def manage_cs_create(args):
if not args.name:
raise Exception("No name of code signer supplied")
code_signer.CS(organization=args.name,
commonName=args.name + "CS",
security_dir=args.dir,
force=args.force)
def manage_cs_sign(args):
if not args.name:
raise Exception("No code signer name supplied")
if not args.file:
raise Exception("supply path to a file(s) to sign")
cs = code_signer.CS(organization=args.name, commonName=args.name+"CS", security_dir=args.dir, force=args.force)
# Collect files to sign
files = []
if args.file:
for f in args.file:
exist = os.path.isfile(f)
if not exist:
raise Exception("The file path supplied is not an existing file")
files.extend(glob.glob(f))
if args.nsfile:
store = ActorStore()
for m in args.nsfile:
files.extend(store.actor_paths(m))
# Filter out any files not *.calvin, *.py
files = [f for f in files if f.endswith(('.calvin', '.py')) and not f.endswith('__init__.py')]
if not files:
raise Exception("No (*.calvin, *.py) files supplied")
exceptions = []
for f in files:
try:
cs.sign_file(f)
except Exception as e:
exceptions.append(e)
for e in exceptions:
print "Error {}".format(e)
def manage_cs_export(args):
if not args.name:
raise Exception("No code signer name supplied")
if not args.path:
raise Exception("No out path supplied")
cs = code_signer.CS(organization=args.name, commonName=args.name+"CS", security_dir=args.dir, force=args.force)
out_file = cs.export_cs_cert(args.path)
print "exported to:" + out_file
def sign_files_for_security_tests(credentials_testdir):
from calvin.utilities import code_signer
from calvin.utilities.utils import get_home
from calvin.utilities import certificate
import shutil
def replace_text_in_file(file_path, text_to_be_replaced, text_to_insert):
# Read in the file
filedata = None
with open(file_path, 'r') as file:
filedata = file.read()
# Replace the target string
filedata = filedata.replace(text_to_be_replaced, text_to_insert)
# Write the file out again
with open(file_path, 'w') as file:
file.write(filedata)
homefolder = get_home()
runtimesdir = os.path.join(credentials_testdir, "runtimes")
runtimes_truststore_signing_path = os.path.join(runtimesdir,
"truststore_for_signing")
orig_testdir = os.path.join(os.path.dirname(__file__), "security_test")
orig_actor_store_path = os.path.abspath(
os.path.join(os.path.dirname(__file__), '..', 'actorstore',
'systemactors'))
actor_store_path = os.path.join(credentials_testdir, "store")
orig_application_store_path = os.path.join(orig_testdir, "scripts")
application_store_path = os.path.join(credentials_testdir, "scripts")
print "Create test folders"
try:
os.makedirs(actor_store_path)
os.makedirs(os.path.join(actor_store_path, "test"))
shutil.copy(os.path.join(orig_actor_store_path, "test", "__init__.py"),
os.path.join(actor_store_path, "test", "__init__.py"))
os.makedirs(os.path.join(actor_store_path, "std"))
shutil.copy(os.path.join(orig_actor_store_path, "std", "__init__.py"),
os.path.join(actor_store_path, "std", "__init__.py"))
shutil.copytree(orig_application_store_path, application_store_path)
except Exception as err:
_log.error(
"Failed to create test folder structure, err={}".format(err))
print "Failed to create test folder structure, err={}".format(err)
raise
print "Trying to create a new test application/actor signer."
