def setUp(self): testCertDirectory = 'policy_config/certs' self.testCertFile = os.path.join(testCertDirectory, 'test.cert') self.pibImpl = PibMemory() self.tpmBackEnd = TpmBackEndMemory() self.policyManager = ConfigPolicyManager( 'policy_config/simple_rules.conf', CertificateCacheV2()) self.identityName = Name('/TestConfigPolicyManager/temp') # to match the anchor cert self.keyName = Name( self.identityName).append("KEY").append("ksk-1416010123") self.pibImpl.addKey(self.identityName, self.keyName, TEST_RSA_PUBLIC_KEY_DER) # Set the password to None since we have an unencrypted PKCS #8 private key. self.tpmBackEnd.importKey(self.keyName, TEST_RSA_PRIVATE_KEY_PKCS8, None) self.keyChain = KeyChain(self.pibImpl, self.tpmBackEnd, self.policyManager) pibKey = self.keyChain.getPib().getIdentity(self.identityName).getKey( self.keyName) # selfSign adds to the PIB. self.keyChain.selfSign(pibKey)
def test_errors(self): fixture = self.fixture pibImpl = PibMemory() container = PibKeyContainer(fixture.id1, pibImpl) try: container.add(fixture.id2Key1.toBytes(), fixture.id2Key1Name) self.fail("Did not throw the expected exception") except ValueError: pass else: self.fail("Did not throw the expected exception") try: container.remove(fixture.id2Key1Name) self.fail("Did not throw the expected exception") except ValueError: pass else: self.fail("Did not throw the expected exception") try: container.get(fixture.id2Key1Name) self.fail("Did not throw the expected exception") except ValueError: pass else: self.fail("Did not throw the expected exception")
def test_errors(self): fixture = self.fixture pibImpl = PibMemory() container = PibCertificateContainer(fixture.id1Key1Name, pibImpl) try: container.add(fixture.id1Key2Cert1) self.fail("Did not throw the expected exception") except ValueError: pass else: self.fail("Did not throw the expected exception") try: container.remove(fixture.id1Key2Cert1.getName()) self.fail("Did not throw the expected exception") except ValueError: pass else: self.fail("Did not throw the expected exception") try: container.get(fixture.id1Key2Cert1.getName()) self.fail("Did not throw the expected exception") except ValueError: pass else: self.fail("Did not throw the expected exception")
def test_errors(self): fixture = self.fixture pibImpl = PibMemory() try: PibIdentityImpl(fixture.id1, pibImpl, False) self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") identity1 = PibIdentityImpl(fixture.id1, pibImpl, True) identity1.addKey(fixture.id1Key1.buf(), fixture.id1Key1Name) try: identity1.addKey(fixture.id2Key1.buf(), fixture.id2Key1Name) self.fail("Did not throw the expected exception") except ValueError: pass else: self.fail("Did not throw the expected exception") identity1.addKey(fixture.id1Key1.buf(), fixture.id1Key1Name) try: identity1.removeKey(fixture.id2Key1Name) self.fail("Did not throw the expected exception") except ValueError: pass else: self.fail("Did not throw the expected exception") identity1.addKey(fixture.id1Key1.buf(), fixture.id1Key1Name) try: identity1.getKey(fixture.id2Key1Name) self.fail("Did not throw the expected exception") except ValueError: pass else: self.fail("Did not throw the expected exception") identity1.addKey(fixture.id1Key1.buf(), fixture.id1Key1Name) try: identity1.setDefaultKey(fixture.id2Key1.buf(), fixture.id2Key1Name) self.fail("Did not throw the expected exception") except ValueError: pass else: self.fail("Did not throw the expected exception") identity1.addKey(fixture.id1Key1.buf(), fixture.id1Key1Name) try: identity1.setDefaultKey(fixture.id2Key1Name) self.fail("Did not throw the expected exception") except ValueError: pass else: self.fail("Did not throw the expected exception")
def main(): interest = Interest() interest.wireDecode(TlvInterest) dump("Interest:") dumpInterest(interest) # Set the name again to clear the cached encoding so we encode again. interest.setName(interest.getName()) encoding = interest.wireEncode() dump("") dump("Re-encoded interest", encoding.toHex()) reDecodedInterest = Interest() reDecodedInterest.wireDecode(encoding) dump("Re-decoded Interest:") dumpInterest(reDecodedInterest) freshInterest = (Interest( Name("/ndn/abc")).setMustBeFresh(False).setMinSuffixComponents( 4).setMaxSuffixComponents(6).setInterestLifetimeMilliseconds( 30000).setChildSelector(1).setMustBeFresh(True)) freshInterest.getKeyLocator().setType(KeyLocatorType.KEY_LOCATOR_DIGEST) freshInterest.getKeyLocator().setKeyData( bytearray([ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F ])) freshInterest.getExclude().appendComponent(Name("abc")[0]).appendAny() freshInterest.getForwardingHint().add(1, Name("/A")) dump(freshInterest.toUri()) # Set up the KeyChain. pibImpl = PibMemory() keyChain = KeyChain(pibImpl, TpmBackEndMemory(), SelfVerifyPolicyManager(pibImpl)) # This puts the public key in the pibImpl used by the SelfVerifyPolicyManager. keyChain.importSafeBag( SafeBag(Name("/testname/KEY/123"), Blob(DEFAULT_RSA_PRIVATE_KEY_DER, False), Blob(DEFAULT_RSA_PUBLIC_KEY_DER, False))) # Make a Face just so that we can sign the interest. face = Face("localhost") face.setCommandSigningInfo(keyChain, keyChain.getDefaultCertificateName()) face.makeCommandInterest(freshInterest) reDecodedFreshInterest = Interest() reDecodedFreshInterest.wireDecode(freshInterest.wireEncode()) dump("") dump("Re-decoded fresh Interest:") dumpInterest(reDecodedFreshInterest) keyChain.verifyInterest(reDecodedFreshInterest, makeOnVerified("Freshly-signed Interest"), makeOnValidationFailed("Freshly-signed Interest"))
