def onInterest(self, prefix, interest, transport, registeredPrefixId):
"""
Append the next segment number to the prefix and send a new data packet.
If the last packet is sent, then set self._enabled[0] = False.
"""
maxSegment = 2
if self._segment >= maxSegment:
return
dump("Got interest", interest.toUri())
# Make and sign a Data packet for the segment.
self._segment += 1
data = Data(Name(prefix).appendSegment(self._segment))
content = "Segment number " + repr(self._segment)
data.content = content
self._keyChain.sign(data, self._certificateName)
encodedData = data.wireEncode()
transport.send(encodedData.toBuffer())
dump("Sent data packet", data.name.toUri())
if self._segment >= maxSegment:
# We sent the final data packet, so stop.
self._enabled[0] = False
def onVerificationFailedAppRequest(interest):
print("application request verify failed!")
response = Data(interest.getName())
response.setContent(
"{\"status\": 401, \"message\": \"command interest verification failed\" }"
)
self.sendData(response)
def handleDataInterests(self, prefix, interest, transport, prefixId):
# TODO: verification
# we match the components to the name, and any '_' components
# are discarded. Then we run a MongoDB query and append the
# object id to allow for excludes
chosenSchema = (s for s in self.schemaList
if s.dbPrefix.match(prefix)).next()
interestName = interest.getName()
responseName = Name(interestName)
nameFields = chosenSchema.matchNameToSchema(interestName)
self.log.info("Data requested with params:\n\t{}".format(nameFields))
allResults = []
segment = 0
try:
segmentComponent = interest.getName()[-4]
segment = segmentComponent.toSegment()
except RuntimeError:
pass
(startPos, results) = self._segmentResponseData(nameFields, segment)
for result in results:
dataId = result[u'_id']
self.log.debug("Found object {}".format(dataId))
allResults.append(result)
#responseName.append(str(dataId))
totalCount = results.count(False)
responseObject = {'count':totalCount, 'skip':startPos, 'results':allResults}
responseData = Data(responseName)
resultEncoded = BSON.encode(responseObject)
responseData.setContent(resultEncoded)
transport.send(responseData.wireEncode().buf())
def benchmarkDecodeDataSeconds(nIterations, useCrypto, keyType, encoding):
"""
Loop to decode a data packet nIterations times.
:param int nIterations: The number of iterations.
:param bool useCrypto: If true, verify the signature. If false, don't
verify.
:param KeyType keyType: KeyType.RSA or EC, used if useCrypto is True.
:param Blob encoding: The wire encoding to decode.
:return: The number of seconds for all iterations.
:rtype: float
"""
# Initialize the private key storage in case useCrypto is true.
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
SelfVerifyPolicyManager(identityStorage))
keyName = Name("/testname/DSK-123")
identityStorage.addKey(
keyName, keyType, Blob(
DEFAULT_EC_PUBLIC_KEY_DER if keyType == KeyType.ECDSA else DEFAULT_RSA_PUBLIC_KEY_DER))
start = getNowSeconds()
for i in range(nIterations):
data = Data()
data.wireDecode(encoding)
if useCrypto:
keyChain.verifyData(data, onVerified, onValidationFailed)
finish = getNowSeconds()
return finish - start
def onInterest(self, prefix, interest, transport, registeredPrefixId):
print "received interest"
initInterest = Name(interest.getName())
print "interest name:",initInterest.toUri()
d = Data(interest.getName().append(self.deviceComponent))
try:
print "start to set data's content"
currentString = ','.join(currentList)
d.setContent("songList of " +self.device+":"+currentString+ "\n")
self.face.registerPrefix(self.changePrefix,self.onInterest,self.onRegisterFailed)
except KeyboardInterrupt:
print "key interrupt"
sys.exit(1)
except Exception as e:
print e
d.setContent("Bad command\n")
finally:
self.keychain.sign(d,self.certificateName)
encodedData = d.wireEncode()
transport.send(encodedData.toBuffer())
print d.getName().toUri()
print d.getContent()
self.loop.close()
self.face.shutdown()
self.face = None
def onPlayingCommand(self, prefix, interest, transport, prefixId):
print "receive interest"
interestName = Name(interest.getName())
commandComponent = interest.getName().get(self.prefix.size())
if commandComponent == Name.Component("stop"):
pass
if commandComponent == Name.Component("play"):
pass
else:
songName = commandComponent.toEscapedString()
print songName
songList = []
songList = songName.split('%2C')
print "songlist and its len",songList,len(songList)
for i in songList:
self.song = i
fmusic = i+str("-music.mp3")
self.ftxt = i + str("-os.txt")
self.ffreq = i + str("-freq.txt")
print "FMUSIC:",fmusic
self.thread = threading.Thread(target = self.mp.play_music, args = (fmusic,songList,self.q,))
self.thread.daemon = True
g = GetFile(self._repoCommandPrefix, i, self._face, self.getOnset)
#g = GetFile(self._repoCommandPrefix, ftxt, self._face, self.lightFunction)
g.oStream = open(fmusic,'wb')
g.start()
d = Data(interest.getName())
d.setContent("start to play: " + songName + "\n")
encodedData = d.wireEncode()
transport.send(encodedData.toBuffer())
def onDeviceListRequest(self, prefix, interest, transport, registeeredPrefix):
interestName = interest.getName()
username = interestName.get(4).getValue().toRawStr()
#TODO guest check
prefix = Name("/home/user/"+username)
userHash = self._deviceUserAccessManager.getUserHash(prefix)
userHMACKey = HMACKey(0,0,userHash,"userHMACKey")
dump("device dict : ",self._deviceDict)
if ( self._accessControlManager.verifyInterestWithHMACKey(interest,userHMACKey) ):
dump("Verified")
deviceProfileList = []
for prefixStr in self._deviceDict.keys():
tmp = self._deviceDict[prefixStr]['deviceProfile'].__dict__
dump("tmp :",tmp)
if (type(tmp["_prefix"]) != str):
tmp["_prefix"] = tmp["_prefix"].toUri()
deviceProfileList.append(tmp)
data = Data(interestName)
data.setContent(json.dumps(deviceProfileList))
self._accessControlManager.signDataWithHMACKey(data,userHMACKey)
self.sendData(data,transport,sign=False)
else:
dump("Not verified")
def onPlayingCommand(self, prefix, interest, transport, prefixId):
interestName = Name(interest.getName())
commandComponent = interest.getName().get(self.prefix.size())
if commandComponent == Name.Component("stop"):
pass
if commandComponent == Name.Component("play"):
pass
else:
songName = commandComponent.toEscapedString()
songList = []
songList = songName.split('%2C')
for i in songList:
fmusic = i + str("-music.mp3")
print "started getting music file", i
g = GetFile(self._repoCommandPrefix, i, self._face, self.getOnset,
i)
g.oStream = open(fmusic, 'wb')
g.start()
#self._getFiles.append(g)
d = Data(interest.getName())
d.setContent("start to play: " + songName + "\n")
encodedData = d.wireEncode()
transport.send(encodedData.toBuffer())
def prepare_data(filePath, keychain: KeyChain):
"""
Shard file into data packets.
