def test_signature( self ): identity = Identity.generate(fast=True) message = b'test message' signature = identity.sign(message) public_key = identity.get_public_key() self.assertEqual(True, public_key.verify(message, signature)) self.assertEqual(False, public_key.verify(message, signature + b'x')) self.assertEqual(False, public_key.verify(message + b'x', signature))
def test_proof_of_possession( self ): transport_id = 'encrypted_tcp' transport_request = self.make_tcp_transport_request(self.session_list, transport_id, obj_id='1', command_id='echo', test_param='hi') response_transport_packets = self.remoting.process_packet(self.iface_registry, self.server, self.session_list, transport_request) challenge = self.pick_pop_channelge_from_responses(transport_id, response_transport_packets) identity_1 = Identity.generate(fast=True) identity_2 = Identity.generate(fast=True) pop_record_1 = tPopRecord( identity_1.get_public_key().to_der(), identity_1.sign(challenge)) pop_record_2 = tPopRecord( identity_2.get_public_key().to_der(), identity_2.sign(challenge + b'x')) # make invlid signature; verification must fail transport_request = self.encode_pop_transport_request(transport_id, challenge, [pop_record_1, pop_record_2]) response_transport_packets = self.remoting.process_packet(self.iface_registry, self.server, self.session_list, transport_request) session = self.session_list.get_transport_session(transport_id) self.assertIn(identity_1.get_public_key(), session.peer_public_keys) self.assertNotIn(identity_2.get_public_key(), session.peer_public_keys)
def main(): logging.basicConfig(level=logging.DEBUG, format='%(asctime)-15s %(message)s') parser = argparse.ArgumentParser(description='Hyperapp server') parser.add_argument('identity_fpath', help='path to identity file') parser.add_argument('addr', nargs='?', help='address to listen at', default=DEFAULT_ADDR) parser.add_argument('--test-delay', type=float, help='artificial delay for handling requests, seconds') args = parser.parse_args() identity = Identity.load_from_file(args.identity_fpath) host, port = parse_addr(args.addr) services = Services() server = Server(identity, args.test_delay) tcp_server = TcpServer(services.remoting, server, host, port) management_url = services.modules.server_management.get_management_url(server.get_public_key()) url_with_routes = management_url.clone_with_routes(tcp_server.get_routes()) log.info('Management url: %s', url_with_routes.to_str()) tcp_server.run()
def create_identity( fpath, overwrite ): private_fpath = fpath + '.identity.pem' public_fpath = fpath + '.public.pem' if os.path.exists(private_fpath) and not overwrite: log.info('identity file %r is already exists', private_fpath) return if os.path.exists(public_fpath) and not overwrite: log.info('identity file %r is already exists', public_fpath) return log.info('generating rsa key of size %d...', RSA_KEY_SIZE_SAFE) sys.stdout.flush() identity = Identity.generate() log.info('generating rsa key ... done') public_key = identity.private_key.public_key() identity.save_to_file(private_fpath) log.info('identity is written to %r', private_fpath) identity.get_public_key().save_to_file(public_fpath) log.info('public key is written to %r', public_fpath)
TYPE_MODULE_EXT = '.types' DYN_MODULE_EXT = '.dyn.py' logging.basicConfig(level=logging.DEBUG, format='%(asctime)-15s %(message)s') test_iface = Interface('test_iface', commands=[ RequestCmd('echo', [Field('test_param', tString)], [Field('test_result', tString)]), RequestCmd('required_auth', result_fields=[Field('test_result', tString)]), RequestCmd('broadcast', [Field('message', tString)]), ], diff_type=tString) authorized_peer_identity = Identity.generate(fast=True) class TestObject(Object): class_name = 'test_object' iface = test_iface def __init__( self, module, id ): Object.__init__(self) self.module = module self.id = id def get_path( self ): return self.module.make_path(self.class_name, self.id)