def manage_cs_create(args): if not args.name: raise Exception("No name of code signer supplied") code_signer.CS(organization=args.name, commonName=args.name + "CS", security_dir=args.dir, force=args.force)
def manage_cs_sign(args): if not args.name: raise Exception("No code signer name supplied") if not args.file: raise Exception("supply path to a file(s) to sign") cs = code_signer.CS(organization=args.name, commonName=args.name+"CS", security_dir=args.dir, force=args.force) # Collect files to sign files = [] if args.file: for f in args.file: exist = os.path.isfile(f) if not exist: raise Exception("The file path supplied is not an existing file") files.extend(glob.glob(f)) if args.nsfile: store = ActorStore() for m in args.nsfile: files.extend(store.actor_paths(m)) # Filter out any files not *.calvin, *.py files = [f for f in files if f.endswith(('.calvin', '.py')) and not f.endswith('__init__.py')] if not files: raise Exception("No (*.calvin, *.py) files supplied") exceptions = [] for f in files: try: cs.sign_file(f) except Exception as e: exceptions.append(e) for e in exceptions: print "Error {}".format(e)
def manage_cs_export(args): if not args.name: raise Exception("No code signer name supplied") if not args.path: raise Exception("No out path supplied") cs = code_signer.CS(organization=args.name, commonName=args.name+"CS", security_dir=args.dir, force=args.force) out_file = cs.export_cs_cert(args.path) print "exported to:" + out_file
def sign_files_for_security_tests(credentials_testdir): from calvin.utilities import code_signer from calvin.utilities.utils import get_home from calvin.utilities import certificate import shutil def replace_text_in_file(file_path, text_to_be_replaced, text_to_insert): # Read in the file filedata = None with open(file_path, 'r') as file: filedata = file.read() # Replace the target string filedata = filedata.replace(text_to_be_replaced, text_to_insert) # Write the file out again with open(file_path, 'w') as file: file.write(filedata) homefolder = get_home() runtimesdir = os.path.join(credentials_testdir, "runtimes") runtimes_truststore_signing_path = os.path.join(runtimesdir, "truststore_for_signing") orig_testdir = os.path.join(os.path.dirname(__file__), "security_test") orig_actor_store_path = os.path.abspath( os.path.join(os.path.dirname(__file__), '..', 'actorstore', 'systemactors')) actor_store_path = os.path.join(credentials_testdir, "store") orig_application_store_path = os.path.join(orig_testdir, "scripts") application_store_path = os.path.join(credentials_testdir, "scripts") print "Create test folders" try: os.makedirs(actor_store_path) os.makedirs(os.path.join(actor_store_path, "test")) shutil.copy(os.path.join(orig_actor_store_path, "test", "__init__.py"), os.path.join(actor_store_path, "test", "__init__.py")) os.makedirs(os.path.join(actor_store_path, "std")) shutil.copy(os.path.join(orig_actor_store_path, "std", "__init__.py"), os.path.join(actor_store_path, "std", "__init__.py")) shutil.copytree(orig_application_store_path, application_store_path) except Exception as err: _log.error( "Failed to create test folder structure, err={}".format(err)) print "Failed to create test folder structure, err={}".format(err) raise print "Trying to create a new test application/actor signer." cs = code_signer.CS(organization="testsigner", commonName="signer", security_dir=credentials_testdir) #Create signed version of CountTimer actor orig_actor_CountTimer_path = os.path.join(orig_actor_store_path, "std", "CountTimer.py") actor_CountTimer_path = os.path.join(actor_store_path, "std", "CountTimer.py") shutil.copy(orig_actor_CountTimer_path, actor_CountTimer_path) cs.sign_file(actor_CountTimer_path) #Create unsigned version of CountTimer actor actor_CountTimerUnsigned_path = actor_CountTimer_path.replace( ".py", "Unsigned.py") shutil.copy(actor_CountTimer_path, actor_CountTimerUnsigned_path) replace_text_in_file(actor_CountTimerUnsigned_path, "CountTimer", "CountTimerUnsigned") #Create signed version of Sum actor orig_actor_Sum_path = os.path.join(orig_actor_store_path, "std", "Sum.py") actor_Sum_path = os.path.join(actor_store_path, "std", "Sum.py") shutil.copy(orig_actor_Sum_path, actor_Sum_path) cs.sign_file(actor_Sum_path) #Create