"""
temp_data={}
logging.info('preparing data for {}'.format(filePath))
print('preparing data for {}'.format(filePath))
with open(filePath, 'rb') as binary_file:
b_array = bytearray(binary_file.read())
if len(b_array) == 0:
logging.warning("File is 0 bytes")
return
n_packets = int((len(b_array) - 1) / MAX_BYTES_IN_DATA_PACKET + 1)
print('There are {} packets'.format(n_packets))
seq = 0
for i in range(0, len(b_array), MAX_BYTES_IN_DATA_PACKET):
data = Data(Name(VIDEO_STREAM_NAME).append(filePath.split('.')[0]).append(str(seq)))
data.setContent(b_array[i: min(i + MAX_BYTES_IN_DATA_PACKET, len(b_array))])
data.metaInfo.setFinalBlockId(Name.Component.fromSegment(n_packets - 1))
keychain.signWithSha256(data)
temp_data[str(data.getName())] = data
seq += 1
print('{} packets prepared: {}'.format(n_packets, str(Name(VIDEO_STREAM_NAME).append(filePath.split('.')[0]))))
return temp_data
def prepare_data(self):
"""
Shard file into data packets.
"""
logging.info('preparing data')
with open(self.file_path, 'rb') as binary_file:
b_array = bytearray(binary_file.read())
if len(b_array) == 0:
logging.warning("File is 0 bytes")
return
self.n_packets = int((len(b_array) - 1) / MAX_BYTES_IN_DATA_PACKET + 1)
logging.info('There are {} packets in total'.format(self.n_packets))
seq = 0
for i in range(0, len(b_array), MAX_BYTES_IN_DATA_PACKET):
data = Data(Name(self.name_at_repo).append(str(seq)))
data.metaInfo.freshnessPeriod = 100000
data.setContent(
b_array[i:min(i + MAX_BYTES_IN_DATA_PACKET, len(b_array))])
data.metaInfo.setFinalBlockId(
Name.Component.fromSegment(self.n_packets - 1))
self.keychain.signWithSha256(data)
self.m_name_str_to_data[str(data.getName())] = data
seq += 1
def benchmarkDecodeDataSeconds(nIterations, useCrypto, keyType, encoding):
"""
Loop to decode a data packet nIterations times.
:param int nIterations: The number of iterations.
:param bool useCrypto: If true, verify the signature. If false, don't
verify.
:param KeyType keyType: KeyType.RSA or EC, used if useCrypto is True.
:param Blob encoding: The wire encoding to decode.
:return: The number of seconds for all iterations.
:rtype: float
"""
# Initialize the KeyChain in case useCrypto is true.
keyChain = KeyChain("pib-memory:", "tpm-memory:")
# This puts the public key in the pibImpl used by the SelfVerifyPolicyManager.
keyChain.importSafeBag(SafeBag
(Name("/testname/KEY/123"),
Blob(DEFAULT_EC_PRIVATE_KEY_DER if keyType == KeyType.EC
else DEFAULT_RSA_PRIVATE_KEY_DER, False),
Blob(DEFAULT_EC_PUBLIC_KEY_DER if keyType == KeyType.EC
else DEFAULT_RSA_PUBLIC_KEY_DER, False)))
validator = Validator(ValidationPolicyFromPib(keyChain.getPib()))
start = getNowSeconds()
for i in range(nIterations):
data = Data()
data.wireDecode(encoding)
if useCrypto:
validator.validate(data,onVerifySuccess, onVerifyFailed)
finish = getNowSeconds()
return finish - start
def test_malformed_certificate(self):
# Copy the default certificate.
malformedCertificate = Data(
self._fixture._subIdentity.getDefaultKey().getDefaultCertificate())
malformedCertificate.getMetaInfo().setType(ContentType.BLOB)
self._fixture._keyChain.sign(
malformedCertificate, SigningInfo(self._fixture._identity))
# It has the wrong content type and a missing ValidityPeriod.
try:
CertificateV2(malformedCertificate).wireEncode()
self.fail("Did not throw the expected exception")
except CertificateV2.Error:
pass
else:
self.fail("Did not throw the expected exception")
originalProcessInterest = self._fixture._face._processInterest
def processInterest(interest, onData, onTimeout, onNetworkNack):
if interest.getName().isPrefixOf(malformedCertificate.getName()):
onData(interest, malformedCertificate)
else:
originalProcessInterest.processInterest(
interest, onData, onTimeout, onNetworkNack)
self._fixture._face._processInterest = processInterest
data = Data(Name("/Security/V2/ValidatorFixture/Sub1/Sub2/Data"))
self._fixture._keyChain.sign(data, SigningInfo(self._fixture._subIdentity))
self.validateExpectFailure(data, "Signed by a malformed certificate")
self.assertEqual(1, len(self._fixture._face._sentInterests))
def test_hyper_relation(self):
# Set up the validator.
fetcher = CertificateFetcherOffline()
validator = ValidatorConfig(fetcher)
validator.load(
os.path.join(self._policyConfigDirectory, "hyperrelation_ruleset.conf"))