def test_overwrite(self): fixture = self.fixture pibImpl = PibMemory() identity1 = PibIdentityImpl(fixture.id1, pibImpl, True) identity1.addKey(fixture.id1Key1.toBytes(), fixture.id1Key1Name) self.assertTrue(identity1.getKey(fixture.id1Key1Name).getPublicKey() .equals(fixture.id1Key1)) # Overwriting the key should work. identity1.addKey(fixture.id1Key2.toBytes(), fixture.id1Key1Name) self.assertTrue(identity1.getKey(fixture.id1Key1Name).getPublicKey() .equals(fixture.id1Key2))
def test_overwrite(self): fixture = self.fixture pibImpl = PibMemory() try: PibKeyImpl(fixture.id1Key1Name, pibImpl) self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") PibKeyImpl(fixture.id1Key1Name, fixture.id1Key1.buf(), pibImpl) key1 = PibKeyImpl(fixture.id1Key1Name, pibImpl) # Overwriting the key should work. PibKeyImpl(fixture.id1Key1Name, fixture.id1Key2.buf(), pibImpl) key2 = PibKeyImpl(fixture.id1Key1Name, pibImpl) # key1 should have cached the original public key. self.assertTrue(not key1.getPublicKey().equals(key2.getPublicKey())) self.assertTrue(key2.getPublicKey().equals(fixture.id1Key2)) key1.addCertificate(fixture.id1Key1Cert1) # Use the wire encoding to check equivalence. self.assertTrue( key1.getCertificate( fixture.id1Key1Cert1.getName()).wireEncode().equals( fixture.id1Key1Cert1.wireEncode())) otherCert = CertificateV2(fixture.id1Key1Cert1) otherCert.getSignature().getValidityPeriod().setPeriod( Common.getNowMilliseconds(), Common.getNowMilliseconds() + 1000) # Don't bother resigning so we don't have to load a private key. self.assertTrue(fixture.id1Key1Cert1.getName().equals( otherCert.getName())) self.assertTrue(otherCert.getContent().equals( fixture.id1Key1Cert1.getContent())) self.assertFalse(otherCert.wireEncode().equals( fixture.id1Key1Cert1.wireEncode())) key1.addCertificate(otherCert) self.assertTrue( key1.getCertificate( fixture.id1Key1Cert1.getName()).wireEncode().equals( otherCert.wireEncode()))
def test_basic(self): fixture = self.fixture pibImpl = PibMemory() key11 = PibKeyImpl( fixture.id1Key1Name, fixture.id1Key1.toBytes(), pibImpl) self.assertTrue(fixture.id1Key1Name.equals(key11.getName())) self.assertTrue(fixture.id1.equals(key11.getIdentityName())) self.assertEquals(KeyType.RSA, key11.getKeyType()) self.assertTrue(key11.getPublicKey().equals(fixture.id1Key1)) key11FromBackend = PibKeyImpl(fixture.id1Key1Name, pibImpl) self.assertTrue(fixture.id1Key1Name.equals(key11FromBackend.getName())) self.assertTrue(fixture.id1.equals(key11FromBackend.getIdentityName())) self.assertEquals(KeyType.RSA, key11FromBackend.getKeyType()) self.assertTrue(key11FromBackend.getPublicKey().equals(fixture.id1Key1))
def main(): backboneFace = Face() pibImpl = PibMemory() keyChain = KeyChain(pibImpl, TpmBackEndMemory(), SelfVerifyPolicyManager(pibImpl)) # This puts the public key in the pibImpl used by the SelfVerifyPolicyManager. keyChain.importSafeBag( SafeBag(Name("/testname/KEY/123"), Blob(DEFAULT_RSA_PRIVATE_KEY_DER, False), Blob(DEFAULT_RSA_PUBLIC_KEY_DER, False))) backboneFace.setCommandSigningInfo(keyChain, keyChain.getDefaultCertificateName()) prefix = Name("/farm1") backboneFace.registerPrefix(prefix, onInterest, onRegisterFailed) print("Ready to go...") while 1: try: backboneFace.processEvents() e.acquire() frame = ieee.wait_read_frame(0.01) e.release() if frame is not None: if frame['rf_data'][0] == b'\x06' or frame['rf_data'][ 0] == b'\x05': #if Data or Interest buffData[0] = frame['rf_data'][0] buffData[1] = ord(frame['rf_data'][1]) + lCP buffData[2] = frame['rf_data'][2] buffData[3] = ord(frame['rf_data'][3]) + lCP buffData[4:lCP + 4] = eCP buffData[lCP + 4:] = frame['rf_data'][4:] print(str(datetime.now().strftime('%X.%f'))) backboneFace.send(buffData) else: print(frame['rf_data'][:]) #time.sleep(0.1) gc.collect() except KeyboardInterrupt: backboneFace.shutdown() ser.close() break
def main(): data = Data() data.wireDecode(TlvData) dump("Decoded Data:") dumpData(data) # Set the content again to clear the cached encoding so we encode again. data.setContent(data.getContent()) encoding = data.wireEncode() reDecodedData = Data() reDecodedData.wireDecode(encoding) dump("") dump("Re-decoded Data:") dumpData(reDecodedData) # Set up the KeyChain. pibImpl = PibMemory() keyChain = KeyChain( pibImpl, TpmBackEndMemory(), SelfVerifyPolicyManager(pibImpl)) # This puts the public key in the pibImpl used by the SelfVerifyPolicyManager. keyChain.importSafeBag(SafeBag (Name("/testname/KEY/123"), Blob(DEFAULT_RSA_PRIVATE_KEY_DER, False), Blob(DEFAULT_RSA_PUBLIC_KEY_DER, False))) keyChain.verifyData(reDecodedData, makeOnVerified("Re-decoded Data"), makeOnValidationFailed("Re-decoded Data")) freshData = Data(Name("/ndn/abc")) freshData.setContent("SUCCESS!") freshData.getMetaInfo().setFreshnessPeriod(5000) freshData.getMetaInfo().setFinalBlockId(Name("/%00%09")[0]) keyChain.sign(freshData) dump("") dump("Freshly-signed Data:") dumpData(freshData) keyChain.verifyData(freshData, makeOnVerified("Freshly-signed Data"), makeOnValidationFailed("Freshly-signed Data"))
