def __init__(self, configfile=None, domain=None, commonName=None, force=False, readonly=False): self.configfile = configfile self.commonName = commonName or 'runtime' self.config = ConfigParser.SafeConfigParser() self.config.optionxform = str os.umask(0077) if configfile is not None: # Open existing config file self.configuration = self.parse_opensslconf() elif configfile is None and domain is not None: self.domain = domain homefolder = get_home() self.configfile = os.path.join(homefolder, ".calvin", "security", domain, "openssl.conf") exist = os.path.isfile(self.configfile) if not exist and readonly: raise Exception("Configuration file does not exist, create CA first") if exist and not force: self.configuration = self.parse_opensslconf() print "Configuration already exists " \ "using {}".format(self.configfile) else: self.new_opensslconf() self.configuration = self.parse_opensslconf() print "Made new configuration at " \ "{}".format(self.configfile) else: raise Exception("Missing argument, neither domain nor " "configfile supplied.")
def _get_security_credentials_path(self): security_dir_in_conf = _conf.get("security", "security_dir") if security_dir_in_conf: return security_dir_in_conf else: homefolder = get_home() return os.path.join(homefolder, ".calvin", "security")
def remove_domain(domain, directory=None): """ Remove an existing domain uses default security directory if not supplied. """ homefolder = get_home() domaindir = directory or os.path.join(homefolder, ".calvin", "security", domain) configfile = os.path.join(domaindir, "openssl.conf") if os.path.isfile(configfile): shutil.rmtree(domaindir, ignore_errors=True)
def __init__(self, domain, commonName=None, security_dir=None, force=False, readonly=False): _log.debug("__init__") self.configfile = None self.commonName = commonName or 'runtime' self.config = ConfigParser.SafeConfigParser() self.config.optionxform = str self.enrollment_challenge_db_path = None self.enrollment_challenge_db = {} self.allowed_authentication_servers = None self.allowed_authorization_servers = None os.umask(0077) self.domain = domain _log.debug("CA init") self.security_dir = _conf.get("security", "security_dir") if security_dir: self.configfile = os.path.join(security_dir, domain, "openssl.conf") else: homefolder = get_home() self.configfile = os.path.join(homefolder, ".calvin", "security", domain, "openssl.conf") exist = os.path.isfile(self.configfile) if not exist and readonly: raise Exception( "Configuration file does not exist, create CA first") if exist and not force: self.configuration = self.parse_opensslconf() _log.debug("Configuration already exists") # print "Configuration already exists " \ # "using {}".format(self.configfile) else: _log.debug("Configuration does not exist, let's create CA") self.new_opensslconf() self.configuration = self.parse_opensslconf() #Generate keys and CA certiticate try: self.new_ca_credentials(security_dir=security_dir, force=False, readonly=False) except: _log.error("Creation of new CA credentials failed") raise # print "Made new configuration at " \ # "{}".format(self.configfile) self.cert_enrollment_update_db_file() self.enrollment_challenge_db_path = os.path.join( self.configuration["CA_default"]["private_dir"], "enrollment_challenge_db.json")
def get_security_credentials_path(security_dir=None): """Return the path to the folder with all security credentials""" # _log.debug("get_security_credentials_path, security_dir={}".format(security_dir)) security_dir_in_conf = _conf.get("security", "security_dir") if security_dir: return security_dir elif security_dir_in_conf: return security_dir_in_conf else: homefolder = get_home() return os.path.join(homefolder, ".calvin", "security")
def remove_domain(self, domain, directory=None): """ Remove an existing domain uses default security directory if not supplied. """ homefolder = get_home() domaindir = directory or os.path.join(homefolder, ".calvin", "security", domain) configfile = os.path.join(domaindir, "openssl.conf") if os.path.isfile(configfile): shutil.rmtree(domaindir, ignore_errors=True)
def __init__(self): _log.debug("Security: _init_") self.sec_conf = _conf.get("security","security_conf") self.sec_policy = _conf.get("security","security_policy") if self.sec_conf is not None and not self.sec_conf.get('signature_trust_store', None): # Set default directory for trust store homefolder = get_home() truststore_dir = os.path.join(homefolder, ".calvin", "security", "trustStore") self.sec_conf['signature_trust_store'] = truststore_dir self.principal = {} self.auth = {}
def manage_trust(args): if not args.path: raise Exception("No path supplied") cert_name = os.path.basename(args.path) if args.dir: truststore_cert = os.path.join(args.dir, "trustStore", cert_name) else: homefolder = get_home() truststore_cert = os.path.join(homefolder, ".calvin", "security", "trustStore", cert_name) if not os.path.isdir(os.path.dirname(truststore_cert)): os.makedirs(os.path.dirname(truststore_cert), 0700) shutil.copy(args.path, truststore_cert)
def get_security_credentials_path(security_dir=None): """Return the node's own certificate name without file extension""" _log.debug("get_runtimes_credentials_path") security_path = _conf.get("security", "security_path") if security_dir: _log.debug("security_dir supplied") return security_dir elif security_path: _log.debug("security_path in calvin.conf:%s" % security_path) return security_path else: _log.debug("use default path") homefolder = get_home() return os.path.join(homefolder, ".calvin", "security")
def get_ca_conf(self): """Return path to openssl.conf for the CA""" _log.debug("get_ca_conf") is_ca = _conf.get("security","certificate_authority") if is_ca=="True": security_dir = _conf.get("security", "security_path") domain_name = _conf.get("security", "security_domain_name") if security_dir: cert_conf_file = os.path.join(security_dir,domain_name,"openssl.conf") else: homefolder = get_home() cert_conf_file = os.path.join(homefolder,"security",domain_name,"openssl.conf") return cert_conf_file else: return None
