| Server IP : 209.38.156.173 / Your IP : 216.73.216.122 [ Web Server : Apache/2.4.52 (Ubuntu) System : Linux lakekumayuhotel 5.15.0-136-generic #147-Ubuntu SMP Sat Mar 15 15:53:30 UTC 2025 x86_64 User : root ( 0) PHP Version : 8.1.2-1ubuntu2.22 Disable Function : NONE Domains : 2 Domains MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /usr/lib/python3/dist-packages/twisted/cred/test/__pycache__/ |
Upload File : |
o
�����b�]����������������������@���s����d�Z�ddlZddlmZ�ddlmZmZ�ddlmZ�ddl m
Z
m
Z
m
Z
m
Z
mZ�ddlmZ�ddlmZ�dd lmZ�dd
lmZ�d
d
��ZG�d
d��de
�ZG�dd��de�ZdS�)z[
Tests for L{twisted.cred._digest} and the associated bits in
L{twisted.cred.credentials}.
�����N)�hexlify)�md5�sha1)�
verifyObject)�DigestCredentialFactory�IUsernameDigestHash�calcHA1�calcHA2�
calcResponse)�
LoginFailed)�
IPv4Address)�
networkString)�TestCasec�����������������C���s���t��|�����S�)N)�base64� b64encode�strip)�s��r����C/usr/lib/python3/dist-packages/twisted/cred/test/test_digestauth.pyr���
���s���r���c�����������������������s0���e�Zd�ZdZ��fdd�Zdd��Zdd��Z���ZS�)�FakeDigestCredentialFactoryz\
A Fake Digest Credential Factory that generates a predictable
nonce and opaque
c��������������������s
���t���j|i�|���d|�_d�S�)N����0)�super�__init__�
privateKey)�self�args�kwargs�� __class__r���r���r���'���s���
z$FakeDigestCredentialFactory.__init__c�����������������C�������dS�)z)
Generate a static nonce
s
���178288758716122392881254770685r����r���r���r���r����_generateNonce+�������z*FakeDigestCredentialFactory._generateNoncec�����������������C���r ���)z&
Return a stable time
r���r���r ���r���r���r����_getTime1���r"���z$FakeDigestCredentialFactory._getTime)�__name__�
__module__�
__qualname__�__doc__r���r!���r#����
__classcell__r���r���r
���r���r���!���s
����
r���c�������������������@���sZ��e�Zd�ZdZdd��Zdefdd�Zdd��Zd d
��Zdefd
d
�Z defd
d�Z
dd��Z
dd��Z
dd��Z
dd��Zdefdd�Zdd��Zdd
��Zdefd
d
�Zd d ��Zd!d"��ZdOd$d%�Zd&d'��ZdOd(d)�Zd*d+��Zd,d-��Zd.d/��Zd0d1��Zd2d3��Z
d4d5��Z
d6d7��Z
d8d9��Z d:d;��Z d<d=��Z!d>d?��Z"d@dA��Z#dBdC��Z$dDdE��Z%dFdG��Z&dHdI��Z'dJdK��Z(dLdM��Z)dNS�)P�DigestAuthTestsz�
L{TestCase} mixin class which defines a number of tests for
L{DigestCredentialFactory}. Because this mixin defines C{setUp}, it
must be inherited before L{TestCase}.
c�����������������C���sR���d|�_�d|�_d|�_d|�_d|�_d|�_d|�_tdd d
�|�_d
|�_ t
|�j|�j�|�_
d
S�)
z>
Create a DigestCredentialFactory for testing
����foobars���bazquuxs
���test realm����md5s ���29fc54aa1641c6fa0e151419361c8f23����auths���/write/�TCPz10.2.3.4iu�������GETN)
�username�password�realm� algorithm�cnonce�qop�urir
����
clientAddress�methodr����credentialFactoryr ���r���r���r����setUp?���s���zDigestAuthTests.setUpr+���c�����������������C���sT���d}t�||�j|�j|�j||�j�}d�|�j|�j|�jf�}t||�����}|��||��dS�)z�
L{calcHA1} accepts the C{'md5'} algorithm and returns an MD5 hash of
its parameters, excluding the nonce and cnonce.
s ���abc123xyz����:N) r���r/���r1���r0���r3����joinr����digest�
assertEqual)r����
_algorithm�_hash�nonce�hashA1�a1�expectedr���r���r����test_MD5HashA1N���s����z
DigestAuthTests.test_MD5HashA1c�����������������C���s~���d}t�d|�j|�j|�j||�j�}|�jd�|�j�d�|�j�}tt|�����}|d�|�d�|�j�}tt|�����}|��||��dS�)z�
L{calcHA1} accepts the C{'md5-sess'} algorithm and returns an MD5 hash
of its parameters, including the nonce and cnonce.
s ���xyz321abc����md5-sessr:���N) r���r/���r1���r0���r3���r���r���r<���r=���)r���r@���rA���rB����ha1rC���r���r���r����test_MD5SessionHashA1[���s����z%DigestAuthTests.test_MD5SessionHashA1c�����������������C�������|���dt��dS�)z�
L{calcHA1} accepts the C{'sha'} algorithm and returns a SHA hash of its
parameters, excluding the nonce and cnonce.