def benchmarkDecodeDataSeconds(nIterations, useCrypto, keyType, encoding): """ Loop to decode a data packet nIterations times. :param int nIterations: The number of iterations. :param bool useCrypto: If true, verify the signature. If false, don't verify. :param KeyType keyType: KeyType.RSA or EC, used if useCrypto is True. :param Blob encoding: The wire encoding to decode. :return: The number of seconds for all iterations. :rtype: float """ # Initialize the private key storage in case useCrypto is true. pibImpl = PibMemory() keyChain = KeyChain(pibImpl, TpmBackEndMemory(), SelfVerifyPolicyManager(pibImpl)) # This puts the public key in the pibImpl used by the SelfVerifyPolicyManager. keyChain.importSafeBag( SafeBag( Name("/testname/KEY/123"), Blob( DEFAULT_EC_PRIVATE_KEY_DER if keyType == KeyType.ECDSA else DEFAULT_RSA_PRIVATE_KEY_DER, False), Blob( DEFAULT_EC_PUBLIC_KEY_DER if keyType == KeyType.ECDSA else DEFAULT_RSA_PUBLIC_KEY_DER, False))) start = getNowSeconds() for i in range(nIterations): data = Data() data.wireDecode(encoding) if useCrypto: keyChain.verifyData(data, onVerified, onValidationFailed) finish = getNowSeconds() return finish - start
def setUp(self): testCertDirectory = 'policy_config/certs' self.testCertFile = os.path.join(testCertDirectory, 'test.cert') self.pibImpl = PibMemory() self.tpmBackEnd = TpmBackEndMemory() self.policyManager = ConfigPolicyManager( 'policy_config/simple_rules.conf', CertificateCacheV2()) self.identityName = Name('/TestConfigPolicyManager/temp') # to match the anchor cert self.keyName = Name(self.identityName).append("KEY").append("ksk-1416010123") self.pibImpl.addKey(self.identityName, self.keyName, TEST_RSA_PUBLIC_KEY_DER) # Set the password to None since we have an unencrypted PKCS #8 private key. self.tpmBackEnd.importKey(self.keyName, TEST_RSA_PRIVATE_KEY_PKCS8, None) self.keyChain = KeyChain(self.pibImpl, self.tpmBackEnd, self.policyManager) pibKey = self.keyChain.getPib().getIdentity(self.identityName).getKey( self.keyName) # selfSign adds to the PIB. self.keyChain.selfSign(pibKey)
def test_basic(self): fixture = self.fixture pibImpl = PibMemory() # Start with an empty container. container = PibKeyContainer(fixture.id1, pibImpl) self.assertEqual(0, container.size()) self.assertEqual(0, len(container._keys)) # Add the first key. key11 = container.add(fixture.id1Key1.buf(), fixture.id1Key1Name) self.assertTrue(fixture.id1Key1Name.equals(key11.getName())) self.assertTrue(key11.getPublicKey().equals(fixture.id1Key1)) self.assertEqual(1, container.size()) self.assertEqual(1, len(container._keys)) self.assertTrue(fixture.id1Key1Name in container._keys) # Add the same key again. key12 = container.add(fixture.id1Key1.buf(), fixture.id1Key1Name) self.assertTrue(fixture.id1Key1Name.equals(key12.getName())) self.assertTrue(key12.getPublicKey().equals(fixture.id1Key1)) self.assertEqual(1, container.size()) self.assertEqual(1, len(container._keys)) self.assertTrue(fixture.id1Key1Name in container._keys) # Add the second key. key21 = container.add(fixture.id1Key2.buf(), fixture.id1Key2Name) self.assertTrue(fixture.id1Key2Name.equals(key21.getName())) self.assertTrue(key21.getPublicKey().equals(fixture.id1Key2)) self.assertEqual(2, container.size()) self.assertEqual(2, len(container._keys)) self.assertTrue(fixture.id1Key1Name in container._keys) self.assertTrue(fixture.id1Key2Name in container._keys) # Get keys. try: container.get(fixture.id1Key1Name) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) try: container.get(fixture.id1Key2Name) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) id1Key3Name = PibKey.constructKeyName( fixture.id1, Name.Component("non-existing-id")) try: container.get(id1Key3Name) self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") # Get and check keys. key1 = container.get(fixture.id1Key1Name) key2 = container.get(fixture.id1Key2Name) self.assertTrue(fixture.id1Key1Name.equals(key1.getName())) self.assertTrue(key1.getPublicKey().equals(fixture.id1Key1)) self.assertEqual(fixture.id1Key2Name, key2.getName()) self.assertTrue(key2.getPublicKey().equals(fixture.id1Key2)) # Create another container using the same PibImpl. The cache should be empty. container2 = PibKeyContainer(fixture.id1, pibImpl) self.assertEqual(2, container2.size()) self.assertEqual(0, len(container2._keys)) # Get a key. The cache should be filled. try: container2.get(fixture.id1Key1Name) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) self.assertEqual(2, container2.size()) self.assertEqual(1, len(container2._keys)) try: container2.get(fixture.id1Key2Name) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) self.assertEqual(2, container2.size()) self.assertEqual(2, len(container2._keys)) # Remove a key. container2.remove(fixture.id1Key1Name) self.assertEqual(1, container2.size()) self.assertEqual(1, len(container2._keys)) self.assertTrue(not (fixture.id1Key1Name in container2._keys)) self.assertTrue(fixture.id1Key2Name in container2._keys) # Remove another key. container2.remove(fixture.id1Key2Name) self.assertEqual(0, container2.size()) self.assertEqual(0, len(container2._keys)) self.assertTrue(not (fixture.id1Key2Name in container2._keys))
