diff options
| author | Nathaniel McCallum <npmccallum@redhat.com> | 2014-05-08 11:06:16 -0400 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-06-25 12:55:02 +0200 |
| commit | 5baa9413177c624be8398f6a23614e2ce0bdbba3 (patch) | |
| tree | 01cb98fcbea98bc15e61486b69897c2f86733aac /ipatests | |
| parent | bd1df14bd6f7f94de9044294cae045549019273f (diff) | |
| download | freeipa-5baa9413177c624be8398f6a23614e2ce0bdbba3.tar.gz freeipa-5baa9413177c624be8398f6a23614e2ce0bdbba3.tar.xz freeipa-5baa9413177c624be8398f6a23614e2ce0bdbba3.zip | |
Implement OTP token importing
This patch adds support for importing tokens using RFC 6030 key container
files. This includes decryption support. For sysadmin sanity, any tokens
which fail to add will be written to the output file for examination. The
main use case here is where a small subset of a large set of tokens fails
to validate or add. Using the output file, the sysadmin can attempt to
recover these specific tokens.
This code is implemented as a server-side script. However, it doesn't
actually need to run on the server. This was done because importing is an
odd fit for the IPA command framework:
1. We need to write an output file.
2. The operation may be long-running (thousands of tokens).
3. Only admins need to perform this task and it only happens infrequently.
https://fedorahosted.org/freeipa/ticket/4261
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'ipatests')
| -rw-r--r-- | ipatests/test_ipaserver/data/full.xml | 48 | ||||
| -rw-r--r-- | ipatests/test_ipaserver/data/pskc-figure3.xml | 32 | ||||
| -rw-r--r-- | ipatests/test_ipaserver/data/pskc-figure4.xml | 31 | ||||
| -rw-r--r-- | ipatests/test_ipaserver/data/pskc-figure5.xml | 57 | ||||
| -rw-r--r-- | ipatests/test_ipaserver/data/pskc-figure6.xml | 47 | ||||
| -rw-r--r-- | ipatests/test_ipaserver/data/pskc-figure7.xml | 68 | ||||
| -rw-r--r-- | ipatests/test_ipaserver/data/pskc-figure8.xml | 53 | ||||
| -rw-r--r-- | ipatests/test_ipaserver/data/pskc-invalid.xml | 3 | ||||
| -rw-r--r-- | ipatests/test_ipaserver/data/pskc-mini.xml | 4 | ||||
| -rw-r--r-- | ipatests/test_ipaserver/test_otptoken_import.py | 151 |
10 files changed, 494 insertions, 0 deletions
diff --git a/ipatests/test_ipaserver/data/full.xml b/ipatests/test_ipaserver/data/full.xml new file mode 100644 index 000000000..0281b2881 --- /dev/null +++ b/ipatests/test_ipaserver/data/full.xml @@ -0,0 +1,48 @@ +<?xml version="1.0"?> +<KeyContainer xmlns="urn:ietf:params:xml:ns:keyprov:pskc" Version="1.0" Id="KCID"> + <KeyPackage> + <DeviceInfo> + <Manufacturer>iana.dummy</Manufacturer> + <SerialNo>SerialNo</SerialNo> + <Model>Model</Model> + <IssueNo>IssueNo</IssueNo> + <DeviceBinding>DeviceBinding</DeviceBinding> + <StartDate>2006-05-01T00:00:00Z</StartDate> + <ExpiryDate>2012-05-01T00:00:00Z</ExpiryDate> + <UserId>DeviceUserId</UserId> + </DeviceInfo> + <CryptoModuleInfo> + <Id>CMID</Id> + </CryptoModuleInfo> + <Key Id="KID1" Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp"> + <Issuer>Issuer</Issuer> + <AlgorithmParameters> + <Suite>Suite</Suite> + <ChallengeFormat