def __init__(self, face, encryptResult, link = None):
# Set up face
self.face = face
self._encryptResult = encryptResult
self._link = link
self.databaseFilePath = "policy_config/test_consumer_dpu.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
self.groupName = Name("/org/openmhealth/haitao")
# Set up the keyChain.
identityStorage = BasicIdentityStorage()
privateKeyStorage = FilePrivateKeyStorage()
self.keyChain = KeyChain(
IdentityManager(identityStorage, privateKeyStorage),
NoVerifyPolicyManager())
# Authorized identity
identityName = Name("/ndn/edu/basel/dpu")
# Function name: the function that this DPU provides
self._functionName = "bounding_box"
self._identityName = identityName
self.certificateName = self.keyChain.createIdentityAndCertificate(identityName)
# TODO: if using BasicIdentityStorage and FilePrivateKeyStorage
# For some reason this newly generated cert is not installed by default, calling keyChain sign later would result in error
#self.keyChain.installIdentityCertificate()
self.face.setCommandSigningInfo(self.keyChain, self.certificateName)
consumerKeyName = IdentityCertificate.certificateNameToPublicKeyName(self.certificateName)
consumerCertificate = identityStorage.getCertificate(self.certificateName)
self.consumer = Consumer(
face, self.keyChain, self.groupName, identityName,
Sqlite3ConsumerDb(self.databaseFilePath))
# TODO: Read the private key to decrypt d-key...this may or may not be ideal
base64Content = None
with open(privateKeyStorage.nameTransform(consumerKeyName.toUri(), ".pri")) as keyFile:
print privateKeyStorage.nameTransform(consumerKeyName.toUri(), ".pri")
base64Content = keyFile.read()
#print base64Content
der = Blob(base64.b64decode(base64Content), False)
self.consumer.addDecryptionKey(consumerKeyName, der)
self.memoryContentCache = MemoryContentCache(self.face)
self.memoryContentCache.registerPrefix(identityName, self.onRegisterFailed, self.onDataNotFound)
self.memoryContentCache.add(consumerCertificate)
accessRequestInterest = Interest(Name(self.groupName).append("read_access_request").append(self.certificateName).appendVersion(int(time.time())))
self.face.expressInterest(accessRequestInterest, self.onAccessRequestData, self.onAccessRequestTimeout)
print "Access request interest name: " + accessRequestInterest.getName().toUri()
self._tasks = dict()
return
def __init__(self, face):
# Set up face
self.face = face
self.databaseFilePath = "policy_config/test_consumer.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
self.groupName = Name("/org/openmhealth/zhehao")
# Set up the keyChain.
identityStorage = BasicIdentityStorage()
privateKeyStorage = FilePrivateKeyStorage()
self.keyChain = KeyChain(
IdentityManager(identityStorage, privateKeyStorage),
NoVerifyPolicyManager())
# Authorized identity
identityName = Name("/org/openmhealth/dvu-python-3")
# Unauthorized identity
#identityName = Name("/org/openmhealth/dvu-python-1")
self.certificateName = self.keyChain.createIdentityAndCertificate(identityName)
self.face.setCommandSigningInfo(self.keyChain, self.certificateName)
consumerKeyName = IdentityCertificate.certificateNameToPublicKeyName(self.certificateName)
consumerCertificate = identityStorage.getCertificate(self.certificateName)
self.consumer = Consumer(
face, self.keyChain, self.groupName, identityName,
Sqlite3ConsumerDb(self.databaseFilePath))
# TODO: Read the private key to decrypt d-key...this may or may not be ideal
base64Content = None
with open(privateKeyStorage.nameTransform(consumerKeyName.toUri(), ".pri")) as keyFile:
print privateKeyStorage.nameTransform(consumerKeyName.toUri(), ".pri")
base64Content = keyFile.read()
#print base64Content
der = Blob(base64.b64decode(base64Content), False)
self.consumer.addDecryptionKey(consumerKeyName, der)
self.memoryContentCache = MemoryContentCache(self.face)
self.memoryContentCache.registerPrefix(identityName, self.onRegisterFailed, self.onDataNotFound)
self.memoryContentCache.add(consumerCertificate)
accessRequestInterest = Interest(Name(self.groupName).append("read_access_request").append(self.certificateName).appendVersion(int(time.time())))
self.face.expressInterest(accessRequestInterest, self.onAccessRequestData, self.onAccessRequestTimeout)
print "Access request interest name: " + accessRequestInterest.getName().toUri()
self.consumeCatalog = True
return
def setUp(self):
# Reuse the policy_config subdirectory for the temporary SQLite file.
self.databaseFilePath = "policy_config/test-public-info.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
self.identityStorage = BasicIdentityStorage(self.databaseFilePath)
self.identityManager = IdentityManager(self.identityStorage,
FilePrivateKeyStorage())
self.policyManager = SelfVerifyPolicyManager(self.identityStorage)
self.keyChain = KeyChain(self.identityManager, self.policyManager)
def setUp(self):
testCertDirectory = 'policy_config/certs'
self.testCertFile = os.path.join(testCertDirectory, 'test.cert')
# Reuse the policy_config subdirectory for the temporary SQLite file.
self.databaseFilePath = "policy_config/test-public-info.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
self.identityStorage = BasicIdentityStorage(self.databaseFilePath)
self.privateKeyStorage = MemoryPrivateKeyStorage()
self.identityManager = IdentityManager(self.identityStorage,
self.privateKeyStorage)
self.policyManager = ConfigPolicyManager('policy_config/simple_rules.conf')
self.identityName = Name('/TestConfigPolicyManager/temp')
# to match the anchor cert
keyName = Name(self.identityName).append('ksk-1416010123')
self.privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, TEST_RSA_PUBLIC_KEY_DER, TEST_RSA_PRIVATE_KEY_DER)
self.identityStorage.addKey(
keyName, KeyType.RSA, Blob(TEST_RSA_PUBLIC_KEY_DER))
cert = self.identityManager.selfSign(keyName)
self.identityStorage.setDefaultKeyNameForIdentity(keyName)
self.identityManager.addCertificateAsDefault(cert)
self.keyChain = KeyChain(self.identityManager, self.policyManager)
self.keyName = keyName
self.face = Face()
def main():
# COMMAND LINE ARGS
parser = argparse.ArgumentParser(
description='Parse or follow Cascade Datahub log and publish to NDN.')
parser.add_argument('filename', help='datahub log file')
parser.add_argument('-f',
dest='follow',
action='store_true',
help='follow (tail -f) the log file')
parser.add_argument('--namespace',
default='/ndn/edu/ucla/remap/bms',
help='root ndn name, no trailing slash')
args = parser.parse_args()
# NDN
global face, keychain
loop = asyncio.get_event_loop()
face = ThreadsafeFace(loop, "localhost")
keychain = KeyChain(
IdentityManager(
BasicIdentityStorage(),
FilePrivateKeyStorage())) # override default even for MacOS
cache = MemoryContentCache(face)
# READ THE FILE (MAIN LOOP)
if args.follow:
loop.run_until_complete(
followfile(args.filename, args.namespace, cache))
else:
loop.run_until_complete(readfile(args.filename, args.namespace, cache))
face.shutdown()
def __init__(self, transport = None, conn = None):
"""
Initialize the network and security classes for the node
"""
super(BaseNode, self).__init__()
self.faceTransport = transport
self.faceConn = conn
self._identityStorage = BasicIdentityStorage()
self._identityManager = IdentityManager(self._identityStorage, FilePrivateKeyStorage())
self._policyManager = IotPolicyManager(self._identityStorage)
# hopefully there is some private/public key pair available
self._keyChain = KeyChain(self._identityManager, self._policyManager)
self._registrationFailures = 0
self._prepareLogging()
self._setupComplete = False
def setUp(self):
