def test_authorisation(bucket):
push_is_running_service()
try:
key = get_private_key("testing")
resource = uuid.uuid4()
auth = Authorisation(resource=resource, testing_key=key)
auth.assert_once()
with pytest.raises(PermissionError):
auth.assert_once()
auth.verify(resource=resource)
wrong_resource = uuid.uuid4()
with pytest.raises(PermissionError):
auth.verify(resource=wrong_resource)
data = auth.to_data()
new_auth = Authorisation.from_data(data)
with pytest.raises(PermissionError):
new_auth.verify(resource=resource)
new_auth._testing_key = key
new_auth.verify(resource=resource)
with pytest.raises(PermissionError):
new_auth.assert_once()
with pytest.raises(PermissionError):
new_auth.verify(resource=wrong_resource)
except:
pop_is_running_service()
raise
pop_is_running_service()
def test_accounts(bucket):
for user_guid in [None, "chris@something", "ƒ˚®ø©∆∂µ@¨^ø¨^ø"]:
if user_guid is None:
accounts = Accounts(group=user_guid,
aclrules=ACLRules.owner(user_guid=None))
else:
accounts = Accounts(user_guid=user_guid)
account_names = [
"new account", "chris's checking account", "å∫ç∂´® account"
]
created_accounts = {}
testing_key = get_private_key("testing")
for name in account_names:
authorisation = Authorisation(resource="create_account %s" % name,
testing_key=testing_key,
testing_user_guid=user_guid)
account = accounts.create_account(name,
description="Account: %s" % name,
bucket=bucket,
authorisation=authorisation)
assert (name == account.name())
created_accounts[name] = account
names = accounts.list_accounts()
for name in account_names:
assert (name in names)
for name in account_names:
account = accounts.get_account(name, bucket=bucket)
assert (name == account.name())
assert (account == created_accounts[name])
def test_service(service_url, aaai_services):
# get the public service from the default API frontend
privkey = get_private_key("testing")
response = call_function(service_url, response_key=privkey)
service = Service.from_data(response["service_info"])
# also read the service from the object store directly
push_testing_objstore(aaai_services["_services"][service_url])
push_is_running_service()
private_service = get_this_service(need_private_access=True)
pop_is_running_service()
pop_testing_objstore()
# create some test data that contain unicode characters for
# testing encryption, signing and both encryption and signing
data = {"hello": "'å∫ç∂ƒ©˙˚'", "key": privkey.public_key().to_data()}
encrypted = service.encrypt_data(data)
decrypted = private_service.decrypt_data(encrypted)
assert(data == decrypted)
signed = private_service.sign_data(data)
verified = service.verify_data(signed)
assert(data == verified)
enc_sign = service.encrypt_data(private_service.sign_data(data))
dec_ver = service.verify_data(private_service.decrypt_data(enc_sign))
assert(data == dec_ver)
service.call_function("admin/test")
admin_user = aaai_services[service_url]["user"]
auth = Authorisation(user=admin_user,
resource="dump_keys %s" % service.uid())
service.call_function(
function="dump_keys", args={"authorisation": auth.to_data()})
from Acquire.Service import get_service_account_bucket, is_running_service, \
push_is_running_service, pop_is_running_service
try:
from freezegun import freeze_time
have_freezetime = True
except:
have_freezetime = False
account1_user = "******"
account2_user = "******"
account1_overdraft_limit = 1500000
account2_overdraft_limit = 2500000
testing_key = get_private_key("testing")
start_time = get_datetime_now() - datetime.timedelta(days=365)
@pytest.fixture(scope="session")
def bucket(tmpdir_factory):
try:
return get_service_account_bucket()
except:
d = tmpdir_factory.mktemp("objstore")
push_is_running_service()
bucket = get_service_account_bucket(str(d))
while is_running_service():
pop_is_running_service()
return bucket
def test_pack_unpack_args_returnvals():
privkey = get_private_key("testing")
pubkey = privkey.public_key()
args = {"message": "Hello, this is a message",
"status": 0,
"long": [random.random() for _ in range(2)]}
func = "test_function"
packed = pack_arguments(function=func, args=args)