# Set up a Data packet and result object.
data = Data()
KeyLocator.getFromSignature(data.getSignature()).setType(KeyLocatorType.KEYNAME)
result = TestValidationResult(data)
data.setName(Name("/SecurityTestSecRule/Basic/Longer/Data2"))
KeyLocator.getFromSignature(data.getSignature()).setKeyName(
Name("/SecurityTestSecRule/Basic/Longer/KEY/123"))
result.checkPolicy(validator)
self.assertTrue(result._calledFailure and not result.calledContinue_)
KeyLocator.getFromSignature(data.getSignature()).setKeyName(
Name("/SecurityTestSecRule/Basic/KEY/123"))
result.checkPolicy(validator)
self.assertTrue(result._calledFailure and not result.calledContinue_)
data.setName(Name("/SecurityTestSecRule/Basic/Other/Data1"))
KeyLocator.getFromSignature(data.getSignature()).setKeyName(
Name("/SecurityTestSecRule/Basic/Longer/KEY/123"))
result.checkPolicy(validator)
self.assertTrue(result._calledFailure and not result.calledContinue_)
KeyLocator.getFromSignature(data.getSignature()).setKeyName(
Name("/SecurityTestSecRule/Basic/KEY/123"))
result.checkPolicy(validator)
self.assertTrue(result._calledFailure and not result.calledContinue_)
def loadApplications(self, directory = None, override = False):
if not directory:
directory = self._applicationDirectory
if override:
self._applications.clear()
if os.path.exists(directory):
for f in os.listdir(directory):
fullFileName = os.path.join(directory, f)
if os.path.isfile(fullFileName) and f.endswith('.conf'):
appName = f.rstrip('.conf')
if appName in self._applications and not override:
print("loadApplications: " + appName + " already exists, do nothing for configuration file: " + fullFileName)
else:
self._applications[appName] = {"tree": BoostInfoParser(), "dataPrefix": [], "version": int(time.time())}
self._applications[appName]["tree"].read(fullFileName)
data = Data(Name(self.prefix).append(appName).append("_schema").appendVersion(self._applications[appName]["version"]))
data.setContent(str(self._applications[appName]["tree"].getRoot()))
self.signData(data)
self._memoryContentCache.add(data)
try:
validatorTree = self._applications[appName]["tree"]["validator"][0]
for rule in validatorTree["rule"]:
self._applications[appName]["dataPrefix"].append(rule["id"][0].value)
# TODO: don't swallow any general exceptions, we want to catch only KeyError (make sure) here
except Exception as e:
print("loadApplications parse configuration file " + fullFileName + " : " + str(e))
return
def test_expired_certificate(self):
# Copy the default certificate.
expiredCertificate = Data(
self._fixture._subIdentity.getDefaultKey().getDefaultCertificate())
info = SigningInfo(self._fixture._identity)
# Validity period from 2 hours ago do 1 hour ago.
now = Common.getNowMilliseconds()
info.setValidityPeriod(
ValidityPeriod(now - 2 * 3600 * 1000, now - 3600 * 1000.0))
self._fixture._keyChain.sign(expiredCertificate, info)
try:
CertificateV2(expiredCertificate).wireEncode()
except Exception as ex:
self.fail("Unexpected exception: " + str(ex))
originalProcessInterest = self._fixture._face._processInterest
def processInterest(interest, onData, onTimeout, onNetworkNack):
if interest.getName().isPrefixOf(expiredCertificate.getName()):
onData(interest, expiredCertificate)
else:
originalProcessInterest.processInterest(
interest, onData, onTimeout, onNetworkNack)
self._fixture._face._processInterest = processInterest
data = Data(Name("/Security/V2/ValidatorFixture/Sub1/Sub2/Data"))
self._fixture._keyChain.sign(data,
SigningInfo(self._fixture._subIdentity))
self.validateExpectFailure(data, "Signed by an expired certificate")
self.assertEqual(1, len(self._fixture._face._sentInterests))
def benchmarkDecodeDataSeconds(nIterations, useCrypto, encoding):
"""
Loop to decode a data packet nIterations times.
:param int nIterations: The number of iterations.
:param bool useCrypto: If true, verify the signature. If false, don't
verify.
:param Blob encoding: The wire encoding to decode.
"""
# Initialize the private key storage in case useCrypto is true.
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
SelfVerifyPolicyManager(identityStorage))
keyName = Name("/testname/DSK-123")
certificateName = keyName.getSubName(
0,
keyName.size() - 1).append("KEY").append(
keyName[-1]).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA,
Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
start = getNowSeconds()
for i in range(nIterations):
data = Data()
data.wireDecode(encoding)
if useCrypto:
keyChain.verifyData(data, onVerified, onVerifyFailed)
finish = getNowSeconds()
return finish - start
def after_fetched(data: Data):
nonlocal recv_window, b_array, seq_to_bytes_unordered
"""
Reassemble data packets in sequence.
"""
if not isinstance(data, Data):
return
try:
seq = int(str(data.getName()).split('/')[-1])
logging.info('seq: {}'.format(seq))
except ValueError:
logging.warning('Sequence number decoding error')
return
# Temporarily store out-of-order packets
if seq <= recv_window:
return
elif seq == recv_window + 1:
b_array.extend(data.getContent().toBytes())
logging.info('saved packet: seq {}'.format(seq))
recv_window += 1
while recv_window + 1 in seq_to_bytes_unordered:
b_array.extend(seq_to_bytes_unordered[recv_window + 1])
seq_to_bytes_unordered.pop(recv_window + 1)
logging.info('saved packet: seq {}'.format(recv_window +
1))
recv_window += 1
else:
logging.info(
'Received out of order packet: seq {}'.format(seq))
seq_to_bytes_unordered[seq] = data.getContent().toBytes()
def test_self_verification(self):
policyManager = SelfVerifyPolicyManager(self.identityStorage)
keyChain = KeyChain(self.identityManager, policyManager)
identityName = Name('TestValidator/RsaSignatureVerification')
keyChain.createIdentityAndCertificate(identityName)
data = Data(Name('/TestData/1'))
keyChain.signByIdentity(data, identityName)
vr = doVerify(policyManager, data)
self.assertFalse(vr.hasFurtherSteps,
"SelfVerifyPolicyManager returned a ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"Verification of identity-signed data failed")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
data2 = Data(Name('/TestData/2'))
vr = doVerify(policyManager,
data2)
self.assertFalse(vr.hasFurtherSteps,
"SelfVerifyPolicyManager returned a ValidationRequest")
self.assertEqual(vr.successCount, 0,
"Verification of unsigned data succeeded")
self.assertEqual(vr.failureCount, 1,
"Verification failure callback called {} times instead of 1".format(
vr.failureCount))
def onPlayingCommand(self, prefix, interest, transport, prefixId):
interestName = Name(interest.getName())
commandComponent = interest.getName().get(self.prefix.size())
if commandComponent == Name.Component("stop"):
pass
if commandComponent == Name.Component("play"):
pass
else:
songName = commandComponent.toEscapedString()
songList = []
songList = songName.split('%2C')
for i in songList:
fmusic = i + str("-music.mp3")
print "started getting music file", i
g = GetFile(self._repoCommandPrefix, i, self._face, self.getOnset, i)
g.oStream = open(fmusic,'wb')
g.start()
#self._getFiles.append(g)
d = Data(interest.getName())
