def test_get_key_for_old_root_keys_changed(bls_key_register_ledger,
pool_node_txns,
txnPoolNodeSet,
node,
looper,
sdk_wallet_steward,
sdk_pool_handle):
old_bls_key = get_payload_data(pool_node_txns[0])[DATA][BLS_KEY]
new_bls_key, key_proof = init_bls_keys(node.keys_dir, node.name)
old_pool_root_hash = node.poolManager.state.committedHeadHash
# change BLS keys
sdk_change_bls_key(looper, txnPoolNodeSet,
node,
sdk_pool_handle,
sdk_wallet_steward,
add_wrong=False,
new_bls=new_bls_key,
new_key_proof=key_proof)
new_pool_root_hash = node.poolManager.state.committedHeadHash
assert old_pool_root_hash != new_pool_root_hash
# get old and new keys
bls_key = bls_key_register_ledger.get_key_by_name(node.name,
old_pool_root_hash)
assert bls_key
assert bls_key == old_bls_key
bls_key = bls_key_register_ledger.get_key_by_name(node.name,
new_pool_root_hash)
assert bls_key
assert bls_key == new_bls_key
def sdk_change_bls_key(looper,
txnPoolNodeSet,
node,
sdk_pool_handle,
sdk_wallet_steward,
add_wrong=False,
new_bls=None,
new_key_proof=None):
if add_wrong:
_, new_blspk, key_proof = create_default_bls_crypto_factory(
).generate_bls_keys()
else:
new_blspk, key_proof = init_bls_keys(node.keys_dir, node.name)
key_in_txn = new_bls or new_blspk
bls_key_proof = new_key_proof or key_proof
node_dest = hexToFriendly(node.nodestack.verhex)
sdk_send_update_node(looper,
sdk_wallet_steward,
sdk_pool_handle,
node_dest,
node.name,
None,
None,
None,
None,
bls_key=key_in_txn,
services=None,
key_proof=bls_key_proof)
poolSetExceptOne = list(txnPoolNodeSet)
poolSetExceptOne.remove(node)
waitNodeDataEquality(looper, node, *poolSetExceptOne)
sdk_pool_refresh(looper, sdk_pool_handle)
sdk_ensure_pool_functional(looper, txnPoolNodeSet, sdk_wallet_steward,
sdk_pool_handle)
return new_blspk
def sdk_change_bls_key(looper,
txnPoolNodeSet,
node,
sdk_pool_handle,
sdk_wallet_steward,
add_wrong=False,
new_bls=None):
new_blspk = init_bls_keys(node.keys_dir, node.name)
key_in_txn = new_bls or new_blspk \
if not add_wrong \
else base58.b58encode(randomString(128).encode()).decode("utf-8")
node_dest = hexToFriendly(node.nodestack.verhex)
sdk_send_update_node(looper,
sdk_wallet_steward,
sdk_pool_handle,
node_dest,
node.name,
None,
None,
None,
None,
bls_key=key_in_txn,
services=None)
poolSetExceptOne = list(txnPoolNodeSet)
poolSetExceptOne.remove(node)
waitNodeDataEquality(looper, node, *poolSetExceptOne)
sdk_pool_refresh(looper, sdk_pool_handle)
sdk_ensure_pool_functional(looper, txnPoolNodeSet, sdk_wallet_steward,
sdk_pool_handle)
return new_blspk
def test_get_key_for_old_root_keys_changed(bls_key_register_ledger,
pool_node_txns,
txnPoolNodeSet,
node,
looper,
sdk_wallet_steward,
sdk_pool_handle):
old_bls_key = get_payload_data(pool_node_txns[0])[DATA][BLS_KEY]
new_bls_key, key_proof = init_bls_keys(node.keys_dir, node.name)
old_pool_root_hash = node.poolManager.state.committedHeadHash
# change BLS keys
sdk_change_bls_key(looper, txnPoolNodeSet,
node,
sdk_pool_handle,
sdk_wallet_steward,
add_wrong=False,
new_bls=new_bls_key,
new_key_proof=key_proof)
new_pool_root_hash = node.poolManager.state.committedHeadHash
assert old_pool_root_hash != new_pool_root_hash
# get old and new keys
bls_key = bls_key_register_ledger.get_key_by_name(node.name,
old_pool_root_hash)
assert bls_key
assert IndyCryptoBlsUtils.bls_to_str(bls_key) == old_bls_key
bls_key = bls_key_register_ledger.get_key_by_name(node.name,
new_pool_root_hash)
assert bls_key