����shaN)rD���r���r ���r���r���r����test_SHAHashA1j�������z
DigestAuthTests.test_SHAHashA1c�����������������C���sD���d}t�|||�jdd�}|d�|�j�}t||�����}|��||��dS�)z�
L{calcHA2} accepts the C{'md5'} algorithm and returns an MD5 hash of
its arguments, excluding the entity hash for QOP other than
C{'auth-int'}.
r.���r,���Nr:����r ���r5���r���r<���r=���)r���r>���r?���r7����hashA2�a2rC���r���r���r����test_MD5HashA2Authq���s
���z"DigestAuthTests.test_MD5HashA2Authc�����������������C���sP���d}d}t�|||�jd|�}|d�|�j�d�|�}t||�����}|��||��dS�)z�
L{calcHA2} accepts the C{'md5'} algorithm and returns an MD5 hash of
its arguments, including the entity hash for QOP of C{'auth-int'}.
r.���s ���foobarbazs���auth-intr:���NrL���)r���r>���r?���r7����hentityrM���rN���rC���r���r���r����test_MD5HashA2AuthInt}���s
���z%DigestAuthTests.test_MD5HashA2AuthIntc�����������������C�������|���d��dS�)z�
L{calcHA2} accepts the C{'md5-sess'} algorithm and QOP of C{'auth'} and
returns the same value as it does for the C{'md5'} algorithm.
rE���N)rO���r ���r���r���r����test_MD5SessHashA2Auth��������z&DigestAuthTests.test_MD5SessHashA2Authc�����������������C���rR���)z�
L{calcHA2} accepts the C{'md5-sess'} algorithm and QOP of C{'auth-int'}
and returns the same value as it does for the C{'md5'} algorithm.
rE���N)rQ���r ���r���r���r����test_MD5SessHashA2AuthInt����rT���z)DigestAuthTests.test_MD5SessHashA2AuthIntc�����������������C���rH���)z�
L{calcHA2} accepts the C{'sha'} algorithm and returns a SHA hash of
its arguments, excluding the entity hash for QOP other than
C{'auth-int'}.
rI���N)rO���r���r ���r���r���r����test_SHAHashA2Auth��������z"DigestAuthTests.test_SHAHashA2Authc�����������������C���rH���)z�
L{calcHA2} accepts the C{'sha'} algorithm and returns a SHA hash of
its arguments, including the entity hash for QOP of C{'auth-int'}.
rI���N)rQ���r���r ���r���r���r����test_SHAHashA2AuthInt����rK���z%DigestAuthTests.test_SHAHashA2AuthIntc����������� ������C���sT���d}d}d}|d�|�d�|�}t�||�����}t||||ddd�}|��||��dS�)z�
L{calcResponse} accepts the C{'md5'} algorithm and returns an MD5 hash
of its parameters, excluding the nonce count, client nonce, and QoP
value if the nonce count and client nonce are L{None}
����abc123����789xyz����lmnopqr:���N�r���r<���r
���r=���) r���r>���r?���rA���rM���r@����responserC���r<���r���r���r����test_MD5HashResponse����s���z$DigestAuthTests.test_MD5HashResponsec�����������������C���rR���)z�
L{calcResponse} accepts the C{'md5-sess'} algorithm and returns an MD5
hash of its parameters, excluding the nonce count, client nonce, and
QoP value if the nonce count and client nonce are L{None}
rE���N)r^���r ���r���r���r����test_MD5SessionHashResponse��������z+DigestAuthTests.test_MD5SessionHashResponsec�����������������C���rH���)z�
L{calcResponse} accepts the C{'sha'} algorithm and returns a SHA hash
of its parameters, excluding the nonce count, client nonce, and QoP
value if the nonce count and client nonce are L{None}
rI���N)r^���r���r ���r���r���r����test_SHAHashResponse����rW���z$DigestAuthTests.test_SHAHashResponsec�����������
������C���sx���d}d}d}d}d}d}|d�|�d�|�d�|�d�|�d�|�} t�|| �����}
t|||||||�}
|��|
|
��dS�) z�
L{calcResponse} accepts the C{'md5'} algorithm and returns an MD5 hash
of its parameters, including the nonce count, client nonce, and QoP
value if they are specified.