unsigned version of Sum actor actor_SumUnsigned_path = actor_Sum_path.replace(".py", "Unsigned.py") shutil.copy(actor_Sum_path, actor_SumUnsigned_path) replace_text_in_file(actor_SumUnsigned_path, "Sum", "SumUnsigned") #Create incorrectly signed version of Sum actor actor_SumFake_path = actor_Sum_path.replace(".py", "Fake.py") shutil.copy(actor_Sum_path, actor_SumFake_path) #Change the class name to SumFake replace_text_in_file(actor_SumFake_path, "Sum", "SumFake") cs.sign_file(actor_SumFake_path) #Now append to the signed file so the signature verification fails with open(actor_SumFake_path, "a") as fd: fd.write(" ") #Create signed version of Sink actor orig_actor_Sink_path = os.path.join(orig_actor_store_path, "test", "Sink.py") actor_Sink_path = os.path.join(actor_store_path, "test", "Sink.py") shutil.copy(orig_actor_Sink_path, actor_Sink_path) cs.sign_file(actor_Sink_path) #Create unsigned version of Sink actor actor_SinkUnsigned_path = actor_Sink_path.replace(".py", "Unsigned.py") shutil.copy(actor_Sink_path, actor_SinkUnsigned_path) replace_text_in_file(actor_SinkUnsigned_path, "Sink", "SinkUnsigned") #Sign applications cs.sign_file( os.path.join(application_store_path, "correctly_signed.calvin")) cs.sign_file( os.path.join(application_store_path, "correctlySignedApp_incorrectlySignedActor.calvin")) cs.sign_file( os.path.join(application_store_path, "incorrectly_signed.calvin")) #Now append to the signed file so the signature verification fails with open( os.path.join(application_store_path, "incorrectly_signed.calvin"), "a") as fd: fd.write(" ") print "Export Code Signers certificate to the truststore for code signing" out_file = cs.export_cs_cert(runtimes_truststore_signing_path) certificate.c_rehash(type=certificate.TRUSTSTORE_SIGN, security_dir=credentials_testdir) return actor_store_path, application_store_path
def setup(self, request): from calvin.Tools.csruntime import csruntime from conftest import _config_pytest import fileinput global rt global request_handler try: shutil.rmtree(credentials_testdir) except Exception as err: print "Failed to remove old tesdir, err={}".format(err) pass try: os.makedirs(credentials_testdir) os.makedirs(runtimesdir) os.makedirs(runtimes_truststore) os.makedirs(runtimes_truststore_signing_path) os.makedirs(actor_store_path) os.makedirs(os.path.join(actor_store_path, "test")) shutil.copy( os.path.join(orig_actor_store_path, "test", "__init__.py"), os.path.join(actor_store_path, "test", "__init__.py")) os.makedirs(os.path.join(actor_store_path, "std")) shutil.copy( os.path.join(orig_actor_store_path, "std", "__init__.py"), os.path.join(actor_store_path, "std", "__init__.py")) shutil.copytree(orig_application_store_path, application_store_path) filelist = [ f for f in os.listdir(application_store_path) if f.endswith(".sign.93d58fef") ] for f in filelist: os.remove(os.path.join(application_store_path, f)) shutil.copytree( os.path.join(security_testdir, "identity_provider"), identity_provider_path) except Exception as err: _log.error( "Failed to create test folder structure, err={}".format(err)) print "Failed to create test folder structure, err={}".format(err) raise print "Trying to create a new test application/actor signer." cs = code_signer.CS(organization="testsigner", commonName="signer", security_dir=credentials_testdir) #Create signed version of CountTimer actor orig_actor_CountTimer_path = os.path.join(orig_actor_store_path, "std", "CountTimer.py") actor_CountTimer_path = os.path.join(actor_store_path, "std", "CountTimer.py") shutil.copy(orig_actor_CountTimer_path, actor_CountTimer_path) # cs.sign_file(actor_CountTimer_path) #Create unsigned version of CountTimer actor actor_CountTimerUnsigned_path = actor_CountTimer_path.replace( ".py", "Unsigned.py") shutil.copy(actor_CountTimer_path, actor_CountTimerUnsigned_path) replace_text_in_file(actor_CountTimerUnsigned_path, "CountTimer", "CountTimerUnsigned") #Create signed version of Sum actor orig_actor_Sum_path = os.path.join(orig_actor_store_path, "std", "Sum.py") actor_Sum_path = os.path.join(actor_store_path, "std", "Sum.py") shutil.copy(orig_actor_Sum_path, actor_Sum_path) # cs.sign_file(actor_Sum_path) #Create