d.setContent("start to play: " + songName + "\n")
encodedData = d.wireEncode()
transport.send(encodedData.toBuffer())
def _onConfigurationReceived(self, prefix, interest, face,
interestFilterId, filter):
# the interest we get here is signed by HMAC, let's verify it
self.tempPrefixId = interestFilterId # didn't get it from register because of the event loop
dataName = Name(interest.getName())
replyData = Data(dataName)
if (self._hmacHandler.verifyInterest(interest)):
# we have a match! decode the controller's name
configComponent = interest.getName().get(prefix.size())
replyData.setContent('200')
self._hmacHandler.signData(replyData, keyName=self.prefix)
self.face.putData(replyData)
environmentConfig = DeviceConfigurationMessage()
ProtobufTlv.decode(environmentConfig, configComponent.getValue())
networkPrefix = self._extractNameFromField(
environmentConfig.configuration.networkPrefix)
controllerName = self._extractNameFromField(
environmentConfig.configuration.controllerName)
controllerName = Name(networkPrefix).append(controllerName)
self._policyManager.setEnvironmentPrefix(networkPrefix)
self._policyManager.setTrustRootIdentity(controllerName)
self.deviceSuffix = self._extractNameFromField(
environmentConfig.configuration.deviceSuffix)
self._configureIdentity = Name(networkPrefix).append(
self.deviceSuffix)
self._sendCertificateRequest(self._configureIdentity)
def process_temp_data(self, data: Data):
"""
Parse the received Data packet containing temperature info
"""
content_bytes = data.getContent().toBytes()
temperature = int.from_bytes(content_bytes, byteorder='little')
logging.info('Received {}: {} degrees'.format(str(data.getName()), temperature))
print('Received {}: {} degrees'.format(str(data.getName()), temperature))
self.data_frame = self.data_frame.append({
'Time': datetime.now().strftime('%Y-%m-%d-%H'),
'DistrictCode': random.randint(0, 5),
'TypeCode': random.randint(0, 5),
'Popularity': temperature
}, ignore_index=True)
# If collected a batch of data, perform incremental learning on it
print('len: {}'.format(len(self.data_frame)))
if len(self.data_frame) >= self.batch_size + 24:
csv_name = str(int(time.time())) + '.csv'
csv_path = os.path.join('data', csv_name)
self.data_frame.to_csv(csv_path, index=False)
self.data_frame = self.data_frame[-24:]
logging.info('Start incremental training on batch {}'.format(csv_name))
self.learner.load_data(csv_path)
self.learner.train_once()
def generateData(self, baseName):
'''
This appends the segment number to the data name, since repo-ng tends to expect it
'''
# just make up some data and return it
ts = (time.time())
segmentId = 0 # compatible with repo-ng test: may change to test segmented data
versionStr = baseName.get(-1).toEscapedString()
dataName = Name(baseName)
dataName.appendSegment(segmentId)
d = Data(dataName)
content = "(" + str(ts) + ") Data named " + dataName.toUri()
d.setContent(content)
d.getMetaInfo().setFinalBlockID(segmentId)
d.getMetaInfo().setFreshnessPeriod(-1)
if shouldSign:
self.keychain.sign(d, self.certificateName)
else:
d.setSignature(self.fakeSignature)
stats.insertDataForVersion(versionStr, {'publish_time':time.time()})
logger.debug('Publishing: '+d.getName().toUri())
return d
def _onConfigurationReceived(self, prefix, interest, transport, prefixId):
# the interest we get here is signed by HMAC, let's verify it
self.tempPrefixId = prefixId # didn't get it from register because of the event loop
dataName = Name(interest.getName())
replyData = Data(dataName)
if (self._hmacHandler.verifyInterest(interest)):
# we have a match! decode the controller's name
configComponent = interest.getName().get(prefix.size())
replyData.setContent('200')
self._hmacHandler.signData(replyData, keyName=self.prefix)
transport.send(replyData.wireEncode().buf())
environmentConfig = DeviceConfigurationMessage()
ProtobufTlv.decode(environmentConfig, configComponent.getValue())
networkPrefix = self._extractNameFromField(environmentConfig.configuration.networkPrefix)
controllerName = self._extractNameFromField(environmentConfig.configuration.controllerName)
controllerName = Name(networkPrefix).append(controllerName)
self._policyManager.setEnvironmentPrefix(networkPrefix)
self._policyManager.setTrustRootIdentity(controllerName)
self.deviceSuffix = self._extractNameFromField(environmentConfig.configuration.deviceSuffix)
self._configureIdentity = Name(networkPrefix).append(self.deviceSuffix)
self._sendCertificateRequest(self._configureIdentity)
def benchmarkDecodeDataSeconds(nIterations, useCrypto, encoding):
"""
Loop to decode a data packet nIterations times.
:param int nIterations: The number of iterations.
:param bool useCrypto: If true, verify the signature. If false, don't
verify.
:param Blob encoding: The wire encoding to decode.
"""
# Initialize the private key storage in case useCrypto is true.
identityStorage = MemoryIdentityStorage()
privateKeyStorage = MemoryPrivateKeyStorage()
keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage),
SelfVerifyPolicyManager(identityStorage))
keyName = Name("/testname/DSK-123")
certificateName = keyName.getSubName(0, keyName.size() - 1).append(
"KEY").append(keyName[-1]).append("ID-CERT").append("0")
identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER))
start = getNowSeconds()
for i in range(nIterations):
data = Data()
data.wireDecode(encoding)
if useCrypto:
keyChain.verifyData(data, onVerified, onVerifyFailed)
finish = getNowSeconds()
return finish - start
def onInterest(prefix, interest, transport, prefixID):
interestCallbackCount[0] += 1
data = Data(interest.getName())
data.setContent("SUCCESS")
self.keyChain.sign(data, self.keyChain.getDefaultCertificateName())
encodedData = data.wireEncode()
transport.send(encodedData.toBuffer())
def test_constructor(self):
certificate = CertificateV2()
certificate.wireDecode(Blob(CERT, False))
self.assertEqual(
Name("/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"),
certificate.getName())
self.assertEqual(Name("/ndn/site1/KEY/ksk-1416425377094"),
certificate.getKeyName())
self.assertEqual(Name("/ndn/site1"), certificate.getIdentity())
self.assertEqual(Name.Component("0123"), certificate.getIssuerId())
self.assertEqual(Name.Component("ksk-1416425377094"),
certificate.getKeyId())
self.assertEqual(Name("/ndn/site1/KEY/ksk-2516425377094"),
KeyLocator.getFromSignature(certificate.getSignature()).getKeyName())
self.assertEqual(fromIsoString("20150814T223739"),
certificate.getValidityPeriod().getNotBefore(), 0)
self.assertEqual(fromIsoString("20150818T223738"),
certificate.getValidityPeriod().getNotAfter(), 0)
try:
certificate.getPublicKey()
except:
self.fail("Error in getPublicKey");
data = Data()
data.wireDecode(Blob(CERT, False))
certificate2 = CertificateV2(data)
self.assertEqual(certificate.getName(), certificate2.getName())
self.assertTrue(certificate.getPublicKey().equals(certificate2.getPublicKey()))
def onInterest(self, prefix, interest, face, interestFilterId, filter):
"""
Append the next segment number to the prefix and send a new data packet.
