thomas
/
sovereign
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
188 Commits
1 Branch
Tree: 40d0900557
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '40d0900557'
${ noResults }
sovereign/tests.py

tests.py 9.9KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317 
  1. import unittest

  2. from time import sleep

  3. import uuid

  4. import socket

  5. import requests

  6. import os

  7. 

  8. TEST_SERVER = 'sovereign.local'

  9. TEST_ADDRESS = 'sovereign@sovereign.local'

  10. TEST_PASSWORD = 'foo'

  11. CA_BUNDLE = 'roles/common/files/wildcard_ca.pem'

  12. 

  13. 

  14. socket.setdefaulttimeout(5)

  15. os.environ['REQUESTS_CA_BUNDLE'] = CA_BUNDLE

  16. 

  17. 

  18. class SSHTests(unittest.TestCase):

  19.     def test_ssh_banner(self):

  20.         """SSH is responding with its banner"""

  21.         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

  22.         s.connect((TEST_SERVER, 22))

  23.         data = s.recv(1024)

  24.         s.close()

  25. 

  26.         self.assertRegexpMatches(data, '^SSH-2.0-OpenSSH')

  27. 

  28. 

  29. class WebTests(unittest.TestCase):

  30.     def test_blog_http(self):

  31.         """Blog is redirecting to https"""

  32.         # FIXME: requests won't verify sovereign.local with *.sovereign.local cert

  33.         r = requests.get('http://' + TEST_SERVER, verify=False)

  34. 

  35.         # We should be redirected to https

  36.         self.assertEquals(r.history[0].status_code, 301)

  37.         self.assertEquals(r.url, 'https://' + TEST_SERVER + '/')

  38. 

  39.         # 403 - Since there is no documents in the blog directory

  40.         self.assertEquals(r.status_code, 403)

  41. 

  42.     def test_webmail_http(self):

  43.         """Webmail is redirecting to https and displaying login page"""

  44.         r = requests.get('http://mail.' + TEST_SERVER)

  45. 

  46.         # We should be redirected to https

  47.         self.assertEquals(r.history[0].status_code, 301)

  48.         self.assertEquals(r.url, 'https://mail.' + TEST_SERVER + '/')

  49. 

  50.         # 200 - We should be at the login page

  51.         self.assertEquals(r.status_code, 200)

  52.         self.assertIn(

  53.             'Welcome to Roundcube Webmail',

  54.             r.content

  55.         )

  56. 

  57.     def test_owncloud_http(self):

  58.         """ownCloud is redirecting to https and displaying login page"""

  59.         r = requests.get('http://cloud.' + TEST_SERVER)

  60. 

  61.         # We should be redirected to https

  62.         self.assertEquals(r.history[0].status_code, 301)

  63.         self.assertEquals(r.url, 'https://cloud.' + TEST_SERVER + '/')

  64. 

  65.         # 200 - We should be at the login page

  66.         self.assertEquals(r.status_code, 200)

  67.         self.assertIn(

  68.             'ownCloud',

  69.             r.content

  70.         )

  71. 

  72.     def test_selfoss_http(self):

  73.         """selfoss is redirecting to https and displaying login page"""

  74.         r = requests.get('http://news.' + TEST_SERVER)

  75. 

  76.         # We should be redirected to https

  77.         self.assertEquals(r.history[0].status_code, 301)

  78.         self.assertEquals(r.url, 'https://news.' + TEST_SERVER + '/')

  79. 

  80.         # 200 - We should be at the login page

  81.         self.assertEquals(r.status_code, 200)

  82.         self.assertIn(

  83.             'selfoss',

  84.             r.content

  85.         )

  86.         self.assertIn(

  87.             'login',

  88.             r.content

  89.         )

  90. 

  91.     def test_znc_http(self):

  92.         """ZNC web interface is displaying login page"""

  93.         # FIXME: requests won't verify sovereign.local with *.sovereign.local cert

  94.         r = requests.get('https://' + TEST_SERVER + ':6697', verify=False)

  95.         self.assertEquals(r.status_code, 200)

  96.         self.assertIn(

  97.             "Welcome to ZNC's web interface!",

  98.             r.content

  99.         )

  100. 

  101. 

  102. class IRCTests(unittest.TestCase):

  103.     def test_irc_auth(self):

  104.         """ZNC is accepting encrypted logins"""

  105.         import ssl

  106.         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

  107.         ssl_sock = ssl.wrap_socket(s, ca_certs=CA_BUNDLE, cert_reqs=ssl.CERT_REQUIRED)

  108.         ssl_sock.connect((TEST_SERVER, 6697))

  109. 