# Reuse the policy_config subdirectory for the temporary SQLite file.
self.databaseFilePath = "policy_config/test-public-info.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
self.identityStorage = BasicIdentityStorage(self.databaseFilePath)
self.identityManager = IdentityManager(self.identityStorage,
FilePrivateKeyStorage())
self.policyManager = SelfVerifyPolicyManager(self.identityStorage)
self.keyChain = KeyChain(self.identityManager, self.policyManager)
def __init__(self, face):
# Set up face
self.face = face
identityStorage = BasicIdentityStorage()
privateKeyStorage = FilePrivateKeyStorage()
self.keyChain = KeyChain(
IdentityManager(identityStorage, privateKeyStorage),
NoVerifyPolicyManager())
self.face.setCommandSigningInfo(
self.keyChain,
Name(
"/org/openmhealth/KEY/ksk-1490231565751/ID-CERT/%FD%00%00%01Z%F8%B9%1Et"
))
self.face.registerPrefix(Name("/org/openmhealth"), self.onInterest,
self.onRegisterFailed)
def setUp(self):
testCertDirectory = 'policy_config/certs'
self.testCertFile = os.path.join(testCertDirectory, 'test.cert')
# Reuse the policy_config subdirectory for the temporary SQLite file.
self.databaseFilePath = "policy_config/test-public-info.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
self.identityStorage = BasicIdentityStorage(self.databaseFilePath)
self.privateKeyStorage = MemoryPrivateKeyStorage()
self.identityManager = IdentityManager(self.identityStorage,
self.privateKeyStorage)
self.policyManager = ConfigPolicyManager(
'policy_config/simple_rules.conf')
self.identityName = Name('/TestConfigPolicyManager/temp')
# to match the anchor cert
keyName = Name(self.identityName).append('ksk-1416010123')
self.privateKeyStorage.setKeyPairForKeyName(keyName, KeyType.RSA,
TEST_RSA_PUBLIC_KEY_DER,
TEST_RSA_PRIVATE_KEY_DER)
self.identityStorage.addKey(keyName, KeyType.RSA,
Blob(TEST_RSA_PUBLIC_KEY_DER))
cert = self.identityManager.selfSign(keyName)
self.identityStorage.setDefaultKeyNameForIdentity(keyName)
self.identityManager.addCertificateAsDefault(cert)
self.keyChain = KeyChain(self.identityManager, self.policyManager)
self.keyName = keyName
self.face = Face()
def __init__(self, transport = None, conn = None):
"""
Initialize the network and security classes for the node
"""
super(BaseNode, self).__init__()
self.faceTransport = transport
self.faceConn = conn
self._identityStorage = BasicIdentityStorage()
self._identityManager = IdentityManager(self._identityStorage, FilePrivateKeyStorage())
self._policyManager = IotPolicyManager(self._identityStorage)
# hopefully there is some private/public key pair available
self._keyChain = KeyChain(self._identityManager, self._policyManager)
self._registrationFailures = 0
self._prepareLogging()
self._setupComplete = False
class TestConfigPolicyManager(ut.TestCase):
def setUp(self):
testCertDirectory = 'policy_config/certs'
self.testCertFile = os.path.join(testCertDirectory, 'test.cert')
# Reuse the policy_config subdirectory for the temporary SQLite file.
self.databaseFilePath = "policy_config/test-public-info.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
self.identityStorage = BasicIdentityStorage(self.databaseFilePath)
self.privateKeyStorage = MemoryPrivateKeyStorage()
self.identityManager = IdentityManager(self.identityStorage,
self.privateKeyStorage)
self.policyManager = ConfigPolicyManager(
'policy_config/simple_rules.conf')
self.identityName = Name('/TestConfigPolicyManager/temp')
# to match the anchor cert
keyName = Name(self.identityName).append('ksk-1416010123')
self.privateKeyStorage.setKeyPairForKeyName(keyName, KeyType.RSA,
TEST_RSA_PUBLIC_KEY_DER,
TEST_RSA_PRIVATE_KEY_DER)
self.identityStorage.addKey(keyName, KeyType.RSA,
Blob(TEST_RSA_PUBLIC_KEY_DER))
cert = self.identityManager.selfSign(keyName)
self.identityStorage.setDefaultKeyNameForIdentity(keyName)
self.identityManager.addCertificateAsDefault(cert)
self.keyChain = KeyChain(self.identityManager, self.policyManager)
self.keyName = keyName
self.face = Face()
def tearDown(self):
try:
os.remove(self.databaseFilePath)
except OSError:
pass
self.privateKeyStorage.deleteKeyPair(self.keyName)
self.face.shutdown()
try:
os.remove(self.testCertFile)
except OSError:
pass
def test_no_verify(self):
policyManager = NoVerifyPolicyManager()
identityName = Name('TestValidator/Null').appendVersion(
int(time.time()))
keyChain = KeyChain(self.identityManager, policyManager)
keyChain.createIdentityAndCertificate(identityName)
data = Data(Name(identityName).append('data'))
keyChain.signByIdentity(data, identityName)
vr = doVerify(policyManager, data)
self.assertFalse(vr.hasFurtherSteps,
"NoVerifyPolicyManager returned a ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"Verification failed with NoVerifyPolicyManager")
self.assertEqual(
vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
def test_self_verification(self):
policyManager = SelfVerifyPolicyManager(self.identityStorage)
keyChain = KeyChain(self.identityManager, policyManager)
identityName = Name('TestValidator/RsaSignatureVerification')
keyChain.createIdentityAndCertificate(identityName)
data = Data(Name('/TestData/1'))
keyChain.signByIdentity(data, identityName)
vr = doVerify(policyManager, data)
self.assertFalse(
vr.hasFurtherSteps,
"SelfVerifyPolicyManager returned a ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"Verification of identity-signed data failed")
self.assertEqual(
vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
data2 = Data(Name('/TestData/2'))
vr = doVerify(policyManager, data2)
self.assertFalse(
vr.hasFurtherSteps,
"SelfVerifyPolicyManager returned a ValidationRequest")
self.assertEqual(vr.successCount, 0,
"Verification of unsigned data succeeded")
self.assertEqual(
vr.failureCount, 1,
"Verification failure callback called {} times instead of 1".
