Exemplo n.º 1
0
def setup_distributed(control_uri, purpose, request_handler):
    from functools import partial

    remote_node_count = 3
    test_peers = None
    runtimes = []

    runtime = RT(control_uri)
    index = {"node_name": {"organization": "com.ericsson", "purpose": purpose}}
    index_string = format_index_string(index)

    get_index = partial(request_handler.get_index, runtime, index_string)

    def criteria(peers):
        return peers and peers.get(
            "result", None) and len(peers["result"]) >= remote_node_count

    test_peers = retry(10, get_index, criteria, "Not all nodes found")
    test_peers = test_peers["result"]

    for peer_id in test_peers:
        peer = request_handler.get_node(runtime, peer_id)
        if not peer:
            _log.warning("Runtime '%r' peer '%r' does not exist" % (
                runtime,
                peer_id,
            ))
            continue
        rt = RT(peer["control_uri"])
        rt.id = peer_id
        rt.uris = peer["uri"]
        runtimes.append(rt)

    return runtimes
Exemplo n.º 2
0
def setup_module(module):
    global request_handler
    global runtime1

    request_handler = RequestHandler()
    runtime1 = RT("http://127.0.0.1:5001")
    runtime1.id = request_handler.get_node_id(runtime1.control_uri)
Exemplo n.º 3
0
def setup_distributed(control_uri, purpose, request_handler):
    from functools import partial

    remote_node_count = 3
    test_peers = None
    runtimes = []

    runtime = RT(control_uri)
    index = {"node_name": {"organization": "com.ericsson", "purpose": purpose}}
    index_string = format_index_string(index)

    get_index = partial(request_handler.get_index, runtime, index_string)

    def criteria(peers):
        return peers and peers.get("result", None) and len(peers["result"]) >= remote_node_count

    test_peers = retry(10, get_index, criteria, "Not all nodes found")
    test_peers = test_peers["result"]

    for peer_id in test_peers:
        peer = request_handler.get_node(runtime, peer_id)
        if not peer:
            _log.warning("Runtime '%r' peer '%r' does not exist" % (runtime, peer_id, ))
            continue
        rt = RT(peer["control_uri"])
        rt.id = peer_id
        rt.uris = peer["uri"]
        runtimes.append(rt)

    return runtimes
Exemplo n.º 4
0
def start_runtime0(runtimes, hostname, request_handler, tls=False, enroll_passwords=False):
    from calvin.Tools.csruntime import csruntime
    from conftest import _config_pytest
    #Start runtime 0 as it takes alot of time to start, and needs to be up before the others start
    _log.info("Starting runtime 0")
    try:
        logfile = _config_pytest.getoption("logfile")+"5000"
        outfile = os.path.join(os.path.dirname(logfile), os.path.basename(logfile).replace("log", "out"))
        if outfile == logfile:
            outfile = None
    except:
        logfile = None
        outfile = None
    try:
        # Dump attribute file to allow manual check of starting runtimes later
        json.dump(runtimes[0]["attributes"], open("/tmp/calvin5000.attr", "w"))
    except:
        pass
    csruntime(hostname, port=5000, controlport=5020, attr=runtimes[0]["attributes"],
               loglevel=_config_pytest.getoption("loglevel"), logfile=logfile, outfile=outfile,
               configfile="/tmp/calvin5000.conf")
    uri = "calvinip://{}:5000".format(hostname)
    curi = "https://{}:5020".format(hostname) if tls==True else "http://{}:5020".format(hostname)
    runtimes[0]['RT'] = RT(curi)
    runtimes[0]['RT'].uris=[uri]
    runtimes[0]['RT'].attributes=runtimes[0]["attributes"]

    #Wait for runtime 0 to be up and running
    wait_for_runtime(request_handler, runtimes[0]["RT"])
Exemplo n.º 5
0
def setup_bluetooth(bt_master_controluri, request_handler):
    runtime = RT(bt_master_controluri)
    runtimes = []
    bt_master_id = request_handler.get_node_id(bt_master_controluri)
    data = request_handler.get_node(runtime, bt_master_id)
    if data:
        runtime.id = bt_master_id
        runtime.uris = data["uri"]
        test_peers = request_handler.get_nodes(runtime)
        test_peer2_id = test_peers[0]
        test_peer2 = request_handler.get_node(runtime, test_peer2_id)
        if test_peer2:
            rt2 = RT(test_peer2["control_uri"])
            rt2.id = test_peer2_id
            rt2.uris = test_peer2["uri"]
            runtimes.append(rt2)
        test_peer3_id = test_peers[1]
        if test_peer3_id:
            test_peer3 = request_handler.get_node(runtime, test_peer3_id)
            if test_peer3:
                rt3 = request_handler.RT(test_peer3["control_uri"])
                rt3.id = test_peer3_id
                rt3.uris = test_peer3["uri"]
                runtimes.append(rt3)
    return [runtime] + runtimes
Exemplo n.º 6
0
def start_runtime0(runtimes,
                   rt,
                   hostname,
                   request_handler,
                   tls=False,
                   enroll_passwords=False):
    from calvin.Tools.csruntime import csruntime
    from conftest import _config_pytest
    #Start runtime 0 as it takes alot of time to start, and needs to be up before the others start
    _log.info("Starting runtime 0")
    try:
        logfile = _config_pytest.getoption("logfile") + "5000"
        outfile = os.path.join(os.path.dirname(logfile),
                               os.path.basename(logfile).replace("log", "out"))
        if outfile == logfile:
            outfile = None
    except:
        logfile = None
        outfile = None
    csruntime(hostname,
              port=5000,
              controlport=5020,
              attr=runtimes[0]["attributes"],
              loglevel=_config_pytest.getoption("loglevel"),
              logfile=logfile,
              outfile=outfile,
              configfile="/tmp/calvin5000.conf")
    uri = "https://{}:5020".format(
        hostname) if tls == True else "http://{}:5020".format(hostname)
    rt.append(RT(uri))
    rt[0].attributes = runtimes[0]["attributes"]