def benchmarkEncodeDataSeconds(nIterations, useComplex, useCrypto, keyType): """ Loop to encode a data packet nIterations times. :param int nIterations: The number of iterations. :param bool useComplex: If true, use a large name, large content and all fields. If false, use a small name, small content and only required fields. :param bool useCrypto: If true, sign the data packet. If false, use a blank signature. :param KeyType keyType: KeyType.RSA or EC, used if useCrypto is True. :return: A tuple (duration, encoding) where duration is the number of seconds for all iterations and encoding is the wire encoding. :rtype: (float, Blob) """ if useComplex: # Use a large name and content. name = Name( "/ndn/ucla.edu/apps/lwndn-test/numbers.txt/%FD%05%05%E8%0C%CE%1D/%00" ) contentString = "" count = 1 contentString += "%d" % count count += 1 while len(contentString) < 1115: contentString += " %d" % count count += 1 content = Name.fromEscapedString(contentString) else: # Use a small name and content. name = Name("/test") content = Name.fromEscapedString("abc") finalBlockId = Name("/%00")[0] # Initialize the private key storage in case useCrypto is true. pibImpl = PibMemory() keyChain = KeyChain(pibImpl, TpmBackEndMemory(), SelfVerifyPolicyManager(pibImpl)) keyChain.importSafeBag( SafeBag( Name("/testname/KEY/123"), Blob( DEFAULT_EC_PRIVATE_KEY_DER if keyType == KeyType.ECDSA else DEFAULT_RSA_PRIVATE_KEY_DER, False), Blob( DEFAULT_EC_PUBLIC_KEY_DER if keyType == KeyType.ECDSA else DEFAULT_RSA_PUBLIC_KEY_DER, False))) certificateName = keyChain.getDefaultCertificateName() # Set up signatureBits in case useCrypto is false. signatureBits = Blob(bytearray(256)) start = getNowSeconds() for i in range(nIterations): data = Data(name) data.setContent(content) if useComplex: data.getMetaInfo().setFreshnessPeriod(1000) data.getMetaInfo().setFinalBlockId(finalBlockId) if useCrypto: # This sets the signature fields. keyChain.sign(data) else: # Imitate IdentityManager.signByCertificate to set up the signature # fields, but don't sign. sha256Signature = data.getSignature() keyLocator = sha256Signature.getKeyLocator() keyLocator.setType(KeyLocatorType.KEYNAME) keyLocator.setKeyName(certificateName) sha256Signature.setSignature(signatureBits) encoding = data.wireEncode() finish = getNowSeconds() return (finish - start, encoding)
def test_basic(self): fixture = self.fixture pibImpl = PibMemory() # Start with an empty container. container = PibIdentityContainer(pibImpl) self.assertEqual(0, container.size()) self.assertEqual(0, len(container._identities)) # Add the first identity. identity11 = container.add(fixture.id1) self.assertTrue(fixture.id1.equals(identity11.getName())) self.assertEqual(1, container.size()) self.assertEqual(1, len(container._identities)) self.assertTrue(fixture.id1 in container._identities) # Add the same identity again. identity12 = container.add(fixture.id1) self.assertTrue(fixture.id1.equals(identity12.getName())) self.assertEqual(1, container.size()) self.assertEqual(1, len(container._identities)) self.assertTrue(fixture.id1 in container._identities) # Add the second identity. identity21 = container.add(fixture.id2) self.assertTrue(fixture.id2.equals(identity21.getName())) self.assertEqual(2, container.size()) self.assertEqual(2, len(container._identities)) self.assertTrue(fixture.id1 in container._identities) self.assertTrue(fixture.id2 in container._identities) # Get identities. try: container.get(fixture.id1) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) try: container.get(fixture.id2) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) try: container.get(Name("/non-existing")) self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") # Check the identity. identity1 = container.get(fixture.id1) identity2 = container.get(fixture.id2) self.assertTrue(fixture.id1.equals(identity1.getName())) self.assertTrue(fixture.id2.equals(identity2.getName())) # Create another container from the same PibImpl. The cache should be empty. container2 = PibIdentityContainer(pibImpl) self.assertEqual(2, container2.size()) self.assertEqual(0, len(container2._identities)) # Get keys. The cache should be filled. try: container2.get(fixture.id1) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) self.assertEqual(2, container2.size()) self.assertEqual(1, len(container2._identities)) try: container2.get(fixture.id2) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) self.assertEqual(2, container2.size()) self.assertEqual(2, len(container2._identities)) # Remove a key. container2.remove(fixture.id1) self.assertEqual(1, container2.size()) self.assertEqual(1, len(container2._identities)) self.assertTrue(not (fixture.id1 in container2._identities)) self.assertTrue(fixture.id2 in container2._identities) # Remove another key. container2.remove(fixture.id2) self.assertEqual(0, container2.size()) self.assertEqual(0, len(container2._identities)) self.assertTrue(not (fixture.id2 in container2._identities))
