def handle(self, *args, **options):
if settings.CENTRAL_SERVER:
raise CommandError(
"You shouldn't be trying to put the central server on a sharing network!"
)
own_device = Device.get_own_device()
if DeviceZone.objects.filter(device=own_device).count() > 0:
raise CommandError(
"This device already belongs to a sharing network.")
zone_name = args[0] if len(
args) >= 1 else "Sharing network for Device %s" % own_device.name
zone_description = args[1] if (len(args) >= 2 and args[1]) else ""
# Create the zone
self.stdout.write("Generating a sharing network.\n")
zone = Zone(name=zone_name, description=zone_description)
zone.save() # this will sign the zone with the current device
# Create the zone invitation--you're invited to a party of one!
self.stdout.write(
"Generating a sharing network invitation--from me, to me!\n")
invitation = ZoneInvitation.generate(zone=zone, invited_by=own_device)
invitation.save()
invitation.claim(used_by=own_device)
self.stdout.write("Done!\n")
def test_valid_trusted(self):
"""
Chain of trust:
1. Zone created by this device
2. Another device joins (no central server) through an invitation
"""
own_device = Device.get_own_device()
zone = Zone(name="test_zone")
zone.save()
new_device = Device(name="new_device") # make a new device
new_device.set_key(Key())
new_device.save() # get an ID
new_device.get_metadata().save()
# Now create an invitation, and claim that invitation for the new device.
invitation = ZoneInvitation.generate(zone=zone, invited_by=own_device)
invitation.claim(used_by=new_device)
self.assertEqual(invitation.used_by, new_device, "Invitation should now be used by device %s" % new_device)
self.assertEqual(DeviceZone.objects.filter(device=new_device).count(), 1, "There should be a DeviceZone for device %s" % new_device)
self.assertEqual(DeviceZone.objects.get(device=new_device).zone, zone, "DeviceZone for device %s should be zone %s" % (new_device, zone))
# Now get a chain of trust establishing the new device on the zone
chain = ChainOfTrust(zone=zone, device=new_device)
self.assertTrue(chain.verify(), "Chain of trust should verify.")
def test_valid_trusted(self):
"""
Chain of trust:
1. Zone created by this device
2. Another device joins (no central server) through an invitation
"""
own_device = Device.get_own_device()
zone = Zone(name="test_zone")
zone.save()
new_device = Device(name="new_device") # make a new device
new_device.set_key(Key())
new_device.save() # get an ID
new_device.get_metadata().save()
# Now create an invitation, and claim that invitation for the new device.
invitation = ZoneInvitation.generate(zone=zone, invited_by=own_device)
invitation.claim(used_by=new_device)
self.assertEqual(
invitation.used_by, new_device,
"Invitation should now be used by device %s" % new_device)
self.assertEqual(
DeviceZone.objects.filter(device=new_device).count(), 1,
"There should be a DeviceZone for device %s" % new_device)
self.assertEqual(
DeviceZone.objects.get(device=new_device).zone, zone,
"DeviceZone for device %s should be zone %s" % (new_device, zone))
# Now get a chain of trust establishing the new device on the zone
chain = ChainOfTrust(zone=zone, device=new_device)
self.assertTrue(chain.verify(), "Chain of trust should verify.")
def test_invalid_invitation(self):
"""
Chain of trust:
1. Zone created by this device
2. Another device joins (no central server) without an invitation--assert!
"""
own_device = Device.get_own_device()
call_command("generate_zone") # put own_device on a zone
zone = Zone.objects.all()[0]
new_device = Device(name="new_device") # make a new device
new_device.set_key(Key())
new_device.save() # get an ID
new_device.get_metadata().save()
# Now create an illegal invitation--one that's not signed by the zone creator
with self.assertRaises(ValidationError):
ZoneInvitation.generate(zone=zone, invited_by=new_device)
#
invitation = ZoneInvitation(zone=zone, invited_by=new_device)
with self.assertRaises(ValidationError):
invitation.set_key(Key())
def create_json_file(include_data):
central_server = Device.get_central_server()
if not zone_id:
models = [central_server] if central_server else []
else:
# Get a chain of trust to the zone owner.
# Because we're on the central server, this will
# simply be the central server, but in the future
# this would return an actual chain.
logging.debug("Generating a zone invitation...")
