async def test_user_create_invalid_certificate(backend,
apiv1_backend_sock_factory,
alice, bob, mallory):
now = pendulum.now()
good_user_certificate = UserCertificateContent(
author=alice.device_id,
timestamp=now,
user_id=mallory.user_id,
human_handle=None,
public_key=mallory.public_key,
profile=UserProfile.STANDARD,
).dump_and_sign(alice.signing_key)
good_device_certificate = DeviceCertificateContent(
author=alice.device_id,
timestamp=now,
device_id=mallory.device_id,
device_label=None,
verify_key=mallory.verify_key,
).dump_and_sign(alice.signing_key)
bad_user_certificate = UserCertificateContent(
author=bob.device_id,
timestamp=now,
user_id=mallory.user_id,
human_handle=None,
public_key=mallory.public_key,
profile=UserProfile.STANDARD,
).dump_and_sign(bob.signing_key)
bad_device_certificate = DeviceCertificateContent(
author=bob.device_id,
timestamp=now,
device_id=mallory.device_id,
device_label=None,
verify_key=mallory.verify_key,
).dump_and_sign(bob.signing_key)
async with apiv1_backend_sock_factory(backend, alice) as sock:
for cu, cd in [
(good_user_certificate, bad_device_certificate),
(bad_user_certificate, good_device_certificate),
(bad_user_certificate, bad_device_certificate),
]:
rep = await user_create(sock,
user_certificate=cu,
device_certificate=cd)
assert rep == {
"status":
"invalid_certification",
"reason":
"Invalid certification data (Signature was forged or corrupt).",
}
async def test_user_create_certify_too_old(backend, apiv1_backend_sock_factory,
alice, mallory):
too_old = pendulum.datetime(2000, 1, 1)
now = too_old.add(seconds=INVITATION_VALIDITY + 1)
cu = UserCertificateContent(
author=alice.device_id,
timestamp=too_old,
user_id=mallory.user_id,
human_handle=None,
public_key=mallory.public_key,
profile=UserProfile.STANDARD,
).dump_and_sign(alice.signing_key)
cd = DeviceCertificateContent(
author=alice.device_id,
timestamp=too_old,
device_id=mallory.device_id,
device_label=None,
verify_key=mallory.verify_key,
).dump_and_sign(alice.signing_key)
with freeze_time(now):
async with apiv1_backend_sock_factory(backend, alice) as sock:
rep = await user_create(sock,
user_certificate=cu,
device_certificate=cd)
assert rep == {
"status": "invalid_certification",
"reason": "Invalid timestamp in certificate.",
}
async def test_user_create_device_label_not_allowed(backend,
apiv1_backend_sock_factory,
alice, mallory):
now = pendulum.now()
user_certificate = UserCertificateContent(
author=alice.device_id,
timestamp=now,
user_id=mallory.user_id,
human_handle=None,
public_key=mallory.public_key,
profile=UserProfile.STANDARD,
).dump_and_sign(alice.signing_key)
device_certificate = DeviceCertificateContent(
author=alice.device_id,
timestamp=now,
device_id=mallory.device_id,
device_label=mallory.device_label,
verify_key=mallory.verify_key,
).dump_and_sign(alice.signing_key)
async with apiv1_backend_sock_factory(backend, alice) as sock:
rep = await user_create(sock,
user_certificate=user_certificate,
device_certificate=device_certificate)
assert rep == {
"status":
"invalid_data",
"reason":
"Redacted Device certificate must not contain a device_label field.",
}
async def _alice_invite():
nonlocal device_certificate
ret = await apiv1_alice_backend_cmds.device_invite(nd_id.device_name)
assert ret["status"] == "ok"
claim = APIV1_DeviceClaimContent.decrypt_and_load_for(
ret["encrypted_claim"], recipient_privkey=alice.private_key
)
assert claim.token == token
device_certificate = DeviceCertificateContent(
author=alice.device_id,
timestamp=pendulum.now(),
device_id=claim.device_id,
verify_key=claim.verify_key,
).dump_and_sign(alice.signing_key)
encrypted_answer = APIV1_DeviceClaimAnswerContent(
private_key=alice.private_key,
user_manifest_id=alice.user_manifest_id,
user_manifest_key=alice.user_manifest_key,
).dump_and_encrypt_for(recipient_pubkey=claim.answer_public_key)
with trio.fail_after(1):
ret = await apiv1_alice_backend_cmds.device_create(device_certificate, encrypted_answer)
assert ret["status"] == "ok"
def new_user_and_device(self, is_admin, certifier_id, certifier_key):
device_id = self.next_device_id()
local_device = local_device_factory(device_id, org=coolorg)
self.local_devices[device_id] = local_device
user = UserCertificateContent(
author=certifier_id,
timestamp=pendulum_now(),
user_id=local_device.user_id,
