def client(): client_key = SigningKey(CLIENT_KEY_SEED) server_key = SigningKey(SERVER_KEY_SEED) client_eph_key = PrivateKey(CLIENT_EPH_KEY_SEED) return SHSClientCrypto(client_key, bytes(server_key.verify_key), client_eph_key, application_key=APP_KEY)
class TestSigningKey: def test_initialize_with_generate(self): SigningKey.generate() def test_wrong_length(self): with pytest.raises(ValueError): SigningKey(b"") def test_bytes(self): k = SigningKey(b"\x00" * crypto_sign_SEEDBYTES) assert bytes(k) == b"\x00" * crypto_sign_SEEDBYTES def test_equal_keys_are_equal(self): k1 = SigningKey(b"\x00" * crypto_sign_SEEDBYTES) k2 = SigningKey(b"\x00" * crypto_sign_SEEDBYTES) assert_equal(k1, k1) assert_equal(k1, k2) def test_equal_keys_have_equal_hashes(self): k1 = SigningKey(b"\x00" * crypto_sign_SEEDBYTES) k2 = SigningKey(b"\x00" * crypto_sign_SEEDBYTES) assert hash(k1) == hash(k2) assert id(k1) != id(k2) @pytest.mark.parametrize('k2', [ b"\x00" * crypto_sign_SEEDBYTES, SigningKey(b"\x01" * crypto_sign_SEEDBYTES), SigningKey(b"\x00" * (crypto_sign_SEEDBYTES - 1) + b"\x01"), ]) def test_different_keys_are_not_equal(self, k2): k1 = SigningKey(b"\x00" * crypto_sign_SEEDBYTES) assert_not_equal(k1, k2) @pytest.mark.parametrize("seed", [ b"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a", ]) def test_initialization_with_seed(self, seed): SigningKey(seed, encoder=HexEncoder) @pytest.mark.parametrize( ("seed", "_public_key", "message", "signature", "expected"), ed25519_known_answers() ) def test_message_signing(self, seed, _public_key, message, signature, expected): signing_key = SigningKey( seed, encoder=HexEncoder, ) signed = signing_key.sign( binascii.unhexlify(message), encoder=HexEncoder, ) assert signed == expected assert signed.message == message assert signed.signature == signature
def test_get_chat_event(): try: with LogCapture() as log_cap: private_key = secrets.token_bytes(32) signing_key = SigningKey(private_key) public_key_feed_id = signing_key.verify_key.encode() content0 = Content('chat/whateveraction', { 'messagekey': 'hallo zusammen', 'chat_id': '1', 'timestampkey': 10 }) hash_of_content = hashlib.sha256( content0.get_as_cbor()).hexdigest() hash_of_prev = None meta = Meta(public_key_feed_id, 0, hash_of_prev, 'ed25519', ('sha256', hash_of_content)) signature = signing_key.sign(meta.get_as_cbor())._signature event = Event(meta, signature, content0).get_as_cbor() connector = EventHandler() connector.add_event(event) meta = Meta(public_key_feed_id, 1, hash_of_prev, 'ed25519', ('sha256', hash_of_content)) content1 = Content('chat/whateveraction', { 'messagekey': 'wie gehts?', 'chat_id': '1', 'timestampkey': 20 }) signature = signing_key.sign(meta.get_as_cbor())._signature event = Event(meta, signature, content1).get_as_cbor() connector.add_event(event) content2 = Content( 'chat/whateveraction', { 'messagekey': 'schönes Wetter heute', 'chat_id': '1', 'timestampkey': 30 }) meta = Meta(public_key_feed_id, 2, hash_of_prev, 'ed25519', ('sha256', hash_of_content)) signature = signing_key.sign(meta.get_as_cbor())._signature event = Event(meta, signature, content2).get_as_cbor() connector.add_event(event) print(log_cap) print('\n#######################################') # TODO: there seem to be some errors concerning the chat_id, I would watch out in what form it is (binary or string?) q = EventHandler().get_event_since('chat', 15, '1') print(q) print('\n#######################################') t = EventHandler().get_all_events(application='chat', chat_id='1') print(t) assert True finally: try: if os.path.exists('eventDatabase.sqlite'): os.remove('eventDatabase.sqlite') else: assert False except PermissionError: print('Database is still in use')
