mirror of
https://github.com/OpenKMIP/PyKMIP.git
synced 2025-06-27 17:24:24 +02:00
a1fa021af3
This change adds KMIP authentication suites, which define the TLS protocols and cipher suites to use for establishing secure network connections compliant with the KMIP specification. Test suites are included.
124 lines
3.7 KiB
Python
124 lines
3.7 KiB
Python
# Copyright (c) 2016 The Johns Hopkins University/Applied Physics Laboratory
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import pytest
|
|
import ssl
|
|
import testtools
|
|
|
|
from kmip.services import auth
|
|
|
|
|
|
class TestBasicAuthenticationSuite(testtools.TestCase):
|
|
"""
|
|
A test suite for the BasicAuthenticationSuite.
|
|
"""
|
|
|
|
def setUp(self):
|
|
super(TestBasicAuthenticationSuite, self).setUp()
|
|
|
|
def tearDown(self):
|
|
super(TestBasicAuthenticationSuite, self).tearDown()
|
|
|
|
def test_init(self):
|
|
auth.BasicAuthenticationSuite()
|
|
|
|
def test_protocol(self):
|
|
suite = auth.BasicAuthenticationSuite()
|
|
protocol = suite.protocol
|
|
|
|
self.assertIsInstance(protocol, int)
|
|
self.assertEqual(ssl.PROTOCOL_TLSv1, suite.protocol)
|
|
|
|
def test_ciphers(self):
|
|
suite = auth.BasicAuthenticationSuite()
|
|
ciphers = suite.ciphers
|
|
|
|
self.assertIsInstance(ciphers, str)
|
|
|
|
cipher_string = ':'.join((
|
|
'AES128-SHA',
|
|
'DES-CBC3-SHA',
|
|
'AES256-SHA',
|
|
'DHE-DSS-DES-CBC3-SHA',
|
|
'DHE-RSA-DES-CBC3-SHA',
|
|
'DH-DSS-AES128-SHA',
|
|
'DH-RSA-AES128-SHA',
|
|
'DHE-DSS-AES128-SHA',
|
|
'DHE-RSA-AES128-SHA',
|
|
'DH-RSA-AES256-SHA',
|
|
'DHE-DSS-AES256-SHA',
|
|
'DHE-RSA-AES256-SHA',
|
|
))
|
|
|
|
self.assertEqual(cipher_string, ciphers)
|
|
|
|
|
|
@pytest.mark.skipif(not hasattr(ssl, 'PROTOCOL_TLSv1_2'),
|
|
reason="Requires ssl.PROTOCOL_TLSv1_2")
|
|
class TestTLS12AuthenticationSuite(testtools.TestCase):
|
|
"""
|
|
A test suite for the TLS12AuthenticationSuite.
|
|
"""
|
|
|
|
def setUp(self):
|
|
super(TestTLS12AuthenticationSuite, self).setUp()
|
|
|
|
def tearDown(self):
|
|
super(TestTLS12AuthenticationSuite, self).tearDown()
|
|
|
|
def test_init(self):
|
|
auth.TLS12AuthenticationSuite()
|
|
|
|
def test_protocol(self):
|
|
suite = auth.TLS12AuthenticationSuite()
|
|
protocol = suite.protocol
|
|
|
|
self.assertIsInstance(protocol, int)
|
|
self.assertEqual(ssl.PROTOCOL_TLSv1_2, suite.protocol)
|
|
|
|
def test_ciphers(self):
|
|
suite = auth.TLS12AuthenticationSuite()
|
|
ciphers = suite.ciphers
|
|
|
|
self.assertIsInstance(ciphers, str)
|
|
|
|
cipher_string = ':'.join((
|
|
'AES128-SHA256',
|
|
'AES256-SHA256',
|
|
'DH-DSS-AES256-SHA256',
|
|
'DH-DSS-AES128-SHA256',
|
|
'DH-RSA-AES128-SHA256',
|
|
'DHE-DSS-AES128-SHA256',
|
|
'DHE-RSA-AES128-SHA256',
|
|
'DH-DSS-AES256-SHA256',
|
|
'DH-RSA-AES256-SHA256',
|
|
'DHE-DSS-AES256-SHA256',
|
|
'DHE-RSA-AES256-SHA256',
|
|
'ECDH-ECDSA-AES128-SHA256',
|
|
'ECDH-ECDSA-AES256-SHA256',
|
|
'ECDHE-ECDSA-AES128-SHA256',
|
|
'ECDHE-ECDSA-AES256-SHA384',
|
|
'ECDH-RSA-AES128-SHA256',
|
|
'ECDH-RSA-AES256-SHA384',
|
|
'ECDHE-RSA-AES128-SHA256',
|
|
'ECDHE-RSA-AES256-SHA384',
|
|
'ECDHE-ECDSA-AES128-GCM-SHA256',
|
|
'ECDHE-ECDSA-AES256-GCM-SHA384',
|
|
'ECDHE-ECDSA-AES128-SHA256',
|
|
'ECDHE-ECDSA-AES256-SHA384',
|
|
))
|
|
|
|
self.assertEqual(cipher_string, ciphers)
|