    #Wait for runtime 0 to be up and running
    wait_for_runtime(request_handler, rt[0])
Exemplo n.º 7
0
def start_other_runtimes(runtimes, rt, hostname, request_handler, tls=False):
    from calvin.Tools.csruntime import csruntime
    from conftest import _config_pytest
    #Start the other runtimes
    for i in range(1, len(runtimes)):
        _log.info("Starting runtime {}".format(i))
        try:
            logfile = _config_pytest.getoption("logfile") + "500{}".format(i)
            outfile = os.path.join(
                os.path.dirname(logfile),
                os.path.basename(logfile).replace("log", "out"))
            if outfile == logfile:
                outfile = None
        except:
            logfile = None
            outfile = None
        csruntime(hostname,
                  port=5000 + i,
                  controlport=5020 + i,
                  attr=runtimes[i]["attributes"],
                  loglevel=_config_pytest.getoption("loglevel"),
                  logfile=logfile,
                  outfile=outfile,
                  configfile="/tmp/calvin500{}.conf".format(i))
        uri = "https://{}:502{}".format(
            hostname, i) if tls == True else "http://{}:502{}".format(
                hostname, i)
        rt.append(RT(uri))
        rt[i].attributes = runtimes[i]["attributes"]
        time.sleep(0.1)
Exemplo n.º 8
0
def start_other_runtimes(runtimes, hostname, request_handler, tls=False):
    from calvin.Tools.csruntime import csruntime
    from conftest import _config_pytest
    #Start the other runtimes
    for i in range(1, len(runtimes)):
        _log.info("Starting runtime {}".format(i))
        try:
            logfile = _config_pytest.getoption("logfile") + "500{}".format(i)
            outfile = os.path.join(
                os.path.dirname(logfile),
                os.path.basename(logfile).replace("log", "out"))
            if outfile == logfile:
                outfile = None
        except:
            logfile = None
            outfile = None
        try:
            # Dump attribute file to allow manual check of starting runtimes later
            json.dump(runtimes[0]["attributes"],
                      open("/tmp/calvin500{}.attr".format(i), "w"))
        except:
            pass
        csruntime(hostname,
                  port=5000 + i,
                  controlport=5020 + i,
                  attr=runtimes[i]["attributes"],
                  loglevel=_config_pytest.getoption("loglevel"),
                  logfile=logfile,
                  outfile=outfile,
                  configfile="/tmp/calvin500{}.conf".format(i))
        uri = "calvinip://{}:500{}".format(hostname, i)
        curi = "https://{}:502{}".format(
            hostname, i) if tls == True else "http://{}:502{}".format(
                hostname, i)
        requests_rt = RT(curi)
        runtimes[i]['RT'] = RT(curi)
        runtimes[i]['RT'].uris = [uri]
        runtimes[i]['RT'].attributes = runtimes[i]["attributes"]
        time.sleep(0.1)
    time.sleep(1)
    try:
        security_verify_storage(runtimes, request_handler)
    except Exception as err:
        _log.error("Failed storage verification, err={}".format(err))
        raise
Exemplo n.º 9
0
def start_other_runtimes(runtimes, hostname, request_handler, tls=False):
    from calvin.Tools.csruntime import csruntime
    from conftest import _config_pytest
    #Start the other runtimes
    for i in range(1, len(runtimes)):
        _log.info("Starting runtime {}".format(i))
        try:
            logfile = _config_pytest.getoption("logfile")+"500{}".format(i)
            outfile = os.path.join(os.path.dirname(logfile), os.path.basename(logfile).replace("log", "out"))
            if outfile == logfile:
                outfile = None
        except:
            logfile = None
            outfile = None
        try:
            # Dump attribute file to allow manual check of starting runtimes later
            json.dump(runtimes[0]["attributes"], open("/tmp/calvin500{}.attr".format(i), "w"))
        except:
            pass
        csruntime(hostname,
                  port=5000+i,
                  controlport=5020+i,
                  attr=runtimes[i]["attributes"],
                  loglevel=_config_pytest.getoption("loglevel"),
                  logfile=logfile,
                  outfile=outfile,
                  configfile="/tmp/calvin500{}.conf".format(i))
        uri = "calvinip://{}:500{}".format(hostname, i)
        curi = "https://{}:502{}".format(hostname, i) if tls==True else "http://{}:502{}".format(hostname, i)
        requests_rt = RT(curi)
        runtimes[i]['RT'] = RT(curi)
        runtimes[i]['RT'].uris = [uri]
        runtimes[i]['RT'].attributes=runtimes[i]["attributes"]
        time.sleep(0.1)
    time.sleep(1)
    try:
        security_verify_storage(runtimes, request_handler)
    except Exception as err:
        _log.error("Failed storage verification, err={}".format(err))
        raise
Exemplo n.º 10
0
def setup_module(module):
    global request_handler
    global runtime1
    global runtime2
    global constrained_id
    global constrained_process

    request_handler = RequestHandler()
    runtime1 = RT("http://127.0.0.1:5001")
    runtime1.id = request_handler.get_node_id(runtime1.control_uri)
    runtime2 = RT("http://127.0.0.1:5003")
    runtime2.id = request_handler.get_node_id(runtime2.control_uri)

    # start constrained
    constrained_process = subprocess.Popen(
        calvin_command +
        " -a '{\"indexed_public\": {\"node_name\": {\"organization\": \"com.ericsson\", \"purpose\": \"distributed-test\", \"group\": \"rest\", \"name\": \"constrained\"}}}' -u '[\"calvinip://127.0.0.1:5000\", \"ssdp\"]'",
        shell=True)
    for x in range(0, 10):
        peers = request_handler.get_nodes(runtime1)
        for peer in peers:
            peer_info = request_handler.get_node(runtime1, peer)
            if "constrained" in peer_info["attributes"]["indexed_public"][0]:
                constrained_id = peer
                return
        time.sleep(1)

    pytest.exit("Failed to get constrained runtimes")
Exemplo n.º 11
0
def start_runtime0(runtimes,
                   hostname,
                   request_handler,
                   tls=False,
                   enroll_passwords=False):
    from calvin.Tools.csruntime import csruntime
    from conftest import _config_pytest
    #Start runtime 0 as it takes alot of time to start, and needs to be up before the others start
    _log.info("Starting runtime 0")
    try:
        logfile = _config_pytest.getoption("logfile") + "5000"
        outfile = os.path.join(os.path.dirname(logfile),
                               os.path.basename(logfile).replace("log", "out"))
        if outfile == logfile:
            outfile = None
    except:
        logfile = None
        outfile = None
    try:
        # Dump attribute file to allow manual check of starting runtimes later
        json.dump(runtimes[0]["attributes"], open("/tmp/calvin5000.attr", "w"))
    except:
        pass
    csruntime(hostname,
              port=5000,
              controlport=5020,
              attr=runtimes[0]["attributes"],
              loglevel=_config_pytest.getoption("loglevel"),
              logfile=logfile,
              outfile=outfile,
              configfile="/tmp/calvin5000.conf")
    uri = "calvinip://{}:5000".format(hostname)
    curi = "https://{}:5020".format(
        hostname) if tls == True else "http://{}:5020".format(hostname)
    runtimes[0]['RT'] = RT(curi)
    runtimes[0]['RT'].uris = [uri]
    runtimes[0]['RT'].attributes = runtimes[0]["attributes"]

    #Wait for runtime 0 to be up and running
    wait_for_runtime(request_handler, runtimes[0]["RT"])
Exemplo n.º 12
0
def setup_bluetooth(bt_master_controluri, request_handler):
    runtime = RT(bt_master_controluri)
    runtimes = []
    bt_master_id = request_handler.get_node_id(bt_master_controluri)
    data = request_handler.get_node(runtime, bt_master_id)
    if data:
        runtime.id = bt_master_id
        runtime.uris = data["uri"]
        test_peers = request_handler.get_nodes(runtime)
        test_peer2_id = test_peers[0]
        test_peer2 = request_handler.get_node(runtime, test_peer2_id)
        if test_peer2:
            rt2 = RT(test_peer2["control_uri"])
            rt2.id = test_peer2_id
            rt2.uris = test_peer2["uri"]
            runtimes.append(rt2)
        test_peer3_id = test_peers[1]
        if test_peer3_id:
            test_peer3 = request_handler.get_node(runtime, test_peer3_id)
            if test_peer3:
                rt3 = request_handler.RT(test_peer3["control_uri"])
                rt3.id = test_peer3_id
                rt3.uris = test_peer3["uri"]
                runtimes.append(rt3)
    return [runtime] + runtimes
Exemplo n.º 13
0
def main():
    if not get_node_id(RT(sys.argv[1])):
        print "Failed to get id"
        sys.exit(1)
Exemplo n.º 14
0
    def setup(self, request):
        from calvin.Tools.csruntime import csruntime
        from conftest import _config_pytest
        import fileinput
        global rt
        global request_handler
        try:
            shutil.rmtree(credentials_testdir)
        except Exception as err:
            print "Failed to remove old tesdir, err={}".format(err)
            pass
        try:
            os.makedirs(credentials_testdir)
            os.makedirs(runtimesdir)
            os.makedirs(runtimes_truststore)
            os.makedirs(runtimes_truststore_signing_path)
            os.makedirs(actor_store_path)
            os.makedirs(os.path.join(actor_store_path, "test"))
            shutil.copy(
                os.path.join(orig_actor_store_path, "test", "__init__.py"),
                os.path.join(actor_store_path, "test", "__init__.py"))
            os.makedirs(os.path.join(actor_store_path, "std"))
            shutil.copy(
                os.path.join(orig_actor_store_path, "std", "__init__.py"),
                os.path.join(actor_store_path, "std", "__init__.py"))
            shutil.copytree(orig_application_store_path,
                            application_store_path)
            filelist = [
                f for f in os.listdir(application_store_path)
                if f.endswith(".sign.93d58fef")
            ]
            for f in filelist:
                os.remove(os.path.join(application_store_path, f))
            shutil.copytree(
                os.path.join(security_testdir, "identity_provider"),
                identity_provider_path)
        except Exception as err:
            _log.error(
                "Failed to create test folder structure, err={}".format(err))
            print "Failed to create test folder structure, err={}".format(err)
            raise

        print "Trying to create a new test application/actor signer."
        cs = code_signer.CS(organization="testsigner",
                            commonName="signer",
                            security_dir=credentials_testdir)

