def test_bad_signature(self):
# do not allow anonymous and signature is not good
context = BaseContext()
context.logger = logging.getLogger(__name__)
context.config = {
'auth': {
'puk-file':
os.path.join(os.path.dirname(os.path.realpath(__file__)),
"passwd"),
'allow-only-registered':
True
}
}
s = Session()
s.client_id = "client_using_secp256k1"
# secp256k1 public key from int(hashlib.sha256(b"secret").digets())
# puk = '030cfbf62534dfa5f32e37145b27d2875c1a1ecf884e39f0b098e962acc7aeaaa7'
# prk = '2c495f4933631f014d93f059c15b03bac6eaaead53a675e09574c4bcccab09d6'
s.username = "******" # the puk actually
prk = binascii.unhexlify(
"2c495f4933631f014d93f059c15b03bac6eaaead53a675e09574c4bcccab09d6")
msg = schnorr.hash_sha256(
datetime.datetime.utcnow().isoformat()[:18] + s.client_id[1:]
) # remove first char of client_id to generate a bad signature
s.password = binascii.hexlify(schnorr.sign(msg, prk))
auth_plugin = EcdsaAuthPlugin(context)
ret = self.loop.run_until_complete(auth_plugin.authenticate(session=s))
self.assertFalse(ret)
def test_bad_anonymous(self):
# do not allow anonymous and signature is not good
context = BaseContext()
context.logger = logging.getLogger(__name__)
context.config = {
'auth': {
'puk-file':
os.path.join(os.path.dirname(os.path.realpath(__file__)),
"passwd"),
'allow-only-registered':
False
}
}
s = Session()
s.client_id = "client_using_secp256k1"
# secp256k1 public key from int(hashlib.sha256(b"other secret").digets())
# puk = '02d3a9b4022ab24b9218ae3290d2cbecf6d773ef70769afe9f15e7055a79cc90c4'
# prk = 'fffc49122308b5e5666e6874ff4535d5a0e3f270a3a7545703c59da25378cbb3'
s.username = "******"
prk = binascii.unhexlify(
"fffc49122308b5e5666e6874ff4535d5a0e3f270a3a7545703c59da25378cbb3")
msg = schnorr.hash_sha256(datetime.datetime.utcnow().isoformat()[:18] +
s.client_id[1:])
s.password = binascii.hexlify(schnorr.sign(msg, prk))
auth_plugin = EcdsaAuthPlugin(context)
ret = self.loop.run_until_complete(auth_plugin.authenticate(session=s))
self.assertFalse(ret)
def main(*args, **kwargs):
if sys.version_info[:2] < (3, 4):
logger.fatal("Error: Python 3.4+ is required")
sys.exit(-1)
arguments = docopt(__doc__, version=get_version())
formatter = "[%(asctime)s] :: %(levelname)s - %(message)s"
if arguments['-d']:
level = logging.DEBUG
else:
level = logging.INFO
logging.basicConfig(level=level, format=formatter)
config = None
if arguments['-c']:
config = read_yaml_config(arguments['-c'])
else:
config = read_yaml_config(os.path.join(os.path.dirname(os.path.realpath(__file__)), 'default_client.yaml'))
logger.debug("Using default configuration")
loop = asyncio.get_event_loop()
client_id = arguments.get("-i", None)
if not client_id:
client_id = _gen_client_id()
if arguments['-k']:
config['keep_alive'] = int(arguments['-k'])
if arguments['--will-topic'] and arguments['--will-message'] and arguments['--will-qos']:
config['will'] = dict()
config['will']['topic'] = arguments['--will-topic']
config['will']['message'] = arguments['--will-message'].encode('utf-8')
config['will']['qos'] = int(arguments['--will-qos'])
config['will']['retain'] = arguments['--will-retain']
if arguments['--schnorr'] or arguments['--ecdsa']:
arguments['--clean-session'] = True
msg = schnorr.hash_sha256(
datetime.datetime.utcnow().isoformat()[:18] + client_id
)
if arguments['--schnorr'] is not None:
arg = _load_if_is_file(arguments["--schnorr"])
prk = schnorr.hash_sha256(arg)
sig = binascii.hexlify(schnorr.sign(msg, prk))
else:
arg = _load_if_is_file(arguments["--ecdsa"])
prk = ecdsa.hash_sha256(arg)
sig = binascii.hexlify(ecdsa.sign(msg, prk))
parse = urlparse.urlparse(arguments["--url"])
puk = binascii.hexlify(
schnorr.encoded_from_point(
schnorr.G * schnorr.int.from_bytes(prk, byteorder="big")
)
)
arguments["--url"] = urlparse.urlunparse(
parse._replace(netloc="%s:%s@%s" % (
puk.decode("utf-8"), sig.decode("utf-8"),
parse.netloc.split("@")[-1]
))
)
client = MQTTClient(client_id=client_id, config=config, loop=loop)
loop.run_until_complete(do_pub(client, arguments))
loop.close()