cs = code_signer.CS(organization="testsigner",
commonName="signer",
security_dir=credentials_testdir)
#Create signed version of CountTimer actor
orig_actor_CountTimer_path = os.path.join(orig_actor_store_path, "std",
"CountTimer.py")
actor_CountTimer_path = os.path.join(actor_store_path, "std",
"CountTimer.py")
shutil.copy(orig_actor_CountTimer_path, actor_CountTimer_path)
cs.sign_file(actor_CountTimer_path)
#Create unsigned version of CountTimer actor
actor_CountTimerUnsigned_path = actor_CountTimer_path.replace(
".py", "Unsigned.py")
shutil.copy(actor_CountTimer_path, actor_CountTimerUnsigned_path)
replace_text_in_file(actor_CountTimerUnsigned_path, "CountTimer",
"CountTimerUnsigned")
#Create signed version of Sum actor
orig_actor_Sum_path = os.path.join(orig_actor_store_path, "std", "Sum.py")
actor_Sum_path = os.path.join(actor_store_path, "std", "Sum.py")
shutil.copy(orig_actor_Sum_path, actor_Sum_path)
cs.sign_file(actor_Sum_path)
#Create unsigned version of Sum actor
actor_SumUnsigned_path = actor_Sum_path.replace(".py", "Unsigned.py")
shutil.copy(actor_Sum_path, actor_SumUnsigned_path)
replace_text_in_file(actor_SumUnsigned_path, "Sum", "SumUnsigned")
#Create incorrectly signed version of Sum actor
actor_SumFake_path = actor_Sum_path.replace(".py", "Fake.py")
shutil.copy(actor_Sum_path, actor_SumFake_path)
#Change the class name to SumFake
replace_text_in_file(actor_SumFake_path, "Sum", "SumFake")
cs.sign_file(actor_SumFake_path)
#Now append to the signed file so the signature verification fails
with open(actor_SumFake_path, "a") as fd:
fd.write(" ")
#Create signed version of Sink actor
orig_actor_Sink_path = os.path.join(orig_actor_store_path, "test",
"Sink.py")
actor_Sink_path = os.path.join(actor_store_path, "test", "Sink.py")
shutil.copy(orig_actor_Sink_path, actor_Sink_path)
cs.sign_file(actor_Sink_path)
#Create unsigned version of Sink actor
actor_SinkUnsigned_path = actor_Sink_path.replace(".py", "Unsigned.py")
shutil.copy(actor_Sink_path, actor_SinkUnsigned_path)
replace_text_in_file(actor_SinkUnsigned_path, "Sink", "SinkUnsigned")
#Sign applications
cs.sign_file(
os.path.join(application_store_path, "correctly_signed.calvin"))
cs.sign_file(
os.path.join(application_store_path,
"correctlySignedApp_incorrectlySignedActor.calvin"))
cs.sign_file(
os.path.join(application_store_path, "incorrectly_signed.calvin"))
#Now append to the signed file so the signature verification fails
with open(
os.path.join(application_store_path, "incorrectly_signed.calvin"),
"a") as fd:
fd.write(" ")
print "Export Code Signers certificate to the truststore for code signing"
out_file = cs.export_cs_cert(runtimes_truststore_signing_path)
certificate.c_rehash(type=certificate.TRUSTSTORE_SIGN,
security_dir=credentials_testdir)
return actor_store_path, application_store_path
def setup(self, request):
from calvin.Tools.csruntime import csruntime
from conftest import _config_pytest
import fileinput
global rt
global request_handler
try:
shutil.rmtree(credentials_testdir)
except Exception as err:
print "Failed to remove old tesdir, err={}".format(err)
pass
try:
os.makedirs(credentials_testdir)
os.makedirs(runtimesdir)
os.makedirs(runtimes_truststore)
os.makedirs(runtimes_truststore_signing_path)
os.makedirs(actor_store_path)
os.makedirs(os.path.join(actor_store_path, "test"))
shutil.copy(
os.path.join(orig_actor_store_path, "test", "__init__.py"),
os.path.join(actor_store_path, "test", "__init__.py"))
os.makedirs(os.path.join(actor_store_path, "std"))
shutil.copy(
os.path.join(orig_actor_store_path, "std", "__init__.py"),
os.path.join(actor_store_path, "std", "__init__.py"))
shutil.copytree(orig_application_store_path,
application_store_path)
filelist = [
f for f in os.listdir(application_store_path)
if f.endswith(".sign.93d58fef")
]
for f in filelist:
os.remove(os.path.join(application_store_path, f))
shutil.copytree(
os.path.join(security_testdir, "identity_provider"),
identity_provider_path)
except Exception as err:
_log.error(
"Failed to create test folder structure, err={}".format(err))
print "Failed to create test folder structure, err={}".format(err)
raise
print "Trying to create a new test application/actor signer."
