def test_main(self):
with TemporaryDirectory() as tmpdirname:
self.prepare_db(tmpdirname)
self.tpm = TpmFile(self.tpm_dir)
self.keychain = KeychainSqlite3(self.pib_file, self.tpm)
self.create_key()
self.verify_data()
self.verify_cert()
self.keychain.del_identity('test')
assert len(self.keychain) == 0
def main():
basedir = os.path.dirname(os.path.abspath(sys.argv[0]))
tpm_path = os.path.join(basedir, 'privKeys')
pib_path = os.path.join(basedir, 'pib.db')
keychain = KeychainSqlite3(pib_path, TpmFile(tpm_path))
trust_anchor = keychain['/lvs-test'].default_key().default_cert()
print(f'Trust anchor name: {Name.to_str(trust_anchor.name)}')
lvs_model = compile_lvs(lvs_text)
checker = Checker(lvs_model, DEFAULT_USER_FNS)
app = NDNApp(keychain=keychain)
validator = lvs_validator(checker, app, trust_anchor.data)
async def fetch_interest(article: str):
try:
name = Name.from_str(f'/lvs-test/article/xinyu/{article}')
print(f'Sending Interest {Name.to_str(name)}')
data_name, meta_info, content = await app.express_interest(
name,
must_be_fresh=True,
can_be_prefix=True,
lifetime=6000,
validator=validator)
print(f'Received Data Name: {Name.to_str(data_name)}')
print(meta_info)
print(bytes(content).decode() if content else None)
except InterestNack as e:
print(f'Nacked with reason={e.reason}')
except InterestTimeout:
print(f'Timeout')
except InterestCanceled:
print(f'Canceled')
except ValidationFailure:
print(f'Data failed to validate')
async def ndn_main():
await fetch_interest('hello')
await fetch_interest('world')
app.shutdown()
app.run_forever(ndn_main())
def prepare_db(self, base_dir):
self.pib_file = os.path.join(base_dir, 'pib.db')
self.tpm_dir = os.path.join(base_dir, 'ndnsec-key-file')
KeychainSqlite3.initialize(self.pib_file, 'tpm-file', self.tpm_dir)
def main():
basedir = os.path.dirname(os.path.abspath(sys.argv[0]))
tpm_path = os.path.join(basedir, 'privKeys')
pib_path = os.path.join(basedir, 'pib.db')
keychain = KeychainSqlite3(pib_path, TpmFile(tpm_path))
trust_anchor = keychain['/lvs-test'].default_key().default_cert()
admin_cert = keychain['/lvs-test/admin/ndn'].default_key().default_cert()
author_cert = keychain['/lvs-test/author/xinyu'].default_key(
).default_cert()
print(f'Trust anchor name: {Name.to_str(trust_anchor.name)}')
print(f'Admin name: {Name.to_str(admin_cert.name)}')
print(f'Author name: {Name.to_str(author_cert.name)}')
lvs_model = compile_lvs(lvs_text)
checker = Checker(lvs_model, DEFAULT_USER_FNS)
# The following manual checks are listed for demonstration only.
# In real implementation they are automatically done
root_of_trust = checker.root_of_trust()
print(f'LVS model root of trust: {root_of_trust}')
print(f'LVS model user functions provided: {checker.validate_user_fns()}')
ta_matches = sum((m[0] for m in checker.match(trust_anchor.name)),
start=[])
assert len(ta_matches) > 0
assert root_of_trust.issubset(ta_matches)
print(f'Trust anchor matches the root of trust: OK')
app = NDNApp(keychain=keychain)
# Note: This producer example does not use LVS validator at all
# Also, the content of keychain is as follows:
# /lvs-test
# +->* /lvs-test/KEY/%5Cs%F8%B5%D9k%D2%D2
# +->* /lvs-test/KEY/%5Cs%F8%B5%D9k%D2%D2/self/v=1647829075409
# --
# /lvs-test/admin/ndn
# +->* /lvs-test/admin/ndn/KEY/z%C7%D2%B0%22%FB%D0%F3
# +-> /lvs-test/admin/ndn/KEY/z%C7%D2%B0%22%FB%D0%F3/self/v=1647828984149
# +->* /lvs-test/admin/ndn/KEY/z%C7%D2%B0%22%FB%D0%F3/lvs-test/v=1647829580626
# --
# * /lvs-test/author/xinyu
# +->* /lvs-test/author/xinyu/KEY/%18%F9%A7CP%F6%BD%1B
# +-> /lvs-test/author/xinyu/KEY/%18%F9%A7CP%F6%BD%1B/self/v=1647828975217
# +->* /lvs-test/author/xinyu/KEY/%18%F9%A7CP%F6%BD%1B/ndn/v=1647829957196
@app.route('/lvs-test/article/xinyu/hello')
def on_interest(name, param, _app_param):
print(f'>> I: {Name.to_str(name)}, {param}')
content = "Hello,".encode()
data_name = name + [Component.from_version(timestamp())]
app.put_data(data_name, content=content, freshness_period=10000)
print(f'<< D: {Name.to_str(data_name)}')
print(f'Content: {content.decode()}')
print('')
@app.route('/lvs-test/article/xinyu/world')
def on_interest(name, param, _app_param):
print(f'>> I: {Name.to_str(name)}, {param}')
content = "world!".encode()
data_name = name + [Component.from_version(timestamp())]
app.put_data(data_name, content=content, freshness_period=10000)
print(f'<< D: {Name.to_str(data_name)}')
print(f'Content: {content.decode()}')
print('')
@app.route(trust_anchor.name)
def on_interest(name, param, _app_param):
print(f'>> I: {Name.to_str(name)}, {param}')
app.put_raw_packet(trust_anchor.data)
print(f'<< D: {Name.to_str(trust_anchor.name)}')
print('')
@app.route(admin_cert.name)
def on_interest(name, param, _app_param):
print(f'>> I: {Name.to_str(name)}, {param}')
app.put_raw_packet(admin_cert.data)
print(f'<< D: {Name.to_str(admin_cert.name)}')
print('')
@app.route(author_cert.name)
def on_interest(name, param, _app_param):
print(f'>> I: {Name.to_str(name)}, {param}')
app.put_raw_packet(author_cert.data)
print(f'<< D: {Name.to_str(author_cert.name)}')
print('')
print('Start serving ...')