assert IndyCryptoBlsUtils.bls_to_str(bls_key) == new_bls_key
def sdk_change_bls_key(looper, txnPoolNodeSet,
node,
sdk_pool_handle,
sdk_wallet_steward,
add_wrong=False,
new_bls=None):
new_blspk = init_bls_keys(node.keys_dir, node.name)
key_in_txn = new_bls or new_blspk \
if not add_wrong \
else base58.b58encode(randomString(128).encode())
node_dest = hexToFriendly(node.nodestack.verhex)
sdk_send_update_node(looper, sdk_wallet_steward,
sdk_pool_handle,
node_dest, node.name,
None, None,
None, None,
bls_key=key_in_txn,
services=None)
poolSetExceptOne = list(txnPoolNodeSet)
poolSetExceptOne.remove(node)
waitNodeDataEquality(looper, node, *poolSetExceptOne)
sdk_pool_refresh(looper, sdk_pool_handle)
sdk_add_new_nym(looper, sdk_pool_handle, sdk_wallet_steward,
alias=randomString(5))
ensure_all_nodes_have_same_data(looper, txnPoolNodeSet)
return new_blspk
def test_fail_node_bls_key_validation(looper, sdk_pool_handle,
sdk_node_theta_added):
"""
Test request for change node bls key with incorrect
bls key proof of possession.
"""
new_steward_wallet, new_node = sdk_node_theta_added
node_dest = hexToFriendly(new_node.nodestack.verhex)
bls_key, key_proof = init_bls_keys(new_node.keys_dir, new_node.name)
# change key_proof
key_proof = key_proof.upper()
with pytest.raises(RequestNackedException) as e:
sdk_send_update_node(looper,
new_steward_wallet,
sdk_pool_handle,
node_dest,
new_node.name,
None,
None,
None,
None,
bls_key=bls_key,
key_proof=key_proof)
assert "Proof of possession {} " \
"is incorrect for BLS key {}".format(key_proof, bls_key) \
in e._excinfo[1].args[0]
def sdk_change_bls_key(looper, txnPoolNodeSet,
node,
sdk_pool_handle,
sdk_wallet_steward,
add_wrong=False,
new_bls=None,
new_key_proof=None):
if add_wrong:
_, new_blspk, key_proof = create_default_bls_crypto_factory().generate_bls_keys()
else:
new_blspk, key_proof = init_bls_keys(node.keys_dir, node.name)
key_in_txn = new_bls or new_blspk
bls_key_proof = new_key_proof or key_proof
node_dest = hexToFriendly(node.nodestack.verhex)
sdk_send_update_node(looper, sdk_wallet_steward,
sdk_pool_handle,
node_dest, node.name,
None, None,
None, None,
bls_key=key_in_txn,
services=None,
key_proof=bls_key_proof)
poolSetExceptOne = list(txnPoolNodeSet)
poolSetExceptOne.remove(node)
waitNodeDataEquality(looper, node, *poolSetExceptOne)
sdk_pool_refresh(looper, sdk_pool_handle)
sdk_ensure_pool_functional(looper, txnPoolNodeSet, sdk_wallet_steward, sdk_pool_handle)
return new_blspk
def change_bls_key(looper,
txnPoolNodeSet,
tdirWithPoolTxns,
node,
steward_client,
steward_wallet,
add_wrong=False):
new_blspk = init_bls_keys(tdirWithPoolTxns, node.name)
key_in_txn = new_blspk if not add_wrong else randomString(32)
node_data = {ALIAS: node.name, BLS_KEY: key_in_txn}
updateNodeData(looper, steward_client, steward_wallet, node, node_data)
waitNodeDataEquality(looper, node, *txnPoolNodeSet[:-1])
ensureClientConnectedToNodesAndPoolLedgerSame(looper, steward_client,
*txnPoolNodeSet)
return new_blspk
def update_bls_keys_no_proof(node_index, sdk_wallet_stewards, sdk_pool_handle, looper, txnPoolNodeSet):
node = txnPoolNodeSet[node_index]
sdk_wallet_steward = sdk_wallet_stewards[node_index]
new_blspk, key_proof = init_bls_keys(node.keys_dir, node.name)
node_dest = hexToFriendly(node.nodestack.verhex)
sdk_send_update_node(looper, sdk_wallet_steward,
sdk_pool_handle,
node_dest, node.name,
None, None,
None, None,
bls_key=new_blspk,
services=None,
key_proof=None)
