class TestPolicyManagerV2(ut.TestCase):
def setUp(self):
testCertDirectory = 'policy_config/certs'
self.testCertFile = os.path.join(testCertDirectory, 'test.cert')
self.pibImpl = PibMemory()
self.tpmBackEnd = TpmBackEndMemory()
self.policyManager = ConfigPolicyManager(
'policy_config/simple_rules.conf', CertificateCacheV2())
self.identityName = Name('/TestConfigPolicyManager/temp')
# to match the anchor cert
self.keyName = Name(
self.identityName).append("KEY").append("ksk-1416010123")
self.pibImpl.addKey(self.identityName, self.keyName,
TEST_RSA_PUBLIC_KEY_DER)
# Set the password to None since we have an unencrypted PKCS #8 private key.
self.tpmBackEnd.importKey(self.keyName, TEST_RSA_PRIVATE_KEY_PKCS8,
None)
self.keyChain = KeyChain(self.pibImpl, self.tpmBackEnd,
self.policyManager)
pibKey = self.keyChain.getPib().getIdentity(self.identityName).getKey(
self.keyName)
# selfSign adds to the PIB.
self.keyChain.selfSign(pibKey)
def tearDown(self):
try:
os.remove(self.testCertFile)
except OSError:
pass
def test_interest_timestamp(self):
interestName = Name('/ndn/ucla/edu/something')
certName = self.keyChain.getPib().getIdentity(
self.identityName).getKey(
self.keyName).getDefaultCertificate().getName()
face = Face("localhost")
face.setCommandSigningInfo(self.keyChain, certName)
oldInterest = Interest(interestName)
face.makeCommandInterest(oldInterest)
time.sleep(0.1) # make sure timestamps are different
newInterest = Interest(interestName)
face.makeCommandInterest(newInterest)
vr = doVerify(self.policyManager, newInterest)
self.assertFalse(
vr.hasFurtherSteps,
"ConfigPolicyManager returned ValidationRequest but certificate is known"
)
self.assertEqual(vr.failureCount, 0,
"Verification of valid interest failed")
self.assertEqual(
vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
vr = doVerify(self.policyManager, oldInterest)
self.assertFalse(
vr.hasFurtherSteps,
"ConfigPolicyManager returned ValidationRequest but certificate is known"
)
self.assertEqual(vr.successCount, 0,
"Verification of stale interest succeeded")
self.assertEqual(
vr.failureCount, 1,
"Failure callback called {} times instead of 1".format(
vr.failureCount))
def test_refresh_10s(self):
with open('policy_config/testData', 'r') as dataFile:
encodedData = dataFile.read()
data = Data()
dataBlob = Blob(b64decode(encodedData))
data.wireDecode(dataBlob)
# This test is needed, since the KeyChain will express interests in
# unknown certificates.
vr = doVerify(self.policyManager, data)
self.assertTrue(
vr.hasFurtherSteps,
"ConfigPolicyManager did not create ValidationRequest for unknown certificate"
)
self.assertEqual(
vr.successCount, 0,
"ConfigPolicyManager called success callback with pending ValidationRequest"
)
self.assertEqual(
vr.failureCount, 0,
"ConfigPolicyManager called failure callback with pending ValidationRequest"
)
# Now save the cert data to our anchor directory, and wait.
# We have to sign it with the current identity or the policy manager
# will create an interest for the signing certificate.
cert = CertificateV2()
certData = b64decode(CERT_DUMP)
cert.wireDecode(Blob(certData, False))
signingInfo = SigningInfo()
signingInfo.setSigningIdentity(self.identityName)
# Make sure the validity period is current for two years.
now = Common.getNowMilliseconds()
signingInfo.setValidityPeriod(
ValidityPeriod(now, now + 2 * 365 * 24 * 3600 * 1000.0))
self.keyChain.sign(cert, signingInfo)
encodedCert = b64encode(cert.wireEncode().toBytes())
with open(self.testCertFile, 'w') as certFile:
certFile.write(Blob(encodedCert, False).toRawStr())
# Still too early for refresh to pick it up.
vr = doVerify(self.policyManager, data)
self.assertTrue(
vr.hasFurtherSteps,
"ConfigPolicyManager refresh occured sooner than specified")
self.assertEqual(
vr.successCount, 0,
"ConfigPolicyManager called success callback with pending ValidationRequest"
)
self.assertEqual(
vr.failureCount, 0,
"ConfigPolicyManager called failure callback with pending ValidationRequest"
)
time.sleep(6)