public_key=local_device.public_key,
is_admin=is_admin,
)
self.users_content[device_id.user_id] = user
self.users_certifs[device_id.user_id] = user.dump_and_sign(
certifier_key)
device = DeviceCertificateContent(
author=certifier_id,
timestamp=pendulum_now(),
device_id=local_device.device_id,
verify_key=local_device.verify_key,
)
self.devices_content[local_device.device_id] = device
self.devices_certifs[
local_device.device_id] = device.dump_and_sign(certifier_key)
return device_id
async def test_user_create_author_not_admin(backend,
apiv1_backend_sock_factory, bob,
mallory):
# Unlike alice, bob is not admin
now = pendulum.now()
user_certificate = UserCertificateContent(
author=bob.device_id,
timestamp=now,
user_id=mallory.user_id,
human_handle=None,
public_key=mallory.public_key,
profile=UserProfile.STANDARD,
).dump_and_sign(bob.signing_key)
device_certificate = DeviceCertificateContent(
author=bob.device_id,
timestamp=now,
device_id=mallory.device_id,
device_label=None,
verify_key=mallory.verify_key,
).dump_and_sign(bob.signing_key)
async with apiv1_backend_sock_factory(backend, bob) as sock:
rep = await user_create(sock,
user_certificate=user_certificate,
device_certificate=device_certificate)
assert rep == {
"status": "not_allowed",
"reason": "User `bob` is not admin"
}
def local_device_to_backend_user(
device: LocalDevice, certifier: Union[LocalDevice, OrganizationFullData]
) -> Tuple[BackendUser, BackendDevice]:
if isinstance(certifier, OrganizationFullData):
certifier_id = None
certifier_signing_key = certifier.root_signing_key
else:
certifier_id = certifier.device_id
certifier_signing_key = certifier.signing_key
now = pendulum.now()
user_certificate = UserCertificateContent(
author=certifier_id,
timestamp=now,
user_id=device.user_id,
public_key=device.public_key,
is_admin=device.is_admin,
human_handle=device.human_handle,
).dump_and_sign(certifier_signing_key)
device_certificate = DeviceCertificateContent(
author=certifier_id,
timestamp=now,
device_id=device.device_id,
verify_key=device.verify_key).dump_and_sign(certifier_signing_key)
return new_backend_user_factory(
device_id=device.device_id,
human_handle=device.human_handle,
is_admin=device.is_admin,
certifier=certifier_id,
user_certificate=user_certificate,
device_certificate=device_certificate,
)
async def _alice_invite():
rep = await alice_backend_cmds.user_invite(mallory.user_id)
assert rep["status"] == "ok"
claim = UserClaimContent.decrypt_and_load_for(
rep["encrypted_claim"], recipient_privkey=alice.private_key
)
assert claim.token == token
now = pendulum.now()
user_certificate = UserCertificateContent(
author=alice.device_id,
timestamp=now,
user_id=claim.device_id.user_id,
public_key=claim.public_key,
is_admin=False,
).dump_and_sign(alice.signing_key)
device_certificate = DeviceCertificateContent(
author=alice.device_id,
timestamp=now,
device_id=claim.device_id,
verify_key=claim.verify_key,
).dump_and_sign(alice.signing_key)
with trio.fail_after(1):
rep = await alice_backend_cmds.user_create(user_certificate, device_certificate)
assert rep["status"] == "ok"
async def test_user_create_certify_too_old(alice_backend_sock, alice, mallory):
too_old = pendulum.Pendulum(2000, 1, 1)
now = too_old.add(seconds=INVITATION_VALIDITY + 1)
cu = UserCertificateContent(
author=alice.device_id,
timestamp=too_old,
user_id=mallory.user_id,
public_key=mallory.public_key,
is_admin=False,
).dump_and_sign(alice.signing_key)
cd = DeviceCertificateContent(
author=alice.device_id,
timestamp=too_old,
device_id=mallory.device_id,
verify_key=mallory.verify_key,
).dump_and_sign(alice.signing_key)
with freeze_time(now):
rep = await user_create(alice_backend_sock,
user_certificate=cu,
device_certificate=cd)
assert rep == {
"status": "invalid_certification",
"reason": "Invalid timestamp in certification.",
}
async def test_user_create_not_matching_certified_on(alice_backend_sock, alice,
mallory):
date1 = pendulum.Pendulum(2000, 1, 1)
date2 = date1.add(seconds=1)
cu = UserCertificateContent(
author=alice.device_id,
timestamp=date1,
user_id=mallory.user_id,
public_key=mallory.public_key,
is_admin=False,
).dump_and_sign(alice.signing_key)
cd = DeviceCertificateContent(
author=alice.device_id,
timestamp=date2,
device_id=mallory.device_id,
verify_key=mallory.verify_key,
).dump_and_sign(alice.signing_key)