app.run_forever()
def test_signing_suggest():
with TemporaryDirectory() as tmpdirname:
pib_file = os.path.join(tmpdirname, 'pib.db')
tpm_dir = os.path.join(tmpdirname, 'privKeys')
KeychainSqlite3.initialize(pib_file, 'tpm-file', tpm_dir)
keychain = KeychainSqlite3(pib_file, TpmFile(tpm_dir))
assert len(keychain) == 0
la_id = keychain.touch_identity('/la')
la_cert = la_id.default_key().default_cert().data
la_cert_data = parse_certificate(la_cert)
la_cert_name = la_cert_data.name
la_signer = keychain.get_signer({'cert': la_cert_name})
la_author_id = keychain.touch_identity('/la/author/1')
la_author_cert_name, la_author_cert = derive_cert(la_author_id.default_key().name,
Component.from_str('la-signer'),
la_cert_data.content, la_signer,
datetime.utcnow(), 100)
keychain.import_cert(la_id.default_key().name, la_author_cert_name, la_author_cert)
ny_id = keychain.touch_identity('/ny')
ny_cert = ny_id.default_key().default_cert().data
ny_cert_data = parse_certificate(ny_cert)
ny_cert_name = ny_cert_data.name
ny_signer = keychain.get_signer({'cert': ny_cert_name})
ny_author_id = keychain.touch_identity('/ny/author/2')
ny_author_cert_name, ny_author_cert = derive_cert(ny_author_id.default_key().name,
Component.from_str('ny-signer'),
ny_cert_data.content, ny_signer,
datetime.utcnow(), 100)
keychain.import_cert(ny_id.default_key().name, ny_author_cert_name, ny_author_cert)
lvs = r'''
#KEY: "KEY"/_/_/_
#article: /"article"/_topic/_ & { _topic: "eco" | "spo" } <= #author
#author: /site/"author"/_/#KEY <= #anchor
#anchor: /site/#KEY & {site: "la" | "ny" }
'''
checker = Checker(compile_lvs(lvs), {})
assert checker.suggest("/article/eco/day1", keychain) == la_author_cert_name
assert checker.suggest("/article/life/day1", keychain) is None
lvs = r'''
#KEY: "KEY"/_/_/_
#LAKEY: "KEY"/_/_signer/_ & { _signer: "la-signer" }
#article: /"article"/_topic/_ & { _topic: "eco" | "spo" } <= #author
#author: /site/"author"/_/#LAKEY <= #anchor
#anchor: /site/#KEY & {site: "la"}
'''
checker = Checker(compile_lvs(lvs), {})
assert checker.suggest("/article/eco/day1", keychain) == la_author_cert_name
lvs = r'''
#KEY: "KEY"/_/_/_version & { _version: $eq_type("v=0") }
#article: /"article"/_topic/_ & { _topic: "life" | "fin" } <= #author
#author: /site/"author"/_/#KEY & { site: "ny" } <= #anchor
#anchor: /site/#KEY & { site: "ny" }
'''
checker = Checker(compile_lvs(lvs), DEFAULT_USER_FNS)
assert checker.suggest("/article/fin/day1", keychain) == ny_author_cert_name
lvs = r'''
#KEY: "KEY"/_/_/_version & { _version: $eq_type("v=0") }
#NYKEY: "KEY"/_/_signer/_version& { _signer: "ny-signer", _version: $eq_type("v=0")}
#article: /"article"/_topic/_ <= #author
#author: /site/"author"/_/#NYKEY <= #anchor
#anchor: /site/#KEY & {site: "ny"}
#site: "ny"
'''
checker = Checker(compile_lvs(lvs), DEFAULT_USER_FNS)
assert checker.suggest("/article/eco/day1", keychain) == ny_author_cert_name