def __init__(self, secret, algorithm=None): if algorithm is None: algorithm = DEFAULT_SIGN_ALGORITHM assert algorithm in ALGORITHMS, "Unknown algorithm" if isinstance(secret, six.string_types): secret = secret.encode("ascii") self._rsa = None self._hash = None self._ed25519 = None splitted = algorithm.split('-') if len(splitted) > 1: self.sign_algorithm, self.hash_algorithm = splitted else: self.sign_algorithm, self.hash_algorithm = splitted[0], None if self.sign_algorithm == 'rsa': try: rsa_key = RSA.importKey(secret) self._rsa = PKCS1_v1_5.new(rsa_key) self._hash = HASHES[self.hash_algorithm] except ValueError: raise HttpSigException("Invalid key.") elif self.sign_algorithm == 'hmac': self._hash = HMAC.new(secret, digestmod=HASHES[self.hash_algorithm]) elif self.sign_algorithm == 'ed25519': self._ed25519 = SigningKey(secret, encoder=Base64Encoder)
def route_logic(message_class, current_user, msg_content): # grid relative from .node import get_node # TODO: fix circular import if current_user: user_key = SigningKey(current_user.private_key.encode("utf-8"), encoder=HexEncoder) msg_content["internal_key"] = current_user.private_key msg_content["current_user"] = current_user.id else: user_key = SigningKey.generate() content = { "address": get_node().address, "content": msg_content, "reply_to": get_node().address, } syft_message = {} syft_message["message_class"] = message_class syft_message["message_content"] = content syft_message["sign_key"] = user_key # Execute task response_msg = task_handler( route_function=process_as_syft_message, data=syft_message, mandatory={ "message_class": MissingRequestKeyError, "message_content": MissingRequestKeyError, "sign_key": MissingRequestKeyError, }, ) return response_msg
def prep_approved_join_reply(request, join_rep_dict, own_isdas, own_as_obj): """ Prepares the join reply for the APPROVED case. """ logger.info("New AS ID = %s", request.POST['newASId']) joining_as = request.POST['newASId'] is_core = request.POST['join_as_a_core'] sig_pub_key = from_b64(request.POST['sig_pub_key']) enc_pub_key = from_b64(request.POST['enc_pub_key']) signing_as_sig_priv_key = from_b64(own_as_obj.sig_priv_key) joining_ia = TopoID.from_values(own_isdas[0], joining_as) if is_core.lower() == "true": validity = Certificate.CORE_AS_VALIDITY_PERIOD comment = "Core AS Certificate" else: validity = Certificate.AS_VALIDITY_PERIOD comment = "AS Certificate" cert = Certificate.from_values( str(joining_ia), str(own_isdas), INITIAL_TRC_VERSION, INITIAL_CERT_VERSION, comment, is_core, validity, enc_pub_key, sig_pub_key, SigningKey(signing_as_sig_priv_key) ) respond_ia_chain = CertificateChain.from_raw(own_as_obj.certificate) request_ia_chain = CertificateChain([cert, respond_ia_chain.core_as_cert]) join_rep_dict['JoiningIA'] = str(joining_ia) join_rep_dict['IsCore'] = is_core.lower() == "true" join_rep_dict['RespondIA'] = str(own_isdas) join_rep_dict['JoiningIACertificate'] = request_ia_chain.to_json() join_rep_dict['RespondIACertificate'] = respond_ia_chain.to_json() join_rep_dict['TRC'] = TRC.from_raw(own_as_obj.trc).to_json() logger.debug("Accepting Join Request = %s", join_rep_dict)
def generate_certificates(self, sk): sk = SigningKey(seed=bytes.fromhex(sk)) self.vk = sk.verify_key.encode().hex() self.public_key = self.vk2pk(self.vk) private_key = crypto_sign_ed25519_sk_to_curve25519( sk._signing_key).hex() for d in [self.keys_dir, self.public_keys_dir, self.secret_keys_dir]: if self.wipe_certs and os.path.exists(d): shutil.rmtree(d) os.makedirs(d, exist_ok=True) if self.wipe_certs: self.create_from_private_key(private_key) # move public keys to appropriate directory for key_file in os.listdir(self.keys_dir): if key_file.endswith(".key"): shutil.move(os.path.join(self.keys_dir, key_file), os.path.join(self.public_keys_dir, '.')) # move secret keys to appropriate directory for key_file in os.listdir(self.keys_dir): if key_file.endswith(".key_secret"): shutil.move(os.path.join(self.keys_dir, key_file), os.path.join(self.secret_keys_dir, '.')) log.info('Generated CURVE certificate files!')