format(vr.failureCount))
def test_interest_timestamp(self):
interestName = Name('/ndn/ucla/edu/something')
certName = self.identityManager.getDefaultCertificateNameForIdentity(
self.identityName)
self.face.setCommandSigningInfo(self.keyChain, certName)
oldInterest = Interest(interestName)
self.face.makeCommandInterest(oldInterest)
time.sleep(0.1) # make sure timestamps are different
newInterest = Interest(interestName)
self.face.makeCommandInterest(newInterest)
vr = doVerify(self.policyManager, newInterest)
self.assertFalse(
vr.hasFurtherSteps,
"ConfigPolicyManager returned ValidationRequest but certificate is known"
)
self.assertEqual(vr.failureCount, 0,
"Verification of valid interest failed")
self.assertEqual(
vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
vr = doVerify(self.policyManager, oldInterest)
self.assertFalse(
vr.hasFurtherSteps,
"ConfigPolicyManager returned ValidationRequest but certificate is known"
)
self.assertEqual(vr.successCount, 0,
"Verification of stale interest succeeded")
self.assertEqual(
vr.failureCount, 1,
"Failure callback called {} times instead of 1".format(
vr.failureCount))
def _removeFile(self, filename):
try:
os.remove(filename)
except OSError:
# no such file
pass
def test_refresh_10s(self):
with open('policy_config/testData', 'r') as dataFile:
encodedData = dataFile.read()
data = Data()
dataBlob = Blob(b64decode(encodedData))
data.wireDecode(dataBlob)
# needed, since the KeyChain will express interests in unknown
# certificates
vr = doVerify(self.policyManager, data)
self.assertTrue(
vr.hasFurtherSteps,
"ConfigPolicyManager did not create ValidationRequest for unknown certificate"
)
self.assertEqual(
vr.successCount, 0,
"ConfigPolicyManager called success callback with pending ValidationRequest"
)
self.assertEqual(
vr.failureCount, 0,
"ConfigPolicyManager called failure callback with pending ValidationRequest"
)
# now save the cert data to our anchor directory, and wait
# we have to sign it with the current identity or the
# policy manager will create an interest for the signing certificate
with open(self.testCertFile, 'w') as certFile:
cert = IdentityCertificate()
certData = b64decode(CERT_DUMP)
cert.wireDecode(Blob(certData, False))
self.keyChain.signByIdentity(cert, self.identityName)
encodedCert = b64encode(cert.wireEncode().toBuffer())
certFile.write(Blob(encodedCert, False).toRawStr())
# still too early for refresh to pick it up
vr = doVerify(self.policyManager, data)
self.assertTrue(
vr.hasFurtherSteps,
"ConfigPolicyManager refresh occured sooner than specified")
self.assertEqual(
vr.successCount, 0,
"ConfigPolicyManager called success callback with pending ValidationRequest"
)
self.assertEqual(
vr.failureCount, 0,
"ConfigPolicyManager called failure callback with pending ValidationRequest"
)
time.sleep(6)
# now we should find it
vr = doVerify(self.policyManager, data)
self.assertFalse(
vr.hasFurtherSteps,
"ConfigPolicyManager did not refresh certificate store")
self.assertEqual(
vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
self.assertEqual(
vr.failureCount, 0,
"ConfigPolicyManager did not verify valid signed data")
def __init__(self, face):
# Set up face
self.face = face
self.databaseFilePath = "policy_config/test_consumer.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
self.groupName = Name("/org/openmhealth/haitao")
# Set up the keyChain.
identityStorage = BasicIdentityStorage()
privateKeyStorage = FilePrivateKeyStorage()
self.keyChain = KeyChain(
IdentityManager(identityStorage, privateKeyStorage),
NoVerifyPolicyManager())
# Authorized identity
identityName = Name("/org/openmhealth/dvu-python-3")
# Unauthorized identity
#identityName = Name("/org/openmhealth/dvu-python-1")
self.certificateName = self.keyChain.createIdentityAndCertificate(
identityName)
self.face.setCommandSigningInfo(self.keyChain, self.certificateName)
consumerKeyName = IdentityCertificate.certificateNameToPublicKeyName(
self.certificateName)
consumerCertificate = identityStorage.getCertificate(
self.certificateName)
self.consumer = Consumer(face, self.keyChain, self.groupName,
identityName,
Sqlite3ConsumerDb(self.databaseFilePath))
# TODO: Read the private key to decrypt d-key...this may or may not be ideal
base64Content = None
with open(
privateKeyStorage.nameTransform(consumerKeyName.toUri(),
".pri")) as keyFile:
print privateKeyStorage.nameTransform(consumerKeyName.toUri(),
".pri")
base64Content = keyFile.read()
#print base64Content
der = Blob(base64.b64decode(base64Content), False)
self.consumer.addDecryptionKey(consumerKeyName, der)
self.memoryContentCache = MemoryContentCache(self.face)
self.memoryContentCache.registerPrefix(identityName,
self.onRegisterFailed,
self.onDataNotFound)
self.memoryContentCache.add(consumerCertificate)
accessRequestInterest = Interest(
Name(self.groupName).append("read_access_request").append(
self.certificateName).appendVersion(int(time.time())))
self.face.expressInterest(accessRequestInterest,
self.onAccessRequestData,
self.onAccessRequestTimeout)
print "Access request interest name: " + accessRequestInterest.getName(
).toUri()
self.consumeCatalog = True
return
class TestConfigPolicyManager(ut.TestCase):
def setUp(self):
testCertDirectory = 'policy_config/certs'
self.testCertFile = os.path.join(testCertDirectory, 'test.cert')
# Reuse the policy_config subdirectory for the temporary SQLite file.
self.databaseFilePath = "policy_config/test-public-info.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
self.identityStorage = BasicIdentityStorage(self.databaseFilePath)
self.privateKeyStorage = MemoryPrivateKeyStorage()
self.identityManager = IdentityManager(self.identityStorage,
self.privateKeyStorage)
self.policyManager = ConfigPolicyManager('policy_config/simple_rules.conf')
self.identityName = Name('/TestConfigPolicyManager/temp')
# to match the anchor cert
keyName = Name(self.identityName).append('ksk-1416010123')
self.privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, TEST_RSA_PUBLIC_KEY_DER, TEST_RSA_PRIVATE_KEY_DER)
self.identityStorage.addKey(
keyName, KeyType.RSA, Blob(TEST_RSA_PUBLIC_KEY_DER))
cert = self.identityManager.selfSign(keyName)
self.identityStorage.setDefaultKeyNameForIdentity(keyName)
self.identityManager.addCertificateAsDefault(cert)
self.keyChain = KeyChain(self.identityManager, self.policyManager)
self.keyName = keyName
self.face = Face()
def tearDown(self):
try:
os.remove(self.databaseFilePath)
except OSError:
pass
self.privateKeyStorage.deleteKeyPair(self.keyName)
self.face.shutdown()
try:
os.remove(self.testCertFile)
except OSError:
pass
def test_no_verify(self):
policyManager = NoVerifyPolicyManager()
identityName = Name('TestValidator/Null').appendVersion(int(time.time()))
keyChain = KeyChain(self.identityManager, policyManager)
keyChain.createIdentityAndCertificate(identityName)
data = Data(Name(identityName).append('data'))
keyChain.signByIdentity(data, identityName)
vr = doVerify(policyManager, data)
self.assertFalse(vr.hasFurtherSteps,
"NoVerifyPolicyManager returned a ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"Verification failed with NoVerifyPolicyManager")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
def test_self_verification(self):
policyManager = SelfVerifyPolicyManager(self.identityStorage)
keyChain = KeyChain(self.identityManager, policyManager)
identityName = Name('TestValidator/RsaSignatureVerification')
keyChain.createIdentityAndCertificate(identityName)
data = Data(Name('/TestData/1'))
keyChain.signByIdentity(data, identityName)
vr = doVerify(policyManager, data)
self.assertFalse(vr.hasFurtherSteps,
"SelfVerifyPolicyManager returned a ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"Verification of identity-signed data failed")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