poolSetExceptOne = list(txnPoolNodeSet)
poolSetExceptOne.remove(node)
waitNodeDataEquality(looper, node, *poolSetExceptOne)
sdk_pool_refresh(looper, sdk_pool_handle)
return new_blspk
def update_bls_keys_no_proof(node_index, sdk_wallet_stewards, sdk_pool_handle, looper, txnPoolNodeSet):
node = txnPoolNodeSet[node_index]
sdk_wallet_steward = sdk_wallet_stewards[node_index]
new_blspk, key_proof = init_bls_keys(node.keys_dir, node.name)
node_dest = hexToFriendly(node.nodestack.verhex)
sdk_send_update_node(looper, sdk_wallet_steward,
sdk_pool_handle,
node_dest, node.name,
None, None,
None, None,
bls_key=new_blspk,
services=None,
key_proof=None)
poolSetExceptOne = list(txnPoolNodeSet)
poolSetExceptOne.remove(node)
waitNodeDataEquality(looper, node, *poolSetExceptOne)
sdk_pool_refresh(looper, sdk_pool_handle)
return new_blspk
def change_bls_key(looper,
txnPoolNodeSet,
node,
steward_client,
steward_wallet,
add_wrong=False):
new_blspk = init_bls_keys(node.keys_dir, node.name)
key_in_txn = \
new_blspk \
if not add_wrong \
else ''.join(random_from_alphabet(32, base58.alphabet))
node_data = {ALIAS: node.name, BLS_KEY: key_in_txn}
updateNodeData(looper, steward_client, steward_wallet, node, node_data)
waitNodeDataEquality(looper, node, *txnPoolNodeSet[:-1])
ensureClientConnectedToNodesAndPoolLedgerSame(looper, steward_client,
*txnPoolNodeSet)
return new_blspk
def test_fail_node_bls_key_validation(looper,
sdk_pool_handle,
sdk_node_theta_added):
"""
Test request for change node bls key with incorrect
bls key proof of possession.
"""
new_steward_wallet, new_node = sdk_node_theta_added
node_dest = hexToFriendly(new_node.nodestack.verhex)
bls_key, key_proof = init_bls_keys(new_node.keys_dir, new_node.name)
# change key_proof
key_proof = key_proof.upper()
with pytest.raises(RequestNackedException) as e:
sdk_send_update_node(looper, new_steward_wallet, sdk_pool_handle,
node_dest, new_node.name,
None, None,
None, None,
bls_key=bls_key,
key_proof=key_proof)
assert "Proof of possession {} " \
"is incorrect for BLS key {}".format(key_proof, bls_key) \
in e._excinfo[1].args[0]
def bootstrapTestNodesCore(
cls,
config,
network,
appendToLedgers,
domainTxnFieldOrder,
trustee_def,
steward_defs,
node_defs,
client_defs,
localNodes,
nodeParamsFileName,
config_helper_class=PConfigHelper,
node_config_helper_class=PNodeConfigHelper,
chroot: str=None):
if not localNodes:
localNodes = {}
try:
if isinstance(localNodes, int):
_localNodes = {localNodes}
else:
_localNodes = {int(_) for _ in localNodes}
except BaseException as exc:
raise RuntimeError('nodeNum must be an int or set of ints') from exc
config.NETWORK_NAME = network
if _localNodes:
config_helper = config_helper_class(config, chroot=chroot)
os.makedirs(config_helper.genesis_dir, exist_ok=True)
genesis_dir = config_helper.genesis_dir
keys_dir = config_helper.keys_dir
else:
genesis_dir = cls.setup_clibase_dir(config, network)
keys_dir = os.path.join(genesis_dir, "keys")
poolLedger = cls.init_pool_ledger(appendToLedgers, genesis_dir, config)
domainLedger = cls.init_domain_ledger(appendToLedgers, genesis_dir,
config, domainTxnFieldOrder)
# 1. INIT DOMAIN LEDGER GENESIS FILE
seq_no = 1
trustee_txn = Member.nym_txn(trustee_def.nym, verkey=trustee_def.verkey, role=TRUSTEE,
seq_no=seq_no)
seq_no += 1
domainLedger.add(trustee_txn)
for sd in steward_defs:
nym_txn = Member.nym_txn(sd.nym, verkey=sd.verkey, role=STEWARD, creator=trustee_def.nym,
seq_no=seq_no)
seq_no += 1
domainLedger.add(nym_txn)