  110.         # Check the encryption parameters

  111.         cipher, version, bits = ssl_sock.cipher()

  112.         self.assertEquals(cipher, 'AES256-SHA')

  113.         self.assertEquals(version, 'TLSv1/SSLv3')

  114.         self.assertEquals(bits, 256)

  115. 

  116.         # Login

  117.         ssl_sock.send('CAP REQ sasl multi-prefix\r\n')

  118.         ssl_sock.send('PASS foo\r\n')

  119.         ssl_sock.send('NICK sovereign\r\n')

  120.         ssl_sock.send('USER sovereign 0 * Sov\r\n')

  121. 

  122.         # Read until we see the ZNC banner (or timeout)

  123.         while 1:

  124.             r = ssl_sock.recv(1024)

  125.             if 'Connected to ZNC' in r:

  126.                 break

  127. 

  128. 

  129. def new_message(from_email, to_email):

  130.     """Creates an email (headers & body) with a random subject"""

  131.     from email.mime.text import MIMEText

  132.     msg = MIMEText('Testing')

  133.     msg['Subject'] = uuid.uuid4().hex[:8]

  134.     msg['From'] = from_email

  135.     msg['To'] = to_email

  136.     return msg.as_string(), msg['subject']

  137. 

  138. 

  139. class MailTests(unittest.TestCase):

  140.     def assertEmailReceived(self, subject):

  141.         """Connects with IMAP and asserts the existance of an email, then deletes it"""

  142.         import imaplib

  143. 

  144.         sleep(1)

  145. 

  146.         # Login to IMAP

  147.         m = imaplib.IMAP4_SSL(TEST_SERVER, 993)

  148.         m.login(TEST_ADDRESS, TEST_PASSWORD)

  149.         m.select()

  150. 

  151.         # Assert the message exist

  152.         typ, data = m.search(None, '(SUBJECT \"{}\")'.format(subject))

  153.         self.assertTrue(len(data[0].split()), 1)

  154. 

  155.         # Delete it & logout

  156.         m.store(data[0].strip(), '+FLAGS', '\\Deleted')

  157.         m.expunge()

  158.         m.close()

  159.         m.logout()

  160. 

  161.     def test_imap_requires_ssl(self):

  162.         """IMAP without SSL is NOT available"""

  163.         import imaplib

  164. 

  165.         with self.assertRaisesRegexp(socket.timeout, 'timed out'):

  166.             imaplib.IMAP4(TEST_SERVER, 143)

  167. 

  168.     def test_smtps(self):

  169.         """Email sent from an MUA via SMTPS is delivered"""

  170.         import smtplib

  171.         msg, subject = new_message(TEST_ADDRESS, 'root@sovereign.local')

  172.         s = smtplib.SMTP_SSL(TEST_SERVER, 465)

  173.         s.login(TEST_ADDRESS, TEST_PASSWORD)

  174.         s.sendmail(TEST_ADDRESS, ['root@sovereign.local'], msg)

  175.         s.quit()

  176.         self.assertEmailReceived(subject)

  177. 

  178.     def test_smtps_requires_auth(self):

  179.         """SMTPS with no authentication is rejected"""

  180.         import smtplib

  181.         s = smtplib.SMTP_SSL(TEST_SERVER, 465)

  182. 

  183.         with self.assertRaisesRegexp(smtplib.SMTPRecipientsRefused, 'Access denied'):

  184.             s.sendmail(TEST_ADDRESS, ['root@sovereign.local'], 'Test')

  185. 

  186.         s.quit()

  187. 

  188.     def test_smtp(self):

  189.         """Email sent from an MTA is delivered"""

  190.         import smtplib

  191.         msg, subject = new_message('someone@example.com', TEST_ADDRESS)

  192.         s = smtplib.SMTP(TEST_SERVER, 25)

  193.         s.sendmail('someone@example.com', [TEST_ADDRESS], msg)

  194.         s.quit()

  195.         self.assertEmailReceived(subject)

  196. 

  197.     def test_smtp_tls(self):

  198.         """Email sent from an MTA via SMTP+TLS is delivered"""

  199.         import smtplib

  200.         msg, subject = new_message('someone@example.com', TEST_ADDRESS)

  201.         s = smtplib.SMTP(TEST_SERVER, 25)

  202.         s.starttls()

  203.         s.sendmail('someone@example.com', [TEST_ADDRESS], msg)

  204.         s.quit()

  205.         self.assertEmailReceived(subject)

  206. 