If the last packet is sent, then call self._onFinished().
"""
maxSegment = 2
if self._segment >= maxSegment:
# We have already called self._onFinished().
return
dump("Got interest", interest.toUri())
# Make and sign a Data packet for the segment.
self._segment += 1
data = Data(Name(prefix).appendSegment(self._segment))
content = "Segment number " + repr(self._segment)
data.content = content
self._keyChain.sign(data, self._certificateName)
face.putData(data)
dump("Sent data packet", data.name.toUri())
if self._segment >= maxSegment:
# We sent the final data packet.
self._onFinished()
def onInterest(self, prefix, interest, face, interestFilterId, filter):
"""
Append the next segment number to the prefix and send a new data packet.
If the last packet is sent, then call self._onFinished().
"""
maxSegment = 2
if self._segment >= maxSegment:
# We have already called self._onFinished().
return
dump("Got interest", interest.toUri())
# Make and sign a Data packet for the segment.
self._segment += 1
data = Data(Name(prefix).appendSegment(self._segment))
content = "Segment number " + repr(self._segment)
data.content = content
self._keyChain.sign(data, self._certificateName)
face.putData(data)
dump("Sent data packet", data.name.toUri())
if self._segment >= maxSegment:
# We sent the final data packet.
self._onFinished()
def test_copy_fields(self):
data = Data(self.freshData.getName())
data.setContent(self.freshData.getContent())
data.setMetaInfo(self.freshData.getMetaInfo())
self.credentials.signData(data)
freshDump = dumpData(data)
self.assertTrue(dataDumpsEqual(freshDump, initialDump), 'Freshly created data does not match original dump')
def test_malformed_certificate(self):
# Copy the default certificate.
malformedCertificate = Data(
self._fixture._subIdentity.getDefaultKey().getDefaultCertificate())
malformedCertificate.getMetaInfo().setType(ContentType.BLOB)
self._fixture._keyChain.sign(malformedCertificate,
SigningInfo(self._fixture._identity))
# It has the wrong content type and a missing ValidityPeriod.
try:
CertificateV2(malformedCertificate).wireEncode()
self.fail("Did not throw the expected exception")
except CertificateV2.Error:
pass
else:
self.fail("Did not throw the expected exception")
originalProcessInterest = self._fixture._face._processInterest
def processInterest(interest, onData, onTimeout, onNetworkNack):
if interest.getName().isPrefixOf(malformedCertificate.getName()):
onData(interest, malformedCertificate)
else:
originalProcessInterest.processInterest(
interest, onData, onTimeout, onNetworkNack)
self._fixture._face._processInterest = processInterest
data = Data(Name("/Security/V2/ValidatorFixture/Sub1/Sub2/Data"))
self._fixture._keyChain.sign(data,
SigningInfo(self._fixture._subIdentity))
self.validateExpectFailure(data, "Signed by a malformed certificate")
self.assertEqual(1, len(self._fixture._face._sentInterests))
def on_commit(self, _prefix, interest: Interest, face, _filter_id, _filter):
param = interest.applicationParameters.toBytes()
if not isinstance(param, bytes):
print("Malformed request")
return
param = param.split(b'\x00')
if len(param) != 4:
print("Malformed request")
return
repo, branch, dest_branch, commit_msg = map(bytes.decode, param)
env = os.environ
env['GIT_COMMITTER_NAME'] = 'GitSync'
env['GIT_WORK_TREE'] = os.path.join(os.path.expanduser(MOUNT_PATH), repo, branch)
env['GIT_DIR'] = os.path.join(env['GIT_WORK_TREE'], '.git')
repo_uri = "ndn::" + Name(GIT_PREFIX).append(repo).toUri()
# Commit (blocking)
subprocess.call(['git', 'commit', '-a', '-m', commit_msg], env=env)
# Push
os.spawnlpe(os.P_NOWAIT, 'git', 'git', 'push', repo_uri, 'HEAD:refs/heads/' + dest_branch, env)
# Respond with Data
data = Data(interest.name)
data.content = struct.pack("i", PUSH_RESPONSE_SUCCESS)
data.metaInfo.freshnessPeriod = 1000
face.putData(data)
def publishData(self, key, key_ts, payload, timestamp):
data = Data(Name(self.prefix).append(bytearray(timestamp)))
iv = Random.new().read(AES.block_size)
encryptor = AES.new(key, AES.MODE_CBC, iv)
data.setContent(bytearray(key_ts + iv + encryptor.encrypt(pad(json.dumps(payload)))))
data.getMetaInfo().setFreshnessPeriod(5000)
self.keychain.sign(data, self.cert_name)
self.publisher.put(data)
def test_name_relation(self):
# Set up the validators.
fetcher = CertificateFetcherOffline()
validatorPrefix = ValidatorConfig(fetcher)
validatorEqual = ValidatorConfig(fetcher)
validatorStrict = ValidatorConfig(fetcher)
validatorPrefix.load(
os.path.join(self._policyConfigDirectory,
"relation_ruleset_prefix.conf"))
validatorEqual.load(
os.path.join(self._policyConfigDirectory,
"relation_ruleset_equal.conf"))
validatorStrict.load(
os.path.join(self._policyConfigDirectory,
"relation_ruleset_strict.conf"))
# Set up a Data packet and result object.
data = Data()
KeyLocator.getFromSignature(data.getSignature()).setType(
KeyLocatorType.KEYNAME)
KeyLocator.getFromSignature(data.getSignature()).setKeyName(
Name("/SecurityTestSecRule/KEY/123"))
result = TestValidationResult(data)
data.setName(Name("/TestRule1"))
result.checkPolicy(validatorPrefix)
self.assertTrue(result.calledContinue_ and not result._calledFailure,
"Prefix relation should match prefix name")
result.checkPolicy(validatorEqual)
self.assertTrue(result.calledContinue_ and not result._calledFailure,
"Equal relation should match prefix name")
result.checkPolicy(validatorStrict)
self.assertTrue(result._calledFailure and not result.calledContinue_,
"Strict-prefix relation should not match prefix name")
data.setName(Name("/TestRule1/hi"))
result.checkPolicy(validatorPrefix)
self.assertTrue(result.calledContinue_ and not result._calledFailure,
"Prefix relation should match longer name")
result.checkPolicy(validatorEqual)
self.assertTrue(result._calledFailure and not result.calledContinue_,
"Equal relation should not match longer name")
result.checkPolicy(validatorStrict)
self.assertTrue(result.calledContinue_ and not result._calledFailure,
"Strict-prefix relation should match longer name")
data.setName(Name("/Bad/TestRule1/"))
result.checkPolicy(validatorPrefix)
self.assertTrue(result._calledFailure and not result.calledContinue_,
"Prefix relation should not match inner components")
result.checkPolicy(validatorEqual)
self.assertTrue(result._calledFailure and not result.calledContinue_,
"Equal relation should not match inner components")
result.checkPolicy(validatorStrict)
self.assertTrue(
result._calledFailure and not result.calledContinue_,
"Strict-prefix relation should not match inner components")
def test_refresh_10s(self):
with open('policy_config/testData', 'r') as dataFile:
encodedData = dataFile.read()
data = Data()
dataBlob = Blob(b64decode(encodedData))
data.wireDecode(dataBlob)
# This test is needed, since the KeyChain will express interests in
# unknown certificates.
vr = doVerify(self.policyManager, data)
self.assertTrue(vr.hasFurtherSteps,
"ConfigPolicyManager did not create ValidationRequest for unknown certificate")
self.assertEqual(vr.successCount, 0,
"ConfigPolicyManager called success callback with pending ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager called failure callback with pending ValidationRequest")