data2 = Data(Name('/TestData/2'))
vr = doVerify(policyManager,
data2)
self.assertFalse(vr.hasFurtherSteps,
"SelfVerifyPolicyManager returned a ValidationRequest")
self.assertEqual(vr.successCount, 0,
"Verification of unsigned data succeeded")
self.assertEqual(vr.failureCount, 1,
"Verification failure callback called {} times instead of 1".format(
vr.failureCount))
def test_interest_timestamp(self):
interestName = Name('/ndn/ucla/edu/something')
certName = self.identityManager.getDefaultCertificateNameForIdentity(
self.identityName)
self.face.setCommandSigningInfo(self.keyChain, certName)
oldInterest = Interest(interestName)
self.face.makeCommandInterest(oldInterest)
time.sleep(0.1) # make sure timestamps are different
newInterest = Interest(interestName)
self.face.makeCommandInterest(newInterest)
vr = doVerify(self.policyManager,
newInterest)
self.assertFalse(vr.hasFurtherSteps,
"ConfigPolicyManager returned ValidationRequest but certificate is known")
self.assertEqual(vr.failureCount, 0,
"Verification of valid interest failed")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
vr = doVerify(self.policyManager,
oldInterest)
self.assertFalse(vr.hasFurtherSteps,
"ConfigPolicyManager returned ValidationRequest but certificate is known")
self.assertEqual(vr.successCount, 0,
"Verification of stale interest succeeded")
self.assertEqual(vr.failureCount, 1,
"Failure callback called {} times instead of 1".format(
vr.failureCount))
def _removeFile(self, filename):
try:
os.remove(filename)
except OSError:
# no such file
pass
def test_refresh_10s(self):
with open('policy_config/testData', 'r') as dataFile:
encodedData = dataFile.read()
data = Data()
dataBlob = Blob(b64decode(encodedData))
data.wireDecode(dataBlob)
# needed, since the KeyChain will express interests in unknown
# certificates
vr = doVerify(self.policyManager, data)
self.assertTrue(vr.hasFurtherSteps,
"ConfigPolicyManager did not create ValidationRequest for unknown certificate")
self.assertEqual(vr.successCount, 0,
"ConfigPolicyManager called success callback with pending ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager called failure callback with pending ValidationRequest")
# now save the cert data to our anchor directory, and wait
# we have to sign it with the current identity or the
# policy manager will create an interest for the signing certificate
with open(self.testCertFile, 'w') as certFile:
cert = IdentityCertificate()
certData = b64decode(CERT_DUMP)
cert.wireDecode(Blob(certData, False))
self.keyChain.signByIdentity(cert, self.identityName)
encodedCert = b64encode(cert.wireEncode().toBuffer())
certFile.write(Blob(encodedCert, False).toRawStr())
# still too early for refresh to pick it up
vr = doVerify(self.policyManager, data)
self.assertTrue(vr.hasFurtherSteps,
"ConfigPolicyManager refresh occured sooner than specified")
self.assertEqual(vr.successCount, 0,
"ConfigPolicyManager called success callback with pending ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager called failure callback with pending ValidationRequest")
time.sleep(6)
# now we should find it
vr = doVerify(self.policyManager, data)
self.assertFalse(vr.hasFurtherSteps,
"ConfigPolicyManager did not refresh certificate store")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager did not verify valid signed data")
def __init__(self,
face,
identityName,
groupName,
catalogPrefix,
rawDataPrefix,
producerDbFilePath,
consumerDbFilePath,
encrypted=False):
self.face = face
# Set up the keyChain.
identityStorage = BasicIdentityStorage()
privateKeyStorage = FilePrivateKeyStorage()
self.keyChain = KeyChain(
IdentityManager(identityStorage, privateKeyStorage),
NoVerifyPolicyManager())
self.identityName = Name(identityName)
self.groupName = Name(groupName)
self.rawDataPrefix = rawDataPrefix
self.catalogPrefix = catalogPrefix
self.certificateName = self.keyChain.createIdentityAndCertificate(
self.identityName)
self.face.setCommandSigningInfo(self.keyChain, self.certificateName)
# Set up the memoryContentCache
self.memoryContentCache = MemoryContentCache(self.face)
self.memoryContentCache.registerPrefix(self.identityName,
self.onRegisterFailed,
self.onDataNotFound)
self.producerPrefix = Name(identityName)
self.producerSuffix = Name()
self.producer = DPUProducer(face, self.memoryContentCache,
self.producerPrefix, self.producerSuffix,
self.keyChain, self.certificateName,
producerDbFilePath)
# Put own (consumer) certificate in memoryContentCache
consumerKeyName = IdentityCertificate.certificateNameToPublicKeyName(
self.certificateName)
consumerCertificate = identityStorage.getCertificate(
self.certificateName, True)
# TODO: request that this DPU be added as a trusted group member
self.remainingTasks = dict()
try:
os.remove(consumerDbFilePath)
except OSError:
# no such file
pass
self.consumer = Consumer(face, self.keyChain, self.groupName,
consumerKeyName,
Sqlite3ConsumerDb(consumerDbFilePath))
# TODO: Read the private key to decrypt d-key...this may or may not be ideal
base64Content = None
with open(
privateKeyStorage.nameTransform(consumerKeyName.toUri(),
".pri")) as keyFile:
base64Content = keyFile.read()
der = Blob(base64.b64decode(base64Content), False)
self.consumer.addDecryptionKey(consumerKeyName, der)
self.memoryContentCache.add(consumerCertificate)
self.encrypted = encrypted
self.rawData = []
self.catalogFetchFinished = False
self.remainingData = 0
return
def main():
"""
Call startRepoWatch and register a prefix so that SendSegments will answer
interests from the repo to send data packets for the watched prefix. When
all the data is sent (or an error), call startRepoWatch.
"""
repoCommandPrefix = Name("/ndn/edu/ucla/remap/bms-repo/1")
repoDataPrefix = Name("/ndn/edu/ucla/remap/bms")
nowMilliseconds = int(time.time() * 1000.0)
watchPrefix = Name(repoDataPrefix).append("testwatch").appendVersion(
nowMilliseconds)
# The default Face will connect using a Unix socket, or to "localhost".
face = Face()
# Use the system default key chain and certificate name to sign commands.
from pyndn.security.identity import IdentityManager, FilePrivateKeyStorage, BasicIdentityStorage
keyChain = KeyChain(
IdentityManager(BasicIdentityStorage(), FilePrivateKeyStorage()))
face.setCommandSigningInfo(keyChain, keyChain.getDefaultCertificateName())
# Register the prefix and start the repo watch at the same time.
enabled = [True]
sendSegments = SendSegments(keyChain, keyChain.getDefaultCertificateName(),
enabled)
dump("Register prefix", watchPrefix.toUri())
face.registerPrefix(watchPrefix, sendSegments.onInterest,
sendSegments.onRegisterFailed)
print("Here")
def onRepoWatchStarted():
dump("Watch started for", watchPrefix.toUri())
def onFailed():
enabled[0] = False
startRepoWatch(face, repoCommandPrefix, watchPrefix, onRepoWatchStarted,
onFailed)
# Run until all the data is sent.
while enabled[0]:
face.processEvents()
# We need to sleep for a few milliseconds so we don't use 100% of the CPU.
time.sleep(0.01)
def onRepoWatchStopped():
dump("Watch stopped for", watchPrefix.toUri())
enabled[0] = False
stopRepoWatch(face, repoCommandPrefix, watchPrefix, onRepoWatchStopped,
onFailed)
# Run until stopRepoWatch finishes.
enabled[0] = True
while enabled[0]:
face.processEvents()
# We need to sleep for a few milliseconds so we don't use 100% of the CPU.
time.sleep(0.01)
face.shutdown()
def __init__(self, face, encryptResult, defaultPrefix, link = None):
# Set up face
self.face = face
self._encryptResult = encryptResult
self._link = link
self.databaseFilePath = "policy_config/test_consumer_dpu.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
self.groupName = Name(defaultPrefix)