rY���rZ���r[���s���00000004s ���abcxyz123r,���r:���Nr\���)
r���r>���r?���rA���rM���r@����
nonceCount�
clientNoncer4���r]���rC���r<���r���r���r����test_MD5HashResponseExtra����sB����������� �
��
�z)DigestAuthTests.test_MD5HashResponseExtrac�����������������C���rR���)z�
L{calcResponse} accepts the C{'md5-sess'} algorithm and returns an MD5
hash of its parameters, including the nonce count, client nonce, and
QoP value if they are specified.
rE���N)rd���r ���r���r���r���� test_MD5SessionHashResponseExtra����r`���z0DigestAuthTests.test_MD5SessionHashResponseExtrac�����������������C���rH���)z�
L{calcResponse} accepts the C{'sha'} algorithm and returns a SHA hash
of its parameters, including the nonce count, client nonce, and QoP
value if they are specified.
rI���N)rd���r���r ���r���r���r����test_SHAHashResponseExtra����rW���z)DigestAuthTests.test_SHAHashResponseExtraTc�����������������
���s����d|vr |�j�|d<�d|vr|�j|d<�d|vr|�j|d<�d|vr$|�j|d<�d|vr-|�j|d<�d|vr6|�j|d<�|r;d��nd��d ���fd
d
�|���D���S�)
a���
Format all given keyword arguments and their values suitably for use as
the value of an HTTP header.
@types quotes: C{bool}
@param quotes: A flag indicating whether to quote the values of each
field in the response.
@param **kw: Keywords and C{bytes} values which will be treated as field
name/value pairs to include in the result.
@rtype: C{bytes}
@return: The given fields formatted for use as an HTTP header value.
r/���r1���r2���r4���r3���r5�������"�����s���, c�������������� ������s0���g�|�]\}}|d�urd��t|�d��|��f��qS�)Nrh�������=)r;���r
���)�.0�k�v��quoter���r����
<listcomp>��s
�����z2DigestAuthTests.formatResponse.<locals>.<listcomp>)r/���r1���r2���r4���r3���r5���r;����items)r����quotes�kwr���rm���r����formatResponse����s(���
��z
DigestAuthTests.formatResponsec����������� ������C���sh���|��d�}|��d����}|��d�}t||�j|�j|�j||�j�}t|d|�j|d�}t ||||||�j|�}|S�)z@
Calculate the response for the given challenge
r@���r2���r4���r.���N)
�get�lowerr���r/���r1���r0���r3���r ���r5���r
���) r���� challenge�ncountr@����algor4���rF����ha2rC���r���r���r����getDigestResponse ��s���
�z!DigestAuthTests.getDigestResponsec�����������������C���sz���|�j��|�jj�}d}|�j||d�|��||�||d�d�}|�j��||�j|�jj�}|��|� |�j
���|��
|� |�j
d����dS�)z�
L{DigestCredentialFactory.decode} accepts a digest challenge response
and parses it into an L{IUsernameHashedPassword} provider.
����00000001r@����opaque)rq���r@���r]����ncr|�������wrongN�
r8����
getChallenger6����hostrs���rz����decoder7����
assertTrue�
checkPasswordr0����
assertFalse)r���rq���rv���r}����clientResponse�credsr���r���r����
test_response.��s
���
�
�z
DigestAuthTests.test_responsec�����������������C���rR���)a ��
L{DigestCredentialFactory.decode} accepts a digest challenge response
which does not quote the values of its fields and parses it into an
L{IUsernameHashedPassword} provider in the same way it would a
response which included quoted field values.
FN)r����r ���r���r���r����test_responseWithoutQuotesC��s���z*DigestAuthTests.test_responseWithoutQuotesc�����������������C���s���d|�_�|��d��dS�)z�
L{DigestCredentialFactory.decode} accepts a digest challenge response
which quotes the values of its fields and includes a C{b","} in the URI
field.
s
���/some,path/TN)r5���r����r ���r���r���r����test_responseWithCommaURIL��s���z)DigestAuthTests.test_responseWithCommaURIc�����������������C���s���d|�_�|�����dS�)zs
The case of the algorithm value in the response is ignored when
checking the credentials.
s���MD5N�r2���r����r ���r���r���r����
test_caseInsensitiveAlgorithmU��s���
z-DigestAuthTests.test_caseInsensitiveAlgorithmc�����������������C���s���d|�_�|�����dS�)zV
The algorithm defaults to MD5 if it is not supplied in the response.
