class TestSqlIdentityStorage(ut.TestCase): def setUp(self): # Reuse the policy_config subdirectory for the temporary SQLite file. self.databaseFilePath = "policy_config/test-public-info.db" try: os.remove(self.databaseFilePath) except OSError: # no such file pass self.identityStorage = BasicIdentityStorage(self.databaseFilePath) self.identityManager = IdentityManager(self.identityStorage, FilePrivateKeyStorage()) self.policyManager = SelfVerifyPolicyManager(self.identityStorage) self.keyChain = KeyChain(self.identityManager, self.policyManager) def tearDown(self): try: os.remove(self.databaseFilePath) except OSError: pass def test_identity_create_delete(self): identityName = Name('/TestIdentityStorage/Identity').appendVersion( int(time.time())) certificateName = self.keyChain.createIdentityAndCertificate( identityName) keyName = IdentityCertificate.certificateNameToPublicKeyName( certificateName) self.assertTrue(self.identityStorage.doesIdentityExist(identityName), "Identity was not added to IdentityStorage") self.assertIsNotNone(keyName, "New identity has no key") self.assertTrue(self.identityStorage.doesKeyExist(keyName), "Key was not added to IdentityStorage") self.assertIsNotNone(certificateName, "Certificate was not added to IdentityStorage") self.keyChain.deleteIdentity(identityName) self.assertFalse(self.identityStorage.doesIdentityExist(identityName), "Identity still in IdentityStorage after revoking") self.assertFalse( self.identityStorage.doesKeyExist(keyName), "Key still in IdentityStorage after identity was deletedInfo") self.assertFalse( self.identityStorage.doesCertificateExist(certificateName), "Certificate still in IdentityStorage after identity was deletedInfo" ) with self.assertRaises(SecurityException): self.identityManager.getDefaultCertificateNameForIdentity( identityName) def test_key_create_delete(self): identityName = Name('/TestIdentityStorage/Identity').appendVersion( int(time.time())) keyName1 = self.keyChain.generateRSAKeyPair(identityName, True) self.keyChain.getIdentityManager().setDefaultKeyForIdentity(keyName1) keyName2 = self.keyChain.generateRSAKeyPair(identityName, False) self.assertEqual( self.identityManager.getDefaultKeyNameForIdentity(identityName), keyName1, "Default key name was changed without explicit request") self.assertNotEqual( self.identityManager.getDefaultKeyNameForIdentity(identityName), keyName2, "Newly created key replaced default key without explicit request") self.identityStorage.deletePublicKeyInfo(keyName2) self.assertFalse(self.identityStorage.doesKeyExist(keyName2)) self.keyChain.deleteIdentity(identityName) def test_key_autocreate_identity(self): keyName1 = Name('/TestSqlIdentityStorage/KeyType/RSA/ksk-12345') identityName = keyName1[:-1] decodedKey = base64.b64decode(RSA_DER) self.identityStorage.addKey(keyName1, KeyType.RSA, Blob(decodedKey)) self.identityStorage.setDefaultKeyNameForIdentity(keyName1) self.assertTrue(self.identityStorage.doesKeyExist(keyName1), "Key was not added") self.assertTrue(self.identityStorage.doesIdentityExist(identityName), "Identity for key was not automatically created") self.assertEqual( self.identityManager.getDefaultKeyNameForIdentity(identityName), keyName1, "Default key was not set on identity creation") with self.assertRaises(SecurityException): self.identityStorage.getDefaultCertificateNameForKey(keyName1) with self.assertRaises(SecurityException): # we have no private key for signing self.identityManager.selfSign(keyName1) with self.assertRaises(SecurityException): self.identityStorage.getDefaultCertificateNameForKey(keyName1) with self.assertRaises(SecurityException): self.identityManager.getDefaultCertificateNameForIdentity( identityName) keyName2 = self.identityManager.generateRSAKeyPairAsDefault( identityName) cert = self.identityManager.selfSign(keyName2) self.identityManager.addCertificateAsIdentityDefault(cert) certName1 = self.identityManager.getDefaultCertificateNameForIdentity( identityName) certName2 = self.identityStorage.getDefaultCertificateNameForKey( keyName2) self.assertEqual( certName1, certName2, "Key-certificate mapping and identity-certificate mapping are not consistent" ) self.keyChain.deleteIdentity(identityName) self.assertFalse(self.identityStorage.doesKeyExist(keyName1)) def test_certificate_add_delete(self): identityName = Name('/TestIdentityStorage/Identity').appendVersion( int(time.time())) self.identityManager.createIdentityAndCertificate( identityName, KeyChain.DEFAULT_KEY_PARAMS) keyName1 = self.identityManager.getDefaultKeyNameForIdentity( identityName) cert2 = self.identityManager.selfSign(keyName1) self.identityStorage.addCertificate(cert2) certName2 = cert2.getName() certName1 = self.identityManager.getDefaultCertificateNameForIdentity( identityName) self.assertNotEqual( certName1, certName2, "New certificate was set as default without explicit