        #Create signed version of CountTimer actor
        orig_actor_CountTimer_path = os.path.join(orig_actor_store_path, "std",
                                                  "CountTimer.py")
        actor_CountTimer_path = os.path.join(actor_store_path, "std",
                                             "CountTimer.py")
        shutil.copy(orig_actor_CountTimer_path, actor_CountTimer_path)
        #        cs.sign_file(actor_CountTimer_path)

        #Create unsigned version of CountTimer actor
        actor_CountTimerUnsigned_path = actor_CountTimer_path.replace(
            ".py", "Unsigned.py")
        shutil.copy(actor_CountTimer_path, actor_CountTimerUnsigned_path)
        replace_text_in_file(actor_CountTimerUnsigned_path, "CountTimer",
                             "CountTimerUnsigned")

        #Create signed version of Sum actor
        orig_actor_Sum_path = os.path.join(orig_actor_store_path, "std",
                                           "Sum.py")
        actor_Sum_path = os.path.join(actor_store_path, "std", "Sum.py")
        shutil.copy(orig_actor_Sum_path, actor_Sum_path)
        #        cs.sign_file(actor_Sum_path)

        #Create unsigned version of Sum actor
        actor_SumUnsigned_path = actor_Sum_path.replace(".py", "Unsigned.py")
        shutil.copy(actor_Sum_path, actor_SumUnsigned_path)
        replace_text_in_file(actor_SumUnsigned_path, "Sum", "SumUnsigned")

        #Create incorrectly signed version of Sum actor
        #        actor_SumFake_path = actor_Sum_path.replace(".py", "Fake.py")
        #        shutil.copy(actor_Sum_path, actor_SumFake_path)
        #        #Change the class name to SumFake
        #        replace_text_in_file(actor_SumFake_path, "Sum", "SumFake")
        #        cs.sign_file(actor_SumFake_path)
        #        #Now append to the signed file so the signature verification fails
        #        with open(actor_SumFake_path, "a") as fd:
        #                fd.write(" ")

        #Create signed version of Sink actor
        orig_actor_Sink_path = os.path.join(orig_actor_store_path, "test",
                                            "Sink.py")
        actor_Sink_path = os.path.join(actor_store_path, "test", "Sink.py")
        shutil.copy(orig_actor_Sink_path, actor_Sink_path)
        #        cs.sign_file(actor_Sink_path)

        #Create unsigned version of Sink actor
        actor_SinkUnsigned_path = actor_Sink_path.replace(".py", "Unsigned.py")
        shutil.copy(actor_Sink_path, actor_SinkUnsigned_path)
        replace_text_in_file(actor_SinkUnsigned_path, "Sink", "SinkUnsigned")

        #Sign applications
        #        cs.sign_file(os.path.join(application_store_path, "test_security1_correctly_signed.calvin"))
        #        cs.sign_file(os.path.join(application_store_path, "test_security1_correctlySignedApp_incorrectlySignedActor.calvin"))
        #        cs.sign_file(os.path.join(application_store_path, "test_security1_incorrectly_signed.calvin"))
        #        #Now append to the signed file so the signature verification fails
        #        with open(os.path.join(application_store_path, "test_security1_incorrectly_signed.calvin"), "a") as fd:
        #                fd.write(" ")

        #        print "Export Code Signers certificate to the truststore for code signing"
        #        out_file = cs.export_cs_cert(runtimes_truststore_signing_path)

        print "Trying to create a new test domain configuration."
        ca = certificate_authority.CA(domain=domain_name,
                                      commonName="testdomain CA",
                                      security_dir=credentials_testdir)
        #
        print "Copy CA cert into truststore of runtimes folder"
        ca.export_ca_cert(runtimes_truststore)
        #Define the runtime attributes
        rt0_attributes = {
            'indexed_public': {
                'owner': {
                    'organization': domain_name,
                    'personOrGroup': 'testOwner1'
                },
                'node_name': {
                    'organization': 'org.testexample',
                    'name': 'CA'
                },
                'address': {
                    'country': 'SE',
                    'locality': 'testCity',
                    'street': 'testStreet',
                    'streetNumber': 1
                }
            }
        }
        rt1_attributes = {
            'indexed_public': {
                'owner': {
                    'organization': domain_name,
                    'personOrGroup': 'testOwner1'
                },
                'node_name': {
                    'organization': 'org.testexample',
                    'name': 'testNode1'
                },
                'address': {
                    'country': 'SE',
                    'locality': 'testCity',
                    'street': 'testStreet',
                    'streetNumber': 1
                }
            }
        }
        rt2_attributes = {
            'indexed_public': {
                'owner': {
                    'organization': domain_name,
                    'personOrGroup': 'testOwner1'
                },
                'node_name': {
                    'organization': 'org.testexample',
                    'name': 'testNode2'
                },
                'address': {
                    'country': 'SE',
                    'locality': 'testCity',
                    'street': 'otherStreet',
                    'streetNumber': 1
                }
            }
        }
        rt3_attributes = {
            'indexed_public': {
                'owner': {
                    'organization': domain_name,
                    'personOrGroup': 'testOwner1'
                },
                'node_name': {
                    'organization': 'org.testexample',
                    'name': 'testNode3'
                },
                'address': {
                    'country': 'SE',
                    'locality': 'testCity',
                    'street': 'testStreet',
                    'streetNumber': 1
                }
            }
        }
        rt4_attributes = {
            'indexed_public': {
                'owner': {
                    'organization': domain_name,
                    'personOrGroup': 'testOwner1'
                },
                'node_name': {
                    'organization': 'org.testexample',
                    'name': 'testNode4'
                },
                'address': {
                    'country': 'SE',
                    'locality': 'testCity',
                    'street': 'testStreet',
                    'streetNumber': 1
                }
            }
        }
        rt5_attributes = {
            'indexed_public': {
                'owner': {
                    'organization': domain_name,
                    'personOrGroup': 'testOwner1'
                },
                'node_name': {
                    'organization': 'org.testexample',
                    'name': 'testNode5'
                },
                'address': {
                    'country': 'SE',
                    'locality': 'testCity',
                    'street': 'testStreet',
                    'streetNumber': 1
                }
            }
        }
        rt_attributes = []
        rt_attributes.append(deepcopy(rt0_attributes))
        rt_attributes.append(deepcopy(rt1_attributes))
        rt_attributes.append(deepcopy(rt2_attributes))
        rt_attributes.append(deepcopy(rt3_attributes))
        rt_attributes.append(deepcopy(rt4_attributes))
        rt_attributes.append(deepcopy(rt5_attributes))
        rt_attributes_cpy = deepcopy(rt_attributes)
        runtimes = []
        #Initiate Requesthandler with trusted CA cert
        truststore_dir = certificate.get_truststore_path(
            type=certificate.TRUSTSTORE_TRANSPORT,
            security_dir=credentials_testdir)
        #   The following is less than optimal if multiple CA certs exist
        ca_cert_path = os.path.join(truststore_dir,
                                    os.listdir(truststore_dir)[0])
        request_handler = RequestHandler(verify=ca_cert_path)
        #Generate credentials, create CSR, sign with CA and import cert for all runtimes
        enrollment_passwords = []
        for rt_attribute in rt_attributes:
            attributes = AttributeResolver(rt_attribute)
            node_name = attributes.get_node_name_as_str()
            nodeid = calvinuuid.uuid("")
            enrollment_password = ca.cert_enrollment_add_new_runtime(node_name)
            enrollment_passwords.append(enrollment_password)
            runtime = runtime_credentials.RuntimeCredentials(
                node_name,
                domain=domain_name,
                security_dir=credentials_testdir,
                nodeid=nodeid,
                enrollment_password=enrollment_password)
            runtimes.append(runtime)
            ca_cert = runtime.get_truststore(
                type=certificate.TRUSTSTORE_TRANSPORT)[0][0]
            csr_path = os.path.join(runtime.runtime_dir, node_name + ".csr")
            #Encrypt CSR with CAs public key (to protect enrollment password)
            rsa_encrypted_csr = runtime.cert_enrollment_encrypt_csr(
                csr_path, ca_cert)
            #Decrypt encrypted CSR with CAs private key
            csr = ca.decrypt_encrypted_csr(
                encrypted_enrollment_request=rsa_encrypted_csr)
            csr_path = ca.store_csr_with_enrollment_password(csr)
            cert_path = ca.sign_csr(csr_path)
            runtime.store_own_cert(certpath=cert_path,
                                   security_dir=credentials_testdir)
        #Let's hash passwords in users.json file (the runtimes will try to do this
        # but they will all try to do it at the same time, so it will be overwritten
        # multiple times and the first test will always fail)
#        self.arp = FileAuthenticationRetrievalPoint(identity_provider_path)
#        self.arp.check_stored_users_db_for_unhashed_passwords()