for cd in client_defs:
txn = Member.nym_txn(cd.nym, verkey=cd.verkey, creator=trustee_def.nym,
seq_no=seq_no)
seq_no += 1
domainLedger.add(txn)
# 2. INIT KEYS AND POOL LEDGER GENESIS FILE
seq_no = 1
for nd in node_defs:
if nd.idx in _localNodes:
_, verkey, blskey = initNodeKeysForBothStacks(nd.name, keys_dir, nd.sigseed, override=True)
verkey = verkey.encode()
assert verkey == nd.verkey
if nd.ip != '127.0.0.1':
paramsFilePath = os.path.join(config.GENERAL_CONFIG_DIR, nodeParamsFileName)
print('Nodes will not run locally, so writing {}'.format(paramsFilePath))
TestNetworkSetup.writeNodeParamsFile(paramsFilePath, nd.name,
"0.0.0.0", nd.port,
"0.0.0.0", nd.client_port)
print("This node with name {} will use ports {} and {} for nodestack and clientstack respectively"
.format(nd.name, nd.port, nd.client_port))
else:
verkey = nd.verkey
blskey = init_bls_keys(keys_dir, nd.name, nd.sigseed)
node_nym = cls.getNymFromVerkey(verkey)
node_txn = Steward.node_txn(nd.steward_nym, nd.name, node_nym,
nd.ip, nd.port, nd.client_port, blskey=blskey,
seq_no=seq_no)
seq_no += 1
poolLedger.add(node_txn)
poolLedger.stop()
domainLedger.stop()
def _add_changes(self, node_data):
sigseed, verkey, bls_key, nodeIp, nodePort, clientIp, clientPort, key_proof = node_data
new_blspk, key_proof = init_bls_keys(self.tdir, "node_name")
bls_key = new_blspk
return sigseed, verkey, bls_key, nodeIp, nodePort, clientIp, clientPort, key_proof
def bootstrapTestNodesCore(
cls,
config,
envName,
appendToLedgers,
domainTxnFieldOrder,
trustee_def,
steward_defs,
node_defs,
client_defs,
localNodes,
nodeParamsFileName):
if not localNodes:
localNodes = {}
try:
if isinstance(localNodes, int):
_localNodes = {localNodes}
else:
_localNodes = {int(_) for _ in localNodes}
except BaseException as exc:
raise RuntimeError('nodeNum must be an int or set of ints') from exc
baseDir = cls.setup_base_dir(config, envName) if _localNodes else cls.setup_clibase_dir(config, envName)
poolLedger = cls.init_pool_ledger(appendToLedgers, baseDir, config, envName)
domainLedger = cls.init_domain_ledger(appendToLedgers, baseDir, config, envName, domainTxnFieldOrder)
trustee_txn = Member.nym_txn(trustee_def.nym, trustee_def.name, verkey=trustee_def.verkey, role=TRUSTEE)
domainLedger.add(trustee_txn)
for sd in steward_defs:
nym_txn = Member.nym_txn(sd.nym, sd.name, verkey=sd.verkey, role=STEWARD, creator=trustee_def.nym)
domainLedger.add(nym_txn)
key_dir = os.path.expanduser(baseDir)
for nd in node_defs:
if nd.idx in _localNodes:
_, verkey, blskey = initNodeKeysForBothStacks(nd.name, key_dir, nd.sigseed, override=True)
verkey = verkey.encode()
assert verkey == nd.verkey
if nd.ip != '127.0.0.1':
paramsFilePath = os.path.join(baseDir, nodeParamsFileName)
print('Nodes will not run locally, so writing {}'.format(paramsFilePath))
TestNetworkSetup.writeNodeParamsFile(paramsFilePath, nd.name, nd.port, nd.client_port)
print("This node with name {} will use ports {} and {} for nodestack and clientstack respectively"
.format(nd.name, nd.port, nd.client_port))
else:
verkey = nd.verkey
blskey = init_bls_keys(key_dir, nd.name, nd.sigseed)
node_nym = cls.getNymFromVerkey(verkey)
node_txn = Steward.node_txn(nd.steward_nym, nd.name, node_nym,
nd.ip, nd.port, nd.client_port, blskey=blskey)
poolLedger.add(node_txn)
for cd in client_defs:
txn = Member.nym_txn(cd.nym, cd.name, verkey=cd.verkey, creator=trustee_def.nym)
domainLedger.add(txn)
poolLedger.stop()
domainLedger.stop()
