Mini Shell

# Copyright (c) Twisted Matrix Laboratories.
# See LICENSE for details.

"""
Tests for L{twisted.words.protocols.jabber.sasl_mechanisms}.
"""


from twisted.python.compat import networkString
from twisted.trial import unittest
from twisted.words.protocols.jabber import sasl_mechanisms


class PlainTests(unittest.TestCase):
    """
    Tests for L{twisted.words.protocols.jabber.sasl_mechanisms.Plain}.
    """

    def test_getInitialResponse(self):
        """
        Test the initial response.
        """
        m = sasl_mechanisms.Plain(None, "test", "secret")
        self.assertEqual(m.getInitialResponse(), b"\x00test\x00secret")


class AnonymousTests(unittest.TestCase):
    """
    Tests for L{twisted.words.protocols.jabber.sasl_mechanisms.Anonymous}.
    """

    def test_getInitialResponse(self):
        """
        Test the initial response to be empty.
        """
        m = sasl_mechanisms.Anonymous()
        self.assertEqual(m.getInitialResponse(), None)


class DigestMD5Tests(unittest.TestCase):
    """
    Tests for L{twisted.words.protocols.jabber.sasl_mechanisms.DigestMD5}.
    """

    def setUp(self):
        self.mechanism = sasl_mechanisms.DigestMD5(
            "xmpp", "example.org", None, "test", "secret"
        )

    def test_getInitialResponse(self):
        """
        Test that no initial response is generated.
        """
        self.assertIdentical(self.mechanism.getInitialResponse(), None)

    def test_getResponse(self):
        """
        The response to a Digest-MD5 challenge includes the parameters from the
        challenge.
        """
        challenge = (
            b'realm="localhost",nonce="1234",qop="auth",charset=utf-8,'
            b"algorithm=md5-sess"
        )
        directives = self.mechanism._parse(self.mechanism.getResponse(challenge))
        del directives[b"cnonce"], directives[b"response"]
        self.assertEqual(
            {
                b"username": b"test",
                b"nonce": b"1234",
                b"nc": b"00000001",
                b"qop": [b"auth"],
                b"charset": b"utf-8",
                b"realm": b"localhost",
                b"digest-uri": b"xmpp/example.org",
            },
            directives,
        )

    def test_getResponseNonAsciiRealm(self):
        """
        Bytes outside the ASCII range in the challenge are nevertheless
        included in the response.
        """
        challenge = (
            b'realm="\xc3\xa9chec.example.org",nonce="1234",'
            b'qop="auth",charset=utf-8,algorithm=md5-sess'
        )
        directives = self.mechanism._parse(self.mechanism.getResponse(challenge))
        del directives[b"cnonce"], directives[b"response"]
        self.assertEqual(
            {
                b"username": b"test",
                b"nonce": b"1234",
                b"nc": b"00000001",
                b"qop": [b"auth"],
                b"charset": b"utf-8",
                b"realm": b"\xc3\xa9chec.example.org",
                b"digest-uri": b"xmpp/example.org",
            },
            directives,
        )

    def test_getResponseNoRealm(self):
        """
        The response to a challenge without a realm uses the host part of the
        JID as the realm.
        """
        challenge = b'nonce="1234",qop="auth",charset=utf-8,algorithm=md5-sess'
        directives = self.mechanism._parse(self.mechanism.getResponse(challenge))
        self.assertEqual(directives[b"realm"], b"example.org")

    def test_getResponseNoRealmIDN(self):
        """
        If the challenge does not include a realm and the host part of the JID
        includes bytes outside of the ASCII range, the response still includes
        the host part of the JID as the realm.
        """
        self.mechanism = sasl_mechanisms.DigestMD5(
            "xmpp", "\u00e9chec.example.org", None, "test", "secret"
        )
        challenge = b'nonce="1234",qop="auth",charset=utf-8,algorithm=md5-sess'
        directives = self.mechanism._parse(self.mechanism.getResponse(challenge))
        self.assertEqual(directives[b"realm"], b"\xc3\xa9chec.example.org")

    def test_getResponseRspauth(self):
        """
        If the challenge just has a rspauth directive, the response is empty.
        """
        challenge = b"rspauth=cnNwYXV0aD1lYTQwZjYwMzM1YzQyN2I1NTI3Yjg0ZGJhYmNkZmZmZA=="
        response = self.mechanism.getResponse(challenge)
        self.assertEqual(b"", response)

    def test_calculateResponse(self):
        """
        The response to a Digest-MD5 challenge is computed according to RFC
        2831.
        """
        charset = "utf-8"
        nonce = b"OA6MG9tEQGm2hh"
        nc = networkString(f"{1:08x}")
        cnonce = b"OA6MHXh6VqTrRk"

        username = "\u0418chris"
        password = "\u0418secret"
        host = "\u0418elwood.innosoft.com"
        digestURI = "imap/\u0418elwood.innosoft.com".encode(charset)

        mechanism = sasl_mechanisms.DigestMD5(b"imap", host, None, username, password)
        response = mechanism._calculateResponse(
            cnonce,
            nc,
            nonce,
            username.encode(charset),
            password.encode(charset),
            host.encode(charset),
            digestURI,
        )
        self.assertEqual(response, b"7928f233258be88392424d094453c5e3")

    def test_parse(self):
        """
        A challenge can be parsed into a L{dict} with L{bytes} or L{list}
        values.
        """
        challenge = (
            b'nonce="1234",qop="auth,auth-conf",charset=utf-8,'
            b'algorithm=md5-sess,cipher="des,3des"'
        )
        directives = self.mechanism._parse(challenge)
        self.assertEqual(
            {
                b"algorithm": b"md5-sess",
                b"nonce": b"1234",
                b"charset": b"utf-8",
                b"qop": [b"auth", b"auth-conf"],
                b"cipher": [b"des", b"3des"],
            },
            directives,
        )