#The policy allows access to control interface for everyone, for more advanced rules
# it might be appropriate to run set_credentials for request_handler, e.g.,
#  request_handler.set_credentials({domain_name:{"user": "******", "password": "******"}})

        rt_conf = copy.deepcopy(_conf)
        #        rt_conf.set('security', 'runtime_to_runtime_security', "tls")
        #        rt_conf.set('security', 'control_interface_security', "tls")
        rt_conf.set('security', 'domain_name', domain_name)
        #        rt_conf.set('security', 'certificate_authority_control_uri',"https://%s:5020" % hostname )
        rt_conf.set('security', 'security_dir', credentials_testdir)
        rt_conf.set('global', 'actor_paths', [actor_store_path])
        rt_conf.set('global', 'storage_type', "securedht")

        # Runtime 0: local authentication, signature verification, local authorization.
        # Primarily acts as Certificate Authority for the domain
        rt0_conf = copy.deepcopy(rt_conf)
        #        rt0_conf.set('security','enrollment_password',enrollment_passwords[0])
        #The csruntime certificate requests assumes TLS for the control interface
        #        rt0_conf.set('security', 'control_interface_security', "tls")
        #        rt0_conf.set('security','certificate_authority','True')
        #        rt0_conf.set("security", "security_conf", {
        #                        "comment": "Certificate Authority",
        #                        "authentication": {
        #                            "procedure": "local",
        #                            "identity_provider_path": identity_provider_path
        #                        },
        #                        "authorization": {
        #                            "procedure": "local",
        #                            "policy_storage_path": policy_storage_path
        #                        }
        #                    })
        rt0_conf.save("/tmp/calvin5000.conf")

        # Runtime 1: local authentication, signature verification, local authorization.
        rt1_conf = copy.deepcopy(rt_conf)
        #        rt1_conf.set('security','enrollment_password',enrollment_passwords[1])
        #        rt1_conf.set("security", "security_conf", {
        #                        "comment": "Local authentication, local authorization",
        #                        "authentication": {
        #                            "procedure": "local",
        #                            "identity_provider_path": identity_provider_path
        #                        },
        #                        "authorization": {
        #                            "procedure": "local",
        #                            "policy_storage_path": policy_storage_path
        #                        }
        #                    })
        rt1_conf.save("/tmp/calvin5001.conf")

        # Runtime 2: local authentication, signature verification, local authorization.
        # Can also act as authorization server for other runtimes.
        # Other street compared to the other runtimes
        rt2_conf = copy.deepcopy(rt_conf)
        #        rt2_conf.set('security','enrollment_password',enrollment_passwords[2])
        #        rt2_conf.set("security", "security_conf", {
        #                        "comment": "Local authentication, local authorization",
        #                        "authentication": {
        #                            "procedure": "local",
        #                            "identity_provider_path": identity_provider_path
        #                        },
        #                        "authorization": {
        #                            "procedure": "local",
        #                            "policy_storage_path": policy_storage_path,
        #                            "accept_external_requests": True
        #                        }
        #                    })
        rt2_conf.save("/tmp/calvin5002.conf")

        # Runtime 3: external authentication (RADIUS), signature verification, local authorization.
        rt3_conf = copy.deepcopy(rt_conf)
        #        rt3_conf.set('security','enrollment_password',enrollment_passwords[3])
        #        rt3_conf.set("security", "security_conf", {
        #                        "comment": "RADIUS authentication, local authorization",
        #                        "authentication": {
        #                            "procedure": "radius",
        #                            "server_ip": "localhost",
        #                            "secret": "elxghyc5lz1_passwd"
        #                        },
        #                        "authorization": {
        #                            "procedure": "local",
        #                            "policy_storage_path": policy_storage_path
        #                        }
        #                    })
        rt3_conf.save("/tmp/calvin5003.conf")

        # Runtime 4: local authentication, signature verification, external authorization (runtime 2).
        rt4_conf = copy.deepcopy(rt_conf)
        #        rt4_conf.set('security','enrollment_password',enrollment_passwords[4])
        #        rt4_conf.set("security", "security_conf", {
        #                        "comment": "Local authentication, external authorization",
        #                        "authentication": {
        #                            "procedure": "local",
        #                            "identity_provider_path": identity_provider_path
        #                        },
        #                        "authorization": {
        #                            "procedure": "external"
        #                        }
        #                    })
        rt4_conf.save("/tmp/calvin5004.conf")

        # Runtime 5: external authentication (runtime 1), signature verification, local authorization.
        rt5_conf = copy.deepcopy(rt_conf)
        #        rt5_conf.set('global','storage_type','proxy')
        #        rt5_conf.set('global','storage_proxy',"calvinip://%s:5000" % ip_addr )
        #        rt5_conf.set('security','enrollment_password',enrollment_passwords[5])
        #        rt5_conf.set("security", "security_conf", {
        #                        "comment": "Local authentication, external authorization",
        #                        "authentication": {
        #                            "procedure": "external",
        #                            "server_uuid": runtimes[1].node_id
        #                        },
        #                        "authorization": {
        #                            "procedure": "local",
        #                            "policy_storage_path": policy_storage_path
        #                        }
        #                    })
        rt5_conf.save("/tmp/calvin5005.conf")

        #Start all runtimes
        for i in range(len(rt_attributes_cpy)):
            _log.info("Starting runtime {}".format(i))
            try:
                logfile = _config_pytest.getoption("logfile") + "500{}".format(
                    i)
                outfile = os.path.join(
                    os.path.dirname(logfile),
                    os.path.basename(logfile).replace("log", "out"))
                if outfile == logfile:
                    outfile = None
            except:
                logfile = None
                outfile = None
            csruntime(hostname,
                      port=5000 + i,
                      controlport=5020 + i,
                      attr=rt_attributes_cpy[i],
                      loglevel=_config_pytest.getoption("loglevel"),
                      logfile=logfile,
                      outfile=outfile,
                      configfile="/tmp/calvin500{}.conf".format(i))
            #            rt.append(RT("https://{}:502{}".format(hostname, i)))
            rt.append(RT("http://{}:502{}".format(hostname, i)))
            # Wait to be sure that all runtimes has started
            time.sleep(1)
        time.sleep(10)

        request.addfinalizer(self.teardown)
Exemplo n.º 15
0
    def setup(self, request):
        from calvin.Tools.csruntime import csruntime
        from conftest import _config_pytest
        global rt1
        global rt2
        global rt3
        global rt4
        global security_test_dir
        security_test_dir = os.path.join(os.path.dirname(__file__), "security_test")

