class TestPolicyManagerV2(ut.TestCase): def setUp(self): testCertDirectory = 'policy_config/certs' self.testCertFile = os.path.join(testCertDirectory, 'test.cert') self.pibImpl = PibMemory() self.tpmBackEnd = TpmBackEndMemory() self.policyManager = ConfigPolicyManager( 'policy_config/simple_rules.conf', CertificateCacheV2()) self.identityName = Name('/TestConfigPolicyManager/temp') # to match the anchor cert self.keyName = Name( self.identityName).append("KEY").append("ksk-1416010123") self.pibImpl.addKey(self.identityName, self.keyName, TEST_RSA_PUBLIC_KEY_DER) # Set the password to None since we have an unencrypted PKCS #8 private key. self.tpmBackEnd.importKey(self.keyName, TEST_RSA_PRIVATE_KEY_PKCS8, None) self.keyChain = KeyChain(self.pibImpl, self.tpmBackEnd, self.policyManager) pibKey = self.keyChain.getPib().getIdentity(self.identityName).getKey( self.keyName) # selfSign adds to the PIB. self.keyChain.selfSign(pibKey) def tearDown(self): try: os.remove(self.testCertFile) except OSError: pass def test_interest_timestamp(self): interestName = Name('/ndn/ucla/edu/something') certName = self.keyChain.getPib().getIdentity( self.identityName).getKey( self.keyName).getDefaultCertificate().getName() face = Face("localhost") face.setCommandSigningInfo(self.keyChain, certName) oldInterest = Interest(interestName) face.makeCommandInterest(oldInterest) time.sleep(0.1) # make sure timestamps are different newInterest = Interest(interestName) face.makeCommandInterest(newInterest) vr = doVerify(self.policyManager, newInterest) self.assertFalse( vr.hasFurtherSteps, "ConfigPolicyManager returned ValidationRequest but certificate is known" ) self.assertEqual(vr.failureCount, 0, "Verification of valid interest failed") self.assertEqual( vr.successCount, 1, "Verification success called {} times instead of 1".format( vr.successCount)) vr = doVerify(self.policyManager, oldInterest) self.assertFalse( vr.hasFurtherSteps, "ConfigPolicyManager returned ValidationRequest but certificate is known" ) self.assertEqual(vr.successCount, 0, "Verification of stale interest succeeded") self.assertEqual( vr.failureCount, 1, "Failure callback called {} times instead of 1".format( vr.failureCount)) def test_refresh_10s(self): with open('policy_config/testData', 'r') as dataFile: encodedData = dataFile.read() data = Data() dataBlob = Blob(b64decode(encodedData)) data.wireDecode(dataBlob) # This test is needed, since the KeyChain will express interests in # unknown certificates. vr = doVerify(self.policyManager, data) self.assertTrue( vr.hasFurtherSteps, "ConfigPolicyManager did not create ValidationRequest for unknown certificate" ) self.assertEqual( vr.successCount, 0, "ConfigPolicyManager called success callback with pending ValidationRequest" ) self.assertEqual( vr.failureCount, 0, "ConfigPolicyManager called failure callback with pending ValidationRequest" ) # Now save the cert data to our anchor directory, and wait. # We have to sign it with the current identity or the policy manager # will create an interest for the signing certificate. cert = CertificateV2() certData = b64decode(CERT_DUMP) cert.wireDecode(Blob(certData, False)) signingInfo = SigningInfo() signingInfo.setSigningIdentity(self.identityName) # Make sure the validity period is current for two years. now = Common.getNowMilliseconds() signingInfo.setValidityPeriod( ValidityPeriod(now, now + 2 * 365 * 24 * 3600 * 1000.0)) self.keyChain.sign(cert, signingInfo) encodedCert = b64encode(cert.wireEncode().toBytes()) with open(self.testCertFile, 'w') as certFile: certFile.write(Blob(encodedCert, False).toRawStr()) # Still too early for refresh to pick it up. vr = doVerify(self.policyManager, data) self.assertTrue( vr.hasFurtherSteps, "ConfigPolicyManager refresh occured sooner than specified") self.assertEqual( vr.successCount, 0, "ConfigPolicyManager called success callback with pending ValidationRequest" ) self.assertEqual( vr.failureCount, 0, "ConfigPolicyManager called failure callback with pending ValidationRequest" ) time.sleep(6) # Now we should find it. vr = doVerify(self.policyManager, data) self.assertFalse( vr.hasFurtherSteps, "ConfigPolicyManager did not refresh certificate store") self.assertEqual( vr.successCount, 1, "Verification success called {} times instead of 1".format( vr.successCount)) self.assertEqual( vr.failureCount, 0, "ConfigPolicyManager did not verify valid signed data")