# Set up the keyChain.
identityStorage = BasicIdentityStorage()
privateKeyStorage = FilePrivateKeyStorage()
self.keyChain = KeyChain(
IdentityManager(identityStorage, privateKeyStorage),
NoVerifyPolicyManager())
# Authorized identity
identityName = Name("/ndn/edu/basel/dpu")
# Function name: the function that this DPU provides
self._functionName = "bounding_box"
self._identityName = identityName
self.certificateName = self.keyChain.createIdentityAndCertificate(identityName)
# TODO: if using BasicIdentityStorage and FilePrivateKeyStorage
# For some reason this newly generated cert is not installed by default, calling keyChain sign later would result in error
#self.keyChain.installIdentityCertificate()
self.memoryContentCache = MemoryContentCache(self.face)
try:
commandSigningKeyChain = KeyChain()
print "Default certificate name is: " + self.keyChain.getDefaultCertificateName().toUri()
self.face.setCommandSigningInfo(commandSigningKeyChain, commandSigningKeyChain.getDefaultCertificateName())
self.memoryContentCache.registerPrefix(identityName, self.onRegisterFailed, self.onDataNotFound)
except SecurityException as e:
print str(e)
print "Cannot use default certificate, use created certificate in FilePrivateKeyStorage"
self.face.setCommandSigningInfo(self.keyChain, self.certificateName)
self.memoryContentCache.registerPrefix(identityName, self.onRegisterFailed, self.onDataNotFound)
consumerKeyName = IdentityCertificate.certificateNameToPublicKeyName(self.certificateName)
consumerCertificate = identityStorage.getCertificate(self.certificateName)
self.consumer = Consumer(
face, self.keyChain, self.groupName, identityName,
Sqlite3ConsumerDb(self.databaseFilePath))
# TODO: Read the private key to decrypt d-key...this may or may not be ideal
base64Content = None
with open(privateKeyStorage.nameTransform(consumerKeyName.toUri(), ".pri")) as keyFile:
print privateKeyStorage.nameTransform(consumerKeyName.toUri(), ".pri")
base64Content = keyFile.read()
#print base64Content
der = Blob(base64.b64decode(base64Content), False)
self.consumer.addDecryptionKey(consumerKeyName, der)
self.memoryContentCache.add(consumerCertificate)
accessRequestInterest = Interest(Name(self.groupName).append("read_access_request").append(self.certificateName).appendVersion(int(time.time())))
self.face.expressInterest(accessRequestInterest, self.onAccessRequestData, self.onAccessRequestTimeout)
print "Access request interest name: " + accessRequestInterest.getName().toUri()
self._tasks = dict()
return
class TestSqlIdentityStorage(ut.TestCase):
def setUp(self):
# Reuse the policy_config subdirectory for the temporary SQLite file.
self.databaseFilePath = "policy_config/test-public-info.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
self.identityStorage = BasicIdentityStorage(self.databaseFilePath)
self.identityManager = IdentityManager(self.identityStorage,
FilePrivateKeyStorage())
self.policyManager = SelfVerifyPolicyManager(self.identityStorage)
self.keyChain = KeyChain(self.identityManager, self.policyManager)
def tearDown(self):
try:
os.remove(self.databaseFilePath)
except OSError:
pass
def test_identity_create_delete(self):
identityName = Name('/TestIdentityStorage/Identity').appendVersion(
int(time.time()))
certificateName = self.keyChain.createIdentityAndCertificate(
identityName)
keyName = IdentityCertificate.certificateNameToPublicKeyName(
certificateName)
self.assertTrue(self.identityStorage.doesIdentityExist(identityName),
"Identity was not added to IdentityStorage")
self.assertIsNotNone(keyName, "New identity has no key")
self.assertTrue(self.identityStorage.doesKeyExist(keyName),
"Key was not added to IdentityStorage")
self.assertIsNotNone(certificateName,
"Certificate was not added to IdentityStorage")
self.keyChain.deleteIdentity(identityName)
self.assertFalse(self.identityStorage.doesIdentityExist(identityName),
"Identity still in IdentityStorage after revoking")
self.assertFalse(
self.identityStorage.doesKeyExist(keyName),
"Key still in IdentityStorage after identity was deletedInfo")
self.assertFalse(
self.identityStorage.doesCertificateExist(certificateName),
"Certificate still in IdentityStorage after identity was deletedInfo"
)
with self.assertRaises(SecurityException):
self.identityManager.getDefaultCertificateNameForIdentity(
identityName)
def test_key_create_delete(self):
identityName = Name('/TestIdentityStorage/Identity').appendVersion(
int(time.time()))
keyName1 = self.keyChain.generateRSAKeyPair(identityName, True)
self.keyChain.getIdentityManager().setDefaultKeyForIdentity(keyName1)
keyName2 = self.keyChain.generateRSAKeyPair(identityName, False)
self.assertEqual(
self.identityManager.getDefaultKeyNameForIdentity(identityName),
keyName1, "Default key name was changed without explicit request")
self.assertNotEqual(
self.identityManager.getDefaultKeyNameForIdentity(identityName),
keyName2,
"Newly created key replaced default key without explicit request")
self.identityStorage.deletePublicKeyInfo(keyName2)
self.assertFalse(self.identityStorage.doesKeyExist(keyName2))
self.keyChain.deleteIdentity(identityName)
def test_key_autocreate_identity(self):
keyName1 = Name('/TestSqlIdentityStorage/KeyType/RSA/ksk-12345')
identityName = keyName1[:-1]
decodedKey = base64.b64decode(RSA_DER)
self.identityStorage.addKey(keyName1, KeyType.RSA, Blob(decodedKey))
self.identityStorage.setDefaultKeyNameForIdentity(keyName1)
self.assertTrue(self.identityStorage.doesKeyExist(keyName1),
"Key was not added")
self.assertTrue(self.identityStorage.doesIdentityExist(identityName),
"Identity for key was not automatically created")
self.assertEqual(
self.identityManager.getDefaultKeyNameForIdentity(identityName),
keyName1, "Default key was not set on identity creation")
with self.assertRaises(SecurityException):
self.identityStorage.getDefaultCertificateNameForKey(keyName1)
with self.assertRaises(SecurityException):
# we have no private key for signing
self.identityManager.selfSign(keyName1)
with self.assertRaises(SecurityException):
self.identityStorage.getDefaultCertificateNameForKey(keyName1)
with self.assertRaises(SecurityException):
self.identityManager.getDefaultCertificateNameForIdentity(
identityName)
keyName2 = self.identityManager.generateRSAKeyPairAsDefault(
identityName)
cert = self.identityManager.selfSign(keyName2)
self.identityManager.addCertificateAsIdentityDefault(cert)
certName1 = self.identityManager.getDefaultCertificateNameForIdentity(
identityName)
certName2 = self.identityStorage.getDefaultCertificateNameForKey(
keyName2)
self.assertEqual(
certName1, certName2,
"Key-certificate mapping and identity-certificate mapping are not consistent"
)
self.keyChain.deleteIdentity(identityName)
self.assertFalse(self.identityStorage.doesKeyExist(keyName1))
def test_certificate_add_delete(self):
identityName = Name('/TestIdentityStorage/Identity').appendVersion(
int(time.time()))
self.identityManager.createIdentityAndCertificate(
identityName, KeyChain.DEFAULT_KEY_PARAMS)
keyName1 = self.identityManager.getDefaultKeyNameForIdentity(
identityName)
cert2 = self.identityManager.selfSign(keyName1)
self.identityStorage.addCertificate(cert2)
certName2 = cert2.getName()
certName1 = self.identityManager.getDefaultCertificateNameForIdentity(
identityName)
self.assertNotEqual(
certName1, certName2,
"New certificate was set as default without explicit request")
self.identityStorage.deleteCertificateInfo(certName1)
self.assertTrue(self.identityStorage.doesCertificateExist(certName2))
self.assertFalse(self.identityStorage.doesCertificateExist(certName1))
