projects / osm / SO.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
update from RIFT as of 696b75d2fe9fb046261b08c616f1bcf6c0b54a9b second try
[osm/SO.git] / rwlaunchpad / ra / pytest / ns / restapitest / utils / tbac_token_utils.py
1 #!/usr/bin/env python3
2 """
3 #
4 # Copyright 2017 RIFT.IO Inc
5 #
6 # Licensed under the Apache License, Version 2.0 (the "License");
7 # you may not use this file except in compliance with the License.
8 # You may obtain a copy of the License at
9 #
10 # http://www.apache.org/licenses/LICENSE-2.0
11 #
12 # Unless required by applicable law or agreed to in writing, software
13 # distributed under the License is distributed on an "AS IS" BASIS,
14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 # See the License for the specific language governing permissions and
16 # limitations under the License.
17 #
18 """
19 # RIFT_IO_STANDARD_COPYRIGHT_HEADER(BEGIN)
20 # Author(s): Balaji Rajappa, Vishnu Narayanan K.A
21 # Creation Date: 2017-07-07
22 # RIFT_IO_STANDARD_COPYRIGHT_HEADER(END)
23
24 import gi
25 import json
26 import urllib.parse
27
28 import rift.auto.mano
29 import pytest
30 import tornado.httpclient
31 import time
32 import Cryptodome.PublicKey.RSA as RSA
33
34 import oic.utils.jwt as oic_jwt
35 import oic.utils.keyio as keyio
36 from jwkest.jwk import RSAKey
37 from rift.rwlib.util import certs
38 gi.require_version('RwOpenidcProviderYang', '1.0')
39 gi.require_version('RwRbacInternalYang', '1.0')
40 gi.require_version('RwProjectNsdYang', '1.0')
41 gi.require_version('RwProjectYang', '1.0')
42 gi.require_version('RwKeyspec', '1.0')
43 gi.require_version('RwConmanYang', '1.0')
44 from gi.repository import ( # noqa
45 RwOpenidcProviderYang,
46 RwProjectNsdYang,
47 RwProjectYang,
48 RwRbacInternalYang,
49 RwConmanYang,
50 )
51 from gi.repository.RwKeyspec import quoted_key # noqa
52
53
54 @pytest.fixture(scope='session')
55 def rbac_user_passwd():
56 """A common password being used for all rbac users."""
57 return 'mypasswd'
58
59
60 @pytest.fixture(scope='session')
61 def user_domain(tbac):
62 """user-domain being used in this rbac test."""
63 if tbac:
64 return 'tbacdomain'
65 return 'system'
66
67
68 PRIVATE_KEY = """-----BEGIN RSA PRIVATE KEY-----
69 MIIEpAIBAAKCAQEAs9bRFjWofNeWq2qtsvH9iDZXXbv5NQI6avK1hSt+0W0g3SXW
70 hllNenZAhFpXHzZvJk2qEoNIRXIeonX4N62FBLD7ZoWHQDGahkyfhxML4jYA3KUa
71 PWGeUvMlRPkoR4NjHA3zXQvD2FwTtcKCulGYQHRAAyATIcNq0kKZMuMAJxC5A7VD
72 vQVb7vOaN01YxJt+L6KF0v4ZiYdse5yBI/X58i2gnLqy102Oqj2qZygazj5LLdTE
73 sjgsiC9ln6kesbRayXiqi+RnF+BeKKlwGCuUpH+vFGxXmT6Kr4iEiGIHxAs/HZOS
74 9m61z1eHjrce654mpqwbeqhsyQZswyab2IpERwIDAQABAoIBABrnK+gypr3mUnfa