        # Runtime 1: local authentication, signature verification, local authorization.
        rt_conf = copy.deepcopy(_conf)
        rt_conf.set('security', 'security_domain_name', "testdomain")
        rt_conf.set('security', 'security_path',security_test_dir)
        rt_conf.set('global', 'actor_paths', [os.path.join(security_test_dir, "store")])
        rt1_conf = copy.deepcopy(rt_conf)
        rt1_conf.set("security", "security_conf", {
                        "comment": "Local authentication, local authorization",
                        "signature_trust_store": os.path.join(security_test_dir, "trustStore"),
                        "authentication": {
                            "procedure": "local",
                            "identity_provider_path": os.path.join(security_test_dir, "identity_provider")
                        },
                        "authorization": {
                            "procedure": "local",
                            "policy_storage_path": os.path.join(security_test_dir, "policies")
                        }
                    })
        rt1_conf.set('global', 'actor_paths', [os.path.join(security_test_dir, "store")])
        rt1_conf.save("/tmp/calvin5001.conf")

        try:
            logfile = _config_pytest.getoption("logfile")+"5001"
            outfile = os.path.join(os.path.dirname(logfile), os.path.basename(logfile).replace("log", "out"))
            if outfile == logfile:
                outfile = None
        except:
            logfile = None
            outfile = None
        csruntime(ip_addr, port=5001, controlport=5021, attr={'indexed_public':
                  {'owner':{'organization': 'org.testexample', 'personOrGroup': 'testOwner1'},
                   'node_name': {'organization': 'org.testexample', 'name': 'testNode1'},
                   'address': {'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1}}},
                   loglevel=_config_pytest.getoption("loglevel"), logfile=logfile, outfile=outfile,
                   configfile="/tmp/calvin5001.conf")
        rt1 = RT("http://%s:5021" % ip_addr)


        # Runtime 2: local authentication, signature verification, local authorization.
        # Can also act as authorization server for other runtimes.
        # Other street compared to the other runtimes
        rt2_conf = copy.deepcopy(rt_conf)
        rt2_conf.set("security", "security_conf", {
                        "comment": "Local authentication, local authorization",
                        "signature_trust_store": os.path.join(security_test_dir, "trustStore"),
                        "authentication": {
                            "procedure": "local",
                            "identity_provider_path": os.path.join(security_test_dir, "identity_provider")
                        },
                        "authorization": {
                            "procedure": "local",
                            "policy_storage_path": os.path.join(security_test_dir, "policies"),
                            "accept_external_requests": True
                        }
                    })
        rt2_conf.set('global', 'actor_paths', [os.path.join(security_test_dir, "store")])
        rt2_conf.save("/tmp/calvin5002.conf")

        try:
            logfile = _config_pytest.getoption("logfile")+"5002"
            outfile = os.path.join(os.path.dirname(logfile), os.path.basename(logfile).replace("log", "out"))
            if outfile == logfile:
                outfile = None
        except:
            logfile = None
            outfile = None
        csruntime(ip_addr, port=5002, controlport=5022, attr={'indexed_public':
                  {'owner':{'organization': 'org.testexample', 'personOrGroup': 'testOwner1'},
                   'node_name': {'organization': 'org.testexample', 'name': 'testNode2'},
                   'address': {'country': 'SE', 'locality': 'testCity', 'street': 'otherStreet', 'streetNumber': 1}}},
                   loglevel=_config_pytest.getoption("loglevel"), logfile=logfile, outfile=outfile,
                   configfile="/tmp/calvin5002.conf")
        rt2 = RT("http://%s:5022" % ip_addr)


        # Runtime 3: external authentication (RADIUS), signature verification, local authorization.
        rt3_conf = copy.deepcopy(rt_conf)
        rt3_conf.set("security", "security_conf", {
                        "comment": "RADIUS authentication, local authorization",
                        "signature_trust_store": os.path.join(security_test_dir, "trustStore"),
                        "authentication": {
                            "procedure": "radius", 
                            "server_ip": "localhost", 
                            "secret": "elxghyc5lz1_passwd"
                        },
                        "authorization": {
                            "procedure": "local",
                            "policy_storage_path": os.path.join(security_test_dir, "policies")
                        }
                    })
        rt3_conf.set('global', 'actor_paths', [os.path.join(security_test_dir, "store")])
        rt3_conf.save("/tmp/calvin5003.conf")
        try:
            logfile = _config_pytest.getoption("logfile")+"5003"
            outfile = os.path.join(os.path.dirname(logfile), os.path.basename(logfile).replace("log", "out"))
            if outfile == logfile:
                outfile = None
        except:
            logfile = None
            outfile = None
        csruntime(ip_addr, port=5003, controlport=5023, attr={'indexed_public':
                  {'owner':{'organization': 'org.testexample', 'personOrGroup': 'testOwner1'},
                   'node_name': {'organization': 'org.testexample', 'name': 'testNode3'},
                   'address': {'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1}}},
                   loglevel=_config_pytest.getoption("loglevel"), logfile=logfile, outfile=outfile,
                   configfile="/tmp/calvin5003.conf")
        rt3 = RT("http://%s:5023" % ip_addr)


        # Runtime 4: local authentication, signature verification, external authorization (runtime 2).
        rt4_conf = copy.deepcopy(rt_conf)
        rt4_conf.set("security", "security_conf", {
                        "comment": "Local authentication, external authorization",
                        "signature_trust_store": os.path.join(security_test_dir, "trustStore"),
                        "authentication": {
                            "procedure": "local",
                            "identity_provider_path": os.path.join(security_test_dir, "identity_provider")
                        },
                        "authorization": {
                            "procedure": "external",
                            "server_uuid": "17e9ad66-bcba-4068-bc17-7fcc86aa870e"
                        }
                    })
        rt4_conf.set('global', 'actor_paths', [os.path.join(security_test_dir, "store")])
        rt4_conf.save("/tmp/calvin5004.conf")
        try:
            logfile = _config_pytest.getoption("logfile")+"5004"
            outfile = os.path.join(os.path.dirname(logfile), os.path.basename(logfile).replace("log", "out"))
            if outfile == logfile:
                outfile = None
        except:
            logfile = None
            outfile = None
        time.sleep(1)  # Wait to be sure that runtime 2 has started
        csruntime(ip_addr, port=5004, controlport=5024, attr={'indexed_public':
                  {'owner':{'organization': 'org.testexample', 'personOrGroup': 'testOwner1'},
                   'node_name': {'organization': 'org.testexample', 'name': 'testNode4'},
                   'address': {'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1}}},
                   loglevel=_config_pytest.getoption("loglevel"), logfile=logfile, outfile=outfile,
                   configfile="/tmp/calvin5004.conf")
        rt4 = RT("http://%s:5024" % ip_addr)

        request.addfinalizer(self.teardown)
Exemplo n.º 16
0
def setup_module(module):
    global runtime
    global runtimes
    global peerlist
    global kill_peers
    global request_handler
    ip_addr = None
    bt_master_controluri = None

    request_handler = RequestHandler()
    try:
        ip_addr = os.environ["CALVIN_TEST_IP"]
        purpose = os.environ["CALVIN_TEST_UUID"]
    except KeyError:
        pass

    if ip_addr is None:
        # Bluetooth tests assumes one master runtime with two connected peers
        # CALVIN_TEST_BT_MASTERCONTROLURI is the control uri of the master runtime
        try:
            bt_master_controluri = os.environ[
                "CALVIN_TEST_BT_MASTERCONTROLURI"]
            _log.debug("Running Bluetooth tests")
        except KeyError:
            pass

    if ip_addr:
        remote_node_count = 2
        kill_peers = False
        test_peers = None

        import socket
        ports = []
        for a in range(2):
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            s.bind(('', 0))
            addr = s.getsockname()
            ports.append(addr[1])
            s.close()

        runtime, _ = dispatch_node(["calvinip://%s:%s" % (ip_addr, ports[0])],
                                   "http://%s:%s" % (ip_addr, ports[1]))