self.keyChain.deleteIdentity(identityName)
self.assertFalse(self.identityStorage.doesCertificateExist(certName2))
def test_stress(self):
# ndn-cxx/tests/unit-tests/security/test-sec-public-info-sqlite3.cpp
identityName = Name("/TestSecPublicInfoSqlite3/Delete").appendVersion(
int(time.time()))
# ndn-cxx returns the cert name, but the IndentityManager docstring
# specifies a key
certName1 = self.keyChain.createIdentityAndCertificate(identityName)
keyName1 = IdentityCertificate.certificateNameToPublicKeyName(
certName1)
keyName2 = self.keyChain.generateRSAKeyPairAsDefault(identityName)
cert2 = self.identityManager.selfSign(keyName2)
certName2 = cert2.getName()
self.identityManager.addCertificateAsDefault(cert2)
keyName3 = self.keyChain.generateRSAKeyPairAsDefault(identityName)
cert3 = self.identityManager.selfSign(keyName3)
certName3 = cert3.getName()
self.identityManager.addCertificateAsDefault(cert3)
cert4 = self.identityManager.selfSign(keyName3)
self.identityManager.addCertificateAsDefault(cert4)
certName4 = cert4.getName()
cert5 = self.identityManager.selfSign(keyName3)
self.identityManager.addCertificateAsDefault(cert5)
certName5 = cert5.getName()
self.assertTrue(self.identityStorage.doesIdentityExist(identityName))
self.assertTrue(self.identityStorage.doesKeyExist(keyName1))
self.assertTrue(self.identityStorage.doesKeyExist(keyName2))
self.assertTrue(self.identityStorage.doesKeyExist(keyName3))
self.assertTrue(self.identityStorage.doesCertificateExist(certName1))
self.assertTrue(self.identityStorage.doesCertificateExist(certName2))
self.assertTrue(self.identityStorage.doesCertificateExist(certName3))
self.assertTrue(self.identityStorage.doesCertificateExist(certName4))
self.assertTrue(self.identityStorage.doesCertificateExist(certName5))
self.identityStorage.deleteCertificateInfo(certName5)
self.assertFalse(self.identityStorage.doesCertificateExist(certName5))
self.assertTrue(self.identityStorage.doesCertificateExist(certName4))
self.assertTrue(self.identityStorage.doesCertificateExist(certName3))
self.assertTrue(self.identityStorage.doesKeyExist(keyName2))
self.identityStorage.deletePublicKeyInfo(keyName3)
self.assertFalse(self.identityStorage.doesCertificateExist(certName4))
self.assertFalse(self.identityStorage.doesCertificateExist(certName3))
self.assertFalse(self.identityStorage.doesKeyExist(keyName3))
self.assertTrue(self.identityStorage.doesKeyExist(keyName2))
self.assertTrue(self.identityStorage.doesKeyExist(keyName1))
self.assertTrue(self.identityStorage.doesIdentityExist(identityName))
self.keyChain.deleteIdentity(identityName)
self.assertFalse(self.identityStorage.doesCertificateExist(certName2))
self.assertFalse(self.identityStorage.doesKeyExist(keyName2))
self.assertFalse(self.identityStorage.doesCertificateExist(certName1))
self.assertFalse(self.identityStorage.doesKeyExist(keyName1))
self.assertFalse(self.identityStorage.doesIdentityExist(identityName))
class BaseNode(object):
"""
This class contains methods/attributes common to both node and controller.
"""
def __init__(self, transport = None, conn = None):
"""
Initialize the network and security classes for the node
"""
super(BaseNode, self).__init__()
self.faceTransport = transport
self.faceConn = conn
self._identityStorage = BasicIdentityStorage()
self._identityManager = IdentityManager(self._identityStorage, FilePrivateKeyStorage())
self._policyManager = IotPolicyManager(self._identityStorage)
# hopefully there is some private/public key pair available
self._keyChain = KeyChain(self._identityManager, self._policyManager)
self._registrationFailures = 0
self._prepareLogging()
self._setupComplete = False
##
# Logging
##
def _prepareLogging(self):
self.log = logging.getLogger(str(self.__class__))
self.log.setLevel(logging.DEBUG)
logFormat = "%(asctime)-15s %(name)-20s %(funcName)-20s (%(levelname)-8s):\n\t%(message)s"
self._console = logging.StreamHandler()
self._console.setFormatter(logging.Formatter(logFormat))
self._console.setLevel(logging.INFO)
# without this, a lot of ThreadsafeFace errors get swallowed up
logging.getLogger("trollius").addHandler(self._console)
self.log.addHandler(self._console)
def setLogLevel(self, level):
"""
Set the log level that will be output to standard error
:param level: A log level constant defined in the logging module (e.g. logging.INFO)
"""
self._console.setLevel(level)
def getLogger(self):
"""
:return: The logger associated with this node
:rtype: logging.Logger
"""
return self.log
###
# Startup and shutdown
###
def beforeLoopStart(self):
"""
Called before the event loop starts.
"""
pass
def getDefaultCertificateName(self):
try:
certName = self._identityStorage.getDefaultCertificateNameForIdentity(
self._policyManager.getDeviceIdentity())
except SecurityException as e:
# zhehao: in the case of producer's /localhop prefixes, the default key is not defined in ndnsec-public-info.db
certName = self._keyChain.createIdentityAndCertificate(self._policyManager.getDeviceIdentity())
#certName = self._keyChain.getDefaultCertificateName()
#print(certName.toUri())
return certName
def start(self):
"""
Begins the event loop. After this, the node's Face is set up and it can
send/receive interests+data
"""
self.log.info("Starting up")
self.loop = asyncio.get_event_loop()
if (self.faceTransport == None or self.faceTransport == ''):
self.face = ThreadsafeFace(self.loop)
else:
self.face = ThreadsafeFace(self.loop, self.faceTransport, self.faceConn)
self.face.setCommandSigningInfo(self._keyChain, self.getDefaultCertificateName())
self._keyChain.setFace(self.face)
self._isStopped = False
self.beforeLoopStart()
try:
self.loop.run_forever()
except Exception as e:
self.log.exception(exc_info=True)
finally:
self.stop()
def stop(self):
"""
Stops the node, taking it off the network
"""
self.log.info("Shutting down")
self._isStopped = True
self.loop.stop()
###
# Data handling
###
def signData(self, data):
"""
Sign the data with our network certificate
:param pyndn.Data data: The data to sign
"""
self._keyChain.sign(data, self.getDefaultCertificateName())
def sendData(self, data, sign=True):
"""
Reply to an interest with a data packet, optionally signing it.
:param pyndn.Data data: The response data packet
:param boolean sign: (optional, default=True) Whether the response must be signed.
"""
if sign:
self.signData(data)
self.face.putData(data)
###
#
#
##
def onRegisterFailed(self, prefix):
"""
Called when the node cannot register its name with the forwarder
:param pyndn.Name prefix: The network name that failed registration
"""
if self.faceTransport != None and self.faceConn != None:
self.log.warn("Explicit face transport and connectionInfo: Could not register {}; expect a manual or autoreg on the other side.".format(prefix.toUri()))
elif self._registrationFailures < 5:
self._registrationFailures += 1
self.log.warn("Could not register {}, retry: {}/{}".format(prefix.toUri(), self._registrationFailures, 5))
self.face.registerPrefix(self.prefix, self._onCommandReceived, self.onRegisterFailed)
else:
self.log.info("Prefix registration failed")
self.stop()
def verificationFailed(self, dataOrInterest):
"""
Called when verification of a data packet or command interest fails.
:param pyndn.Data or pyndn.Interest: The packet that could not be verified
"""
self.log.info("Received invalid" + dataOrInterest.getName().toUri())
@staticmethod
def getSerial():
"""
Find and return the serial number of the Raspberry Pi. Provided in case
you wish to distinguish data from nodes with the same name by serial.