with freeze_time(date1):
rep = await user_create(alice_backend_sock,
user_certificate=cu,
device_certificate=cd)
assert rep == {
"status":
"invalid_data",
"reason":
"Device and User certifications must have the same timestamp.",
}
async def test_user_create_author_not_admin(backend, bob_backend_sock, bob,
mallory):
# Unlike alice, bob is not admin
now = pendulum.now()
user_certificate = UserCertificateContent(
author=bob.device_id,
timestamp=now,
user_id=mallory.user_id,
public_key=mallory.public_key,
is_admin=False,
).dump_and_sign(bob.signing_key)
device_certificate = DeviceCertificateContent(
author=bob.device_id,
timestamp=now,
device_id=mallory.device_id,
verify_key=mallory.verify_key,
).dump_and_sign(bob.signing_key)
rep = await user_create(bob_backend_sock,
user_certificate=user_certificate,
device_certificate=device_certificate)
assert rep == {
"status": "not_allowed",
"reason": "User `bob` is not admin"
}
async def test_user_create_human_handle_with_revoked_previous_one(
alice_backend_sock, alice, bob, backend_data_binder):
# First revoke bob
await backend_data_binder.bind_revocation(user_id=bob.user_id,
certifier=alice)
# Now recreate another user with bob's human handle
now = pendulum.now()
bob2_device_id = DeviceID("bob2@dev1")
user_certificate = UserCertificateContent(
author=alice.device_id,
timestamp=now,
user_id=bob2_device_id.user_id,
public_key=bob.public_key,
is_admin=False,
human_handle=bob.human_handle,
).dump_and_sign(alice.signing_key)
device_certificate = DeviceCertificateContent(
author=alice.device_id,
timestamp=now,
device_id=bob2_device_id,
verify_key=bob.verify_key).dump_and_sign(alice.signing_key)
rep = await user_create(alice_backend_sock,
user_certificate=user_certificate,
device_certificate=device_certificate)
assert rep == {"status": "ok"}
def _create_new_user_certificates(
author: LocalDevice,
device_label: Optional[DeviceLabel],
human_handle: Optional[HumanHandle],
profile: UserProfile,
public_key: PublicKey,
verify_key: VerifyKey,
) -> Tuple[bytes, bytes, bytes, bytes, InviteUserConfirmation]:
"""Helper to prepare the creation of a new user."""
device_id = DeviceID.new()
try:
timestamp = author.timestamp()
user_certificate = UserCertificateContent(
author=author.device_id,
timestamp=timestamp,
user_id=device_id.user_id,
human_handle=human_handle,
public_key=public_key,
profile=profile,
)
redacted_user_certificate = user_certificate.evolve(human_handle=None)
device_certificate = DeviceCertificateContent(
author=author.device_id,
timestamp=timestamp,
device_id=device_id,
device_label=device_label,
verify_key=verify_key,
)
redacted_device_certificate = device_certificate.evolve(
device_label=None)
user_certificate = user_certificate.dump_and_sign(author.signing_key)
redacted_user_certificate = redacted_user_certificate.dump_and_sign(
author.signing_key)
device_certificate = device_certificate.dump_and_sign(
author.signing_key)
redacted_device_certificate = redacted_device_certificate.dump_and_sign(
author.signing_key)
except DataError as exc:
raise InviteError(
f"Cannot generate device certificate: {exc}") from exc
invite_user_confirmation = InviteUserConfirmation(
device_id=device_id,
device_label=device_label,
human_handle=human_handle,
profile=profile,
root_verify_key=author.root_verify_key,
)
return (
user_certificate,
redacted_user_certificate,
device_certificate,
redacted_device_certificate,
invite_user_confirmation,
)
async def test_user_create_not_matching_user_device(backend,
apiv1_backend_sock_factory,
alice, bob, mallory):
now = pendulum.now()
user_certificate = UserCertificateContent(
author=alice.device_id,
timestamp=now,
user_id=mallory.user_id,
public_key=mallory.public_key,
profile=UserProfile.STANDARD,
).dump_and_sign(alice.signing_key)
device_certificate = DeviceCertificateContent(
author=alice.device_id,
timestamp=now,
device_id=bob.device_id,
verify_key=mallory.verify_key,
).dump_and_sign(alice.signing_key)
async with apiv1_backend_sock_factory(backend, alice) as sock:
rep = await user_create(sock,
user_certificate=user_certificate,
device_certificate=device_certificate)
assert rep == {
"status": "invalid_data",
"reason": "Device and User must have the same user ID.",
}
async def test_user_create_not_matching_certified_on(alice_backend_sock, alice, mallory):
