def _create_AS(isd, as_id, is_core=False):
as_ = AS(isd=isd,
as_id=as_id,
as_id_int=as_ids.parse(as_id),
is_core=is_core)
as_.save()
return as_
def _create_AS(isd, as_id, is_core=False):
# bypass ASManager.create to avoid initializing keys
as_ = AS(isd=isd,
as_id=as_id,
as_id_int=as_ids.parse(as_id),
is_core=is_core)
as_.save()
return as_
class GenerateKeyTests(TestCase):
def setUp(self):
self.isd = ISD.objects.create(isd_id=1, label='Test')
# bypass ASManager.create to avoid initializing keys
as_id = 'ff00:0:110'
self.AS = AS(isd=self.isd, as_id=as_id, as_id_int=as_ids.parse(as_id))
self.AS.save()
def test_generate_decrypt_key(self):
k = Key.objects.create(AS=self.AS, usage=Key.DECRYPT)
self.assertIsNotNone(k)
self.assertEqual(k.AS_id, self.AS.pk)
self.assertEqual(k.version, 1)
self.assertEqual(k.usage, Key.DECRYPT)
self.assertEqual(k.not_after - k.not_before,
DEFAULT_EXPIRATION_AS_KEYS)
def test_generate_sign_key(self):
k = Key.objects.create(AS=self.AS, usage=Key.SIGNING)
self.assertIsNotNone(k)
self.assertEqual(k.AS_id, self.AS.pk)
self.assertEqual(k.version, 1)
self.assertEqual(k.usage, Key.SIGNING)
self.assertEqual(k.not_after - k.not_before,
DEFAULT_EXPIRATION_AS_KEYS)
def test_key_timestamp_format(self):
d = datetime(2006, 1, 2, 15, 4, 5)
formatted = Key._format_timestamp(d)
self.assertEqual(formatted, "2006-01-02 15:04:05+0000")
# Ignore microseconds
d = datetime(2006, 1, 2, 15, 4, 5, 12345)
formatted = Key._format_timestamp(d)
self.assertEqual(formatted, "2006-01-02 15:04:05+0000")
# Should also work on whatever utcnow returns
d = datetime.utcnow()
formatted = Key._format_timestamp(d)
self.assertIsNotNone(
re.match(r"\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\+0000", formatted))
def test_delete_as(self):
ks = Key.objects.create(AS=self.AS, usage=Key.SIGNING)
kd = Key.objects.create(AS=self.AS, usage=Key.DECRYPT)
ko = Key.objects.create(AS=self.AS, usage=Key.TRC_VOTING_OFFLINE)
self.AS.delete()
self.assertFalse(Key.objects.filter(
pk=ks.pk).exists()) # Delete should cascade here, ...
self.assertFalse(
Key.objects.filter(pk=kd.pk).exists()) # ... and here too.
self.assertTrue(Key.objects.filter(
pk=ko.pk).exists()) # This one should still exist!
def test_update_core_cert(self):
isd = ISD.objects.get(isd_id=19)
utils.check_trc_and_certs(self,
19,
self.isd19_core_ases,
expected_version=1)
AS.update_core_as_keys(isd.ases.filter(is_core=True))
utils.check_trc_and_certs(self,
19,
self.isd19_core_ases,
expected_version=2)
def test_update_core_cert(self):
isd = ISD.objects.get(isd_id=19)
trc_v1 = utils.check_trc(self,
isd,
self.isd19_core_ases,
expected_version=1)
AS.update_core_as_keys(isd.ases.filter(is_core=True))
trc_v2 = utils.check_trc(self,
isd,
self.isd19_core_ases,
expected_version=2)
trc_v2.verify(trc_v1)
utils.check_core_as_certs(self, isd)
# Certs for non-core ASes not updated; will be updated as new TRC is disseminated
for as_ in isd.ases.filter(is_core=False).iterator():
self.assertEqual(as_.certificate_chain['0']['TRCVersion'],
trc_v1.version)
def create(self,
owner: User,
installation_type: str,
isd: int,
public_ip: str = "",
wants_user_ap: bool = False,
wants_vpn: bool = False,
as_id: str = None,
label: str = None) -> 'UserAS':
"""Create a UserAS
:param User owner: owner of this UserAS
:param str installation_type:
:param int isd:
:param str public_ip: optional public IP address for the host of the AS
:param bool wants_user_ap: optional boolean if the User AS should be AP
:param str wants_vpn: optional boolean if the User AP should provide a VPN
:param str as_id: optional as_id, if None is given, the next free ID is chosen
:param str label: optional label
:returns: UserAS
"""
owner.check_as_quota()
assert isd, "No ISD provided"
if as_id:
as_id_int = as_ids.parse(as_id)
else:
as_id_int = self.get_next_id()
as_id = as_ids.format(as_id_int)
user_as = super().create(
owner=owner,
label=label,
isd=isd,
as_id=as_id,
as_id_int=as_id_int,
installation_type=installation_type,
master_as_key=AS._make_master_as_key()
)
user_as.generate_keys()
user_as.generate_certs()
user_as.init_default_services(public_ip=public_ip)
if wants_user_ap:
host = user_as.hosts.first()
vpn = None
if wants_vpn:
vpn = VPN.objects.create(server=host)
AttachmentPoint.objects.create(AS=user_as, vpn=vpn)
return user_as
def create(self,
owner: User,
installation_type: str,
isd: int,
as_id: str = None,
label: str = None) -> 'UserAS':
"""Create a UserAS
:param User owner: owner of this UserAS
:param str installation_type:
:param int isd:
:param str as_id: optional as_id, if None is given, the next free ID is chosen
:param str label: optional label
:returns: UserAS
"""
owner.check_as_quota()
assert isd, "No ISD provided"
if as_id:
as_id_int = as_ids.parse(as_id)
else:
as_id_int = self.get_next_id()
as_id = as_ids.format(as_id_int)
user_as = super().create(
owner=owner,
label=label,
isd=isd,
as_id=as_id,
as_id_int=as_id_int,
installation_type=installation_type,
master_as_key=AS._make_master_as_key()
)
user_as.generate_keys()
user_as.generate_certs()
user_as.init_default_services()
return user_as
def update_core_keys(self, request, queryset):
"""
Updates the core keys and update the corresponding TRCs and certificates.
"""
AS.update_core_as_keys(queryset)
def update_keys(self, request, queryset):
"""
Admin action: generate new keys for the selected ASes.
"""
AS.update_cp_as_keys(queryset)
def setUp(self):
self.isd = ISD.objects.create(isd_id=1, label='Test')
# bypass ASManager.create to avoid initializing keys
as_id = 'ff00:0:110'
self.AS = AS(isd=self.isd, as_id=as_id, as_id_int=as_ids.parse(as_id))
self.AS.save()
def update_core_keys(as_ids):
from scionlab.models.core import AS
ases = AS.objects.filter(as_id__in=as_ids)
AS.update_core_as_keys(ases)