def __init__(self, domain, commonName=None, security_dir=None, force=False, readonly=False): self.configfile = None self.commonName = commonName or 'runtime' self.config = ConfigParser.SafeConfigParser() self.config.optionxform = str os.umask(0077) self.domain = domain _log.debug("CA init") security_path = _conf.get("security", "security_path") if security_dir: self.configfile = os.path.join(security_dir, domain, "openssl.conf") elif security_path: self.configfile = os.path.join(security_path, domain, "openssl.conf") else: homefolder = get_home() self.configfile = os.path.join(homefolder, ".calvin", "security", domain, "openssl.conf") exist = os.path.isfile(self.configfile) if not exist and readonly: raise Exception( "Configuration file does not exist, create CA first") if exist and not force: self.configuration = self.parse_opensslconf() _log.debug("Configuration already exists") print "Configuration already exists " \ "using {}".format(self.configfile) else: _log.debug("Configuration does not exist, let's create CA") self.new_opensslconf() self.configuration = self.parse_opensslconf() #Generate keys and CA certiticate try: self.new_ca_credentials(security_dir=security_dir, force=False, readonly=False) except: _log.error("creation of new CA credentials failed") print "Made new configuration at " \ "{}".format(self.configfile)
def __init__(self, domain, commonName=None, security_dir=None, force=False, readonly=False): _log.debug("__init__") self.configfile = None self.commonName = commonName or 'runtime' self.config = ConfigParser.SafeConfigParser() self.config.optionxform = str self.enrollment_challenge_db_path =None self.enrollment_challenge_db = {} self.allowed_authentication_servers = None self.allowed_authorization_servers = None os.umask(0077) self.domain = domain _log.debug("CA init") self.security_dir = _conf.get("security", "security_dir") if security_dir: self.configfile = os.path.join(security_dir, domain, "openssl.conf") else: homefolder = get_home() self.configfile = os.path.join(homefolder, ".calvin", "security", domain, "openssl.conf") exist = os.path.isfile(self.configfile) if not exist and readonly: raise Exception("Configuration file does not exist, create CA first") if exist and not force: self.configuration = self.parse_opensslconf() _log.debug("Configuration already exists") # print "Configuration already exists " \ # "using {}".format(self.configfile) else: _log.debug("Configuration does not exist, let's create CA") self.new_opensslconf() self.configuration = self.parse_opensslconf() #Generate keys and CA certiticate try: self.new_ca_credentials(security_dir=security_dir, force=False, readonly=False) except: _log.error("Creation of new CA credentials failed") raise # print "Made new configuration at " \ # "{}".format(self.configfile) self.cert_enrollment_update_db_file() self.enrollment_challenge_db_path = os.path.join(self.configuration["CA_default"]["private_dir"],"enrollment_challenge_db.json")
def get_ca_conf(self): """Return path to openssl.conf for the CA""" _log.debug("get_ca_conf") is_ca = _conf.get("security", "certificate_authority") if is_ca == "True": security_dir = _conf.get("security", "security_path") domain_name = _conf.get("security", "domain_name") if security_dir: cert_conf_file = os.path.join(security_dir, domain_name, "openssl.conf") else: homefolder = get_home() cert_conf_file = os.path.join(homefolder, "security", domain_name, "openssl.conf") return cert_conf_file else: return None
def get_ca_conf(self): """Return path to openssl.conf for the CA""" _log.debug("get_ca_conf") try: _ca_conf = _conf.get("security", "certificate_authority") is_ca = _ca_conf["is_ca"] domain_name = _ca_conf["domain_name"] except: is_ca = False if is_ca==True: if self.security_dir: cert_conf_file = os.path.join(self.security_dir, domain_name, "openssl.conf") else: homefolder = get_home() cert_conf_file = os.path.join(homefolder,"security",domain_name,"openssl.conf") return cert_conf_file else: return None
def get_ca_conf(self): """Return path to openssl.conf for the CA""" _log.debug("get_ca_conf") try: _ca_conf = _conf.get("security", "certificate_authority") is_ca = _ca_conf["is_ca"] domain_name = _ca_conf["domain_name"] except: is_ca = False if is_ca == True: if self.security_dir: cert_conf_file = os.path.join(self.security_dir, domain_name, "openssl.conf") else: homefolder = get_home() cert_conf_file = os.path.join(homefolder, "security", domain_name, "openssl.conf") return cert_conf_file else: return None
def __init__(self, domain, commonName=None, security_dir=None, force=False, readonly=False): self.configfile = None self.commonName = commonName or 'runtime' self.config = ConfigParser.SafeConfigParser() self.config.optionxform = str os.umask(0077) self.domain = domain _log.debug("CA init") security_path = _conf.get("security", "security_path") if security_dir: self.configfile = os.path.join(security_dir, domain, "openssl.conf") elif security_path: self.configfile = os.path.join(security_path, domain, "openssl.conf") else: homefolder = get_home() self.configfile = os.path.join(homefolder, ".calvin", "security", domain, "openssl.conf") exist = os.path.isfile(self.configfile) if not exist and readonly: raise Exception("Configuration file does not exist, create CA first") if exist and not force: self.configuration = self.parse_opensslconf() _log.debug("Configuration already exists") print "Configuration already exists " \ "using {}".format(self.configfile) else: _log.debug("Configuration does not exist, let's create CA") self.new_opensslconf() self.configuration = self.parse_opensslconf() #Generate keys and CA certiticate try: self.new_ca_credentials(security_dir=security_dir, force=False, readonly=False) except: _log.error("creation of new CA credentials failed") print "Made new configuration at " \ "{}".format(self.configfile)
def __init__(self, security_dir=None): homefolder = get_home() default_path = os.path.join(homefolder, ".calvin", "security") self.security_dir = security_dir if security_dir else self._get_security_credentials_path( ) self.runtimes_dir = os.path.join(self.security_dir, "runtimes") self.truststore_transport_dir = os.path.join(self.runtimes_dir, TRUSTSTORE_TRANSPORT) if not os.path.isdir(self.truststore_transport_dir): try: os.makedirs(self.truststore_transport_dir) except OSError: pass self.truststore_sign_dir = os.path.join(self.runtimes_dir, TRUSTSTORE_SIGN) if not os.path.isdir(self.truststore_sign_dir): try: os.makedirs(self.truststore_sign_dir) except OSError: pass self.truststore_transport = TrustStore(self.truststore_transport_dir) self.truststore_sign = TrustStore(self.truststore_sign_dir)
def config_paths(self): """ Return the list of paths to search for configs. If install dir is in the path from home folder to CWD it is not included a second time. """ if self.override_path is not None: return [self.override_path] inst_loc = self.install_location() curr_loc = os.getcwd() home = get_home() or curr_loc paths = [inst_loc, home] insert_index = len(paths) if curr_loc.startswith(home): while len(curr_loc) > len(home): if curr_loc != inst_loc: paths.insert(insert_index, curr_loc) curr_loc, part = curr_loc.rsplit('/', 1) epaths = self.extra_paths.split(':') if self.extra_paths else [] paths.extend(epaths) return paths