Nr����r ���r���r���r����test_md5DefaultAlgorithm]��s���
z(DigestAuthTests.test_md5DefaultAlgorithmc�����������������C���sp���|�j��d�}d}|�j|d�|��||�||d�d�}|�j��||�jd�}|��|�|�j���|�� |�|�jd����dS�)z�
L{DigestCredentialFactory.decode} accepts a digest challenge response
even if the client address it is passed is L{None}.
Nr{���r@���r|����r@���r]���r}���r|���r~���)
r8���r����rs���rz���r����r7���r����r����r0���r�����r���rv���r}���r����r����r���r���r����
test_responseWithoutClientIPd��s���
�z,DigestAuthTests.test_responseWithoutClientIPc�����������������C���s����|�j��|�jj�}d}|�j|d�|��||�||d�d�}|�j��||�j|�jj�}|��|� |�j
���|��
|� |�j
d����d}|�j|d�|��||�||d�d�}|�j��||�j|�jj�}|��|� |�j
���|��
|� |�j
d����dS�)zm
L{DigestCredentialFactory.decode} handles multiple responses to a
single challenge.
r{���r@���r|���r����r~���s���00000002Nr���r����r���r���r����test_multiResponsev��s2���
�
�
�
�z"DigestAuthTests.test_multiResponsec�����������������C���sv���|�j��|�jj�}d}|�j|d�|��||�||d�d�}|�j��|d|�jj�}|��|�|�j ���|��|�|�j d����dS�)a&��
L{DigestCredentialFactory.decode} returns an L{IUsernameHashedPassword}
provider which rejects a correct password for the given user if the
challenge response request is made using a different HTTP method than
was used to request the initial challenge.
r{���r@���r|���r����s���POSTr~���N)
r8���r����r6���r����rs���rz���r����r����r����r0���r����r���r���r����
test_failsWithDifferentMethod���s���
�
�z-DigestAuthTests.test_failsWithDifferentMethodc�����������������C���sl���|���t|�jj|�jdd�|�j|�jj�}|��t |�d��|���t|�jj|�jdd�|�j|�jj�}|��t |�d��dS�)z�
L{DigestCredentialFactory.decode} raises L{LoginFailed} if the response
has no username field or if the username field is empty.
N)r/���z$Invalid response, no username given.rh����
�
assertRaisesr
���r8���r����rs���r7���r6���r����r=����str�r����er���r���r����test_noUsername���s ���
�
�z DigestAuthTests.test_noUsernamec�����������������C���s8���|���t|�jj|�jdd�|�j|�jj�}|��t |�d��dS�)zo
L{DigestCredentialFactory.decode} raises L{LoginFailed} if the response
has no nonce.
rY���)r|���z!Invalid response, no nonce given.Nr����r����r���r���r����
test_noNonce���s���
�z
DigestAuthTests.test_noNoncec�����������������C���s4���|���t|�jj|����|�j|�jj�}|��t |�d��dS�)zp
L{DigestCredentialFactory.decode} raises L{LoginFailed} if the response
has no opaque.
z"Invalid response, no opaque given.Nr����r����r���r���r����
test_noOpaque���s����z
DigestAuthTests.test_noOpaquec�����������������C���s����|�j��|�jj�}d}|�j|d�|��||�||d�d�}|�j��||�j|�jj�}|��t t
|���|�j
d�|�j
�d�|�j
�}t|�}|��|�t|�������|�d��|��|�t|�������dS�)z�
L{DigestCredentialFactory.decode} returns an L{IUsernameDigestHash}
provider which can verify a hash of the form 'username:realm:password'.
r{���r@���r|���r����r:���r~���N)r8���r����r6���r����rs���rz���r����r7���r����r���r���r/���r1���r0���r���� checkHashr���r<����updater����)r���rv���r}���r����r����� cleartext�hashr���r���r����test_checkHash���s"���
�
�
z
DigestAuthTests.test_checkHashc�����������������C���s���t�|�j|�j�}|�|�jj�}|��t|jd|d�|�jj�}|�� t
|�d��dt
d��}|��t|j||d�|�jj�}|�� t
|�d��|��t|jd|d�|�jj�}|�� t
|�d��dt
d�
|d�t
|�jj�df���}|��t|j||d�|�jj�}|�� t
|�d ��d
S�)
z�
L{DigestCredentialFactory.decode} raises L{LoginFailed} when the opaque
value does not contain all the required parts.