# Now we should find it.
vr = doVerify(self.policyManager, data)
self.assertFalse(
vr.hasFurtherSteps,
"ConfigPolicyManager did not refresh certificate store")
self.assertEqual(
vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
self.assertEqual(
vr.failureCount, 0,
"ConfigPolicyManager did not verify valid signed data")
class TestPolicyManagerV2(ut.TestCase):
def setUp(self):
testCertDirectory = 'policy_config/certs'
self.testCertFile = os.path.join(testCertDirectory, 'test.cert')
self.pibImpl = PibMemory()
self.tpmBackEnd = TpmBackEndMemory()
self.policyManager = ConfigPolicyManager(
'policy_config/simple_rules.conf', CertificateCacheV2())
self.identityName = Name('/TestConfigPolicyManager/temp')
# to match the anchor cert
self.keyName = Name(self.identityName).append("KEY").append("ksk-1416010123")
self.pibImpl.addKey(self.identityName, self.keyName,
TEST_RSA_PUBLIC_KEY_DER)
# Set the password to None since we have an unencrypted PKCS #8 private key.
self.tpmBackEnd.importKey(self.keyName, TEST_RSA_PRIVATE_KEY_PKCS8,
None)
self.keyChain = KeyChain(self.pibImpl, self.tpmBackEnd, self.policyManager)
pibKey = self.keyChain.getPib().getIdentity(self.identityName).getKey(
self.keyName)
# selfSign adds to the PIB.
self.keyChain.selfSign(pibKey)
def tearDown(self):
try:
os.remove(self.testCertFile)
except OSError:
pass
def test_interest_timestamp(self):
interestName = Name('/ndn/ucla/edu/something')
certName = self.keyChain.getPib().getIdentity(self.identityName).getKey(
self.keyName).getDefaultCertificate().getName()
face = Face("localhost")
face.setCommandSigningInfo(self.keyChain, certName)
oldInterest = Interest(interestName)
face.makeCommandInterest(oldInterest)
time.sleep(0.1) # make sure timestamps are different
newInterest = Interest(interestName)
face.makeCommandInterest(newInterest)
vr = doVerify(self.policyManager, newInterest)
self.assertFalse(vr.hasFurtherSteps,
"ConfigPolicyManager returned ValidationRequest but certificate is known")
self.assertEqual(vr.failureCount, 0,
"Verification of valid interest failed")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
vr = doVerify(self.policyManager, oldInterest)
self.assertFalse(vr.hasFurtherSteps,
"ConfigPolicyManager returned ValidationRequest but certificate is known")
self.assertEqual(vr.successCount, 0,
"Verification of stale interest succeeded")
self.assertEqual(vr.failureCount, 1,
"Failure callback called {} times instead of 1".format(
vr.failureCount))
def test_refresh_10s(self):
with open('policy_config/testData', 'r') as dataFile:
encodedData = dataFile.read()
data = Data()
dataBlob = Blob(b64decode(encodedData))
data.wireDecode(dataBlob)
# This test is needed, since the KeyChain will express interests in
# unknown certificates.
vr = doVerify(self.policyManager, data)
self.assertTrue(vr.hasFurtherSteps,
"ConfigPolicyManager did not create ValidationRequest for unknown certificate")
self.assertEqual(vr.successCount, 0,
"ConfigPolicyManager called success callback with pending ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager called failure callback with pending ValidationRequest")
# Now save the cert data to our anchor directory, and wait.
# We have to sign it with the current identity or the policy manager
# will create an interest for the signing certificate.
cert = CertificateV2()
certData = b64decode(CERT_DUMP)
cert.wireDecode(Blob(certData, False))
signingInfo = SigningInfo()
signingInfo.setSigningIdentity(self.identityName)
# Make sure the validity period is current for two years.
now = Common.getNowMilliseconds()
signingInfo.setValidityPeriod(ValidityPeriod
(now, now + 2 * 365 * 24 * 3600 * 1000.0))
self.keyChain.sign(cert, signingInfo)
encodedCert = b64encode(cert.wireEncode().toBytes())
with open(self.testCertFile, 'w') as certFile:
certFile.write(Blob(encodedCert, False).toRawStr())
# Still too early for refresh to pick it up.
vr = doVerify(self.policyManager, data)
self.assertTrue(vr.hasFurtherSteps,
"ConfigPolicyManager refresh occured sooner than specified")
self.assertEqual(vr.successCount, 0,
"ConfigPolicyManager called success callback with pending ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager called failure callback with pending ValidationRequest")
time.sleep(6)
# Now we should find it.
vr = doVerify(self.policyManager, data)
self.assertFalse(vr.hasFurtherSteps,
"ConfigPolicyManager did not refresh certificate store")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager did not verify valid signed data")
