def test_limited_record_lifetime(self):
self._fixture = ValidationPolicyCommandInterestFixture(
ValidationPolicyCommandInterest.Options(400 * 1000.0, 1000,
300 * 1000.0))
# Signed at 0 seconds.
interest1 = self._fixture.makeCommandInterest(self._fixture._identity)
# Signed at +240 seconds.
self._fixture.setNowOffsetMilliseconds(240 * 1000.0)
interest2 = self._fixture.makeCommandInterest(self._fixture._identity)
# Signed at +360 seconds.
self._fixture.setNowOffsetMilliseconds(360 * 1000.0)
interest3 = self._fixture.makeCommandInterest(self._fixture._identity)
# Validate at 0 seconds.
self._fixture.setNowOffsetMilliseconds(0.0)
self.validateExpectSuccess(interest1, "Should succeed")
self.validateExpectSuccess(interest3, "Should succeed")
# Validate at +301 seconds.
self._fixture.setNowOffsetMilliseconds(301 * 1000.0)
self.validateExpectSuccess(
interest2,
"Should succeed despite the timestamp being reordered, because the record has expired"
)
def test_timestamp_out_of_grace_negative(self):
self._fixture = ValidationPolicyCommandInterestFixture(
ValidationPolicyCommandInterest.Options(15 * 1000.0))
# Signed at 0 seconds.
interest1 = self._fixture.makeCommandInterest(self._fixture._identity)
# Signed at +1 seconds.
self._fixture.setNowOffsetMilliseconds(1 * 1000.0)
interest2 = self._fixture.makeCommandInterest(self._fixture._identity)
# Signed at +2 seconds.
self._fixture.setNowOffsetMilliseconds(2 * 1000.0)
interest3 = self._fixture.makeCommandInterest(self._fixture._identity)
# Verifying at -16 seconds.
self._fixture.setNowOffsetMilliseconds(-16 * 1000.0)
self.validateExpectFailure(
interest1, "Should fail (timestamp outside the grace period)")
# The CommandInterestValidator should not remember interest1's timestamp.
self.validateExpectFailure(
interest2, "Should fail (timestamp outside the grace period)")
# The CommandInterestValidator should not remember interest2's timestamp, and
# should treat interest3 as initial.
# Verifying at +2 seconds.
self._fixture.setNowOffsetMilliseconds(2 * 1000.0)
self.validateExpectSuccess(interest3, "Should succeed")
def test_limited_records(self):
self._fixture = ValidationPolicyCommandInterestFixture(
ValidationPolicyCommandInterest.Options(15 * 1000.0, 3))
identity1 = self._fixture.addSubCertificate(
Name("/Security/V2/ValidatorFixture/Sub1"),
self._fixture._identity)
self._fixture._cache.insert(
identity1.getDefaultKey().getDefaultCertificate())
identity2 = self._fixture.addSubCertificate(
Name("/Security/V2/ValidatorFixture/Sub2"),
self._fixture._identity)
self._fixture._cache.insert(
identity2.getDefaultKey().getDefaultCertificate())
identity3 = self._fixture.addSubCertificate(
Name("/Security/V2/ValidatorFixture/Sub3"),
self._fixture._identity)
self._fixture._cache.insert(
identity3.getDefaultKey().getDefaultCertificate())
identity4 = self._fixture.addSubCertificate(
Name("/Security/V2/ValidatorFixture/Sub4"),
self._fixture._identity)
self._fixture._cache.insert(
identity4.getDefaultKey().getDefaultCertificate())
interest1 = self._fixture.makeCommandInterest(identity2)
interest2 = self._fixture.makeCommandInterest(identity3)
interest3 = self._fixture.makeCommandInterest(identity4)
# Signed at 0 seconds.
interest00 = self._fixture.makeCommandInterest(identity1)
# Signed at +1 seconds.
self._fixture.setNowOffsetMilliseconds(1 * 1000.0)
interest01 = self._fixture.makeCommandInterest(identity1)
# Signed at +2 seconds.
self._fixture.setNowOffsetMilliseconds(2 * 1000.0)
interest02 = self._fixture.makeCommandInterest(identity1)
self.validateExpectSuccess(interest00, "Should succeed")
self.validateExpectSuccess(interest02, "Should succeed")
self.validateExpectSuccess(interest1, "Should succeed")
self.validateExpectSuccess(interest2, "Should succeed")
self.validateExpectSuccess(interest3,
"Should succeed, forgets identity1")
self.validateExpectSuccess(
interest01,
"Should succeed despite timestamp is reordered, because the record has been evicted"
)
def test_timestamp_out_of_grace_positive(self):
self._fixture = ValidationPolicyCommandInterestFixture(
ValidationPolicyCommandInterest.Options(15 * 1000.0))
# Signed at 0 seconds.
interest1 = self._fixture.makeCommandInterest(self._fixture._identity)
# Verifying at +16 seconds.
self._fixture.setNowOffsetMilliseconds(16 * 1000.0)
self.validateExpectFailure(
interest1, "Should fail (timestamp outside the grace period)")
# Signed at +16 seconds.
interest2 = self._fixture.makeCommandInterest(self._fixture._identity)
self.validateExpectSuccess(interest2, "Should succeed")
def test_zero_record_lifetime(self):
self._fixture = ValidationPolicyCommandInterestFixture(
ValidationPolicyCommandInterest.Options(15 * 1000.0, 1000, 0.0))
# Signed at 0 seconds.
interest1 = self._fixture.makeCommandInterest(self._fixture._identity)
# Signed at +1 second.
self._fixture.setNowOffsetMilliseconds(1 * 1000.0)
interest2 = self._fixture.makeCommandInterest(self._fixture._identity)
self.validateExpectSuccess(interest2, "Should succeed")
self.validateExpectSuccess(
interest1,
"Should succeed despite the timestamp being reordered, because the record has expired"
)
def test_unlimited_records(self):
self._fixture = ValidationPolicyCommandInterestFixture(
ValidationPolicyCommandInterest.Options(15 * 1000.0, -1))
identities = []
for i in range(20):
identity = self._fixture.addSubCertificate(
Name("/Security/V2/ValidatorFixture/Sub" + str(i)),
self._fixture._identity)
self._fixture._cache.insert(
identity.getDefaultKey().getDefaultCertificate())
identities.append(identity)
# Signed at 0 seconds.
interest1 = self._fixture.makeCommandInterest(identities[0])
self._fixture.setNowOffsetMilliseconds(1 * 1000.0)
for i in range(20):
# Signed at +1 seconds.
interest2 = self._fixture.makeCommandInterest(identities[i])
self.validateExpectSuccess(interest2, "Should succeed")
self.validateExpectFailure(interest1,
"Should fail (timestamp reorder)")
def __init__(self, options=None):
super(ValidationPolicyCommandInterestFixture, self).__init__(
ValidationPolicyCommandInterest(ValidationPolicySimpleHierarchy(),
options))
self._signer = CommandInterestSigner(self._keyChain)