unsigned version of Sum actor actor_SumUnsigned_path = actor_Sum_path.replace(".py", "Unsigned.py") shutil.copy(actor_Sum_path, actor_SumUnsigned_path) replace_text_in_file(actor_SumUnsigned_path, "Sum", "SumUnsigned") #Create incorrectly signed version of Sum actor # actor_SumFake_path = actor_Sum_path.replace(".py", "Fake.py") # shutil.copy(actor_Sum_path, actor_SumFake_path) # #Change the class name to SumFake # replace_text_in_file(actor_SumFake_path, "Sum", "SumFake") # cs.sign_file(actor_SumFake_path) # #Now append to the signed file so the signature verification fails # with open(actor_SumFake_path, "a") as fd: # fd.write(" ") #Create signed version of Sink actor orig_actor_Sink_path = os.path.join(orig_actor_store_path, "test", "Sink.py") actor_Sink_path = os.path.join(actor_store_path, "test", "Sink.py") shutil.copy(orig_actor_Sink_path, actor_Sink_path) # cs.sign_file(actor_Sink_path) #Create unsigned version of Sink actor actor_SinkUnsigned_path = actor_Sink_path.replace(".py", "Unsigned.py") shutil.copy(actor_Sink_path, actor_SinkUnsigned_path) replace_text_in_file(actor_SinkUnsigned_path, "Sink", "SinkUnsigned") #Sign applications # cs.sign_file(os.path.join(application_store_path, "test_security1_correctly_signed.calvin")) # cs.sign_file(os.path.join(application_store_path, "test_security1_correctlySignedApp_incorrectlySignedActor.calvin")) # cs.sign_file(os.path.join(application_store_path, "test_security1_incorrectly_signed.calvin")) # #Now append to the signed file so the signature verification fails # with open(os.path.join(application_store_path, "test_security1_incorrectly_signed.calvin"), "a") as fd: # fd.write(" ") # print "Export Code Signers certificate to the truststore for code signing" # out_file = cs.export_cs_cert(runtimes_truststore_signing_path) print "Trying to create a new test domain configuration." ca = certificate_authority.CA(domain=domain_name, commonName="testdomain CA", security_dir=credentials_testdir) # print "Copy CA cert into truststore of runtimes folder" ca.export_ca_cert(runtimes_truststore) #Define the runtime attributes rt0_attributes = { 'indexed_public': { 'owner': { 'organization': domain_name, 'personOrGroup': 'testOwner1' }, 'node_name': { 'organization': 'org.testexample', 'name': 'CA' }, 'address': { 'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1 } } } rt1_attributes = { 'indexed_public': { 'owner': { 'organization': domain_name, 'personOrGroup': 'testOwner1' }, 'node_name': { 'organization': 'org.testexample', 'name': 'testNode1' }, 'address': { 'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1 } } } rt2_attributes = { 'indexed_public': { 'owner': { 'organization': domain_name, 'personOrGroup': 'testOwner1' }, 'node_name': { 'organization': 'org.testexample', 'name': 'testNode2' }, 'address': { 'country': 'SE', 'locality': 'testCity', 'street': 'otherStreet', 'streetNumber': 1 } } } rt3_attributes = { 'indexed_public': { 'owner': { 'organization': domain_name, 'personOrGroup': 'testOwner1' }, 'node_name': { 'organization': 'org.testexample', 'name': 'testNode3' }, 'address': { 'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1 } } } rt4_attributes = { 'indexed_public': { 'owner': { 'organization': domain_name, 'personOrGroup': 'testOwner1' }, 'node_name': { 'organization': 'org.testexample', 'name': 'testNode4' }, 'address': { 'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1 } } } rt5_attributes = { 'indexed_public': { 'owner': { 'organization': domain_name, 'personOrGroup': 'testOwner1' }, 'node_name': { 'organization': 'org.testexample', 'name': 'testNode5' }, 'address': { 'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1 } } } rt_attributes = [] rt_attributes.append(deepcopy(rt0_attributes)) rt_attributes.append(deepcopy(rt1_attributes)) rt_attributes.append(deepcopy(rt2_attributes)) rt_attributes.append(deepcopy(rt3_attributes)) rt_attributes.append(deepcopy(rt4_attributes)) rt_attributes.append(deepcopy(rt5_attributes)) rt_attributes_cpy = deepcopy(rt_attributes) runtimes = [] #Initiate Requesthandler with trusted CA cert truststore_dir = certificate.get_truststore_path( type=certificate.TRUSTSTORE_TRANSPORT, security_dir=credentials_testdir) # The following is less than optimal if multiple CA certs exist ca_cert_path = os.path.join(truststore_dir, os.listdir(truststore_dir)[0]) request_handler = RequestHandler(verify=ca_cert_path) #Generate credentials, create CSR, sign with CA and import cert for all runtimes enrollment_passwords = [] for rt_attribute in rt_attributes: attributes = AttributeResolver(rt_attribute) node_name = attributes.get_node_name_as_str() nodeid = calvinuuid.uuid("") enrollment_password = ca.cert_enrollment_add_new_runtime(node_name) enrollment_passwords.append(enrollment_password) runtime = runtime_credentials.RuntimeCredentials( node_name, domain=domain_name, security_dir=credentials_testdir, nodeid=nodeid, enrollment_password=enrollment_password) runtimes.append(runtime) ca_cert = runtime.get_truststore( type=certificate.TRUSTSTORE_TRANSPORT)[0][0] csr_path = os.path.join(runtime.runtime_dir, node_name + ".csr") #Encrypt CSR with CAs public key (to protect enrollment password) rsa_encrypted_csr = runtime.cert_enrollment_encrypt_csr( csr_path, ca_cert) #Decrypt encrypted CSR with CAs private key csr = ca.decrypt_encrypted_csr( encrypted_enrollment_request=rsa_encrypted_csr) csr_path = ca.store_csr_with_enrollment_password(csr) cert_path = ca.sign_csr(csr_path) runtime.store_own_cert(certpath=cert_path, security_dir=credentials_testdir) #Let's hash passwords in users.json file (the runtimes will try to do this # but they will all try to do it at the same time, so it will be overwritten # multiple times and the first test will always fail) # self.arp = FileAuthenticationRetrievalPoint(identity_provider_path) # self.arp.check_stored_users_db_for_unhashed_passwords() #The policy allows access to control interface for everyone, for more advanced rules # it might be appropriate to run set_credentials for request_handler, e.g., # request_handler.set_credentials({domain_name:{"user": "******", "password": "******"}}) rt_conf = copy.deepcopy(_conf) # rt_conf.set('security', 'runtime_to_runtime_security', "tls") # rt_conf.set('security', 'control_interface_security', "tls") rt_conf.set('security', 'domain_name', domain_name) # rt_conf.set('security', 'certificate_authority_control_uri',"https://%s:5020" % hostname ) rt_conf.set('security', 'security_dir', credentials_testdir) rt_conf.set('global', 'actor_paths', [actor_store_path]) rt_conf.set('global', 'storage_type', "securedht") # Runtime 0: local authentication, signature verification, local authorization. # Primarily acts as Certificate Authority for the domain rt0_conf = copy.deepcopy(rt_conf) # rt0_conf.set('security','enrollment_password',enrollment_passwords[0]) #The csruntime certificate requests assumes TLS for the control interface # rt0_conf.set('security', 'control_interface_security', "tls") # rt0_conf.set('security','certificate_authority','True') # rt0_conf.set("security", "security_conf", { # "comment": "Certificate Authority", # "authentication": { # "procedure": "local", # "identity_provider_path": identity_provider_path # }, # "authorization": { # "procedure": "local", # "policy_storage_path": policy_storage_path # } # }) rt0_conf.save("/tmp/calvin5000.conf") # Runtime 1: local authentication, signature verification, local authorization. rt1_conf = copy.deepcopy(rt_conf) # rt1_conf.set('security','enrollment_password',enrollment_passwords[1]) # rt1_conf.set("security", "security_conf", { # "comment": "Local authentication, local authorization", # "authentication": { # "procedure": "local", # "identity_provider_path": identity_provider_path # }, # "authorization": { # "procedure": "local", # "policy_storage_path": policy_storage_path # } # }) rt1_conf.save("/tmp/calvin5001.conf") # Runtime 2: local authentication, signature verification, local authorization. # Can also act as authorization server for other runtimes. # Other street compared to the other runtimes rt2_conf = copy.deepcopy(rt_conf) # rt2_conf.set('security','enrollment_password',enrollment_passwords[2]) # rt2_conf.set("security", "security_conf", { # "comment": "Local authentication, local