def setUp(self):
testCertDirectory = 'policy_config/certs'
self.testCertFile = os.path.join(testCertDirectory, 'test.cert')
self.identityStorage = MemoryIdentityStorage()
self.privateKeyStorage = MemoryPrivateKeyStorage()
self.identityManager = IdentityManager(self.identityStorage,
self.privateKeyStorage)
self.policyManager = ConfigPolicyManager('policy_config/simple_rules.conf')
self.identityName = Name('/TestConfigPolicyManager/temp')
# to match the anchor cert
keyName = Name(self.identityName).append('ksk-1416010123')
self.privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, TEST_RSA_PUBLIC_KEY_DER, TEST_RSA_PRIVATE_KEY_DER)
self.identityStorage.addKey(
keyName, KeyType.RSA, Blob(TEST_RSA_PUBLIC_KEY_DER))
cert = self.identityManager.selfSign(keyName)
self.identityStorage.setDefaultKeyNameForIdentity(keyName)
self.identityManager.addCertificateAsDefault(cert)
self.keyChain = KeyChain(self.identityManager, self.policyManager)
self.keyName = keyName
self.face = Face()
def setUp(self):
# Reuse the policy_config subdirectory for the temporary SQLite file.
self.databaseFilePath = "policy_config/test-public-info.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
self.identityStorage = BasicIdentityStorage(self.databaseFilePath)
self.identityManager = IdentityManager(self.identityStorage,
FilePrivateKeyStorage())
self.policyManager = SelfVerifyPolicyManager(self.identityStorage)
self.keyChain = KeyChain(self.identityManager, self.policyManager)
def setUp(self):
testCertDirectory = 'policy_config/certs'
self.testCertFile = os.path.join(testCertDirectory, 'test.cert')
# Reuse the policy_config subdirectory for the temporary SQLite file.
self.databaseFilePath = "policy_config/test-public-info.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
self.identityStorage = BasicIdentityStorage(self.databaseFilePath)
self.privateKeyStorage = MemoryPrivateKeyStorage()
self.identityManager = IdentityManager(self.identityStorage,
self.privateKeyStorage)
self.policyManager = ConfigPolicyManager('policy_config/simple_rules.conf')
self.identityName = Name('/TestConfigPolicyManager/temp')
# to match the anchor cert
keyName = Name(self.identityName).append('ksk-1416010123')
self.privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, TEST_RSA_PUBLIC_KEY_DER, TEST_RSA_PRIVATE_KEY_DER)
self.identityStorage.addKey(
keyName, KeyType.RSA, Blob(TEST_RSA_PUBLIC_KEY_DER))
cert = self.identityManager.selfSign(keyName)
self.identityStorage.setDefaultKeyNameForIdentity(keyName)
self.identityManager.addCertificateAsDefault(cert)
self.keyChain = KeyChain(self.identityManager, self.policyManager)
self.keyName = keyName
self.face = Face()
def setUp(self):
# Reuse the policy_config subdirectory for the temporary SQLite file.
self.databaseFilePath = "policy_config/test-public-info.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
self.identityStorage = BasicIdentityStorage(self.databaseFilePath)
self.identityManager = IdentityManager(self.identityStorage,
FilePrivateKeyStorage())
self.policyManager = SelfVerifyPolicyManager(self.identityStorage)
self.keyChain = KeyChain(self.identityManager, self.policyManager)
def setUp(self):
testCertDirectory = 'policy_config/certs'
self.testCertFile = os.path.join(testCertDirectory, 'test.cert')
# Reuse the policy_config subdirectory for the temporary SQLite file.
self.databaseFilePath = "policy_config/test-public-info.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
self.identityStorage = BasicIdentityStorage(self.databaseFilePath)
self.privateKeyStorage = MemoryPrivateKeyStorage()
self.identityManager = IdentityManager(self.identityStorage,
self.privateKeyStorage)
self.policyManager = ConfigPolicyManager(
'policy_config/simple_rules.conf')
self.identityName = Name('/TestConfigPolicyManager/temp')
# to match the anchor cert
keyName = Name(self.identityName).append('ksk-1416010123')
self.privateKeyStorage.setKeyPairForKeyName(keyName, KeyType.RSA,
TEST_RSA_PUBLIC_KEY_DER,
TEST_RSA_PRIVATE_KEY_DER)
self.identityStorage.addKey(keyName, KeyType.RSA,
Blob(TEST_RSA_PUBLIC_KEY_DER))
cert = self.identityManager.selfSign(keyName)
self.identityStorage.setDefaultKeyNameForIdentity(keyName)
self.identityManager.addCertificateAsDefault(cert)
self.keyChain = KeyChain(self.identityManager, self.policyManager)
self.keyName = keyName
self.face = Face()
class TestSqlIdentityStorage(ut.TestCase):
def setUp(self):
