def __init__(self, configfile=None, domain=None, commonName=None, force=False, readonly=False):
self.configfile = configfile
self.commonName = commonName or 'runtime'
self.config = ConfigParser.SafeConfigParser()
self.config.optionxform = str
os.umask(0077)
if configfile is not None: # Open existing config file
self.configuration = self.parse_opensslconf()
elif configfile is None and domain is not None:
self.domain = domain
homefolder = get_home()
self.configfile = os.path.join(homefolder, ".calvin",
"security", domain,
"openssl.conf")
exist = os.path.isfile(self.configfile)
if not exist and readonly:
raise Exception("Configuration file does not exist, create CA first")
if exist and not force:
self.configuration = self.parse_opensslconf()
print "Configuration already exists " \
"using {}".format(self.configfile)
else:
self.new_opensslconf()
self.configuration = self.parse_opensslconf()
print "Made new configuration at " \
"{}".format(self.configfile)
else:
raise Exception("Missing argument, neither domain nor "
"configfile supplied.")
def _get_security_credentials_path(self):
security_dir_in_conf = _conf.get("security", "security_dir")
if security_dir_in_conf:
return security_dir_in_conf
else:
homefolder = get_home()
return os.path.join(homefolder, ".calvin", "security")
def remove_domain(domain, directory=None):
"""
Remove an existing domain uses default security
directory if not supplied.
"""
homefolder = get_home()
domaindir = directory or os.path.join(homefolder, ".calvin", "security", domain)
configfile = os.path.join(domaindir, "openssl.conf")
if os.path.isfile(configfile):
shutil.rmtree(domaindir, ignore_errors=True)
def __init__(self,
domain,
commonName=None,
security_dir=None,
force=False,
readonly=False):
_log.debug("__init__")
self.configfile = None
self.commonName = commonName or 'runtime'
self.config = ConfigParser.SafeConfigParser()
self.config.optionxform = str
self.enrollment_challenge_db_path = None
self.enrollment_challenge_db = {}
self.allowed_authentication_servers = None
self.allowed_authorization_servers = None
os.umask(0077)
self.domain = domain
_log.debug("CA init")
self.security_dir = _conf.get("security", "security_dir")
if security_dir:
self.configfile = os.path.join(security_dir, domain,
"openssl.conf")
else:
homefolder = get_home()
self.configfile = os.path.join(homefolder, ".calvin", "security",
domain, "openssl.conf")
exist = os.path.isfile(self.configfile)
if not exist and readonly:
raise Exception(
"Configuration file does not exist, create CA first")
if exist and not force:
self.configuration = self.parse_opensslconf()
_log.debug("Configuration already exists")
# print "Configuration already exists " \
# "using {}".format(self.configfile)
else:
_log.debug("Configuration does not exist, let's create CA")
self.new_opensslconf()
self.configuration = self.parse_opensslconf()
#Generate keys and CA certiticate
try:
self.new_ca_credentials(security_dir=security_dir,
force=False,
readonly=False)
except:
_log.error("Creation of new CA credentials failed")
raise
# print "Made new configuration at " \
# "{}".format(self.configfile)
self.cert_enrollment_update_db_file()
self.enrollment_challenge_db_path = os.path.join(
self.configuration["CA_default"]["private_dir"],
"enrollment_challenge_db.json")
def get_security_credentials_path(security_dir=None):
"""Return the path to the folder with all security credentials"""
# _log.debug("get_security_credentials_path, security_dir={}".format(security_dir))
security_dir_in_conf = _conf.get("security", "security_dir")
if security_dir:
return security_dir
elif security_dir_in_conf:
return security_dir_in_conf
else:
homefolder = get_home()
return os.path.join(homefolder, ".calvin", "security")
def remove_domain(self, domain, directory=None):
"""
Remove an existing domain uses default security
directory if not supplied.
"""
homefolder = get_home()
domaindir = directory or os.path.join(homefolder, ".calvin",
"security", domain)
configfile = os.path.join(domaindir, "openssl.conf")
if os.path.isfile(configfile):
shutil.rmtree(domaindir, ignore_errors=True)
def __init__(self):
_log.debug("Security: _init_")
self.sec_conf = _conf.get("security","security_conf")
self.sec_policy = _conf.get("security","security_policy")
if self.sec_conf is not None and not self.sec_conf.get('signature_trust_store', None):
# Set default directory for trust store
homefolder = get_home()
truststore_dir = os.path.join(homefolder, ".calvin", "security", "trustStore")
self.sec_conf['signature_trust_store'] = truststore_dir
self.principal = {}
self.auth = {}
def manage_trust(args):
if not args.path:
raise Exception("No path supplied")
cert_name = os.path.basename(args.path)
if args.dir:
truststore_cert = os.path.join(args.dir, "trustStore", cert_name)
else:
homefolder = get_home()
truststore_cert = os.path.join(homefolder, ".calvin", "security", "trustStore", cert_name)
if not os.path.isdir(os.path.dirname(truststore_cert)):
os.makedirs(os.path.dirname(truststore_cert), 0700)
shutil.copy(args.path, truststore_cert)
def get_security_credentials_path(security_dir=None):
"""Return the node's own certificate name without file extension"""
_log.debug("get_runtimes_credentials_path")
security_path = _conf.get("security", "security_path")
if security_dir:
_log.debug("security_dir supplied")
return security_dir
elif security_path:
_log.debug("security_path in calvin.conf:%s" % security_path)
return security_path
else:
_log.debug("use default path")
homefolder = get_home()
return os.path.join(homefolder, ".calvin", "security")
def get_security_credentials_path(security_dir=None):
"""Return the node's own certificate name without file extension"""
_log.debug("get_runtimes_credentials_path")
security_path = _conf.get("security", "security_path")
if security_dir:
_log.debug("security_dir supplied")
return security_dir
elif security_path:
_log.debug("security_path in calvin.conf:%s" % security_path)
return security_path
else:
_log.debug("use default path")
homefolder = get_home()
return os.path.join(homefolder, ".calvin", "security")
def get_ca_conf(self):
"""Return path to openssl.conf for the CA"""
_log.debug("get_ca_conf")
is_ca = _conf.get("security","certificate_authority")
if is_ca=="True":
security_dir = _conf.get("security", "security_path")
domain_name = _conf.get("security", "security_domain_name")
if security_dir:
cert_conf_file = os.path.join(security_dir,domain_name,"openssl.conf")
else:
homefolder = get_home()
cert_conf_file = os.path.join(homefolder,"security",domain_name,"openssl.conf")
return cert_conf_file
else:
return None
def __init__(self,
domain,
commonName=None,
security_dir=None,
force=False,
readonly=False):
self.configfile = None
self.commonName = commonName or 'runtime'
self.config = ConfigParser.SafeConfigParser()
self.config.optionxform = str
os.umask(0077)
self.domain = domain
_log.debug("CA init")
security_path = _conf.get("security", "security_path")
if security_dir:
self.configfile = os.path.join(security_dir, domain,
"openssl.conf")
elif security_path:
self.configfile = os.path.join(security_path, domain,
"openssl.conf")
else:
homefolder = get_home()
self.configfile = os.path.join(homefolder, ".calvin", "security",
domain, "openssl.conf")
exist = os.path.isfile(self.configfile)
if not exist and readonly:
raise Exception(
"Configuration file does not exist, create CA first")
if exist and not force:
self.configuration = self.parse_opensslconf()
_log.debug("Configuration already exists")
print "Configuration already exists " \
"using {}".format(self.configfile)
else:
_log.debug("Configuration does not exist, let's create CA")
self.new_opensslconf()
self.configuration = self.parse_opensslconf()
#Generate keys and CA certiticate
try:
self.new_ca_credentials(security_dir=security_dir,
force=False,
readonly=False)
except:
_log.error("creation of new CA credentials failed")
print "Made new configuration at " \
"{}".format(self.configfile)
def __init__(self, domain, commonName=None, security_dir=None, force=False, readonly=False):
_log.debug("__init__")
self.configfile = None
self.commonName = commonName or 'runtime'
self.config = ConfigParser.SafeConfigParser()
self.config.optionxform = str
self.enrollment_challenge_db_path =None
self.enrollment_challenge_db = {}
self.allowed_authentication_servers = None
self.allowed_authorization_servers = None
os.umask(0077)
self.domain = domain
_log.debug("CA init")
self.security_dir = _conf.get("security", "security_dir")
if security_dir:
self.configfile = os.path.join(security_dir, domain, "openssl.conf")
else:
homefolder = get_home()
self.configfile = os.path.join(homefolder, ".calvin",
"security", domain,
"openssl.conf")
exist = os.path.isfile(self.configfile)
if not exist and readonly:
raise Exception("Configuration file does not exist, create CA first")
if exist and not force:
self.configuration = self.parse_opensslconf()
_log.debug("Configuration already exists")
# print "Configuration already exists " \
# "using {}".format(self.configfile)
else:
_log.debug("Configuration does not exist, let's create CA")
self.new_opensslconf()
self.configuration = self.parse_opensslconf()
#Generate keys and CA certiticate
try:
self.new_ca_credentials(security_dir=security_dir,
force=False,
readonly=False)
except:
_log.error("Creation of new CA credentials failed")
raise
# print "Made new configuration at " \
# "{}".format(self.configfile)
self.cert_enrollment_update_db_file()
self.enrollment_challenge_db_path = os.path.join(self.configuration["CA_default"]["private_dir"],"enrollment_challenge_db.json")
def get_ca_conf(self):
"""Return path to openssl.conf for the CA"""
_log.debug("get_ca_conf")
is_ca = _conf.get("security", "certificate_authority")
if is_ca == "True":
security_dir = _conf.get("security", "security_path")
domain_name = _conf.get("security", "domain_name")
if security_dir:
cert_conf_file = os.path.join(security_dir, domain_name,
"openssl.conf")
else:
homefolder = get_home()
cert_conf_file = os.path.join(homefolder, "security",
domain_name, "openssl.conf")
return cert_conf_file
else:
return None
def get_ca_conf(self):
"""Return path to openssl.conf for the CA"""
_log.debug("get_ca_conf")
try:
_ca_conf = _conf.get("security", "certificate_authority")
is_ca = _ca_conf["is_ca"]
domain_name = _ca_conf["domain_name"]
except:
is_ca = False
if is_ca==True:
if self.security_dir:
cert_conf_file = os.path.join(self.security_dir, domain_name, "openssl.conf")
else:
homefolder = get_home()
cert_conf_file = os.path.join(homefolder,"security",domain_name,"openssl.conf")
return cert_conf_file
else:
return None
def get_ca_conf(self):
"""Return path to openssl.conf for the CA"""
_log.debug("get_ca_conf")
try:
_ca_conf = _conf.get("security", "certificate_authority")
is_ca = _ca_conf["is_ca"]
domain_name = _ca_conf["domain_name"]
except:
is_ca = False
if is_ca == True:
if self.security_dir:
cert_conf_file = os.path.join(self.security_dir, domain_name,
"openssl.conf")
else:
homefolder = get_home()
cert_conf_file = os.path.join(homefolder, "security",
domain_name, "openssl.conf")
return cert_conf_file
else:
return None
def __init__(self, domain, commonName=None, security_dir=None, force=False, readonly=False):
self.configfile = None
self.commonName = commonName or 'runtime'
self.config = ConfigParser.SafeConfigParser()
self.config.optionxform = str
os.umask(0077)
self.domain = domain
_log.debug("CA init")
security_path = _conf.get("security", "security_path")
if security_dir:
self.configfile = os.path.join(security_dir, domain, "openssl.conf")
elif security_path:
self.configfile = os.path.join(security_path, domain, "openssl.conf")
else:
homefolder = get_home()
self.configfile = os.path.join(homefolder, ".calvin",
"security", domain,
"openssl.conf")
exist = os.path.isfile(self.configfile)
if not exist and readonly:
raise Exception("Configuration file does not exist, create CA first")
if exist and not force:
self.configuration = self.parse_opensslconf()
_log.debug("Configuration already exists")
print "Configuration already exists " \
"using {}".format(self.configfile)
else:
_log.debug("Configuration does not exist, let's create CA")
self.new_opensslconf()
self.configuration = self.parse_opensslconf()
#Generate keys and CA certiticate
try:
self.new_ca_credentials(security_dir=security_dir,
force=False,
readonly=False)
except:
_log.error("creation of new CA credentials failed")
print "Made new configuration at " \
"{}".format(self.configfile)
def __init__(self, security_dir=None):
homefolder = get_home()
default_path = os.path.join(homefolder, ".calvin", "security")
self.security_dir = security_dir if security_dir else self._get_security_credentials_path(
)
self.runtimes_dir = os.path.join(self.security_dir, "runtimes")
self.truststore_transport_dir = os.path.join(self.runtimes_dir,
TRUSTSTORE_TRANSPORT)
if not os.path.isdir(self.truststore_transport_dir):
try:
os.makedirs(self.truststore_transport_dir)
except OSError:
pass
self.truststore_sign_dir = os.path.join(self.runtimes_dir,
TRUSTSTORE_SIGN)
if not os.path.isdir(self.truststore_sign_dir):
try:
os.makedirs(self.truststore_sign_dir)
except OSError:
pass
self.truststore_transport = TrustStore(self.truststore_transport_dir)
self.truststore_sign = TrustStore(self.truststore_sign_dir)
def config_paths(self):
"""
Return the list of paths to search for configs.
If install dir is in the path from home folder to CWD it is not included a second time.
"""
if self.override_path is not None:
return [self.override_path]
inst_loc = self.install_location()
curr_loc = os.getcwd()
home = get_home() or curr_loc
paths = [inst_loc, home]
insert_index = len(paths)
if curr_loc.startswith(home):
while len(curr_loc) > len(home):
if curr_loc != inst_loc:
paths.insert(insert_index, curr_loc)
curr_loc, part = curr_loc.rsplit('/', 1)
epaths = self.extra_paths.split(':') if self.extra_paths else []
paths.extend(epaths)
return paths
def config_paths(self):
"""
Return the list of paths to search for configs.
If install dir is in the path from home folder to CWD it is not included a second time.