Encoding="DECIMAL" Min="42" Max="4711" CheckDigits="true"/> + <ResponseFormat Encoding="DECIMAL" Length="8" CheckDigits="true"/> + </AlgorithmParameters> + <KeyProfileId>KeyProfileId</KeyProfileId> + <KeyReference>KeyReference</KeyReference> + <FriendlyName>FriendlyName</FriendlyName> + <Data> + <Secret> + <PlainValue>MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=</PlainValue> + </Secret> + <Counter> + <PlainValue>0</PlainValue> + </Counter> + <TimeInterval> + <PlainValue>200</PlainValue> + </TimeInterval> + <TimeDrift> + <PlainValue>300</PlainValue> + </TimeDrift> + </Data> + <UserId>KeyUserId</UserId> + <Policy> + <StartDate>2006-05-01T00:00:00Z</StartDate> + <ExpiryDate>2006-05-31T00:00:00Z</ExpiryDate> + </Policy> + </Key> + </KeyPackage> +</KeyContainer> diff --git a/ipatests/test_ipaserver/data/pskc-figure3.xml b/ipatests/test_ipaserver/data/pskc-figure3.xml new file mode 100644 index 000000000..b02ac7945 --- /dev/null +++ b/ipatests/test_ipaserver/data/pskc-figure3.xml @@ -0,0 +1,32 @@ +<?xml version="1.0" encoding="UTF-8"?> +<KeyContainer Version="1.0" + Id="exampleID1" + xmlns="urn:ietf:params:xml:ns:keyprov:pskc"> + <KeyPackage> + <DeviceInfo> + <Manufacturer>Manufacturer</Manufacturer> + <SerialNo>987654321</SerialNo> + <UserId>DC=example-bank,DC=net</UserId> + </DeviceInfo> + <CryptoModuleInfo> + <Id>CM_ID_001</Id> + </CryptoModuleInfo> + <Key Id="12345678" + Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp"> + <Issuer>Issuer</Issuer> + <AlgorithmParameters> + <ResponseFormat Length="8" Encoding="DECIMAL"/> + </AlgorithmParameters> + <Data> + <Secret> + <PlainValue>MTIzNDU2Nzg5MDEyMzQ1Njc4OTA= + </PlainValue> + </Secret> + <Counter> + <PlainValue>0</PlainValue> + </Counter> + </Data> + <UserId>UID=jsmith,DC=example-bank,DC=net</UserId> + </Key> + </KeyPackage> +</KeyContainer> diff --git a/ipatests/test_ipaserver/data/pskc-figure4.xml b/ipatests/test_ipaserver/data/pskc-figure4.xml new file mode 100644 index 000000000..186e02901 --- /dev/null +++ b/ipatests/test_ipaserver/data/pskc-figure4.xml @@ -0,0 +1,31 @@ +<?xml version="1.0" encoding="UTF-8"?> +<KeyContainer Version="1.0" Id="exampleID1" + xmlns="urn:ietf:params:xml:ns:keyprov:pskc"> + <KeyPackage> + <DeviceInfo> + <Manufacturer>Manufacturer</Manufacturer> + <SerialNo>987654321</SerialNo> + </DeviceInfo> + <CryptoModuleInfo> + <Id>CM_ID_001</Id> + </CryptoModuleInfo> + <Key Id="12345678" + Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp"> + <Issuer>Issuer</Issuer> + <AlgorithmParameters> + <ResponseFormat Length="8" Encoding="DECIMAL"/> + </AlgorithmParameters> + <KeyProfileId>keyProfile1</KeyProfileId> + <KeyReference>MasterKeyLabel + </KeyReference> + <Data> + <Counter> + <PlainValue>0</PlainValue> + </Counter> + </Data> + <Policy> + <KeyUsage>OTP</KeyUsage> + </Policy> + </Key> + </KeyPackage> +</KeyContainer> diff --git a/ipatests/test_ipaserver/data/pskc-figure5.xml b/ipatests/test_ipaserver/data/pskc-figure5.xml new file mode 100644 index 000000000..16ab9bb3c --- /dev/null +++ b/ipatests/test_ipaserver/data/pskc-figure5.xml @@ -0,0 +1,57 @@ +<?xml version="1.0" encoding="UTF-8"?