cs = code_signer.CS(organization="testsigner",
commonName="signer",
security_dir=credentials_testdir)
#Create signed version of CountTimer actor
orig_actor_CountTimer_path = os.path.join(orig_actor_store_path, "std",
"CountTimer.py")
actor_CountTimer_path = os.path.join(actor_store_path, "std",
"CountTimer.py")
shutil.copy(orig_actor_CountTimer_path, actor_CountTimer_path)
# cs.sign_file(actor_CountTimer_path)
#Create unsigned version of CountTimer actor
actor_CountTimerUnsigned_path = actor_CountTimer_path.replace(
".py", "Unsigned.py")
shutil.copy(actor_CountTimer_path, actor_CountTimerUnsigned_path)
replace_text_in_file(actor_CountTimerUnsigned_path, "CountTimer",
"CountTimerUnsigned")
#Create signed version of Sum actor
orig_actor_Sum_path = os.path.join(orig_actor_store_path, "std",
"Sum.py")
actor_Sum_path = os.path.join(actor_store_path, "std", "Sum.py")
shutil.copy(orig_actor_Sum_path, actor_Sum_path)
# cs.sign_file(actor_Sum_path)
#Create unsigned version of Sum actor
actor_SumUnsigned_path = actor_Sum_path.replace(".py", "Unsigned.py")
shutil.copy(actor_Sum_path, actor_SumUnsigned_path)
replace_text_in_file(actor_SumUnsigned_path, "Sum", "SumUnsigned")
#Create incorrectly signed version of Sum actor
# actor_SumFake_path = actor_Sum_path.replace(".py", "Fake.py")
# shutil.copy(actor_Sum_path, actor_SumFake_path)
# #Change the class name to SumFake
# replace_text_in_file(actor_SumFake_path, "Sum", "SumFake")
# cs.sign_file(actor_SumFake_path)
# #Now append to the signed file so the signature verification fails
# with open(actor_SumFake_path, "a") as fd:
# fd.write(" ")
#Create signed version of Sink actor
orig_actor_Sink_path = os.path.join(orig_actor_store_path, "test",
"Sink.py")
actor_Sink_path = os.path.join(actor_store_path, "test", "Sink.py")
shutil.copy(orig_actor_Sink_path, actor_Sink_path)
# cs.sign_file(actor_Sink_path)
#Create unsigned version of Sink actor
actor_SinkUnsigned_path = actor_Sink_path.replace(".py", "Unsigned.py")
shutil.copy(actor_Sink_path, actor_SinkUnsigned_path)
replace_text_in_file(actor_SinkUnsigned_path, "Sink", "SinkUnsigned")
#Sign applications
# cs.sign_file(os.path.join(application_store_path, "test_security1_correctly_signed.calvin"))
# cs.sign_file(os.path.join(application_store_path, "test_security1_correctlySignedApp_incorrectlySignedActor.calvin"))
# cs.sign_file(os.path.join(application_store_path, "test_security1_incorrectly_signed.calvin"))
# #Now append to the signed file so the signature verification fails
# with open(os.path.join(application_store_path, "test_security1_incorrectly_signed.calvin"), "a") as fd:
# fd.write(" ")
# print "Export Code Signers certificate to the truststore for code signing"
# out_file = cs.export_cs_cert(runtimes_truststore_signing_path)
print "Trying to create a new test domain configuration."
