def test_with(self):
m = DynamoDbMutex(name=random_name(), holder=random_name())
try:
with m:
time.sleep(3)
raise
except:
print("In exception handler")
self.assertFalse(m.is_locked())
def test_create_delete_us_east_1(self):
m = DynamoDbMutex(name=random_name(),
holder=random_name(),
region_name='us-east-1')
assert (m.lock())
m.release()
DynamoDbMutex.delete_table(region_name='us-east-1')
def check(self, sig_type, level=0, round=0):
# This code acquires a mutex lock using:
# https://github.com/chiradeep/dyndb-mutex
# generate a unique name for this process/thread
my_name = str(uuid.uuid4()).split("-")[0]
m = DynamoDbMutex(sig_type,
holder=my_name,
timeoutms=60 * 1000,
region_name=self.REGION)
try:
with m:
return self.check_locked(sig_type, level, round)
except AcquireLockFailedError:
abort(503, "Failed to obtain DB lock")
def test_with_fail(self):
name = random_name()
m1 = DynamoDbMutex(name=name, holder=random_name())
m1.lock()
m2 = DynamoDbMutex(name=name, holder=random_name())
exceptionHappened = False
try:
with m2:
time.sleep(3)
except AcquireLockFailedError:
print("In exception handler")
self.assertFalse(m2.is_locked())
exceptionHappened = True
self.assertTrue(exceptionHappened)
def test_ttl(self):
os.environ['DD_MUTEX_TABLE_NAME'] = random_name()
name = random_name()
caller = "myself"
m1 = DynamoDbMutex(name=name,
holder=caller,
timeoutms=2 * 1000,
ttl_minutes=2)
m1.lock()
item = m1.get_raw_lock()
diff = item['Item']['ttl'] - item['Item']['expire_ts'] // 1000
print(diff)
self.assertTrue(diff > 0 and diff <= 2 * 60)
DynamoDbMutex.delete_table()
del os.environ['DD_MUTEX_TABLE_NAME']
chdir(__dir__)
sites = []
zones = []
ccConfig = None
with open(path.join(__dir__, 'config.yml'), 'r') as f:
ccConfig = yaml_load(f.read())
sites = ccConfig['sites']
zones = ccConfig['zones']
reloadDNS = False
reloadNginx = False
if args.dnssec:
mutex = DynamoDbMutex('pawnode-certifier-dnssec', holder=getfqdn(), timeoutms=300 * 1000)
try:
get_dnssec_keys()
for zone in zones:
reloadDNS |= make_dnssec_keys(zone, mutex)
reloadDNS |= sign_zone(zone, args.renew_dnssec)
except NoLockError:
print('Skipping DNSSEC. Can\'t get lock.')
finally:
if mutex.locked:
mutex.release()
if reloadDNS:
system('chown -R pdns:pdns %s' % DNSSEC_DIR)
system('pdns_control reload')
def test_release_expired(self):
name = random_name()
caller = "caller1"
m1 = DynamoDbMutex(name=name, holder=caller, timeoutms=2 * 1000)
m1.lock()
time.sleep(3)
caller = "caller2"
m2 = DynamoDbMutex(name=name, holder=caller, timeoutms=2 * 1000)
self.assertTrue(m2.lock())
m1.release()
self.assertTrue(m2.is_locked())
m2.release()
def test_mutual_exclusion(self):
m = DynamoDbMutex(random_name(), holder=random_name())
m.lock()
self.assertFalse(m.lock())
m.release()
def test_timeout(self):
m = DynamoDbMutex(random_name(), "myself", 3 * 1000)
m.lock()
time.sleep(5)
self.assertTrue(m.lock())
m.release()
def test_create(self):
m = DynamoDbMutex(random_name(), "myself", 3 * 1000)
assert (m.lock())
m.release()
def sign(self, handle, test_mode=False):
# This code acquires a mutex lock using https://github.com/chiradeep/dyndb-mutex
# generate a unique name for this process/thread
ddb_region = environ['REGION']
my_name = str(uuid.uuid4()).split("-")[0]
if self.is_block():
sig_type = 'Baking'
else:
sig_type = 'Endorsement'
m = DynamoDbMutex(sig_type,
holder=my_name,
timeoutms=60 * 1000,
region_name=ddb_region)
locked = m.lock() # attempt to acquire the lock
if locked:
encoded_sig = ''
data_to_sign = self.payload
logging.info('About to sign {} with key handle {}'.format(
data_to_sign, handle))
if self.valid_block_format(data_to_sign):
logging.info('Block format is valid')
if self.is_block() or self.is_endorsement():
logging.info('Preamble is valid')
if self.not_already_signed():
if test_mode:
return self.TEST_SIGNATURE
else:
logging.info(
'About to sign with HSM client. Slot = {}, lib = {}, handle = {}'
.format(self.hsm_slot, self.hsm_libfile,
handle))
with HsmClient(slot=self.hsm_slot,
pin=self.hsm_pin,
pkcs11_lib=self.hsm_libfile) as c:
hashed_data = blake2b(
hex_to_bytes(data_to_sign),
digest_size=32).digest()
logging.info('Hashed data to sign: {}'.format(
hashed_data))
sig = c.sign(handle=handle,
data=hashed_data,
mechanism=HsmMech.ECDSA)
logging.info('Raw signature: {}'.format(sig))
encoded_sig = RemoteSigner.b58encode_signature(
sig)
logging.info(
'Base58-encoded signature: {}'.format(
encoded_sig))
else:
logging.error('Invalid level')
m.release() # release the lock
raise Exception('Invalid level')
else:
logging.error('Invalid preamble')
m.release() # release the lock
raise Exception('Invalid preamble')
else:
logging.error('Invalid payload')
m.release() # release the lock
raise Exception('Invalid payload')
m.release() # release the lock
return encoded_sig
else: # lock could not be acquired
logging.error('Could not acquire lock')
raise Exception('Could not acquire lock')
