def benchmarkDecodeDataSeconds(nIterations, useCrypto, encoding):
"""
Loop to decode a data packet nIterations times.
:param int nIterations: The number of iterations.
:param bool useCrypto: If true, verify the signature. If false, don't
verify.
:param Blob encoding: The wire encoding to decode.
"""
# Initialize the private key storage in case useCrypto is true.
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
SelfVerifyPolicyManager(identityStorage))
keyName = Name("/testname/DSK-123")
certificateName = keyName.getSubName(
0,
keyName.size() - 1).append("KEY").append(
keyName[-1]).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA,
Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
start = getNowSeconds()
for i in range(nIterations):
data = Data()
data.wireDecode(encoding)
if useCrypto:
keyChain.verifyData(data, onVerified, onVerifyFailed)
finish = getNowSeconds()
return finish - start
def benchmarkDecodeDataSeconds(nIterations, useCrypto, keyType, encoding):
"""
Loop to decode a data packet nIterations times.
:param int nIterations: The number of iterations.
:param bool useCrypto: If true, verify the signature. If false, don't
verify.
:param KeyType keyType: KeyType.RSA or EC, used if useCrypto is True.
:param Blob encoding: The wire encoding to decode.
:return: The number of seconds for all iterations.
:rtype: float
"""
# Initialize the KeyChain in case useCrypto is true.
keyChain = KeyChain("pib-memory:", "tpm-memory:")
# This puts the public key in the pibImpl used by the SelfVerifyPolicyManager.
keyChain.importSafeBag(SafeBag
(Name("/testname/KEY/123"),
Blob(DEFAULT_EC_PRIVATE_KEY_DER if keyType == KeyType.EC
else DEFAULT_RSA_PRIVATE_KEY_DER, False),
Blob(DEFAULT_EC_PUBLIC_KEY_DER if keyType == KeyType.EC
else DEFAULT_RSA_PUBLIC_KEY_DER, False)))
validator = Validator(ValidationPolicyFromPib(keyChain.getPib()))
start = getNowSeconds()
for i in range(nIterations):
data = Data()
data.wireDecode(encoding)
if useCrypto:
validator.validate(data,onVerifySuccess, onVerifyFailed)
finish = getNowSeconds()
return finish - start
def test_constructor(self):
certificate = CertificateV2()
certificate.wireDecode(Blob(CERT, False))
self.assertEqual(
Name("/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"),
certificate.getName())
self.assertEqual(Name("/ndn/site1/KEY/ksk-1416425377094"),
certificate.getKeyName())
self.assertEqual(Name("/ndn/site1"), certificate.getIdentity())
self.assertEqual(Name.Component("0123"), certificate.getIssuerId())
self.assertEqual(Name.Component("ksk-1416425377094"),
certificate.getKeyId())
self.assertEqual(Name("/ndn/site1/KEY/ksk-2516425377094"),
KeyLocator.getFromSignature(certificate.getSignature()).getKeyName())
self.assertEqual(fromIsoString("20150814T223739"),
certificate.getValidityPeriod().getNotBefore(), 0)
self.assertEqual(fromIsoString("20150818T223738"),
certificate.getValidityPeriod().getNotAfter(), 0)
try:
certificate.getPublicKey()
except:
self.fail("Error in getPublicKey");
data = Data()
data.wireDecode(Blob(CERT, False))
certificate2 = CertificateV2(data)
self.assertEqual(certificate.getName(), certificate2.getName())
self.assertTrue(certificate.getPublicKey().equals(certificate2.getPublicKey()))
def benchmarkDecodeDataSeconds(nIterations, useCrypto, encoding):
"""
Loop to decode a data packet nIterations times.
:param int nIterations: The number of iterations.
:param bool useCrypto: If true, verify the signature. If false, don't
verify.
:param Blob encoding: The wire encoding to decode.
"""
# Initialize the private key storage in case useCrypto is true.
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
SelfVerifyPolicyManager(identityStorage))
keyName = Name("/testname/DSK-123")
certificateName = keyName.getSubName(0, keyName.size() - 1).append(
"KEY").append(keyName[-1]).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
start = getNowSeconds()
for i in range(nIterations):
data = Data()
data.wireDecode(encoding)
if useCrypto:
keyChain.verifyData(data, onVerified, onVerifyFailed)
finish = getNowSeconds()
return finish - start
def main():
data = Data()
data.wireDecode(TlvData)
# Use a hard-wired secret for testing. In a real application the signer
# ensures that the verifier knows the shared key and its keyName.
key = Blob(bytearray([
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31
]))
if KeyChain.verifyDataWithHmacWithSha256(data, key):
dump("Hard-coded data signature verification: VERIFIED")
else:
dump("Hard-coded data signature verification: FAILED")
freshData = Data(Name("/ndn/abc"))
signature = HmacWithSha256Signature()
signature.getKeyLocator().setType(KeyLocatorType.KEYNAME)
signature.getKeyLocator().setKeyName(Name("key1"))
freshData.setSignature(signature)
freshData.setContent("SUCCESS!")
dump("Signing fresh data packet", freshData.getName().toUri())
KeyChain.signWithHmacWithSha256(freshData, key)
if KeyChain.verifyDataWithHmacWithSha256(freshData, key):
dump("Freshly-signed data signature verification: VERIFIED")
else:
dump("Freshly-signed data signature verification: FAILED")
def benchmarkDecodeDataSeconds(nIterations, useCrypto, keyType, encoding):
"""
Loop to decode a data packet nIterations times.
:param int nIterations: The number of iterations.
:param bool useCrypto: If true, verify the signature. If false, don't
verify.
:param KeyType keyType: KeyType.RSA or EC, used if useCrypto is True.
:param Blob encoding: The wire encoding to decode.
:return: The number of seconds for all iterations.
:rtype: float
"""
# Initialize the private key storage in case useCrypto is true.
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
SelfVerifyPolicyManager(identityStorage))
keyName = Name("/testname/DSK-123")
identityStorage.addKey(
keyName, keyType, Blob(
DEFAULT_EC_PUBLIC_KEY_DER if keyType == KeyType.ECDSA else DEFAULT_RSA_PUBLIC_KEY_DER))
start = getNowSeconds()
for i in range(nIterations):
data = Data()
data.wireDecode(encoding)
if useCrypto:
keyChain.verifyData(data, onVerified, onValidationFailed)
finish = getNowSeconds()
return finish - start
def test_full_name(self):
data = Data()
data.wireDecode(codedData)
# Check the full name format.
self.assertEqual(data.getFullName().size(), data.getName().size() + 1)
self.assertEqual(data.getName(), data.getFullName().getPrefix(-1))
self.assertEqual(data.getFullName().get(-1).getValue().size(), 32)
# Check the independent digest calculation.
sha256 = hashes.Hash(hashes.SHA256(), backend=default_backend())
sha256.update(Blob(codedData).toBytes())
newDigest = Blob(bytearray(sha256.finalize()), False)
self.assertTrue(newDigest.equals(
data.getFullName().get(-1).getValue()))
# Check the expected URI.
self.assertEqual(
data.getFullName().toUri(), "/ndn/abc/sha256digest=" +
"96556d685dcb1af04be4ae57f0e7223457d4055ea9b3d07c0d337bef4a8b3ee9")
# Changing the Data packet should change the full name.
saveFullName = Name(data.getFullName())
data.setContent(Blob())
self.assertNotEqual(data.getFullName().get(-1), saveFullName.get(-1))
def main():
data = Data()
data.wireDecode(TlvData)
# Use a hard-wired secret for testing. In a real application the signer
# ensures that the verifier knows the shared key and its keyName.
key = Blob(
bytearray([
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18,
19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31
]))
if KeyChain.verifyDataWithHmacWithSha256(data, key):
dump("Hard-coded data signature verification: VERIFIED")
else:
dump("Hard-coded data signature verification: FAILED")
freshData = Data(Name("/ndn/abc"))
signature = HmacWithSha256Signature()
signature.getKeyLocator().setType(KeyLocatorType.KEYNAME)
signature.getKeyLocator().setKeyName(Name("key1"))
freshData.setSignature(signature)
freshData.setContent("SUCCESS!")