  207.     def test_smtps_headers(self):

  208.         """Email sent from an MUA has DKIM and TLS headers"""

  209.         import smtplib

  210.         import imaplib

  211. 

  212.         # Send a message to root

  213.         msg, subject = new_message(TEST_ADDRESS, 'root@sovereign.local')

  214.         s = smtplib.SMTP_SSL(TEST_SERVER, 465)

  215.         s.login(TEST_ADDRESS, TEST_PASSWORD)

  216.         s.sendmail(TEST_ADDRESS, ['root@sovereign.local'], msg)

  217.         s.quit()

  218. 

  219.         sleep(1)

  220. 

  221.         # Get the message

  222.         m = imaplib.IMAP4_SSL(TEST_SERVER, 993)

  223.         m.login(TEST_ADDRESS, TEST_PASSWORD)

  224.         m.select()

  225.         _, res = m.search(None, '(SUBJECT \"{}\")'.format(subject))

  226.         _, data = m.fetch(res[0], '(RFC822)')

  227. 

  228.         self.assertIn(

  229.             'DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sovereign.local;',

  230.             data[0][1]

  231.         )

  232. 

  233.         self.assertIn(

  234.             '(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))',

  235.             data[0][1]

  236.         )

  237. 

  238.         # Clean up

  239.         m.store(res[0].strip(), '+FLAGS', '\\Deleted')

  240.         m.expunge()

  241.         m.close()

  242.         m.logout()

  243. 

  244.     def test_smtp_headers(self):

  245.         """Email sent from an MTA via SMTP+TLS has X-DSPAM and TLS headers"""

  246.         import smtplib

  247.         import imaplib

  248. 

  249.         # Send a message to root

  250.         msg, subject = new_message('someone@example.com', TEST_ADDRESS)

  251.         s = smtplib.SMTP(TEST_SERVER, 25)

  252.         s.starttls()

  253.         s.sendmail('someone@example.com', [TEST_ADDRESS], msg)

  254.         s.quit()

  255. 

  256.         sleep(1)

  257. 

  258.         # Get the message

  259.         m = imaplib.IMAP4_SSL(TEST_SERVER, 993)

  260.         m.login(TEST_ADDRESS, TEST_PASSWORD)

  261.         m.select()

  262.         _, res = m.search(None, '(SUBJECT \"{}\")'.format(subject))

  263.         _, data = m.fetch(res[0], '(RFC822)')

  264. 

  265.         self.assertIn(

  266.             'X-DSPAM-Result: Innocent',

  267.             data[0][1]

  268.         )

  269. 

  270.         self.assertIn(

  271.             '(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))',

  272.             data[0][1]

  273.         )

  274. 

  275.         # Clean up

  276.         m.store(res[0].strip(), '+FLAGS', '\\Deleted')

  277.         m.expunge()

  278.         m.close()

  279.         m.logout()

  280. 

  281. 

  282. class XMPPTests(unittest.TestCase):

  283.     def test_xmpp_c2s(self):

  284.         """Prosody is listening on 5222 for clients and requiring TLS"""

  285. 

  286.         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

  287.         s.connect((TEST_SERVER, 5222))

  288. 

  289.         # Based off http://wiki.xmpp.org/web/Programming_Jabber_Clients

  290.         s.send("<stream:stream xmlns:stream='http://etherx.jabber.org/streams' "

  291.                "xmlns='jabber:client' to='sovereign.local' version='1.0'>")

  292. 

  293.         data = s.recv(1024)

  294.         s.close()

  295. 

  296.         self.assertRegexpMatches(

  297.             data,

  298.             "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls>"

  299.         )

  300. 

  301.     def test_xmpp_s2s(self):

  302.         """Prosody is listening on 5269 for servers"""

  303. 

  304.         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

  305.         s.connect((TEST_SERVER, 5269))

  306. 

  307.         # Base off http://xmpp.org/extensions/xep-0114.html

  308.         s.send("<stream:stream xmlns:stream='http://etherx.jabber.org/streams' "

  309.                "xmlns='jabber:component:accept' to='sovereign.local'>")

  310. 

  311.         data = s.recv(1024)

  312.         s.close()

  313. 

  314.         self.assertRegexpMatches(

  315.             data,

  316.             "from='sovereign.local'"

  317.         )