ca = certificate_authority.CA(domain=domain_name,
commonName="testdomain CA",
security_dir=credentials_testdir)
#
print "Copy CA cert into truststore of runtimes folder"
ca.export_ca_cert(runtimes_truststore)
#Define the runtime attributes
rt0_attributes = {
'indexed_public': {
'owner': {
'organization': domain_name,
'personOrGroup': 'testOwner1'
},
'node_name': {
'organization': 'org.testexample',
'name': 'CA'
},
'address': {
'country': 'SE',
'locality': 'testCity',
'street': 'testStreet',
'streetNumber': 1
}
}
}
rt1_attributes = {
'indexed_public': {
'owner': {
'organization': domain_name,
'personOrGroup': 'testOwner1'
},
'node_name': {
'organization': 'org.testexample',
'name': 'testNode1'
},
'address': {
'country': 'SE',
'locality': 'testCity',
'street': 'testStreet',
'streetNumber': 1
}
}
}
rt2_attributes = {
'indexed_public': {
'owner': {
'organization': domain_name,
'personOrGroup': 'testOwner1'
},
'node_name': {
'organization': 'org.testexample',
'name': 'testNode2'
},
'address': {
'country': 'SE',
'locality': 'testCity',
'street': 'otherStreet',
'streetNumber': 1
}
}
}
rt3_attributes = {
'indexed_public': {
'owner': {
'organization': domain_name,
'personOrGroup': 'testOwner1'
},
'node_name': {
'organization': 'org.testexample',
'name': 'testNode3'
},
'address': {
'country': 'SE',
'locality': 'testCity',
'street': 'testStreet',
'streetNumber': 1
}
}
}
rt4_attributes = {
'indexed_public': {
'owner': {
'organization': domain_name,
'personOrGroup': 'testOwner1'
},
'node_name': {
'organization': 'org.testexample',
'name': 'testNode4'
},
'address': {
'country': 'SE',
'locality': 'testCity',
'street': 'testStreet',
'streetNumber': 1
}
}
}
rt5_attributes = {
'indexed_public': {
'owner': {
'organization': domain_name,
'personOrGroup': 'testOwner1'
},
'node_name': {
'organization': 'org.testexample',
'name': 'testNode5'
},
'address': {
'country': 'SE',
'locality': 'testCity',
'street': 'testStreet',
'streetNumber': 1
}
}
}
rt_attributes = []
rt_attributes.append(deepcopy(rt0_attributes))
rt_attributes.append(deepcopy(rt1_attributes))
rt_attributes.append(deepcopy(rt2_attributes))
rt_attributes.append(deepcopy(rt3_attributes))
rt_attributes.append(deepcopy(rt4_attributes))
rt_attributes.append(deepcopy(rt5_attributes))
rt_attributes_cpy = deepcopy(rt_attributes)
runtimes = []
#Initiate Requesthandler with trusted CA cert
truststore_dir = certificate.get_truststore_path(
type=certificate.TRUSTSTORE_TRANSPORT,
security_dir=credentials_testdir)
# The following is less than optimal if multiple CA certs exist
ca_cert_path = os.path.join(truststore_dir,
os.listdir(truststore_dir)[0])
request_handler = RequestHandler(verify=ca_cert_path)
#Generate credentials, create CSR, sign with CA and import cert for all runtimes
enrollment_passwords = []
for rt_attribute in rt_attributes:
attributes = AttributeResolver(rt_attribute)
node_name = attributes.get_node_name_as_str()
nodeid = calvinuuid.uuid("")
enrollment_password = ca.cert_enrollment_add_new_runtime(node_name)
enrollment_passwords.append(enrollment_password)
runtime = runtime_credentials.RuntimeCredentials(
node_name,
domain=domain_name,
security_dir=credentials_testdir,
nodeid=nodeid,
enrollment_password=enrollment_password)
runtimes.append(runtime)
ca_cert = runtime.get_truststore(
type=certificate.TRUSTSTORE_TRANSPORT)[0][0]
csr_path = os.path.join(runtime.runtime_dir, node_name + ".csr")
#Encrypt CSR with CAs public key (to protect enrollment password)
rsa_encrypted_csr = runtime.cert_enrollment_encrypt_csr(
csr_path, ca_cert)
#Decrypt encrypted CSR with CAs private key
csr = ca.decrypt_encrypted_csr(
encrypted_enrollment_request=rsa_encrypted_csr)
csr_path = ca.store_csr_with_enrollment_password(csr)
cert_path = ca.sign_csr(csr_path)
runtime.store_own_cert(certpath=cert_path,
security_dir=credentials_testdir)
#Let's hash passwords in users.json file (the runtimes will try to do this
# but they will all try to do it at the same time, so it will be overwritten
# multiple times and the first test will always fail)
# self.arp = FileAuthenticationRetrievalPoint(identity_provider_path)
# self.arp.check_stored_users_db_for_unhashed_passwords()
#The policy allows access to control interface for everyone, for more advanced rules
# it might be appropriate to run set_credentials for request_handler, e.g.,
# request_handler.set_credentials({domain_name:{"user": "******", "password": "******"}})
rt_conf = copy.deepcopy(_conf)
# rt_conf.set('security', 'runtime_to_runtime_security', "tls")
# rt_conf.set('security', 'control_interface_security', "tls")
rt_conf.set('security', 'domain_name', domain_name)
# rt_conf.set('security', 'certificate_authority_control_uri',"https://%s:5020" % hostname )
rt_conf.set('security', 'security_dir', credentials_testdir)
rt_conf.set('global', 'actor_paths', [actor_store_path])
rt_conf.set('global', 'storage_type', "securedht")