# Reuse the policy_config subdirectory for the temporary SQLite file.
self.databaseFilePath = "policy_config/test-public-info.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
self.identityStorage = BasicIdentityStorage(self.databaseFilePath)
self.identityManager = IdentityManager(self.identityStorage,
FilePrivateKeyStorage())
self.policyManager = SelfVerifyPolicyManager(self.identityStorage)
self.keyChain = KeyChain(self.identityManager, self.policyManager)
def tearDown(self):
try:
os.remove(self.databaseFilePath)
except OSError:
pass
def test_identity_create_delete(self):
identityName = Name('/TestIdentityStorage/Identity').appendVersion(
int(time.time()))
certificateName = self.keyChain.createIdentityAndCertificate(
identityName)
keyName = IdentityCertificate.certificateNameToPublicKeyName(
certificateName)
self.assertTrue(self.identityStorage.doesIdentityExist(identityName),
"Identity was not added to IdentityStorage")
self.assertIsNotNone(keyName, "New identity has no key")
self.assertTrue(self.identityStorage.doesKeyExist(keyName),
"Key was not added to IdentityStorage")
self.assertIsNotNone(certificateName,
"Certificate was not added to IdentityStorage")
self.keyChain.deleteIdentity(identityName)
self.assertFalse(self.identityStorage.doesIdentityExist(identityName),
"Identity still in IdentityStorage after revoking")
self.assertFalse(
self.identityStorage.doesKeyExist(keyName),
"Key still in IdentityStorage after identity was deletedInfo")
self.assertFalse(
self.identityStorage.doesCertificateExist(certificateName),
"Certificate still in IdentityStorage after identity was deletedInfo"
)
with self.assertRaises(SecurityException):
self.identityManager.getDefaultCertificateNameForIdentity(
identityName)
def test_key_create_delete(self):
identityName = Name('/TestIdentityStorage/Identity').appendVersion(
int(time.time()))
keyName1 = self.keyChain.generateRSAKeyPair(identityName, True)
self.keyChain.getIdentityManager().setDefaultKeyForIdentity(keyName1)
keyName2 = self.keyChain.generateRSAKeyPair(identityName, False)
self.assertEqual(
self.identityManager.getDefaultKeyNameForIdentity(identityName),
keyName1, "Default key name was changed without explicit request")
self.assertNotEqual(
self.identityManager.getDefaultKeyNameForIdentity(identityName),
keyName2,
"Newly created key replaced default key without explicit request")
self.identityStorage.deletePublicKeyInfo(keyName2)
self.assertFalse(self.identityStorage.doesKeyExist(keyName2))
self.keyChain.deleteIdentity(identityName)
def test_key_autocreate_identity(self):
keyName1 = Name('/TestSqlIdentityStorage/KeyType/RSA/ksk-12345')
identityName = keyName1[:-1]
decodedKey = base64.b64decode(RSA_DER)
self.identityStorage.addKey(keyName1, KeyType.RSA, Blob(decodedKey))
self.identityStorage.setDefaultKeyNameForIdentity(keyName1)
self.assertTrue(self.identityStorage.doesKeyExist(keyName1),
"Key was not added")
self.assertTrue(self.identityStorage.doesIdentityExist(identityName),
"Identity for key was not automatically created")
self.assertEqual(
self.identityManager.getDefaultKeyNameForIdentity(identityName),
keyName1, "Default key was not set on identity creation")
with self.assertRaises(SecurityException):
self.identityStorage.getDefaultCertificateNameForKey(keyName1)
with self.assertRaises(SecurityException):
# we have no private key for signing
self.identityManager.selfSign(keyName1)
with self.assertRaises(SecurityException):
self.identityStorage.getDefaultCertificateNameForKey(keyName1)
with self.assertRaises(SecurityException):
self.identityManager.getDefaultCertificateNameForIdentity(
identityName)
keyName2 = self.identityManager.generateRSAKeyPairAsDefault(
identityName)
cert = self.identityManager.selfSign(keyName2)
self.identityManager.addCertificateAsIdentityDefault(cert)
certName1 = self.identityManager.getDefaultCertificateNameForIdentity(
identityName)
certName2 = self.identityStorage.getDefaultCertificateNameForKey(
keyName2)
self.assertEqual(
certName1, certName2,