def test_basic(self): fixture = self.fixture pibImpl = PibMemory() # Start with an empty container. container = PibCertificateContainer(fixture.id1Key1Name, pibImpl) self.assertEqual(0, container.size()) self.assertEqual(0, len(container._certificates)) # Add a certificate. container.add(fixture.id1Key1Cert1) self.assertEqual(1, container.size()) self.assertEqual(1, len(container._certificates)) self.assertTrue( fixture.id1Key1Cert1.getName() in container._certificates) # Add the same certificate again. container.add(fixture.id1Key1Cert1) self.assertEqual(1, container.size()) self.assertEqual(1, len(container._certificates)) self.assertTrue( fixture.id1Key1Cert1.getName() in container._certificates) # Add another certificate. container.add(fixture.id1Key1Cert2) self.assertEqual(2, container.size()) self.assertEqual(2, len(container._certificates)) self.assertTrue( fixture.id1Key1Cert1.getName() in container._certificates) self.assertTrue( fixture.id1Key1Cert2.getName() in container._certificates) # Get the certificates. try: container.get(fixture.id1Key1Cert1.getName()) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) try: container.get(fixture.id1Key1Cert2.getName()) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) id1Key1Cert3Name = Name(fixture.id1Key1Name) id1Key1Cert3Name.append("issuer").appendVersion(3) try: container.get(id1Key1Cert3Name) self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") # Check the certificates. cert1 = container.get(fixture.id1Key1Cert1.getName()) cert2 = container.get(fixture.id1Key1Cert2.getName()) # Use the wire encoding to check equivalence. self.assertTrue(cert1.wireEncode().equals( fixture.id1Key1Cert1.wireEncode())) self.assertTrue(cert2.wireEncode().equals( fixture.id1Key1Cert2.wireEncode())) # Create another container with the same PibImpl. The cache should be empty. container2 = PibCertificateContainer(fixture.id1Key1Name, pibImpl) self.assertEqual(2, container2.size()) self.assertEqual(0, len(container2._certificates)) # Get a certificate. The cache should be filled. try: container2.get(fixture.id1Key1Cert1.getName()) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) self.assertEqual(2, container2.size()) self.assertEqual(1, len(container2._certificates)) try: container2.get(fixture.id1Key1Cert2.getName()) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) self.assertEqual(2, container2.size()) self.assertEqual(2, len(container2._certificates)) # Remove a certificate. container2.remove(fixture.id1Key1Cert1.getName()) self.assertEqual(1, container2.size()) self.assertEqual(1, len(container2._certificates)) self.assertTrue(not ( fixture.id1Key1Cert1.getName() in container2._certificates)) self.assertTrue( fixture.id1Key1Cert2.getName() in container2._certificates) # Remove another certificate. container2.remove(fixture.id1Key1Cert2.getName()) self.assertEqual(0, container2.size()) self.assertEqual(0, len(container2._certificates)) self.assertTrue(not ( fixture.id1Key1Cert2.getName() in container2._certificates))
def test_certificate_operation(self): fixture = self.fixture pibImpl = PibMemory() key11 = PibKeyImpl(fixture.id1Key1Name, fixture.id1Key1.toBytes(), pibImpl) try: PibKeyImpl(fixture.id1Key1Name, pibImpl) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) # The key should not have any certificates. self.assertEqual(0, key11._certificates.size()) # Getting a non-existing certificate should throw Pib.Error. try: key11.getCertificate(fixture.id1Key1Cert1.getName()) self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") # Getting the non-existing default certificate should throw Pib.Error. try: key11.getDefaultCertificate() self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") # Setting a non-existing certificate as the default should throw Pib.Error. try: key11.setDefaultCertificate(fixture.id1Key1Cert1.getName()) self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") # Add a certificate. key11.addCertificate(fixture.id1Key1Cert1) try: key11.getCertificate(fixture.id1Key1Cert1.getName()) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) # The new certificate becomes the default when there was no default. try: key11.getDefaultCertificate() except Exception as ex: self.fail("Unexpected exception: " + str(ex)) defaultCert0 = key11.getDefaultCertificate() self.assertTrue(fixture.id1Key1Cert1.getName().equals( defaultCert0.getName())) # Use the wire encoding to check equivalence. self.assertTrue(fixture.id1Key1Cert1.wireEncode().equals( defaultCert0.wireEncode())) # Remove the certificate. key11.removeCertificate(fixture.id1Key1Cert1.getName()) try: key11.getCertificate(fixture.id1Key1Cert1.getName()) self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") try: key11.getDefaultCertificate() self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") # Set the default certificate directly. try: key11.setDefaultCertificate(fixture.id1Key1Cert1) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) try: key11.getDefaultCertificate() except Exception as ex: self.fail("Unexpected exception: " + str(ex)) try: key11.getCertificate(fixture.id1Key1Cert1.getName()) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) # Check the default cert. defaultCert1 = key11.getDefaultCertificate() self.assertTrue(fixture.id1Key1Cert1.getName().equals( defaultCert1.getName())) self.assertTrue(defaultCert1.wireEncode().equals( fixture.id1Key1Cert1.wireEncode())) # Add another certificate. key11.addCertificate(fixture.id1Key1Cert2) self.assertEqual(2, key11._certificates.size()) # Set the default certificate using a name. try: key11.setDefaultCertificate(fixture.id1Key1Cert2.getName()) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) try: key11.getDefaultCertificate() except Exception as ex: self.fail("Unexpected exception: " + str(ex)) defaultCert2 = key11.getDefaultCertificate() self.assertTrue(fixture.id1Key1Cert2.getName().equals( defaultCert2.getName())) self.assertTrue(defaultCert2.wireEncode().equals( fixture.id1Key1Cert2.wireEncode())) # Remove