class TestSqlIdentityStorage(ut.TestCase): def setUp(self): # Reuse the policy_config subdirectory for the temporary SQLite file. self.databaseFilePath = "policy_config/test-public-info.db" try: os.remove(self.databaseFilePath) except OSError: # no such file pass self.identityStorage = BasicIdentityStorage(self.databaseFilePath) self.identityManager = IdentityManager(self.identityStorage, FilePrivateKeyStorage()) self.policyManager = SelfVerifyPolicyManager(self.identityStorage) self.keyChain = KeyChain(self.identityManager, self.policyManager) def tearDown(self): try: os.remove(self.databaseFilePath) except OSError: pass def test_identity_create_delete(self): identityName = Name('/TestIdentityStorage/Identity').appendVersion( int(time.time())) certificateName = self.keyChain.createIdentityAndCertificate( identityName) keyName = IdentityCertificate.certificateNameToPublicKeyName( certificateName) self.assertTrue(self.identityStorage.doesIdentityExist(identityName), "Identity was not added to IdentityStorage") self.assertIsNotNone(keyName, "New identity has no key") self.assertTrue(self.identityStorage.doesKeyExist(keyName), "Key was not added to IdentityStorage") self.assertIsNotNone(certificateName, "Certificate was not added to IdentityStorage") self.keyChain.deleteIdentity(identityName) self.assertFalse(self.identityStorage.doesIdentityExist(identityName), "Identity still in IdentityStorage after revoking") self.assertFalse( self.identityStorage.doesKeyExist(keyName), "Key still in IdentityStorage after identity was deletedInfo") self.assertFalse( self.identityStorage.doesCertificateExist(certificateName), "Certificate still in IdentityStorage after identity was deletedInfo" ) with self.assertRaises(SecurityException): self.identityManager.getDefaultCertificateNameForIdentity( identityName) def test_key_create_delete(self): identityName = Name('/TestIdentityStorage/Identity').appendVersion( int(time.time())) keyName1 = self.keyChain.generateRSAKeyPair(identityName, True) self.keyChain.getIdentityManager().setDefaultKeyForIdentity(keyName1) keyName2 = self.keyChain.generateRSAKeyPair(identityName, False) self.assertEqual( self.identityManager.getDefaultKeyNameForIdentity(identityName), keyName1, "Default key name was changed without explicit request") self.assertNotEqual( self.identityManager.getDefaultKeyNameForIdentity(identityName), keyName2, "Newly created key replaced default key without explicit request") self.identityStorage.deletePublicKeyInfo(keyName2) self.assertFalse(self.identityStorage.doesKeyExist(keyName2)) self.keyChain.deleteIdentity(identityName) def test_key_autocreate_identity(self): keyName1 = Name('/TestSqlIdentityStorage/KeyType/RSA/ksk-12345') identityName = keyName1[:-1] decodedKey = base64.b64decode(RSA_DER) self.identityStorage.addKey(keyName1, KeyType.RSA, Blob(decodedKey)) self.identityStorage.setDefaultKeyNameForIdentity(keyName1) self.assertTrue(self.identityStorage.doesKeyExist(keyName1), "Key was not added") self.assertTrue(self.identityStorage.doesIdentityExist(identityName), "Identity for key was not automatically created") self.assertEqual( self.identityManager.getDefaultKeyNameForIdentity(identityName), keyName1, "Default key was not set on identity creation") with self.assertRaises(SecurityException): self.identityStorage.getDefaultCertificateNameForKey(keyName1) with self.assertRaises(SecurityException): # we have no private key for signing self.identityManager.selfSign(keyName1) with self.assertRaises(SecurityException): self.identityStorage.getDefaultCertificateNameForKey(keyName1) with self.assertRaises(SecurityException): self.identityManager.getDefaultCertificateNameForIdentity( identityName) keyName2 = self.identityManager.generateRSAKeyPairAsDefault( identityName) cert = self.identityManager.selfSign(keyName2) self.identityManager.addCertificateAsIdentityDefault(cert) certName1 = self.identityManager.getDefaultCertificateNameForIdentity( identityName) certName2 = self.identityStorage.getDefaultCertificateNameForKey( keyName2) self.assertEqual( certName1, certName2, "Key-certificate mapping and identity-certificate mapping are not consistent" ) self.keyChain.deleteIdentity(identityName) self.assertFalse(self.identityStorage.doesKeyExist(keyName1)) def test_certificate_add_delete(self): identityName = Name('/TestIdentityStorage/Identity').appendVersion( int(time.time())) self.identityManager.createIdentityAndCertificate( identityName, KeyChain.DEFAULT_KEY_PARAMS) keyName1 = self.identityManager.getDefaultKeyNameForIdentity( identityName) cert2 = self.identityManager.selfSign(keyName1) self.identityStorage.addCertificate(cert2) certName2 = cert2.getName() certName1 = self.identityManager.getDefaultCertificateNameForIdentity( identityName) self.assertNotEqual( certName1, certName2, "New certificate was set as default without explicit request") self.identityStorage.deleteCertificateInfo(certName1) self.assertTrue(self.identityStorage.doesCertificateExist(certName2)) self.assertFalse(self.identityStorage.doesCertificateExist(certName1)) self.keyChain.deleteIdentity(identityName) self.assertFalse(self.identityStorage.doesCertificateExist(certName2)) def test_stress(self): # ndn-cxx/tests/unit-tests/security/test-sec-public-info-sqlite3.cpp identityName = Name("/TestSecPublicInfoSqlite3/Delete").appendVersion( int(time.time())) # ndn-cxx returns the cert name, but the IndentityManager docstring # specifies a key certName1 = self.keyChain.createIdentityAndCertificate(identityName) keyName1 = IdentityCertificate.certificateNameToPublicKeyName( certName1) keyName2 = self.keyChain.generateRSAKeyPairAsDefault(identityName) cert2 = self.identityManager.selfSign(keyName2) certName2 = cert2.getName() self.identityManager.addCertificateAsDefault(cert2) keyName3 = self.keyChain.generateRSAKeyPairAsDefault(identityName) cert3 = self.identityManager.selfSign(keyName3) certName3 = cert3.getName() self.identityManager.addCertificateAsDefault(cert3) cert4 = self.identityManager.selfSign(keyName3) self.identityManager.addCertificateAsDefault(cert4) certName4 = cert4.getName() cert5 = self.identityManager.selfSign(keyName3) self.identityManager.addCertificateAsDefault(cert5) certName5 = cert5.getName() self.assertTrue(self.identityStorage.doesIdentityExist(identityName)) self.assertTrue(self.identityStorage.doesKeyExist(keyName1)) self.assertTrue(self.identityStorage.doesKeyExist(keyName2)) self.assertTrue(self.identityStorage.doesKeyExist(keyName3)) self.assertTrue(self.identityStorage.doesCertificateExist(certName1)) self.assertTrue(self.identityStorage.doesCertificateExist(certName2)) self.assertTrue(self.identityStorage.doesCertificateExist(certName3)) self.assertTrue(self.identityStorage.doesCertificateExist(certName4)) self.assertTrue(self.identityStorage.doesCertificateExist(certName5)) self.identityStorage.deleteCertificateInfo(certName5) self.assertFalse(self.identityStorage.doesCertificateExist(certName5)) self.assertTrue(self.identityStorage.doesCertificateExist(certName4)) self.assertTrue(self.identityStorage.doesCertificateExist(certName3)) self.assertTrue(self.identityStorage.doesKeyExist(keyName2)) self.identityStorage.deletePublicKeyInfo(keyName3) self.assertFalse(self.identityStorage.doesCertificateExist(certName4)) self.assertFalse(self.identityStorage.doesCertificateExist(certName3)) self.assertFalse(self.identityStorage.doesKeyExist(keyName3)) self.assertTrue(self.identityStorage.doesKeyExist(keyName2)) self.assertTrue(self.identityStorage.doesKeyExist(keyName1)) self.assertTrue(self.identityStorage.doesIdentityExist(identityName)) self.keyChain.deleteIdentity(identityName) self.assertFalse(self.identityStorage.doesCertificateExist(certName2)) self.assertFalse(self.identityStorage.doesKeyExist(keyName2)) self.assertFalse(self.identityStorage.doesCertificateExist(certName1)) self.assertFalse(self.identityStorage.doesKeyExist(keyName1)) self.assertFalse(self.identityStorage.doesIdentityExist(identityName))
