Exemple #1
0
class TestSqlIdentityStorage(ut.TestCase):
    def setUp(self):
        # Reuse the policy_config subdirectory for the temporary SQLite file.
        self.databaseFilePath = "policy_config/test-public-info.db"
        try:
            os.remove(self.databaseFilePath)
        except OSError:
            # no such file
            pass
        self.identityStorage = BasicIdentityStorage(self.databaseFilePath)

        self.identityManager = IdentityManager(self.identityStorage,
                                               FilePrivateKeyStorage())
        self.policyManager = SelfVerifyPolicyManager(self.identityStorage)
        self.keyChain = KeyChain(self.identityManager, self.policyManager)

    def tearDown(self):
        try:
            os.remove(self.databaseFilePath)
        except OSError:
            pass

    def test_identity_create_delete(self):
        identityName = Name('/TestIdentityStorage/Identity').appendVersion(
            int(time.time()))

        certificateName = self.keyChain.createIdentityAndCertificate(
            identityName)
        keyName = IdentityCertificate.certificateNameToPublicKeyName(
            certificateName)

        self.assertTrue(self.identityStorage.doesIdentityExist(identityName),
                        "Identity was not added to IdentityStorage")
        self.assertIsNotNone(keyName, "New identity has no key")
        self.assertTrue(self.identityStorage.doesKeyExist(keyName),
                        "Key was not added to IdentityStorage")
        self.assertIsNotNone(certificateName,
                             "Certificate was not added to IdentityStorage")

        self.keyChain.deleteIdentity(identityName)
        self.assertFalse(self.identityStorage.doesIdentityExist(identityName),
                         "Identity still in IdentityStorage after revoking")
        self.assertFalse(
            self.identityStorage.doesKeyExist(keyName),
            "Key still in IdentityStorage after identity was deletedInfo")
        self.assertFalse(
            self.identityStorage.doesCertificateExist(certificateName),
            "Certificate still in IdentityStorage after identity was deletedInfo"
        )

        with self.assertRaises(SecurityException):
            self.identityManager.getDefaultCertificateNameForIdentity(
                identityName)

    def test_key_create_delete(self):
        identityName = Name('/TestIdentityStorage/Identity').appendVersion(
            int(time.time()))

        keyName1 = self.keyChain.generateRSAKeyPair(identityName, True)
        self.keyChain.getIdentityManager().setDefaultKeyForIdentity(keyName1)

        keyName2 = self.keyChain.generateRSAKeyPair(identityName, False)
        self.assertEqual(
            self.identityManager.getDefaultKeyNameForIdentity(identityName),
            keyName1, "Default key name was changed without explicit request")
        self.assertNotEqual(
            self.identityManager.getDefaultKeyNameForIdentity(identityName),
            keyName2,
            "Newly created key replaced default key without explicit request")

        self.identityStorage.deletePublicKeyInfo(keyName2)

        self.assertFalse(self.identityStorage.doesKeyExist(keyName2))
        self.keyChain.deleteIdentity(identityName)

    def test_key_autocreate_identity(self):
        keyName1 = Name('/TestSqlIdentityStorage/KeyType/RSA/ksk-12345')
        identityName = keyName1[:-1]

        decodedKey = base64.b64decode(RSA_DER)
        self.identityStorage.addKey(keyName1, KeyType.RSA, Blob(decodedKey))
        self.identityStorage.setDefaultKeyNameForIdentity(keyName1)

        self.assertTrue(self.identityStorage.doesKeyExist(keyName1),
                        "Key was not added")
        self.assertTrue(self.identityStorage.doesIdentityExist(identityName),
                        "Identity for key was not automatically created")

        self.assertEqual(
            self.identityManager.getDefaultKeyNameForIdentity(identityName),
            keyName1, "Default key was not set on identity creation")

        with self.assertRaises(SecurityException):
            self.identityStorage.getDefaultCertificateNameForKey(keyName1)

        with self.assertRaises(SecurityException):
            # we have no private key for signing
            self.identityManager.selfSign(keyName1)

        with self.assertRaises(SecurityException):
            self.identityStorage.getDefaultCertificateNameForKey(keyName1)

        with self.assertRaises(SecurityException):
            self.identityManager.getDefaultCertificateNameForIdentity(
                identityName)

        keyName2 = self.identityManager.generateRSAKeyPairAsDefault(
            identityName)
        cert = self.identityManager.selfSign(keyName2)
        self.identityManager.addCertificateAsIdentityDefault(cert)

        certName1 = self.identityManager.getDefaultCertificateNameForIdentity(
            identityName)
        certName2 = self.identityStorage.getDefaultCertificateNameForKey(
            keyName2)

