def check_trc(testcase,
isd,
expected_core_ases=None,
expected_version=None,
prev_trc=None):
"""
Check the ISD's TRC and return it as a TRC object.
:param ISD isd:
:param [str] expected_core_ases: optional, ISD-AS strings for all core ases
:param int expected_version: optional, expected version for current TRC.
:param TRC prev_trc: optional, previous TRC to verify current TRC.
:returns: TRC
:rtype: TRC
"""
if expected_core_ases is None:
expected_core_ases = set(as_.isd_as_str()
for as_ in isd.ases.filter(is_core=True))
testcase.assertEqual(set(isd.trc['CoreASes'].keys()),
set(expected_core_ases))
testcase.assertEqual(set(isd.trc_priv_keys.keys()),
set(expected_core_ases))
for isd_as in isd.trc['CoreASes'].keys():
check_sig_keypair(testcase, isd.trc['CoreASes'][isd_as]['OnlineKey'],
isd.trc_priv_keys[isd_as])
json_trc = json.dumps(
isd.trc) # round trip through json, just to make sure this works
trc = TRC.from_raw(json_trc)
trc.check_active()
if expected_version is not None:
testcase.assertEqual(trc.version, expected_version)
if prev_trc is not None:
trc.verify(prev_trc)
return trc
def prep_approved_join_reply(request, join_rep_dict, own_isdas, own_as_obj):
"""
Prepares the join reply for the APPROVED case.
"""
logger.info("New AS ID = %s", request.POST['newASId'])
joining_as = request.POST['newASId']
is_core = request.POST['join_as_a_core']
sig_pub_key = from_b64(request.POST['sig_pub_key'])
enc_pub_key = from_b64(request.POST['enc_pub_key'])
signing_as_sig_priv_key = from_b64(own_as_obj.sig_priv_key)
joining_ia = TopoID.from_values(own_isdas[0], joining_as)
if is_core.lower() == "true":
validity = Certificate.CORE_AS_VALIDITY_PERIOD
comment = "Core AS Certificate"
else:
validity = Certificate.AS_VALIDITY_PERIOD
comment = "AS Certificate"
cert = Certificate.from_values(
str(joining_ia), str(own_isdas), INITIAL_TRC_VERSION, INITIAL_CERT_VERSION, comment,
is_core, validity, enc_pub_key, sig_pub_key, SigningKey(signing_as_sig_priv_key)
)
respond_ia_chain = CertificateChain.from_raw(own_as_obj.certificate)
request_ia_chain = CertificateChain([cert, respond_ia_chain.core_as_cert])
join_rep_dict['JoiningIA'] = str(joining_ia)
join_rep_dict['IsCore'] = is_core.lower() == "true"
join_rep_dict['RespondIA'] = str(own_isdas)
join_rep_dict['JoiningIACertificate'] = request_ia_chain.to_json()
join_rep_dict['RespondIACertificate'] = respond_ia_chain.to_json()
join_rep_dict['TRC'] = TRC.from_raw(own_as_obj.trc).to_json()
logger.debug("Accepting Join Request = %s", join_rep_dict)
def _check_trc(self, isd, expected_core_ases, expected_version=None):
"""
Check the ISD's TRC and return it as a TRC object.
:param ISD isd:
:param [str] expected_core_ases: ISD-AS strings for all core ases
:param int expected_version: optional
:returns: TRC
:rtype: TRC
"""
self.assertEqual(set(isd.trc['CoreASes'].keys()),
set(expected_core_ases))
self.assertEqual(set(isd.trc_priv_keys.keys()),
set(expected_core_ases))
for isd_as in expected_core_ases:
utils.check_sig_keypair(self,
isd.trc['CoreASes'][isd_as]['OnlineKey'],
isd.trc_priv_keys[isd_as])
json_trc = json.dumps(
isd.trc) # round trip through json, just to make sure this works
trc = TRC.from_raw(json_trc)
trc.check_active()
if expected_version is not None:
self.assertEqual(trc.version, expected_version)
return trc
def _init_trcs(self): # pragma: no cover
trcfiles = list(glob.glob("%s/*.trc" % self._dir))
trcfiles.extend(
glob.glob("%s/%s-*.trc" % (self._cachedir, self._ename)))
for path in trcfiles:
trc_raw = read_file(path)
self.add_trc(TRC.from_raw(trc_raw), write=False)
logging.debug("Loaded: %s" % path)
def _cached_trcs_handler(self, raw_entries):
"""
Handles cached (through ZK) TRCs, passed as a list.
"""
for raw in raw_entries:
trc = TRC.from_raw(raw.decode('utf-8'))
rep = TRCReply.from_values(trc)
self.process_trc_reply(rep, None, from_zk=True)
logging.debug("Processed %s trcs from ZK", len(raw_entries))
def prep_approved_join_reply(request, join_rep_dict, own_isdas, own_as_obj):
"""
Prepares the join reply for the APPROVED case.
"""
logger.info("New AS ID = %s", request.POST['newASId'])
joining_as = request.POST['newASId']
is_core = request.POST['join_as_a_core']
sig_pub_key = from_b64(request.POST['sig_pub_key'])
enc_pub_key = from_b64(request.POST['enc_pub_key'])
signing_as_sig_priv_key = from_b64(own_as_obj.sig_priv_key)
joining_ia = ISD_AS.from_values(own_isdas[0], joining_as)
cert = Certificate.from_values(str(joining_ia), str(own_isdas),
INITIAL_CERT_VERSION, "", False,
enc_pub_key, sig_pub_key,
SigningKey(signing_as_sig_priv_key))
respond_ia_chain = CertificateChain.from_raw(own_as_obj.certificate)
request_ia_chain = CertificateChain([cert, respond_ia_chain.certs[0]])
join_rep_dict['JoiningIA'] = str(joining_ia)
join_rep_dict['IsCore'] = is_core.lower() == "true"
join_rep_dict['RespondIA'] = str(own_isdas)
join_rep_dict['JoiningIACertificate'] = request_ia_chain.to_json()
join_rep_dict['RespondIACertificate'] = respond_ia_chain.to_json()
join_rep_dict['TRC'] = TRC.from_raw(own_as_obj.trc).to_json()
logger.debug("Accepting Join Request = %s", join_rep_dict)
def _init_trcs(self): # pragma: no cover
for path in glob.glob("%s/*.trc" % self._dir):
trc_raw = read_file(path)
self.add_trc(TRC.from_raw(trc_raw), write=False)
logging.debug("Loaded: %s" % path)
def __init__(self, p):
super().__init__(p)
self.trc = TRC.from_raw(p.trc, lz4_=True)
log.add(e)
log.build() # test building for each node
log.build()
# Policy trees should be consistent
random.shuffle(all_)
assert log.policy_tree.get_root() == Log(all_).policy_tree.get_root()
return log
if __name__ == "__main__":
# PYTHONPATH=..:../scion ./tests.py tmp/msc.cert tmp/scp.cert ISD1-V0.trc
if len(sys.argv) != 2:
print("%s <TRC>" % sys.argv[0])
sys.exit(-1)
with open(sys.argv[1], "r") as f:
trc = TRC.from_raw(f.read())
# Load generated objects
mscs, scps = load_mscs_scps()
for domain_name in mscs:
msc = mscs[domain_name]
scp = scps[domain_name]
# Verify MSC
verifier(msc, scp, trc, domain_name)
# Test basic packing and parsing
test_pack_parse(msc, scp)
mscsl = list(mscs.values())
scpsl = list(scps.values())
# Test log operations
log = test_log_local(mscsl, scpsl)
# Test proofs
test_proofs(log, mscsl, scpsl)