date1 = pendulum.datetime(2000, 1, 1)
date2 = date1.add(seconds=1)
user_certificate = UserCertificateContent(
author=alice.device_id,
timestamp=date1,
user_id=mallory.user_id,
human_handle=mallory.human_handle,
public_key=mallory.public_key,
profile=UserProfile.STANDARD,
).dump_and_sign(alice.signing_key)
device_certificate = DeviceCertificateContent(
author=alice.device_id,
timestamp=date2,
device_id=mallory.device_id,
device_label=mallory.device_label,
verify_key=mallory.verify_key,
).dump_and_sign(alice.signing_key)
with freeze_time(date1):
rep = await user_create(
alice_backend_sock,
user_certificate=user_certificate,
device_certificate=device_certificate,
redacted_user_certificate=user_certificate,
redacted_device_certificate=device_certificate,
)
assert rep == {
"status": "invalid_data",
"reason": "Device and User certificates must have the same timestamp.",
}
async def test_user_create_certificate_too_old(alice_backend_sock, alice, mallory):
too_old = pendulum.datetime(2000, 1, 1)
now = too_old.add(seconds=INVITATION_VALIDITY + 1)
user_certificate = UserCertificateContent(
author=alice.device_id,
timestamp=too_old,
user_id=mallory.user_id,
human_handle=mallory.human_handle,
public_key=mallory.public_key,
profile=UserProfile.STANDARD,
).dump_and_sign(alice.signing_key)
device_certificate = DeviceCertificateContent(
author=alice.device_id,
timestamp=too_old,
device_id=mallory.device_id,
device_label=mallory.device_label,
verify_key=mallory.verify_key,
).dump_and_sign(alice.signing_key)
with freeze_time(now):
rep = await user_create(
alice_backend_sock,
user_certificate=user_certificate,
device_certificate=device_certificate,
redacted_user_certificate=user_certificate,
redacted_device_certificate=device_certificate,
)
assert rep == {
"status": "invalid_certification",
"reason": "Invalid timestamp in certificate.",
}
async def test_user_create_not_matching_user_device(alice_backend_sock, alice, bob, mallory):
now = pendulum.now()
user_certificate = UserCertificateContent(
author=alice.device_id,
timestamp=now,
user_id=mallory.user_id,
human_handle=mallory.human_handle,
public_key=mallory.public_key,
profile=UserProfile.STANDARD,
).dump_and_sign(alice.signing_key)
device_certificate = DeviceCertificateContent(
author=alice.device_id,
timestamp=now,
device_id=bob.device_id,
device_label=mallory.device_label,
verify_key=mallory.verify_key,
).dump_and_sign(alice.signing_key)
rep = await user_create(
alice_backend_sock,
user_certificate=user_certificate,
device_certificate=device_certificate,
redacted_user_certificate=user_certificate,
redacted_device_certificate=device_certificate,
)
assert rep == {
"status": "invalid_data",
"reason": "Device and User must have the same user ID.",
}
async def test_user_create_already_exists(alice_backend_sock, alice, bob):
now = pendulum.now()
user_certificate = UserCertificateContent(
author=alice.device_id,
timestamp=now,
user_id=bob.user_id,
human_handle=None,
public_key=bob.public_key,
profile=UserProfile.STANDARD,
).dump_and_sign(alice.signing_key)
device_certificate = DeviceCertificateContent(
author=alice.device_id,
timestamp=now,
device_id=bob.device_id,
device_label=None,
verify_key=bob.verify_key,
).dump_and_sign(alice.signing_key)
rep = await user_create(
alice_backend_sock,
user_certificate=user_certificate,
device_certificate=device_certificate,
redacted_user_certificate=user_certificate,
redacted_device_certificate=device_certificate,
)
assert rep == {"status": "already_exists", "reason": f"User `{bob.user_id}` already exists"}
async def test_user_create_human_handle_already_exists(alice_backend_sock,
alice, bob):
now = pendulum.now()
bob2_device_id = DeviceID("bob2@dev1")
user_certificate = UserCertificateContent(
author=alice.device_id,
timestamp=now,
user_id=bob2_device_id.user_id,
public_key=bob.public_key,
is_admin=False,
human_handle=bob.human_handle,
).dump_and_sign(alice.signing_key)
device_certificate = DeviceCertificateContent(
author=alice.device_id,
timestamp=now,
device_id=bob2_device_id,
verify_key=bob.verify_key).dump_and_sign(alice.signing_key)
rep = await user_create(alice_backend_sock,
user_certificate=user_certificate,
device_certificate=device_certificate)
assert rep == {
"status":
"already_exists",
"reason":
f"Human handle `{bob.human_handle}` already corresponds to a non-revoked user",