        _log.debug(
            "First runtime started, control http://%s:%s, calvinip://%s:%s" %
            (ip_addr, ports[1], ip_addr, ports[0]))

        interval = 0.5
        for retries in range(1, 20):
            time.sleep(interval)
            _log.debug("Trying to get test nodes for 'purpose' %s" % purpose)
            test_peers = request_handler.get_index(
                runtime,
                format_index_string({
                    'node_name': {
                        'organization': 'com.ericsson',
                        'purpose': purpose
                    }
                }))
            if not test_peers is None and not test_peers["result"] is None and \
                    len(test_peers["result"]) == remote_node_count:
                test_peers = test_peers["result"]
                break

        if test_peers is None or len(test_peers) != remote_node_count:
            _log.debug(
                "Failed to find all remote nodes within time, peers = %s" %
                test_peers)
            raise Exception("Not all nodes found dont run tests, peers = %s" %
                            test_peers)

        test_peer2_id = test_peers[0]
        test_peer2 = request_handler.get_node(runtime, test_peer2_id)
        if test_peer2:
            runtime2 = RT(test_peer2["control_uri"])
            runtime2.id = test_peer2_id
            runtime2.uri = test_peer2["uri"]
            runtimes.append(runtime2)
        test_peer3_id = test_peers[1]
        if test_peer3_id:
            test_peer3 = request_handler.get_node(runtime, test_peer3_id)
            if test_peer3:
                runtime3 = RT(test_peer3["control_uri"])
                runtime3.id = test_peer3_id
                runtime3.uri = test_peer3["uri"]
                runtimes.append(runtime3)
    elif bt_master_controluri:
        runtime = RT(bt_master_controluri)
        bt_master_id = request_handler.get_node_id(bt_master_controluri)
        data = request_handler.get_node(runtime, bt_master_id)
        if data:
            runtime.id = bt_master_id
            runtime.uri = data["uri"]
            test_peers = request_handler.get_nodes(runtime)
            test_peer2_id = test_peers[0]
            test_peer2 = request_handler.get_node(runtime, test_peer2_id)
            if test_peer2:
                rt2 = RT(test_peer2["control_uri"])
                rt2.id = test_peer2_id
                rt2.uri = test_peer2["uri"]
                runtimes.append(rt2)
            test_peer3_id = test_peers[1]
            if test_peer3_id:
                test_peer3 = request_handler.get_node(runtime, test_peer3_id)
                if test_peer3:
                    rt3 = request_handler.RT(test_peer3["control_uri"])
                    rt3.id = test_peer3_id
                    rt3.uri = test_peer3["uri"]
                    runtimes.append(rt3)
    else:
        try:
            ip_addr = os.environ["CALVIN_TEST_LOCALHOST"]
        except:
            import socket
            ip_addr = socket.gethostbyname(socket.gethostname())
        localhost = "calvinip://%s:5000" % (ip_addr, ), "http://localhost:5001"
        remotehosts = [("calvinip://%s:%d" % (ip_addr, d),
                        "http://localhost:%d" % (d + 1))
                       for d in range(5002, 5005, 2)]
        # remotehosts = [("calvinip://127.0.0.1:5002", "http://localhost:5003")]

        for host in remotehosts:
            runtimes += [dispatch_node([host[0]], host[1])[0]]

        runtime, _ = dispatch_node([localhost[0]], localhost[1])

        time.sleep(1)

        # FIXME When storage up and running peersetup not needed, but still useful during testing
        request_handler.peer_setup(runtime, [i[0] for i in remotehosts])

        time.sleep(0.5)
        """

        # FIXME Does not yet support peerlist
        try:
            self.peerlist = peerlist(
                self.runtime, self.runtime.id, len(remotehosts))

            # Make sure all peers agree on network
            [peerlist(self.runtime, p, len(self.runtimes)) for p in self.peerlist]
        except:
            self.peerlist = []
        """

    peerlist = [rt.control_uri for rt in runtimes]
    print "SETUP DONE ***", peerlist
Exemplo n.º 17
0
def setup_local(ip_addr, request_handler, nbr, proxy_storage):
    def check_storage(rt, n, index):
        index_string = format_index_string(index)
        retries = 0
        while retries < 120:
            try:
                retries += 1
                peers = request_handler.get_index(rt, index_string, timeout=60)
            except Exception as e:
                try:
                    notfound = e.message.startswith("404")
                except:
                    notfound = False
                if notfound:
                    peers = {'result': []}
                else:
                    _log.info("Timed out when finding peers retrying")
                    retries += 39  # A timeout counts more we don't want to wait 60*100 seconds
                    continue
            if len(peers['result']) >= n:
                _log.info("Found %d peers (%r)", len(peers['result']),
                          peers['result'])
                return
            _log.info("Only %d peers found (%r)", len(peers['result']),
                      peers['result'])
            time.sleep(1)
        # No more retrying
        raise Exception("Storage check failed, could not find peers.")

    hosts = [("calvinip://%s:%d" % (ip_addr, d),
              "http://%s:%d" % (ip_addr, d + 1))
             for d in range(5200, 5200 + 2 * nbr, 2)]

    runtimes = []

    host = hosts[0]
    attr = {
        u'indexed_public': {
            u'node_name': {
                u'organization': u'com.ericsson',
                u'purpose': u'distributed-test'
            }
        }
    }
    attr_first = copy.deepcopy(attr)
    attr_first['indexed_public']['node_name']['group'] = u'first'
    attr_first['indexed_public']['node_name']['name'] = u'runtime1'
    attr_rest = copy.deepcopy(attr)
    attr_rest['indexed_public']['node_name']['group'] = u'rest'

    _log.info("starting runtime %s %s" % host)

    if proxy_storage:
        import calvin.runtime.north.storage
        calvin.runtime.north.storage._conf.set('global', 'storage_type',
                                               'local')
    rt, _ = dispatch_node([host[0]], host[1], attributes=attr_first)
    check_storage(rt, len(runtimes) + 1, attr['indexed_public'])
    runtimes += [rt]
    if proxy_storage:
        import calvin.runtime.north.storage
        calvin.runtime.north.storage._conf.set('global', 'storage_type',
                                               'proxy')
        calvin.runtime.north.storage._conf.set('global', 'storage_proxy',
                                               host[0])
    _log.info("started runtime %s %s" % host)

    count = 2
    for host in hosts[1:]:
        if nbr > 3:
            # Improve likelihood of success if runtimes started with a time interval
            time.sleep(10.0)
        _log.info("starting runtime %s %s" % host)
        attr_rt = copy.deepcopy(attr_rest)
        attr_rt['indexed_public']['node_name']['name'] = u'runtime' + str(
            count)
        count += 1
        rt, _ = dispatch_node([host[0]], host[1], attributes=attr_rt)
        check_storage(rt, len(runtimes) + 1, attr['indexed_public'])
        _log.info("started runtime %s %s" % host)
        runtimes += [rt]

    for host in hosts:
        check_storage(RT(host[1]), nbr, attr['indexed_public'])

    for host in hosts:
        request_handler.peer_setup(RT(host[1]),
                                   [h[0] for h in hosts if h != host])

    return runtimes
Exemplo n.º 18
0
    def setup(self, request):
        from calvin.Tools.csruntime import csruntime
        from conftest import _config_pytest
        import fileinput
        global hostname
        global rt
        global rt_attributes
        global request_handler
        try:
            ipv6_hostname = socket.gethostbyaddr('::1')
        except Exception as err:
            print(
                "Failed to resolve the IPv6 localhost hostname, please update the corresponding entry in the /etc/hosts file, e.g.,:\n"
                "\t::1              <hostname>.localdomain <hostname>.local <hostname> localhost"
            )
            raise
        try:
            ipv6_hostname = socket.gethostbyaddr('::ffff:127.0.0.1')
        except Exception as err:
            print(
                "Failed to resolve ::ffff:127.0.0.1, please add the following line (with your hostname) to  /etc/hosts :\n"
                "::ffff:127.0.0.1:           <hostname>.localdomain <hostname>.local <hostname>"
            )
            raise
        try:
            hostname = socket.gethostname()
            ip_addr = socket.gethostbyname(hostname)
            fqdn = socket.getfqdn(hostname)
            print("\n\tip_addr={}"
                  "\n\thostname={}"
                  "\n\tfqdn={}".format(ip_addr, hostname, fqdn))
        except Exception as err:
            print(
                "Failed to resolve the hostname, ip_addr or the FQDN of the runtime, err={}"
                .format(err))
            raise

        try:
            shutil.rmtree(credentials_testdir)
        except Exception as err:
            print "Failed to remove old tesdir, err={}".format(err)
            pass
        try:
            os.mkdir(credentials_testdir)
            os.mkdir(runtimesdir)
            os.mkdir(runtimes_truststore)
        except Exception as err:
            _log.error(
                "Failed to create test folder structure, err={}".format(err))
            print "Failed to create test folder structure, err={}".format(err)
            raise

        _log.info("Trying to create a new test domain configuration.")
        try:
            ca = certificate_authority.CA(domain=domain_name,
                                          commonName="testdomain CA",
                                          security_dir=credentials_testdir)
        except Exception as err:
            _log.error("Failed to create CA, err={}".format(err))