> +<KeyContainer + Version="1.0" Id="exampleID1" + xmlns="urn:ietf:params:xml:ns:keyprov:pskc"> + <KeyPackage> + <DeviceInfo> + <Manufacturer>Manufacturer</Manufacturer> + <SerialNo>987654321</SerialNo> + </DeviceInfo> + <CryptoModuleInfo> + <Id>CM_ID_001</Id> + </CryptoModuleInfo> + <Key Id="12345678" + Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp"> + <Issuer>Issuer</Issuer> + <AlgorithmParameters> + <ResponseFormat Length="8" Encoding="DECIMAL"/> + </AlgorithmParameters> + <Data> + <Secret> + <PlainValue>MTIzNDU2Nzg5MDEyMzQ1Njc4OTA= + </PlainValue> + </Secret> + <Counter> + <PlainValue>0</PlainValue> + </Counter> + </Data> + <Policy> + <PINPolicy MinLength="4" MaxLength="4" + PINKeyId="123456781" PINEncoding="DECIMAL" + PINUsageMode="Local"/> + <KeyUsage>OTP</KeyUsage> + </Policy> + </Key> + </KeyPackage> + <KeyPackage> + <DeviceInfo> + <Manufacturer>Manufacturer</Manufacturer> + <SerialNo>987654321</SerialNo> + </DeviceInfo> + <CryptoModuleInfo> + <Id>CM_ID_001</Id> + </CryptoModuleInfo> + <Key Id="123456781" + Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:pin"> + <Issuer>Issuer</Issuer> + <AlgorithmParameters> + <ResponseFormat Length="4" Encoding="DECIMAL"/> + </AlgorithmParameters> + <Data> + <Secret> + <PlainValue>MTIzNA==</PlainValue> + </Secret> + </Data> + </Key> + </KeyPackage> +</KeyContainer> diff --git a/ipatests/test_ipaserver/data/pskc-figure6.xml b/ipatests/test_ipaserver/data/pskc-figure6.xml new file mode 100644 index 000000000..0f4cd334f --- /dev/null +++ b/ipatests/test_ipaserver/data/pskc-figure6.xml @@ -0,0 +1,47 @@ +<?xml version="1.0" encoding="UTF-8"?> +<KeyContainer Version="1.0" + xmlns="urn:ietf:params:xml:ns:keyprov:pskc" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> + <EncryptionKey> + <ds:KeyName>Pre-shared-key</ds:KeyName> + </EncryptionKey> + <MACMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"> + <MACKey> + <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <xenc:CipherData> + <xenc:CipherValue>ESIzRFVmd4iZABEiM0RVZgKn6WjLaTC1sbeBMSvIhRejN9vJa2BOlSaMrR7I5wSX</xenc:CipherValue> + </xenc:CipherData> + </MACKey> + </MACMethod> + <KeyPackage> + <DeviceInfo> + <Manufacturer>Manufacturer</Manufacturer> + <SerialNo>987654321</SerialNo> + </DeviceInfo> + <CryptoModuleInfo> + <Id>CM_ID_001</Id> + </CryptoModuleInfo> + <Key Id="12345678" + Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp"> + <Issuer>Issuer</Issuer> + <AlgorithmParameters> + <ResponseFormat Length="8" Encoding="DECIMAL"/> + </AlgorithmParameters> + <Data> + <Secret> + <EncryptedValue> + <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <xenc:CipherData> + <xenc:CipherValue>AAECAwQFBgcICQoLDA0OD+cIHItlB3Wra1DUpxVvOx2lef1VmNPCMl8jwZqIUqGv</xenc:CipherValue> + </xenc:CipherData> + </EncryptedValue> + <ValueMAC>Su+NvtQfmvfJzF6bmQiJqoLRExc=</ValueMAC> + </Secret> + <Counter> + <PlainValue>0</PlainValue> + </Counter> + </Data> + </Key> + </KeyPackage> +</KeyContainer> diff --git a/ipatests/test_ipaserver/data/pskc-figure7.xml b/ipatests/test_ipaserver/data/pskc-figure7.xml new file mode 100644 index 000000000..1fb04fc31 --- /dev/null +++ b/ipatests/test_ipaserver/data/pskc-figure7.xml @@ -0,0 +1,68 @@ +<?xml version="1.0" encoding="UTF-8"?