"""
if self.override_path is not None:
return [self.override_path]
inst_loc = self.install_location()
curr_loc = os.getcwd()
home = get_home() or curr_loc
paths = [inst_loc, home]
insert_index = len(paths)
if curr_loc.startswith(home):
while len(curr_loc) > len(home):
if curr_loc != inst_loc:
paths.insert(insert_index, curr_loc)
curr_loc, part = curr_loc.rsplit('/', 1)
epaths = self.extra_paths.split(':') if self.extra_paths else []
paths.extend(epaths)
return paths
def sign_files_for_security_tests(credentials_testdir):
from calvin.utilities import code_signer
from calvin.utilities.utils import get_home
from calvin.utilities import certificate
import shutil
def replace_text_in_file(file_path, text_to_be_replaced, text_to_insert):
# Read in the file
filedata = None
with open(file_path, 'r') as file:
filedata = file.read()
# Replace the target string
filedata = filedata.replace(text_to_be_replaced, text_to_insert)
# Write the file out again
with open(file_path, 'w') as file:
file.write(filedata)
def _copy_and_sign_actor(prefix, file_name):
#Create signed version of the actor
directory = os.path.join(actor_store_path, prefix)
if not os.path.isdir(directory):
os.makedirs(directory)
shutil.copy(
os.path.join(orig_actor_store_path, prefix, "__init__.py"),
os.path.join(actor_store_path, prefix, "__init__.py"))
orig_actor_path = os.path.join(orig_actor_store_path, prefix,
file_name)
new_actor_path = os.path.join(actor_store_path, prefix, file_name)
shutil.copy(orig_actor_path, new_actor_path)
cs.sign_file(new_actor_path)
return new_actor_path
homefolder = get_home()
runtimesdir = os.path.join(credentials_testdir, "runtimes")
runtimes_truststore_signing_path = os.path.join(runtimesdir,
"truststore_for_signing")
orig_testdir = os.path.join(os.path.dirname(__file__), "security_test")
orig_actor_store_path = os.path.abspath(
os.path.join(os.path.dirname(__file__), '..', 'actorstore',
'systemactors'))
actor_store_path = os.path.join(credentials_testdir, "store")
orig_application_store_path = os.path.join(orig_testdir, "scripts")
application_store_path = os.path.join(credentials_testdir, "scripts")
print "Create test folders"
try:
shutil.copytree(orig_application_store_path, application_store_path)
except Exception as err:
_log.error(
"Failed to create test folder structure, err={}".format(err))
print "Failed to create test folder structure, err={}".format(err)
raise
print "Trying to create a new test application/actor signer."
cs = code_signer.CS(organization="com.ericsson",
commonName="signer",
security_dir=credentials_testdir)
_copy_and_sign_actor("flow", "Alternate.py")
_copy_and_sign_actor("flow", "Alternate2.py")
_copy_and_sign_actor("flow", "Collect.py")
_copy_and_sign_actor("flow", "CollectCompleteDict.py")
_copy_and_sign_actor("flow", "Dealternate.py")
_copy_and_sign_actor("flow", "Deselect.py")
_copy_and_sign_actor("flow", "Dispatch.py")
_copy_and_sign_actor("flow", "DispatchDict.py")
_copy_and_sign_actor("flow", "Join.py")
_copy_and_sign_actor("flow", "Void.py")
_copy_and_sign_actor("flow", "Select.py")
_copy_and_sign_actor("flow", "Terminator.py")
_copy_and_sign_actor("io", "FileReader.py")
_copy_and_sign_actor("misc", "ExplicitStateExample.py")
_copy_and_sign_actor("std", "Counter.py")
_copy_and_sign_actor("std", "Constant.py")
_copy_and_sign_actor("std", "Constantify.py")
_copy_and_sign_actor("std", "Compare.py")
_copy_and_sign_actor("std", "Identity.py")
_copy_and_sign_actor("std", "Stringify.py")
_copy_and_sign_actor("std", "Trigger.py")
actor_CountTimer_path = _copy_and_sign_actor("std", "CountTimer.py")
actor_Sum_path = _copy_and_sign_actor("std", "Sum.py")
_copy_and_sign_actor("test", "FiniteCounter.py")
_copy_and_sign_actor("test", "TestProcess.py")
actor_Sink_path = _copy_and_sign_actor("test", "Sink.py")
_copy_and_sign_actor("text", "LineJoin.py")
_copy_and_sign_actor("text", "PrefixString.py")
_copy_and_sign_actor("text", "RegexMatch.py")
_copy_and_sign_actor("exception", "ExceptionHandler.py")
#Create unsigned version of CountTimer actor
actor_CountTimerUnsigned_path = actor_CountTimer_path.replace(
".py", "Unsigned.py")
shutil.copy(actor_CountTimer_path, actor_CountTimerUnsigned_path)
replace_text_in_file(actor_CountTimerUnsigned_path, "CountTimer",
"CountTimerUnsigned")
#Create unsigned version of Sum actor
actor_SumUnsigned_path = actor_Sum_path.replace(".py", "Unsigned.py")
shutil.copy(actor_Sum_path, actor_SumUnsigned_path)
replace_text_in_file(actor_SumUnsigned_path, "Sum", "SumUnsigned")
#Create incorrectly signed version of Sum actor
actor_SumFake_path = actor_Sum_path.replace(".py", "Fake.py")
shutil.copy(actor_Sum_path, actor_SumFake_path)
#Change the class name to SumFake
replace_text_in_file(actor_SumFake_path, "Sum", "SumFake")
cs.sign_file(actor_SumFake_path)
#Now append to the signed file so the signature verification fails
with open(actor_SumFake_path, "a") as fd:
fd.write(" ")
#Create unsigned version of Sink actor
actor_SinkUnsigned_path = actor_Sink_path.replace(".py", "Unsigned.py")
shutil.copy(actor_Sink_path, actor_SinkUnsigned_path)
replace_text_in_file(actor_SinkUnsigned_path, "Sink", "SinkUnsigned")
#Sign applications
cs.sign_file(
os.path.join(application_store_path, "correctly_signed.calvin"))
cs.sign_file(
os.path.join(application_store_path,
"correctlySignedApp_incorrectlySignedActor.calvin"))
cs.sign_file(
os.path.join(application_store_path, "incorrectly_signed.calvin"))
#Now append to the signed file so the signature verification fails
with open(
os.path.join(application_store_path, "incorrectly_signed.calvin"),
"a") as fd:
fd.write(" ")
print "Export Code Signers certificate to the truststore for code signing"
out_file = cs.export_cs_cert(runtimes_truststore_signing_path)
certificate.c_rehash(type=certificate.TRUSTSTORE_SIGN,
security_dir=credentials_testdir)
return actor_store_path, application_store_path
def sign_files_for_security_tests(credentials_testdir):
from calvin.utilities import code_signer
from calvin.utilities.utils import get_home
from calvin.utilities import certificate
import shutil
def replace_text_in_file(file_path, text_to_be_replaced, text_to_insert):
# Read in the file
filedata = None
with open(file_path, 'r') as file:
filedata = file.read()
# Replace the target string
filedata = filedata.replace(text_to_be_replaced, text_to_insert)
# Write the file out again
with open(file_path, 'w') as file:
file.write(filedata)
homefolder = get_home()
runtimesdir = os.path.join(credentials_testdir, "runtimes")
runtimes_truststore_signing_path = os.path.join(runtimesdir,
"truststore_for_signing")
orig_testdir = os.path.join(os.path.dirname(__file__), "security_test")
orig_actor_store_path = os.path.abspath(
os.path.join(os.path.dirname(__file__), '..', 'actorstore',
'systemactors'))
actor_store_path = os.path.join(credentials_testdir, "store")
orig_application_store_path = os.path.join(orig_testdir, "scripts")
application_store_path = os.path.join(credentials_testdir, "scripts")
print "Create test folders"
try:
os.makedirs(actor_store_path)
os.makedirs(os.path.join(actor_store_path, "test"))
shutil.copy(os.path.join(orig_actor_store_path, "test", "__init__.py"),
os.path.join(actor_store_path, "test", "__init__.py"))
os.makedirs(os.path.join(actor_store_path, "std"))
shutil.copy(os.path.join(orig_actor_store_path, "std", "__init__.py"),
os.path.join(actor_store_path, "std", "__init__.py"))
shutil.copytree(orig_application_store_path, application_store_path)
except Exception as err:
_log.error(
"Failed to create test folder structure, err={}".format(err))
print "Failed to create test folder structure, err={}".format(err)
raise
print "Trying to create a new test application/actor signer."