def author(self, cursor): cursor.execute("SELECT author_name, author_private_key FROM config") name, keydata = cursor.fetchone() return LocalAuthor( name=name, signing_key=SigningKey(keydata, encoder=Base32Encoder), )
def read_signing_key_file(file): """Read signing key from file""" try: with open(file, 'rb') as f: return SigningKey(f.read(), encoder=HexEncoder) except FileNotFoundError: create_account_and_save_signing_key_file(file)
def verify_pair(filename): """ Function to verify a public/private key pair previously generated by this tool. Parameters ---------- filename: str Name of the files to write the public and private key to. """ with open(filename, 'r') as f: hex_read = f.read().encode() sk_read = SigningKey(hex_read, encoder=HexEncoder) pub_filename = filename + '.pub' with open(pub_filename, 'r') as f: hex_read = f.read().encode() vk_read = VerifyKey(hex_read, encoder=HexEncoder) phrase_to_sign = b'phrase to sign' try: signed_phrase = sk_read.sign(phrase_to_sign) vk_read.verify(signed_phrase) except BadSignatureError as be: print(f"Private key in {filename} does not match public key in {pub_filename}.") return False print(f"Private key in {filename} matches public key in {pub_filename}.") return True
def create_block(signing_key, previous_block, body, difficulty=1, difficulty_mode=0): signing_key = SigningKey(signing_key) if type(signing_key) == type( 's') or type(signing_key) == type(b's') else signing_key nonce = nacl.utils.random(16) signature = signing_key.sign(previous_block['hash'] + nonce + body) # mild PoW while not BasicBlockChain.meets_difficulty( signature.signature, difficulty, difficulty_mode): nonce = nacl.utils.random(16) signature = signing_key.sign(previous_block['hash'] + nonce + body) hash = sha256(signature.signature, encoder=RawEncoder) # return the block return { 'block_height': previous_block['block_height'] + 1, 'hash': hash, 'signature': signature.signature, 'address': signing_key.verify_key._key, 'previous_block': previous_block['hash'], 'nonce': nonce, 'body': body }
def test_worker_key_pair_tool(): key_file = "gen_pair_test" private_key, public_key = gen_pair(key_file) test_phrase = b"Test phrase" try: public_key.verify(private_key.sign(test_phrase)) except BadSignatureError as bse: assert False # load the generated keys from the file with open(key_file, 'r') as f: loaded_private_key = SigningKey(f.read().encode(), encoder=HexEncoder) with open(key_file + '.pub', 'r') as f: loaded_public_key = VerifyKey(f.read().encode(), encoder=HexEncoder) # test the try: loaded_public_key.verify(loaded_private_key.sign(test_phrase)) except BadSignatureError as bse: assert False assert verify_pair(key_file) # test that a bad signature is detected with open(key_file, 'w') as f: f.write( SigningKey.generate().encode(encoder=HexEncoder).decode('utf-8')) assert not verify_pair(key_file) # clean up os.remove(key_file) os.remove(key_file + '.pub')
def prepare_hsc_transfer_transaction(): from stablecoin.TransferTransactionData_pb2 import TransferTransactionData from stablecoin.TransactionBody_pb2 import TransactionBody from stablecoin.Transaction_pb2 import Transaction key_from = SigningKey( bytes.fromhex( "1aaced2d7b85ca122adfb5e6d15926eddbdfa8f270e40109fa01e3607446c48b") ) address_from = bytes(key_from.verify_key) address_to = bytes.fromhex( "c9fef56cee613e390d728399bef53619603b9f0559daab6ba68bf1c24715fb23") value = int_to_bytes(100) # $1.00 transfer = TransferTransactionData(to=address_to, value=value) valid_start = generate_valid_start_nanos() body = TransactionBody(caller=address_from, operatorAccountNum=9523, validStartNanos=valid_start, transfer=transfer) body_bytes = body.SerializeToString() body_signature = key_from.sign(body_bytes).signature tx = Transaction(body=body_bytes, signature=body_signature) tx_bytes = tx.SerializeToString() return tx_bytes, 9523, valid_start