:return: The serial number extracted from device information in /proc/cpuinfo
:rtype: str
"""
try:
with open('/proc/cpuinfo') as f:
for line in f:
if line.startswith('Serial'):
return line.split(':')[1].strip()
except NameError:
return "todo"
class BaseNode(object):
"""
This class contains methods/attributes common to both node and controller.
"""
def __init__(self, transport = None, conn = None):
"""
Initialize the network and security classes for the node
"""
super(BaseNode, self).__init__()
self.faceTransport = transport
self.faceConn = conn
self._identityStorage = BasicIdentityStorage()
self._identityManager = IdentityManager(self._identityStorage, FilePrivateKeyStorage())
self._policyManager = IotPolicyManager(self._identityStorage)
# hopefully there is some private/public key pair available
self._keyChain = KeyChain(self._identityManager, self._policyManager)
self._registrationFailures = 0
self._prepareLogging()
self._setupComplete = False
##
# Logging
##
def _prepareLogging(self):
self.log = logging.getLogger(str(self.__class__))
self.log.setLevel(logging.DEBUG)
logFormat = "%(asctime)-15s %(name)-20s %(funcName)-20s (%(levelname)-8s):\n\t%(message)s"
self._console = logging.StreamHandler()
self._console.setFormatter(logging.Formatter(logFormat))
self._console.setLevel(logging.INFO)
# without this, a lot of ThreadsafeFace errors get swallowed up
logging.getLogger("trollius").addHandler(self._console)
self.log.addHandler(self._console)
def setLogLevel(self, level):
"""
Set the log level that will be output to standard error
:param level: A log level constant defined in the logging module (e.g. logging.INFO)
"""
self._console.setLevel(level)
def getLogger(self):
"""
:return: The logger associated with this node
:rtype: logging.Logger
"""
return self.log
###
# Startup and shutdown
###
def beforeLoopStart(self):
"""
Called before the event loop starts.
"""
pass
def getDefaultCertificateName(self):
try:
certName = self._identityStorage.getDefaultCertificateNameForIdentity(
self._policyManager.getDeviceIdentity())
except SecurityException as e:
# zhehao: in the case of producer's /localhop prefixes, the default key is not defined in ndnsec-public-info.db
certName = self._keyChain.createIdentityAndCertificate(self._policyManager.getDeviceIdentity())
#certName = self._keyChain.getDefaultCertificateName()
#print(certName.toUri())
return certName
def start(self):
"""
Begins the event loop. After this, the node's Face is set up and it can
send/receive interests+data
"""
self.log.info("Starting up")
self.loop = asyncio.get_event_loop()
if (self.faceTransport == None or self.faceTransport == ''):
self.face = ThreadsafeFace(self.loop)
else:
self.face = ThreadsafeFace(self.loop, self.faceTransport, self.faceConn)
self.face.setCommandSigningInfo(self._keyChain, self.getDefaultCertificateName())
self._keyChain.setFace(self.face)
self._isStopped = False
self.beforeLoopStart()
try:
self.loop.run_forever()
except Exception as e:
self.log.exception(exc_info=True)
finally:
self.stop()
def stop(self):
"""
Stops the node, taking it off the network
"""
self.log.info("Shutting down")
self._isStopped = True
self.loop.stop()
###
# Data handling
###
def signData(self, data):
"""
Sign the data with our network certificate
:param pyndn.Data data: The data to sign
"""
self._keyChain.sign(data, self.getDefaultCertificateName())
def sendData(self, data, sign=True):
"""
Reply to an interest with a data packet, optionally signing it.
:param pyndn.Data data: The response data packet
:param boolean sign: (optional, default=True) Whether the response must be signed.
"""
if sign:
self.signData(data)
self.face.putData(data)
###
#
#
##
def onRegisterFailed(self, prefix):
"""
Called when the node cannot register its name with the forwarder
:param pyndn.Name prefix: The network name that failed registration
"""
if self.faceTransport != None and self.faceConn != None:
self.log.warn("Explicit face transport and connectionInfo: Could not register {}; expect a manual or autoreg on the other side.".format(prefix.toUri()))
elif self._registrationFailures < 5:
self._registrationFailures += 1
self.log.warn("Could not register {}, retry: {}/{}".format(prefix.toUri(), self._registrationFailures, 5))
self.face.registerPrefix(self.prefix, self._onCommandReceived, self.onRegisterFailed)
else:
self.log.info("Prefix registration failed")
self.stop()
def verificationFailed(self, dataOrInterest):
"""
Called when verification of a data packet or command interest fails.
:param pyndn.Data or pyndn.Interest: The packet that could not be verified
"""
self.log.info("Received invalid" + dataOrInterest.getName().toUri())
@staticmethod
def getSerial():
"""
Find and return the serial number of the Raspberry Pi. Provided in case
you wish to distinguish data from nodes with the same name by serial.
:return: The serial number extracted from device information in /proc/cpuinfo
:rtype: str
"""
try:
if PLATFORM == "raspberry pi":
with open('/proc/cpuinfo') as f:
for line in f:
if line.startswith('Serial'):
return line.split(':')[1].strip()
else:
return "todo"
except NameError:
return "todo"
class TestSqlIdentityStorage(ut.TestCase):
def setUp(self):