        self.assertEqual(
            certName1, certName2,
            "Key-certificate mapping and identity-certificate mapping are not consistent"
        )

        self.keyChain.deleteIdentity(identityName)
        self.assertFalse(self.identityStorage.doesKeyExist(keyName1))

    def test_certificate_add_delete(self):
        identityName = Name('/TestIdentityStorage/Identity').appendVersion(
            int(time.time()))

        self.identityManager.createIdentityAndCertificate(
            identityName, KeyChain.DEFAULT_KEY_PARAMS)
        keyName1 = self.identityManager.getDefaultKeyNameForIdentity(
            identityName)
        cert2 = self.identityManager.selfSign(keyName1)
        self.identityStorage.addCertificate(cert2)
        certName2 = cert2.getName()

        certName1 = self.identityManager.getDefaultCertificateNameForIdentity(
            identityName)
        self.assertNotEqual(
            certName1, certName2,
            "New certificate was set as default without explicit request")

        self.identityStorage.deleteCertificateInfo(certName1)
        self.assertTrue(self.identityStorage.doesCertificateExist(certName2))
        self.assertFalse(self.identityStorage.doesCertificateExist(certName1))

        self.keyChain.deleteIdentity(identityName)
        self.assertFalse(self.identityStorage.doesCertificateExist(certName2))

    def test_stress(self):
        # ndn-cxx/tests/unit-tests/security/test-sec-public-info-sqlite3.cpp
        identityName = Name("/TestSecPublicInfoSqlite3/Delete").appendVersion(
            int(time.time()))

        # ndn-cxx returns the cert name, but the IndentityManager docstring
        # specifies a key
        certName1 = self.keyChain.createIdentityAndCertificate(identityName)
        keyName1 = IdentityCertificate.certificateNameToPublicKeyName(
            certName1)
        keyName2 = self.keyChain.generateRSAKeyPairAsDefault(identityName)

        cert2 = self.identityManager.selfSign(keyName2)
        certName2 = cert2.getName()
        self.identityManager.addCertificateAsDefault(cert2)

        keyName3 = self.keyChain.generateRSAKeyPairAsDefault(identityName)
        cert3 = self.identityManager.selfSign(keyName3)
        certName3 = cert3.getName()
        self.identityManager.addCertificateAsDefault(cert3)

        cert4 = self.identityManager.selfSign(keyName3)
        self.identityManager.addCertificateAsDefault(cert4)
        certName4 = cert4.getName()

        cert5 = self.identityManager.selfSign(keyName3)
        self.identityManager.addCertificateAsDefault(cert5)
        certName5 = cert5.getName()

        self.assertTrue(self.identityStorage.doesIdentityExist(identityName))
        self.assertTrue(self.identityStorage.doesKeyExist(keyName1))
        self.assertTrue(self.identityStorage.doesKeyExist(keyName2))
        self.assertTrue(self.identityStorage.doesKeyExist(keyName3))
        self.assertTrue(self.identityStorage.doesCertificateExist(certName1))
        self.assertTrue(self.identityStorage.doesCertificateExist(certName2))
        self.assertTrue(self.identityStorage.doesCertificateExist(certName3))
        self.assertTrue(self.identityStorage.doesCertificateExist(certName4))
        self.assertTrue(self.identityStorage.doesCertificateExist(certName5))

        self.identityStorage.deleteCertificateInfo(certName5)
        self.assertFalse(self.identityStorage.doesCertificateExist(certName5))
        self.assertTrue(self.identityStorage.doesCertificateExist(certName4))
        self.assertTrue(self.identityStorage.doesCertificateExist(certName3))
        self.assertTrue(self.identityStorage.doesKeyExist(keyName2))

        self.identityStorage.deletePublicKeyInfo(keyName3)
        self.assertFalse(self.identityStorage.doesCertificateExist(certName4))
        self.assertFalse(self.identityStorage.doesCertificateExist(certName3))
        self.assertFalse(self.identityStorage.doesKeyExist(keyName3))
        self.assertTrue(self.identityStorage.doesKeyExist(keyName2))
        self.assertTrue(self.identityStorage.doesKeyExist(keyName1))
        self.assertTrue(self.identityStorage.doesIdentityExist(identityName))