}
def new_user_and_device(self, is_admin, certifier_id, certifier_key):
device_id = self.next_device_id()
local_device = local_device_factory(device_id, org=coolorg)
self.local_devices[device_id] = local_device
user = UserCertificateContent(
author=certifier_id,
timestamp=pendulum_now(),
user_id=local_device.user_id,
human_handle=local_device.human_handle,
public_key=local_device.public_key,
profile=UserProfile.ADMIN
if is_admin else UserProfile.STANDARD,
)
self.users_content[device_id.user_id] = user
self.users_certifs[device_id.user_id] = user.dump_and_sign(
certifier_key)
device = DeviceCertificateContent(
author=certifier_id,
timestamp=pendulum_now(),
device_id=local_device.device_id,
device_label=local_device.device_label,
verify_key=local_device.verify_key,
)
self.devices_content[local_device.device_id] = device
self.devices_certifs[
local_device.device_id] = device.dump_and_sign(certifier_key)
return device_id
async def test_device_create_ok(backend, backend_sock_factory,
alice_backend_sock, alice, alice_nd):
now = pendulum.now()
device_certificate = DeviceCertificateContent(
author=alice.device_id,
timestamp=now,
device_id=alice_nd.device_id,
verify_key=alice_nd.verify_key,
).dump_and_sign(alice.signing_key)
with backend.event_bus.listen() as spy:
rep = await device_create(alice_backend_sock,
device_certificate=device_certificate,
encrypted_answer=b"<good>")
assert rep == {"status": "ok"}
# No guarantees this event occurs before the command's return
await spy.wait_with_timeout(
"device.created",
{
"organization_id": alice_nd.organization_id,
"device_id": alice_nd.device_id,
"device_certificate": device_certificate,
"encrypted_answer": b"<good>",
},
)
# Make sure the new device can connect now
async with backend_sock_factory(backend, alice_nd) as sock:
await sock.send(packb({"cmd": "ping", "ping": "Hello world !"}))
raw_rep = await sock.recv()
rep = ping_serializer.rep_loads(raw_rep)
assert rep == {"status": "ok", "pong": "Hello world !"}
async def do_create_new_device(self, author: LocalDevice,
device_label: Optional[str]) -> None:
device_id = DeviceID(f"{author.user_id}@{DeviceName.new()}")
try:
now = pendulum_now()
device_certificate = DeviceCertificateContent(
author=author.device_id,
timestamp=now,
device_id=device_id,
verify_key=self._verify_key,
device_label=device_label,
)
redacted_device_certificate = device_certificate.evolve(
device_label=None)
device_certificate = device_certificate.dump_and_sign(
author.signing_key)
redacted_device_certificate = redacted_device_certificate.dump_and_sign(
author.signing_key)
except DataError as exc:
raise InviteError(
f"Cannot generate device certificate: {exc}") from exc
rep = await self._cmds.device_create(
device_certificate=device_certificate,
redacted_device_certificate=redacted_device_certificate,
)
if rep["status"] != "ok":
raise InviteError(f"Cannot create device: {rep}")
try:
payload = InviteDeviceConfirmation(
device_id=device_id,
device_label=device_label,
human_handle=author.human_handle,
profile=author.profile,
private_key=author.private_key,
user_manifest_id=author.user_manifest_id,
user_manifest_key=author.user_manifest_key,
root_verify_key=author.root_verify_key,
).dump_and_encrypt(key=self._shared_secret_key)
except DataError as exc:
raise InviteError(
"Cannot generate InviteUserConfirmation payload") from exc
rep = await self._cmds.invite_4_greeter_communicate(token=self.token,
payload=payload)
if rep["status"] in ("not_found", "already_deleted"):
raise InviteNotAvailableError()
elif rep["status"] == "invalid_state":
raise InvitePeerResetError()
elif rep["status"] != "ok":
raise InviteError(
f"Backend error during step 4 (confirmation exchange): {rep}")
await self._cmds.invite_delete(token=self.token,
reason=InvitationDeletedReason.FINISHED)
async def bootstrap_organization(
cmds: APIV1_BackendAnonymousCmds,
human_handle: Optional[HumanHandle],
device_label: Optional[str],
) -> LocalDevice:
root_signing_key = SigningKey.generate()
root_verify_key = root_signing_key.verify_key
organization_addr = BackendOrganizationAddr.build(
backend_addr=cmds.addr,
organization_id=cmds.addr.organization_id,
root_verify_key=root_verify_key,
)
device = generate_new_device(
organization_addr=organization_addr,
profile=UserProfile.ADMIN,