"Key-certificate mapping and identity-certificate mapping are not consistent"
)
self.keyChain.deleteIdentity(identityName)
self.assertFalse(self.identityStorage.doesKeyExist(keyName1))
def test_certificate_add_delete(self):
identityName = Name('/TestIdentityStorage/Identity').appendVersion(
int(time.time()))
self.identityManager.createIdentityAndCertificate(
identityName, KeyChain.DEFAULT_KEY_PARAMS)
keyName1 = self.identityManager.getDefaultKeyNameForIdentity(
identityName)
cert2 = self.identityManager.selfSign(keyName1)
self.identityStorage.addCertificate(cert2)
certName2 = cert2.getName()
certName1 = self.identityManager.getDefaultCertificateNameForIdentity(
identityName)
self.assertNotEqual(
certName1, certName2,
"New certificate was set as default without explicit request")
self.identityStorage.deleteCertificateInfo(certName1)
self.assertTrue(self.identityStorage.doesCertificateExist(certName2))
self.assertFalse(self.identityStorage.doesCertificateExist(certName1))
self.keyChain.deleteIdentity(identityName)
self.assertFalse(self.identityStorage.doesCertificateExist(certName2))
def test_stress(self):
# ndn-cxx/tests/unit-tests/security/test-sec-public-info-sqlite3.cpp
identityName = Name("/TestSecPublicInfoSqlite3/Delete").appendVersion(
int(time.time()))
# ndn-cxx returns the cert name, but the IndentityManager docstring
# specifies a key
certName1 = self.keyChain.createIdentityAndCertificate(identityName)
keyName1 = IdentityCertificate.certificateNameToPublicKeyName(
certName1)
keyName2 = self.keyChain.generateRSAKeyPairAsDefault(identityName)
cert2 = self.identityManager.selfSign(keyName2)
certName2 = cert2.getName()
self.identityManager.addCertificateAsDefault(cert2)
keyName3 = self.keyChain.generateRSAKeyPairAsDefault(identityName)
cert3 = self.identityManager.selfSign(keyName3)
certName3 = cert3.getName()
self.identityManager.addCertificateAsDefault(cert3)
cert4 = self.identityManager.selfSign(keyName3)
self.identityManager.addCertificateAsDefault(cert4)
certName4 = cert4.getName()
cert5 = self.identityManager.selfSign(keyName3)
self.identityManager.addCertificateAsDefault(cert5)
certName5 = cert5.getName()
self.assertTrue(self.identityStorage.doesIdentityExist(identityName))
self.assertTrue(self.identityStorage.doesKeyExist(keyName1))
self.assertTrue(self.identityStorage.doesKeyExist(keyName2))
self.assertTrue(self.identityStorage.doesKeyExist(keyName3))
self.assertTrue(self.identityStorage.doesCertificateExist(certName1))
self.assertTrue(self.identityStorage.doesCertificateExist(certName2))
self.assertTrue(self.identityStorage.doesCertificateExist(certName3))
self.assertTrue(self.identityStorage.doesCertificateExist(certName4))
self.assertTrue(self.identityStorage.doesCertificateExist(certName5))
self.identityStorage.deleteCertificateInfo(certName5)
self.assertFalse(self.identityStorage.doesCertificateExist(certName5))
self.assertTrue(self.identityStorage.doesCertificateExist(certName4))
self.assertTrue(self.identityStorage.doesCertificateExist(certName3))
self.assertTrue(self.identityStorage.doesKeyExist(keyName2))
self.identityStorage.deletePublicKeyInfo(keyName3)
self.assertFalse(self.identityStorage.doesCertificateExist(certName4))
self.assertFalse(self.identityStorage.doesCertificateExist(certName3))
self.assertFalse(self.identityStorage.doesKeyExist(keyName3))
self.assertTrue(self.identityStorage.doesKeyExist(keyName2))
self.assertTrue(self.identityStorage.doesKeyExist(keyName1))
self.assertTrue(self.identityStorage.doesIdentityExist(identityName))
self.keyChain.deleteIdentity(identityName)
self.assertFalse(self.identityStorage.doesCertificateExist(certName2))
self.assertFalse(self.identityStorage.doesKeyExist(keyName2))
self.assertFalse(self.identityStorage.doesCertificateExist(certName1))
self.assertFalse(self.identityStorage.doesKeyExist(keyName1))
self.assertFalse(self.identityStorage.doesIdentityExist(identityName))
class TestConfigPolicyManager(ut.TestCase):
def setUp(self):
testCertDirectory = 'policy_config/certs'
self.testCertFile = os.path.join(testCertDirectory, 'test.cert')