# Now save the cert data to our anchor directory, and wait.
# We have to sign it with the current identity or the policy manager
# will create an interest for the signing certificate.
cert = CertificateV2()
certData = b64decode(CERT_DUMP)
cert.wireDecode(Blob(certData, False))
signingInfo = SigningInfo()
signingInfo.setSigningIdentity(self.identityName)
# Make sure the validity period is current for two years.
now = Common.getNowMilliseconds()
signingInfo.setValidityPeriod(ValidityPeriod
(now, now + 2 * 365 * 24 * 3600 * 1000.0))
self.keyChain.sign(cert, signingInfo)
encodedCert = b64encode(cert.wireEncode().toBytes())
with open(self.testCertFile, 'w') as certFile:
certFile.write(Blob(encodedCert, False).toRawStr())
# Still too early for refresh to pick it up.
vr = doVerify(self.policyManager, data)
self.assertTrue(vr.hasFurtherSteps,
"ConfigPolicyManager refresh occured sooner than specified")
self.assertEqual(vr.successCount, 0,
"ConfigPolicyManager called success callback with pending ValidationRequest")
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager called failure callback with pending ValidationRequest")
time.sleep(6)
# Now we should find it.
vr = doVerify(self.policyManager, data)
self.assertFalse(vr.hasFurtherSteps,
"ConfigPolicyManager did not refresh certificate store")
self.assertEqual(vr.successCount, 1,
"Verification success called {} times instead of 1".format(
vr.successCount))
self.assertEqual(vr.failureCount, 0,
"ConfigPolicyManager did not verify valid signed data")
def test_empty_signature(self):
# make sure nothing is set in the signature of newly created data
data = Data()
signature = data.getSignature()
self.assertIsNone(
signature.getKeyLocator().getType(),
'Key locator type on unsigned data should not be set')
self.assertTrue(signature.getSignature().isNull(),
'Non-empty signature on unsigned data')
def test_encode_decode(self):
data = Data()
data.wireDecode(codedData)
data.setContent(data.getContent())
encoding = data.wireEncode()
reDecodedData = Data()
reDecodedData.wireDecode(encoding)
self.assertEqual(dumpData(reDecodedData), initialDump, 'Re-decoded data does not match original dump')
def onMemberCertificateData(self, interest, data, accessInterest):
print "Member certificate with name retrieved: " + data.getName(
).toUri() + "; member added to group!"
self.manager.addMember("schedule1", data)
self.needToPublishGroupKeys = True
accessResponse = Data(accessInterest.getName())
accessResponse.setContent("granted")
self.face.putData(accessResponse)
def onInterest(self, prefix, interest, face, interestFilterId, filter):
print("[*] Got interest")
self.rec = 0
data = Data(interest.getName())
content = "hello"
data.setContent(content)
#self.keyChain.sign(data,self.certName)
face.putData(data)
print("! finished in onInterest")
def testEmptyContent(self):
state = PSyncState()
# Simulate getting a buffer of content from a segment fetcher.
data = Data()
data.setContent(state.wireEncode())
state2 = PSyncState(data.getContent())
self.assertEqual(0, len(state2.getContent()))
def __init__(self, contentPrefix, userKeyName, keyChain, certificateName):
self._enabled = True
self._responseCount = 0
# Imitate test_consumer from the PyNDN integration tests.
contentName0 = Name(contentPrefix).append("Content").appendSegment(0)
contentName1 = Name(contentPrefix).append("Content").appendSegment(1)
cKeyName = Name("/Prefix/SAMPLE/Content/C-KEY/1")
dKeyName = Name("/Prefix/READ/D-KEY/1/2")
# Generate the E-KEY and D-KEY.
params = RsaKeyParams()
fixtureDKeyBlob = RsaAlgorithm.generateKey(params).getKeyBits()
fixtureEKeyBlob = RsaAlgorithm.deriveEncryptKey(
fixtureDKeyBlob).getKeyBits()
# The user key.
fixtureUserEKeyBlob = Blob(FIXTURE_USER_E_KEY)
# Load the C-KEY.
fixtureCKeyBlob = Blob(AES_KEY, False)
# Imitate createEncryptedContent. Make two segments.
encryptParams = EncryptParams(EncryptAlgorithmType.AesCbc)
encryptParams.setInitialVector(Blob(INITIAL_VECTOR, False))
self._contentData0 = Data(contentName0)
Encryptor.encryptData(
self._contentData0, Blob(DATA0_CONTENT, False), cKeyName,
fixtureCKeyBlob, encryptParams)
self._contentData0.getMetaInfo().setFinalBlockId(
Name().appendSegment(1)[0])
keyChain.sign(self._contentData0, certificateName)
self._contentData1 = Data(contentName1)
Encryptor.encryptData(
self._contentData1, Blob(DATA1_CONTENT, False), cKeyName,
fixtureCKeyBlob, encryptParams)
self._contentData1.getMetaInfo().setFinalBlockId(
Name().appendSegment(1)[0])
keyChain.sign(self._contentData1, certificateName)
# Imitate createEncryptedCKey.
self._cKeyData = Data(cKeyName)
encryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
Encryptor.encryptData(
self._cKeyData, fixtureCKeyBlob, dKeyName, fixtureEKeyBlob,
encryptParams)
keyChain.sign(self._cKeyData, certificateName)