def send_signed_block(*, block, ip_address, port, protocol, url_path): """ Sign block and send to recipient """ network_signing_key = get_environment_variable('NETWORK_SIGNING_KEY') signing_key = SigningKey(network_signing_key, encoder=HexEncoder) node_identifier = get_verify_key(signing_key=signing_key) node_identifier = encode_verify_key(verify_key=node_identifier) message = sort_and_encode(block) signed_block = { 'block': block, 'node_identifier': node_identifier, 'signature': generate_signature(message=message, signing_key=signing_key) } node_address = format_address(ip_address=ip_address, port=port, protocol=protocol) url = f'{node_address}{url_path}' try: post(url=url, body=signed_block) except Exception as e: logger.exception(e)
def get_keys_from_file(private_key_file): """ Creates the SigningKey object from the private_key_file containing the private key string, and reads the public key from the corresponding .pub file and returns the SigningKey and the public key string. Parameters ---------- private_key_file: str The name of the file containing the private key. The corresponding public key is expected to be in the private_key_file+'.pub' file Returns ------- SigningKey, str: The private key, and the public key in string form. """ if private_key_file is None: return None, None with open(private_key_file, 'r') as f: hex_read = f.read().encode() private_key = SigningKey(hex_read, encoder=HexEncoder) with open(private_key_file + '.pub', 'r') as f: public_key_str = f.read() return private_key, public_key_str
def command_list_addressbook(self): resp = [] # these entries might merely be incomplete invitations for row in self.db.execute("SELECT * FROM addressbook").fetchall(): entry = {} # these properties are set right away entry["cid"] = row["id"] entry["petname"] = row["petname"] entry["acked"] = bool(row["acked"]) entry["invitation_context"] = { "when_invited": row["when_invited"], "code": row["invitation_code"], } sk = SigningKey(row["my_signkey"].decode("hex")) entry["my_verfkey"] = sk.verify_key.encode(Hex) # these appear when the invitation process is complete if row["when_accepted"] is not None: entry["invitation_context"]["when_accepted"] = row[ "when_accepted"] if row["their_verfkey"] is not None: entry["their_verfkey"] = str(row["their_verfkey"]) if row["their_channel_record_json"] is not None: entry["their_channel_record"] = json.loads( row["their_channel_record_json"]) # TODO: filter out the long-term stuff resp.append(entry) return resp
def test_local_feed(): secret = b64decode('Mz2qkNOP2K6upnqibWrR+z8pVUI1ReA1MLc7QMtF2qQ=') feed = LocalFeed(SigningKey(secret)) assert bytes(feed.private_key) == secret assert bytes(feed.public_key) == b64decode( 'I/4cyN/jPBbDsikbHzAEvmaYlaJK33lW3UhWjNXjyrU=') assert feed.id == '@I/4cyN/jPBbDsikbHzAEvmaYlaJK33lW3UhWjNXjyrU=.ed25519'
def create_transaction( private_key: str, public_key: str, receiver: str, amount: int ) -> dict: """ Creates a transaction from a sender's public key to a receiver's public key :param private_key: The Sender's private key :param public_key: The Sender's public key :param receiver: The Receiver's public key :param amount: The amount in cents :return: <dict> The transaction dict """ tx = { "sender": public_key, "receiver": receiver, "amount": amount, "timestamp": int(time()), } tx_bytes = json.dumps(tx, sort_keys=True).encode("ascii") # Generate a signing key from the private key signing_key = SigningKey(private_key, encoder=HexEncoder) # Now add the signature to the original transaction signature = signing_key.sign(tx_bytes).signature tx["signature"] = HexEncoder.encode(signature).decode("ascii") return tx
def generate_certificates(cls, sk_hex, wipe_certs=False): sk = SigningKey(seed=bytes.fromhex(sk_hex)) vk = sk.verify_key.encode().hex() public_key = cls.vk2pk(vk) private_key = crypto_sign_ed25519_sk_to_curve25519( sk._signing_key).hex() for d in [cls.keys_dir, cls.authorized_keys_dir]: if wipe_certs and exists(d): shutil.rmtree(d) os.makedirs(d, exist_ok=True) if wipe_certs: _, secret = cls.create_from_private_key(private_key) for key_file in os.listdir(cls.keys_dir): if key_file.endswith(".key"): shutil.move(join(cls.keys_dir, key_file), join(cls.authorized_keys_dir, '.')) if exists(cls.keys_dir): shutil.rmtree(cls.keys_dir) log.info('Generated CURVE certificate files!') return vk, public_key, secret