> +<pskc:KeyContainer + xmlns:pskc="urn:ietf:params:xml:ns:keyprov:pskc" + xmlns:xenc11="http://www.w3.org/2009/xmlenc11#" + xmlns:pkcs5="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Version="1.0"> + <pskc:EncryptionKey> + <xenc11:DerivedKey> + <xenc11:KeyDerivationMethod + Algorithm="http://www.rsasecurity.com/rsalabs/pkcs/schemas/pkcs-5v2-0#pbkdf2"> + <xenc11:PBKDF2-params> + <xenc11:Salt> + <xenc11:Specified>Ej7/PEpyEpw=</xenc11:Specified> + </xenc11:Salt> + <xenc11:IterationCount>1000</xenc11:IterationCount> + <xenc11:KeyLength>16</xenc11:KeyLength> + <xenc11:PRF/> + </xenc11:PBKDF2-params> + </xenc11:KeyDerivationMethod> + <xenc:ReferenceList> + <xenc:DataReference URI="#ED"/> + </xenc:ReferenceList> + <xenc11:MasterKeyName>My Password 1</xenc11:MasterKeyName> + </xenc11:DerivedKey> + </pskc:EncryptionKey> + <pskc:MACMethod + Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"> + <pskc:MACKey> + <xenc:EncryptionMethod + Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <xenc:CipherData> + <xenc:CipherValue> + 2GTTnLwM3I4e5IO5FkufoOEiOhNj91fhKRQBtBJYluUDsPOLTfUvoU2dStyOwYZx + </xenc:CipherValue> + </xenc:CipherData> + </pskc:MACKey> + </pskc:MACMethod> + <pskc:KeyPackage> + <pskc:DeviceInfo> + <pskc:Manufacturer>TokenVendorAcme</pskc:Manufacturer> + <pskc:SerialNo>987654321</pskc:SerialNo> + </pskc:DeviceInfo> + <pskc:CryptoModuleInfo> + <pskc:Id>CM_ID_001</pskc:Id> + </pskc:CryptoModuleInfo> + <pskc:Key Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp" Id="123456"> + <pskc:Issuer>Example-Issuer</pskc:Issuer> + <pskc:AlgorithmParameters> + <pskc:ResponseFormat Length="8" Encoding="DECIMAL"/> + </pskc:AlgorithmParameters> + <pskc:Data> + <pskc:Secret> + <pskc:EncryptedValue Id="ED"> + <xenc:EncryptionMethod + Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <xenc:CipherData> + <xenc:CipherValue> + oTvo+S22nsmS2Z/RtcoF8Hfh+jzMe0RkiafpoDpnoZTjPYZu6V+A4aEn032yCr4f + </xenc:CipherValue> + </xenc:CipherData> + </pskc:EncryptedValue> + <pskc:ValueMAC>LP6xMvjtypbfT9PdkJhBZ+D6O4w= + </pskc:ValueMAC> + </pskc:Secret> + </pskc:Data> + </pskc:Key> + </pskc:KeyPackage> +</pskc:KeyContainer> diff --git a/ipatests/test_ipaserver/data/pskc-figure8.xml b/ipatests/test_ipaserver/data/pskc-figure8.xml new file mode 100644 index 000000000..c9f63cf02 --- /dev/null +++ b/ipatests/test_ipaserver/data/pskc-figure8.xml @@ -0,0 +1,53 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<KeyContainer + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns="urn:ietf:params:xml:ns:keyprov:pskc" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" + Id="KC0001" + Version="1.0"> + <EncryptionKey> + <ds:X509Data> + <ds:X509Certificate>MIIB5zCCAVCgAwIBAgIESZp/vDANBgkqhkiG9w0BAQUFADA4M + Q0wCwYDVQQKEwRJRVRGMRMwEQYDVQQLEwpLZXlQcm92IFdHMRIwEAYDVQQDEwlQU0tDIF + Rlc3QwHhcNMDkwMjE3MDkxMzMyWhcNMTEwMjE3MDkxMzMyWjA4MQ0wCwYDVQQKEwRJRVR + GMRMwEQYDVQQLEwpLZXlQcm92IFdHMRIwEAYDVQQDEwlQU0tDIFRlc3QwgZ8wDQYJKoZI + hvcNAQEBBQADgY0AMIGJAoGBALCWLDa2ItYJ6su80hd1gL4cggQYdyyKK17btt/aS6Q/e + DsKjsPyFIODsxeKVV/uA3wLT4jQJM5euKJXkDajzGGOy92+ypfzTX4zDJMkh61SZwlHNJ + xBKilAM5aW7C+BQ0RvCxvdYtzx2LTdB+X/KMEBA7uIYxLfXH2Mnub3WIh1AgMBAAEwDQY + JKoZIhvcNAQEFBQADgYEAe875m84sYUJ8qPeZ+NG7REgTvlHTmoCdoByU0LBBLotUKuqf + rnRuXJRMeZXaaEGmzY1kLonVjQGzjAkU4dJ+RPmiDlYuHLZS41Pg6VMwY+03lhk6I5A/w + 4rnqdkmwZX/NgXg06alnc2pBsXWhL4O7nk0S2ZrLMsQZ6HcsXgdmHo= + </ds:X509Certificate> + </ds:X509Data> + </EncryptionKey> + <KeyPackage> + <DeviceInfo> + <Manufacturer>TokenVendorAcme</Manufacturer> + <SerialNo>987654321</SerialNo> + </DeviceInfo> + <Key Id="MBK000000001" + Algorithm="urn:ietf:params:xml:ns:keyprov:pskc:hotp"> + <Issuer>Example-Issuer</Issuer> + <AlgorithmParameters> + <ResponseFormat Length="6" Encoding="DECIMAL"/> + </AlgorithmParameters> + <Data> + <Secret> + <EncryptedValue> + <xenc:EncryptionMethod + Algorithm="http://www.w3.org/2001/04/xmlenc#rsa_1_5"/> + <xenc:CipherData> + <xenc:CipherValue>hJ+fvpoMPMO9BYpK2rdyQYGIxiATYHTHC7e/sPLKYo5/r1v+4 + xTYG3gJolCWuVMydJ7Ta0GaiBPHcWa8ctCVYmHKfSz5fdeV5nqbZApe6dofTqhRwZK6 + Yx4ufevi91cjN2vBpSxYafvN3c3+xIgk0EnTV4iVPRCR0rBwyfFrPc4= + </xenc:CipherValue> + </xenc:CipherData> + </EncryptedValue> + </Secret> + <Counter> + <PlainValue>0</PlainValue> + </Counter> + </Data> + </Key> + </KeyPackage> +</KeyContainer> diff --git a/ipatests/test_ipaserver/data/pskc-invalid.xml b/ipatests/test_ipaserver/data/pskc-invalid.xml new file mode 100644 index 000000000..688e3479d --- /dev/null +++ b/ipatests/test_ipaserver/data/pskc-invalid.xml @@ -0,0 +1,3 @@ +<?xml version="1.0"?> +<SomethingElse> +</SomethingElse> diff --git a/ipatests/test_ipaserver/data/pskc-mini.xml b/ipatests/test_ipaserver/data/pskc-mini.xml new file mode 100644 index 000000000..e6ee7b55c --- /dev/null +++ b/ipatests/test_ipaserver/data/pskc-mini.xml @@ -0,0 +1,4 @@ +<?xml version="1.0"?> +<KeyContainer xmlns="urn:ietf:params:xml:ns:keyprov:pskc" Version="1.0"> + <KeyPackage/> +</KeyContainer> diff --git a/ipatests/test_ipaserver/test_otptoken_import.py b/ipatests/test_ipaserver/test_otptoken_import.py new file mode 100644 index 000000000..7ee0754da --- /dev/null +++ b/ipatests/test_ipaserver/test_otptoken_import.py @@ -0,0 +1,151 @@ +# Authors: +# Nathaniel McCallum <npmccallum@redhat.com> +# +# Copyright (C) 2014 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import os +import sys +import nose +from nss import nss + +from ipaserver.install.ipa_otptoken_import import PSKCDocument, ValidationError + +basename = os.path.join(os.path.dirname(__file__), "data") + +class test_otptoken_import(object): + def test_figure3(self): + doc = PSKCDocument(os.path.join(basename, "pskc-figure3.xml")) + assert doc.keyname is None + assert [(t.id, t.options) for t in doc.getKeyPackages()] == \ + [(u'12345678', { + 'ipatokenotpkey': u'GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ', + 'ipatokenvendor': u'Manufacturer', + 'ipatokenserial': u'987654321', + 'ipatokenhotpcounter': 0L, + 'ipatokenotpdigits': 8, + 