# Imitate createEncryptedDKey.
self._dKeyData = Data(dKeyName)
encryptParams = EncryptParams(EncryptAlgorithmType.RsaOaep)
Encryptor.encryptData(
self._dKeyData, fixtureDKeyBlob, userKeyName, fixtureUserEKeyBlob,
encryptParams)
keyChain.sign(self._dKeyData, certificateName)
def onAccessTokenListRequest(self, prefix, interest, transport, registeredPrefixId):
interestName = interest.getName()
devicePrefixStr = "/home"+interestName.getSubName(2,3).toUri()
dump("device prefix: ",devicePrefixStr)
username = interestName.get(6).getValue().toRawStr()
userPrefix = Name("/home/user/"+username)
userHash = self._deviceUserAccessManager.getUserHash(userPrefix)
userHMACKey = HMACKey(0,0,userHash,"userHMACKey")
if ( self._accessControlManager.verifyInterestWithHMACKey(interest,userHMACKey) ):
dump("Verified")
accessTokenInfoList = []
seed = self._deviceUserAccessManager.getSeed(Name(devicePrefixStr))
dump("seed",seed)
dump("device dict", self._deviceDict)
dump("devicePrefixStr",devicePrefixStr)
commandList = []
try :
commandList = self._deviceDict[devicePrefixStr]['commandList']
except Exception:
dump("No such device")
dump("Command List: ",commandList)
for eachCommand in commandList:
commandTokenNameStr = devicePrefixStr+'/'+eachCommand+'/token/0'
commandTokenSequence = 0
seedSequence = 0
commandToken = hmac.new(seed.getKey(), commandTokenNameStr, sha256).digest()
accessTokenNameStr = commandTokenNameStr+'/user/'+username+'/token/0'
accessToken = hmac.new(commandToken, accessTokenNameStr, sha256).digest()
dump("commandTkenName ------------- : ",commandTokenNameStr)
dump("commandTken ------------- : ",base64.b64encode(commandToken))
dump("accessTokenName ------------- : ",accessTokenNameStr)
dump("accessToken ----------------- : ",base64.b64encode(accessToken))
dump("accessToken hex-------------- : ",hmac.new(commandToken, accessTokenNameStr, sha256).hexdigest())
accessTokenInfo = {}
accessTokenInfo['command'] = eachCommand
accessTokenInfo['commandTokenSequence'] = commandTokenSequence
accessTokenInfo['seedSequence'] = seedSequence
accessTokenInfo['accessToken'] = base64.b64encode( accessToken)
accessTokenInfo['accessTokenName'] = accessTokenNameStr
accessTokenInfoList.append(accessTokenInfo)
data = Data(interestName)
data.setContent(json.dumps(accessTokenInfoList))
self._accessControlManager.signDataWithHMACKey(data,userHMACKey)
self.sendData(data,transport,sign=False)
else:
dump("Not verified")
def on_branchinfo_interest(self, _prefix, interest: Interest, face, _filter_id, _filter):
name = interest.name
print("ON BRANCH INFO INTEREST", name.toUri())
branch = name[-1].toEscapedString()
if branch not in self.branches:
return
data = Data(interest.name)
data.content = pickle.dumps(self.branches[branch])
data.metaInfo.freshnessPeriod = 1000
face.putData(data)
def onEntityDataNotFound(self, prefix, interest, face, interestFilterId, filter):
name = interest.getName().toUri()
if name in self._hostedObjects:
content = self._serializer.serialize(self._hostedObjects[name])
data = Data(Name(name))
data.setContent(content)
data.getMetaInfo().setFreshnessPeriod(self._entityDataFreshnessPeriod)
self._keyChain.sign(data, self._certificateName)
self._face.putData(data)
return
def test_extension(self):
#now add an extension
name = "/hello/kitty"
trustClass = 0
trustLevel = 300
extValueRoot = DerSequence()
extValueName = DerOctetString(Blob(name).buf())
extValueTrustClass = DerInteger(trustClass)
extValueTrustLevel = DerInteger(trustLevel)
extValueRoot.addChild(extValueName)
extValueRoot.addChild(extValueTrustClass)
extValueRoot.addChild(extValueTrustLevel)
extValueData = extValueRoot.encode()
oidString = "1.3.6.1.5.32.1"
isCritical = True
certExtension = CertificateExtension(oidString, isCritical, extValueData)
self.toyCert.encode()
cert = Certificate(self.toyCert)
cert.addExtension(certExtension)
cert.encode()
certData = cert.getContent()
plainData = Data()
plainData.setContent(certData)
# The constructor Certificate(Data) calls decode().
decodedCert = Certificate(plainData)
self.assertEqual(1, len(decodedCert.getExtensionList()),
"Wrong number of certificate extensions after decoding")
decodedExtension = decodedCert.getExtensionList()[0]
self.assertEqual(oidString, str(decodedExtension.getOid()),
"Certificate extension has the wrong OID after decoding")
self.assertEqual(isCritical, decodedExtension.getIsCritical(),
"Certificate extension has the wrong isCritical value after decoding")
# Decode and check the extension value.
parsedExtValue = DerNode.parse(decodedExtension.getValue().buf())
decodedExtValueRoot = parsedExtValue.getChildren()
self.assertEqual(3, len(decodedExtValueRoot),
"Wrong number of certificate extension value items after decoding")
decodedName = decodedExtValueRoot[0]
decodedTrustClass = decodedExtValueRoot[1]
decodedTrustLevel = decodedExtValueRoot[2]
# Use Blob to get a string.
self.assertEqual(name, Blob(decodedName.toVal()).toRawStr(),
"Wrong extension value name after decoding")
self.assertEqual(trustClass, decodedTrustClass.toVal(),
"Wrong extension value trust class after decoding")
self.assertEqual(trustLevel, decodedTrustLevel.toVal(),
"Wrong extension value trust level after decoding")
def onGetAllData(self, producedDataName, outerDataName):
maxLng = -1000
minLng = 1000
maxLat = -1000
minLat = 1000
for item in self._tasks[producedDataName]["dataset"]:
dataObject = json.loads(str(item))
if dataObject["lat"] > maxLat:
maxLat = dataObject["lat"]
if dataObject["lat"] < minLat:
minLat = dataObject["lat"]
if dataObject["lng"] > maxLng:
maxLng = dataObject["lng"]
if dataObject["lng"] < minLng:
minLng = dataObject["lng"]
if not self._encryptResult:
innerData = Data(Name(str(producedDataName)))
innerData.setContent(json.dumps({"minLat": minLat, "maxLat": maxLat, "minLng": minLng, "maxLng": maxLng}))
#self.keyChain.sign(innerData)
outerData = Data(Name(str(outerDataName)))
outerData.setContent(innerData.wireEncode())
#self.keyChain.sign(outerData)
self.memoryContentCache.add(outerData)
self.initiateContentStoreInsertion("/ndn/edu/ucla/remap/ndnfit/repo", outerData)
print "Calculation completed, put data to repo"
else:
print "Encrypt result is not implemented"
def test_extension(self):
#now add an extension
name = "/hello/kitty"
trustClass = 0
trustLevel = 300
extValueRoot = DerSequence()
extValueName = DerOctetString(Blob(name).buf())
extValueTrustClass = DerInteger(trustClass)
extValueTrustLevel = DerInteger(trustLevel)
extValueRoot.addChild(extValueName)
extValueRoot.addChild(extValueTrustClass)
extValueRoot.addChild(extValueTrustLevel)
extValueData = extValueRoot.encode()
oidString = "1.3.6.1.5.32.1"
isCritical = True
certExtension = CertificateExtension(oidString, isCritical, extValueData)
self.toyCert.encode()
cert = Certificate(self.toyCert)
cert.addExtension(certExtension)
cert.encode()
certData = cert.getContent()
plainData = Data()
plainData.setContent(certData)