def read_signing_key_file(file): """ Read signing key from file """ with open(file, "rb") as f: return SigningKey(f.read(), encoder=HexEncoder)
def test_get_current_event(): try: with LogCapture(): private_key = secrets.token_bytes(32) signing_key = SigningKey(private_key) public_key_feed_id = signing_key.verify_key.encode() content = Content('whateverapp/whateveraction', { 'oneKey': 'somevalue', 'someotherkey': 1 }) hash_of_content = hashlib.sha256(content.get_as_cbor()).hexdigest() hash_of_prev = None meta = Meta(public_key_feed_id, 0, hash_of_prev, 'ed25519', ('sha256', hash_of_content)) signature = signing_key.sign(meta.get_as_cbor())._signature event = Event(meta, signature, content).get_as_cbor() connector = DatabaseConnector() connector.add_event(event) result = connector.get_current_event(public_key_feed_id) result = Event.from_cbor(result) assert result.meta.hash_of_content[1] == meta.hash_of_content[1] finally: try: if os.path.exists('cborDatabase.sqlite'): os.remove('cborDatabase.sqlite') if os.path.exists('eventDatabase.sqlite'): os.remove('eventDatabase.sqlite') else: assert False except PermissionError: print('Database is still in use')
def decrypt_message(encrypted_message, keying_material, private_key): encrypted_key = keying_material['encrypted_key'] message_signature = keying_material['message_signature'] temp_public_key = PublicKey( keying_material['temp_public_key'], Base64Encoder) box = PublicBox(private_key, temp_public_key) message_key = box.decrypt( encrypted_key, encoder=Base64Encoder) # We got the key, so let's get the message. message_box = nacl.secret.SecretBox(message_key) message = message_box.decrypt( encrypted_message, encoder=Base64Encoder) # Check the signature. mac_key = sha256(box._shared_key, RawEncoder) signing_key = SigningKey(mac_key) if signing_key.sign(message, Base64Encoder) != message_signature: raise SignatureError("The signature is not valid") return message
def get_signing_key(): """ Return signing key """ network_signing_key = get_environment_variable('NETWORK_SIGNING_KEY') return SigningKey(network_signing_key, encoder=HexEncoder)
def __init__(self, pv_key_int, curve): """An EllipticCurvePrivateKey object""" self.curve = curve if self.curve == "K1": curveobj = K1_CURVE elif self.curve == "R1": curveobj = R1_CURVE if self.curve == "K1" or self.curve == "R1": # K1 or R1 if pv_key_int < 0: # No private key provided, generating self.key_obj = ec.generate_private_key( curveobj, backends.default_backend()) else: # Create a key pair from the provided key integer self.key_obj = ec.derive_private_key( pv_key_int, curveobj, backends.default_backend()) elif self.curve == "ED": if pv_key_int < 0: # No private key provided, generating seed_bytes = random_generator() else: # Create a key pair from the provided key integer seed_bytes = pv_key_int.to_bytes(32, "big") self.key_obj = SigningKey(seed_bytes, RawEncoder) else: raise ValueError("ECkeypair must be K1, R1 or ED")
def generate_certificate(joining_ia, core_ia, core_sign_priv_key_file, core_cert_file, trc_file): """ """ core_ia_chain = CertificateChain.from_raw(read_file(core_cert_file)) # AS cert is always expired one second before the expiration of the Core AS cert validity = core_ia_chain.core_as_cert.expiration_time - int(time.time()) - 1 comment = "AS Certificate" core_ia_sig_priv_key = base64.b64decode(read_file(core_sign_priv_key_file)) public_key_sign, private_key_sign = generate_sign_keypair() public_key_encr, private_key_encr = generate_enc_keypair() cert = Certificate.from_values( str(joining_ia), str(core_ia), INITIAL_TRC_VERSION, INITIAL_CERT_VERSION, comment, False, validity, public_key_encr, public_key_sign, core_ia_sig_priv_key) sig_priv_key = base64.b64encode(private_key_sign).decode() enc_priv_key = base64.b64encode(private_key_encr).decode() sig_priv_key_raw = base64.b64encode(SigningKey(private_key_sign)._signing_key).decode() joining_ia_chain = CertificateChain([cert, core_ia_chain.core_as_cert]).to_json() trc = open(trc_file).read() master_as_key = base64.b64encode(Random.new().read(16)).decode('utf-8') key_dict = { 'enc_key': enc_priv_key, 'sig_key': sig_priv_key, 'sig_key_raw': sig_priv_key_raw, 'master_as_key': master_as_key, } as_obj = ASCredential(joining_ia_chain, trc, key_dict) return as_obj