        self.keyChain.deleteIdentity(identityName)
        self.assertFalse(self.identityStorage.doesCertificateExist(certName2))
        self.assertFalse(self.identityStorage.doesKeyExist(keyName2))
        self.assertFalse(self.identityStorage.doesCertificateExist(certName1))
        self.assertFalse(self.identityStorage.doesKeyExist(keyName1))
        self.assertFalse(self.identityStorage.doesIdentityExist(identityName))
class TestSqlIdentityStorage(ut.TestCase):
    def setUp(self):
        # Reuse the policy_config subdirectory for the temporary SQLite file.
        self.databaseFilePath = "policy_config/test-public-info.db"
        try:
            os.remove(self.databaseFilePath)
        except OSError:
            # no such file
            pass
        self.identityStorage = BasicIdentityStorage(self.databaseFilePath)

        self.identityManager = IdentityManager(self.identityStorage,
             FilePrivateKeyStorage())
        self.policyManager = SelfVerifyPolicyManager(self.identityStorage)
        self.keyChain = KeyChain(self.identityManager, self.policyManager)

    def tearDown(self):
        try:
            os.remove(self.databaseFilePath)
        except OSError:
            pass

    def test_identity_create_delete(self):
        identityName = Name('/TestIdentityStorage/Identity').appendVersion(
            int(time.time()))

        certificateName = self.keyChain.createIdentityAndCertificate(identityName)
        keyName = IdentityCertificate.certificateNameToPublicKeyName(certificateName)

        self.assertTrue(self.identityStorage.doesIdentityExist(identityName),
            "Identity was not added to IdentityStorage")
        self.assertIsNotNone(keyName, "New identity has no key")
        self.assertTrue(self.identityStorage.doesKeyExist(keyName),
            "Key was not added to IdentityStorage")
        self.assertIsNotNone(certificateName,
            "Certificate was not added to IdentityStorage")

        self.keyChain.deleteIdentity(identityName)
        self.assertFalse(self.identityStorage.doesIdentityExist(identityName),
            "Identity still in IdentityStorage after identity was deleted")
        self.assertFalse(self.identityStorage.doesKeyExist(keyName),
            "Key still in IdentityStorage after identity was deleted")
        self.assertFalse(self.identityStorage.doesCertificateExist(certificateName),
            "Certificate still in IdentityStorage after identity was deleted")

        with self.assertRaises(SecurityException):
            self.identityManager.getDefaultCertificateNameForIdentity(identityName)

    def test_key_create_delete(self):
        identityName = Name('/TestIdentityStorage/Identity').appendVersion(
            int(time.time()))

        keyName1 = self.keyChain.generateRSAKeyPair(identityName, True)
        self.keyChain.getIdentityManager().setDefaultKeyForIdentity(keyName1)

        keyName2 = self.keyChain.generateRSAKeyPair(identityName, False)
        self.assertEqual(self.identityManager.getDefaultKeyNameForIdentity(identityName),
            keyName1, "Default key name was changed without explicit request")
        self.assertNotEqual(self.identityManager.getDefaultKeyNameForIdentity(identityName),
            keyName2, "Newly created key replaced default key without explicit request")

        self.identityStorage.deletePublicKeyInfo(keyName2)

        self.assertFalse(self.identityStorage.doesKeyExist(keyName2))
        self.keyChain.deleteIdentity(identityName)

    def test_key_autocreate_identity(self):
        keyName1 = Name('/TestSqlIdentityStorage/KeyType/RSA/ksk-12345')
        identityName = keyName1[:-1]

        decodedKey = base64.b64decode(RSA_DER)
        self.identityStorage.addKey(keyName1, KeyType.RSA, Blob(decodedKey))
        self.identityStorage.setDefaultKeyNameForIdentity(keyName1)

        self.assertTrue(self.identityStorage.doesKeyExist(keyName1),
            "Key was not added")
        self.assertTrue(self.identityStorage.doesIdentityExist(identityName),
            "Identity for key was not automatically created")

        self.assertEqual(self.identityManager.getDefaultKeyNameForIdentity(identityName),
            keyName1, "Default key was not set on identity creation")

        with self.assertRaises(SecurityException):
            self.identityStorage.getDefaultCertificateNameForKey(keyName1)

        with self.assertRaises(SecurityException):
            # we have no private key for signing
            self.identityManager.selfSign(keyName1)

        with self.assertRaises(SecurityException):
            self.identityStorage.getDefaultCertificateNameForKey(keyName1)

        with self.assertRaises(SecurityException):
            self.identityManager.getDefaultCertificateNameForIdentity(identityName)

        keyName2 = self.identityManager.generateRSAKeyPairAsDefault(identityName)
        cert = self.identityManager.selfSign(keyName2)
        self.identityManager.addCertificateAsIdentityDefault(cert)

        certName1 = self.identityManager.getDefaultCertificateNameForIdentity(identityName)
        certName2 = self.identityStorage.getDefaultCertificateNameForKey(keyName2)