dump("Signing fresh data packet", freshData.getName().toUri())
KeyChain.signWithHmacWithSha256(freshData, key)
if KeyChain.verifyDataWithHmacWithSha256(freshData, key):
dump("Freshly-signed data signature verification: VERIFIED")
else:
dump("Freshly-signed data signature verification: FAILED")
def __init__(self, identityName):
super(DecryptorFixture, self).__init__()
# Include the code here from the NAC unit-tests class
# DecryptorStaticDataEnvironment instead of making it a base class.
self._storage = InMemoryStorageRetaining()
for array in EncryptStaticData.managerPackets:
data = Data()
data.wireDecode(array)
self._storage.insert(data)
for array in EncryptStaticData.encryptorPackets:
data = Data()
data.wireDecode(array)
self._storage.insert(data)
# Import the "/first/user" identity.
self._keyChain.importSafeBag(SafeBag(EncryptStaticData.userIdentity),
Blob("password").buf())
self.addIdentity(Name("/not/authorized"))
self._face = InMemoryStorageFace(self._storage)
self._validator = ValidatorNull()
self._decryptor = DecryptorV2(
self._keyChain.getPib().getIdentity(identityName).getDefaultKey(),
self._validator, self._keyChain, self._face)
def __init__(self, identityName):
super(DecryptorFixture, self).__init__()
# Include the code here from the NAC unit-tests class
# DecryptorStaticDataEnvironment instead of making it a base class.
self._storage = InMemoryStorageRetaining()
for array in EncryptStaticData.managerPackets:
data = Data()
data.wireDecode(array)
self._storage.insert(data)
for array in EncryptStaticData.encryptorPackets:
data = Data()
data.wireDecode(array)
self._storage.insert(data)
# Import the "/first/user" identity.
self._keyChain.importSafeBag(
SafeBag(EncryptStaticData.userIdentity),
Blob("password").buf())
self.addIdentity(Name("/not/authorized"))
self._face = InMemoryStorageFace(self._storage)
self._validator = ValidatorNull()
self._decryptor = DecryptorV2(
self._keyChain.getPib().getIdentity(identityName).getDefaultKey(),
self._validator, self._keyChain, self._face)
def test_refresh_10s(self):
with open('policy_config/testData', 'r') as dataFile:
encodedData = dataFile.read()
data = Data()
dataBlob = Blob(b64decode(encodedData))
data.wireDecode(dataBlob)
# This test is needed, since the KeyChain will express interests in
# unknown certificates.
vr = doVerify(self.policyManager, data)
self.assertTrue(vr.hasFurtherSteps,
"ConfigPolicyManager did not create ValidationRequest for unknown certificate")
self.assertEqual(vr.successCount, 0,
"ConfigPolicyManager called success callback with pending ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager called failure callback with pending ValidationRequest")
# Now save the cert data to our anchor directory, and wait.
# We have to sign it with the current identity or the policy manager
# will create an interest for the signing certificate.
cert = CertificateV2()
certData = b64decode(CERT_DUMP)
cert.wireDecode(Blob(certData, False))
signingInfo = SigningInfo()
signingInfo.setSigningIdentity(self.identityName)
# Make sure the validity period is current for two years.
now = Common.getNowMilliseconds()
signingInfo.setValidityPeriod(ValidityPeriod
(now, now + 2 * 365 * 24 * 3600 * 1000.0))
self.keyChain.sign(cert, signingInfo)
encodedCert = b64encode(cert.wireEncode().toBytes())
with open(self.testCertFile, 'w') as certFile:
certFile.write(Blob(encodedCert, False).toRawStr())
# Still too early for refresh to pick it up.
vr = doVerify(self.policyManager, data)
self.assertTrue(vr.hasFurtherSteps,
"ConfigPolicyManager refresh occured sooner than specified")
self.assertEqual(vr.successCount, 0,
"ConfigPolicyManager called success callback with pending ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager called failure callback with pending ValidationRequest")
time.sleep(6)
# Now we should find it.
vr = doVerify(self.policyManager, data)
self.assertFalse(vr.hasFurtherSteps,
"ConfigPolicyManager did not refresh certificate store")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager did not verify valid signed data")
def test_encode_decode(self):
data = Data()
data.wireDecode(codedData)
data.setContent(data.getContent())
encoding = data.wireEncode()
reDecodedData = Data()
reDecodedData.wireDecode(encoding)
self.assertEqual(dumpData(reDecodedData), initialDump, 'Re-decoded data does not match original dump')
def test_encode_decode(self):
data = Data()
data.wireDecode(codedData2)
data.setContent(data.getContent())
encoding = data.wireEncode()
reDecodedData = Data()
reDecodedData.wireDecode(encoding)
self.assertEqual(dumpData(reDecodedData), initialDump2, 'Re-decoded data does not match original dump')
def on_interest(self, _prefix, interest: Interest, face, _filter_id, _filter):
name = interest.getName()
if not self.storage.exists(str(name)):
return
raw_data = self.storage.get(str(name))
data = Data()
data.wireDecode(Blob(pickle.loads(raw_data)))
self.face.putData(data)
logging.info('Read handle: serve data {}'.format(interest.getName()))
def test_generic_signature(self):
# Test correct encoding.
signature = GenericSignature()
signature.setSignatureInfoEncoding(
Blob(experimentalSignatureInfo, False), None)
signatureValue = Blob([1, 2, 3, 4], False)
signature.setSignature(signatureValue)
self.freshData.setSignature(signature)
encoding = self.freshData.wireEncode()
decodedData = Data()
decodedData.wireDecode(encoding)
decodedSignature = decodedData.getSignature()
self.assertEqual(decodedSignature.getTypeCode(),
experimentalSignatureType)
self.assertTrue(
Blob(experimentalSignatureInfo,
False).equals(decodedSignature.getSignatureInfoEncoding()))
self.assertTrue(signatureValue.equals(decodedSignature.getSignature()))
# Test bad encoding.
signature = GenericSignature()
signature.setSignatureInfoEncoding(
Blob(experimentalSignatureInfoNoSignatureType, False), None)
signature.setSignature(signatureValue)
self.freshData.setSignature(signature)
gotError = True
try:
self.freshData.wireEncode()
gotError = False
except:
pass
if not gotError:
self.fail(
"Expected encoding error for experimentalSignatureInfoNoSignatureType"
)
signature = GenericSignature()
signature.setSignatureInfoEncoding(
Blob(experimentalSignatureInfoBadTlv, False), None)
signature.setSignature(signatureValue)
self.freshData.setSignature(signature)
gotError = True
try:
self.freshData.wireEncode()
gotError = False
except:
pass
if not gotError:
self.fail(
"Expected encoding error for experimentalSignatureInfoBadTlv")
def test_refresh_10s(self):
with open('policy_config/testData', 'r') as dataFile:
encodedData = dataFile.read()
data = Data()
dataBlob = Blob(b64decode(encodedData))
data.wireDecode(dataBlob)
# needed, since the KeyChain will express interests in unknown
# certificates
vr = doVerify(self.policyManager, data)
self.assertTrue(vr.hasFurtherSteps,
"ConfigPolicyManager did not create ValidationRequest for unknown certificate")
self.assertEqual(vr.successCount, 0,
"ConfigPolicyManager called success callback with pending ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager called failure callback with pending ValidationRequest")
# now save the cert data to our anchor directory, and wait
# we have to sign it with the current identity or the
# policy manager will create an interest for the signing certificate
with open(self.testCertFile, 'w') as certFile:
cert = IdentityCertificate()
certData = b64decode(CERT_DUMP)
cert.wireDecode(Blob(certData, False))
self.keyChain.signByIdentity(cert, self.identityName)
encodedCert = b64encode(cert.wireEncode().toBuffer())
certFile.write(Blob(encodedCert, False).toRawStr())
# still too early for refresh to pick it up
vr = doVerify(self.policyManager, data)
self.assertTrue(vr.hasFurtherSteps,
"ConfigPolicyManager refresh occured sooner than specified")
self.assertEqual(vr.successCount, 0,
"ConfigPolicyManager called success callback with pending ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager called failure callback with pending ValidationRequest")
time.sleep(6)
# now we should find it
vr = doVerify(self.policyManager, data)
self.assertFalse(vr.hasFurtherSteps,
"ConfigPolicyManager did not refresh certificate store")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager did not verify valid signed data")
def test_get_group_key_without_regeneration(self):