# Reuse the policy_config subdirectory for the temporary SQLite file.
self.databaseFilePath = "policy_config/test-public-info.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
self.identityStorage = BasicIdentityStorage(self.databaseFilePath)
self.privateKeyStorage = MemoryPrivateKeyStorage()
self.identityManager = IdentityManager(self.identityStorage,
self.privateKeyStorage)
self.policyManager = ConfigPolicyManager('policy_config/simple_rules.conf')
self.identityName = Name('/TestConfigPolicyManager/temp')
# to match the anchor cert
keyName = Name(self.identityName).append('ksk-1416010123')
self.privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, TEST_RSA_PUBLIC_KEY_DER, TEST_RSA_PRIVATE_KEY_DER)
self.identityStorage.addKey(
keyName, KeyType.RSA, Blob(TEST_RSA_PUBLIC_KEY_DER))
cert = self.identityManager.selfSign(keyName)
self.identityStorage.setDefaultKeyNameForIdentity(keyName)
self.identityManager.addCertificateAsDefault(cert)
self.keyChain = KeyChain(self.identityManager, self.policyManager)
self.keyName = keyName
self.face = Face()
def tearDown(self):
try:
os.remove(self.databaseFilePath)
except OSError:
pass
self.privateKeyStorage.deleteKeyPair(self.keyName)
self.face.shutdown()
try:
os.remove(self.testCertFile)
except OSError:
pass
def test_no_verify(self):
policyManager = NoVerifyPolicyManager()
identityName = Name('TestValidator/Null').appendVersion(int(time.time()))
keyChain = KeyChain(self.identityManager, policyManager)
keyChain.createIdentityAndCertificate(identityName)
data = Data(Name(identityName).append('data'))
keyChain.signByIdentity(data, identityName)
vr = doVerify(policyManager, data)
self.assertFalse(vr.hasFurtherSteps,
"NoVerifyPolicyManager returned a ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"Verification failed with NoVerifyPolicyManager")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
def test_self_verification(self):
policyManager = SelfVerifyPolicyManager(self.identityStorage)
keyChain = KeyChain(self.identityManager, policyManager)
identityName = Name('TestValidator/RsaSignatureVerification')
keyChain.createIdentityAndCertificate(identityName)
data = Data(Name('/TestData/1'))
keyChain.signByIdentity(data, identityName)
vr = doVerify(policyManager, data)
self.assertFalse(vr.hasFurtherSteps,
"SelfVerifyPolicyManager returned a ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"Verification of identity-signed data failed")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
data2 = Data(Name('/TestData/2'))
vr = doVerify(policyManager,
data2)
self.assertFalse(vr.hasFurtherSteps,
"SelfVerifyPolicyManager returned a ValidationRequest")
self.assertEqual(vr.successCount, 0,
"Verification of unsigned data succeeded")
self.assertEqual(vr.failureCount, 1,
"Verification failure callback called {} times instead of 1".format(
vr.failureCount))
def test_interest_timestamp(self):
interestName = Name('/ndn/ucla/edu/something')
certName = self.identityManager.getDefaultCertificateNameForIdentity(
self.identityName)
self.face.setCommandSigningInfo(self.keyChain, certName)
oldInterest = Interest(interestName)
self.face.makeCommandInterest(oldInterest)
time.sleep(0.1) # make sure timestamps are different
newInterest = Interest(interestName)
self.face.makeCommandInterest(newInterest)
vr = doVerify(self.policyManager,
newInterest)
self.assertFalse(vr.hasFurtherSteps,
"ConfigPolicyManager returned ValidationRequest but certificate is known")
self.assertEqual(vr.failureCount, 0,
"Verification of valid interest failed")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
vr = doVerify(self.policyManager,
oldInterest)
self.assertFalse(vr.hasFurtherSteps,
"ConfigPolicyManager returned ValidationRequest but certificate is known")
self.assertEqual(vr.successCount, 0,
"Verification of stale interest succeeded")
self.assertEqual(vr.failureCount, 1,
