]>
Commit | Line | Data |
---|---|---|
6eca6510 PL |
1 | import json |
2 | import time | |
3 | import unittest | |
4 | from copy import deepcopy | |
5 | from pprint import pprint | |
6 | from test_helper import ApiTestCase, unique_tsigkey_name, is_auth, is_recursor, get_db_tsigkeys | |
7 | ||
8 | class AuthTSIGHelperMixin(object): | |
9 | def create_tsig_key(self, name=None, algorithm='hmac-md5', key=None): | |
10 | if name is None: | |
11 | name = unique_tsigkey_name() | |
12 | payload = { | |
13 | 'name': name, | |
14 | 'algorithm': algorithm, | |
15 | } | |
16 | if key is not None: | |
17 | payload.update({'key': key}) | |
18 | print "sending", payload | |
19 | r = self.session.post( | |
20 | self.url("/api/v1/servers/localhost/tsigkeys"), | |
21 | data=json.dumps(payload), | |
22 | headers={'content-type': 'application/json'}) | |
23 | self.assert_success_json(r) | |
24 | self.assertEquals(r.status_code, 201) | |
25 | reply = r.json() | |
26 | print "reply", reply | |
27 | return name, payload, reply | |
28 | ||
29 | ||
30 | @unittest.skipIf(not is_auth(), "Not applicable") | |
31 | class AuthTSIG(ApiTestCase, AuthTSIGHelperMixin): | |
32 | def test_create_key(self): | |
33 | """ | |
34 | Create a TSIG key that is generated by the server | |
35 | """ | |
36 | name, payload, data = self.create_tsig_key() | |
37 | for k in ('id', 'name', 'algorithm', 'key', 'type'): | |
38 | self.assertIn(k, data) | |
39 | if k in payload: | |
40 | self.assertEquals(data[k], payload[k]) | |
41 | ||
42 | def test_create_key_with_key_data(self): | |
43 | """ | |
44 | Create a new key with the key data provided | |
45 | """ | |
46 | key = 'fn+BREHMDq0uWA1WbDwaoc2ne3rD973ySJ33ToJTfWY=' | |
47 | name, payload, data = self.create_tsig_key(key=key) | |
48 | self.assertEqual(data['key'], key) | |
49 | ||
50 | def test_create_key_with_hmacsha512(self): | |
51 | """ | |
52 | Have the server generate a key with the provided algorithm | |
53 | """ | |
54 | algorithm = 'hmac-sha512' | |
55 | name, payload, data = self.create_tsig_key(algorithm=algorithm) | |
56 | self.assertEqual(data['algorithm'], algorithm) | |
57 | ||
58 | def test_get_non_existing_key(self): | |
59 | """ | |
60 | Try to get get a key that does not exist | |
61 | """ | |
62 | name = "idontexist" | |
63 | r = self.session.get(self.url( | |
64 | "/api/v1/servers/localhost/tsigkeys/" + name + '.'), | |
65 | headers={'accept': 'application/json'}) | |
66 | self.assert_error_json(r) | |
67 | self.assertEqual(r.status_code, 404) | |
68 | newdata = r.json() | |
69 | self.assertIn('TSIG key with name \'' + name + '\' not found', newdata['error']) | |
70 | ||
71 | def test_remove_key(self): | |
72 | """ | |
73 | Create a key and attempt to delete it | |
74 | """ | |
75 | name, payload, data = self.create_tsig_key() | |
76 | r = self.session.delete(self.url("/api/v1/servers/localhost/tsigkeys/" + data['id'])) | |
77 | self.assertEqual(r.status_code, 204) | |
78 | keys_from_db = get_db_tsigkeys(name) | |
79 | self.assertListEqual(keys_from_db, []) | |
80 | ||
81 | def test_put_key_change_name(self): | |
82 | """ | |
83 | Rename a key by PUTing a json with "name" set | |
84 | """ | |
85 | name, payload, data = self.create_tsig_key() | |
86 | payload = { | |
87 | 'name': 'mynewkey' | |
88 | } | |
89 | r = self.session.put(self.url("/api/v1/servers/localhost/tsigkeys/" + data['id']), | |
90 | data=json.dumps(payload)) | |
91 | self.assertEqual(r.status_code, 200) | |
92 | newdata = r.json() | |
93 | self.assertEqual(newdata['name'], 'mynewkey') | |
94 | ||
95 | # Check if the old key is removed | |
96 | r = self.session.get(self.url("/api/v1/servers/localhost/tsigkeys/" + data['id'])) | |
97 | self.assertEqual(r.status_code, 404, "Old key was not removed!") | |
98 | ||