def _assign_keys(self, as_): isd_as_id = as_.isd_as_str() chain = self.loader.certs[isd_as_id] as_.certificate_chain = chain assert (chain['0']['Subject'] == isd_as_id) as_.sig_pub_key = chain['0']['SubjectSignKey'] as_.enc_pub_key = chain['0']['SubjectEncKey'] as_.sig_priv_key = self.loader.keys_sig[isd_as_id] as_.enc_priv_key = self.loader.keys_decrypt[isd_as_id] as_.master_as_key = self.loader.master0s[isd_as_id] if as_.is_core: trc = self.loader.trcs[as_.isd.isd_id] as_.core_offline_priv_key = self.loader.core_keys_offline[ isd_as_id] as_.core_offline_pub_key = trc['CoreASes'][isd_as_id]['OfflineKey'] as_.core_online_priv_key = self.loader.core_keys_online[isd_as_id] as_.core_online_pub_key = trc['CoreASes'][isd_as_id]['OnlineKey'] as_.core_sig_priv_key = self.loader.core_keys_sig[isd_as_id] as_.core_sig_pub_key = base64.b64encode( SigningKey(base64.b64decode( as_.core_sig_priv_key)).verify_key._key).decode() core_cert = Certificate( chain['1']) # load the one from the json file and adapt it core_cert.subject = as_.isd_as_str() core_cert.issuer = as_.isd_as_str() # self signed core_cert.subject_enc_key = '' core_cert.subject_sig_key = as_.core_sig_pub_key core_cert.sign(base64.b64decode(as_.core_online_priv_key)) as_.core_certificate = core_cert.dict() # redo the AS cert in the chain cert = Certificate(chain['0']) cert.issuer = as_.isd_as_str() cert.sign(base64.b64decode(as_.core_sig_priv_key)) as_.certificate_chain = {'0': cert.dict(), '1': core_cert.dict()} as_.save()
def create_local_author_from_config(config, name=None): """ :param config: a Tahoe config instance (created via `allmydata.client.read_config`) :param name: which Magic Folder to use (or 'default') :returns: a LocalAuthor instance from our configuration """ # private-keys go in "<node_dir>/private/magicfolder_<name>.privkey" # to mirror where the sqlite database goes if name is None: name = "default" nodedir = config.get_config_path() magic_folders = load_magic_folders(nodedir) if name not in magic_folders: raise RuntimeError("No magic-folder named '{}'".format(name)) # we will always have authorship information for this # magic-folder; "legacy" magic-folders will go through "tahoe # migrate" first and have an author created. author_raw = config.get_private_config( "magicfolder_{}.privkey".format(name)) author_data = json.loads(author_raw) return LocalAuthor( name=author_data[u"author_name"], signing_key=SigningKey( author_data[u"author_private_key"], encoder=Base64Encoder, ), )
def __init__( self, credentials: Dict, url: str, conn_type: Type[ClientConnection], client_type: Type[Client], ) -> None: # Use Server metadata # to build client route self.conn = conn_type(url=url) # type: ignore self.client_type = client_type if credentials: metadata, _user_key = self.conn.login(credentials=credentials) # type: ignore _user_key = SigningKey(_user_key.encode("utf-8"), encoder=HexEncoder) else: metadata = self.conn._get_metadata() # type: ignore if not user_key: _user_key = SigningKey.generate() else: _user_key = user_key ( spec_location, name, client_id, ) = self.client_type.deserialize_client_metadata_from_node( metadata=metadata ) # Create a new Solo Route using the selected connection type route = SoloRoute(destination=spec_location, connection=self.conn) location_args = self.__route_client_location( client_type=self.client_type, location=spec_location ) self.proxy_address: Optional[Address] = None # Create a new client using the selected client type super().__init__( network=location_args[NetworkClient], domain=location_args[DomainClient], device=location_args[DeviceClient], vm=location_args[VirtualMachineClient], name=name, routes=[route], signing_key=_user_key, ) self.groups = GroupRequestAPI(send=self.__perform_grid_request) self.users = UserRequestAPI(send=self.__perform_grid_request) self.roles = RoleRequestAPI(send=self.__perform_grid_request) self.workers = WorkerRequestAPI( send=self.__perform_grid_request, domain_client=self ) self.association_requests = AssociationRequestAPI( send=self.__perform_grid_request )