s ���badOpaquer@���z&Invalid response, invalid opaque values���foo-s���nonce,clientiprh�������,r*���z,Invalid response, invalid opaque/time valuesN)r���r2���r1���r����r6���r����r����r
����
_verifyOpaquer=���r����r���r;���r
���)r���r8���rv����exc� badOpaquer���r���r����test_invalidOpaque���sP����
�����z"DigestAuthTests.test_invalidOpaquec�����������������C���s����t�|�j|�j�}|�|�jj�}|�d|�jj�}|��t|j ||d�|�jj�}|��
t
|�d��|��t|j |d|�jj�}|��
t
|�d��dS�)z�
L{DigestCredentialFactory.decode} raises L{LoginFailed} when the given
nonce from the response does not match the nonce encoded in the opaque.
s
���1234567890r@���z2Invalid response, incompatible opaque/nonce valuesrh���N)
r���r2���r1���r����r6���r�����_generateOpaquer����r
���r����r=���r����)r���r8���rv����badNonceOpaquer����r���r���r����test_incompatibleNonce1��s*������z&DigestAuthTests.test_incompatibleNoncec�����������������C���s`���t�|�j|�j�}|�|�jj�}d}|��|�jj|��|�|d�|�}|��t |j
||d�|�jj��dS�)z�
L{DigestCredentialFactory.decode} raises L{LoginFailed} when the
request comes from a client IP other than what is encoded in the
opaque.
z10.0.0.1r@���N)
r���r2���r1���r����r6���r�����assertNotEqualr����r����r
���r����)r���r8���rv����
badAddressr����r���r���r����test_incompatibleClientIPO��s
�����z)DigestAuthTests.test_incompatibleClientIPc�����������������C���s����t�|�j|�j�}|�|�jj�}d�|d�t|�jj�df�}tt ||j
���
���}t
|�}d�||�
d�f�}|��t|j||d�|�jj��dS�)z�
L{DigestCredentialFactory.decode} raises L{LoginFailed} when the given
opaque is older than C{DigestCredentialFactory.CHALLENGE_LIFETIME_SECS}
r����r@���s
���-137876876����-����
N)r���r2���r1���r����r6���r����r;���r
���r���r���r���r<���r���r���r����r
���r����)r���r8���rv����keyr<����ekey�oldNonceOpaquer���r���r����
test_oldNonceh��s
�����z
DigestAuthTests.test_oldNoncec�����������������C���s~���t�|�j|�j�}|�|�jj�}d�|d�t|�jj�df�}tt |d���
���}d�|t
|�f�}|��
t
|j||d�|�jj��dS�)z~
L{DigestCredentialFactory.decode} raises L{LoginFailed} when the opaque
checksum fails verification.
r����r@���r���s���this is not the right pkeyr����N)r���r2���r1���r����r6���r����r;���r
���r���r���r<���r���r����r
���r����)r���r8���rv���r����r<����
badChecksumr���r���r����
test_mismatchedOpaqueChecksum���s
�����z-DigestAuthTests.test_mismatchedOpaqueChecksumc��������������
���C���s6���d}|D�]\}}}}|�j�ttd|||dd|d� �qdS�)z�
L{calcHA1} raises L{TypeError} when any of the pszUsername, pszRealm,
or pszPassword arguments are specified with the preHA1 keyword
argument.
))s���user����realm����password����preHA1)Nr����Nr����)NNr����r����r+���s���nonces���cnonce)�preHA1N)r����� TypeErrorr���)r���� arguments�
pszUsername�pszRealm�
pszPasswordr����r���r���r���� test_incompatibleCalcHA1Options���s
�����z/DigestAuthTests.test_incompatibleCalcHA1Optionsc�����������������C���s
���|�j��dd�}|��d|��dS�)z�
L{DigestCredentialFactory._generateOpaque} returns a value without
newlines, regardless of the length of the nonce.
sn���long nonce long nonce long nonce long nonce long nonce long nonce long nonce long nonce long nonce long nonce Nr����)r8���r�����
assertNotIn)r���r|���r���r���r����test_noNewlineOpaque���s���z$DigestAuthTests.test_noNewlineOpaqueN)T)*r$���r%���r&���r'���r9���r���rD���rG���rJ���rO���rQ���rS���rU���rV���rX���r^���r_���ra���rd���re���rf���rs���rz���r����r����r����r����r����r����r����r����r����r����r����r����r����r����r����r����r����r����r����r���r���r���r���r)���8���sN����
!
(
#3
r)���)r'���r����binasciir����hashlibr���r����zope.interface.verifyr����twisted.cred.credentialsr���r���r���r ���r
����twisted.cred.errorr
����twisted.internet.addressr
����twisted.python.compatr
����twisted.trial.unittestr���r���r���r)���r���r���r���r����<module>���s���