"Failure callback called {} times instead of 1".format(
vr.failureCount))
def _removeFile(self, filename):
try:
os.remove(filename)
except OSError:
# no such file
pass
def test_refresh_10s(self):
with open('policy_config/testData', 'r') as dataFile:
encodedData = dataFile.read()
data = Data()
dataBlob = Blob(b64decode(encodedData))
data.wireDecode(dataBlob)
# needed, since the KeyChain will express interests in unknown
# certificates
vr = doVerify(self.policyManager, data)
self.assertTrue(vr.hasFurtherSteps,
"ConfigPolicyManager did not create ValidationRequest for unknown certificate")
self.assertEqual(vr.successCount, 0,
"ConfigPolicyManager called success callback with pending ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager called failure callback with pending ValidationRequest")
# now save the cert data to our anchor directory, and wait
# we have to sign it with the current identity or the
# policy manager will create an interest for the signing certificate
with open(self.testCertFile, 'w') as certFile:
cert = IdentityCertificate()
certData = b64decode(CERT_DUMP)
cert.wireDecode(Blob(certData, False))
self.keyChain.signByIdentity(cert, self.identityName)
encodedCert = b64encode(cert.wireEncode().toBuffer())
certFile.write(Blob(encodedCert, False).toRawStr())
# still too early for refresh to pick it up
vr = doVerify(self.policyManager, data)
self.assertTrue(vr.hasFurtherSteps,
"ConfigPolicyManager refresh occured sooner than specified")
self.assertEqual(vr.successCount, 0,
"ConfigPolicyManager called success callback with pending ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager called failure callback with pending ValidationRequest")
time.sleep(6)
# now we should find it
vr = doVerify(self.policyManager, data)
self.assertFalse(vr.hasFurtherSteps,
"ConfigPolicyManager did not refresh certificate store")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager did not verify valid signed data")
class TestConfigPolicyManager(ut.TestCase):
def setUp(self):
testCertDirectory = 'policy_config/certs'
self.testCertFile = os.path.join(testCertDirectory, 'test.cert')
self.identityStorage = MemoryIdentityStorage()
self.privateKeyStorage = MemoryPrivateKeyStorage()
self.identityManager = IdentityManager(self.identityStorage,
self.privateKeyStorage)
self.policyManager = ConfigPolicyManager('policy_config/simple_rules.conf')
self.identityName = Name('/TestConfigPolicyManager/temp')
# to match the anchor cert
keyName = Name(self.identityName).append('ksk-1416010123')
self.privateKeyStorage.setKeyPairForKeyName(
keyName, KeyType.RSA, TEST_RSA_PUBLIC_KEY_DER, TEST_RSA_PRIVATE_KEY_DER)
self.identityStorage.addKey(
keyName, KeyType.RSA, Blob(TEST_RSA_PUBLIC_KEY_DER))
cert = self.identityManager.selfSign(keyName)
self.identityStorage.setDefaultKeyNameForIdentity(keyName)
self.identityManager.addCertificateAsDefault(cert)
self.keyChain = KeyChain(self.identityManager, self.policyManager)
self.keyName = keyName
self.face = Face()
def tearDown(self):
self.privateKeyStorage.deleteKeyPair(self.keyName)
self.face.shutdown()
try:
os.remove(self.testCertFile)
except OSError:
pass
def test_no_verify(self):
policyManager = NoVerifyPolicyManager()
identityName = Name('TestValidator/Null').appendVersion(int(time.time()))
keyChain = KeyChain(self.identityManager, policyManager)
keyChain.createIdentityAndCertificate(identityName)
data = Data(Name(identityName).append('data'))
keyChain.signByIdentity(data, identityName)
vr = doVerify(policyManager, data)
self.assertFalse(vr.hasFurtherSteps,
"NoVerifyPolicyManager returned a ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"Verification failed with NoVerifyPolicyManager")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
def test_self_verification(self):
policyManager = SelfVerifyPolicyManager(self.identityStorage)
keyChain = KeyChain(self.identityManager, policyManager)