# Runtime 0: local authentication, signature verification, local authorization.
# Primarily acts as Certificate Authority for the domain
rt0_conf = copy.deepcopy(rt_conf)
# rt0_conf.set('security','enrollment_password',enrollment_passwords[0])
#The csruntime certificate requests assumes TLS for the control interface
# rt0_conf.set('security', 'control_interface_security', "tls")
# rt0_conf.set('security','certificate_authority','True')
# rt0_conf.set("security", "security_conf", {
# "comment": "Certificate Authority",
# "authentication": {
# "procedure": "local",
# "identity_provider_path": identity_provider_path
# },
# "authorization": {
# "procedure": "local",
# "policy_storage_path": policy_storage_path
# }
# })
rt0_conf.save("/tmp/calvin5000.conf")
# Runtime 1: local authentication, signature verification, local authorization.
rt1_conf = copy.deepcopy(rt_conf)
# rt1_conf.set('security','enrollment_password',enrollment_passwords[1])
# rt1_conf.set("security", "security_conf", {
# "comment": "Local authentication, local authorization",
# "authentication": {
# "procedure": "local",
# "identity_provider_path": identity_provider_path
# },
# "authorization": {
# "procedure": "local",
# "policy_storage_path": policy_storage_path
# }
# })
rt1_conf.save("/tmp/calvin5001.conf")
# Runtime 2: local authentication, signature verification, local authorization.
# Can also act as authorization server for other runtimes.
# Other street compared to the other runtimes
rt2_conf = copy.deepcopy(rt_conf)
# rt2_conf.set('security','enrollment_password',enrollment_passwords[2])
# rt2_conf.set("security", "security_conf", {
# "comment": "Local authentication, local authorization",
# "authentication": {
# "procedure": "local",
# "identity_provider_path": identity_provider_path
# },
# "authorization": {
# "procedure": "local",
# "policy_storage_path": policy_storage_path,
# "accept_external_requests": True
# }
# })
rt2_conf.save("/tmp/calvin5002.conf")
# Runtime 3: external authentication (RADIUS), signature verification, local authorization.
rt3_conf = copy.deepcopy(rt_conf)
# rt3_conf.set('security','enrollment_password',enrollment_passwords[3])
# rt3_conf.set("security", "security_conf", {
# "comment": "RADIUS authentication, local authorization",
# "authentication": {
# "procedure": "radius",
# "server_ip": "localhost",
# "secret": "elxghyc5lz1_passwd"
# },
# "authorization": {
# "procedure": "local",
# "policy_storage_path": policy_storage_path
# }
# })
rt3_conf.save("/tmp/calvin5003.conf")
# Runtime 4: local authentication, signature verification, external authorization (runtime 2).
rt4_conf = copy.deepcopy(rt_conf)
# rt4_conf.set('security','enrollment_password',enrollment_passwords[4])
# rt4_conf.set("security", "security_conf", {
# "comment": "Local authentication, external authorization",
# "authentication": {
# "procedure": "local",
# "identity_provider_path": identity_provider_path
# },
# "authorization": {
# "procedure": "external"
# }
# })
rt4_conf.save("/tmp/calvin5004.conf")