class TestSqlIdentityStorage(ut.TestCase): def setUp(self): # Reuse the policy_config subdirectory for the temporary SQLite file. self.databaseFilePath = "policy_config/test-public-info.db" try: os.remove(self.databaseFilePath) except OSError: # no such file pass self.identityStorage = BasicIdentityStorage(self.databaseFilePath) self.identityManager = IdentityManager(self.identityStorage, FilePrivateKeyStorage()) self.policyManager = SelfVerifyPolicyManager(self.identityStorage) self.keyChain = KeyChain(self.identityManager, self.policyManager) def tearDown(self): try: os.remove(self.databaseFilePath) except OSError: pass def test_identity_create_delete(self): identityName = Name('/TestIdentityStorage/Identity').appendVersion( int(time.time())) certificateName = self.keyChain.createIdentityAndCertificate(identityName) keyName = IdentityCertificate.certificateNameToPublicKeyName(certificateName) self.assertTrue(self.identityStorage.doesIdentityExist(identityName), "Identity was not added to IdentityStorage") self.assertIsNotNone(keyName, "New identity has no key") self.assertTrue(self.identityStorage.doesKeyExist(keyName), "Key was not added to IdentityStorage") self.assertIsNotNone(certificateName, "Certificate was not added to IdentityStorage") self.keyChain.deleteIdentity(identityName) self.assertFalse(self.identityStorage.doesIdentityExist(identityName), "Identity still in IdentityStorage after identity was deleted") self.assertFalse(self.identityStorage.doesKeyExist(keyName), "Key still in IdentityStorage after identity was deleted") self.assertFalse(self.identityStorage.doesCertificateExist(certificateName), "Certificate still in IdentityStorage after identity was deleted") with self.assertRaises(SecurityException): self.identityManager.getDefaultCertificateNameForIdentity(identityName) def test_key_create_delete(self): identityName = Name('/TestIdentityStorage/Identity').appendVersion( int(time.time())) keyName1 = self.keyChain.generateRSAKeyPair(identityName, True) self.keyChain.getIdentityManager().setDefaultKeyForIdentity(keyName1) keyName2 = self.keyChain.generateRSAKeyPair(identityName, False) self.assertEqual(self.identityManager.getDefaultKeyNameForIdentity(identityName), keyName1, "Default key name was changed without explicit request") self.assertNotEqual(self.identityManager.getDefaultKeyNameForIdentity(identityName), keyName2, "Newly created key replaced default key without explicit request") self.identityStorage.deletePublicKeyInfo(keyName2) self.assertFalse(self.identityStorage.doesKeyExist(keyName2)) self.keyChain.deleteIdentity(identityName) def test_key_autocreate_identity(self): keyName1 = Name('/TestSqlIdentityStorage/KeyType/RSA/ksk-12345') identityName = keyName1[:-1] decodedKey = base64.b64decode(RSA_DER) self.identityStorage.addKey(keyName1, KeyType.RSA, Blob(decodedKey)) self.identityStorage.setDefaultKeyNameForIdentity(keyName1) self.assertTrue(self.identityStorage.doesKeyExist(keyName1), "Key was not added") self.assertTrue(self.identityStorage.doesIdentityExist(identityName), "Identity for key was not automatically created") self.assertEqual(self.identityManager.getDefaultKeyNameForIdentity(identityName), keyName1, "Default key was not set on identity creation") with self.assertRaises(SecurityException): self.identityStorage.getDefaultCertificateNameForKey(keyName1) with self.assertRaises(SecurityException): # we have no private key for signing self.identityManager.selfSign(keyName1) with self.assertRaises(SecurityException): self.identityStorage.getDefaultCertificateNameForKey(keyName1) with self.assertRaises(SecurityException): self.identityManager.getDefaultCertificateNameForIdentity(identityName) keyName2 = self.identityManager.generateRSAKeyPairAsDefault(identityName) cert = self.identityManager.selfSign(keyName2) self.identityManager.addCertificateAsIdentityDefault(cert) certName1 = self.identityManager.getDefaultCertificateNameForIdentity(identityName) certName2 = self.identityStorage.getDefaultCertificateNameForKey(keyName2) self.assertEqual(certName1, certName2, "Key-certificate mapping and identity-certificate mapping are not consistent") self.keyChain.deleteIdentity(identityName) self.assertFalse(self.identityStorage.doesKeyExist(keyName1)) def test_certificate_add_delete(self): identityName = Name('/TestIdentityStorage/Identity').appendVersion( int(time.time())) self.identityManager.createIdentityAndCertificate( identityName, KeyChain.DEFAULT_KEY_PARAMS) keyName1 = self.identityManager.getDefaultKeyNameForIdentity(identityName) cert2 = self.identityManager.selfSign(keyName1) self.identityStorage.addCertificate(cert2) certName2 = cert2.getName() certName1 = self.identityManager.getDefaultCertificateNameForIdentity(identityName) self.assertNotEqual(certName1, certName2, "New certificate was set as default without explicit request") self.identityStorage.deleteCertificateInfo(certName1) self.assertTrue(self.identityStorage.doesCertificateExist(certName2)) self.assertFalse(self.identityStorage.doesCertificateExist(certName1)) self.keyChain.deleteIdentity(identityName) self.assertFalse(self.identityStorage.doesCertificateExist(certName2)) def test_stress(self): # ndn-cxx/tests/unit-tests/security/test-sec-public-info-sqlite3.cpp identityName = Name("/TestSecPublicInfoSqlite3/Delete").appendVersion( int(time.time())) # ndn-cxx returns the cert name, but the IndentityManager docstring # specifies a key certName1 = self.keyChain.createIdentityAndCertificate(identityName) keyName1 = IdentityCertificate.certificateNameToPublicKeyName(certName1) keyName2 = self.keyChain.generateRSAKeyPairAsDefault(identityName) cert2 = self.identityManager.selfSign(keyName2) certName2 = cert2.getName() self.identityManager.addCertificateAsDefault(cert2) keyName3 = self.keyChain.generateRSAKeyPairAsDefault(identityName) cert3 = self.identityManager.selfSign(keyName3) certName3 = cert3.getName() self.identityManager.addCertificateAsDefault(cert3) cert4 = self.identityManager.selfSign(keyName3) self.identityManager.addCertificateAsDefault(cert4) certName4 = cert4.getName() cert5 = self.identityManager.selfSign(keyName3) self.identityManager.addCertificateAsDefault(cert5) certName5 = cert5.getName() self.assertTrue(self.identityStorage.doesIdentityExist(identityName)) self.assertTrue(self.identityStorage.doesKeyExist(keyName1)) self.assertTrue(self.identityStorage.doesKeyExist(keyName2)) self.assertTrue(self.identityStorage.doesKeyExist(keyName3)) self.assertTrue(self.identityStorage.doesCertificateExist(certName1)) self.assertTrue(self.identityStorage.doesCertificateExist(certName2)) self.assertTrue(self.identityStorage.doesCertificateExist(certName3)) self.assertTrue(self.identityStorage.doesCertificateExist(certName4)) self.assertTrue(self.identityStorage.doesCertificateExist(certName5)) self.identityStorage.deleteCertificateInfo(certName5) self.assertFalse(self.identityStorage.doesCertificateExist(certName5)) self.assertTrue(self.identityStorage.doesCertificateExist(certName4)) self.assertTrue(self.identityStorage.doesCertificateExist(certName3)) self.assertTrue(self.identityStorage.doesKeyExist(keyName2)) self.identityStorage.deletePublicKeyInfo(keyName3) self.assertFalse(self.identityStorage.doesCertificateExist(certName4)) self.assertFalse(self.identityStorage.doesCertificateExist(certName3)) self.assertFalse(self.identityStorage.doesKeyExist(keyName3)) self.assertTrue(self.identityStorage.doesKeyExist(keyName2)) self.assertTrue(self.identityStorage.doesKeyExist(keyName1)) self.assertTrue(self.identityStorage.doesIdentityExist(identityName)) self.keyChain.deleteIdentity(identityName) self.assertFalse(self.identityStorage.doesCertificateExist(certName2)) self.assertFalse(self.identityStorage.doesKeyExist(keyName2)) self.assertFalse(self.identityStorage.doesCertificateExist(certName1)) self.assertFalse(self.identityStorage.doesKeyExist(keyName1)) self.assertFalse(self.identityStorage.doesIdentityExist(identityName))