def sign_files_for_security_tests(credentials_testdir): from calvin.utilities import code_signer from calvin.utilities.utils import get_home from calvin.utilities import certificate import shutil def replace_text_in_file(file_path, text_to_be_replaced, text_to_insert): # Read in the file filedata = None with open(file_path, 'r') as file: filedata = file.read() # Replace the target string filedata = filedata.replace(text_to_be_replaced, text_to_insert) # Write the file out again with open(file_path, 'w') as file: file.write(filedata) def _copy_and_sign_actor(prefix, file_name): #Create signed version of the actor directory = os.path.join(actor_store_path, prefix) if not os.path.isdir(directory): os.makedirs(directory) shutil.copy( os.path.join(orig_actor_store_path, prefix, "__init__.py"), os.path.join(actor_store_path, prefix, "__init__.py")) orig_actor_path = os.path.join(orig_actor_store_path, prefix, file_name) new_actor_path = os.path.join(actor_store_path, prefix, file_name) shutil.copy(orig_actor_path, new_actor_path) cs.sign_file(new_actor_path) return new_actor_path homefolder = get_home() runtimesdir = os.path.join(credentials_testdir, "runtimes") runtimes_truststore_signing_path = os.path.join(runtimesdir, "truststore_for_signing") orig_testdir = os.path.join(os.path.dirname(__file__), "security_test") orig_actor_store_path = os.path.abspath( os.path.join(os.path.dirname(__file__), '..', 'actorstore', 'systemactors')) actor_store_path = os.path.join(credentials_testdir, "store") orig_application_store_path = os.path.join(orig_testdir, "scripts") application_store_path = os.path.join(credentials_testdir, "scripts") print "Create test folders" try: shutil.copytree(orig_application_store_path, application_store_path) except Exception as err: _log.error( "Failed to create test folder structure, err={}".format(err)) print "Failed to create test folder structure, err={}".format(err) raise print "Trying to create a new test application/actor signer." cs = code_signer.CS(organization="com.ericsson", commonName="signer", security_dir=credentials_testdir) _copy_and_sign_actor("flow", "Alternate.py") _copy_and_sign_actor("flow", "Alternate2.py") _copy_and_sign_actor("flow", "Collect.py") _copy_and_sign_actor("flow", "CollectCompleteDict.py") _copy_and_sign_actor("flow", "Dealternate.py") _copy_and_sign_actor("flow", "Deselect.py") _copy_and_sign_actor("flow", "Dispatch.py") _copy_and_sign_actor("flow", "DispatchDict.py") _copy_and_sign_actor("flow", "Join.py") _copy_and_sign_actor("flow", "Void.py") _copy_and_sign_actor("flow", "Select.py") _copy_and_sign_actor("flow", "Terminator.py") _copy_and_sign_actor("io", "FileReader.py") _copy_and_sign_actor("misc", "ExplicitStateExample.py") _copy_and_sign_actor("std", "Counter.py") _copy_and_sign_actor("std", "Constant.py") _copy_and_sign_actor("std", "Constantify.py") _copy_and_sign_actor("std", "Compare.py") _copy_and_sign_actor("std", "Identity.py") _copy_and_sign_actor("std", "Stringify.py") _copy_and_sign_actor("std", "Trigger.py") actor_CountTimer_path = _copy_and_sign_actor("std", "CountTimer.py") actor_Sum_path = _copy_and_sign_actor("std", "Sum.py") _copy_and_sign_actor("test", "FiniteCounter.py") _copy_and_sign_actor("test", "TestProcess.py") actor_Sink_path = _copy_and_sign_actor("test", "Sink.py") _copy_and_sign_actor("text", "LineJoin.py") _copy_and_sign_actor("text", "PrefixString.py") _copy_and_sign_actor("text", "RegexMatch.py") _copy_and_sign_actor("exception", "ExceptionHandler.py") #Create unsigned version of CountTimer actor actor_CountTimerUnsigned_path = actor_CountTimer_path.replace( ".py", "Unsigned.py") shutil.copy(actor_CountTimer_path, actor_CountTimerUnsigned_path) replace_text_in_file(actor_CountTimerUnsigned_path, "CountTimer", "CountTimerUnsigned") #Create unsigned version of Sum actor actor_SumUnsigned_path = actor_Sum_path.replace(".py", "Unsigned.py") shutil.copy(actor_Sum_path, actor_SumUnsigned_path) replace_text_in_file(actor_SumUnsigned_path, "Sum", "SumUnsigned") #Create incorrectly signed version of Sum actor actor_SumFake_path = actor_Sum_path.replace(".py", "Fake.py") shutil.copy(actor_Sum_path, actor_SumFake_path) #Change the class name to SumFake replace_text_in_file(actor_SumFake_path, "Sum", "SumFake") cs.sign_file(actor_SumFake_path) #Now append to the signed file so the signature verification fails with open(actor_SumFake_path, "a") as fd: fd.write(" ") #Create unsigned version of Sink actor actor_SinkUnsigned_path = actor_Sink_path.replace(".py", "Unsigned.py") shutil.copy(actor_Sink_path, actor_SinkUnsigned_path) replace_text_in_file(actor_SinkUnsigned_path, "Sink", "SinkUnsigned") #Sign applications cs.sign_file( os.path.join(application_store_path, "correctly_signed.calvin")) cs.sign_file( os.path.join(application_store_path, "correctlySignedApp_incorrectlySignedActor.calvin")) cs.sign_file( os.path.join(application_store_path, "incorrectly_signed.calvin")) #Now append to the signed file so the signature verification fails with open( os.path.join(application_store_path, "incorrectly_signed.calvin"), "a") as fd: fd.write(" ") print "Export Code Signers certificate to the truststore for code signing" out_file = cs.export_cs_cert(runtimes_truststore_signing_path) certificate.c_rehash(type=certificate.TRUSTSTORE_SIGN, security_dir=credentials_testdir) return actor_store_path, application_store_path
def sign_files_for_security_tests(credentials_testdir): from calvin.utilities import code_signer from calvin.utilities.utils import get_home from calvin.utilities import certificate import shutil def replace_text_in_file(file_path, text_to_be_replaced, text_to_insert): # Read in the file filedata = None with open(file_path, 'r') as file: filedata = file.read() # Replace the target string filedata = filedata.replace(text_to_be_replaced, text_to_insert) # Write the file out again with open(file_path, 'w') as file: file.write(filedata) homefolder = get_home() runtimesdir = os.path.join(credentials_testdir, "runtimes") runtimes_truststore_signing_path = os.path.join(runtimesdir, "truststore_for_signing") orig_testdir = os.path.join(os.path.dirname(__file__), "security_test") orig_actor_store_path = os.path.abspath( os.path.join(os.path.dirname(__file__), '..', 'actorstore', 'systemactors')) actor_store_path = os.path.join(credentials_testdir, "store") orig_application_store_path = os.path.join(orig_testdir, "scripts") application_store_path = os.path.join(credentials_testdir, "scripts") print "Create test folders" try: os.makedirs(actor_store_path) os.makedirs(os.path.join(actor_store_path, "test")) shutil.copy(os.path.join(orig_actor_store_path, "test", "__init__.py"), os.path.join(actor_store_path, "test", "__init__.py")) os.makedirs(os.path.join(actor_store_path, "std")) shutil.copy(os.path.join(orig_actor_store_path, "std", "__init__.py"), os.path.join(actor_store_path, "std", "__init__.py")) shutil.copytree(orig_application_store_path, application_store_path) except Exception as err: _log.error( "Failed to create test folder structure, err={}".format(err)) print "Failed to create test folder structure, err={}".format(err) raise print "Trying to create a new test application/actor signer." cs = code_signer.CS(organization="testsigner", commonName="signer", security_dir=credentials_testdir) #Create signed version of CountTimer actor orig_actor_CountTimer_path = os.path.join(orig_actor_store_path, "std", "CountTimer.py") actor_CountTimer_path = os.path.join(actor_store_path, "std", "CountTimer.py") shutil.copy(orig_actor_CountTimer_path, actor_CountTimer_path) cs.sign_file(actor_CountTimer_path) #Create unsigned version of CountTimer actor actor_CountTimerUnsigned_path = actor_CountTimer_path.replace( ".py", "Unsigned.py") shutil.copy(actor_CountTimer_path, actor_CountTimerUnsigned_path) replace_text_in_file(actor_CountTimerUnsigned_path, "CountTimer", "CountTimerUnsigned") #Create signed version of Sum actor orig_actor_Sum_path = os.path.join(orig_actor_store_path, "std", "Sum.py") actor_Sum_path = os.path.join(actor_store_path, "std", "Sum.py") shutil.copy(orig_actor_Sum_path, actor_Sum_path) cs.sign_file(actor_Sum_path) #Create unsigned version of Sum actor actor_SumUnsigned_path = actor_Sum_path.replace(".py", "Unsigned.py") shutil.copy(actor_Sum_path, actor_SumUnsigned_path) replace_text_in_file(actor_SumUnsigned_path, "Sum", "SumUnsigned") #Create incorrectly signed version of Sum actor actor_SumFake_path = actor_Sum_path.replace(".py", "Fake.py") shutil.copy(actor_Sum_path, actor_SumFake_path) #Change the class name to SumFake replace_text_in_file(actor_SumFake_path, "Sum", "SumFake") cs.sign_file(actor_SumFake_path) #Now append to the signed file so the signature verification fails with open(actor_SumFake_path, "a") as fd: fd.write(" ") #Create signed version of Sink actor orig_actor_Sink_path = os.path.join(orig_actor_store_path, "test", "Sink.py") actor_Sink_path = os.path.join(actor_store_path, "test", "Sink.py") shutil.copy(orig_actor_Sink_path, actor_Sink_path) cs.sign_file(actor_Sink_path) #Create unsigned version of Sink actor actor_SinkUnsigned_path = actor_Sink_path.replace(".py", "Unsigned.py") shutil.copy(actor_Sink_path, actor_SinkUnsigned_path) replace_text_in_file(actor_SinkUnsigned_path, "Sink", "SinkUnsigned") #Sign applications cs.sign_file( os.path.join(application_store_path, "correctly_signed.calvin")) cs.sign_file( os.path.join(application_store_path, "correctlySignedApp_incorrectlySignedActor.calvin")) cs.sign_file( os.path.join(application_store_path, "incorrectly_signed.calvin")) #Now append to the signed file so the signature verification fails with open( os.path.join(application_store_path, "incorrectly_signed.calvin"), "a") as fd: fd.write(" ") print "Export Code Signers certificate to the truststore for code signing" out_file = cs.export_cs_cert(runtimes_truststore_signing_path) certificate.c_rehash(type=certificate.TRUSTSTORE_SIGN, security_dir=credentials_testdir) return actor_store_path, application_store_path
def setup(request): # Create 3 test nodes per storage type print "###SETUP" tunnels = {} nodes = {} for ti in range(len(storage_types)): nodes[storage_types[ti]] = [ calvin.tests.TestNode( ["calvinip://127.0.0.1:50{}{}".format(ti, i)]) for i in range(3) ] def prep_node(stype, n): n.storage = storage.Storage(n) if stype == "proxy": try: n.network = DummyNetwork(n) n.proto = DummyProto(n) except: traceback.print_exc() if stype != "notstarted": cb, d = create_callback(timeout=10, test_part=stype + " start") n.storage.start(cb=cb) return d all_started = [] for ti in range(len(storage_types)): stype = storage_types[ti] if stype == "dht": try: _conf.set('global', 'storage_type', 'dht') all_started.extend(map(partial(prep_node, stype), nodes[stype])) except: traceback.print_exc() elif stype == "securedht": try: homefolder = get_home() credentials_testdir = os.path.join(homefolder, ".calvin", "test_all_storage_dir") runtimesdir = os.path.join(credentials_testdir, "runtimes") security_testdir = os.path.join(os.path.dirname(__file__), "security_test") domain_name = "test_security_domain" code_signer_name = "test_signer" orig_identity_provider_path = os.path.join( security_testdir, "identity_provider") identity_provider_path = os.path.join(credentials_testdir, "identity_provider") policy_storage_path = os.path.join(security_testdir, "policies") try: shutil.rmtree(credentials_testdir) except Exception as err: print "Failed to remove old tesdir, err={}".format(err) pass try: shutil.copytree(orig_identity_provider_path, identity_provider_path) except Exception as err: _log.error( "Failed to copy the identity provider files, err={}". format(err)) raise runtimes = helpers.create_CA_and_generate_runtime_certs( domain_name, credentials_testdir, 3) for r, n in zip(runtimes, nodes[stype]): n.attributes = attribute_resolver.AttributeResolver( r['attributes']) n.enrollment_password = r['enrollment_password'] n.id = r['id'] n.runtime_credentials = r['credentials'] n.node_name = r['node_name'] #print "###RUNTIMES", runtimes _conf.add_section("security") _conf.set('security', 'security_dir', credentials_testdir) _conf.set('global', 'storage_type', 'securedht') all_started.extend(map(partial(prep_node, stype), nodes[stype])) _conf.remove_section("security") except: traceback.print_exc() elif stype == "notstarted": _conf.set('global', 'storage_type', 'dht') map(partial(prep_node, stype), nodes[stype]) elif stype == "sql": _conf.set('global', 'storage_type', 'sql') _conf.set( 'global', 'storage_sql', {}) # Use the default, i.e. local passwd-less root mysql DB all_started.extend(map(partial(prep_node, stype), nodes[stype])) elif stype == "proxy": # Setting up proxy storage for testing is a bit complicated # We short circuit so that fake tunnels' send directly calls peer's receive-method # The master (0) is setup as local and the others (1,2) as proxy # Give the master node ref to the proxies (to be used in fake network, proto & tunnel) nodes["proxy"][1].master_node = nodes["proxy"][0] nodes["proxy"][2].master_node = nodes["proxy"][0] # Create fake tunnels for n2 in nodes["proxy"]: tt = {} for n1 in nodes["proxy"]: if n1 != n2: tt[n1.id] = FakeTunnel(DummyNetwork(n1), tt, n1.id, 'storage', None, rt_id=n2.id, id=calvinuuid.uuid("TUNNEL")) tunnels[n2.id] = tt n2.tunnels = tunnels # Give a tunnel its peers tunnel for n2 in nodes["proxy"]: for n1 in nodes["proxy"]: if n1 != n2: tunnels[n2.id][n1.id]._peers_fake_tunnel = tunnels[ n1.id][n2.id] # Start master _conf.set('global', 'storage_type', 'local') prep_node(stype, nodes[stype][0]) # Inform master it has 2 proxy storage clients [ nodes[stype][0].storage.tunnel_request_handles(t) for t in tunnels[nodes[stype][0].id].values() ] # Start proxies _conf.set('global', 'storage_type', 'proxy') _conf.set('global', 'storage_proxy', nodes[stype][0].uris[0]) all_started.extend(map(partial(prep_node, stype), nodes[stype][1:])) # Inform proxy that it is connected, first wait until up_handler set count = 0 while (tunnels[nodes[stype][1].id][nodes[stype][0].id].up_handler is None or tunnels[nodes[stype][2].id][nodes[stype][0].id].up_handler is None) and count < 100: pytest.blockon(threads.defer_to_thread(time.sleep, 0.1)) count += 1 tunnels[nodes[stype][1].id][nodes[stype][0].id].up_handler() tunnels[nodes[stype][2].id][nodes[stype][0].id].up_handler() dl = defer.DeferredList(all_started) print time.time() try: pytest.blockon(dl) except: print "### Some storage plugins might have failed to start! ###" traceback.print_exc() print time.time() def teardown(): print "#####TEARDOWN" all_stopped = [] for ntypes in nodes.values(): for n in ntypes: cb, d = create_callback(timeout=10) n.storage.stop(cb=cb) all_stopped.append(d) dl = defer.DeferredList(all_stopped) try: pytest.blockon(dl) except: print "### Some storage plugins might have failed to stopp ###" traceback.print_exc() request.addfinalizer(teardown) return {"nodes": nodes}
def setup(self, request): from calvin.Tools.csruntime import csruntime from conftest import _config_pytest homefolder = get_home() domain = "rttest" testdir = os.path.join(homefolder, ".calvin","sec_dht_test") configdir = os.path.join(testdir, domain) runtimesdir = os.path.join(testdir,"runtimes") runtimes_truststore = os.path.join(runtimesdir,"truststore_for_transport") try: shutil.rmtree(testdir) except: print "Failed to remove old tesdir" pass try: os.mkdir(testdir) os.mkdir(configdir) os.mkdir(runtimesdir) os.mkdir(runtimes_truststore) except: print "Failed to create test folder structure" pass print "Trying to create a new test domain configuration." ca = certificate_authority.CA(domain=domain, commonName="sec-dht-test-CA", security_dir=testdir) print "Reading configuration successfull." print "Copy CA cert into truststore of runtimes folder" ca.export_ca_cert(runtimes_truststore) ca_original_backup = os.path.join(homefolder, ".calvin", "sec_dht_test_backup", domain) try: shutil.rmtree(ca_original_backup) except: pass # copy other setup and remove private directory and openssl.conf file # shutil.copytree(configdir, ca_original_backup) # shutil.rmtree(os.path.join(configdir, "private")) # configfile=os.path.join(configdir, "openssl.conf") # os.remove(configfile) # print "Trying to create a second test domain configuration." # testconfig = certificate_authority.CA(domain=domain, security_dir=testdir) global rt1 global rt2 global rt3 global test_script_dir rt_conf = copy.deepcopy(_conf) rt_conf.set('global', 'storage_type', 'securedht') rt_conf.add_section('security') rt_conf.set('security', "runtimes_path", runtimesdir) rt_conf.set('security', "security_domain_name", domain) rt_conf.set('security', "security_path",testdir) rt_conf.save("/tmp/calvin1.conf") rt_conf2 = copy.deepcopy(rt_conf) rt_conf2.set('global', 'actor_paths', [absolute_filename('test_store')]) rt_conf2.set('global', 'capabilities_blacklist', ['calvinsys.events.timer']) rt_conf2.save("/tmp/calvin2.conf") rt_ca_conf = copy.deepcopy(rt_conf) rt_ca_conf.set('security', "certificate_authority", "True") rt_ca_conf.save("/tmp/calvin_ca.conf") try: logfile = _config_pytest.getoption("logfile")+"5000" outfile = os.path.join(os.path.dirname(logfile), os.path.basename(logfile).replace("log", "out")) if outfile == logfile: outfile = None except: logfile = None outfile = None csruntime(ip_addr, port=5000, controlport=5003, attr={'indexed_public': {'owner':{'organization': 'org.testexample', 'personOrGroup': 'testOwner1'}, 'node_name': {'name': 'node0'}, 'address': {'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1}}}, loglevel=_config_pytest.getoption("loglevel"), logfile=logfile, outfile=outfile, configfile="/tmp/calvin_ca.conf") rt1 = RT("http://%s:5003" % ip_addr) try: logfile = _config_pytest.getoption("logfile")+"5001" outfile = os.path.join(os.path.dirname(logfile), os.path.basename(logfile).replace("log", "out")) if outfile == logfile: outfile = None except: logfile = None outfile = None csruntime(ip_addr, port=5001, controlport=5004, attr={'indexed_public': {'owner':{'organization': 'org.testexample', 'personOrGroup': 'testOwner1'}, 'node_name': {'name': 'node1'}, 'address': {'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1}}}, loglevel=_config_pytest.getoption("loglevel"), logfile=logfile, outfile=outfile, configfile="/tmp/calvin1.conf") rt2 = RT("http://%s:5004" % ip_addr) try: logfile = _config_pytest.getoption("logfile")+"5002" outfile = os.path.join(os.path.dirname(logfile), os.path.basename(logfile).replace("log", "out")) if outfile == logfile: outfile = None except: logfile = None outfile = None csruntime(ip_addr, port=5002, controlport=5005, attr={'indexed_public': {'owner':{'organization': 'org.testexample', 'personOrGroup': 'testOwner1'}, 'node_name': {'name': 'node2'}, 'address': {'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1}}}, loglevel=_config_pytest.getoption("loglevel"), logfile=logfile, outfile=outfile, configfile="/tmp/calvin2.conf") rt3 = RT("http://%s:5005" % ip_addr) test_script_dir = absolute_filename('scripts/') request.addfinalizer(self.teardown)
def setup(self, request): from calvin.Tools.csruntime import csruntime from conftest import _config_pytest homefolder = get_home() domain = "rttest" configdir = os.path.join(homefolder, ".calvin", "security", domain) try: shutil.rmtree(configdir) except: pass print "Trying to create a new test domain configuration." testconfig = certificate.Config(domain=domain) print "Reading configuration successfull." print "Creating new domain." certificate.new_domain(testconfig) print "Created new domain." # Now handled within runtime #for i in range(3): # name = "++++node{}".format(i) # nodeid = calvinuuid.uuid("NODE") # certreq = certificate.new_runtime(testconfig, name, nodeid=nodeid) # certificate.sign_req(testconfig, os.path.basename(certreq), name) global rt1 global rt2 global rt3 global test_script_dir rt_conf = copy.deepcopy(_conf) rt_conf.set('global', 'storage_type', 'securedht') rt_conf.add_section('security') rt_conf.set('security', "certificate_conf", None) rt_conf.set('security', "certificate_domain", domain) rt_conf.save("/tmp/calvin500x.conf") try: logfile = _config_pytest.getoption("logfile")+"5000" outfile = os.path.join(os.path.dirname(logfile), os.path.basename(logfile).replace("log", "out")) if outfile == logfile: outfile = None except: logfile = None outfile = None csruntime(ip_addr, port=5000, controlport=5003, attr={'indexed_public': {'owner':{'organization': 'org.testexample', 'personOrGroup': 'testOwner1'}, 'node_name': {'name': 'node0'}, 'address': {'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1}}}, loglevel=_config_pytest.getoption("loglevel"), logfile=logfile, outfile=outfile, configfile="/tmp/calvin500x.conf") rt1 = RT("http://%s:5003" % ip_addr) try: logfile = _config_pytest.getoption("logfile")+"5001" outfile = os.path.join(os.path.dirname(logfile), os.path.basename(logfile).replace("log", "out")) if outfile == logfile: outfile = None except: logfile = None outfile = None csruntime(ip_addr, port=5001, controlport=5004, attr={'indexed_public': {'owner':{'organization': 'org.testexample', 'personOrGroup': 'testOwner1'}, 'node_name': {'name': 'node1'}, 'address': {'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1}}}, loglevel=_config_pytest.getoption("loglevel"), logfile=logfile, outfile=outfile, configfile="/tmp/calvin500x.conf") rt2 = RT("http://%s:5004" % ip_addr) try: logfile = _config_pytest.getoption("logfile")+"5002" outfile = os.path.join(os.path.dirname(logfile), os.path.basename(logfile).replace("log", "out")) if outfile == logfile: outfile = None except: logfile = None outfile = None csruntime(ip_addr, port=5002, controlport=5005, attr={'indexed_public': {'owner':{'organization': 'org.testexample', 'personOrGroup': 'testOwner1'}, 'node_name': {'name': 'node2'}, 'address': {'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1}}}, loglevel=_config_pytest.getoption("loglevel"), logfile=logfile, outfile=outfile, configfile="/tmp/calvin500x.conf") rt3 = RT("http://%s:5005" % ip_addr) test_script_dir = absolute_filename('scripts/') request.addfinalizer(self.teardown)
from calvin.utilities.calvin_callback import CalvinCB from calvin.utilities import calvinlogger from calvin.utilities.utils import get_home from calvin.runtime.south.plugins.storage.twistedimpl.securedht.append_server import * from calvin.runtime.south.plugins.storage.twistedimpl.securedht.dht_server import * from calvin.runtime.south.plugins.storage.twistedimpl.securedht.service_discovery_ssdp import * from calvin.runtime.south.plugins.storage.twistedimpl.securedht.dht_server_commons import drawNetworkState from kademlia.node import Node from kademlia.utils import deferredDict, digest from calvin.runtime.south.plugins.async import threads from calvin.utilities import calvinconfig _conf = calvinconfig.get() _conf.add_section("security") _conf_file = os.path.join(get_home(), ".calvin/security/test/openssl.conf") _conf.set("security", "certificate_conf", _conf_file) _conf.set("security", "certificate_domain", "test") _cert_conf = None _log = calvinlogger.get_logger(__name__) name = "node1:" @pytest.fixture(scope="session", autouse=True) def cleanup(request): def fin(): reactor.callFromThread(reactor.stop) request.addfinalizer(fin)
def sign_files_for_security_tests(credentials_testdir): from calvin.utilities import code_signer from calvin.utilities.utils import get_home from calvin.utilities import certificate import shutil def replace_text_in_file(file_path, text_to_be_replaced, text_to_insert): # Read in the file filedata = None with open(file_path, 'r') as file : filedata = file.read() # Replace the target string filedata = filedata.replace(text_to_be_replaced, text_to_insert) # Write the file out again with open(file_path, 'w') as file: file.write(filedata) def _copy_and_sign_actor(prefix, file_name): #Create signed version of the actor directory = os.path.join(actor_store_path, prefix) if not os.path.isdir(directory): os.makedirs(directory) shutil.copy(os.path.join(orig_actor_store_path, prefix, "__init__.py"), os.path.join(actor_store_path, prefix, "__init__.py")) orig_actor_path = os.path.join(orig_actor_store_path, prefix, file_name) new_actor_path = os.path.join(actor_store_path, prefix, file_name) shutil.copy(orig_actor_path, new_actor_path) cs.sign_file(new_actor_path) return new_actor_path homefolder = get_home() runtimesdir = os.path.join(credentials_testdir,"runtimes") runtimes_truststore_signing_path = os.path.join(runtimesdir,"truststore_for_signing") orig_testdir = os.path.join(os.path.dirname(__file__), "security_test") orig_actor_store_path = os.path.abspath(os.path.join(os.path.dirname( __file__ ), '..', 'actorstore','systemactors')) actor_store_path = os.path.join(credentials_testdir, "store") orig_application_store_path = os.path.join(orig_testdir, "scripts") application_store_path = os.path.join(credentials_testdir, "scripts") print "Create test folders" try: shutil.copytree(orig_application_store_path, application_store_path) except Exception as err: _log.error("Failed to create test folder structure, err={}".format(err)) print "Failed to create test folder structure, err={}".format(err) raise print "Trying to create a new test application/actor signer." cs = code_signer.CS(organization="com.ericsson", commonName="signer", security_dir=credentials_testdir) _copy_and_sign_actor("flow", "Alternate.py") _copy_and_sign_actor("flow", "Alternate2.py") _copy_and_sign_actor("flow", "Collect.py") _copy_and_sign_actor("flow", "CollectCompleteDict.py") _copy_and_sign_actor("flow", "Dealternate.py") _copy_and_sign_actor("flow", "Deselect.py") _copy_and_sign_actor("flow", "Dispatch.py") _copy_and_sign_actor("flow", "DispatchDict.py") _copy_and_sign_actor("flow", "Join.py") _copy_and_sign_actor("flow", "Void.py") _copy_and_sign_actor("flow", "Select.py") _copy_and_sign_actor("flow", "Terminator.py") _copy_and_sign_actor("io", "FileReader.py") _copy_and_sign_actor("misc", "ExplicitStateExample.py") _copy_and_sign_actor("std","Counter.py") _copy_and_sign_actor("std","Constant.py") _copy_and_sign_actor("std","Constantify.py") _copy_and_sign_actor("std","Compare.py") _copy_and_sign_actor("std","Identity.py") _copy_and_sign_actor("std","Stringify.py") _copy_and_sign_actor("std","Trigger.py") actor_CountTimer_path = _copy_and_sign_actor("std","CountTimer.py") actor_Sum_path = _copy_and_sign_actor("std","Sum.py") _copy_and_sign_actor("test","FiniteCounter.py") _copy_and_sign_actor("test","TestProcess.py") actor_Sink_path = _copy_and_sign_actor("test","Sink.py") _copy_and_sign_actor("text","LineJoin.py") _copy_and_sign_actor("text","PrefixString.py") _copy_and_sign_actor("text","RegexMatch.py") _copy_and_sign_actor("exception","ExceptionHandler.py") #Create unsigned version of CountTimer actor