cs = code_signer.CS(organization="testsigner",
commonName="signer",
security_dir=credentials_testdir)
#Create signed version of CountTimer actor
orig_actor_CountTimer_path = os.path.join(orig_actor_store_path, "std",
"CountTimer.py")
actor_CountTimer_path = os.path.join(actor_store_path, "std",
"CountTimer.py")
shutil.copy(orig_actor_CountTimer_path, actor_CountTimer_path)
cs.sign_file(actor_CountTimer_path)
#Create unsigned version of CountTimer actor
actor_CountTimerUnsigned_path = actor_CountTimer_path.replace(
".py", "Unsigned.py")
shutil.copy(actor_CountTimer_path, actor_CountTimerUnsigned_path)
replace_text_in_file(actor_CountTimerUnsigned_path, "CountTimer",
"CountTimerUnsigned")
#Create signed version of Sum actor
orig_actor_Sum_path = os.path.join(orig_actor_store_path, "std", "Sum.py")
actor_Sum_path = os.path.join(actor_store_path, "std", "Sum.py")
shutil.copy(orig_actor_Sum_path, actor_Sum_path)
cs.sign_file(actor_Sum_path)
#Create unsigned version of Sum actor
actor_SumUnsigned_path = actor_Sum_path.replace(".py", "Unsigned.py")
shutil.copy(actor_Sum_path, actor_SumUnsigned_path)
replace_text_in_file(actor_SumUnsigned_path, "Sum", "SumUnsigned")
#Create incorrectly signed version of Sum actor
actor_SumFake_path = actor_Sum_path.replace(".py", "Fake.py")
shutil.copy(actor_Sum_path, actor_SumFake_path)
#Change the class name to SumFake
replace_text_in_file(actor_SumFake_path, "Sum", "SumFake")
cs.sign_file(actor_SumFake_path)
#Now append to the signed file so the signature verification fails
with open(actor_SumFake_path, "a") as fd:
fd.write(" ")
#Create signed version of Sink actor
orig_actor_Sink_path = os.path.join(orig_actor_store_path, "test",
"Sink.py")
actor_Sink_path = os.path.join(actor_store_path, "test", "Sink.py")
shutil.copy(orig_actor_Sink_path, actor_Sink_path)
cs.sign_file(actor_Sink_path)
#Create unsigned version of Sink actor
actor_SinkUnsigned_path = actor_Sink_path.replace(".py", "Unsigned.py")
shutil.copy(actor_Sink_path, actor_SinkUnsigned_path)
replace_text_in_file(actor_SinkUnsigned_path, "Sink", "SinkUnsigned")
#Sign applications
cs.sign_file(
os.path.join(application_store_path, "correctly_signed.calvin"))
cs.sign_file(
os.path.join(application_store_path,
"correctlySignedApp_incorrectlySignedActor.calvin"))
cs.sign_file(
os.path.join(application_store_path, "incorrectly_signed.calvin"))
#Now append to the signed file so the signature verification fails
with open(
os.path.join(application_store_path, "incorrectly_signed.calvin"),
"a") as fd:
fd.write(" ")
print "Export Code Signers certificate to the truststore for code signing"
out_file = cs.export_cs_cert(runtimes_truststore_signing_path)
certificate.c_rehash(type=certificate.TRUSTSTORE_SIGN,
security_dir=credentials_testdir)
return actor_store_path, application_store_path
def setup(request):
# Create 3 test nodes per storage type
print "###SETUP"
tunnels = {}
nodes = {}
for ti in range(len(storage_types)):
nodes[storage_types[ti]] = [
calvin.tests.TestNode(
["calvinip://127.0.0.1:50{}{}".format(ti, i)])
for i in range(3)
]
def prep_node(stype, n):
n.storage = storage.Storage(n)
if stype == "proxy":
try:
n.network = DummyNetwork(n)
n.proto = DummyProto(n)
except:
traceback.print_exc()
if stype != "notstarted":
cb, d = create_callback(timeout=10, test_part=stype + " start")
n.storage.start(cb=cb)
return d
all_started = []
for ti in range(len(storage_types)):
stype = storage_types[ti]
if stype == "dht":
try:
_conf.set('global', 'storage_type', 'dht')
all_started.extend(map(partial(prep_node, stype),
nodes[stype]))
except:
traceback.print_exc()
elif stype == "securedht":
try:
homefolder = get_home()
credentials_testdir = os.path.join(homefolder, ".calvin",
"test_all_storage_dir")
runtimesdir = os.path.join(credentials_testdir, "runtimes")
security_testdir = os.path.join(os.path.dirname(__file__),
"security_test")
domain_name = "test_security_domain"
code_signer_name = "test_signer"
orig_identity_provider_path = os.path.join(
security_testdir, "identity_provider")
identity_provider_path = os.path.join(credentials_testdir,
"identity_provider")
policy_storage_path = os.path.join(security_testdir,
"policies")
try:
shutil.rmtree(credentials_testdir)
except Exception as err:
print "Failed to remove old tesdir, err={}".format(err)
pass
try:
shutil.copytree(orig_identity_provider_path,
identity_provider_path)
except Exception as err:
_log.error(
"Failed to copy the identity provider files, err={}".
