diff options
| author | Szczepan Zalega <szczepan@nitrokey.com> | 2018-05-21 19:33:27 +0200 |
|---|---|---|
| committer | Szczepan Zalega <szczepan@nitrokey.com> | 2018-05-21 19:33:27 +0200 |
| commit | f3ebcb225d924df1a9f7761ee31d180d11b8cc0d (patch) | |
| tree | 2dd1458cff17c677749ea306658f8afa124614f9 /unittest/test_pro.py | |
| parent | e91e21d5aa6c885fcb0c04ea130c93b72ce9a92b (diff) | |
| download | libnitrokey-f3ebcb225d924df1a9f7761ee31d180d11b8cc0d.tar.gz libnitrokey-f3ebcb225d924df1a9f7761ee31d180d11b8cc0d.tar.bz2 | |
Add authorization tests
Signed-off-by: Szczepan Zalega <szczepan@nitrokey.com>
Diffstat (limited to 'unittest/test_pro.py')
| -rw-r--r-- | unittest/test_pro.py | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/unittest/test_pro.py b/unittest/test_pro.py index 53588f6..5ce1e24 100644 --- a/unittest/test_pro.py +++ b/unittest/test_pro.py @@ -577,6 +577,51 @@ def test_get_code_user_authorize(C): assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK +@pytest.mark.otp +def test_authorize_issue_admin(C): + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + + assert C.NK_first_authenticate(b"wrong pass", b"another temp pass") == DeviceErrorCode.WRONG_PASSWORD + assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_NOT_AUTHORIZED + + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + +@pytest.mark.otp +def test_authorize_issue_user(C): + assert C.NK_lock_device() == DeviceErrorCode.STATUS_OK + + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_totp_slot(0, b'python_otp_auth', bbRFC_SECRET, 30, True, False, False, b'', + DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + # enable PIN protection of OTP codes with write_config + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, True, False, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + gs(C.NK_get_totp_code(0, 0, 0, 0)) + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_NOT_AUTHORIZED + + assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK + gs(C.NK_get_totp_code_PIN(0, 0, 0, 0, DefaultPasswords.USER_TEMP)) + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + + assert C.NK_user_authenticate(b"wrong pass", b"another temp pass") == DeviceErrorCode.WRONG_PASSWORD + gs(C.NK_get_totp_code_PIN(0, 0, 0, 0, DefaultPasswords.USER_TEMP)) + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_NOT_AUTHORIZED + + assert C.NK_user_authenticate(DefaultPasswords.USER, DefaultPasswords.USER_TEMP) == DeviceErrorCode.STATUS_OK + gs(C.NK_get_totp_code_PIN(0, 0, 0, 0, DefaultPasswords.USER_TEMP)) + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + + # disable PIN protection with write_config + assert C.NK_first_authenticate(DefaultPasswords.ADMIN, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + assert C.NK_write_config(255, 255, 255, False, True, DefaultPasswords.ADMIN_TEMP) == DeviceErrorCode.STATUS_OK + code = gs(C.NK_get_totp_code(0, 0, 0, 0)) + assert code != b'' + assert C.NK_get_last_command_status() == DeviceErrorCode.STATUS_OK + def cast_pointer_to_tuple(obj, typen, len): # usage: # config = cast_pointer_to_tuple(config_raw_data, 'uint8_t', 5) |