authorization", # "authentication": { # "procedure": "local", # "identity_provider_path": identity_provider_path # }, # "authorization": { # "procedure": "local", # "policy_storage_path": policy_storage_path, # "accept_external_requests": True # } # }) rt2_conf.save("/tmp/calvin5002.conf") # Runtime 3: external authentication (RADIUS), signature verification, local authorization. rt3_conf = copy.deepcopy(rt_conf) # rt3_conf.set('security','enrollment_password',enrollment_passwords[3]) # rt3_conf.set("security", "security_conf", { # "comment": "RADIUS authentication, local authorization", # "authentication": { # "procedure": "radius", # "server_ip": "localhost", # "secret": "elxghyc5lz1_passwd" # }, # "authorization": { # "procedure": "local", # "policy_storage_path": policy_storage_path # } # }) rt3_conf.save("/tmp/calvin5003.conf") # Runtime 4: local authentication, signature verification, external authorization (runtime 2). rt4_conf = copy.deepcopy(rt_conf) # rt4_conf.set('security','enrollment_password',enrollment_passwords[4]) # rt4_conf.set("security", "security_conf", { # "comment": "Local authentication, external authorization", # "authentication": { # "procedure": "local", # "identity_provider_path": identity_provider_path # }, # "authorization": { # "procedure": "external" # } # }) rt4_conf.save("/tmp/calvin5004.conf") # Runtime 5: external authentication (runtime 1), signature verification, local authorization. rt5_conf = copy.deepcopy(rt_conf) # rt5_conf.set('global','storage_type','proxy') # rt5_conf.set('global','storage_proxy',"calvinip://%s:5000" % ip_addr ) # rt5_conf.set('security','enrollment_password',enrollment_passwords[5]) # rt5_conf.set("security", "security_conf", { # "comment": "Local authentication, external authorization", # "authentication": { # "procedure": "external", # "server_uuid": runtimes[1].node_id # }, # "authorization": { # "procedure": "local", # "policy_storage_path": policy_storage_path # } # }) rt5_conf.save("/tmp/calvin5005.conf") #Start all runtimes for i in range(len(rt_attributes_cpy)): _log.info("Starting runtime {}".format(i)) try: logfile = _config_pytest.getoption("logfile") + "500{}".format( i) outfile = os.path.join( os.path.dirname(logfile), os.path.basename(logfile).replace("log", "out")) if outfile == logfile: outfile = None except: logfile = None outfile = None csruntime(hostname, port=5000 + i, controlport=5020 + i, attr=rt_attributes_cpy[i], loglevel=_config_pytest.getoption("loglevel"), logfile=logfile, outfile=outfile, configfile="/tmp/calvin500{}.conf".format(i)) # rt.append(RT("https://{}:502{}".format(hostname, i))) rt.append(RT("http://{}:502{}".format(hostname, i))) # Wait to be sure that all runtimes has started time.sleep(1) time.sleep(10) request.addfinalizer(self.teardown)
def sign_files_for_security_tests(credentials_testdir): from calvin.utilities import code_signer from calvin.utilities.utils import get_home from calvin.utilities import certificate import shutil def replace_text_in_file(file_path, text_to_be_replaced, text_to_insert): # Read in the file filedata = None with open(file_path, 'r') as file: filedata = file.read() # Replace the target string filedata = filedata.replace(text_to_be_replaced, text_to_insert) # Write the file out again with open(file_path, 'w') as file: file.write(filedata) def _copy_and_sign_actor(prefix, file_name): #Create signed version of the actor directory = os.path.join(actor_store_path, prefix) if not os.path.isdir(directory): os.makedirs(directory) shutil.copy( os.path.join(orig_actor_store_path, prefix, "__init__.py"), os.path.join(actor_store_path, prefix, "__init__.py")) orig_actor_path = os.path.join(orig_actor_store_path, prefix, file_name) new_actor_path = os.path.join(actor_store_path, prefix, file_name) shutil.copy(orig_actor_path, new_actor_path) cs.sign_file(new_actor_path) return new_actor_path homefolder = get_home() runtimesdir = os.path.join(credentials_testdir, "runtimes") runtimes_truststore_signing_path = os.path.join(runtimesdir, "truststore_for_signing") orig_testdir = os.path.join(os.path.dirname(__file__), "security_test") orig_actor_store_path = os.path.abspath( os.path.join(os.path.dirname(__file__), '..', 'actorstore', 