# Create the group manager.
manager = GroupManager(
Name("Alice"), Name("data_type"),
Sqlite3GroupManagerDb(self.groupKeyDatabaseFilePath), 1024, 1,
self.keyChain)
self.setManager(manager)
# Get the data list from the group manager.
timePoint1 = Schedule.fromIsoString("20150825T093000")
result = manager.getGroupKey(timePoint1)
self.assertEqual(4, len(result))
# The first data packet contains the group's encryption key (public key).
data1 = result[0]
self.assertEqual(
"/Alice/READ/data_type/E-KEY/20150825T090000/20150825T100000",
data1.getName().toUri())
groupEKey1 = EncryptKey(data1.getContent())
# Get the second data packet and decrypt.
data = result[1]
self.assertEqual(
"/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberA/ksk-123",
data.getName().toUri())
# Add new members to the database.
dataBlob = self.certificate.wireEncode()
memberD = Data()
memberD.wireDecode(dataBlob)
memberD.setName(Name("/ndn/memberD/KEY/ksk-123/ID-CERT/123"))
manager.addMember("schedule1", memberD)
result2 = manager.getGroupKey(timePoint1, False)
self.assertEqual(5, len(result2))
# Check that the new EKey is the same as the previous one.
data2 = result2[0]
self.assertEqual(
"/Alice/READ/data_type/E-KEY/20150825T090000/20150825T100000",
data2.getName().toUri())
groupEKey2 = EncryptKey(data2.getContent())
self.assertTrue(groupEKey1.getKeyBits().equals(
groupEKey2.getKeyBits()))
# Check the second data packet.
data2 = result2[1]
self.assertEqual(
"/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberA/ksk-123",
data2.getName().toUri())
def test_refresh_10s(self):
with open('policy_config/testData', 'r') as dataFile:
encodedData = dataFile.read()
data = Data()
dataBlob = Blob(b64decode(encodedData))
data.wireDecode(dataBlob)
# needed, since the KeyChain will express interests in unknown
# certificates
vr = doVerify(self.policyManager, data)
self.assertTrue(vr.hasFurtherSteps,
"ConfigPolicyManager did not create ValidationRequest for unknown certificate")
self.assertEqual(vr.successCount, 0,
"ConfigPolicyManager called success callback with pending ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager called failure callback with pending ValidationRequest")
# now save the cert data to our anchor directory, and wait
# we have to sign it with the current identity or the
# policy manager will create an interest for the signing certificate
with open(self.testCertFile, 'w') as certFile:
cert = IdentityCertificate()
certData = b64decode(CERT_DUMP)
cert.wireDecode(Blob(certData, False))
self.keyChain.signByIdentity(cert, self.identityName)
encodedCert = b64encode(cert.wireEncode().toBytes())
certFile.write(Blob(encodedCert, False).toRawStr())
# still too early for refresh to pick it up
vr = doVerify(self.policyManager, data)
self.assertTrue(vr.hasFurtherSteps,
"ConfigPolicyManager refresh occured sooner than specified")
self.assertEqual(vr.successCount, 0,
"ConfigPolicyManager called success callback with pending ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager called failure callback with pending ValidationRequest")
time.sleep(6)
# now we should find it
vr = doVerify(self.policyManager, data)
self.assertFalse(vr.hasFurtherSteps,
"ConfigPolicyManager did not refresh certificate store")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager did not verify valid signed data")
def test_congestion_mark(self):
# Imitate onReceivedElement.
lpPacket = LpPacket()
# Set copy False so that the fragment is a slice which will be
# copied below. The header fields are all integers and don't need to
# be copied.
TlvWireFormat.get().decodeLpPacket(lpPacket, CONGESTION_MARK_PACKET.buf(), False)
element = lpPacket.getFragmentWireEncoding().buf()
data = Data()
data.wireDecode(element, TlvWireFormat.get())
data.setLpPacket(lpPacket)
self.assertEqual(1, data.getCongestionMark())
def test_get_group_key_without_regeneration(self):
# Create the group manager.
manager = GroupManager(
Name("Alice"), Name("data_type"),
Sqlite3GroupManagerDb(self.groupKeyDatabaseFilePath), 1024, 1,
self.keyChain)
self.setManager(manager)
# Get the data list from the group manager.
timePoint1 = Schedule.fromIsoString("20150825T093000")
result = manager.getGroupKey(timePoint1)
self.assertEqual(4, len(result))
# The first data packet contains the group's encryption key (public key).
data1 = result[0]
self.assertEqual(
"/Alice/READ/data_type/E-KEY/20150825T090000/20150825T100000",
data1.getName().toUri())
groupEKey1 = EncryptKey(data1.getContent())
# Get the second data packet and decrypt.
data = result[1]
self.assertEqual(
"/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberA/ksk-123",
data.getName().toUri())
# Add new members to the database.
dataBlob = self.certificate.wireEncode()
memberD = Data()
memberD.wireDecode(dataBlob)
memberD.setName(Name("/ndn/memberD/KEY/ksk-123/ID-CERT/123"))
manager.addMember("schedule1", memberD)
result2 = manager.getGroupKey(timePoint1, False)
self.assertEqual(5, len(result2))
# Check that the new EKey is the same as the previous one.
data2 = result2[0]
self.assertEqual(
"/Alice/READ/data_type/E-KEY/20150825T090000/20150825T100000",
data2.getName().toUri())
groupEKey2 = EncryptKey(data2.getContent())
self.assertTrue(groupEKey1.getKeyBits().equals(groupEKey2.getKeyBits()));
# Check the second data packet.
data2 = result2[1]
self.assertEqual(
"/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberA/ksk-123",
data2.getName().toUri())
def test_congestion_mark(self):
# Imitate onReceivedElement.
lpPacket = LpPacket()