human_handle=human_handle,
device_label=device_label,
)
now = pendulum_now()
user_certificate = UserCertificateContent(
author=None,
timestamp=now,
user_id=device.user_id,
human_handle=device.human_handle,
public_key=device.public_key,
profile=device.profile,
)
redacted_user_certificate = user_certificate.evolve(human_handle=None)
device_certificate = DeviceCertificateContent(
author=None,
timestamp=now,
device_id=device.device_id,
device_label=device.device_label,
verify_key=device.verify_key,
)
redacted_device_certificate = device_certificate.evolve(device_label=None)
user_certificate = user_certificate.dump_and_sign(root_signing_key)
redacted_user_certificate = redacted_user_certificate.dump_and_sign(
root_signing_key)
device_certificate = device_certificate.dump_and_sign(root_signing_key)
redacted_device_certificate = redacted_device_certificate.dump_and_sign(
root_signing_key)
rep = await cmds.organization_bootstrap(
organization_id=cmds.addr.organization_id,
bootstrap_token=cmds.addr.token,
root_verify_key=root_verify_key,
user_certificate=user_certificate,
device_certificate=device_certificate,
redacted_user_certificate=redacted_user_certificate,
redacted_device_certificate=redacted_device_certificate,
)
_check_rep(rep, step_name="organization bootstrap")
return device
async def test_user_create_invalid_certified(alice_backend_sock, alice, bob,
mallory):
now = pendulum.now()
good_user_certificate = UserCertificateContent(
author=alice.device_id,
timestamp=now,
user_id=mallory.user_id,
public_key=mallory.public_key,
is_admin=False,
).dump_and_sign(alice.signing_key)
good_device_certificate = DeviceCertificateContent(
author=alice.device_id,
timestamp=now,
device_id=mallory.device_id,
verify_key=mallory.verify_key,
).dump_and_sign(alice.signing_key)
bad_user_certificate = UserCertificateContent(
author=bob.device_id,
timestamp=now,
user_id=mallory.user_id,
public_key=mallory.public_key,
is_admin=False,
).dump_and_sign(bob.signing_key)
bad_device_certificate = DeviceCertificateContent(
author=bob.device_id,
timestamp=now,
device_id=mallory.device_id,
verify_key=mallory.verify_key,
).dump_and_sign(bob.signing_key)
for cu, cd in [
(good_user_certificate, bad_device_certificate),
(bad_user_certificate, good_device_certificate),
(bad_user_certificate, bad_device_certificate),
]:
rep = await user_create(alice_backend_sock,
user_certificate=cu,
device_certificate=cd)
assert rep == {
"status":
"invalid_certification",
"reason":
"Invalid certification data (Signature was forged or corrupt).",
}
async def bootstrap_organization(
addr: BackendOrganizationBootstrapAddr,
human_handle: Optional[HumanHandle],
device_label: Optional[DeviceLabel],
) -> LocalDevice:
root_signing_key = SigningKey.generate()
root_verify_key = root_signing_key.verify_key
organization_addr = BackendOrganizationAddr.build(
backend_addr=addr.get_backend_addr(),
organization_id=addr.organization_id,
root_verify_key=root_verify_key,
)
device = generate_new_device(
organization_addr=organization_addr,
profile=UserProfile.ADMIN,
human_handle=human_handle,
device_label=device_label,
)
timestamp = device.timestamp()
user_certificate = UserCertificateContent(
author=None,
timestamp=timestamp,
user_id=device.user_id,
human_handle=device.human_handle,
public_key=device.public_key,
profile=device.profile,
)
redacted_user_certificate = user_certificate.evolve(human_handle=None)
device_certificate = DeviceCertificateContent(
author=None,
timestamp=timestamp,
device_id=device.device_id,
device_label=device.device_label,
verify_key=device.verify_key,
)
redacted_device_certificate = device_certificate.evolve(device_label=None)
user_certificate = user_certificate.dump_and_sign(root_signing_key)
redacted_user_certificate = redacted_user_certificate.dump_and_sign(root_signing_key)
device_certificate = device_certificate.dump_and_sign(root_signing_key)
redacted_device_certificate = redacted_device_certificate.dump_and_sign(root_signing_key)
rep = await failsafe_organization_bootstrap(
addr=addr,
root_verify_key=root_verify_key,
user_certificate=user_certificate,
device_certificate=device_certificate,
redacted_user_certificate=redacted_user_certificate,
redacted_device_certificate=redacted_device_certificate,
)
_check_rep(rep, step_name="organization bootstrap")