crypted = pubkey.encrypt(packed)
uncrypted = privkey.decrypt(crypted)
(f, unpacked, keys) = unpack_arguments(args=uncrypted)
print(keys)
assert(args == unpacked)
assert(f == func)
packed = pack_arguments(function=func, args=args,
key=pubkey, response_key=pubkey,
public_cert=pubkey)
data = json.loads(packed.decode("utf-8"))
assert(data["encrypted"])
assert(data["fingerprint"] == privkey.fingerprint())
payload = privkey.decrypt(string_to_bytes(data["data"]))
payload = json.loads(payload)
assert(payload["sign_with_service_key"] == privkey.fingerprint())
assert(payload["encryption_public_key"] == bytes_to_string(pubkey.bytes()))
assert(payload["payload"] == args)
(f, unpacked, keys) = unpack_arguments(function=func, args=packed,
key=privkey)
message = {"message": "OK"}
return_value = create_return_value(message)
packed_result = pack_return_value(function=func,
payload=return_value, key=keys,
private_cert=privkey)
result = json.loads(packed_result.decode("utf-8"))
assert(result["fingerprint"] == privkey.fingerprint())
assert(result["encrypted"])
data = string_to_bytes(result["data"])
sig = string_to_bytes(result["signature"])
pubkey.verify(signature=sig, message=data)
data = json.loads(privkey.decrypt(data))
assert(data["payload"]["return"] == message)
result = unpack_return_value(return_value=packed_result,
key=privkey, public_cert=pubkey)
assert(result == message)
try:
return_value = create_return_value(_foo())
except Exception as e:
return_value = create_return_value(e)
packed_result = pack_return_value(function=func,
payload=return_value, key=keys,
private_cert=privkey)
with pytest.raises(PermissionError):
result = unpack_return_value(function=func, return_value=packed_result,
key=privkey, public_cert=pubkey)
def test_par(bucket):
privkey = get_private_key()
pubkey = privkey.public_key()
# first try to create a PAR for the whole bucket
par = ObjectStore.create_par(bucket, readable=False, writeable=True,
duration=100, encrypt_key=pubkey)
# should not take 10 seconds to create and return the PAR...
assert(par.seconds_remaining(buffer=0) > 90)
assert(par.seconds_remaining(buffer=0) < 101)
# trying to create a par for a non-existant object should fail
key = "something"
value = "∆ƒ^ø ®∆ ®∆ #®∆… ®#€ €"
with pytest.raises(PARError):
par = ObjectStore.create_par(bucket, key=key, encrypt_key=pubkey)
ObjectStore.set_string_object(bucket, key, value)
par = ObjectStore.create_par(bucket, key=key, duration=60,
encrypt_key=pubkey)
assert(par.seconds_remaining(buffer=0) > 55)
assert(par.seconds_remaining(buffer=0) < 61)
assert(not par.is_writeable())
assert(par.key() == key)
val = par.read(privkey).get_string_object()
assert(val == value)
value = "∆˚¬# #ª ƒ∆ ¬¬¬˚¬∂ß ˚¬ ¬¬¬ßßß"
with pytest.raises(PARPermissionsError):
par.write(privkey).set_string_object(value)
# close the PAR and then assert a closed PAR is null
par.close()
assert(par.is_null())
par = ObjectStore.create_par(bucket, key=key, readable=True,
writeable=True, encrypt_key=pubkey)
data = par.to_data()
par2 = OSPar.from_data(data)
value = "something " + str(uuid.uuid4())
par2.write(privkey).set_string_object(value)
val = par.read(privkey).get_string_object()
assert(val == value)
par = ObjectStore.create_par(bucket, encrypt_key=pubkey, key=key,
writeable=True, duration=60)
par.write(privkey).set_string_object(value)
assert(par.read(privkey).get_string_object() == value)
assert(ObjectStore.get_string_object(bucket, key) == value)
par = ObjectStore.create_par(bucket, readable=False,
writeable=True, duration=120,
encrypt_key=pubkey)
assert(not par.is_readable())
assert(par.is_writeable())
assert(par.is_bucket())
d = "testing"
keyvals = {"one": "^¬#∆˚¬€", "two": "∆¡πª¨ƒ∆",
"three": "€√≠ç~ç~€", "four": "hello world!",
"subdir/five": "#º©√∆˚∆˚¬€ €˚∆ƒ¬"}
for (key, value) in keyvals.items():
par.write(privkey).set_string_object("%s/%s" % (d, key), value)
for key in keyvals.keys():
par = ObjectStore.create_par(bucket, key="%s/%s" % (d, key),
duration=60, encrypt_key=pubkey)
value = par.read(privkey).get_string_object()
assert(keyvals[key] == value)