Няма описание
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260
  1. import unittest
  2. from time import sleep
  3. import uuid
  4. import socket
  5. import requests
  6. import os
  7. TEST_SERVER = 'sovereign.local'
  8. TEST_ADDRESS = 'sovereign@sovereign.local'
  9. TEST_PASSWORD = 'foo'
  10. CA_BUNDLE = 'roles/common/files/wildcard_ca.pem'
  11. socket.setdefaulttimeout(5)
  12. os.environ['REQUESTS_CA_BUNDLE'] = CA_BUNDLE
  13. class SSHTests(unittest.TestCase):
  14. def test_ssh_banner(self):
  15. """SSH is responding with its banner"""
  16. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  17. s.connect((TEST_SERVER, 22))
  18. data = s.recv(1024)
  19. s.close()
  20. self.assertRegexpMatches(data, '^SSH-2.0-OpenSSH')
  21. class WebTests(unittest.TestCase):
  22. def test_blog_http(self):
  23. """Blog is redirecting to https"""
  24. # FIXME: requests won't verify sovereign.local with *.sovereign.local cert
  25. r = requests.get('http://' + TEST_SERVER, verify=False)
  26. # We should be redirected to https
  27. self.assertEquals(r.history[0].status_code, 301)
  28. self.assertEquals(r.url, 'https://' + TEST_SERVER + '/')
  29. # 403 - Since there is no documents in the blog directory
  30. self.assertEquals(r.status_code, 403)
  31. def test_webmail_http(self):
  32. """Webmail is redirecting to https and displaying login page"""
  33. r = requests.get('http://mail.' + TEST_SERVER)
  34. # We should be redirected to https
  35. self.assertEquals(r.history[0].status_code, 301)
  36. self.assertEquals(r.url, 'https://mail.' + TEST_SERVER + '/')
  37. # 200 - We should be at the login page
  38. self.assertEquals(r.status_code, 200)
  39. self.assertIn(
  40. 'Welcome to Roundcube Webmail',
  41. r.content
  42. )
  43. def test_owncloud_http(self):
  44. """ownCloud is redirecting to https and displaying login page"""
  45. r = requests.get('http://cloud.' + TEST_SERVER)
  46. # We should be redirected to https
  47. self.assertEquals(r.history[0].status_code, 301)
  48. self.assertEquals(r.url, 'https://cloud.' + TEST_SERVER + '/')
  49. # 200 - We should be at the login page
  50. self.assertEquals(r.status_code, 200)
  51. self.assertIn(
  52. 'ownCloud',
  53. r.content
  54. )
  55. def test_znc_http(self):
  56. """ZNC web interface is displaying login page"""
  57. # FIXME: requests won't verify sovereign.local with *.sovereign.local cert
  58. r = requests.get('https://' + TEST_SERVER + ':6697', verify=False)
  59. self.assertEquals(r.status_code, 200)
  60. self.assertIn(
  61. "Welcome to ZNC's web interface!",
  62. r.content
  63. )
  64. class IRCTests(unittest.TestCase):
  65. def test_irc_auth(self):
  66. """ZNC is accepting encrypted logins"""
  67. import ssl
  68. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  69. ssl_sock = ssl.wrap_socket(s, ca_certs=CA_BUNDLE, cert_reqs=ssl.CERT_REQUIRED)
  70. ssl_sock.connect((TEST_SERVER, 6697))
  71. # Check the encryption parameters
  72. cipher, version, bits = ssl_sock.cipher()
  73. self.assertEquals(cipher, 'AES256-SHA')
  74. self.assertEquals(version, 'TLSv1/SSLv3')
  75. self.assertEquals(bits, 256)
  76. # Login
  77. ssl_sock.send('CAP REQ sasl multi-prefix\r\n')
  78. ssl_sock.send('PASS foo\r\n')
  79. ssl_sock.send('NICK sovereign\r\n')
  80. ssl_sock.send('USER sovereign 0 * Sov\r\n')
  81. # Read until we see the ZNC banner (or timeout)
  82. while 1:
  83. r = ssl_sock.recv(1024)
  84. if 'Connected to ZNC' in r:
  85. break
  86. def new_message(from_email, to_email):
  87. """Creates an email (headers & body) with a random subject"""
  88. from email.mime.text import MIMEText
  89. msg = MIMEText('Testing')
  90. msg['Subject'] = uuid.uuid4().hex[:8]
  91. msg['From'] = from_email
  92. msg['To'] = to_email
  93. return msg.as_string(), msg['subject']
  94. class MailTests(unittest.TestCase):
  95. def assertEmailReceived(self, subject):
  96. """Connects with IMAP and asserts the existance of an email, then deletes it"""
  97. import imaplib
  98. sleep(1)
  99. # Login to IMAP