75 QZnfcZoK5w7yq9kuOCb/oAAH/bS+qofqvSjj+x8yyXwDN71Hm2EThTm3wfwBkmuj
76 UjqiDqAhCbrQhucnhIJKvCKsyr5QbdiUKlS8Yb7u+MhUrZ3lHdJ4k8t7kxSu0ZQD
77 QSM2SZx6x4iwJ6yJW1WQ+PIP21n8ejraQ9PzqpuUsNXh05DU8qN/nJHe311D5ZuB
78 UnSHdfGaF+EBbNxPLzV028db+L9m3a+h87uZhyqwRlUXP+swlToVNvF74bs+mflz
79 r5JN6CwRM3VamnwmcnE77D/zyCsP1Js9LgoxhzhdcUwIOYVWRzUUVRCsrtYOSGF7
80 WBzC3WECgYEA0hGtnBw5rryubv0kWDjZoVGvuwDo7BOW1JFXZYJwvweEj7EjWFTY
81 bVk+MYs1huG+0NpNuhw6IYmDPIEkoLVNGuTHBMnA+SzQx/xv719b1OmY0Wl8ikYd
82 Xlmhxr7mjAJX4eqkVTrBGtsi6TCLdk3HnUdpXJQ0k2aUN6hNFJfsmhUCgYEA2ykP
83 hdVzP1ZtXsHEfHSOfRPIzX9gCLETghntAf44MCF+hHZeEVnuTSrfeqELvy5qCarA
84 FgjZ77p7q6R7YP2KBQUc/gzZStjGIOCPv9xI8otXrmQRVXOxWNafeDp+TOPa2o9S
85 2bBovNmN4Kc+ayktATCVuabMbuGiMIPuRY1pR+sCgYEAmdJSEw7j+hy1ihYZJ/Sw
86 /5xmFoQLCtspRgwLOAx07Jzfp6xpGkQ+mouPrA2oq1TgOeSwp8gFlQsxqvtRy9AW
87 XswJI2tsv8jeNKKXgGuOPfCzcxxQEpxW4wC1ImglP35zxbzginxUbIrsHF7ssDsy
88 IOvqrdzkRs8FV2AI2TyKByUCgYEAuhdDdwCnu0BH3g3qKUNPOiVyfAuMH9U8G1yo
89 Quj6DORj6VYYyeLy1dNxr07QCqX+o/a44/zgEQ7ns/cWTGT8rQaKd62xVDx8/62u
90 YdtKlah76zhM/6IdFLIo9o20cNWJH8xTLUT9ql2QexGHjraH4FrAx8M6E2zDqy5b
91 Q/OvUcECgYAjt8XosvUiRpZ1ugMxwAx316IIEgs2u7k4xdQESnVhIOM3Ex5ikXkK
92 I0Hu/2XPH3KO6+6BOhtdZ4qXLf4hikbIisgq3P87Fb2rUElYZjVm3vClYhEzx6ym
93 bSWO/cZTpp9L14qMuWzb13pD20GExPOIBh1m0exvoL3M8JhLShutWw==
94 -----END RSA PRIVATE KEY-----"""
95
96 PUBLIC_KEY = """-----BEGIN PUBLIC KEY-----
97 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9bRFjWofNeWq2qtsvH9
98 iDZXXbv5NQI6avK1hSt+0W0g3SXWhllNenZAhFpXHzZvJk2qEoNIRXIeonX4N62F
99 BLD7ZoWHQDGahkyfhxML4jYA3KUaPWGeUvMlRPkoR4NjHA3zXQvD2FwTtcKCulGY
100 QHRAAyATIcNq0kKZMuMAJxC5A7VDvQVb7vOaN01YxJt+L6KF0v4ZiYdse5yBI/X5
101 8i2gnLqy102Oqj2qZygazj5LLdTEsjgsiC9ln6kesbRayXiqi+RnF+BeKKlwGCuU
102 pH+vFGxXmT6Kr4iEiGIHxAs/HZOS9m61z1eHjrce654mpqwbeqhsyQZswyab2IpE
103 RwIDAQAB
104 -----END PUBLIC KEY-----"""
105
106 WRONG_PRIVATE_KEY = """-----BEGIN RSA PRIVATE KEY-----
107 MIIEogIBAAKCAQEA230Ic8gqYGrIYPffrgvS9ezrI94+TMwIX0A3nyi6nRBOAzuV
108 OMP0L4OegDLnAkyUC4ZiH6B9uAJ1mbp4WsX0Q2a3FuGzscCfriV0JKRd4256Mj60
109 bGq7xLqR/d62IzLrQ2eJCQe2IspwUIeAW301igwoPIGTfZurQ6drXBcbRVo7adry
110 V3+TGsfQVge95IyVAPm4A7kcJsdQu9HsD7Hp9LIM35B3oHCOF7hHP/MEEAz84Q6q
111 lpWxdTzSnIxDXWxS2BqPInKOIL5egpn69AfJKLj+QPpQymULx3FCeNKeHmSICHtP
112 r0uTckEek0kfFT2W6hIU1w1f+Pkddhc1fY45VQIDAQABAoIBABvOsHZywqOqg659
113 WPJk/xo3JOdLbdsu8lSW/zUD5PinKysPrm0drl8irr8RM+E/sHXxVZcqLyNT9HBA
114 hqUBdVvgtIuKlsiLXe+jQR6vUFHTGlopRZSCxT08YeinAa5d8h59DIh/WJz5xtb9
115 A88Tguf1eFeKFxSP11ff6yMkrkjP1KmvNRoTAC0MU3p/N6UT03roR9v6n4qGPF6p
116 /fy6uhLWSJVl7IGFL18DEODid64ShK37VytnvLAMQp8OzL87OdoUW6qrA+z4FP59
