        self.startNuauth()
        client = createClient(more_args=["-A", self.cacert])
        self.assert_(connectClient(client))
        client.stop()
        self.stopNuauth()

    def testClientInvalidCA(self):
        self.startNuauth()
        cacert = config.get("test_cert", "invalid_cacert")
        client = createClient(more_args=["-A", cacert])
        self.assert_(not connectClient(client))
        client.stop()
        self.stopNuauth()

    def testClientValidCert(self):
        args = dict()
        args["nuauth_tls_request_cert"] = "2"
        self.startNuauth(args)
        tls_cert = abspath(config.get("test_cert", "user_cert"))
        tls_key  = abspath(config.get("test_cert", "user_key"))
        client = createClient(more_args=["-A", self.cacert,"-C",tls_cert,"-K",tls_key])
        self.assert_(connectClient(client))
        client.stop()
        self.stopNuauth()

    def testClientInvalidCert(self):
        args = dict()
        args["nuauth_tls_request_cert"] = "2"
        self.startNuauth(args)
        cacert = config.get("test_cert", "invalid_cacert")
        tls_cert = abspath(config.get("test_cert", "user_invalid_cert"))
        tls_key  = abspath(config.get("test_cert", "user_invalid_key"))
        client = createClient(more_args=["-A", self.cacert,"-C",tls_cert,"-K",tls_key])
        self.assert_(not connectClient(client))
        client.stop()
        self.stopNuauth()

    def testClientRevoked(self):
        args = dict()
        args["nuauth_tls_request_cert"] = "1"
        args["nuauth_tls_crl"] = '"%s"' % abspath(config.get("test_cert", "crl"))
        self.startNuauth(args)
        client1 = createClientWithCerts()
        self.assert_(connectClient(client1))
        tls_cert = abspath(config.get("test_cert", "user_revoked_cert"))
        tls_key  = abspath(config.get("test_cert", "user_revoked_key"))
        client2 = createClient(more_args=["-A", self.cacert,"-C",tls_cert,"-K",tls_key])
        self.assert_(not connectClient(client2))
        client1.stop()
        client2.stop()
        self.stopNuauth()

    def testClientExpired(self):
        self.startNuauth()
        client1 = createClientWithCerts()
        self.assert_(connectClient(client1))
        tls_cert = abspath(config.get("test_cert", "user_expired_cert"))
        tls_key  = abspath(config.get("test_cert", "user_expired_key"))
        client2 = createClient(more_args=["-A", self.cacert,"-C",tls_cert,"-K",tls_key])
        self.assert_(not connectClient(client2))
        client1.stop()
        client2.stop()
        self.stopNuauth()

    def testClientInvalidCRL(self):
        args = dict()
        args["nuauth_tls_request_cert"] = "2"
        self.startNuauth(args)
        invalid_crl = abspath(config.get("test_cert", "invalid_crl"))
        client = createClient(more_args=["-H","nuauth.inl.fr","-A",self.cacert,"-R",invalid_crl])
        self.assert_(not connectClient(client))
        client.stop()
        self.stopNuauth()

if __name__ == "__main__":
    print "Test TLS client capabilities"
    main()