identityName = Name('TestValidator/RsaSignatureVerification')
keyChain.createIdentityAndCertificate(identityName)
data = Data(Name('/TestData/1'))
keyChain.signByIdentity(data, identityName)
vr = doVerify(policyManager, data)
self.assertFalse(vr.hasFurtherSteps,
"SelfVerifyPolicyManager returned a ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"Verification of identity-signed data failed")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
data2 = Data(Name('/TestData/2'))
vr = doVerify(policyManager,
data2)
self.assertFalse(vr.hasFurtherSteps,
"SelfVerifyPolicyManager returned a ValidationRequest")
self.assertEqual(vr.successCount, 0,
"Verification of unsigned data succeeded")
self.assertEqual(vr.failureCount, 1,
"Verification failure callback called {} times instead of 1".format(
vr.failureCount))
def test_interest_timestamp(self):
interestName = Name('/ndn/ucla/edu/something')
certName = self.identityManager.getDefaultCertificateNameForIdentity(
self.identityName)
self.face.setCommandSigningInfo(self.keyChain, certName)
oldInterest = Interest(interestName)
self.face.makeCommandInterest(oldInterest)
time.sleep(0.1) # make sure timestamps are different
newInterest = Interest(interestName)
self.face.makeCommandInterest(newInterest)
vr = doVerify(self.policyManager,
newInterest)
self.assertFalse(vr.hasFurtherSteps,
"ConfigPolicyManager returned ValidationRequest but certificate is known")
self.assertEqual(vr.failureCount, 0,
"Verification of valid interest failed")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
vr = doVerify(self.policyManager,
oldInterest)
self.assertFalse(vr.hasFurtherSteps,
"ConfigPolicyManager returned ValidationRequest but certificate is known")
self.assertEqual(vr.successCount, 0,
"Verification of stale interest succeeded")
self.assertEqual(vr.failureCount, 1,
"Failure callback called {} times instead of 1".format(
vr.failureCount))
def _removeFile(self, filename):
try:
os.remove(filename)
except OSError:
# no such file
pass
def test_refresh_10s(self):
with open('policy_config/testData', 'r') as dataFile:
encodedData = dataFile.read()
data = Data()
dataBlob = Blob(b64decode(encodedData))
data.wireDecode(dataBlob)
# needed, since the KeyChain will express interests in unknown
# certificates
vr = doVerify(self.policyManager, data)
self.assertTrue(vr.hasFurtherSteps,
"ConfigPolicyManager did not create ValidationRequest for unknown certificate")
self.assertEqual(vr.successCount, 0,
"ConfigPolicyManager called success callback with pending ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager called failure callback with pending ValidationRequest")
# now save the cert data to our anchor directory, and wait
# we have to sign it with the current identity or the
# policy manager will create an interest for the signing certificate
with open(self.testCertFile, 'w') as certFile:
cert = IdentityCertificate()
certData = b64decode(CERT_DUMP)
cert.wireDecode(Blob(certData, False))
self.keyChain.signByIdentity(cert, self.identityName)
encodedCert = b64encode(cert.wireEncode().toBytes())
certFile.write(Blob(encodedCert, False).toRawStr())
# still too early for refresh to pick it up
vr = doVerify(self.policyManager, data)
self.assertTrue(vr.hasFurtherSteps,
"ConfigPolicyManager refresh occured sooner than specified")
self.assertEqual(vr.successCount, 0,
"ConfigPolicyManager called success callback with pending ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager called failure callback with pending ValidationRequest")
time.sleep(6)
# now we should find it
vr = doVerify(self.policyManager, data)
self.assertFalse(vr.hasFurtherSteps,
"ConfigPolicyManager did not refresh certificate store")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager did not verify valid signed data")
class TestSqlIdentityStorage(ut.TestCase):
def setUp(self):