zone = Zone.objects.get(id=zone_id)
chain = ChainOfTrust(zone=zone)
assert chain.validate()
new_invitation = ZoneInvitation.generate(
zone=zone, invited_by=Device.get_own_device())
new_invitation.save(
) # keep a record of the invitation, for future revocation. Also, signs the thing
# This ordering of objects is a bit be hokey, but OK--invitation usually must be
# inserted before devicezones--but because it's not pointing to any devices,
# it's OK to be at the end.
# Note that the central server will always be at the front of the chain of trust,
# so no need to explicitly include.
models = chain.objects() + [new_invitation]
#
if include_data:
logging.debug("Serializing entire dataset...")
devices = Device.objects.by_zone(zone)
devicezones = DeviceZone.objects.filter(zone=zone)
models += list(devices) + list(devicezones)
models += engine.get_models(
zone=zone, limit=None) # get all models on this zone
models_file = tempfile.mkstemp()[1]
with open(models_file, "w") as fp:
fp.write(engine.serialize(models))
return models_file
def handle(self, *args, **options):
if settings.CENTRAL_SERVER:
raise CommandError("You shouldn't be trying to put the central server on a sharing network!")
own_device = Device.get_own_device()
if DeviceZone.objects.filter(device=own_device).count() > 0:
raise CommandError("This device already belongs to a sharing network.")
zone_name = args[0] if len(args) >= 1 else "Sharing network for Device %s" % own_device.name
zone_description = args[1] if (len(args) >= 2 and args[1]) else ""
# Create the zone
self.stdout.write("Generating a sharing network.\n")
zone = Zone(name=zone_name, description=zone_description)
zone.save() # this will sign the zone with the current device
# Create the zone invitation--you're invited to a party of one!
self.stdout.write("Generating a sharing network invitation--from me, to me!\n")
invitation = ZoneInvitation.generate(zone=zone, invited_by=own_device)
invitation.save()
invitation.claim(used_by=own_device)
self.stdout.write("Done!\n")
def create_json_file(include_data):
central_server = Device.get_central_server()
if not zone_id:
models = [central_server] if central_server else []
else:
# Get a chain of trust to the zone owner.
# Because we're on the central server, this will
# simply be the central server, but in the future
# this would return an actual chain.
logging.debug("Generating a zone invitation...")
zone = Zone.objects.get(id=zone_id)
chain = ChainOfTrust(zone=zone)
assert chain.validate()
new_invitation = ZoneInvitation.generate(zone=zone, invited_by=Device.get_own_device())
new_invitation.save() # keep a record of the invitation, for future revocation. Also, signs the thing
# This ordering of objects is a bit be hokey, but OK--invitation usually must be
# inserted before devicezones--but because it's not pointing to any devices,
# it's OK to be at the end.
# Note that the central server will always be at the front of the chain of trust,
# so no need to explicitly include.
models = chain.objects() + [new_invitation]
#
if include_data:
logging.debug("Serializing entire dataset...")
devices = Device.objects.by_zone(zone)
devicezones = DeviceZone.objects.filter(zone=zone)
models += list(devices) + list(devicezones)
models += engine.get_models(zone=zone, limit=None) # get all models on this zone
models_file = tempfile.mkstemp()[1]
with open(models_file, "w") as fp:
fp.write(engine.serialize(models))
return models_file
def test_invalid_invitation(self):
"""
Chain of trust:
1. Zone created by this device
2. Another device joins (no central server) without an invitation--assert!
"""
own_device = Device.get_own_device()
call_command("generate_zone") # put own_device on a zone
zone = Zone.objects.all()[0]
new_device = Device(name="new_device") # make a new device
new_device.set_key(Key())
new_device.save() # get an ID
new_device.get_metadata().save()
# Now create an illegal invitation--one that's not signed by the zone creator
with self.assertRaises(ValidationError):
ZoneInvitation.generate(zone=zone, invited_by=new_device)
#
invitation = ZoneInvitation(zone=zone, invited_by=new_device)
with self.assertRaises(ValidationError):
invitation.set_key(Key())