actor_CountTimerUnsigned_path = actor_CountTimer_path.replace(".py", "Unsigned.py") shutil.copy(actor_CountTimer_path, actor_CountTimerUnsigned_path) replace_text_in_file(actor_CountTimerUnsigned_path, "CountTimer", "CountTimerUnsigned") #Create unsigned version of Sum actor actor_SumUnsigned_path = actor_Sum_path.replace(".py", "Unsigned.py") shutil.copy(actor_Sum_path, actor_SumUnsigned_path) replace_text_in_file(actor_SumUnsigned_path, "Sum", "SumUnsigned") #Create incorrectly signed version of Sum actor actor_SumFake_path = actor_Sum_path.replace(".py", "Fake.py") shutil.copy(actor_Sum_path, actor_SumFake_path) #Change the class name to SumFake replace_text_in_file(actor_SumFake_path, "Sum", "SumFake") cs.sign_file(actor_SumFake_path) #Now append to the signed file so the signature verification fails with open(actor_SumFake_path, "a") as fd: fd.write(" ") #Create unsigned version of Sink actor actor_SinkUnsigned_path = actor_Sink_path.replace(".py", "Unsigned.py") shutil.copy(actor_Sink_path, actor_SinkUnsigned_path) replace_text_in_file(actor_SinkUnsigned_path, "Sink", "SinkUnsigned") #Sign applications cs.sign_file(os.path.join(application_store_path, "correctly_signed.calvin")) cs.sign_file(os.path.join(application_store_path, "correctlySignedApp_incorrectlySignedActor.calvin")) cs.sign_file(os.path.join(application_store_path, "incorrectly_signed.calvin")) #Now append to the signed file so the signature verification fails with open(os.path.join(application_store_path, "incorrectly_signed.calvin"), "a") as fd: fd.write(" ") print "Export Code Signers certificate to the truststore for code signing" out_file = cs.export_cs_cert(runtimes_truststore_signing_path) certificate.c_rehash(type=certificate.TRUSTSTORE_SIGN, security_dir=credentials_testdir) return actor_store_path, application_store_path
def setup(request): # Create 3 test nodes per storage type print "###SETUP" tunnels = {} nodes = {} for ti in range(len(storage_types)): nodes[storage_types[ti]] = [calvin.tests.TestNode(["calvinip://127.0.0.1:50{}{}".format(ti, i)]) for i in range(3)] def prep_node(stype, n): n.storage = storage.Storage(n) if stype == "proxy": try: n.network = DummyNetwork(n) n.proto = DummyProto(n) except: traceback.print_exc() if stype != "notstarted" : cb, d = create_callback(timeout=10, test_part=stype + " start") n.storage.start(cb=cb) return d all_started = [] for ti in range(len(storage_types)): stype = storage_types[ti] if stype == "dht": try: _conf.set('global', 'storage_type', 'dht') all_started.extend(map(partial(prep_node, stype), nodes[stype])) except: traceback.print_exc() elif stype == "securedht": try: homefolder = get_home() credentials_testdir = os.path.join(homefolder, ".calvin","test_all_storage_dir") runtimesdir = os.path.join(credentials_testdir,"runtimes") security_testdir = os.path.join(os.path.dirname(__file__), "security_test") domain_name="test_security_domain" code_signer_name="test_signer" orig_identity_provider_path = os.path.join(security_testdir,"identity_provider") identity_provider_path = os.path.join(credentials_testdir, "identity_provider") policy_storage_path = os.path.join(security_testdir, "policies") try: shutil.rmtree(credentials_testdir) except Exception as err: print "Failed to remove old tesdir, err={}".format(err) pass try: shutil.copytree(orig_identity_provider_path, identity_provider_path) except Exception as err: _log.error("Failed to copy the identity provider files, err={}".format(err)) raise runtimes = helpers.create_CA_and_generate_runtime_certs(domain_name, credentials_testdir, 3) for r, n in zip(runtimes, nodes[stype]): n.attributes = attribute_resolver.AttributeResolver(r['attributes']) n.enrollment_password = r['enrollment_password'] n.id = r['id'] n.runtime_credentials = r['credentials'] n.node_name = r['node_name'] #print "###RUNTIMES", runtimes _conf.add_section("security") _conf.set('security', 'security_dir', credentials_testdir) _conf.set('global','storage_type','securedht') all_started.extend(map(partial(prep_node, stype), nodes[stype])) _conf.remove_section("security") except: traceback.print_exc() elif stype == "notstarted": _conf.set('global', 'storage_type', 'dht') map(partial(prep_node, stype), nodes[stype]) elif stype == "sql": _conf.set('global', 'storage_type', 'sql') _conf.set('global', 'storage_sql', {}) # Use the default, i.e. local passwd-less root mysql DB all_started.extend(map(partial(prep_node, stype), nodes[stype])) elif stype == "proxy": # Setting up proxy storage for testing is a bit complicated # We short circuit so that fake tunnels' send directly calls peer's receive-method # The master (0) is setup as local and the others (1,2) as proxy # Give the master node ref to the proxies (to be used in fake network, proto & tunnel) nodes["proxy"][1].master_node = nodes["proxy"][0] nodes["proxy"][2].master_node = nodes["proxy"][0] # Create fake tunnels for n2 in nodes["proxy"]: tt = {} for n1 in nodes["proxy"]: if n1 != n2: tt[n1.id] = FakeTunnel( DummyNetwork(n1), tt, n1.id, 'storage', None, rt_id=n2.id, id=calvinuuid.uuid("TUNNEL")) tunnels[n2.id] = tt n2.tunnels = tunnels # Give a tunnel its peers tunnel for n2 in nodes["proxy"]: for n1 in nodes["proxy"]: if n1 != n2: tunnels[n2.id][n1.id]._peers_fake_tunnel = tunnels[n1.id][n2.id] # Start master _conf.set('global', 'storage_type', 'local') prep_node(stype, nodes[stype][0]) # Inform master it has 2 proxy storage clients [nodes[stype][0].storage.tunnel_request_handles(t) for t in tunnels[nodes[stype][0].id].values()] # Start proxies _conf.set('global', 'storage_type', 'proxy') _conf.set('global', 'storage_proxy', nodes[stype][0].uris[0]) all_started.extend(map(partial(prep_node, stype), nodes[stype][1:])) # Inform proxy that it is connected, first wait until up_handler set count = 0 while (tunnels[nodes[stype][1].id][nodes[stype][0].id].up_handler is None or tunnels[nodes[stype][2].id][nodes[stype][0].id].up_handler is None) and count < 100: pytest.blockon(threads.defer_to_thread(time.sleep, 0.1)) count += 1 tunnels[nodes[stype][1].id][nodes[stype][0].id].up_handler() tunnels[nodes[stype][2].id][nodes[stype][0].id].up_handler() dl = defer.DeferredList(all_started) print time.time() try: pytest.blockon(dl) except: print "### Some storage plugins might have failed to start! ###" traceback.print_exc() print time.time() def teardown(): print "#####TEARDOWN" all_stopped = [] for ntypes in nodes.values(): for n in ntypes: cb, d = create_callback(timeout=10) n.storage.stop(cb=cb) all_stopped.append(d) dl = defer.DeferredList(all_stopped) try: pytest.blockon(dl) except: print "### Some storage plugins might have failed to stopp ###" traceback.print_exc() request.addfinalizer(teardown) return {"nodes": nodes}