def test_handshake_envelopes(): vectors = get_test_vectors() client_signing_private_key = SigningKey( binascii.a2b_base64(vectors['test1']['client_signing_priv_key'])) client_signing_keypair = Ed25519KeyPair( client_signing_private_key, client_signing_private_key.verify_key) client_e_keypair = Curve25519KeyPair( PrivateKey( binascii.a2b_base64( vectors['test1']['client_ephemeral_priv_key'])), PublicKey( binascii.a2b_base64(vectors['test1']['client_ephemeral_pub_key']))) server_e_keypair = Curve25519KeyPair( PrivateKey( binascii.a2b_base64( vectors['test1']['server_ephemeral_priv_key'])), PublicKey( binascii.a2b_base64(vectors['test1']['server_ephemeral_pub_key']))) server_signing_private_key = SigningKey( binascii.a2b_base64(vectors['test1']['server_signing_priv_key'])) server_signing_keypair = Ed25519KeyPair( server_signing_private_key, server_signing_private_key.verify_key) server_envelope_factory = SecretHandshakeEnvelopeFactory( bytes(binascii.a2b_base64(vectors['test1']['application_key'])), server_e_keypair, server_signing_keypair, client_signing_keypair.public_key) client_envelope_factory = SecretHandshakeEnvelopeFactory( bytes(binascii.a2b_base64(vectors['test1']['application_key'])), client_e_keypair, client_signing_keypair, server_signing_keypair.public_key) client_challenge = client_envelope_factory.create_client_challenge() assert bytes(client_challenge) == binascii.a2b_base64( vectors['test1']['client_challenge']) assert server_envelope_factory.is_client_challenge_verified( client_challenge) == True server_challenge = server_envelope_factory.create_server_challenge() assert client_envelope_factory.is_server_challenge_verified( server_challenge) == True client_auth = client_envelope_factory.create_client_auth() server_envelope_factory.verify_client_auth(client_auth) server_accept = server_envelope_factory.create_server_accept() client_envelope_factory.verify_server_accept(server_accept)
def test_get_event(): try: with LogCapture() as log_cap: private_key = secrets.token_bytes(32) signing_key = SigningKey(private_key) public_key_feed_id = signing_key.verify_key.encode() content0 = Content('whateverapp/whateveraction', { 'firstkey': 'somevalue', 'someotherkey': 3 }) hash_of_content = hashlib.sha256( content0.get_as_cbor()).hexdigest() hash_of_prev = None meta = Meta(public_key_feed_id, 0, hash_of_prev, 'ed25519', ('sha256', hash_of_content)) signature = signing_key.sign(meta.get_as_cbor())._signature event = Event(meta, signature, content0).get_as_cbor() connector = DatabaseConnector() connector.add_event(event) meta = Meta(public_key_feed_id, 1, hash_of_prev, 'ed25519', ('sha256', hash_of_content)) content1 = Content('whateverapp/whateveraction', { 'secondkey': 'somevalue', 'someotherkey': 4 }) signature = signing_key.sign(meta.get_as_cbor())._signature event = Event(meta, signature, content1).get_as_cbor() connector.add_event(event) content2 = Content('whateverapp/whateveraction', { 'thirdkey': 'somevalue', 'someotherkey': 5 }) meta = Meta(public_key_feed_id, 2, hash_of_prev, 'ed25519', ('sha256', hash_of_content)) signature = signing_key.sign(meta.get_as_cbor())._signature event = Event(meta, signature, content2).get_as_cbor() connector.add_event(event) res0 = connector.get_event(public_key_feed_id, 0) res1 = connector.get_event(public_key_feed_id, 1) res2 = connector.get_event(public_key_feed_id, 2) result0 = Event.from_cbor(res0) result1 = Event.from_cbor(res1) result2 = Event.from_cbor(res2) assert result0.content.content == content0.content assert result1.content.content == content1.content assert result2.content.content == content2.content print(log_cap) finally: try: if os.path.exists('cborDatabase.sqlite'): os.remove('cborDatabase.sqlite') if os.path.exists('eventDatabase.sqlite'): os.remove('eventDatabase.sqlite') else: assert False except PermissionError: print('Database is still in use')