format(err))
raise
runtimes = helpers.create_CA_and_generate_runtime_certs(
domain_name, credentials_testdir, 3)
for r, n in zip(runtimes, nodes[stype]):
n.attributes = attribute_resolver.AttributeResolver(
r['attributes'])
n.enrollment_password = r['enrollment_password']
n.id = r['id']
n.runtime_credentials = r['credentials']
n.node_name = r['node_name']
#print "###RUNTIMES", runtimes
_conf.add_section("security")
_conf.set('security', 'security_dir', credentials_testdir)
_conf.set('global', 'storage_type', 'securedht')
all_started.extend(map(partial(prep_node, stype),
nodes[stype]))
_conf.remove_section("security")
except:
traceback.print_exc()
elif stype == "notstarted":
_conf.set('global', 'storage_type', 'dht')
map(partial(prep_node, stype), nodes[stype])
elif stype == "sql":
_conf.set('global', 'storage_type', 'sql')
_conf.set(
'global', 'storage_sql',
{}) # Use the default, i.e. local passwd-less root mysql DB
all_started.extend(map(partial(prep_node, stype), nodes[stype]))
elif stype == "proxy":
# Setting up proxy storage for testing is a bit complicated
# We short circuit so that fake tunnels' send directly calls peer's receive-method
# The master (0) is setup as local and the others (1,2) as proxy
# Give the master node ref to the proxies (to be used in fake network, proto & tunnel)
nodes["proxy"][1].master_node = nodes["proxy"][0]
nodes["proxy"][2].master_node = nodes["proxy"][0]
# Create fake tunnels
for n2 in nodes["proxy"]:
tt = {}
for n1 in nodes["proxy"]:
if n1 != n2:
tt[n1.id] = FakeTunnel(DummyNetwork(n1),
tt,
n1.id,
'storage',
None,
rt_id=n2.id,
id=calvinuuid.uuid("TUNNEL"))
tunnels[n2.id] = tt
n2.tunnels = tunnels
# Give a tunnel its peers tunnel
for n2 in nodes["proxy"]:
for n1 in nodes["proxy"]:
if n1 != n2:
tunnels[n2.id][n1.id]._peers_fake_tunnel = tunnels[
n1.id][n2.id]
# Start master
_conf.set('global', 'storage_type', 'local')
prep_node(stype, nodes[stype][0])
# Inform master it has 2 proxy storage clients
[
nodes[stype][0].storage.tunnel_request_handles(t)
for t in tunnels[nodes[stype][0].id].values()
]
# Start proxies
_conf.set('global', 'storage_type', 'proxy')
_conf.set('global', 'storage_proxy', nodes[stype][0].uris[0])
all_started.extend(map(partial(prep_node, stype),
nodes[stype][1:]))
# Inform proxy that it is connected, first wait until up_handler set
count = 0
while (tunnels[nodes[stype][1].id][nodes[stype][0].id].up_handler
is None or
tunnels[nodes[stype][2].id][nodes[stype][0].id].up_handler
is None) and count < 100:
pytest.blockon(threads.defer_to_thread(time.sleep, 0.1))
count += 1
tunnels[nodes[stype][1].id][nodes[stype][0].id].up_handler()
tunnels[nodes[stype][2].id][nodes[stype][0].id].up_handler()
dl = defer.DeferredList(all_started)
print time.time()
try:
pytest.blockon(dl)
except:
print "### Some storage plugins might have failed to start! ###"
traceback.print_exc()
print time.time()
def teardown():
print "#####TEARDOWN"
all_stopped = []
for ntypes in nodes.values():
for n in ntypes:
cb, d = create_callback(timeout=10)
n.storage.stop(cb=cb)
all_stopped.append(d)
dl = defer.DeferredList(all_stopped)
try:
pytest.blockon(dl)
except:
print "### Some storage plugins might have failed to stopp ###"
traceback.print_exc()
request.addfinalizer(teardown)
return {"nodes": nodes}
def setup(self, request):
from calvin.Tools.csruntime import csruntime
from conftest import _config_pytest
homefolder = get_home()
domain = "rttest"
testdir = os.path.join(homefolder, ".calvin","sec_dht_test")
configdir = os.path.join(testdir, domain)
runtimesdir = os.path.join(testdir,"runtimes")
runtimes_truststore = os.path.join(runtimesdir,"truststore_for_transport")
try:
shutil.rmtree(testdir)
except:
print "Failed to remove old tesdir"
pass
try:
os.mkdir(testdir)
os.mkdir(configdir)
os.mkdir(runtimesdir)
os.mkdir(runtimes_truststore)
except:
print "Failed to create test folder structure"
pass
print "Trying to create a new test domain configuration."
ca = certificate_authority.CA(domain=domain, commonName="sec-dht-test-CA", security_dir=testdir)
print "Reading configuration successfull."
print "Copy CA cert into truststore of runtimes folder"
ca.export_ca_cert(runtimes_truststore)
ca_original_backup = os.path.join(homefolder, ".calvin",
"sec_dht_test_backup", domain)
try:
shutil.rmtree(ca_original_backup)
except:
pass
# copy other setup and remove private directory and openssl.conf file
# shutil.copytree(configdir, ca_original_backup)
# shutil.rmtree(os.path.join(configdir, "private"))
# configfile=os.path.join(configdir, "openssl.conf")
# os.remove(configfile)
# print "Trying to create a second test domain configuration."
# testconfig = certificate_authority.CA(domain=domain, security_dir=testdir)
global rt1
global rt2
global rt3
global test_script_dir
rt_conf = copy.deepcopy(_conf)
rt_conf.set('global', 'storage_type', 'securedht')
rt_conf.add_section('security')
rt_conf.set('security', "runtimes_path", runtimesdir)
rt_conf.set('security', "security_domain_name", domain)
rt_conf.set('security', "security_path",testdir)
rt_conf.save("/tmp/calvin1.conf")
rt_conf2 = copy.deepcopy(rt_conf)
rt_conf2.set('global', 'actor_paths', [absolute_filename('test_store')])
rt_conf2.set('global', 'capabilities_blacklist', ['calvinsys.events.timer'])
rt_conf2.save("/tmp/calvin2.conf")
rt_ca_conf = copy.deepcopy(rt_conf)
rt_ca_conf.set('security', "certificate_authority", "True")
rt_ca_conf.save("/tmp/calvin_ca.conf")
try:
logfile = _config_pytest.getoption("logfile")+"5000"
outfile = os.path.join(os.path.dirname(logfile), os.path.basename(logfile).replace("log", "out"))
if outfile == logfile:
outfile = None
except:
logfile = None
outfile = None
csruntime(ip_addr, port=5000, controlport=5003, attr={'indexed_public':
{'owner':{'organization': 'org.testexample', 'personOrGroup': 'testOwner1'},
'node_name': {'name': 'node0'},
'address': {'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1}}},
loglevel=_config_pytest.getoption("loglevel"), logfile=logfile, outfile=outfile,
configfile="/tmp/calvin_ca.conf")
rt1 = RT("http://%s:5003" % ip_addr)
try:
logfile = _config_pytest.getoption("logfile")+"5001"
outfile = os.path.join(os.path.dirname(logfile), os.path.basename(logfile).replace("log", "out"))
if outfile == logfile:
outfile = None
except:
logfile = None
outfile = None
csruntime(ip_addr, port=5001, controlport=5004, attr={'indexed_public':
{'owner':{'organization': 'org.testexample', 'personOrGroup': 'testOwner1'},
'node_name': {'name': 'node1'},
'address': {'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1}}},
loglevel=_config_pytest.getoption("loglevel"), logfile=logfile, outfile=outfile,
configfile="/tmp/calvin1.conf")
rt2 = RT("http://%s:5004" % ip_addr)
try:
logfile = _config_pytest.getoption("logfile")+"5002"
outfile = os.path.join(os.path.dirname(logfile), os.path.basename(logfile).replace("log", "out"))
if outfile == logfile:
outfile = None
except:
logfile = None
outfile = None
csruntime(ip_addr, port=5002, controlport=5005, attr={'indexed_public':
{'owner':{'organization': 'org.testexample', 'personOrGroup': 'testOwner1'},
'node_name': {'name': 'node2'},
'address': {'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1}}},
loglevel=_config_pytest.getoption("loglevel"), logfile=logfile, outfile=outfile,
configfile="/tmp/calvin2.conf")
rt3 = RT("http://%s:5005" % ip_addr)
test_script_dir = absolute_filename('scripts/')
request.addfinalizer(self.teardown)
def setup(self, request):
from calvin.Tools.csruntime import csruntime
from conftest import _config_pytest
homefolder = get_home()
domain = "rttest"
configdir = os.path.join(homefolder, ".calvin",
"security", domain)
try:
shutil.rmtree(configdir)
except:
pass
print "Trying to create a new test domain configuration."
testconfig = certificate.Config(domain=domain)
print "Reading configuration successfull."
print "Creating new domain."
certificate.new_domain(testconfig)
print "Created new domain."