a certificate. key11.removeCertificate(fixture.id1Key1Cert1.getName()) try: key11.getCertificate(fixture.id1Key1Cert1.getName()) self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") self.assertEqual(1, key11._certificates.size()) # Set the default certificate directly again, which should change the default. try: key11.setDefaultCertificate(fixture.id1Key1Cert1) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) defaultCert3 = key11.getDefaultCertificate() self.assertTrue(fixture.id1Key1Cert1.getName().equals( defaultCert3.getName())) self.assertTrue(defaultCert3.wireEncode().equals( fixture.id1Key1Cert1.wireEncode())) self.assertEqual(2, key11._certificates.size()) # Remove all certificates. key11.removeCertificate(fixture.id1Key1Cert1.getName()) try: key11.getCertificate(fixture.id1Key1Cert1.getName()) self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") self.assertEqual(1, key11._certificates.size()) key11.removeCertificate(fixture.id1Key1Cert2.getName()) try: key11.getCertificate(fixture.id1Key1Cert2.getName()) self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") try: key11.getDefaultCertificate() self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") self.assertEqual(0, key11._certificates.size())
def test_errors(self): fixture = self.fixture pibImpl = PibMemory() try: PibKeyImpl(fixture.id1Key1Name, pibImpl) self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") key11 = PibKeyImpl(fixture.id1Key1Name, fixture.id1Key1.buf(), pibImpl) try: PibKeyImpl(Name("/wrong"), pibImpl) self.fail("Did not throw the expected exception") except ValueError: pass else: self.fail("Did not throw the expected exception") try: PibKeyImpl(Name("/wrong"), fixture.id1Key1.buf(), pibImpl) self.fail("Did not throw the expected exception") except ValueError: pass else: self.fail("Did not throw the expected exception") wrongKey = Blob("") try: PibKeyImpl(fixture.id1Key2Name, wrongKey.toBytes(), pibImpl) self.fail("Did not throw the expected exception") except ValueError: pass else: self.fail("Did not throw the expected exception") key11.addCertificate(fixture.id1Key1Cert1) try: key11.addCertificate(fixture.id1Key2Cert1) self.fail("Did not throw the expected exception") except ValueError: pass else: self.fail("Did not throw the expected exception") try: key11.removeCertificate(fixture.id1Key2Cert1.getName()) self.fail("Did not throw the expected exception") except ValueError: pass else: self.fail("Did not throw the expected exception") try: key11.getCertificate(fixture.id1Key2Cert1.getName()) self.fail("Did not throw the expected exception") except ValueError: pass else: self.fail("Did not throw the expected exception") try: key11.setDefaultCertificate(fixture.id1Key2Cert1) self.fail("Did not throw the expected exception") except ValueError: pass else: self.fail("Did not throw the expected exception") try: key11.setDefaultCertificate(fixture.id1Key2Cert1.getName()) self.fail("Did not throw the expected exception") except ValueError: pass else: self.fail("Did not throw the expected exception")
def test_basic(self): fixture = self.fixture pibImpl = PibMemory() identity1 = PibIdentityImpl(fixture.id1, pibImpl, True) self.assertTrue(fixture.id1.equals(identity1.getName()))
class TestPolicyManagerV2(ut.TestCase): def setUp(self): testCertDirectory = 'policy_config/certs' self.testCertFile = os.path.join(testCertDirectory, 'test.cert') self.pibImpl = PibMemory() self.tpmBackEnd = TpmBackEndMemory() self.policyManager = ConfigPolicyManager( 'policy_config/simple_rules.conf', CertificateCacheV2()) self.identityName = Name('/TestConfigPolicyManager/temp') # to match the anchor cert self.keyName = Name( self.identityName).append("KEY").append("ksk-1416010123") self.pibImpl.addKey(self.identityName, self.keyName, TEST_RSA_PUBLIC_KEY_DER) # Set the password to None since we have an unencrypted PKCS #8 private key. self.tpmBackEnd.importKey(self.keyName, TEST_RSA_PRIVATE_KEY_PKCS8, None) self.keyChain = KeyChain(self.pibImpl, self.tpmBackEnd, self.policyManager) pibKey = self.keyChain.getPib().getIdentity(self.identityName).getKey( self.keyName) # selfSign adds to the PIB. self.keyChain.selfSign(pibKey) def tearDown(self): try: os.remove(self.testCertFile) except OSError: pass def test_interest_timestamp(self): interestName = Name('/ndn/ucla/edu/something') certName = self.keyChain.getPib().getIdentity( self.identityName).getKey( self.keyName).getDefaultCertificate().getName() face = Face("localhost") face.setCommandSigningInfo(self.keyChain, certName) oldInterest = Interest(interestName) face.makeCommandInterest(oldInterest) time.sleep(0.1) # make sure timestamps are different newInterest = Interest(interestName) face.makeCommandInterest(newInterest) vr = doVerify(self.policyManager, newInterest) self.assertFalse( vr.hasFurtherSteps, "ConfigPolicyManager returned ValidationRequest but certificate is known" ) self.assertEqual(vr.failureCount, 0, "Verification of valid interest failed") self.assertEqual( vr.successCount, 1, "Verification success called {} times instead of 1".format( vr.successCount)) vr = doVerify(self.policyManager, oldInterest) self.assertFalse( vr.hasFurtherSteps, "ConfigPolicyManager returned ValidationRequest but certificate is known" ) self.assertEqual(vr.successCount, 0, "Verification of stale interest