# Reuse the policy_config subdirectory for the temporary SQLite file.
self.databaseFilePath = "policy_config/test-public-info.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
self.identityStorage = BasicIdentityStorage(self.databaseFilePath)
self.identityManager = IdentityManager(self.identityStorage,
FilePrivateKeyStorage())
self.policyManager = SelfVerifyPolicyManager(self.identityStorage)
self.keyChain = KeyChain(self.identityManager, self.policyManager)
def tearDown(self):
try:
os.remove(self.databaseFilePath)
except OSError:
pass
def test_identity_create_delete(self):
identityName = Name('/TestIdentityStorage/Identity').appendVersion(
int(time.time()))
certificateName = self.keyChain.createIdentityAndCertificate(identityName)
keyName = IdentityCertificate.certificateNameToPublicKeyName(certificateName)
self.assertTrue(self.identityStorage.doesIdentityExist(identityName),
"Identity was not added to IdentityStorage")
self.assertIsNotNone(keyName, "New identity has no key")
self.assertTrue(self.identityStorage.doesKeyExist(keyName),
"Key was not added to IdentityStorage")
self.assertIsNotNone(certificateName,
"Certificate was not added to IdentityStorage")
self.keyChain.deleteIdentity(identityName)
self.assertFalse(self.identityStorage.doesIdentityExist(identityName),
"Identity still in IdentityStorage after identity was deleted")
self.assertFalse(self.identityStorage.doesKeyExist(keyName),
"Key still in IdentityStorage after identity was deleted")
self.assertFalse(self.identityStorage.doesCertificateExist(certificateName),
"Certificate still in IdentityStorage after identity was deleted")
with self.assertRaises(SecurityException):
self.identityManager.getDefaultCertificateNameForIdentity(identityName)
def test_key_create_delete(self):
identityName = Name('/TestIdentityStorage/Identity').appendVersion(
int(time.time()))
keyName1 = self.keyChain.generateRSAKeyPair(identityName, True)
self.keyChain.getIdentityManager().setDefaultKeyForIdentity(keyName1)
keyName2 = self.keyChain.generateRSAKeyPair(identityName, False)
self.assertEqual(self.identityManager.getDefaultKeyNameForIdentity(identityName),
keyName1, "Default key name was changed without explicit request")
self.assertNotEqual(self.identityManager.getDefaultKeyNameForIdentity(identityName),
keyName2, "Newly created key replaced default key without explicit request")
self.identityStorage.deletePublicKeyInfo(keyName2)
self.assertFalse(self.identityStorage.doesKeyExist(keyName2))
self.keyChain.deleteIdentity(identityName)
def test_key_autocreate_identity(self):
keyName1 = Name('/TestSqlIdentityStorage/KeyType/RSA/ksk-12345')
identityName = keyName1[:-1]
decodedKey = base64.b64decode(RSA_DER)
self.identityStorage.addKey(keyName1, KeyType.RSA, Blob(decodedKey))
self.identityStorage.setDefaultKeyNameForIdentity(keyName1)
self.assertTrue(self.identityStorage.doesKeyExist(keyName1),
"Key was not added")
self.assertTrue(self.identityStorage.doesIdentityExist(identityName),
"Identity for key was not automatically created")
self.assertEqual(self.identityManager.getDefaultKeyNameForIdentity(identityName),
keyName1, "Default key was not set on identity creation")
with self.assertRaises(SecurityException):
self.identityStorage.getDefaultCertificateNameForKey(keyName1)
with self.assertRaises(SecurityException):
# we have no private key for signing
self.identityManager.selfSign(keyName1)
with self.assertRaises(SecurityException):
self.identityStorage.getDefaultCertificateNameForKey(keyName1)
with self.assertRaises(SecurityException):
self.identityManager.getDefaultCertificateNameForIdentity(identityName)
keyName2 = self.identityManager.generateRSAKeyPairAsDefault(identityName)
cert = self.identityManager.selfSign(keyName2)
self.identityManager.addCertificateAsIdentityDefault(cert)
certName1 = self.identityManager.getDefaultCertificateNameForIdentity(identityName)
certName2 = self.identityStorage.getDefaultCertificateNameForKey(keyName2)
self.assertEqual(certName1, certName2,
"Key-certificate mapping and identity-certificate mapping are not consistent")
self.keyChain.deleteIdentity(identityName)
self.assertFalse(self.identityStorage.doesKeyExist(keyName1))
def test_certificate_add_delete(self):
identityName = Name('/TestIdentityStorage/Identity').appendVersion(
int(time.time()))
self.identityManager.createIdentityAndCertificate(
identityName, KeyChain.DEFAULT_KEY_PARAMS)
keyName1 = self.identityManager.getDefaultKeyNameForIdentity(identityName)
cert2 = self.identityManager.selfSign(keyName1)
self.identityStorage.addCertificate(cert2)
certName2 = cert2.getName()
certName1 = self.identityManager.getDefaultCertificateNameForIdentity(identityName)
self.assertNotEqual(certName1, certName2,
"New certificate was set as default without explicit request")
self.identityStorage.deleteCertificateInfo(certName1)
self.assertTrue(self.identityStorage.doesCertificateExist(certName2))
self.assertFalse(self.identityStorage.doesCertificateExist(certName1))
self.keyChain.deleteIdentity(identityName)
self.assertFalse(self.identityStorage.doesCertificateExist(certName2))
def test_stress(self):
# ndn-cxx/tests/unit-tests/security/test-sec-public-info-sqlite3.cpp
identityName = Name("/TestSecPublicInfoSqlite3/Delete").appendVersion(
int(time.time()))
# ndn-cxx returns the cert name, but the IndentityManager docstring
# specifies a key
certName1 = self.keyChain.createIdentityAndCertificate(identityName)
keyName1 = IdentityCertificate.certificateNameToPublicKeyName(certName1)
keyName2 = self.keyChain.generateRSAKeyPairAsDefault(identityName)
cert2 = self.identityManager.selfSign(keyName2)
certName2 = cert2.getName()
self.identityManager.addCertificateAsDefault(cert2)
keyName3 = self.keyChain.generateRSAKeyPairAsDefault(identityName)
cert3 = self.identityManager.selfSign(keyName3)
certName3 = cert3.getName()
self.identityManager.addCertificateAsDefault(cert3)
cert4 = self.identityManager.selfSign(keyName3)
self.identityManager.addCertificateAsDefault(cert4)
certName4 = cert4.getName()
cert5 = self.identityManager.selfSign(keyName3)
self.identityManager.addCertificateAsDefault(cert5)
certName5 = cert5.getName()
self.assertTrue(self.identityStorage.doesIdentityExist(identityName))
self.assertTrue(self.identityStorage.doesKeyExist(keyName1))
self.assertTrue(self.identityStorage.doesKeyExist(keyName2))
self.assertTrue(self.identityStorage.doesKeyExist(keyName3))
self.assertTrue(self.identityStorage.doesCertificateExist(certName1))
self.assertTrue(self.identityStorage.doesCertificateExist(certName2))
self.assertTrue(self.identityStorage.doesCertificateExist(certName3))
self.assertTrue(self.identityStorage.doesCertificateExist(certName4))
self.assertTrue(self.identityStorage.doesCertificateExist(certName5))
self.identityStorage.deleteCertificateInfo(certName5)
self.assertFalse(self.identityStorage.doesCertificateExist(certName5))
self.assertTrue(self.identityStorage.doesCertificateExist(certName4))
self.assertTrue(self.identityStorage.doesCertificateExist(certName3))
self.assertTrue(self.identityStorage.doesKeyExist(keyName2))
self.identityStorage.deletePublicKeyInfo(keyName3)
self.assertFalse(self.identityStorage.doesCertificateExist(certName4))
self.assertFalse(self.identityStorage.doesCertificateExist(certName3))
self.assertFalse(self.identityStorage.doesKeyExist(keyName3))
self.assertTrue(self.identityStorage.doesKeyExist(keyName2))
self.assertTrue(self.identityStorage.doesKeyExist(keyName1))
self.assertTrue(self.identityStorage.doesIdentityExist(identityName))
self.keyChain.deleteIdentity(identityName)
self.assertFalse(self.identityStorage.doesCertificateExist(certName2))
self.assertFalse(self.identityStorage.doesKeyExist(keyName2))
self.assertFalse(self.identityStorage.doesCertificateExist(certName1))
self.assertFalse(self.identityStorage.doesKeyExist(keyName1))
self.assertFalse(self.identityStorage.doesIdentityExist(identityName))
import unittest as ut
import os, time, base64, re, json, sys, getopt
from pyndn import Name, Data, Face, Interest, Link
from pyndn.util import Blob, MemoryContentCache
from pyndn.encrypt import Schedule, Consumer, Sqlite3ConsumerDb, EncryptedContent
from pyndn.security import KeyType, KeyChain, RsaKeyParams, SecurityException
from pyndn.security.certificate import IdentityCertificate
from pyndn.security.identity import IdentityManager
from pyndn.security.identity import BasicIdentityStorage, FilePrivateKeyStorage, MemoryIdentityStorage, MemoryPrivateKeyStorage
from pyndn.security.policy import NoVerifyPolicyManager
# Set up the keyChain.
identityStorage = BasicIdentityStorage()
privateKeyStorage = FilePrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
NoVerifyPolicyManager())
# dvu identity
identityName = Name("/org/openmhealth/dvu")
certificateName = keyChain.createIdentityAndCertificate(identityName)
keyName = IdentityCertificate.certificateNameToPublicKeyName(certificateName)
certificate = identityStorage.getCertificate(certificateName)
print keyName
print certificateName
print certificate
print privateKeyStorage.nameTransform(keyName.toUri(), ".pri")
#with open(privateKeyStorage.nameTransform(keyName.toUri(), ".pri")) as keyFile:
# base64Content = keyFile.read()
# decoded = base64.b64decode(base64Content)
# print decoded
