def test_authorisation(bucket): push_is_running_service() try: key = get_private_key("testing") resource = uuid.uuid4() auth = Authorisation(resource=resource, testing_key=key) auth.assert_once() with pytest.raises(PermissionError): auth.assert_once() auth.verify(resource=resource) wrong_resource = uuid.uuid4() with pytest.raises(PermissionError): auth.verify(resource=wrong_resource) data = auth.to_data() new_auth = Authorisation.from_data(data) with pytest.raises(PermissionError): new_auth.verify(resource=resource) new_auth._testing_key = key new_auth.verify(resource=resource) with pytest.raises(PermissionError): new_auth.assert_once() with pytest.raises(PermissionError): new_auth.verify(resource=wrong_resource) except: pop_is_running_service() raise pop_is_running_service()
def test_accounts(bucket): for user_guid in [None, "chris@something", "ƒ˚®ø©∆∂µ@¨^ø¨^ø"]: if user_guid is None: accounts = Accounts(group=user_guid, aclrules=ACLRules.owner(user_guid=None)) else: accounts = Accounts(user_guid=user_guid) account_names = [ "new account", "chris's checking account", "å∫ç∂´® account" ] created_accounts = {} testing_key = get_private_key("testing") for name in account_names: authorisation = Authorisation(resource="create_account %s" % name, testing_key=testing_key, testing_user_guid=user_guid) account = accounts.create_account(name, description="Account: %s" % name, bucket=bucket, authorisation=authorisation) assert (name == account.name()) created_accounts[name] = account names = accounts.list_accounts() for name in account_names: assert (name in names) for name in account_names: account = accounts.get_account(name, bucket=bucket) assert (name == account.name()) assert (account == created_accounts[name])
def test_service(service_url, aaai_services): # get the public service from the default API frontend privkey = get_private_key("testing") response = call_function(service_url, response_key=privkey) service = Service.from_data(response["service_info"]) # also read the service from the object store directly push_testing_objstore(aaai_services["_services"][service_url]) push_is_running_service() private_service = get_this_service(need_private_access=True) pop_is_running_service() pop_testing_objstore() # create some test data that contain unicode characters for # testing encryption, signing and both encryption and signing data = {"hello": "'å∫ç∂ƒ©˙˚'", "key": privkey.public_key().to_data()} encrypted = service.encrypt_data(data) decrypted = private_service.decrypt_data(encrypted) assert(data == decrypted) signed = private_service.sign_data(data) verified = service.verify_data(signed) assert(data == verified) enc_sign = service.encrypt_data(private_service.sign_data(data)) dec_ver = service.verify_data(private_service.decrypt_data(enc_sign)) assert(data == dec_ver) service.call_function("admin/test") admin_user = aaai_services[service_url]["user"] auth = Authorisation(user=admin_user, resource="dump_keys %s" % service.uid()) service.call_function( function="dump_keys", args={"authorisation": auth.to_data()})
from Acquire.Service import get_service_account_bucket, is_running_service, \ push_is_running_service, pop_is_running_service try: from freezegun import freeze_time have_freezetime = True except: have_freezetime = False account1_user = "******" account2_user = "******" account1_overdraft_limit = 1500000 account2_overdraft_limit = 2500000 testing_key = get_private_key("testing") start_time = get_datetime_now() - datetime.timedelta(days=365) @pytest.fixture(scope="session") def bucket(tmpdir_factory): try: return get_service_account_bucket() except: d = tmpdir_factory.mktemp("objstore") push_is_running_service() bucket = get_service_account_bucket(str(d)) while is_running_service(): pop_is_running_service() return bucket