# Runtime 5: external authentication (runtime 1), signature verification, local authorization.
rt5_conf = copy.deepcopy(rt_conf)
# rt5_conf.set('global','storage_type','proxy')
# rt5_conf.set('global','storage_proxy',"calvinip://%s:5000" % ip_addr )
# rt5_conf.set('security','enrollment_password',enrollment_passwords[5])
# rt5_conf.set("security", "security_conf", {
# "comment": "Local authentication, external authorization",
# "authentication": {
# "procedure": "external",
# "server_uuid": runtimes[1].node_id
# },
# "authorization": {
# "procedure": "local",
# "policy_storage_path": policy_storage_path
# }
# })
rt5_conf.save("/tmp/calvin5005.conf")
#Start all runtimes
for i in range(len(rt_attributes_cpy)):
_log.info("Starting runtime {}".format(i))
try:
logfile = _config_pytest.getoption("logfile") + "500{}".format(
i)
outfile = os.path.join(
os.path.dirname(logfile),
os.path.basename(logfile).replace("log", "out"))
if outfile == logfile:
outfile = None
except:
logfile = None
outfile = None
csruntime(hostname,
port=5000 + i,
controlport=5020 + i,
attr=rt_attributes_cpy[i],
loglevel=_config_pytest.getoption("loglevel"),
logfile=logfile,
outfile=outfile,
configfile="/tmp/calvin500{}.conf".format(i))
# rt.append(RT("https://{}:502{}".format(hostname, i)))
rt.append(RT("http://{}:502{}".format(hostname, i)))
# Wait to be sure that all runtimes has started
time.sleep(1)
time.sleep(10)
request.addfinalizer(self.teardown)
def sign_files_for_security_tests(credentials_testdir):
from calvin.utilities import code_signer
from calvin.utilities.utils import get_home
from calvin.utilities import certificate
import shutil
def replace_text_in_file(file_path, text_to_be_replaced, text_to_insert):
# Read in the file
filedata = None
with open(file_path, 'r') as file:
filedata = file.read()
# Replace the target string
filedata = filedata.replace(text_to_be_replaced, text_to_insert)
# Write the file out again
with open(file_path, 'w') as file:
file.write(filedata)
def _copy_and_sign_actor(prefix, file_name):
#Create signed version of the actor
directory = os.path.join(actor_store_path, prefix)
if not os.path.isdir(directory):
os.makedirs(directory)
shutil.copy(
os.path.join(orig_actor_store_path, prefix, "__init__.py"),
os.path.join(actor_store_path, prefix, "__init__.py"))
orig_actor_path = os.path.join(orig_actor_store_path, prefix,
file_name)
new_actor_path = os.path.join(actor_store_path, prefix, file_name)
shutil.copy(orig_actor_path, new_actor_path)
cs.sign_file(new_actor_path)
return new_actor_path
homefolder = get_home()
runtimesdir = os.path.join(credentials_testdir, "runtimes")
runtimes_truststore_signing_path = os.path.join(runtimesdir,
"truststore_for_signing")
orig_testdir = os.path.join(os.path.dirname(__file__), "security_test")
orig_actor_store_path = os.path.abspath(
os.path.join(os.path.dirname(__file__), '..', 'actorstore',
'systemactors'))
actor_store_path = os.path.join(credentials_testdir, "store")
orig_application_store_path = os.path.join(orig_testdir, "scripts")
application_store_path = os.path.join(credentials_testdir, "scripts")
print "Create test folders"
try:
shutil.copytree(orig_application_store_path, application_store_path)
except Exception as err:
_log.error(
"Failed to create test folder structure, err={}".format(err))
print "Failed to create test folder structure, err={}".format(err)
raise
print "Trying to create a new test application/actor signer."