# The constructor Certificate(Data) calls decode().
decodedCert = Certificate(plainData)
self.assertEqual(1, len(decodedCert.getExtensionList()),
"Wrong number of certificate extensions after decoding")
decodedExtension = decodedCert.getExtensionList()[0]
self.assertEqual(oidString, str(decodedExtension.getOid()),
"Certificate extension has the wrong OID after decoding")
self.assertEqual(isCritical, decodedExtension.getIsCritical(),
"Certificate extension has the wrong isCritical value after decoding")
# Decode and check the extension value.
parsedExtValue = DerNode.parse(decodedExtension.getValue().buf())
decodedExtValueRoot = parsedExtValue.getChildren()
self.assertEqual(3, len(decodedExtValueRoot),
"Wrong number of certificate extension value items after decoding")
decodedName = decodedExtValueRoot[0]
decodedTrustClass = decodedExtValueRoot[1]
decodedTrustLevel = decodedExtValueRoot[2]
# Use Blob to get a string.
self.assertEqual(name, Blob(decodedName.toVal()).toRawStr(),
"Wrong extension value name after decoding")
self.assertEqual(trustClass, decodedTrustClass.toVal(),
"Wrong extension value trust class after decoding")
self.assertEqual(trustLevel, decodedTrustLevel.toVal(),
"Wrong extension value trust level after decoding")
def generateData(baseName):
'''
This appends the segment number to the data name
'''
# just make up some data and return it
ts = (time.time())
segmentId = 0 # compatible with repo-ng test: may change to test segmented data
versionComponent = baseName.get(-1) # should have a ts
dataName = Name(baseName)
dataName.appendSegment(segmentId)
d = Data(dataName)
content = "(" + str(ts) + ") Data named " + dataName.toUri()
d.setContent(content)
d.getMetaInfo().setFinalBlockID(segmentId)
d.getMetaInfo().setFreshnessPeriod(-1)
if shouldSign:
keychain.sign(d, certName)
else:
d.setSignature(fakeSignature)
if shouldCollectStats:
info = getInfoForVersion(versionComponent.toEscapedString())
if info is not None:
info['publish_time'] = ts
return d
def main():
data = Data()
data.wireDecode(TlvData)
# Use a hard-wired secret for testing. In a real application the signer
# ensures that the verifier knows the shared key and its keyName.
key = Blob(bytearray([
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31
]))
if KeyChain.verifyDataWithHmacWithSha256(data, key):
dump("Hard-coded data signature verification: VERIFIED")
else:
dump("Hard-coded data signature verification: FAILED")
freshData = Data(Name("/ndn/abc"))
signature = HmacWithSha256Signature()
signature.getKeyLocator().setType(KeyLocatorType.KEYNAME)
signature.getKeyLocator().setKeyName(Name("key1"))
freshData.setSignature(signature)
freshData.setContent("SUCCESS!")
dump("Signing fresh data packet", freshData.getName().toUri())
KeyChain.signWithHmacWithSha256(freshData, key)
if KeyChain.verifyDataWithHmacWithSha256(freshData, key):
dump("Freshly-signed data signature verification: VERIFIED")
else:
dump("Freshly-signed data signature verification: FAILED")
def onBlinkCommand(self, interest):
self.log.debug("Blink command")
response = Data(interest.getName())
if self.blinkPWM is None:
self.blinkPWM = GPIO.PWM(self.pinNumber, 2.0)
self.blinkPWM.start(50)
else:
self.blinkPWM.stop()
self.blinkPWM = None
response.setContent('ACK')
return response
def onCecCommand(self, interest):
self.log.debug("Received CEC command")
# check command interest name
# verify command interest
message = pb.CommandMessage()
ProtobufTlv.decode(message, interest.getName().get(3).getValue())
self.loop.call_soon(self.processCommands, message)
data = Data(interest.getName())
data.setContent('ACK')
return data
def _prepareCapabilitiesList(self, interestName):
"""
Responds to a directory listing request with JSON
"""
dataName = Name(interestName).append(Name.Component.fromNumber(int(time.time())))
response = Data(dataName)
response.setContent(json.dumps(self._directory))
return response
def _prepareCapabilitiesList(self, interestName):
"""
Responds to a directory listing request with JSON
"""
dataName = Name(interestName).append(Name.Component.fromNumber(int(time.time())))
response = Data(dataName)
response.setContent(json.dumps(self._directory))
return response
def onInterest(self, prefix, interest, face, interestFilterId, filter):
self._responseCount += 1
# Make and sign a Data packet.
data = Data(interest.getName())
content = "Echo " + interest.getName().toUri()
data.setContent(content)
self._keyChain.sign(data, self._certificateName)
dump("Sent content", content)
face.putData(data)
def on_reflist_interest(self, _prefix, interest: Interest, face, _filter_id, _filter):
result = '\n'.join("{} refs/heads/{}".format(info.head, name)
for name, info in self.branches.items())
result = result + '\n'
print("On reflist -> return:", result)
data = Data(interest.name)
data.content = result.encode("utf-8")
data.metaInfo.freshnessPeriod = 1000
face.putData(data)
def onBlinkCommand(self, interest):
self.log.debug("Blink command")
response = Data(interest.getName())
if self.blinkPWM is None:
self.blinkPWM = GPIO.PWM(self.pinNumber, 2.0)
self.blinkPWM.start(50)
else:
self.blinkPWM.stop()
self.blinkPWM = None
response.setContent('ACK')
return response
def onInterest(self, prefix, interest, face, interestFilterId, filter):
self._responseCount += 1
# Make and sign a Data packet.
data = Data(interest.getName())
content = "Echo " + interest.getName().toUri()
data.setContent(content)
self._keyChain.sign(data, self._certificateName)
dump("Sent content", content)
face.putData(data)
def onCecCommand(self, interest):
self.log.debug("Received CEC command")
# check command interest name
# verify command interest
message = pb.CommandMessage()
ProtobufTlv.decode(message, interest.getName().get(3).getValue())
self.loop.call_soon(self.processCommands, message)
data = Data(interest.getName())
data.setContent('ACK')
return data