'systemactors')) actor_store_path = os.path.join(credentials_testdir, "store") orig_application_store_path = os.path.join(orig_testdir, "scripts") application_store_path = os.path.join(credentials_testdir, "scripts") print "Create test folders" try: shutil.copytree(orig_application_store_path, application_store_path) except Exception as err: _log.error( "Failed to create test folder structure, err={}".format(err)) print "Failed to create test folder structure, err={}".format(err) raise print "Trying to create a new test application/actor signer." cs = code_signer.CS(organization="com.ericsson", commonName="signer", security_dir=credentials_testdir) _copy_and_sign_actor("flow", "Alternate.py") _copy_and_sign_actor("flow", "Alternate2.py") _copy_and_sign_actor("flow", "Collect.py") _copy_and_sign_actor("flow", "CollectCompleteDict.py") _copy_and_sign_actor("flow", "Dealternate.py") _copy_and_sign_actor("flow", "Deselect.py") _copy_and_sign_actor("flow", "Dispatch.py") _copy_and_sign_actor("flow", "DispatchDict.py") _copy_and_sign_actor("flow", "Join.py") _copy_and_sign_actor("flow", "Void.py") _copy_and_sign_actor("flow", "Select.py") _copy_and_sign_actor("flow", "Terminator.py") _copy_and_sign_actor("io", "FileReader.py") _copy_and_sign_actor("misc", "ExplicitStateExample.py") _copy_and_sign_actor("std", "Counter.py") _copy_and_sign_actor("std", "Constant.py") _copy_and_sign_actor("std", "Constantify.py") _copy_and_sign_actor("std", "Compare.py") _copy_and_sign_actor("std", "Identity.py") _copy_and_sign_actor("std", "Stringify.py") _copy_and_sign_actor("std", "Trigger.py") actor_CountTimer_path = _copy_and_sign_actor("std", "CountTimer.py") actor_Sum_path = _copy_and_sign_actor("std", "Sum.py") _copy_and_sign_actor("test", "FiniteCounter.py") _copy_and_sign_actor("test", "TestProcess.py") actor_Sink_path = _copy_and_sign_actor("test", "Sink.py") _copy_and_sign_actor("text", "LineJoin.py") _copy_and_sign_actor("text", "PrefixString.py") _copy_and_sign_actor("text", "RegexMatch.py") _copy_and_sign_actor("exception", "ExceptionHandler.py") #Create unsigned version of CountTimer actor actor_CountTimerUnsigned_path = actor_CountTimer_path.replace( ".py", "Unsigned.py") shutil.copy(actor_CountTimer_path, actor_CountTimerUnsigned_path) replace_text_in_file(actor_CountTimerUnsigned_path, "CountTimer", "CountTimerUnsigned") #Create unsigned version of Sum actor actor_SumUnsigned_path = actor_Sum_path.replace(".py", "Unsigned.py") shutil.copy(actor_Sum_path, actor_SumUnsigned_path) replace_text_in_file(actor_SumUnsigned_path, "Sum", "SumUnsigned") #Create incorrectly signed version of Sum actor actor_SumFake_path = actor_Sum_path.replace(".py", "Fake.py") shutil.copy(actor_Sum_path, actor_SumFake_path) #Change the class name to SumFake replace_text_in_file(actor_SumFake_path, "Sum", "SumFake") cs.sign_file(actor_SumFake_path) #Now append to the signed file so the signature verification fails with open(actor_SumFake_path, "a") as fd: fd.write(" ") #Create unsigned version of Sink actor actor_SinkUnsigned_path = actor_Sink_path.replace(".py", "Unsigned.py") shutil.copy(actor_Sink_path, actor_SinkUnsigned_path) replace_text_in_file(actor_SinkUnsigned_path, "Sink", "SinkUnsigned") #Sign applications cs.sign_file( os.path.join(application_store_path, "correctly_signed.calvin")) cs.sign_file( os.path.join(application_store_path, "correctlySignedApp_incorrectlySignedActor.calvin")) cs.sign_file( os.path.join(application_store_path, "incorrectly_signed.calvin")) #Now append to the signed file so the signature verification fails with open( os.path.join(application_store_path, "incorrectly_signed.calvin"), "a") as fd: fd.write(" ") print "Export Code Signers certificate to the truststore for code signing" out_file = cs.export_cs_cert(runtimes_truststore_signing_path) certificate.c_rehash(type=certificate.TRUSTSTORE_SIGN, security_dir=credentials_testdir) return actor_store_path, application_store_path
def sign_appInfo_for_security_tests(credentials_testdir): from calvin.utilities import code_signer cs = code_signer.CS(organization="com.ericsson", commonName="signer", security_dir=credentials_testdir) cs.sign_file(actor_Alternate2_path)