# Set copy False so that the fragment is a slice which will be
# copied below. The header fields are all integers and don't need to
# be copied.
TlvWireFormat.get().decodeLpPacket(lpPacket, CONGESTION_MARK_PACKET.buf(), False)
element = lpPacket.getFragmentWireEncoding().buf()
data = Data()
data.wireDecode(element, TlvWireFormat.get())
data.setLpPacket(lpPacket)
self.assertEqual(1, data.getCongestionMark())
def test_generic_signature(self):
# Test correct encoding.
signature = GenericSignature()
signature.setSignatureInfoEncoding(
Blob(experimentalSignatureInfo, False), None)
signatureValue = Blob([1, 2, 3, 4], False)
signature.setSignature(signatureValue)
self.freshData.setSignature(signature)
encoding = self.freshData.wireEncode()
decodedData = Data()
decodedData.wireDecode(encoding)
decodedSignature = decodedData.getSignature()
self.assertEqual(decodedSignature.getTypeCode(), experimentalSignatureType)
self.assertTrue(Blob(experimentalSignatureInfo, False).equals
(decodedSignature.getSignatureInfoEncoding()))
self.assertTrue(signatureValue.equals(decodedSignature.getSignature()))
# Test bad encoding.
signature = GenericSignature()
signature.setSignatureInfoEncoding(
Blob(experimentalSignatureInfoNoSignatureType, False), None)
signature.setSignature(signatureValue)
self.freshData.setSignature(signature)
gotError = True
try:
self.freshData.wireEncode()
gotError = False
except:
pass
if not gotError:
self.fail("Expected encoding error for experimentalSignatureInfoNoSignatureType")
signature = GenericSignature()
signature.setSignatureInfoEncoding(
Blob(experimentalSignatureInfoBadTlv, False), None)
signature.setSignature(signatureValue)
self.freshData.setSignature(signature)
gotError = True
try:
self.freshData.wireEncode()
gotError = False
except:
pass
if not gotError:
self.fail("Expected encoding error for experimentalSignatureInfoBadTlv")
def main():
data = Data()
data.wireDecode(TlvData)
dump("Decoded Data:")
dumpData(data)
# Set the content again to clear the cached encoding so we encode again.
data.setContent(data.getContent())
encoding = data.wireEncode()
reDecodedData = Data()
reDecodedData.wireDecode(encoding)
dump("")
dump("Re-decoded Data:")
dumpData(reDecodedData)
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
SelfVerifyPolicyManager(identityStorage))
# Initialize the storage.
keyName = Name("/testname/DSK-123")
certificateName = keyName.getSubName(
0,
keyName.size() - 1).append("KEY").append(
keyName[-1]).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA,
Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
privateKeyStorage.setKeyPairForKeyName(keyName, KeyType.RSA,
DEFAULT_RSA_PUBLIC_KEY_DER,
DEFAULT_RSA_PRIVATE_KEY_DER)
keyChain.verifyData(reDecodedData, makeOnVerified("Re-decoded Data"),
makeOnVerifyFailed("Re-decoded Data"))
freshData = Data(Name("/ndn/abc"))
freshData.setContent("SUCCESS!")
freshData.getMetaInfo().setFreshnessPeriod(5000)
freshData.getMetaInfo().setFinalBlockId(Name("/%00%09")[0])
keyChain.sign(freshData, certificateName)
dump("")
dump("Freshly-signed Data:")
dumpData(freshData)
keyChain.verifyData(freshData, makeOnVerified("Freshly-signed Data"),
makeOnVerifyFailed("Freshly-signed Data"))
def main():
data = Data()
data.wireDecode(TlvData)
dump("Decoded Data:")
dumpData(data)
# Set the content again to clear the cached encoding so we encode again.
data.setContent(data.getContent())
encoding = data.wireEncode()
reDecodedData = Data()
reDecodedData.wireDecode(encoding)
dump("")
dump("Re-decoded Data:")
dumpData(reDecodedData)
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
SelfVerifyPolicyManager(identityStorage))
# Initialize the storage.
keyName = Name("/testname/DSK-123")
certificateName = keyName.getSubName(0, keyName.size() - 1).append(
"KEY").append(keyName[-1]).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER)
keyChain.verifyData(reDecodedData, makeOnVerified("Re-decoded Data"),
makeOnVerifyFailed("Re-decoded Data"))
freshData = Data(Name("/ndn/abc"))
freshData.setContent("SUCCESS!")
freshData.getMetaInfo().setFreshnessPeriod(5000)
freshData.getMetaInfo().setFinalBlockId(Name("/%00%09")[0])
keyChain.sign(freshData, certificateName)
dump("")
dump("Freshly-signed Data:")
dumpData(freshData)
keyChain.verifyData(freshData, makeOnVerified("Freshly-signed Data"),
makeOnVerifyFailed("Freshly-signed Data"))
def on_refs_interest(self, _prefix, interest: Interest, face, _filter_id, _filter):
name = interest.name
print("ON REFS INTEREST", name.toUri())
if name[-1].isTimestamp:
timestamp = name[-1].toTimestamp()
name = name[:-1]
else:
timestamp = None
branch = name[-1].toEscapedString()
if branch not in self.branches:
return
if timestamp is not None and timestamp != self.branches[branch].timestamp:
if timestamp > self.branches[branch].timestamp:
self.on_sync_update(branch, timestamp)
return
data = Data()
raw_data = pickle.loads(self.repo_db.get(branch))
data.wireDecode(raw_data.head_data)
data.metaInfo.freshnessPeriod = 1000
face.putData(data)
def main():
data = Data()
data.wireDecode(TlvData)
dump("Decoded Data:")
dumpData(data)
# Set the content again to clear the cached encoding so we encode again.
data.setContent(data.getContent())
encoding = data.wireEncode()
reDecodedData = Data()
reDecodedData.wireDecode(encoding)
dump("")
dump("Re-decoded Data:")
dumpData(reDecodedData)
# Set up the KeyChain.
pibImpl = PibMemory()
keyChain = KeyChain(
pibImpl, TpmBackEndMemory(), SelfVerifyPolicyManager(pibImpl))
# This puts the public key in the pibImpl used by the SelfVerifyPolicyManager.
keyChain.importSafeBag(SafeBag
(Name("/testname/KEY/123"),
Blob(DEFAULT_RSA_PRIVATE_KEY_DER, False),
Blob(DEFAULT_RSA_PUBLIC_KEY_DER, False)))
keyChain.verifyData(reDecodedData, makeOnVerified("Re-decoded Data"),
makeOnValidationFailed("Re-decoded Data"))
freshData = Data(Name("/ndn/abc"))
freshData.setContent("SUCCESS!")
freshData.getMetaInfo().setFreshnessPeriod(5000)
freshData.getMetaInfo().setFinalBlockId(Name("/%00%09")[0])
keyChain.sign(freshData)
dump("")
dump("Freshly-signed Data:")
dumpData(freshData)
keyChain.verifyData(freshData, makeOnVerified("Freshly-signed Data"),
makeOnValidationFailed("Freshly-signed Data"))
def onInterest(self, prefix, interest, face, interestFilterId, filter):
#print interest.getName()
interestName = interest.getName()
if interestName.isPrefixOf(
Name(
"/org/openmhealth/KEY/ksk-1490231565751/ID-CERT/%FD%00%00%01Z%F8%B9%1Et"
)):
face.putData(
self.keyChain.getCertificate(
Name(
"/org/openmhealth/KEY/ksk-1490231565751/ID-CERT/%FD%00%00%01Z%F8%B9%1Et"
)))
return
with app.app_context():
certCursor = current_app.mongo.db.certs.find({})
for record in certCursor:
print record['name']
if interestName.isPrefixOf(Name(record['name'])):
data = Data()
data.wireDecode(
ndn.Blob(buffer(base64.b64decode(record['cert']))))
face.putData(data)
def main():
data = Data()
data.wireDecode(TlvData)
dump("Decoded Data:")
dumpData(data)
# Set the content again to clear the cached encoding so we encode again.
data.setContent(data.getContent())
encoding = data.wireEncode()
reDecodedData = Data()
reDecodedData.wireDecode(encoding)
dump("")
dump("Re-decoded Data:")
dumpData(reDecodedData)
# Set up the KeyChain.
keyChain = KeyChain("pib-memory:", "tpm-memory:")
keyChain.importSafeBag(
SafeBag(Name("/testname/KEY/123"),
Blob(DEFAULT_RSA_PRIVATE_KEY_DER, False),
Blob(DEFAULT_RSA_PUBLIC_KEY_DER, False)))
validator = Validator(ValidationPolicyFromPib(keyChain.getPib()))
validator.validate(reDecodedData, makeSuccessCallback("Re-decoded Data"),
makeFailureCallback("Re-decoded Data"))
freshData = Data(Name("/ndn/abc"))
freshData.setContent("SUCCESS!")
freshData.getMetaInfo().setFreshnessPeriod(5000)
freshData.getMetaInfo().setFinalBlockId(Name("/%00%09")[0])
keyChain.sign(freshData)
dump("")
dump("Freshly-signed Data:")
dumpData(freshData)
validator.validate(freshData, makeSuccessCallback("Freshly-signed Data"),
makeFailureCallback("Freshly-signed Data"))
def benchmarkDecodeDataSeconds(nIterations, useCrypto, keyType, encoding):
"""
Loop to decode a data packet nIterations times.
