def test_hyperrelation(self): policyManager = ConfigPolicyManager("policy_config/hyperrelation_ruleset.conf") dataName = Name('/SecurityTestSecRule/Basic/Longer/Data2') data1 = Data(dataName) data2 = Data(dataName) matchedRule = policyManager._findMatchingRule(dataName, 'data') self.keyChain.sign(data1, self.defaultCertName) self.keyChain.sign(data2, self.shortCertName) signatureName1 = data1.getSignature().getKeyLocator().getKeyName() signatureName2 = data2.getSignature().getKeyLocator().getKeyName() self.assertTrue(policyManager._checkSignatureMatch(signatureName1, dataName, matchedRule)) self.assertFalse(policyManager._checkSignatureMatch(signatureName2, dataName, matchedRule)) dataName = Name('/SecurityTestSecRule/Basic/Other/Data1') data1 = Data(dataName) data2 = Data(dataName) matchedRule = policyManager._findMatchingRule(dataName, 'data') self.keyChain.sign(data1, self.defaultCertName) self.keyChain.sign(data2, self.shortCertName) signatureName1 = data1.getSignature().getKeyLocator().getKeyName() signatureName2 = data2.getSignature().getKeyLocator().getKeyName() self.assertFalse(policyManager._checkSignatureMatch(signatureName1, dataName, matchedRule)) self.assertTrue(policyManager._checkSignatureMatch(signatureName2, dataName, matchedRule))
def test_hyperrelation(self): policyManager = ConfigPolicyManager("policy_config/hyperrelation_ruleset.conf") dataName = Name('/SecurityTestSecRule/Basic/Longer/Data2') data1 = Data(dataName) data2 = Data(dataName) matchedRule = policyManager._findMatchingRule(dataName, 'data') self.keyChain.sign(data1, self.defaultCertName) self.keyChain.sign(data2, self.shortCertName) signatureName1 = data1.getSignature().getKeyLocator().getKeyName() signatureName2 = data2.getSignature().getKeyLocator().getKeyName() self.assertTrue(policyManager._checkSignatureMatch(signatureName1, dataName, matchedRule)) self.assertFalse(policyManager._checkSignatureMatch(signatureName2, dataName, matchedRule)) dataName = Name('/SecurityTestSecRule/Basic/Other/Data1') data1 = Data(dataName) data2 = Data(dataName) matchedRule = policyManager._findMatchingRule(dataName, 'data') self.keyChain.sign(data1, self.defaultCertName) self.keyChain.sign(data2, self.shortCertName) signatureName1 = data1.getSignature().getKeyLocator().getKeyName() signatureName2 = data2.getSignature().getKeyLocator().getKeyName() self.assertFalse(policyManager._checkSignatureMatch(signatureName1, dataName, matchedRule)) self.assertTrue(policyManager._checkSignatureMatch(signatureName2, dataName, matchedRule))
def test_checker_hierarchical(self): policyManager = ConfigPolicyManager( "policy_config/hierarchical_ruleset.conf") dataName1 = Name('/SecurityTestSecRule/Basic/Data1') dataName2 = Name('/SecurityTestSecRule/Basic/Longer/Data2') data1 = Data(dataName1) data2 = Data(dataName2) matchedRule = policyManager._findMatchingRule(dataName1, 'data') self.assertEqual(matchedRule, policyManager._findMatchingRule(dataName2, 'data')) self.keyChain.sign(data1, self.defaultCertName) self.keyChain.sign(data2, self.defaultCertName) signatureName1 = data1.getSignature().getKeyLocator().getKeyName() signatureName2 = data2.getSignature().getKeyLocator().getKeyName() failureReason = ["unknown"] self.assertFalse( policyManager._checkSignatureMatch(signatureName1, dataName1, matchedRule, failureReason), "Hierarchical matcher matched short data name to long key name") self.assertTrue( policyManager._checkSignatureMatch(signatureName2, dataName2, matchedRule, failureReason)) self.keyChain.sign(data1, self.shortCertName) self.keyChain.sign(data2, self.shortCertName) signatureName1 = data1.getSignature().getKeyLocator().getKeyName() signatureName2 = data2.getSignature().getKeyLocator().getKeyName() self.assertTrue( policyManager._checkSignatureMatch(signatureName1, dataName1, matchedRule, failureReason)) self.assertTrue( policyManager._checkSignatureMatch(signatureName2, dataName2, matchedRule, failureReason))
def test_checker_hierarchical(self): policyManager = ConfigPolicyManager("policy_config/hierarchical_ruleset.conf") dataName1 = Name('/SecurityTestSecRule/Basic/Data1') dataName2 = Name('/SecurityTestSecRule/Basic/Longer/Data2') data1 = Data(dataName1) data2 = Data(dataName2) matchedRule = policyManager._findMatchingRule(dataName1, 'data') self.assertEqual(matchedRule, policyManager._findMatchingRule(dataName2, 'data')) self.keyChain.sign(data1, self.defaultCertName) self.keyChain.sign(data2, self.defaultCertName) signatureName1 = data1.getSignature().getKeyLocator().getKeyName() signatureName2 = data2.getSignature().getKeyLocator().getKeyName() failureReason = ["unknown"] self.assertFalse(policyManager._checkSignatureMatch(signatureName1, dataName1, matchedRule, failureReason), "Hierarchical matcher matched short data name to long key name") self.assertTrue(policyManager._checkSignatureMatch(signatureName2, dataName2, matchedRule, failureReason)) self.keyChain.sign(data1, self.shortCertName) self.keyChain.sign(data2, self.shortCertName) signatureName1 = data1.getSignature().getKeyLocator().getKeyName() signatureName2 = data2.getSignature().getKeyLocator().getKeyName() self.assertTrue(policyManager._checkSignatureMatch(signatureName1, dataName1, matchedRule, failureReason)) self.assertTrue(policyManager._checkSignatureMatch(signatureName2, dataName2, matchedRule, failureReason))