return device
async def test_redacted_certificates_cannot_contain_sensitive_data(
alice_backend_sock, alice, mallory):
now = pendulum.now()
user_certificate = UserCertificateContent(
author=alice.device_id,
timestamp=now,
user_id=mallory.user_id,
public_key=mallory.public_key,
profile=UserProfile.STANDARD,
human_handle=mallory.human_handle,
)
redacted_user_certificate = user_certificate.evolve(human_handle=None)
device_certificate = DeviceCertificateContent(
author=alice.device_id,
timestamp=now,
device_id=mallory.device_id,
verify_key=mallory.verify_key,
device_label=mallory.device_label,
)
redacted_device_certificate = device_certificate.evolve(device_label=None)
user_certificate = user_certificate.dump_and_sign(alice.signing_key)
device_certificate = device_certificate.dump_and_sign(alice.signing_key)
redacted_user_certificate = redacted_user_certificate.dump_and_sign(
alice.signing_key)
redacted_device_certificate = redacted_device_certificate.dump_and_sign(
alice.signing_key)
with freeze_time(now):
rep = await user_create(
alice_backend_sock,
user_certificate=user_certificate,
device_certificate=device_certificate,
redacted_user_certificate=user_certificate,
redacted_device_certificate=redacted_device_certificate,
)
assert rep == {
"status":
"invalid_data",
"reason":
"Redacted User certificate must not contain a human_handle field.",
}
rep = await user_create(
alice_backend_sock,
user_certificate=user_certificate,
device_certificate=device_certificate,
redacted_user_certificate=redacted_user_certificate,
redacted_device_certificate=device_certificate,
)
assert rep == {
"status":
"invalid_data",
"reason":
"Redacted Device certificate must not contain a device_label field.",
}
async def test_user_create_nok_active_users_limit_reached(
backend, backend_data_binder_factory, backend_sock_factory, coolorg, alice, mallory
):
# Ensure there is only one user in the organization...
binder = backend_data_binder_factory(backend)
await binder.bind_organization(coolorg, alice)
# ...so our active user limit has just been reached
await backend.organization.update(alice.organization_id, active_users_limit=1)
now = pendulum.now()
user_certificate = UserCertificateContent(
author=alice.device_id,
timestamp=now,
user_id=mallory.user_id,
human_handle=None,
public_key=mallory.public_key,
profile=UserProfile.STANDARD,
)
redacted_user_certificate = user_certificate.evolve(human_handle=None)
device_certificate = DeviceCertificateContent(
author=alice.device_id,
timestamp=now,
device_id=mallory.device_id,
device_label=None,
verify_key=mallory.verify_key,
)
redacted_device_certificate = device_certificate.evolve(device_label=None)
user_certificate = user_certificate.dump_and_sign(alice.signing_key)
device_certificate = device_certificate.dump_and_sign(alice.signing_key)
redacted_user_certificate = redacted_user_certificate.dump_and_sign(alice.signing_key)
redacted_device_certificate = redacted_device_certificate.dump_and_sign(alice.signing_key)
async with backend_sock_factory(backend, alice) as sock:
rep = await user_create(
sock,
user_certificate=user_certificate,
device_certificate=device_certificate,
redacted_user_certificate=redacted_user_certificate,
redacted_device_certificate=redacted_device_certificate,
)
assert rep == {"status": "active_users_limit_reached"}
# Now correct the limit, and ensure the user can be created
await backend.organization.update(alice.organization_id, active_users_limit=2)
rep = await user_create(
sock,
user_certificate=user_certificate,
device_certificate=device_certificate,
redacted_user_certificate=redacted_user_certificate,
redacted_device_certificate=redacted_device_certificate,
)
assert rep == {"status": "ok"}
async def _bootstrap_organization(debug, device_id,
organization_bootstrap_addr, config_dir,
force, password):
root_signing_key = SigningKey.generate()
root_verify_key = root_signing_key.verify_key
organization_addr = organization_bootstrap_addr.generate_organization_addr(
root_verify_key)
device_display = click.style(device_id, fg="yellow")
device = generate_new_device(device_id,
organization_addr,
profile=UserProfile.ADMIN)
with operation(f"Creating locally {device_display}"):
save_device_with_password(config_dir, device, password, force=force)
now = pendulum.now()
user_certificate = UserCertificateContent(