:param int nIterations: The number of iterations.
:param bool useCrypto: If true, verify the signature. If false, don't
verify.
:param KeyType keyType: KeyType.RSA or EC, used if useCrypto is True.
:param Blob encoding: The wire encoding to decode.
:return: The number of seconds for all iterations.
:rtype: float
"""
# Initialize the private key storage in case useCrypto is true.
pibImpl = PibMemory()
keyChain = KeyChain(pibImpl, TpmBackEndMemory(),
SelfVerifyPolicyManager(pibImpl))
# This puts the public key in the pibImpl used by the SelfVerifyPolicyManager.
keyChain.importSafeBag(
SafeBag(
Name("/testname/KEY/123"),
Blob(
DEFAULT_EC_PRIVATE_KEY_DER if keyType == KeyType.ECDSA else
DEFAULT_RSA_PRIVATE_KEY_DER, False),
Blob(
DEFAULT_EC_PUBLIC_KEY_DER if keyType == KeyType.ECDSA else
DEFAULT_RSA_PUBLIC_KEY_DER, False)))
start = getNowSeconds()
for i in range(nIterations):
data = Data()
data.wireDecode(encoding)
if useCrypto:
keyChain.verifyData(data, onVerified, onValidationFailed)
finish = getNowSeconds()
return finish - start
def main():
data = Data()
data.wireDecode(TlvData)
dump("Decoded Data:")
dumpData(data)
# Set the content again to clear the cached encoding so we encode again.
data.setContent(data.getContent())
encoding = data.wireEncode()
reDecodedData = Data()
reDecodedData.wireDecode(encoding)
dump("")
dump("Re-decoded Data:")
dumpData(reDecodedData)
# Set up the KeyChain.
keyChain = KeyChain("pib-memory:", "tpm-memory:")
keyChain.importSafeBag(SafeBag
(Name("/testname/KEY/123"),
Blob(DEFAULT_RSA_PRIVATE_KEY_DER, False),
Blob(DEFAULT_RSA_PUBLIC_KEY_DER, False)))
validator = Validator(ValidationPolicyFromPib(keyChain.getPib()))
validator.validate(reDecodedData, makeSuccessCallback("Re-decoded Data"),
makeFailureCallback("Re-decoded Data"))
freshData = Data(Name("/ndn/abc"))
freshData.setContent("SUCCESS!")
freshData.getMetaInfo().setFreshnessPeriod(5000)
freshData.getMetaInfo().setFinalBlockId(Name("/%00%09")[0])
keyChain.sign(freshData)
dump("")
dump("Freshly-signed Data:")
dumpData(freshData)
validator.validate(freshData, makeSuccessCallback("Freshly-signed Data"),
makeFailureCallback("Freshly-signed Data"))
def extract_co_from_db(self, leaf_node, wired=True):
try:
# by design, there is AT MOST one C2S relation for each node
query = 'START s=node(%s)\n' % leaf_node._id + \
'MATCH (s)-[r:%s]->(c)\n' % RELATION_C2S + \
'RETURN c'
records = neo4j.CypherQuery(self.db_handler, query).execute()
nodes = [record.values[0] for record in records.data]
segment_node = nodes[0]
properties = segment_node.get_properties()
wrapped = eval(properties[PROPERTY_WRAPPED])
_data = properties[PROPERTY_DATA]
data = base64.b64decode(_data)
# decode wired co to ContentObject instance
# if not wired:
co = Data()
co.wireDecode(Blob.fromRawStr(data))
return co
# else:
# return data
except StopIteration as ex:
return None
def benchmarkDecodeDataSeconds(nIterations, useCrypto, keyType, encoding):
"""
Loop to decode a data packet nIterations times.
:param int nIterations: The number of iterations.
:param bool useCrypto: If true, verify the signature. If false, don't
verify.
:param KeyType keyType: KeyType.RSA or EC, used if useCrypto is True.
:param Blob encoding: The wire encoding to decode.
:return: The number of seconds for all iterations.
:rtype: float
"""
# Initialize the KeyChain in case useCrypto is true.
keyChain = KeyChain("pib-memory:", "tpm-memory:")
# This puts the public key in the pibImpl used by the SelfVerifyPolicyManager.
keyChain.importSafeBag(
SafeBag(
Name("/testname/KEY/123"),
Blob(
DEFAULT_EC_PRIVATE_KEY_DER if keyType == KeyType.EC else
DEFAULT_RSA_PRIVATE_KEY_DER, False),
Blob(
DEFAULT_EC_PUBLIC_KEY_DER if keyType == KeyType.EC else
DEFAULT_RSA_PUBLIC_KEY_DER, False)))
validator = Validator(ValidationPolicyFromPib(keyChain.getPib()))
start = getNowSeconds()
for i in range(nIterations):
data = Data()
data.wireDecode(encoding)
if useCrypto:
validator.validate(data, onVerifySuccess, onVerifyFailed)
finish = getNowSeconds()
return finish - start
def test_full_name(self):
data = Data()
data.wireDecode(codedData)
# Check the full name format.
self.assertEqual(data.getFullName().size(), data.getName().size() + 1)
self.assertEqual(data.getName(), data.getFullName().getPrefix(-1))
self.assertEqual(data.getFullName().get(-1).getValue().size(), 32)
# Check the independent digest calculation.
sha256 = hashes.Hash(hashes.SHA256(), backend=default_backend())
sha256.update(Blob(codedData).toBytes())
newDigest = Blob(bytearray(sha256.finalize()), False)
self.assertTrue(newDigest.equals(data.getFullName().get(-1).getValue()))
# Check the expected URI.
self.assertEqual(
data.getFullName().toUri(), "/ndn/abc/sha256digest=" +
"96556d685dcb1af04be4ae57f0e7223457d4055ea9b3d07c0d337bef4a8b3ee9")
# Changing the Data packet should change the full name.
saveFullName = Name(data.getFullName())
data.setContent(Blob())
self.assertNotEqual(data.getFullName().get(-1), saveFullName.get(-1))
def setManager(self, manager):
# Set up the first schedule.
schedule1 = Schedule()
interval11 = RepetitiveInterval(
Schedule.fromIsoString("20150825T000000"),
Schedule.fromIsoString("20150827T000000"), 5, 10, 2,
RepetitiveInterval.RepeatUnit.DAY)
interval12 = RepetitiveInterval(
Schedule.fromIsoString("20150825T000000"),
Schedule.fromIsoString("20150827T000000"), 6, 8, 1,
RepetitiveInterval.RepeatUnit.DAY)
interval13 = RepetitiveInterval(
Schedule.fromIsoString("20150827T000000"),
Schedule.fromIsoString("20150827T000000"), 7, 8)
schedule1.addWhiteInterval(interval11)
schedule1.addWhiteInterval(interval12)
schedule1.addBlackInterval(interval13)