        _log.info("Copy CA cert into truststore of runtimes folder")
        ca.export_ca_cert(runtimes_truststore)
        node_names = []
        rt_attributes = []
        for i in range(6):
            node_name = {
                'organization': 'org.testexample',
                'name': 'testNode{}'.format(i)
            }
            owner = {'organization': domain_name, 'personOrGroup': 'testOwner'}
            address = {
                'country': 'SE',
                'locality': 'testCity',
                'street': 'testStreet',
                'streetNumber': 1
            }
            rt_attribute = {
                'indexed_public': {
                    'owner': owner,
                    'node_name': node_name,
                    'address': address
                }
            }
            rt_attributes.append(rt_attribute)
        rt_attributes_cpy = deepcopy(rt_attributes)
        runtimes = []
        #Initiate Requesthandler with trusted CA cert
        truststore_dir = certificate.get_truststore_path(
            type=certificate.TRUSTSTORE_TRANSPORT,
            security_dir=credentials_testdir)
        #   The following is less than optimal if multiple CA certs exist
        ca_cert_path = os.path.join(truststore_dir,
                                    os.listdir(truststore_dir)[0])
        request_handler = RequestHandler(verify=ca_cert_path)

        #Generate credentials, create CSR, sign with CA and import cert for all runtimes
        enrollment_passwords = []
        for rt_attribute in rt_attributes_cpy:
            _log.info("rt_attribute={}".format(rt_attribute))
            attributes = AttributeResolver(rt_attribute)
            node_name = attributes.get_node_name_as_str()
            nodeid = calvinuuid.uuid("")
            enrollment_password = ca.cert_enrollment_add_new_runtime(node_name)
            enrollment_passwords.append(enrollment_password)
            runtime = runtime_credentials.RuntimeCredentials(
                node_name,
                domain=domain_name,
                security_dir=credentials_testdir,
                nodeid=nodeid,
                enrollment_password=enrollment_password)
            runtimes.append(runtime)
            ca_cert = runtime.get_truststore(
                type=certificate.TRUSTSTORE_TRANSPORT)[0][0]
            csr_path = os.path.join(runtime.runtime_dir, node_name + ".csr")
            #Encrypt CSR with CAs public key (to protect enrollment password)
            rsa_encrypted_csr = runtime.cert_enrollment_encrypt_csr(
                csr_path, ca_cert)
            #Decrypt encrypted CSR with CAs private key
            csr = ca.decrypt_encrypted_csr(
                encrypted_enrollment_request=rsa_encrypted_csr)
            csr_path = ca.store_csr_with_enrollment_password(csr)
            cert_path = ca.sign_csr(csr_path)
            runtime.store_own_cert(certpath=cert_path,
                                   security_dir=credentials_testdir)

        rt_conf = copy.deepcopy(_conf)
        rt_conf.set('security', 'runtime_to_runtime_security', "tls")
        rt_conf.set('security', 'control_interface_security', "tls")
        rt_conf.set('security', 'domain_name', domain_name)
        rt_conf.set('security', 'security_dir', credentials_testdir)
        rt0_conf = copy.deepcopy(rt_conf)
        rt_conf.set('global', 'storage_type', 'proxy')
        rt_conf.set('global', 'storage_proxy', "calvinip://%s:5000" % hostname)

        # Runtime 0: local authentication, signature verification, local authorization.
        # Primarily acts as Certificate Authority for the domain
        rt0_conf.set('global', 'storage_type', 'local')
        rt0_conf.save("/tmp/calvin5000.conf")

        # Runtime 1: local authentication, signature verification, local authorization.
        rt1_conf = copy.deepcopy(rt_conf)
        rt1_conf.save("/tmp/calvin5001.conf")

        # Runtime 2: local authentication, signature verification, local authorization.
        # Can also act as authorization server for other runtimes.
        # Other street compared to the other runtimes
        rt2_conf = copy.deepcopy(rt_conf)
        rt2_conf.save("/tmp/calvin5002.conf")

        # Runtime 3: external authentication (RADIUS), signature verification, local authorization.
        rt3_conf = copy.deepcopy(rt_conf)
        rt3_conf.save("/tmp/calvin5003.conf")

        # Runtime 4: local authentication, signature verification, external authorization (runtime 2).
        rt4_conf = copy.deepcopy(rt_conf)
        rt4_conf.save("/tmp/calvin5004.conf")

        # Runtime 5: external authentication (runtime 1), signature verification, local authorization.
        rt5_conf = copy.deepcopy(rt_conf)
        rt5_conf.save("/tmp/calvin5005.conf")

        #Start all runtimes
        for i in range(len(rt_attributes)):
            _log.info("Starting runtime {}".format(i))
            try:
                logfile = _config_pytest.getoption("logfile") + "500{}".format(
                    i)
                outfile = os.path.join(
                    os.path.dirname(logfile),
                    os.path.basename(logfile).replace("log", "out"))
                if outfile == logfile:
                    outfile = None
            except:
                logfile = None
                outfile = None
            csruntime(hostname,
                      port=5000 + i,
                      controlport=5020 + i,
                      attr=rt_attributes[i],
                      loglevel=_config_pytest.getoption("loglevel"),
                      logfile=logfile,
                      outfile=outfile,
                      configfile="/tmp/calvin500{}.conf".format(i))
            rt.append(RT("https://{}:502{}".format(hostname, i)))
            # Wait to be sure that all runtimes has started
            time.sleep(1)
        time.sleep(2)

        request.addfinalizer(self.teardown)
Exemplo n.º 19
0
def setup_module(module):
    global runtime
    global runtimes
    global peerlist
    global kill_peers
    global request_handler
    ip_addr = None
    bt_master_controluri = None

    request_handler = RequestHandler()
    try:
        ip_addr = os.environ["CALVIN_TEST_IP"]
        purpose = os.environ["CALVIN_TEST_UUID"]
    except KeyError:
        pass

    if ip_addr is None:
        # Bluetooth tests assumes one master runtime with two connected peers
        # CALVIN_TEST_BT_MASTERCONTROLURI is the control uri of the master runtime
        try:
            bt_master_controluri = os.environ["CALVIN_TEST_BT_MASTERCONTROLURI"]
            _log.debug("Running Bluetooth tests")
        except KeyError:
            pass

    if ip_addr:
        remote_node_count = 2
        kill_peers = False
        test_peers = None


        import socket
        ports=[]
        for a in range(2):
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            s.bind(('', 0))
            addr = s.getsockname()
            ports.append(addr[1])
            s.close()

        runtime,_ = dispatch_node(["calvinip://%s:%s" % (ip_addr, ports[0])], "http://%s:%s" % (ip_addr, ports[1]))

        _log.debug("First runtime started, control http://%s:%s, calvinip://%s:%s" % (ip_addr, ports[1], ip_addr, ports[0]))

        interval = 0.5
        for retries in range(1,20):
            time.sleep(interval)
            _log.debug("Trying to get test nodes for 'purpose' %s" % purpose)
            test_peers = request_handler.get_index(runtime, format_index_string({'node_name':
                                                                         {'organization': 'com.ericsson',
                                                                          'purpose': purpose}
                                                                      }))
            if not test_peers is None and not test_peers["result"] is None and \
                    len(test_peers["result"]) == remote_node_count:
                test_peers = test_peers["result"]
                break

        if test_peers is None or len(test_peers) != remote_node_count:
            _log.debug("Failed to find all remote nodes within time, peers = %s" % test_peers)
            raise Exception("Not all nodes found dont run tests, peers = %s" % test_peers)