def test_pack_unpack_args_returnvals(): privkey = get_private_key("testing") pubkey = privkey.public_key() args = {"message": "Hello, this is a message", "status": 0, "long": [random.random() for _ in range(2)]} func = "test_function" packed = pack_arguments(function=func, args=args) crypted = pubkey.encrypt(packed) uncrypted = privkey.decrypt(crypted) (f, unpacked, keys) = unpack_arguments(args=uncrypted) print(keys) assert(args == unpacked) assert(f == func) packed = pack_arguments(function=func, args=args, key=pubkey, response_key=pubkey, public_cert=pubkey) data = json.loads(packed.decode("utf-8")) assert(data["encrypted"]) assert(data["fingerprint"] == privkey.fingerprint()) payload = privkey.decrypt(string_to_bytes(data["data"])) payload = json.loads(payload) assert(payload["sign_with_service_key"] == privkey.fingerprint()) assert(payload["encryption_public_key"] == bytes_to_string(pubkey.bytes())) assert(payload["payload"] == args) (f, unpacked, keys) = unpack_arguments(function=func, args=packed, key=privkey) message = {"message": "OK"} return_value = create_return_value(message) packed_result = pack_return_value(function=func, payload=return_value, key=keys, private_cert=privkey) result = json.loads(packed_result.decode("utf-8")) assert(result["fingerprint"] == privkey.fingerprint()) assert(result["encrypted"]) data = string_to_bytes(result["data"]) sig = string_to_bytes(result["signature"]) pubkey.verify(signature=sig, message=data) data = json.loads(privkey.decrypt(data)) assert(data["payload"]["return"] == message) result = unpack_return_value(return_value=packed_result, key=privkey, public_cert=pubkey) assert(result == message) try: return_value = create_return_value(_foo()) except Exception as e: return_value = create_return_value(e) packed_result = pack_return_value(function=func, payload=return_value, key=keys, private_cert=privkey) with pytest.raises(PermissionError): result = unpack_return_value(function=func, return_value=packed_result, key=privkey, public_cert=pubkey)
def test_par(bucket): privkey = get_private_key() pubkey = privkey.public_key() # first try to create a PAR for the whole bucket par = ObjectStore.create_par(bucket, readable=False, writeable=True, duration=100, encrypt_key=pubkey) # should not take 10 seconds to create and return the PAR... assert(par.seconds_remaining(buffer=0) > 90) assert(par.seconds_remaining(buffer=0) < 101) # trying to create a par for a non-existant object should fail key = "something" value = "∆ƒ^ø ®∆ ®∆ #®∆… ®#€ €" with pytest.raises(PARError): par = ObjectStore.create_par(bucket, key=key, encrypt_key=pubkey) ObjectStore.set_string_object(bucket, key, value) par = ObjectStore.create_par(bucket, key=key, duration=60, encrypt_key=pubkey) assert(par.seconds_remaining(buffer=0) > 55) assert(par.seconds_remaining(buffer=0) < 61) assert(not par.is_writeable()) assert(par.key() == key) val = par.read(privkey).get_string_object() assert(val == value) value = "∆˚¬# #ª ƒ∆ ¬¬¬˚¬∂ß ˚¬ ¬¬¬ßßß" with pytest.raises(PARPermissionsError): par.write(privkey).set_string_object(value) # close the PAR and then assert a closed PAR is null par.close() assert(par.is_null()) par = ObjectStore.create_par(bucket, key=key, readable=True, writeable=True, encrypt_key=pubkey) data = par.to_data() par2 = OSPar.from_data(data) value = "something " + str(uuid.uuid4()) par2.write(privkey).set_string_object(value) val = par.read(privkey).get_string_object() assert(val == value) par = ObjectStore.create_par(bucket, encrypt_key=pubkey, key=key, writeable=True, duration=60) par.write(privkey).set_string_object(value) assert(par.read(privkey).get_string_object() == value) assert(ObjectStore.get_string_object(bucket, key) == value) par = ObjectStore.create_par(bucket, readable=False, writeable=True, duration=120, encrypt_key=pubkey) assert(not par.is_readable()) assert(par.is_writeable()) assert(par.is_bucket()) d = "testing" keyvals = {"one": "^¬#∆˚¬€", "two": "∆¡πª¨ƒ∆", "three": "€√≠ç~ç~€", "four": "hello world!", "subdir/five": "#º©√∆˚∆˚¬€ €˚∆ƒ¬"} for (key, value) in keyvals.items(): par.write(privkey).set_string_object("%s/%s" % (d, key), value) for key in keyvals.keys(): par = ObjectStore.create_par(bucket, key="%s/%s" % (d, key), duration=60, encrypt_key=pubkey) value = par.read(privkey).get_string_object() assert(keyvals[key] == value)