author=None,
timestamp=now,
user_id=device.user_id,
public_key=device.public_key,
profile=device.profile,
)
redacted_user_certificate = user_certificate.evolve(human_handle=None)
device_certificate = DeviceCertificateContent(author=None,
timestamp=now,
device_id=device_id,
verify_key=device.verify_key)
redacted_device_certificate = device_certificate.evolve(device_label=None)
user_certificate = user_certificate.dump_and_sign(root_signing_key)
device_certificate = device_certificate.dump_and_sign(root_signing_key)
redacted_user_certificate = redacted_user_certificate.dump_and_sign(
root_signing_key)
redacted_device_certificate = redacted_device_certificate.dump_and_sign(
root_signing_key)
async with spinner(f"Sending {device_display} to server"):
async with apiv1_backend_anonymous_cmds_factory(
organization_bootstrap_addr) as cmds:
await cmds.organization_bootstrap(
organization_id=organization_bootstrap_addr.organization_id,
bootstrap_token=organization_bootstrap_addr.token,
root_verify_key=root_verify_key,
user_certificate=user_certificate,
device_certificate=device_certificate,
redacted_user_certificate=redacted_user_certificate,
redacted_device_certificate=redacted_device_certificate,
)
organization_addr_display = click.style(organization_addr.to_url(),
fg="yellow")
click.echo(f"Organization url: {organization_addr_display}")
async def test_device_create_invalid_certified(alice_backend_sock, alice, bob,
alice_nd):
now = pendulum.now()
good_device_certificate = DeviceCertificateContent(
author=alice.device_id,
timestamp=now,
device_id=alice_nd.device_id,
device_label=None, # Can be used as regular and redacted certificate
verify_key=alice_nd.verify_key,
).dump_and_sign(alice.signing_key)
bad_device_certificate = DeviceCertificateContent(
author=bob.device_id,
timestamp=now,
device_id=alice_nd.device_id,
device_label=None, # Can be used as regular and redacted certificate
verify_key=alice_nd.verify_key,
).dump_and_sign(bob.signing_key)
rep = await device_create(
alice_backend_sock,
device_certificate=bad_device_certificate,
redacted_device_certificate=good_device_certificate,
)
assert rep == {
"status": "invalid_certification",
"reason":
"Invalid certification data (Signature was forged or corrupt).",
}
# Same for the redacted part
rep = await device_create(
alice_backend_sock,
device_certificate=good_device_certificate,
redacted_device_certificate=bad_device_certificate,
)
assert rep == {
"status": "invalid_certification",
"reason":
"Invalid certification data (Signature was forged or corrupt).",
}
async def test_device_create_ok(backend, backend_sock_factory,
alice_backend_sock, alice, alice_nd,
with_labels):
now = pendulum.now()
device_certificate = DeviceCertificateContent(
author=alice.device_id,
timestamp=now,
device_id=alice_nd.device_id,
device_label=alice_nd.device_label,
verify_key=alice_nd.verify_key,
)
redacted_device_certificate = device_certificate.evolve(device_label=None)
if not with_labels:
device_certificate = redacted_device_certificate
device_certificate = device_certificate.dump_and_sign(alice.signing_key)
redacted_device_certificate = redacted_device_certificate.dump_and_sign(
alice.signing_key)
with backend.event_bus.listen() as spy:
rep = await device_create(
alice_backend_sock,
device_certificate=device_certificate,
redacted_device_certificate=redacted_device_certificate,
)
assert rep == {"status": "ok"}
# No guarantees this event occurs before the command's return
await spy.wait_with_timeout(
BackendEvent.DEVICE_CREATED,
{
"organization_id": alice_nd.organization_id,
"device_id": alice_nd.device_id,
"device_certificate": device_certificate,
"encrypted_answer": b"",
},
)
# Make sure the new device can connect now
async with backend_sock_factory(backend, alice_nd) as sock:
rep = await ping(sock, ping="Hello world !")
assert rep == {"status": "ok", "pong": "Hello world !"}
# Check the resulting data in the backend
_, backend_device = await backend.user.get_user_with_device(
alice_nd.organization_id, alice_nd.device_id)
assert backend_device == Device(
device_id=alice_nd.device_id,
device_label=alice_nd.device_label if with_labels else None,
device_certificate=device_certificate,
redacted_device_certificate=redacted_device_certificate,
device_certifier=alice.device_id,
created_on=now,
)