117 XSpXULxn6ayJG3VChT+Y+nb23rC6gzCYYb3qkSwep2xNqfblP8jL2k/NSlbshdiz
118 j3BfK8ECgYEA6D7SMCXZ2hBYu8EBoGRmMLdtM+spps61JOAhgy2i9aNQ/YlKfuS9
119 kvNFqT1DEpQsjcRmZIEVb5uJQJYUDx6zj4eUSzkISvziz43dg4RKpC/ktprp9RQ1
120 8sAQD4n5Xy2chdTQHKfGl4oF5b16wpi0eE97XptDOlLgPhk167woUQUCgYEA8fAt
121 8uZxw0aKkQbF+tYItsWQQP87dJGUeLna4F3T6q5L5WJYCtFqILiFfWwfcjEaOKWV
122 JzKr0f9pLrRxXYdFUxNolOhA1hZCqZu2ZzpSlfsPWhp2WflGi6DqzSByhgVuwHbV
123 pRl0TRE2dQVgpuXxxiURREHoHJPZRc+3sOwU+BECgYAZJXQssmx8J/jzm1pJu5U1
124 ASdZz8Sawxbp/zqhsXdLkXtbeFoQk0PTfXO1d2Sjxldsoi9UAoYHp5ec3qMdX/2h
125 NNThsDMtq2QDhSDO9KwASw9AllVuq9mLhzA1/oJ5w76G3xwJfkEKd29cCMAaAd7I
126 iBKbk8QbtI2DK8ei1qSm4QKBgAPHvPAOqbhjYcbiVDWXIou4ioh5dHRd0fQQ81qO
127 HMGN96Gd58JDg2T/fRZ4mgUuvzojXDFAmW6ujvYr25mag3rI0tmAx4KQ1nnP9Qmn
128 36J4ScUepLrDKlcELKcH2sI9U32uXag2vZp2qmMpsljpPt3ZtmtanEXWCY8Nr9ET
129 30ABAoGAQ63wGwq1LPS6t/zU6CwOlIzGNnHDquO7o1o/h8IPt3BN6yF0NEVItjdi
130 fL2ZwmBCUbO6Y/Jb1kh4a0iohWF33nS3J4Q6wSQUfBMG5jDI7GfuKAgTQl+sMkOM
131 xjyKrWs/y7HtiP/2vf83QVEL8Bxr3WXdXHj1EBHFEMWA576J6mk=
132 -----END RSA PRIVATE KEY-----"""
133
134 roles = (
135 'rw-rbac-platform:super-admin', 'rw-project:project-admin',
136 'rw-project-mano:catalog-admin', 'rw-project:project-oper'
137 )
138
139
140 class Jwt:
141 """Jwt."""
142
143 def __init__(
144 self, private_key=None, public_key=None,
145 iss=None, sub=None, aud=None):
146 """__init___."""
147 self.iss = iss
148 self.sub = sub
149 self.aud = aud
150 self.keyjar = keyio.KeyJar()
151 if private_key:
152 self._add_key_to_keyjar(private_key)
153 if public_key:
154 self._add_key_to_keyjar(public_key, owner=self.iss)
155
156 def _add_key_to_keyjar(self, pkey, owner=''):
157 kb = keyio.KeyBundle()
158 priv_key = RSA.importKey(pkey)
159 key = RSAKey().load_key(priv_key)
160 key.use = "sig"
161 kb.append(key)
162 self.keyjar.add_kb(owner, kb)
163
164 def sign_jwt(self):
165 """sign_jwt."""
166 jwt = oic_jwt.JWT(self.keyjar, iss=self.iss)
167 jws = jwt.pack(sub=self.sub, aud=self.aud)
168 return jws
169
170 def verify(self, jws):
171 """verify."""
172 jwt = oic_jwt.JWT(self.keyjar)
173 return jwt.unpack(jws)
174
175 TOKEN_URL = "https://localhost:8009/token"
176 REVOKE_URL = "https://localhost:8009/revoke"
177 REST_GET_LOG_CONFIG = "https://localhost:8008/api/running/logging"
178
179
180 class State:
181 """State."""
182
183 def __init__(self):
184 """__init___."""
185 self.access_token = None
186 _, self.cert, _ = certs.get_bootstrap_cert_and_key()
187
188 def teardown(self):
189 """teardown."""
190 print("\n=== Done with Tests ===")
191
192
193 @pytest.fixture(scope="session")
194 def state():
195 """state."""
196 st = State()
197 yield st
198 st.teardown()