        test_peer2_id = test_peers[0]
        test_peer2 = request_handler.get_node(runtime, test_peer2_id)
        if test_peer2:
            runtime2 = RT(test_peer2["control_uri"])
            runtime2.id = test_peer2_id
            runtime2.uri = test_peer2["uri"]
            runtimes.append(runtime2)
        test_peer3_id = test_peers[1]
        if test_peer3_id:
            test_peer3 = request_handler.get_node(runtime, test_peer3_id)
            if test_peer3:
                runtime3 = RT(test_peer3["control_uri"])
                runtime3.id = test_peer3_id
                runtime3.uri = test_peer3["uri"]
                runtimes.append(runtime3)
    elif bt_master_controluri:
        runtime = RT(bt_master_controluri)
        bt_master_id = request_handler.get_node_id(bt_master_controluri)
        data = request_handler.get_node(runtime, bt_master_id)
        if data:
            runtime.id = bt_master_id
            runtime.uri = data["uri"]
            test_peers = request_handler.get_nodes(runtime)
            test_peer2_id = test_peers[0]
            test_peer2 = request_handler.get_node(runtime, test_peer2_id)
            if test_peer2:
                rt2 = RT(test_peer2["control_uri"])
                rt2.id = test_peer2_id
                rt2.uri = test_peer2["uri"]
                runtimes.append(rt2)
            test_peer3_id = test_peers[1]
            if test_peer3_id:
                test_peer3 = request_handler.get_node(runtime, test_peer3_id)
                if test_peer3:
                    rt3 = request_handler.RT(test_peer3["control_uri"])
                    rt3.id = test_peer3_id
                    rt3.uri = test_peer3["uri"]
                    runtimes.append(rt3)
    else:
        try:
            ip_addr = os.environ["CALVIN_TEST_LOCALHOST"]
        except:
            import socket
            ip_addr = socket.gethostbyname(socket.gethostname())
        localhost = "calvinip://%s:5000" % (ip_addr,), "http://localhost:5001"
        remotehosts = [("calvinip://%s:%d" % (ip_addr, d), "http://localhost:%d" % (d+1)) for d in range(5002, 5005, 2)]
        # remotehosts = [("calvinip://127.0.0.1:5002", "http://localhost:5003")]

        for host in remotehosts:
            runtimes += [dispatch_node([host[0]], host[1])[0]]

        runtime, _ = dispatch_node([localhost[0]], localhost[1])

        time.sleep(1)

        # FIXME When storage up and running peersetup not needed, but still useful during testing
        request_handler.peer_setup(runtime, [i[0] for i in remotehosts])

        time.sleep(0.5)
        """

        # FIXME Does not yet support peerlist
        try:
            self.peerlist = peerlist(
                self.runtime, self.runtime.id, len(remotehosts))

            # Make sure all peers agree on network
            [peerlist(self.runtime, p, len(self.runtimes)) for p in self.peerlist]
        except:
            self.peerlist = []
        """

    peerlist = [rt.control_uri for rt in runtimes]
    print "SETUP DONE ***", peerlist
Exemplo n.º 20
0
    def setup(self, request):
        from calvin.Tools.csruntime import csruntime
        from conftest import _config_pytest
        homefolder = get_home()
        domain = "rttest"
        testdir = os.path.join(homefolder, ".calvin", "sec_dht_test")
        configdir = os.path.join(testdir, domain)
        runtimesdir = os.path.join(testdir, "runtimes")
        runtimes_truststore = os.path.join(runtimesdir,
                                           "truststore_for_transport")
        try:
            shutil.rmtree(testdir)
        except:
            print "Failed to remove old tesdir"
            pass
        try:
            os.mkdir(testdir)
            os.mkdir(configdir)
            os.mkdir(runtimesdir)
            os.mkdir(runtimes_truststore)
        except:
            print "Failed to create test folder structure"
            pass

        print "Trying to create a new test domain configuration."
        ca = certificate_authority.CA(domain=domain,
                                      commonName="sec-dht-test-CA",
                                      security_dir=testdir)
        print "Reading configuration successfull."

        print "Copy CA cert into truststore of runtimes folder"
        ca.export_ca_cert(runtimes_truststore)

        ca_original_backup = os.path.join(homefolder, ".calvin",
                                          "sec_dht_test_backup", domain)
        try:
            shutil.rmtree(ca_original_backup)
        except:
            pass
        # copy other setup and remove private directory and openssl.conf file
#        shutil.copytree(configdir, ca_original_backup)
#        shutil.rmtree(os.path.join(configdir, "private"))
#        configfile=os.path.join(configdir, "openssl.conf")
#        os.remove(configfile)
#        print "Trying to create a second test domain configuration."
#        testconfig = certificate_authority.CA(domain=domain, security_dir=testdir)

        global rt1
        global rt2
        global rt3
        global test_script_dir
        rt_conf = copy.deepcopy(_conf)
        rt_conf.set('global', 'storage_type', 'securedht')
        rt_conf.add_section('security')
        rt_conf.set('security', "runtimes_path", runtimesdir)
        rt_conf.set('security', "security_domain_name", domain)
        rt_conf.set('security', "security_path", testdir)
        rt_conf.save("/tmp/calvin1.conf")
        rt_conf2 = copy.deepcopy(rt_conf)
        rt_conf2.set('global', 'actor_paths',
                     [absolute_filename('test_store')])
        rt_conf2.set('global', 'capabilities_blacklist',
                     ['calvinsys.events.timer'])
        rt_conf2.save("/tmp/calvin2.conf")
        rt_ca_conf = copy.deepcopy(rt_conf)
        rt_ca_conf.set('security', "certificate_authority", "True")
        rt_ca_conf.save("/tmp/calvin_ca.conf")
        try:
            logfile = _config_pytest.getoption("logfile") + "5000"
            outfile = os.path.join(
                os.path.dirname(logfile),
                os.path.basename(logfile).replace("log", "out"))
            if outfile == logfile:
                outfile = None
        except:
            logfile = None
            outfile = None
        csruntime(ip_addr,
                  port=5000,
                  controlport=5003,
                  attr={
                      'indexed_public': {
                          'owner': {
                              'organization': 'org.testexample',
                              'personOrGroup': 'testOwner1'
                          },
                          'node_name': {
                              'name': 'node0'
                          },
                          'address': {
                              'country': 'SE',
                              'locality': 'testCity',
                              'street': 'testStreet',
                              'streetNumber': 1
                          }
                      }
                  },
                  loglevel=_config_pytest.getoption("loglevel"),
                  logfile=logfile,
                  outfile=outfile,
                  configfile="/tmp/calvin_ca.conf")
        rt1 = RT("http://%s:5003" % ip_addr)
        try:
            logfile = _config_pytest.getoption("logfile") + "5001"
            outfile = os.path.join(
                os.path.dirname(logfile),
                os.path.basename(logfile).replace("log", "out"))
            if outfile == logfile:
                outfile = None
        except:
            logfile = None
            outfile = None
        csruntime(ip_addr,
                  port=5001,
                  controlport=5004,
                  attr={
                      'indexed_public': {
                          'owner': {
                              'organization': 'org.testexample',
                              'personOrGroup': 'testOwner1'
                          },
                          'node_name': {
                              'name': 'node1'
                          },
                          'address': {
                              'country': 'SE',
                              'locality': 'testCity',
                              'street': 'testStreet',
                              'streetNumber': 1
                          }
                      }
                  },
                  loglevel=_config_pytest.getoption("loglevel"),
                  logfile=logfile,
                  outfile=outfile,
                  configfile="/tmp/calvin1.conf")
        rt2 = RT("http://%s:5004" % ip_addr)
        try:
            logfile = _config_pytest.getoption("logfile") + "5002"
            outfile = os.path.join(
                os.path.dirname(logfile),
                os.path.basename(logfile).replace("log", "out"))
            if outfile == logfile:
                outfile = None
        except:
            logfile = None
            outfile = None
        csruntime(ip_addr,
                  port=5002,
                  controlport=5005,
                  attr={
                      'indexed_public': {
                          'owner': {
                              'organization': 'org.testexample',
                              'personOrGroup': 'testOwner1'
                          },
                          'node_name': {
                              'name': 'node2'
                          },
                          'address': {
                              'country': 'SE',
                              'locality': 'testCity',
                              'street': 'testStreet',
                              'streetNumber': 1
                          }
                      }
                  },
                  loglevel=_config_pytest.getoption("loglevel"),
                  logfile=logfile,
                  outfile=outfile,
                  configfile="/tmp/calvin2.conf")
        rt3 = RT("http://%s:5005" % ip_addr)

        test_script_dir = absolute_filename('scripts/')
        request.addfinalizer(self.teardown)