[ Avaa Bypassed ]

# Copyright (c) Twisted Matrix Laboratories.
# See LICENSE for details.

"""
Tests for L{twisted.words.protocols.jabber.sasl_mechanisms}.
"""

from __future__ import absolute_import, division

from twisted.trial import unittest

from twisted.python.compat import networkString
from twisted.words.protocols.jabber import sasl_mechanisms

class PlainTests(unittest.TestCase):
    """
    Tests for L{twisted.words.protocols.jabber.sasl_mechanisms.Plain}.
    """
    def test_getInitialResponse(self):
        """
        Test the initial response.
        """
        m = sasl_mechanisms.Plain(None, u'test', u'secret')
        self.assertEqual(m.getInitialResponse(), b'\x00test\x00secret')



class AnonymousTests(unittest.TestCase):
    """
    Tests for L{twisted.words.protocols.jabber.sasl_mechanisms.Anonymous}.
    """
    def test_getInitialResponse(self):
        """
        Test the initial response to be empty.
        """
        m = sasl_mechanisms.Anonymous()
        self.assertEqual(m.getInitialResponse(), None)



class DigestMD5Tests(unittest.TestCase):
    """
    Tests for L{twisted.words.protocols.jabber.sasl_mechanisms.DigestMD5}.
    """
    def setUp(self):
        self.mechanism = sasl_mechanisms.DigestMD5(
            u'xmpp', u'example.org', None, u'test', u'secret')


    def test_getInitialResponse(self):
        """
        Test that no initial response is generated.
        """
        self.assertIdentical(self.mechanism.getInitialResponse(), None)


    def test_getResponse(self):
        """
        The response to a Digest-MD5 challenge includes the parameters from the
        challenge.
        """
        challenge = (
            b'realm="localhost",nonce="1234",qop="auth",charset=utf-8,'
            b'algorithm=md5-sess')
        directives = self.mechanism._parse(
            self.mechanism.getResponse(challenge))
        del directives[b"cnonce"], directives[b"response"]
        self.assertEqual({
                b'username': b'test', b'nonce': b'1234', b'nc': b'00000001',
                b'qop': [b'auth'], b'charset': b'utf-8',
                b'realm': b'localhost', b'digest-uri': b'xmpp/example.org'
                }, directives)


    def test_getResponseNonAsciiRealm(self):
        """
        Bytes outside the ASCII range in the challenge are nevertheless
        included in the response.
        """
        challenge = (b'realm="\xc3\xa9chec.example.org",nonce="1234",'
                     b'qop="auth",charset=utf-8,algorithm=md5-sess')
        directives = self.mechanism._parse(
            self.mechanism.getResponse(challenge))
        del directives[b"cnonce"], directives[b"response"]
        self.assertEqual({
                b'username': b'test', b'nonce': b'1234', b'nc': b'00000001',
                b'qop': [b'auth'], b'charset': b'utf-8',
                b'realm': b'\xc3\xa9chec.example.org',
                b'digest-uri': b'xmpp/example.org'}, directives)


    def test_getResponseNoRealm(self):
        """
        The response to a challenge without a realm uses the host part of the
        JID as the realm.
        """
        challenge = b'nonce="1234",qop="auth",charset=utf-8,algorithm=md5-sess'
        directives = self.mechanism._parse(
                         self.mechanism.getResponse(challenge))
        self.assertEqual(directives[b'realm'], b'example.org')


    def test_getResponseNoRealmIDN(self):
        """
        If the challenge does not include a realm and the host part of the JID
        includes bytes outside of the ASCII range, the response still includes
        the host part of the JID as the realm.
        """
        self.mechanism = sasl_mechanisms.DigestMD5(
            u'xmpp', u'\u00e9chec.example.org', None, u'test', u'secret')
        challenge = b'nonce="1234",qop="auth",charset=utf-8,algorithm=md5-sess'
        directives = self.mechanism._parse(
            self.mechanism.getResponse(challenge))
        self.assertEqual(directives[b'realm'], b'\xc3\xa9chec.example.org')


    def test_getResponseRspauth(self):
        """
        If the challenge just has a rspauth directive, the response is empty.
        """
        challenge = \
            b'rspauth=cnNwYXV0aD1lYTQwZjYwMzM1YzQyN2I1NTI3Yjg0ZGJhYmNkZmZmZA=='
        response = self.mechanism.getResponse(challenge)
        self.assertEqual(b"", response)


    def test_calculateResponse(self):
        """
        The response to a Digest-MD5 challenge is computed according to RFC
        2831.
        """
        charset = 'utf-8'
        nonce = b'OA6MG9tEQGm2hh'
        nc = networkString('%08x' % (1,))
        cnonce = b'OA6MHXh6VqTrRk'

        username = u'\u0418chris'
        password = u'\u0418secret'
        host = u'\u0418elwood.innosoft.com'
        digestURI = u'imap/\u0418elwood.innosoft.com'.encode(charset)

        mechanism = sasl_mechanisms.DigestMD5(
            b'imap', host, None, username, password)
        response = mechanism._calculateResponse(
            cnonce, nc, nonce, username.encode(charset),
            password.encode(charset), host.encode(charset), digestURI)
        self.assertEqual(response, b'7928f233258be88392424d094453c5e3')


    def test_parse(self):
        """
        A challenge can be parsed into a L{dict} with L{bytes} or L{list}
        values.
        """
        challenge = (
            b'nonce="1234",qop="auth,auth-conf",charset=utf-8,'
            b'algorithm=md5-sess,cipher="des,3des"')
        directives = self.mechanism._parse(challenge)
        self.assertEqual({
                b"algorithm": b"md5-sess", b"nonce": b"1234",
                b"charset": b"utf-8", b"qop": [b'auth', b'auth-conf'],
                b"cipher": [b'des', b'3des']
                }, directives)