        self.assertEqual(certName1, certName2,
            "Key-certificate mapping and identity-certificate mapping are not consistent")

        self.keyChain.deleteIdentity(identityName)
        self.assertFalse(self.identityStorage.doesKeyExist(keyName1))

    def test_certificate_add_delete(self):
        identityName = Name('/TestIdentityStorage/Identity').appendVersion(
            int(time.time()))

        self.identityManager.createIdentityAndCertificate(
          identityName, KeyChain.DEFAULT_KEY_PARAMS)
        keyName1 = self.identityManager.getDefaultKeyNameForIdentity(identityName)
        cert2 = self.identityManager.selfSign(keyName1)
        self.identityStorage.addCertificate(cert2)
        certName2 = cert2.getName()

        certName1 = self.identityManager.getDefaultCertificateNameForIdentity(identityName)
        self.assertNotEqual(certName1, certName2,
            "New certificate was set as default without explicit request")

        self.identityStorage.deleteCertificateInfo(certName1)
        self.assertTrue(self.identityStorage.doesCertificateExist(certName2))
        self.assertFalse(self.identityStorage.doesCertificateExist(certName1))

        self.keyChain.deleteIdentity(identityName)
        self.assertFalse(self.identityStorage.doesCertificateExist(certName2))
    def test_stress(self):
        # ndn-cxx/tests/unit-tests/security/test-sec-public-info-sqlite3.cpp
        identityName = Name("/TestSecPublicInfoSqlite3/Delete").appendVersion(
            int(time.time()))

        # ndn-cxx returns the cert name, but the IndentityManager docstring
        # specifies a key
        certName1 = self.keyChain.createIdentityAndCertificate(identityName)
        keyName1 = IdentityCertificate.certificateNameToPublicKeyName(certName1)
        keyName2 = self.keyChain.generateRSAKeyPairAsDefault(identityName)

        cert2 = self.identityManager.selfSign(keyName2)
        certName2 = cert2.getName()
        self.identityManager.addCertificateAsDefault(cert2)

        keyName3 = self.keyChain.generateRSAKeyPairAsDefault(identityName)
        cert3 = self.identityManager.selfSign(keyName3)
        certName3 = cert3.getName()
        self.identityManager.addCertificateAsDefault(cert3)

        cert4 = self.identityManager.selfSign(keyName3)
        self.identityManager.addCertificateAsDefault(cert4)
        certName4 = cert4.getName()

        cert5 = self.identityManager.selfSign(keyName3)
        self.identityManager.addCertificateAsDefault(cert5)
        certName5 = cert5.getName()

        self.assertTrue(self.identityStorage.doesIdentityExist(identityName))
        self.assertTrue(self.identityStorage.doesKeyExist(keyName1))
        self.assertTrue(self.identityStorage.doesKeyExist(keyName2))
        self.assertTrue(self.identityStorage.doesKeyExist(keyName3))
        self.assertTrue(self.identityStorage.doesCertificateExist(certName1))
        self.assertTrue(self.identityStorage.doesCertificateExist(certName2))
        self.assertTrue(self.identityStorage.doesCertificateExist(certName3))
        self.assertTrue(self.identityStorage.doesCertificateExist(certName4))
        self.assertTrue(self.identityStorage.doesCertificateExist(certName5))

        self.identityStorage.deleteCertificateInfo(certName5)
        self.assertFalse(self.identityStorage.doesCertificateExist(certName5))
        self.assertTrue(self.identityStorage.doesCertificateExist(certName4))
        self.assertTrue(self.identityStorage.doesCertificateExist(certName3))
        self.assertTrue(self.identityStorage.doesKeyExist(keyName2))

        self.identityStorage.deletePublicKeyInfo(keyName3)
        self.assertFalse(self.identityStorage.doesCertificateExist(certName4))
        self.assertFalse(self.identityStorage.doesCertificateExist(certName3))
        self.assertFalse(self.identityStorage.doesKeyExist(keyName3))
        self.assertTrue(self.identityStorage.doesKeyExist(keyName2))
        self.assertTrue(self.identityStorage.doesKeyExist(keyName1))
        self.assertTrue(self.identityStorage.doesIdentityExist(identityName))

        self.keyChain.deleteIdentity(identityName)
        self.assertFalse(self.identityStorage.doesCertificateExist(certName2))
        self.assertFalse(self.identityStorage.doesKeyExist(keyName2))
        self.assertFalse(self.identityStorage.doesCertificateExist(certName1))
        self.assertFalse(self.identityStorage.doesKeyExist(keyName1))
        self.assertFalse(self.identityStorage.doesIdentityExist(identityName))