from calvin.utilities.utils import get_home from calvin.utilities.attribute_resolver import AttributeResolver from calvin.utilities import calvinuuid from calvin.runtime.north.authentication.authentication_retrieval_point import FileAuthenticationRetrievalPoint from . import helpers import os import json import copy from calvin.utilities import calvinlogger from calvin.utilities import calvinconfig _log = calvinlogger.get_logger(__name__) _conf = calvinconfig.get() homefolder = get_home() credentials_testdir = os.path.join(homefolder, ".calvin","test_authorization_authentication_dir") runtimesdir = os.path.join(credentials_testdir,"runtimes") security_testdir = os.path.join(os.path.dirname(__file__), "security_test") domain_name="test_security_domain" code_signer_name="test_signer" orig_identity_provider_path = os.path.join(security_testdir,"identity_provider") identity_provider_path = os.path.join(credentials_testdir, "identity_provider") policy_storage_path = os.path.join(security_testdir, "policies") orig_actor_store_path = os.path.abspath(os.path.join(os.path.dirname( __file__ ), '..', 'actorstore','systemactors')) actor_store_path = os.path.join(credentials_testdir, "store") orig_application_store_path = os.path.join(security_testdir, "scripts") application_store_path = os.path.join(credentials_testdir, "scripts") NBR_OF_RUNTIMES=3
from calvin.runtime.south.storage.twistedimpl.securedht.dht_server import * from calvin.runtime.south.storage.twistedimpl.securedht.service_discovery_ssdp import * from calvin.runtime.south.storage.twistedimpl.securedht.dht_server_commons import drawNetworkState from kademlia.node import Node from kademlia.utils import deferredDict, digest from calvin.runtime.south. async import threads from calvin.utilities import calvinconfig import socket from calvin.tests.helpers import get_ip_addr ip_addr = get_ip_addr() _log = calvinlogger.get_logger(__name__) name = "node4:" homefolder = get_home() domain = "sec-dht-security-test" testdir = os.path.join(homefolder, ".calvin", "sec_dht_security_test") configdir = os.path.join(testdir, domain) runtimesdir = os.path.join(testdir, "runtimes") runtimes_truststore = os.path.join(runtimesdir, "truststore_for_transport") _conf = calvinconfig.get() _conf.add_section("security") _conf.set('security', "runtimes_path", runtimesdir) _conf.set('security', "domain_name", domain) _conf.set('security', "security_path", testdir) @pytest.fixture(scope="session", autouse=True) def cleanup(request):
def setup(self, request): from calvin.Tools.csruntime import csruntime from conftest import _config_pytest homefolder = get_home() domain = "rttest" testdir = os.path.join(homefolder, ".calvin", "sec_dht_test") configdir = os.path.join(testdir, domain) runtimesdir = os.path.join(testdir, "runtimes") runtimes_truststore = os.path.join(runtimesdir, "truststore_for_transport") try: shutil.rmtree(testdir) except: print "Failed to remove old tesdir" pass try: os.mkdir(testdir) os.mkdir(configdir) os.mkdir(runtimesdir) os.mkdir(runtimes_truststore) except: print "Failed to create test folder structure" pass print "Trying to create a new test domain configuration." ca = certificate_authority.CA(domain=domain, commonName="sec-dht-test-CA", security_dir=testdir) print "Reading configuration successfull." print "Copy CA cert into truststore of runtimes folder" ca.export_ca_cert(runtimes_truststore) ca_original_backup = os.path.join(homefolder, ".calvin", "sec_dht_test_backup", domain) try: shutil.rmtree(ca_original_backup) except: pass # copy other setup and remove private directory and openssl.conf file # shutil.copytree(configdir, ca_original_backup) # shutil.rmtree(os.path.join(configdir, "private")) # configfile=os.path.join(configdir, "openssl.conf") # os.remove(configfile) # print "Trying to create a second test domain configuration." # testconfig = certificate_authority.CA(domain=domain, security_dir=testdir) global rt1 global rt2 global rt3 global test_script_dir rt_conf = copy.deepcopy(_conf) rt_conf.set('global', 'storage_type', 'securedht') rt_conf.add_section('security') rt_conf.set('security', "runtimes_path", runtimesdir) rt_conf.set('security', "security_domain_name", domain) rt_conf.set('security', "security_path", testdir) rt_conf.save("/tmp/calvin1.conf") rt_conf2 = copy.deepcopy(rt_conf) rt_conf2.set('global', 'actor_paths', [absolute_filename('test_store')]) rt_conf2.set('global', 'capabilities_blacklist', ['calvinsys.events.timer']) rt_conf2.save("/tmp/calvin2.conf") rt_ca_conf = copy.deepcopy(rt_conf) rt_ca_conf.set('security', "certificate_authority", "True") rt_ca_conf.save("/tmp/calvin_ca.conf") try: logfile = _config_pytest.getoption("logfile") + "5000" outfile = os.path.join( os.path.dirname(logfile), os.path.basename(logfile).replace("log", "out")) if outfile == logfile: outfile = None except: logfile = None outfile = None csruntime(ip_addr, port=5000, controlport=5003, attr={ 'indexed_public': { 'owner': { 'organization': 'org.testexample', 'personOrGroup': 'testOwner1' }, 'node_name': { 'name': 'node0' }, 'address': { 'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1 } } }, loglevel=_config_pytest.getoption("loglevel"), logfile=logfile, outfile=outfile, configfile="/tmp/calvin_ca.conf") rt1 = RT("http://%s:5003" % ip_addr) try: logfile = _config_pytest.getoption("logfile") + "5001" outfile = os.path.join( os.path.dirname(logfile), os.path.basename(logfile).replace("log", "out")) if outfile == logfile: outfile = None except: logfile = None outfile = None csruntime(ip_addr, port=5001, controlport=5004, attr={ 'indexed_public': { 'owner': { 'organization': 'org.testexample', 'personOrGroup': 'testOwner1' }, 'node_name': { 'name': 'node1' }, 'address': { 'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1 } } }, loglevel=_config_pytest.getoption("loglevel"), logfile=logfile, outfile=outfile, configfile="/tmp/calvin1.conf") rt2 = RT("http://%s:5004" % ip_addr) try: logfile = _config_pytest.getoption("logfile") + "5002" outfile = os.path.join( os.path.dirname(logfile), os.path.basename(logfile).replace("log", "out")) if outfile == logfile: outfile = None except: logfile = None outfile = None csruntime(ip_addr, port=5002, controlport=5005, attr={ 'indexed_public': { 'owner': { 'organization': 'org.testexample', 'personOrGroup': 'testOwner1' }, 'node_name': { 'name': 'node2' }, 'address': { 'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1 } } }, loglevel=_config_pytest.getoption("loglevel"), logfile=logfile, outfile=outfile, configfile="/tmp/calvin2.conf") rt3 = RT("http://%s:5005" % ip_addr) test_script_dir = absolute_filename('scripts/') request.addfinalizer(self.teardown)