# Reuse the policy_config subdirectory for the temporary SQLite file.
self.databaseFilePath = "policy_config/test-public-info.db"
try:
os.remove(self.databaseFilePath)
except OSError:
# no such file
pass
self.identityStorage = BasicIdentityStorage(self.databaseFilePath)
self.identityManager = IdentityManager(self.identityStorage,
FilePrivateKeyStorage())
self.policyManager = SelfVerifyPolicyManager(self.identityStorage)
self.keyChain = KeyChain(self.identityManager, self.policyManager)
def tearDown(self):
try:
os.remove(self.databaseFilePath)
except OSError:
pass
def test_identity_create_delete(self):
identityName = Name('/TestIdentityStorage/Identity').appendVersion(
int(time.time()))
certificateName = self.keyChain.createIdentityAndCertificate(identityName)
keyName = IdentityCertificate.certificateNameToPublicKeyName(certificateName)
self.assertTrue(self.identityStorage.doesIdentityExist(identityName),
"Identity was not added to IdentityStorage")
self.assertIsNotNone(keyName, "New identity has no key")
self.assertTrue(self.identityStorage.doesKeyExist(keyName),
"Key was not added to IdentityStorage")
self.assertIsNotNone(certificateName,
"Certificate was not added to IdentityStorage")
self.keyChain.deleteIdentity(identityName)
self.assertFalse(self.identityStorage.doesIdentityExist(identityName),
"Identity still in IdentityStorage after identity was deleted")
self.assertFalse(self.identityStorage.doesKeyExist(keyName),
"Key still in IdentityStorage after identity was deleted")
self.assertFalse(self.identityStorage.doesCertificateExist(certificateName),
"Certificate still in IdentityStorage after identity was deleted")
with self.assertRaises(SecurityException):
self.identityManager.getDefaultCertificateNameForIdentity(identityName)
def test_key_create_delete(self):
identityName = Name('/TestIdentityStorage/Identity').appendVersion(
int(time.time()))
keyName1 = self.keyChain.generateRSAKeyPair(identityName, True)
self.keyChain.getIdentityManager().setDefaultKeyForIdentity(keyName1)
keyName2 = self.keyChain.generateRSAKeyPair(identityName, False)
self.assertEqual(self.identityManager.getDefaultKeyNameForIdentity(identityName),
keyName1, "Default key name was changed without explicit request")
self.assertNotEqual(self.identityManager.getDefaultKeyNameForIdentity(identityName),
keyName2, "Newly created key replaced default key without explicit request")
self.identityStorage.deletePublicKeyInfo(keyName2)
self.assertFalse(self.identityStorage.doesKeyExist(keyName2))
self.keyChain.deleteIdentity(identityName)
def test_key_autocreate_identity(self):
keyName1 = Name('/TestSqlIdentityStorage/KeyType/RSA/ksk-12345')
identityName = keyName1[:-1]
decodedKey = base64.b64decode(RSA_DER)
self.identityStorage.addKey(keyName1, KeyType.RSA, Blob(decodedKey))
self.identityStorage.setDefaultKeyNameForIdentity(keyName1)
self.assertTrue(self.identityStorage.doesKeyExist(keyName1),
"Key was not added")
self.assertTrue(self.identityStorage.doesIdentityExist(identityName),
"Identity for key was not automatically created")
self.assertEqual(self.identityManager.getDefaultKeyNameForIdentity(identityName),
keyName1, "Default key was not set on identity creation")
with self.assertRaises(SecurityException):
self.identityStorage.getDefaultCertificateNameForKey(keyName1)
with self.assertRaises(SecurityException):
# we have no private key for signing
self.identityManager.selfSign(keyName1)
with self.assertRaises(SecurityException):
self.identityStorage.getDefaultCertificateNameForKey(keyName1)
with self.assertRaises(SecurityException):
self.identityManager.getDefaultCertificateNameForIdentity(identityName)
keyName2 = self.identityManager.generateRSAKeyPairAsDefault(identityName)
cert = self.identityManager.selfSign(keyName2)
self.identityManager.addCertificateAsIdentityDefault(cert)
certName1 = self.identityManager.getDefaultCertificateNameForIdentity(identityName)
certName2 = self.identityStorage.getDefaultCertificateNameForKey(keyName2)