'type': u'hotp', + })] + + def test_figure4(self): + doc = PSKCDocument(os.path.join(basename, "pskc-figure4.xml")) + assert doc.keyname is None + try: + [(t.id, t.options) for t in doc.getKeyPackages()] + except ValidationError: # Referenced keys are not supported. + pass + else: + assert False + + def test_figure5(self): + doc = PSKCDocument(os.path.join(basename, "pskc-figure5.xml")) + assert doc.keyname is None + try: + [(t.id, t.options) for t in doc.getKeyPackages()] + except ValidationError: # PIN Policy is not supported. + pass + else: + assert False + + def test_figure6(self): + nss.nss_init_nodb() + try: + doc = PSKCDocument(os.path.join(basename, "pskc-figure6.xml")) + assert doc.keyname == 'Pre-shared-key' + doc.setKey('12345678901234567890123456789012'.decode('hex')) + assert [(t.id, t.options) for t in doc.getKeyPackages()] == \ + [(u'12345678', { + 'ipatokenotpkey': u'GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ', + 'ipatokenvendor': u'Manufacturer', + 'ipatokenserial': u'987654321', + 'ipatokenhotpcounter': 0L, + 'ipatokenotpdigits': 8, + 'type': u'hotp'})] + finally: + nss.nss_shutdown() + + def test_figure7(self): + nss.nss_init_nodb() + try: + doc = PSKCDocument(os.path.join(basename, "pskc-figure7.xml")) + assert doc.keyname == 'My Password 1' + doc.setKey('qwerty') + assert [(t.id, t.options) for t in doc.getKeyPackages()] == \ + [(u'123456', { + 'ipatokenotpkey': u'GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ', + 'ipatokenvendor': u'TokenVendorAcme', + 'ipatokenserial': u'987654321', + 'ipatokenotpdigits': 8, + 'type': u'hotp'})] + finally: + nss.nss_shutdown() + + def test_figure8(self): + nss.nss_init_nodb() + try: + doc = PSKCDocument(os.path.join(basename, "pskc-figure8.xml")) + except NotImplementedError: # X.509 is not supported. + pass + else: + assert False + finally: + nss.nss_shutdown() + + def test_invalid(self): + nss.nss_init_nodb() + try: + doc = PSKCDocument(os.path.join(basename, "pskc-invalid.xml")) + except ValueError: # File is invalid. + pass + else: + assert False + finally: + nss.nss_shutdown() + + def test_mini(self): + nss.nss_init_nodb() + try: + doc = PSKCDocument(os.path.join(basename, "pskc-mini.xml")) + [(t.id, t.options) for t in doc.getKeyPackages()] + except ValidationError: # Unsupported token type. + pass + else: + assert False + finally: + nss.nss_shutdown() + + def test_full(self): + nss.nss_init_nodb() + try: + doc = PSKCDocument(os.path.join(basename, "full.xml")) + assert [(t.id, t.options) for t in doc.getKeyPackages()] == \ + [(u'KID1', { + 'ipatokenotpkey': u'GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ', + 'ipatokennotafter': u'20060531000000Z', + 'ipatokennotbefore': u'20060501000000Z', + 'ipatokenserial': u'SerialNo-IssueNo', + 'ipatokentotpclockoffset': 60000, + 'ipatokenotpalgorithm': u'sha1', + 'ipatokenvendor': u'iana.dummy', + 'description': u'FriendlyName', + 'ipatokentotptimestep': 200, + 'ipatokenhotpcounter': 0L, + 'ipatokenmodel': u'Model', + 'ipatokenotpdigits': 8, + 'type': u'hotp', + })] + finally: + nss.nss_shutdown() |