# Set up the second schedule.
schedule2 = Schedule()
interval21 = RepetitiveInterval(
Schedule.fromIsoString("20150825T000000"),
Schedule.fromIsoString("20150827T000000"), 9, 12, 1,
RepetitiveInterval.RepeatUnit.DAY)
interval22 = RepetitiveInterval(
Schedule.fromIsoString("20150827T000000"),
Schedule.fromIsoString("20150827T000000"), 6, 8)
interval23 = RepetitiveInterval(
Schedule.fromIsoString("20150827T000000"),
Schedule.fromIsoString("20150827T000000"), 2, 4)
schedule2.addWhiteInterval(interval21)
schedule2.addWhiteInterval(interval22)
schedule2.addBlackInterval(interval23)
# Add them to the group manager database.
manager.addSchedule("schedule1", schedule1)
manager.addSchedule("schedule2", schedule2)
# Make some adaptions to certificate.
dataBlob = self.certificate.wireEncode()
memberA = Data()
memberA.wireDecode(dataBlob, TlvWireFormat.get())
memberA.setName(Name("/ndn/memberA/KEY/ksk-123/ID-CERT/123"))
memberB = Data()
memberB.wireDecode(dataBlob, TlvWireFormat.get())
memberB.setName(Name("/ndn/memberB/KEY/ksk-123/ID-CERT/123"))
memberC = Data()
memberC.wireDecode(dataBlob, TlvWireFormat.get())
memberC.setName(Name("/ndn/memberC/KEY/ksk-123/ID-CERT/123"))
# Add the members to the database.
manager.addMember("schedule1", memberA)
manager.addMember("schedule1", memberB)
manager.addMember("schedule2", memberC)
def setManager(self, manager):
# Set up the first schedule.
schedule1 = Schedule()
interval11 = RepetitiveInterval(
Schedule.fromIsoString("20150825T000000"),
Schedule.fromIsoString("20150827T000000"), 5, 10, 2,
RepetitiveInterval.RepeatUnit.DAY)
interval12 = RepetitiveInterval(
Schedule.fromIsoString("20150825T000000"),
Schedule.fromIsoString("20150827T000000"), 6, 8, 1,
RepetitiveInterval.RepeatUnit.DAY)
interval13 = RepetitiveInterval(
Schedule.fromIsoString("20150827T000000"),
Schedule.fromIsoString("20150827T000000"), 7, 8)
schedule1.addWhiteInterval(interval11)
schedule1.addWhiteInterval(interval12)
schedule1.addBlackInterval(interval13)
# Set up the second schedule.
schedule2 = Schedule()
interval21 = RepetitiveInterval(
Schedule.fromIsoString("20150825T000000"),
Schedule.fromIsoString("20150827T000000"), 9, 12, 1,
RepetitiveInterval.RepeatUnit.DAY)
interval22 = RepetitiveInterval(
Schedule.fromIsoString("20150827T000000"),
Schedule.fromIsoString("20150827T000000"), 6, 8)
interval23 = RepetitiveInterval(
Schedule.fromIsoString("20150827T000000"),
Schedule.fromIsoString("20150827T000000"), 2, 4)
schedule2.addWhiteInterval(interval21)
schedule2.addWhiteInterval(interval22)
schedule2.addBlackInterval(interval23)
# Add them to the group manager database.
manager.addSchedule("schedule1", schedule1)
manager.addSchedule("schedule2", schedule2)
# Make some adaptions to certificate.
dataBlob = self.certificate.wireEncode()
memberA = Data()
memberA.wireDecode(dataBlob, TlvWireFormat.get())
memberA.setName(Name("/ndn/memberA/KEY/ksk-123/ID-CERT/123"))
memberB = Data()
memberB.wireDecode(dataBlob, TlvWireFormat.get())
memberB.setName(Name("/ndn/memberB/KEY/ksk-123/ID-CERT/123"))
memberC = Data()
memberC.wireDecode(dataBlob, TlvWireFormat.get())
memberC.setName(Name("/ndn/memberC/KEY/ksk-123/ID-CERT/123"))
# Add the members to the database.
manager.addMember("schedule1", memberA)
manager.addMember("schedule1", memberB)
manager.addMember("schedule2", memberC)
def test_dump(self):
data = Data()
data.wireDecode(codedData)
self.assertEqual(dumpData(data), initialDump,
'Initial dump does not have expected format')
def publish(self, line):
# Pull out and parse datetime for log entry
# (note we shoudld use point time for timestamp)
try:
if not ": (point" in line: return
point = parse.search("(point {})", line)[0].split(" ")
except Exception as detail:
print("publish: Parse error for", line, "-", detail)
return
try:
tempTime = datetime.strptime(
parse.search("[{}]", line)[0], "%Y-%m-%d %H:%M:%S.%f")
except Exception as detail:
print("publish: Date/time conversion error for", line, "-", detail)
return
sensorName = point[0]
aggregationNamePrefix = self.pointNameToNDNName(sensorName)
dataDict = self.pointToJSON(point)
if aggregationNamePrefix is not None:
#if __debug__:
# print(dateTime, aggregationNamePrefix, dataDict["timestamp"], "payload:", dataDict["value"])
try:
# TODO: since the leaf sensor publisher is not a separate node for now, we also publish aggregated data
# of the same sensor over the past given time period in this code;
# bms_node code has adaptation for leaf sensor publishers as well, ref: example-sensor1.conf
# Here we make the assumption of fixed time window for *all* sensors
# First publish aggregation
dataTime = int(float(dataDict["timestamp"]) * 1000)
if self._startTime == 0:
self._startTime = dataTime
if not (sensorName in self._dataQueue):
# We don't have record of this sensor, so we create an identity for it, and print the cert string for now to get signed
sensorIdentityName = Name(self._namespace).append(
aggregationNamePrefix).getPrefix(-3)
sensorCertificateName = self._keyChain.createIdentityAndCertificate(
sensorIdentityName)
if __debug__:
print("Sensor identity name: " +
sensorIdentityName.toUri())
certificateData = self._keyChain.getIdentityManager(
)._identityStorage.getCertificate(sensorCertificateName)
# We should only ask for cert to be signed upon the first run of a certain sensor
if DO_CERT_SETUP:
if (KeyLocator.getFromSignature(
certificateData.getSignature()).getKeyName().
equals(sensorCertificateName.getPrefix(-1))):
# Need to configure for remote gateway deployment; for now, remote uses its own branch with my public IP.
print("certificate " +
sensorCertificateName.toUri() +
" asking for signature")
response = urllib2.urlopen(
"http://192.168.56.1:5000/bms-cert-hack?cert="
+ b64encode(
certificateData.wireEncode().toBuffer()) +
"&cert_prefix=" + sensorIdentityName.toUri() +
'&subject_name=' +
sensorIdentityName.toUri()).read()
signedCertData = Data()
signedCertData.wireDecode(Blob(
b64decode(response)))
self._cache.add(signedCertData)
cmdline = ['ndnsec-install-cert', '-']
p = subprocess.Popen(cmdline,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE)
cert, err = p.communicate(response)
if p.returncode != 0:
raise RuntimeError("ndnsec-install-cert error")
else:
self._cache.add(certificateData)
else:
self._cache.add(certificateData)
self._dataQueue[sensorName] = DataQueueItem(
[], self._startTime + self._defaultInterval,
sensorIdentityName, sensorCertificateName)
self._dataQueue[sensorName]._dataList.append(
dataDict["value"])
elif dataTime > self._dataQueue[sensorName]._timeThreshold:
# calculate the aggregation with what's already in the queue, publish data packet, and delete current queue
# TODO: This should be mutex locked against self
if len(self._dataQueue[sensorName]._dataList) > 0:
avg = 0.0
for item in self._dataQueue[sensorName]._dataList:
avg += float(item)
avg = avg / len(self._dataQueue[sensorName]._dataList)
data = Data(
Name(self._namespace).