# Now handled within runtime
#for i in range(3):
# name = "++++node{}".format(i)
# nodeid = calvinuuid.uuid("NODE")
# certreq = certificate.new_runtime(testconfig, name, nodeid=nodeid)
# certificate.sign_req(testconfig, os.path.basename(certreq), name)
global rt1
global rt2
global rt3
global test_script_dir
rt_conf = copy.deepcopy(_conf)
rt_conf.set('global', 'storage_type', 'securedht')
rt_conf.add_section('security')
rt_conf.set('security', "certificate_conf", None)
rt_conf.set('security', "certificate_domain", domain)
rt_conf.save("/tmp/calvin500x.conf")
try:
logfile = _config_pytest.getoption("logfile")+"5000"
outfile = os.path.join(os.path.dirname(logfile), os.path.basename(logfile).replace("log", "out"))
if outfile == logfile:
outfile = None
except:
logfile = None
outfile = None
csruntime(ip_addr, port=5000, controlport=5003, attr={'indexed_public':
{'owner':{'organization': 'org.testexample', 'personOrGroup': 'testOwner1'},
'node_name': {'name': 'node0'},
'address': {'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1}}},
loglevel=_config_pytest.getoption("loglevel"), logfile=logfile, outfile=outfile,
configfile="/tmp/calvin500x.conf")
rt1 = RT("http://%s:5003" % ip_addr)
try:
logfile = _config_pytest.getoption("logfile")+"5001"
outfile = os.path.join(os.path.dirname(logfile), os.path.basename(logfile).replace("log", "out"))
if outfile == logfile:
outfile = None
except:
logfile = None
outfile = None
csruntime(ip_addr, port=5001, controlport=5004, attr={'indexed_public':
{'owner':{'organization': 'org.testexample', 'personOrGroup': 'testOwner1'},
'node_name': {'name': 'node1'},
'address': {'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1}}},
loglevel=_config_pytest.getoption("loglevel"), logfile=logfile, outfile=outfile,
configfile="/tmp/calvin500x.conf")
rt2 = RT("http://%s:5004" % ip_addr)
try:
logfile = _config_pytest.getoption("logfile")+"5002"
outfile = os.path.join(os.path.dirname(logfile), os.path.basename(logfile).replace("log", "out"))
if outfile == logfile:
outfile = None
except:
logfile = None
outfile = None
csruntime(ip_addr, port=5002, controlport=5005, attr={'indexed_public':
{'owner':{'organization': 'org.testexample', 'personOrGroup': 'testOwner1'},
'node_name': {'name': 'node2'},
'address': {'country': 'SE', 'locality': 'testCity', 'street': 'testStreet', 'streetNumber': 1}}},
loglevel=_config_pytest.getoption("loglevel"), logfile=logfile, outfile=outfile,
configfile="/tmp/calvin500x.conf")
rt3 = RT("http://%s:5005" % ip_addr)
test_script_dir = absolute_filename('scripts/')
request.addfinalizer(self.teardown)
from calvin.utilities.calvin_callback import CalvinCB
from calvin.utilities import calvinlogger
from calvin.utilities.utils import get_home
from calvin.runtime.south.plugins.storage.twistedimpl.securedht.append_server import *
from calvin.runtime.south.plugins.storage.twistedimpl.securedht.dht_server import *
from calvin.runtime.south.plugins.storage.twistedimpl.securedht.service_discovery_ssdp import *
from calvin.runtime.south.plugins.storage.twistedimpl.securedht.dht_server_commons import drawNetworkState
from kademlia.node import Node
from kademlia.utils import deferredDict, digest
from calvin.runtime.south.plugins.async import threads
from calvin.utilities import calvinconfig
_conf = calvinconfig.get()
_conf.add_section("security")
_conf_file = os.path.join(get_home(), ".calvin/security/test/openssl.conf")
_conf.set("security", "certificate_conf", _conf_file)
_conf.set("security", "certificate_domain", "test")
_cert_conf = None
_log = calvinlogger.get_logger(__name__)
name = "node1:"
@pytest.fixture(scope="session", autouse=True)
def cleanup(request):
def fin():
reactor.callFromThread(reactor.stop)
request.addfinalizer(fin)
def sign_files_for_security_tests(credentials_testdir):
from calvin.utilities import code_signer
from calvin.utilities.utils import get_home
from calvin.utilities import certificate
import shutil
def replace_text_in_file(file_path, text_to_be_replaced, text_to_insert):
# Read in the file
filedata = None
with open(file_path, 'r') as file :
filedata = file.read()
# Replace the target string
filedata = filedata.replace(text_to_be_replaced, text_to_insert)
# Write the file out again
with open(file_path, 'w') as file:
file.write(filedata)
def _copy_and_sign_actor(prefix, file_name):
#Create signed version of the actor
directory = os.path.join(actor_store_path, prefix)
if not os.path.isdir(directory):
os.makedirs(directory)
shutil.copy(os.path.join(orig_actor_store_path, prefix, "__init__.py"), os.path.join(actor_store_path, prefix, "__init__.py"))
orig_actor_path = os.path.join(orig_actor_store_path, prefix, file_name)
new_actor_path = os.path.join(actor_store_path, prefix, file_name)
shutil.copy(orig_actor_path, new_actor_path)
cs.sign_file(new_actor_path)
return new_actor_path
homefolder = get_home()
runtimesdir = os.path.join(credentials_testdir,"runtimes")
runtimes_truststore_signing_path = os.path.join(runtimesdir,"truststore_for_signing")
orig_testdir = os.path.join(os.path.dirname(__file__), "security_test")
orig_actor_store_path = os.path.abspath(os.path.join(os.path.dirname( __file__ ), '..', 'actorstore','systemactors'))
actor_store_path = os.path.join(credentials_testdir, "store")
orig_application_store_path = os.path.join(orig_testdir, "scripts")
application_store_path = os.path.join(credentials_testdir, "scripts")
print "Create test folders"
try:
shutil.copytree(orig_application_store_path, application_store_path)
except Exception as err:
_log.error("Failed to create test folder structure, err={}".format(err))
print "Failed to create test folder structure, err={}".format(err)
raise
print "Trying to create a new test application/actor signer."