cs = code_signer.CS(organization="com.ericsson",
commonName="signer",
security_dir=credentials_testdir)
_copy_and_sign_actor("flow", "Alternate.py")
_copy_and_sign_actor("flow", "Alternate2.py")
_copy_and_sign_actor("flow", "Collect.py")
_copy_and_sign_actor("flow", "CollectCompleteDict.py")
_copy_and_sign_actor("flow", "Dealternate.py")
_copy_and_sign_actor("flow", "Deselect.py")
_copy_and_sign_actor("flow", "Dispatch.py")
_copy_and_sign_actor("flow", "DispatchDict.py")
_copy_and_sign_actor("flow", "Join.py")
_copy_and_sign_actor("flow", "Void.py")
_copy_and_sign_actor("flow", "Select.py")
_copy_and_sign_actor("flow", "Terminator.py")
_copy_and_sign_actor("io", "FileReader.py")
_copy_and_sign_actor("misc", "ExplicitStateExample.py")
_copy_and_sign_actor("std", "Counter.py")
_copy_and_sign_actor("std", "Constant.py")
_copy_and_sign_actor("std", "Constantify.py")
_copy_and_sign_actor("std", "Compare.py")
_copy_and_sign_actor("std", "Identity.py")
_copy_and_sign_actor("std", "Stringify.py")
_copy_and_sign_actor("std", "Trigger.py")
actor_CountTimer_path = _copy_and_sign_actor("std", "CountTimer.py")
actor_Sum_path = _copy_and_sign_actor("std", "Sum.py")
_copy_and_sign_actor("test", "FiniteCounter.py")
_copy_and_sign_actor("test", "TestProcess.py")
actor_Sink_path = _copy_and_sign_actor("test", "Sink.py")
_copy_and_sign_actor("text", "LineJoin.py")
_copy_and_sign_actor("text", "PrefixString.py")
_copy_and_sign_actor("text", "RegexMatch.py")
_copy_and_sign_actor("exception", "ExceptionHandler.py")
#Create unsigned version of CountTimer actor
actor_CountTimerUnsigned_path = actor_CountTimer_path.replace(
".py", "Unsigned.py")
shutil.copy(actor_CountTimer_path, actor_CountTimerUnsigned_path)
replace_text_in_file(actor_CountTimerUnsigned_path, "CountTimer",
"CountTimerUnsigned")
#Create unsigned version of Sum actor
actor_SumUnsigned_path = actor_Sum_path.replace(".py", "Unsigned.py")
shutil.copy(actor_Sum_path, actor_SumUnsigned_path)
replace_text_in_file(actor_SumUnsigned_path, "Sum", "SumUnsigned")
#Create incorrectly signed version of Sum actor
actor_SumFake_path = actor_Sum_path.replace(".py", "Fake.py")
shutil.copy(actor_Sum_path, actor_SumFake_path)
#Change the class name to SumFake
replace_text_in_file(actor_SumFake_path, "Sum", "SumFake")
cs.sign_file(actor_SumFake_path)
#Now append to the signed file so the signature verification fails
with open(actor_SumFake_path, "a") as fd:
fd.write(" ")
#Create unsigned version of Sink actor
actor_SinkUnsigned_path = actor_Sink_path.replace(".py", "Unsigned.py")
shutil.copy(actor_Sink_path, actor_SinkUnsigned_path)
replace_text_in_file(actor_SinkUnsigned_path, "Sink", "SinkUnsigned")
#Sign applications
cs.sign_file(
os.path.join(application_store_path, "correctly_signed.calvin"))
cs.sign_file(
os.path.join(application_store_path,
"correctlySignedApp_incorrectlySignedActor.calvin"))
cs.sign_file(
os.path.join(application_store_path, "incorrectly_signed.calvin"))
#Now append to the signed file so the signature verification fails
with open(
os.path.join(application_store_path, "incorrectly_signed.calvin"),
"a") as fd:
fd.write(" ")
print "Export Code Signers certificate to the truststore for code signing"
out_file = cs.export_cs_cert(runtimes_truststore_signing_path)
certificate.c_rehash(type=certificate.TRUSTSTORE_SIGN,
security_dir=credentials_testdir)
return actor_store_path, application_store_path
def sign_appInfo_for_security_tests(credentials_testdir):
from calvin.utilities import code_signer
cs = code_signer.CS(organization="com.ericsson",
commonName="signer",
security_dir=credentials_testdir)
cs.sign_file(actor_Alternate2_path)
