def check_trc(testcase, isd, expected_core_ases=None, expected_version=None, prev_trc=None): """ Check the ISD's TRC and return it as a TRC object. :param ISD isd: :param [str] expected_core_ases: optional, ISD-AS strings for all core ases :param int expected_version: optional, expected version for current TRC. :param TRC prev_trc: optional, previous TRC to verify current TRC. :returns: TRC :rtype: TRC """ if expected_core_ases is None: expected_core_ases = set(as_.isd_as_str() for as_ in isd.ases.filter(is_core=True)) testcase.assertEqual(set(isd.trc['CoreASes'].keys()), set(expected_core_ases)) testcase.assertEqual(set(isd.trc_priv_keys.keys()), set(expected_core_ases)) for isd_as in isd.trc['CoreASes'].keys(): check_sig_keypair(testcase, isd.trc['CoreASes'][isd_as]['OnlineKey'], isd.trc_priv_keys[isd_as]) json_trc = json.dumps( isd.trc) # round trip through json, just to make sure this works trc = TRC.from_raw(json_trc) trc.check_active() if expected_version is not None: testcase.assertEqual(trc.version, expected_version) if prev_trc is not None: trc.verify(prev_trc) return trc
def prep_approved_join_reply(request, join_rep_dict, own_isdas, own_as_obj): """ Prepares the join reply for the APPROVED case. """ logger.info("New AS ID = %s", request.POST['newASId']) joining_as = request.POST['newASId'] is_core = request.POST['join_as_a_core'] sig_pub_key = from_b64(request.POST['sig_pub_key']) enc_pub_key = from_b64(request.POST['enc_pub_key']) signing_as_sig_priv_key = from_b64(own_as_obj.sig_priv_key) joining_ia = TopoID.from_values(own_isdas[0], joining_as) if is_core.lower() == "true": validity = Certificate.CORE_AS_VALIDITY_PERIOD comment = "Core AS Certificate" else: validity = Certificate.AS_VALIDITY_PERIOD comment = "AS Certificate" cert = Certificate.from_values( str(joining_ia), str(own_isdas), INITIAL_TRC_VERSION, INITIAL_CERT_VERSION, comment, is_core, validity, enc_pub_key, sig_pub_key, SigningKey(signing_as_sig_priv_key) ) respond_ia_chain = CertificateChain.from_raw(own_as_obj.certificate) request_ia_chain = CertificateChain([cert, respond_ia_chain.core_as_cert]) join_rep_dict['JoiningIA'] = str(joining_ia) join_rep_dict['IsCore'] = is_core.lower() == "true" join_rep_dict['RespondIA'] = str(own_isdas) join_rep_dict['JoiningIACertificate'] = request_ia_chain.to_json() join_rep_dict['RespondIACertificate'] = respond_ia_chain.to_json() join_rep_dict['TRC'] = TRC.from_raw(own_as_obj.trc).to_json() logger.debug("Accepting Join Request = %s", join_rep_dict)
def _check_trc(self, isd, expected_core_ases, expected_version=None): """ Check the ISD's TRC and return it as a TRC object. :param ISD isd: :param [str] expected_core_ases: ISD-AS strings for all core ases :param int expected_version: optional :returns: TRC :rtype: TRC """ self.assertEqual(set(isd.trc['CoreASes'].keys()), set(expected_core_ases)) self.assertEqual(set(isd.trc_priv_keys.keys()), set(expected_core_ases)) for isd_as in expected_core_ases: utils.check_sig_keypair(self, isd.trc['CoreASes'][isd_as]['OnlineKey'], isd.trc_priv_keys[isd_as]) json_trc = json.dumps( isd.trc) # round trip through json, just to make sure this works trc = TRC.from_raw(json_trc) trc.check_active() if expected_version is not None: self.assertEqual(trc.version, expected_version) return trc
def _init_trcs(self): # pragma: no cover trcfiles = list(glob.glob("%s/*.trc" % self._dir)) trcfiles.extend( glob.glob("%s/%s-*.trc" % (self._cachedir, self._ename))) for path in trcfiles: trc_raw = read_file(path) self.add_trc(TRC.from_raw(trc_raw), write=False) logging.debug("Loaded: %s" % path)
def _cached_trcs_handler(self, raw_entries): """ Handles cached (through ZK) TRCs, passed as a list. """ for raw in raw_entries: trc = TRC.from_raw(raw.decode('utf-8')) rep = TRCReply.from_values(trc) self.process_trc_reply(rep, None, from_zk=True) logging.debug("Processed %s trcs from ZK", len(raw_entries))
def prep_approved_join_reply(request, join_rep_dict, own_isdas, own_as_obj): """ Prepares the join reply for the APPROVED case. """ logger.info("New AS ID = %s", request.POST['newASId']) joining_as = request.POST['newASId'] is_core = request.POST['join_as_a_core'] sig_pub_key = from_b64(request.POST['sig_pub_key']) enc_pub_key = from_b64(request.POST['enc_pub_key']) signing_as_sig_priv_key = from_b64(own_as_obj.sig_priv_key) joining_ia = ISD_AS.from_values(own_isdas[0], joining_as) cert = Certificate.from_values(str(joining_ia), str(own_isdas), INITIAL_CERT_VERSION, "", False, enc_pub_key, sig_pub_key, SigningKey(signing_as_sig_priv_key)) respond_ia_chain = CertificateChain.from_raw(own_as_obj.certificate) request_ia_chain = CertificateChain([cert, respond_ia_chain.certs[0]]) join_rep_dict['JoiningIA'] = str(joining_ia) join_rep_dict['IsCore'] = is_core.lower() == "true" join_rep_dict['RespondIA'] = str(own_isdas) join_rep_dict['JoiningIACertificate'] = request_ia_chain.to_json() join_rep_dict['RespondIACertificate'] = respond_ia_chain.to_json() join_rep_dict['TRC'] = TRC.from_raw(own_as_obj.trc).to_json() logger.debug("Accepting Join Request = %s", join_rep_dict)
def _init_trcs(self): # pragma: no cover for path in glob.glob("%s/*.trc" % self._dir): trc_raw = read_file(path) self.add_trc(TRC.from_raw(trc_raw), write=False) logging.debug("Loaded: %s" % path)
def __init__(self, p): super().__init__(p) self.trc = TRC.from_raw(p.trc, lz4_=True)
log.add(e) log.build() # test building for each node log.build() # Policy trees should be consistent random.shuffle(all_) assert log.policy_tree.get_root() == Log(all_).policy_tree.get_root() return log if __name__ == "__main__": # PYTHONPATH=..:../scion ./tests.py tmp/msc.cert tmp/scp.cert ISD1-V0.trc if len(sys.argv) != 2: print("%s <TRC>" % sys.argv[0]) sys.exit(-1) with open(sys.argv[1], "r") as f: trc = TRC.from_raw(f.read()) # Load generated objects mscs, scps = load_mscs_scps() for domain_name in mscs: msc = mscs[domain_name] scp = scps[domain_name] # Verify MSC verifier(msc, scp, trc, domain_name) # Test basic packing and parsing test_pack_parse(msc, scp) mscsl = list(mscs.values()) scpsl = list(scps.values()) # Test log operations log = test_log_local(mscsl, scpsl) # Test proofs test_proofs(log, mscsl, scpsl)