99 | def test_put_key_change_key(self): | |
100 | """ | |
101 | Change the key by PUTing it | |
102 | """ | |
103 | name, payload, data = self.create_tsig_key() | |
104 | newkey = 'l36TAJalAys0HeEfSM1rFzSmz9kSwfiBo3HNkL62COs=' | |
105 | payload = { | |
106 | 'key': newkey | |
107 | } | |
108 | r = self.session.put(self.url("/api/v1/servers/localhost/tsigkeys/" + data['id']), | |
109 | data=json.dumps(payload)) | |
110 | self.assertEqual(r.status_code, 200) | |
111 | data = r.json() | |
112 | self.assertEqual(data['key'], newkey) | |
113 | ||
114 | def test_put_key_change_algo(self): | |
115 | name, payload, data = self.create_tsig_key() | |
116 | newalgo = 'hmac-sha256' | |
117 | payload = { | |
118 | 'algorithm': newalgo | |
119 | } | |
120 | r = self.session.put(self.url("/api/v1/servers/localhost/tsigkeys/" + data['id']), | |
121 | data=json.dumps(payload)) | |
122 | self.assertEqual(r.status_code, 200) | |
123 | data = r.json() | |
124 | self.assertEqual(data['algorithm'], newalgo) | |
125 | ||
126 | def test_put_non_existing_algo(self): | |
127 | name, payload, data = self.create_tsig_key() | |
128 | payload = { | |
129 | 'algorithm': 'foobar' | |
130 | } | |
131 | r = self.session.put(self.url("/api/v1/servers/localhost/tsigkeys/" + data['id']), | |
132 | data=json.dumps(payload)) | |
133 | self.assertEqual(r.status_code, 422) | |
134 | data = r.json() | |
135 | self.assertIn('Unknown TSIG algorithm: ', data['error']) | |
136 | ||
137 | def test_put_broken_key(self): | |
138 | name, payload, data = self.create_tsig_key() | |
139 | payload = { | |
140 | 'key': 'f\u333oobar1======' | |
141 | } | |
142 | r = self.session.put(self.url("/api/v1/servers/localhost/tsigkeys/" + data['id']), | |
143 | data=json.dumps(payload)) | |
144 | data = r.json() | |
145 | self.assertEqual(r.status_code, 422) | |
146 | self.assertIn('Can not base64 decode key content ', data['error']) | |
147 | ||
148 | def test_put_to_non_existing_key(self): | |
149 | name = unique_tsigkey_name() | |
150 | payload = { | |
151 | 'algorithm': 'hmac-sha512' | |
152 | } | |
153 | r = self.session.put(self.url("/api/v1/servers/localhost/tsigkeys/" + name + '.'), | |
154 | data=json.dumps(payload), | |
155 | headers={'accept': 'application/json'}) | |
156 | self.assertEqual(r.status_code, 404) | |
157 | data = r.json() | |
158 | self.assertIn('TSIG key with name \'' + name + '\' not found', data['error']) | |
159 | ||
160 | def test_post_existing_key_name(self): | |
161 | name, payload, data = self.create_tsig_key() | |
162 | r = self.session.post(self.url("/api/v1/servers/localhost/tsigkeys"), | |
163 | headers={'accept': 'application/json'}, | |
164 | data=json.dumps(payload)) | |
165 | self.assertEqual(r.status_code, 422) | |
166 | data = r.json() | |
167 | self.assertIn('A TSIG key with the name ', data['error']) | |
168 | ||
169 | def test_post_broken_key_name(self): | |
170 | payload = { | |
171 | 'name': unique_tsigkey_name(), | |
172 | 'key': 'f\u333oobar1======', | |
173 | 'algorithm': 'hmac-md5' | |
174 | } | |
175 | r = self.session.post(self.url("/api/v1/servers/localhost/tsigkeys"), | |
176 | headers={'accept': 'application/json'}, | |
177 | data=json.dumps(payload)) | |
178 | self.assertEqual(r.status_code, 422) | |
179 | data = r.json() | |
180 | self.assertIn(' cannot be base64-decoded', data['error']) | |
181 | ||
182 | def test_post_wrong_algo(self): | |
183 | payload = { | |
184 | 'name': unique_tsigkey_name(), | |
185 | 'algorithm': 'foobar' | |
186 | } | |
187 | r = self.session.post(self.url("/api/v1/servers/localhost/tsigkeys"), | |
188 | headers={'accept': 'application/json'}, | |
189 | data=json.dumps(payload)) | |
190 | self.assertEqual(r.status_code, 422) | |
191 | data = r.json() | |
192 | self.assertIn('Unknown TSIG algorithm: ', data['error']) |