succeeded") self.assertEqual( vr.failureCount, 1, "Failure callback called {} times instead of 1".format( vr.failureCount)) def test_refresh_10s(self): with open('policy_config/testData', 'r') as dataFile: encodedData = dataFile.read() data = Data() dataBlob = Blob(b64decode(encodedData)) data.wireDecode(dataBlob) # This test is needed, since the KeyChain will express interests in # unknown certificates. vr = doVerify(self.policyManager, data) self.assertTrue( vr.hasFurtherSteps, "ConfigPolicyManager did not create ValidationRequest for unknown certificate" ) self.assertEqual( vr.successCount, 0, "ConfigPolicyManager called success callback with pending ValidationRequest" ) self.assertEqual( vr.failureCount, 0, "ConfigPolicyManager called failure callback with pending ValidationRequest" ) # Now save the cert data to our anchor directory, and wait. # We have to sign it with the current identity or the policy manager # will create an interest for the signing certificate. cert = CertificateV2() certData = b64decode(CERT_DUMP) cert.wireDecode(Blob(certData, False)) signingInfo = SigningInfo() signingInfo.setSigningIdentity(self.identityName) # Make sure the validity period is current for two years. now = Common.getNowMilliseconds() signingInfo.setValidityPeriod( ValidityPeriod(now, now + 2 * 365 * 24 * 3600 * 1000.0)) self.keyChain.sign(cert, signingInfo) encodedCert = b64encode(cert.wireEncode().toBytes()) with open(self.testCertFile, 'w') as certFile: certFile.write(Blob(encodedCert, False).toRawStr()) # Still too early for refresh to pick it up. vr = doVerify(self.policyManager, data) self.assertTrue( vr.hasFurtherSteps, "ConfigPolicyManager refresh occured sooner than specified") self.assertEqual( vr.successCount, 0, "ConfigPolicyManager called success callback with pending ValidationRequest" ) self.assertEqual( vr.failureCount, 0, "ConfigPolicyManager called failure callback with pending ValidationRequest" ) time.sleep(6) # Now we should find it. vr = doVerify(self.policyManager, data) self.assertFalse( vr.hasFurtherSteps, "ConfigPolicyManager did not refresh certificate store") self.assertEqual( vr.successCount, 1, "Verification success called {} times instead of 1".format( vr.successCount)) self.assertEqual( vr.failureCount, 0, "ConfigPolicyManager did not verify valid signed data")
def test_key_operation(self): fixture = self.fixture pibImpl = PibMemory() identity1 = PibIdentityImpl(fixture.id1, pibImpl, True) try: PibIdentityImpl(fixture.id1, pibImpl, False) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) # The identity should not have any key. self.assertEquals(0, identity1._keys.size()) # Getting non-existing key should throw Pib.Error. try: identity1.getKey(fixture.id1Key1Name) self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") # Getting the default key should throw Pib.Error. try: identity1.getDefaultKey() self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") # Setting a non-existing key as the default key should throw Pib.Error. try: identity1.setDefaultKey(fixture.id1Key1Name) self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") # Add a key. identity1.addKey(fixture.id1Key1.toBytes(), fixture.id1Key1Name) try: identity1.getKey(fixture.id1Key1Name) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) # A new key should become the default key when there is no default. try: identity1.getDefaultKey() except Exception as ex: self.fail("Unexpected exception: " + str(ex)) defaultKey0 = identity1.getDefaultKey() self.assertTrue(fixture.id1Key1Name.equals(defaultKey0.getName())) self.assertTrue(defaultKey0.getPublicKey().equals(fixture.id1Key1)) # Remove a key. identity1.removeKey(fixture.id1Key1Name) try: identity1.setDefaultKey(fixture.id1Key1Name) self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") try: identity1.getDefaultKey() self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") # Set the default key directly. try: identity1.setDefaultKey(fixture.id1Key1.toBytes(), fixture.id1Key1Name) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) try: identity1.getDefaultKey() except Exception as ex: self.fail("Unexpected exception: " + str(ex)) try: identity1.getKey(fixture.id1Key1Name) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) # Check for a default key. defaultKey1 = identity1.getDefaultKey() self.assertTrue(fixture.id1Key1Name.equals(defaultKey1.getName())) self.assertTrue(defaultKey1.getPublicKey().equals(fixture.id1Key1)) # Add another key. identity1.addKey(fixture.id1Key2.toBytes(), fixture.id1Key2Name) self.assertEquals(2, identity1._keys.size()) # Set the default key using a name. try: identity1.setDefaultKey(fixture.id1Key2Name) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) try: identity1.getDefaultKey() except Exception as ex: self.fail("Unexpected exception: " + str(ex)) defaultKey2 = identity1.getDefaultKey() self.assertTrue(fixture.id1Key2Name.equals(defaultKey2.getName())) self.assertTrue(defaultKey2.getPublicKey().equals(fixture.id1Key2)) # Remove a key. identity1.removeKey(fixture.id1Key1Name) try: identity1.getKey(fixture.id1Key1Name) self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") self.assertEquals(1, identity1._keys.size()) # Seting the default key directly again should change the default. try: identity1.setDefaultKey(fixture.id1Key1.toBytes(), fixture.id1Key1Name) except