self.assertEqual(certName1, certName2,
"Key-certificate mapping and identity-certificate mapping are not consistent")
self.keyChain.deleteIdentity(identityName)
self.assertFalse(self.identityStorage.doesKeyExist(keyName1))
def test_certificate_add_delete(self):
identityName = Name('/TestIdentityStorage/Identity').appendVersion(
int(time.time()))
self.identityManager.createIdentityAndCertificate(
identityName, KeyChain.DEFAULT_KEY_PARAMS)
keyName1 = self.identityManager.getDefaultKeyNameForIdentity(identityName)
cert2 = self.identityManager.selfSign(keyName1)
self.identityStorage.addCertificate(cert2)
certName2 = cert2.getName()
certName1 = self.identityManager.getDefaultCertificateNameForIdentity(identityName)
self.assertNotEqual(certName1, certName2,
"New certificate was set as default without explicit request")
self.identityStorage.deleteCertificateInfo(certName1)
self.assertTrue(self.identityStorage.doesCertificateExist(certName2))
self.assertFalse(self.identityStorage.doesCertificateExist(certName1))
self.keyChain.deleteIdentity(identityName)
self.assertFalse(self.identityStorage.doesCertificateExist(certName2))
def test_stress(self):
# ndn-cxx/tests/unit-tests/security/test-sec-public-info-sqlite3.cpp
identityName = Name("/TestSecPublicInfoSqlite3/Delete").appendVersion(
int(time.time()))
# ndn-cxx returns the cert name, but the IndentityManager docstring
# specifies a key
certName1 = self.keyChain.createIdentityAndCertificate(identityName)
keyName1 = IdentityCertificate.certificateNameToPublicKeyName(certName1)
keyName2 = self.keyChain.generateRSAKeyPairAsDefault(identityName)
cert2 = self.identityManager.selfSign(keyName2)
certName2 = cert2.getName()
self.identityManager.addCertificateAsDefault(cert2)
keyName3 = self.keyChain.generateRSAKeyPairAsDefault(identityName)
cert3 = self.identityManager.selfSign(keyName3)
certName3 = cert3.getName()
self.identityManager.addCertificateAsDefault(cert3)
cert4 = self.identityManager.selfSign(keyName3)
self.identityManager.addCertificateAsDefault(cert4)
certName4 = cert4.getName()
cert5 = self.identityManager.selfSign(keyName3)
self.identityManager.addCertificateAsDefault(cert5)
certName5 = cert5.getName()
self.assertTrue(self.identityStorage.doesIdentityExist(identityName))
self.assertTrue(self.identityStorage.doesKeyExist(keyName1))
self.assertTrue(self.identityStorage.doesKeyExist(keyName2))
self.assertTrue(self.identityStorage.doesKeyExist(keyName3))
self.assertTrue(self.identityStorage.doesCertificateExist(certName1))
self.assertTrue(self.identityStorage.doesCertificateExist(certName2))
self.assertTrue(self.identityStorage.doesCertificateExist(certName3))
self.assertTrue(self.identityStorage.doesCertificateExist(certName4))
self.assertTrue(self.identityStorage.doesCertificateExist(certName5))
self.identityStorage.deleteCertificateInfo(certName5)
self.assertFalse(self.identityStorage.doesCertificateExist(certName5))
self.assertTrue(self.identityStorage.doesCertificateExist(certName4))
self.assertTrue(self.identityStorage.doesCertificateExist(certName3))
self.assertTrue(self.identityStorage.doesKeyExist(keyName2))
self.identityStorage.deletePublicKeyInfo(keyName3)
self.assertFalse(self.identityStorage.doesCertificateExist(certName4))
self.assertFalse(self.identityStorage.doesCertificateExist(certName3))
self.assertFalse(self.identityStorage.doesKeyExist(keyName3))
self.assertTrue(self.identityStorage.doesKeyExist(keyName2))
self.assertTrue(self.identityStorage.doesKeyExist(keyName1))
self.assertTrue(self.identityStorage.doesIdentityExist(identityName))
self.keyChain.deleteIdentity(identityName)
self.assertFalse(self.identityStorage.doesCertificateExist(certName2))
self.assertFalse(self.identityStorage.doesKeyExist(keyName2))
self.assertFalse(self.identityStorage.doesCertificateExist(certName1))
self.assertFalse(self.identityStorage.doesKeyExist(keyName1))
self.assertFalse(self.identityStorage.doesIdentityExist(identityName))