class TestPolicyManagerV2(ut.TestCase): def setUp(self): testCertDirectory = 'policy_config/certs' self.testCertFile = os.path.join(testCertDirectory, 'test.cert') self.pibImpl = PibMemory() self.tpmBackEnd = TpmBackEndMemory() self.policyManager = ConfigPolicyManager( 'policy_config/simple_rules.conf', CertificateCacheV2()) self.identityName = Name('/TestConfigPolicyManager/temp') # to match the anchor cert self.keyName = Name(self.identityName).append("KEY").append("ksk-1416010123") self.pibImpl.addKey(self.identityName, self.keyName, TEST_RSA_PUBLIC_KEY_DER) # Set the password to None since we have an unencrypted PKCS #8 private key. self.tpmBackEnd.importKey(self.keyName, TEST_RSA_PRIVATE_KEY_PKCS8, None) self.keyChain = KeyChain(self.pibImpl, self.tpmBackEnd, self.policyManager) pibKey = self.keyChain.getPib().getIdentity(self.identityName).getKey( self.keyName) # selfSign adds to the PIB. self.keyChain.selfSign(pibKey) def tearDown(self): try: os.remove(self.testCertFile) except OSError: pass def test_interest_timestamp(self): interestName = Name('/ndn/ucla/edu/something') certName = self.keyChain.getPib().getIdentity(self.identityName).getKey( self.keyName).getDefaultCertificate().getName() face = Face("localhost") face.setCommandSigningInfo(self.keyChain, certName) oldInterest = Interest(interestName) face.makeCommandInterest(oldInterest) time.sleep(0.1) # make sure timestamps are different newInterest = Interest(interestName) face.makeCommandInterest(newInterest) vr = doVerify(self.policyManager, newInterest) self.assertFalse(vr.hasFurtherSteps, "ConfigPolicyManager returned ValidationRequest but certificate is known") self.assertEqual(vr.failureCount, 0, "Verification of valid interest failed") self.assertEqual(vr.successCount, 1, "Verification success called {} times instead of 1".format( vr.successCount)) vr = doVerify(self.policyManager, oldInterest) self.assertFalse(vr.hasFurtherSteps, "ConfigPolicyManager returned ValidationRequest but certificate is known") self.assertEqual(vr.successCount, 0, "Verification of stale interest succeeded") self.assertEqual(vr.failureCount, 1, "Failure callback called {} times instead of 1".format( vr.failureCount)) def test_refresh_10s(self): with open('policy_config/testData', 'r') as dataFile: encodedData = dataFile.read() data = Data() dataBlob = Blob(b64decode(encodedData)) data.wireDecode(dataBlob) # This test is needed, since the KeyChain will express interests in # unknown certificates. vr = doVerify(self.policyManager, data) self.assertTrue(vr.hasFurtherSteps, "ConfigPolicyManager did not create ValidationRequest for unknown certificate") self.assertEqual(vr.successCount, 0, "ConfigPolicyManager called success callback with pending ValidationRequest") self.assertEqual(vr.failureCount, 0, "ConfigPolicyManager called failure callback with pending ValidationRequest") # Now save the cert data to our anchor directory, and wait. # We have to sign it with the current identity or the policy manager # will create an interest for the signing certificate. cert = CertificateV2() certData = b64decode(CERT_DUMP) cert.wireDecode(Blob(certData, False)) signingInfo = SigningInfo() signingInfo.setSigningIdentity(self.identityName) # Make sure the validity period is current for two years. now = Common.getNowMilliseconds() signingInfo.setValidityPeriod(ValidityPeriod (now, now + 2 * 365 * 24 * 3600 * 1000.0)) self.keyChain.sign(cert, signingInfo) encodedCert = b64encode(cert.wireEncode().toBytes()) with open(self.testCertFile, 'w') as certFile: certFile.write(Blob(encodedCert, False).toRawStr()) # Still too early for refresh to pick it up. vr = doVerify(self.policyManager, data) self.assertTrue(vr.hasFurtherSteps, "ConfigPolicyManager refresh occured sooner than specified") self.assertEqual(vr.successCount, 0, "ConfigPolicyManager called success callback with pending ValidationRequest") self.assertEqual(vr.failureCount, 0, "ConfigPolicyManager called failure callback with pending ValidationRequest") time.sleep(6) # Now we should find it. vr = doVerify(self.policyManager, data) self.assertFalse(vr.hasFurtherSteps, "ConfigPolicyManager did not refresh certificate store") self.assertEqual(vr.successCount, 1, "Verification success called {} times instead of 1".format( vr.successCount)) self.assertEqual(vr.failureCount, 0, "ConfigPolicyManager did not verify valid signed data")