  100. m = imaplib.IMAP4_SSL(TEST_SERVER, 993)
  101. m.login(TEST_ADDRESS, TEST_PASSWORD)
  102. m.select()
  103. # Assert the message exist
  104. typ, data = m.search(None, '(SUBJECT \"{}\")'.format(subject))
  105. self.assertTrue(len(data[0].split()), 1)
  106. # Delete it & logout
  107. m.store(data[0].strip(), '+FLAGS', '\\Deleted')
  108. m.expunge()
  109. m.close()
  110. m.logout()
  111. def test_imap_requires_ssl(self):
  112. """IMAP without SSL is NOT available"""
  113. import imaplib
  114. with self.assertRaisesRegexp(socket.timeout, 'timed out'):
  115. imaplib.IMAP4(TEST_SERVER, 143)
  116. def test_smtps(self):
  117. """Email sent from an MUA via SMTPS is delivered"""
  118. import smtplib
  119. msg, subject = new_message(TEST_ADDRESS, 'root@sovereign.local')
  120. s = smtplib.SMTP_SSL(TEST_SERVER, 465)
  121. s.login(TEST_ADDRESS, TEST_PASSWORD)
  122. s.sendmail(TEST_ADDRESS, ['root@sovereign.local'], msg)
  123. s.quit()
  124. self.assertEmailReceived(subject)
  125. def test_smtps_requires_auth(self):
  126. """SMTPS with no authentication is rejected"""
  127. import smtplib
  128. s = smtplib.SMTP_SSL(TEST_SERVER, 465)
  129. with self.assertRaisesRegexp(smtplib.SMTPRecipientsRefused, 'Access denied'):
  130. s.sendmail(TEST_ADDRESS, ['root@sovereign.local'], 'Test')
  131. s.quit()
  132. def test_smtp(self):
  133. """Email sent from an MTA is delivered"""
  134. import smtplib
  135. msg, subject = new_message('someone@example.com', TEST_ADDRESS)
  136. s = smtplib.SMTP(TEST_SERVER, 25)
  137. s.sendmail('someone@example.com', [TEST_ADDRESS], msg)
  138. s.quit()
  139. self.assertEmailReceived(subject)
  140. def test_smtp_tls(self):
  141. """Email sent from an MTA via SMTP+TLS is delivered"""
  142. import smtplib
  143. msg, subject = new_message('someone@example.com', TEST_ADDRESS)
  144. s = smtplib.SMTP(TEST_SERVER, 25)
  145. s.starttls()
  146. s.sendmail('someone@example.com', [TEST_ADDRESS], msg)
  147. s.quit()
  148. self.assertEmailReceived(subject)
  149. def test_smtps_headers(self):
  150. """Email sent from an MUA has DKIM and TLS headers"""
  151. import smtplib
  152. import imaplib
  153. # Send a message to root
  154. msg, subject = new_message(TEST_ADDRESS, 'root@sovereign.local')
  155. s = smtplib.SMTP_SSL(TEST_SERVER, 465)
  156. s.login(TEST_ADDRESS, TEST_PASSWORD)
  157. s.sendmail(TEST_ADDRESS, ['root@sovereign.local'], msg)
  158. s.quit()
  159. sleep(1)
  160. # Get the message
  161. m = imaplib.IMAP4_SSL(TEST_SERVER, 993)
  162. m.login(TEST_ADDRESS, TEST_PASSWORD)
  163. m.select()
  164. _, res = m.search(None, '(SUBJECT \"{}\")'.format(subject))
  165. _, data = m.fetch(res[0], '(RFC822)')
  166. self.assertIn(
  167. 'DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sovereign.local;',
  168. data[0][1]
  169. )
  170. self.assertIn(
  171. '(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))',
  172. data[0][1]
  173. )
  174. # Clean up
  175. m.store(res[0].strip(), '+FLAGS', '\\Deleted')
  176. m.expunge()
  177. m.close()
  178. m.logout()
  179. def test_smtp_headers(self):
  180. """Email sent from an MTA via SMTP+TLS has X-DSPAM and TLS headers"""
  181. import smtplib
  182. import imaplib
  183. # Send a message to root
  184. msg, subject = new_message('someone@example.com', TEST_ADDRESS)
  185. s = smtplib.SMTP(TEST_SERVER, 25)
  186. s.starttls()
  187. s.sendmail('someone@example.com', [TEST_ADDRESS], msg)
  188. s.quit()
  189. sleep(1)
  190. # Get the message
  191. m = imaplib.IMAP4_SSL(TEST_SERVER, 993)
  192. m.login(TEST_ADDRESS, TEST_PASSWORD)
  193. m.select()
  194. _, res = m.search(None, '(SUBJECT \"{}\")'.format(subject))
  195. _, data = m.fetch(res[0], '(RFC822)')
  196. self.assertIn(
  197. 'X-DSPAM-Result: Innocent',
  198. data[0][1]
  199. )
  200. self.assertIn(
  201. '(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))',
  202. data[0][1]
  203. )
  204. # Clean up
  205. m.store(res[0].strip(), '+FLAGS', '\\Deleted')
  206. m.expunge()
  207. m.close()
  208. m.logout()