append(aggregationNamePrefix).append("avg").append(
str(self._dataQueue[sensorName]._timeThreshold)
).append(
str(self._dataQueue[sensorName]._timeThreshold
+ self._defaultInterval)))
data.setContent(str(avg))
data.getMetaInfo().setFreshnessPeriod(
self.DEFAULT_DATA_LIFETIME)
self._keyChain.sign(
data, self._dataQueue[sensorName]._certificateName)
self._cache.add(data)
print("Aggregation produced " + data.getName().toUri())
self._dataQueue[sensorName]._dataList = [dataDict["value"]]
self._dataQueue[
sensorName]._timeThreshold = self._dataQueue[
sensorName]._timeThreshold + self._defaultInterval
else:
self._dataQueue[sensorName]._dataList.append(
dataDict["value"])
# Then publish raw data
# Timestamp in data name uses the timestamp from data payload
instDataPrefix = self.pointNameToNDNName(sensorName, False)
dataTemp = self.createData(
instDataPrefix, dataDict["timestamp"], dataDict["value"],
self._dataQueue[sensorName]._certificateName)
if __debug__:
print("Produced raw data name " +
dataTemp.getName().toUri())
print("Produced raw data content " +
dataTemp.getContent().toRawStr())
self._cache.add(dataTemp)
except Exception as detail:
print("publish: Error calling createData for", line, "-",
detail)
def publish(self, line):
# Pull out and parse datetime for log entry
# (note we shoudld use point time for timestamp)
try:
if not ": (point" in line: return
point = parse.search("(point {})", line)[0].split(" ")
except Exception as detail:
print("publish: Parse error for", line, "-", detail)
return
try:
tempTime = datetime.strptime(parse.search("[{}]", line)[0], "%Y-%m-%d %H:%M:%S.%f")
except Exception as detail:
print("publish: Date/time conversion error for", line, "-", detail)
return
sensorName = point[0]
aggregationNamePrefix = self.pointNameToNDNName(sensorName)
dataDict = self.pointToJSON(point)
self._lastDataTimestamp = time.time()
if aggregationNamePrefix is not None:
#if __debug__:
# print(dateTime, aggregationNamePrefix, dataDict["timestamp"], "payload:", dataDict["value"])
try:
# TODO: since the leaf sensor publisher is not a separate node for now, we also publish aggregated data
# of the same sensor over the past given time period in this code;
# bms_node code has adaptation for leaf sensor publishers as well, ref: example-sensor1.conf
# Here we make the assumption of fixed time window for *all* sensors
# First publish aggregation
dataTime = int(float(dataDict["timestamp"]) * 1000)
if self._startTime == 0:
self._startTime = dataTime
if not (sensorName in self._dataQueue):
# We don't have record of this sensor, so we create an identity for it, and print the cert string for now to get signed
sensorIdentityName = Name(self._namespace).append(aggregationNamePrefix).getPrefix(-3)
sensorCertificateName = self._keyChain.createIdentityAndCertificate(sensorIdentityName)
if __debug__:
print("Sensor identity name: " + sensorIdentityName.toUri())
certificateData = self._keyChain.getIdentityManager()._identityStorage.getCertificate(sensorCertificateName, True)
# We should only ask for cert to be signed upon the first run of a certain sensor
if DO_CERT_SETUP:
if (KeyLocator.getFromSignature(certificateData.getSignature()).getKeyName().equals(sensorCertificateName.getPrefix(-1))):
# Need to configure for remote gateway deployment; for now, remote uses its own branch with my public IP.
print("certificate " + sensorCertificateName.toUri() + " asking for signature")
response = urllib2.urlopen("http://192.168.56.1:5000/bms-cert-hack?cert=" + b64encode(certificateData.wireEncode().toBuffer()) + "&cert_prefix=" + sensorIdentityName.toUri() + '&subject_name=' + sensorIdentityName.toUri()).read()
signedCertData = Data()
signedCertData.wireDecode(Blob(b64decode(response)))
self._cache.add(signedCertData)
cmdline = ['ndnsec-install-cert', '-']
p = subprocess.Popen(cmdline, stdin=subprocess.PIPE, stdout=subprocess.PIPE)
cert, err = p.communicate(response)
if p.returncode != 0:
raise RuntimeError("ndnsec-install-cert error")
else:
self._cache.add(certificateData)
else:
self._cache.add(certificateData)
self._dataQueue[sensorName] = DataQueueItem([], self._startTime + self._defaultInterval, sensorIdentityName, sensorCertificateName)
self._dataQueue[sensorName]._dataList.append(dataDict["value"])
elif dataTime > self._dataQueue[sensorName]._timeThreshold:
# calculate the aggregation with what's already in the queue, publish data packet, and delete current queue
# TODO: This should be mutex locked against self
if len(self._dataQueue[sensorName]._dataList) > 0:
avg = 0.0
for item in self._dataQueue[sensorName]._dataList:
avg += float(item)
avg = avg / len(self._dataQueue[sensorName]._dataList)
data = Data(Name(self._namespace).append(aggregationNamePrefix).append("avg").append(str(self._dataQueue[sensorName]._timeThreshold)).append(str(self._dataQueue[sensorName]._timeThreshold + self._defaultInterval)))
data.setContent(str(avg))
data.getMetaInfo().setFreshnessPeriod(self.DEFAULT_DATA_LIFETIME)
self._keyChain.sign(data, self._dataQueue[sensorName]._certificateName)
self._cache.add(data)
print("Aggregation produced " + data.getName().toUri())
self._dataQueue[sensorName]._dataList = [dataDict["value"]]
self._dataQueue[sensorName]._timeThreshold = self._dataQueue[sensorName]._timeThreshold + self._defaultInterval
else:
self._dataQueue[sensorName]._dataList.append(dataDict["value"])
# Then publish raw data
# Timestamp in data name uses the timestamp from data payload
instDataPrefix = self.pointNameToNDNName(sensorName, False)
dataTemp = self.createData(instDataPrefix, dataDict["timestamp"], json.dumps(dataDict), self._dataQueue[sensorName]._certificateName)
if __debug__:
print("Produced raw data name " + dataTemp.getName().toUri())
print("Produced raw data content " + dataTemp.getContent().toRawStr())
self._cache.add(dataTemp)
# For now we only insert raw data into repo
parameter = repo_command_parameter_pb2.RepoCommandParameterMessage()
# Add the Name.
for i in range(dataTemp.getName().size()):
parameter.repo_command_parameter.name.component.append(
dataTemp.getName().get(i).toEscapedString())
# Create the command interest.
commandInterest = Interest(Name(repoCommandPrefix).append("insert")
.append(Name.Component(ProtobufTlv.encode(parameter))))
self._face.makeCommandInterest(commandInterest)
# Send the command interest and get the response or timeout.
def onRepoCommandResponse(interest, data):
# repo_command_response_pb2 was produced by protoc.
response = repo_command_response_pb2.RepoCommandResponseMessage()
try:
ProtobufTlv.decode(response, data.content)
except:
print("Cannot decode the repo command response")
if response.repo_command_response.status_code == 100:
if __debug__:
print("Insertion started")
else:
print("Got repo command error code", response.repo_command_response.status_code)
def onRepoCommandTimeout(interest):
if __debug__:
print("Insert repo command timeout")
self._face.expressInterest(commandInterest, onRepoCommandResponse, onRepoCommandTimeout)
except Exception as detail:
print("publish: Error calling createData for", line, "-", detail)
def test_construction(self):