Exception as ex: self.fail("Unexpected exception: " + str(ex)) defaultKey3 = identity1.getDefaultKey() self.assertTrue(fixture.id1Key1Name.equals(defaultKey3.getName())) self.assertTrue(defaultKey3.getPublicKey().equals(fixture.id1Key1)) self.assertEquals(2, identity1._keys.size()) # Remove all keys. identity1.removeKey(fixture.id1Key1Name) try: identity1.getKey(fixture.id1Key1Name) self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") self.assertEquals(1, identity1._keys.size()) identity1.removeKey(fixture.id1Key2Name) try: identity1.getKey(fixture.id1Key2Name) self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception") self.assertEquals(0, identity1._keys.size()) try: identity1.getDefaultKey() self.fail("Did not throw the expected exception") except Pib.Error: pass else: self.fail("Did not throw the expected exception")
def __init__(self): super(PibMemoryFixture, self).__init__() self._myPib = PibMemory() self.pib = self._myPib
class TestPolicyManagerV2(ut.TestCase): def setUp(self): testCertDirectory = 'policy_config/certs' self.testCertFile = os.path.join(testCertDirectory, 'test.cert') self.pibImpl = PibMemory() self.tpmBackEnd = TpmBackEndMemory() self.policyManager = ConfigPolicyManager( 'policy_config/simple_rules.conf', CertificateCacheV2()) self.identityName = Name('/TestConfigPolicyManager/temp') # to match the anchor cert self.keyName = Name(self.identityName).append("KEY").append("ksk-1416010123") self.pibImpl.addKey(self.identityName, self.keyName, TEST_RSA_PUBLIC_KEY_DER) # Set the password to None since we have an unencrypted PKCS #8 private key. self.tpmBackEnd.importKey(self.keyName, TEST_RSA_PRIVATE_KEY_PKCS8, None) self.keyChain = KeyChain(self.pibImpl, self.tpmBackEnd, self.policyManager) pibKey = self.keyChain.getPib().getIdentity(self.identityName).getKey( self.keyName) # selfSign adds to the PIB. self.keyChain.selfSign(pibKey) def tearDown(self): try: os.remove(self.testCertFile) except OSError: pass def test_interest_timestamp(self): interestName = Name('/ndn/ucla/edu/something') certName = self.keyChain.getPib().getIdentity(self.identityName).getKey( self.keyName).getDefaultCertificate().getName() face = Face("localhost") face.setCommandSigningInfo(self.keyChain, certName) oldInterest = Interest(interestName) face.makeCommandInterest(oldInterest) time.sleep(0.1) # make sure timestamps are different newInterest = Interest(interestName) face.makeCommandInterest(newInterest) vr = doVerify(self.policyManager, newInterest) self.assertFalse(vr.hasFurtherSteps, "ConfigPolicyManager returned ValidationRequest but certificate is known") self.assertEqual(vr.failureCount, 0, "Verification of valid interest failed") self.assertEqual(vr.successCount, 1, "Verification success called {} times instead of 1".format( vr.successCount)) vr = doVerify(self.policyManager, oldInterest) self.assertFalse(vr.hasFurtherSteps, "ConfigPolicyManager returned ValidationRequest but certificate is known") self.assertEqual(vr.successCount, 0, "Verification of stale interest succeeded") self.assertEqual(vr.failureCount, 1, "Failure callback called {} times instead of 1".format( vr.failureCount)) def test_refresh_10s(self): with open('policy_config/testData', 'r') as dataFile: encodedData = dataFile.read() data = Data() dataBlob = Blob(b64decode(encodedData)) data.wireDecode(dataBlob) # This test is needed, since the KeyChain will express interests in # unknown certificates. vr = doVerify(self.policyManager, data) self.assertTrue(vr.hasFurtherSteps, "ConfigPolicyManager did not create ValidationRequest for unknown certificate") self.assertEqual(vr.successCount, 0, "ConfigPolicyManager called success callback with pending ValidationRequest") self.assertEqual(vr.failureCount, 0, "ConfigPolicyManager called failure callback with pending ValidationRequest") # Now save the cert data to our anchor directory, and wait. # We have to sign it with the current identity or the policy manager # will create an interest for the signing certificate. cert = CertificateV2() certData = b64decode(CERT_DUMP) cert.wireDecode(Blob(certData, False)) signingInfo = SigningInfo() signingInfo.setSigningIdentity(self.identityName) # Make sure the validity period is current for two years. now = Common.getNowMilliseconds() signingInfo.setValidityPeriod(ValidityPeriod (now, now + 2 * 365 * 24 * 3600 * 1000.0)) self.keyChain.sign(cert, signingInfo) encodedCert = b64encode(cert.wireEncode().toBytes()) with open(self.testCertFile, 'w') as certFile: certFile.write(Blob(encodedCert, False).toRawStr()) # Still too early for refresh to pick it up. vr = doVerify(self.policyManager, data) self.assertTrue(vr.hasFurtherSteps, "ConfigPolicyManager refresh occured sooner than specified") self.assertEqual(vr.successCount, 0, "ConfigPolicyManager called success callback with pending ValidationRequest") self.assertEqual(vr.failureCount, 0, "ConfigPolicyManager called failure callback with pending ValidationRequest") time.sleep(6) # Now we should find it. vr = doVerify(self.policyManager, data) self.assertFalse(vr.hasFurtherSteps, "ConfigPolicyManager did not refresh certificate store") self.assertEqual(vr.successCount, 1, "Verification success called {} times instead of 1".format( vr.successCount)) self.assertEqual(vr.failureCount, 0, "ConfigPolicyManager did not verify valid signed data")