cs = code_signer.CS(organization="com.ericsson", commonName="signer", security_dir=credentials_testdir)
_copy_and_sign_actor("flow", "Alternate.py")
_copy_and_sign_actor("flow", "Alternate2.py")
_copy_and_sign_actor("flow", "Collect.py")
_copy_and_sign_actor("flow", "CollectCompleteDict.py")
_copy_and_sign_actor("flow", "Dealternate.py")
_copy_and_sign_actor("flow", "Deselect.py")
_copy_and_sign_actor("flow", "Dispatch.py")
_copy_and_sign_actor("flow", "DispatchDict.py")
_copy_and_sign_actor("flow", "Join.py")
_copy_and_sign_actor("flow", "Void.py")
_copy_and_sign_actor("flow", "Select.py")
_copy_and_sign_actor("flow", "Terminator.py")
_copy_and_sign_actor("io", "FileReader.py")
_copy_and_sign_actor("misc", "ExplicitStateExample.py")
_copy_and_sign_actor("std","Counter.py")
_copy_and_sign_actor("std","Constant.py")
_copy_and_sign_actor("std","Constantify.py")
_copy_and_sign_actor("std","Compare.py")
_copy_and_sign_actor("std","Identity.py")
_copy_and_sign_actor("std","Stringify.py")
_copy_and_sign_actor("std","Trigger.py")
actor_CountTimer_path = _copy_and_sign_actor("std","CountTimer.py")
actor_Sum_path = _copy_and_sign_actor("std","Sum.py")
_copy_and_sign_actor("test","FiniteCounter.py")
_copy_and_sign_actor("test","TestProcess.py")
actor_Sink_path = _copy_and_sign_actor("test","Sink.py")
_copy_and_sign_actor("text","LineJoin.py")
_copy_and_sign_actor("text","PrefixString.py")
_copy_and_sign_actor("text","RegexMatch.py")
_copy_and_sign_actor("exception","ExceptionHandler.py")
#Create unsigned version of CountTimer actor
actor_CountTimerUnsigned_path = actor_CountTimer_path.replace(".py", "Unsigned.py")
shutil.copy(actor_CountTimer_path, actor_CountTimerUnsigned_path)
replace_text_in_file(actor_CountTimerUnsigned_path, "CountTimer", "CountTimerUnsigned")
#Create unsigned version of Sum actor
actor_SumUnsigned_path = actor_Sum_path.replace(".py", "Unsigned.py")
shutil.copy(actor_Sum_path, actor_SumUnsigned_path)
replace_text_in_file(actor_SumUnsigned_path, "Sum", "SumUnsigned")
#Create incorrectly signed version of Sum actor
actor_SumFake_path = actor_Sum_path.replace(".py", "Fake.py")
shutil.copy(actor_Sum_path, actor_SumFake_path)
#Change the class name to SumFake
replace_text_in_file(actor_SumFake_path, "Sum", "SumFake")
cs.sign_file(actor_SumFake_path)
#Now append to the signed file so the signature verification fails
with open(actor_SumFake_path, "a") as fd:
fd.write(" ")
#Create unsigned version of Sink actor
actor_SinkUnsigned_path = actor_Sink_path.replace(".py", "Unsigned.py")
shutil.copy(actor_Sink_path, actor_SinkUnsigned_path)
replace_text_in_file(actor_SinkUnsigned_path, "Sink", "SinkUnsigned")
#Sign applications
cs.sign_file(os.path.join(application_store_path, "correctly_signed.calvin"))
cs.sign_file(os.path.join(application_store_path, "correctlySignedApp_incorrectlySignedActor.calvin"))
cs.sign_file(os.path.join(application_store_path, "incorrectly_signed.calvin"))
#Now append to the signed file so the signature verification fails
with open(os.path.join(application_store_path, "incorrectly_signed.calvin"), "a") as fd:
fd.write(" ")
print "Export Code Signers certificate to the truststore for code signing"
out_file = cs.export_cs_cert(runtimes_truststore_signing_path)
certificate.c_rehash(type=certificate.TRUSTSTORE_SIGN, security_dir=credentials_testdir)
return actor_store_path, application_store_path
def setup(request):
# Create 3 test nodes per storage type
print "###SETUP"
tunnels = {}
nodes = {}
for ti in range(len(storage_types)):
nodes[storage_types[ti]] = [calvin.tests.TestNode(["calvinip://127.0.0.1:50{}{}".format(ti, i)]) for i in range(3)]
def prep_node(stype, n):
n.storage = storage.Storage(n)
if stype == "proxy":
try:
n.network = DummyNetwork(n)
n.proto = DummyProto(n)
except:
traceback.print_exc()
if stype != "notstarted" :
cb, d = create_callback(timeout=10, test_part=stype + " start")
n.storage.start(cb=cb)
return d
all_started = []
for ti in range(len(storage_types)):
stype = storage_types[ti]
if stype == "dht":
try:
_conf.set('global', 'storage_type', 'dht')
all_started.extend(map(partial(prep_node, stype), nodes[stype]))
except:
traceback.print_exc()
elif stype == "securedht":
try:
homefolder = get_home()
credentials_testdir = os.path.join(homefolder, ".calvin","test_all_storage_dir")
runtimesdir = os.path.join(credentials_testdir,"runtimes")
security_testdir = os.path.join(os.path.dirname(__file__), "security_test")
domain_name="test_security_domain"
code_signer_name="test_signer"
orig_identity_provider_path = os.path.join(security_testdir,"identity_provider")
identity_provider_path = os.path.join(credentials_testdir, "identity_provider")
policy_storage_path = os.path.join(security_testdir, "policies")
try:
shutil.rmtree(credentials_testdir)
except Exception as err:
print "Failed to remove old tesdir, err={}".format(err)
pass
try:
shutil.copytree(orig_identity_provider_path, identity_provider_path)
except Exception as err:
_log.error("Failed to copy the identity provider files, err={}".format(err))
raise
runtimes = helpers.create_CA_and_generate_runtime_certs(domain_name, credentials_testdir, 3)
for r, n in zip(runtimes, nodes[stype]):
n.attributes = attribute_resolver.AttributeResolver(r['attributes'])
n.enrollment_password = r['enrollment_password']
n.id = r['id']
n.runtime_credentials = r['credentials']
n.node_name = r['node_name']
#print "###RUNTIMES", runtimes
_conf.add_section("security")
_conf.set('security', 'security_dir', credentials_testdir)
_conf.set('global','storage_type','securedht')
all_started.extend(map(partial(prep_node, stype), nodes[stype]))
_conf.remove_section("security")
except:
traceback.print_exc()
elif stype == "notstarted":
_conf.set('global', 'storage_type', 'dht')
map(partial(prep_node, stype), nodes[stype])
elif stype == "sql":
_conf.set('global', 'storage_type', 'sql')
_conf.set('global', 'storage_sql', {}) # Use the default, i.e. local passwd-less root mysql DB
all_started.extend(map(partial(prep_node, stype), nodes[stype]))
elif stype == "proxy":
# Setting up proxy storage for testing is a bit complicated
# We short circuit so that fake tunnels' send directly calls peer's receive-method
# The master (0) is setup as local and the others (1,2) as proxy
# Give the master node ref to the proxies (to be used in fake network, proto & tunnel)
nodes["proxy"][1].master_node = nodes["proxy"][0]
nodes["proxy"][2].master_node = nodes["proxy"][0]
# Create fake tunnels
for n2 in nodes["proxy"]:
tt = {}
for n1 in nodes["proxy"]:
if n1 != n2:
tt[n1.id] = FakeTunnel(
DummyNetwork(n1),
tt,
n1.id,
'storage',
None,
rt_id=n2.id,
id=calvinuuid.uuid("TUNNEL"))
tunnels[n2.id] = tt
n2.tunnels = tunnels
# Give a tunnel its peers tunnel
for n2 in nodes["proxy"]:
for n1 in nodes["proxy"]:
if n1 != n2:
tunnels[n2.id][n1.id]._peers_fake_tunnel = tunnels[n1.id][n2.id]
# Start master
_conf.set('global', 'storage_type', 'local')
prep_node(stype, nodes[stype][0])
# Inform master it has 2 proxy storage clients
[nodes[stype][0].storage.tunnel_request_handles(t) for t in tunnels[nodes[stype][0].id].values()]
# Start proxies
_conf.set('global', 'storage_type', 'proxy')
_conf.set('global', 'storage_proxy', nodes[stype][0].uris[0])
all_started.extend(map(partial(prep_node, stype), nodes[stype][1:]))
# Inform proxy that it is connected, first wait until up_handler set
count = 0
while (tunnels[nodes[stype][1].id][nodes[stype][0].id].up_handler is None or
tunnels[nodes[stype][2].id][nodes[stype][0].id].up_handler is None) and count < 100:
pytest.blockon(threads.defer_to_thread(time.sleep, 0.1))
count += 1
tunnels[nodes[stype][1].id][nodes[stype][0].id].up_handler()
tunnels[nodes[stype][2].id][nodes[stype][0].id].up_handler()
dl = defer.DeferredList(all_started)
print time.time()
try:
pytest.blockon(dl)
except:
print "### Some storage plugins might have failed to start! ###"
traceback.print_exc()
print time.time()
def teardown():
print "#####TEARDOWN"
all_stopped = []
for ntypes in nodes.values():
for n in ntypes:
cb, d = create_callback(timeout=10)
n.storage.stop(cb=cb)
all_stopped.append(d)
dl = defer.DeferredList(all_stopped)
try:
pytest.blockon(dl)
except:
print "### Some storage plugins might have failed to stopp ###"
traceback.print_exc()
request.addfinalizer(teardown)
return {"nodes": nodes}
from calvin.utilities.utils import get_home from calvin.utilities.attribute_resolver import AttributeResolver from calvin.utilities import calvinuuid from calvin.runtime.north.authentication.authentication_retrieval_point import FileAuthenticationRetrievalPoint from . import helpers import os import json import copy from calvin.utilities import calvinlogger from calvin.utilities import calvinconfig _log = calvinlogger.get_logger(__name__) _conf = calvinconfig.get() homefolder = get_home() credentials_testdir = os.path.join(homefolder, ".calvin","test_authorization_authentication_dir") runtimesdir = os.path.join(credentials_testdir,"runtimes") security_testdir = os.path.join(os.path.dirname(__file__), "security_test") domain_name="test_security_domain" code_signer_name="test_signer" orig_identity_provider_path = os.path.join(security_testdir,"identity_provider") identity_provider_path = os.path.join(credentials_testdir, "identity_provider") policy_storage_path = os.path.join(security_testdir, "policies") orig_actor_store_path = os.path.abspath(os.path.join(os.path.dirname( __file__ ), '..', 'actorstore','systemactors')) actor_store_path = os.path.join(credentials_testdir, "store") orig_application_store_path = os.path.join(security_testdir, "scripts") application_store_path = os.path.join(credentials_testdir, "scripts") NBR_OF_RUNTIMES=3
from calvin.runtime.south.storage.twistedimpl.securedht.dht_server import *
from calvin.runtime.south.storage.twistedimpl.securedht.service_discovery_ssdp import *
from calvin.runtime.south.storage.twistedimpl.securedht.dht_server_commons import drawNetworkState
from kademlia.node import Node
from kademlia.utils import deferredDict, digest
from calvin.runtime.south. async import threads
from calvin.utilities import calvinconfig
import socket
from calvin.tests.helpers import get_ip_addr
ip_addr = get_ip_addr()
_log = calvinlogger.get_logger(__name__)
name = "node4:"
homefolder = get_home()
domain = "sec-dht-security-test"
testdir = os.path.join(homefolder, ".calvin", "sec_dht_security_test")
configdir = os.path.join(testdir, domain)
runtimesdir = os.path.join(testdir, "runtimes")
runtimes_truststore = os.path.join(runtimesdir, "truststore_for_transport")
_conf = calvinconfig.get()
_conf.add_section("security")
_conf.set('security', "runtimes_path", runtimesdir)
_conf.set('security', "domain_name", domain)
_conf.set('security', "security_path", testdir)
@pytest.fixture(scope="session", autouse=True)
def cleanup(request):
def setup(self, request):
from calvin.Tools.csruntime import csruntime
from conftest import _config_pytest
homefolder = get_home()
domain = "rttest"
testdir = os.path.join(homefolder, ".calvin", "sec_dht_test")
configdir = os.path.join(testdir, domain)
runtimesdir = os.path.join(testdir, "runtimes")
runtimes_truststore = os.path.join(runtimesdir,
"truststore_for_transport")
try:
shutil.rmtree(testdir)
except:
print "Failed to remove old tesdir"
pass
try:
os.mkdir(testdir)
os.mkdir(configdir)
os.mkdir(runtimesdir)
os.mkdir(runtimes_truststore)
except:
print "Failed to create test folder structure"
pass
print "Trying to create a new test domain configuration."
ca = certificate_authority.CA(domain=domain,
commonName="sec-dht-test-CA",
security_dir=testdir)
print "Reading configuration successfull."
print "Copy CA cert into truststore of runtimes folder"
ca.export_ca_cert(runtimes_truststore)
ca_original_backup = os.path.join(homefolder, ".calvin",
"sec_dht_test_backup", domain)
try:
shutil.rmtree(ca_original_backup)
except:
pass
# copy other setup and remove private directory and openssl.conf file
# shutil.copytree(configdir, ca_original_backup)
# shutil.rmtree(os.path.join(configdir, "private"))
# configfile=os.path.join(configdir, "openssl.conf")
# os.remove(configfile)
# print "Trying to create a second test domain configuration."
# testconfig = certificate_authority.CA(domain=domain, security_dir=testdir)
global rt1
global rt2
global rt3
global test_script_dir
rt_conf = copy.deepcopy(_conf)
rt_conf.set('global', 'storage_type', 'securedht')
rt_conf.add_section('security')
rt_conf.set('security', "runtimes_path", runtimesdir)
rt_conf.set('security', "security_domain_name", domain)
rt_conf.set('security', "security_path", testdir)
rt_conf.save("/tmp/calvin1.conf")
rt_conf2 = copy.deepcopy(rt_conf)
rt_conf2.set('global', 'actor_paths',
[absolute_filename('test_store')])
rt_conf2.set('global', 'capabilities_blacklist',
['calvinsys.events.timer'])
rt_conf2.save("/tmp/calvin2.conf")
rt_ca_conf = copy.deepcopy(rt_conf)
rt_ca_conf.set('security', "certificate_authority", "True")
rt_ca_conf.save("/tmp/calvin_ca.conf")
try:
logfile = _config_pytest.getoption("logfile") + "5000"
outfile = os.path.join(
os.path.dirname(logfile),
os.path.basename(logfile).replace("log", "out"))
if outfile == logfile:
outfile = None
except:
logfile = None
outfile = None
csruntime(ip_addr,
port=5000,
controlport=5003,
attr={
'indexed_public': {
'owner': {
'organization': 'org.testexample',
'personOrGroup': 'testOwner1'
},
'node_name': {
'name': 'node0'
},
'address': {
'country': 'SE',
'locality': 'testCity',
'street': 'testStreet',
'streetNumber': 1
}
}
},
loglevel=_config_pytest.getoption("loglevel"),
logfile=logfile,
outfile=outfile,
configfile="/tmp/calvin_ca.conf")
rt1 = RT("http://%s:5003" % ip_addr)
try:
logfile = _config_pytest.getoption("logfile") + "5001"
outfile = os.path.join(
os.path.dirname(logfile),
os.path.basename(logfile).replace("log", "out"))
if outfile == logfile:
outfile = None
except:
logfile = None
outfile = None
csruntime(ip_addr,
port=5001,
controlport=5004,
attr={
'indexed_public': {
'owner': {
'organization': 'org.testexample',
'personOrGroup': 'testOwner1'
},
'node_name': {
'name': 'node1'
},
'address': {
'country': 'SE',
'locality': 'testCity',
'street': 'testStreet',
'streetNumber': 1
}
}
},
loglevel=_config_pytest.getoption("loglevel"),
logfile=logfile,
outfile=outfile,
configfile="/tmp/calvin1.conf")
rt2 = RT("http://%s:5004" % ip_addr)
try:
logfile = _config_pytest.getoption("logfile") + "5002"
outfile = os.path.join(
os.path.dirname(logfile),
os.path.basename(logfile).replace("log", "out"))
if outfile == logfile:
outfile = None
except:
logfile = None
outfile = None
csruntime(ip_addr,
port=5002,
controlport=5005,
attr={
'indexed_public': {
'owner': {
'organization': 'org.testexample',
'personOrGroup': 'testOwner1'
},
'node_name': {
'name': 'node2'
},
'address': {
'country': 'SE',
'locality': 'testCity',
'street': 'testStreet',
'streetNumber': 1
}
}
},
loglevel=_config_pytest.getoption("loglevel"),
logfile=logfile,
outfile=outfile,
configfile="/tmp/calvin2.conf")
rt3 = RT("http://%s:5005" % ip_addr)
test_script_dir = absolute_filename('scripts/')
request.addfinalizer(self.teardown)