# Debug: This should be a Certificate.
certificate = Data()
certificate.wireDecode(CERT)
def startPublishing(self):
# One-time security setup
self.prepareLogging()
privateKeyStorage = FilePrivateKeyStorage()
identityStorage = BasicIdentityStorage()
policyManager = ConfigPolicyManager(self._trustSchemaFile)
self._keyChain = KeyChain(
IdentityManager(identityStorage, privateKeyStorage), policyManager)
self._certificateName = self._keyChain.createIdentityAndCertificate(
self._identityName)
print("My Identity name: " + self._identityName.toUri())
print("My certificate name: " + self._certificateName.toUri())
certificateData = self._keyChain.getIdentityManager(
)._identityStorage.getCertificate(self._certificateName)
print("My certificate string: " +
b64encode(certificateData.wireEncode().toBuffer()))
# self._keyChain.getIdentityCertificate(self._certificateName).)
self._loop = asyncio.get_event_loop()
self._face = ThreadsafeFace(self._loop)
self._keyChain.setFace(self._face)
self._face.setCommandSigningInfo(self._keyChain, self._certificateName)
self._memoryContentCache = MemoryContentCache(self._face)
# We should only ask for cert to be signed upon the first run of a certain aggregator
if DO_CERT_SETUP:
if (KeyLocator.getFromSignature(
certificateData.getSignature()).getKeyName().equals(
self._certificateName.getPrefix(-1))):
# Need to configure for mini-ndn; aggregation node runs outside of mini-ndn first so that signed cert get installed and mini-ndn won't ask for this again
print("certificate " + self._certificateName.toUri() +
" asking for signature")
response = urllib2.urlopen(
"http://192.168.56.1:5000/bms-cert-hack?cert=" +
b64encode(certificateData.wireEncode().toBuffer()) +
"&cert_prefix=" + self._identityName.toUri() +
'&subject_name=' + self._identityName.toUri()).read()
signedCertData = Data()
signedCertData.wireDecode(Blob(b64decode(response)))
self._memoryContentCache.add(signedCertData)
cmdline = ['ndnsec-install-cert', '-']
p = subprocess.Popen(cmdline,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE)
# desanitize + sign in GET request
cert, err = p.communicate(response)
if p.returncode != 0:
raise RuntimeError("ndnsec-install-cert error")
else:
self._memoryContentCache.add(certificateData)
else:
self._memoryContentCache.add(certificateData)
dataNode = self.conf.getDataNode()
childrenNode = self.conf.getChildrenNode()
self._memoryContentCache.registerPrefix(Name(self._identityName),
self.onRegisterFailed,
self.onDataNotFound)
# For each type of data, we refresh each type of aggregation according to the interval in the configuration
for i in range(len(dataNode.subtrees)):
dataType = dataNode.subtrees.keys()[i]
aggregationParams = self.conf.getProducingParamsForAggregationType(
dataNode.subtrees.items()[i][1])
if childrenNode == None:
self._dataQueue[dataType] = DataQueue(None, None, None)
self.generateData(dataType, 2, 0)
for aggregationType in aggregationParams:
childrenList = OrderedDict()
if childrenNode != None:
for j in range(len(childrenNode.subtrees)):
if dataType in childrenNode.subtrees.items(
)[j][1].subtrees['data'].subtrees:
if aggregationType in childrenNode.subtrees.items(
)[j][1].subtrees['data'].subtrees[
dataType].subtrees:
childrenList[childrenNode.subtrees.items()[j][
0]] = self.conf.getProducingParamsForAggregationType(
childrenNode.subtrees.items()[j]
[1].subtrees['data'].subtrees[dataType]
)[aggregationType]
self.startPublishingAggregation(
aggregationParams[aggregationType], childrenList, dataType,
aggregationType)
return
def test_construction(self):
# Debug: This should be a Certificate.
certificate = Data()
certificate.wireDecode(CERT)
def startPublishing(self):
# One-time security setup
self.prepareLogging()
privateKeyStorage = FilePrivateKeyStorage()
identityStorage = BasicIdentityStorage()
policyManager = ConfigPolicyManager(self._trustSchemaFile)
self._keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage), policyManager)
self._certificateName = self._keyChain.createIdentityAndCertificate(self._identityName)
print("My Identity name: " + self._identityName.toUri())
print("My certificate name: " + self._certificateName.toUri())
certificateData = self._keyChain.getIdentityManager()._identityStorage.getCertificate(self._certificateName, True)
print("My certificate string: " + b64encode(certificateData.wireEncode().toBuffer()))
# self._keyChain.getIdentityCertificate(self._certificateName).)
self._loop = asyncio.get_event_loop()
self._face = ThreadsafeFace(self._loop)
self._keyChain.setFace(self._face)
self._face.setCommandSigningInfo(self._keyChain, self._certificateName)
self._memoryContentCache = MemoryContentCache(self._face)
# We should only ask for cert to be signed upon the first run of a certain aggregator
if DO_CERT_SETUP:
if (KeyLocator.getFromSignature(certificateData.getSignature()).getKeyName().equals(self._certificateName.getPrefix(-1))):
# Need to configure for mini-ndn; aggregation node runs outside of mini-ndn first so that signed cert get installed and mini-ndn won't ask for this again
print("certificate " + self._certificateName.toUri() + " asking for signature")
response = urllib2.urlopen("http://192.168.56.1:5000/bms-cert-hack?cert=" + b64encode(certificateData.wireEncode().toBuffer()) + "&cert_prefix=" + self._identityName.toUri() + '&subject_name=' + self._identityName.toUri()).read()
signedCertData = Data()
signedCertData.wireDecode(Blob(b64decode(response)))
self._memoryContentCache.add(signedCertData)
cmdline = ['ndnsec-install-cert', '-']
p = subprocess.Popen(cmdline, stdin=subprocess.PIPE, stdout=subprocess.PIPE)
# desanitize + sign in GET request
cert, err = p.communicate(response)
if p.returncode != 0:
raise RuntimeError("ndnsec-install-cert error")
else:
self._memoryContentCache.add(certificateData)
else:
self._memoryContentCache.add(certificateData)
dataNode = self.conf.getDataNode()
childrenNode = self.conf.getChildrenNode()
self._memoryContentCache.registerPrefix(Name(self._identityName), self.onRegisterFailed, self.onDataNotFound)
# For each type of data, we refresh each type of aggregation according to the interval in the configuration
for i in range(len(dataNode.subtrees)):
dataType = dataNode.subtrees.keys()[i]
aggregationParams = self.conf.getProducingParamsForAggregationType(dataNode.subtrees.items()[i][1])
if childrenNode == None:
self._dataQueue[dataType] = DataQueue(None, None, None)
self.generateData(dataType, 2, 0)
for aggregationType in aggregationParams:
childrenList = OrderedDict()
if childrenNode != None:
for j in range(len(childrenNode.subtrees)):
if dataType in childrenNode.subtrees.items()[j][1].subtrees['data'].subtrees:
if aggregationType in childrenNode.subtrees.items()[j][1].subtrees['data'].subtrees[dataType].subtrees:
childrenList[childrenNode.subtrees.items()[j][0]] = self.conf.getProducingParamsForAggregationType(childrenNode.subtrees.items()[j][1].subtrees['data'].subtrees[dataType])[aggregationType]
self.startPublishingAggregation(aggregationParams[aggregationType], childrenList, dataType, aggregationType)
return
def wireDecode(self, buf, wireFormat = None):
"""
Make sure the fields are populated after decoding
"""
Data.wireDecode(self, buf, wireFormat)
self.decode()
def test_dump(self):
data = Data()
data.wireDecode(codedData)
self.assertEqual(dumpData(data), initialDump, 'Initial dump does not have expected format')
def wireDecode(self, buf, wireFormat=None):
"""
Make sure the fields are populated after decoding
"""
Data.wireDecode(self, buf, wireFormat)
self.decode()
def publishData(self):
for buffer in EncryptStaticData.managerPackets:
data = Data()
data.wireDecode(buffer)
self._storage.insert(data)
def publishData(self):
for buffer in EncryptStaticData.managerPackets:
data = Data()
data.wireDecode(buffer)
self._storage.insert(data)