request") self.identityStorage.deleteCertificateInfo(certName1) self.assertTrue(self.identityStorage.doesCertificateExist(certName2)) self.assertFalse(self.identityStorage.doesCertificateExist(certName1)) self.keyChain.deleteIdentity(identityName) self.assertFalse(self.identityStorage.doesCertificateExist(certName2)) def test_stress(self): # ndn-cxx/tests/unit-tests/security/test-sec-public-info-sqlite3.cpp identityName = Name("/TestSecPublicInfoSqlite3/Delete").appendVersion( int(time.time())) # ndn-cxx returns the cert name, but the IndentityManager docstring # specifies a key certName1 = self.keyChain.createIdentityAndCertificate(identityName) keyName1 = IdentityCertificate.certificateNameToPublicKeyName( certName1) keyName2 = self.keyChain.generateRSAKeyPairAsDefault(identityName) cert2 = self.identityManager.selfSign(keyName2) certName2 = cert2.getName() self.identityManager.addCertificateAsDefault(cert2) keyName3 = self.keyChain.generateRSAKeyPairAsDefault(identityName) cert3 = self.identityManager.selfSign(keyName3) certName3 = cert3.getName() self.identityManager.addCertificateAsDefault(cert3) cert4 = self.identityManager.selfSign(keyName3) self.identityManager.addCertificateAsDefault(cert4) certName4 = cert4.getName() cert5 = self.identityManager.selfSign(keyName3) self.identityManager.addCertificateAsDefault(cert5) certName5 = cert5.getName() self.assertTrue(self.identityStorage.doesIdentityExist(identityName)) self.assertTrue(self.identityStorage.doesKeyExist(keyName1)) self.assertTrue(self.identityStorage.doesKeyExist(keyName2)) self.assertTrue(self.identityStorage.doesKeyExist(keyName3)) self.assertTrue(self.identityStorage.doesCertificateExist(certName1)) self.assertTrue(self.identityStorage.doesCertificateExist(certName2)) self.assertTrue(self.identityStorage.doesCertificateExist(certName3)) self.assertTrue(self.identityStorage.doesCertificateExist(certName4)) self.assertTrue(self.identityStorage.doesCertificateExist(certName5)) self.identityStorage.deleteCertificateInfo(certName5) self.assertFalse(self.identityStorage.doesCertificateExist(certName5)) self.assertTrue(self.identityStorage.doesCertificateExist(certName4)) self.assertTrue(self.identityStorage.doesCertificateExist(certName3)) self.assertTrue(self.identityStorage.doesKeyExist(keyName2)) self.identityStorage.deletePublicKeyInfo(keyName3) self.assertFalse(self.identityStorage.doesCertificateExist(certName4)) self.assertFalse(self.identityStorage.doesCertificateExist(certName3)) self.assertFalse(self.identityStorage.doesKeyExist(keyName3)) self.assertTrue(self.identityStorage.doesKeyExist(keyName2)) self.assertTrue(self.identityStorage.doesKeyExist(keyName1)) self.assertTrue(self.identityStorage.doesIdentityExist(identityName)) self.keyChain.deleteIdentity(identityName) self.assertFalse(self.identityStorage.doesCertificateExist(certName2)) self.assertFalse(self.identityStorage.doesKeyExist(keyName2)) self.assertFalse(self.identityStorage.doesCertificateExist(certName1)) self.assertFalse(self.identityStorage.doesKeyExist(keyName1)) self.assertFalse(self.identityStorage.doesIdentityExist(identityName))
class TestConfigPolicyManager(ut.TestCase): def setUp(self): testCertDirectory = 'policy_config/certs' self.testCertFile = os.path.join(testCertDirectory, 'test.cert') self.identityStorage = MemoryIdentityStorage() self.privateKeyStorage = MemoryPrivateKeyStorage() self.identityManager = IdentityManager(self.identityStorage, self.privateKeyStorage) self.policyManager = ConfigPolicyManager('policy_config/simple_rules.conf') self.identityName = Name('/TestConfigPolicyManager/temp') # to match the anchor cert keyName = Name(self.identityName).append('ksk-1416010123') self.privateKeyStorage.setKeyPairForKeyName( keyName, KeyType.RSA, TEST_RSA_PUBLIC_KEY_DER, TEST_RSA_PRIVATE_KEY_DER) self.identityStorage.addKey( keyName, KeyType.RSA, Blob(TEST_RSA_PUBLIC_KEY_DER)) cert = self.identityManager.selfSign(keyName) self.identityStorage.setDefaultKeyNameForIdentity(keyName) self.identityManager.addCertificateAsDefault(cert) self.keyChain = KeyChain(self.identityManager, self.policyManager) self.keyName = keyName self.face = Face() def tearDown(self): self.privateKeyStorage.deleteKeyPair(self.keyName) self.face.shutdown() try: os.remove(self.testCertFile) except OSError: pass def test_no_verify(self): policyManager = NoVerifyPolicyManager() identityName = Name('TestValidator/Null').appendVersion(int(time.time())) keyChain = KeyChain(self.identityManager, policyManager) keyChain.createIdentityAndCertificate(identityName) data = Data(Name(identityName).append('data')) keyChain.signByIdentity(data, identityName) vr = doVerify(policyManager, data) self.assertFalse(vr.hasFurtherSteps, "NoVerifyPolicyManager returned a ValidationRequest") self.assertEqual(vr.failureCount, 0, "Verification failed with NoVerifyPolicyManager") self.assertEqual(vr.successCount, 1, "Verification success called {} times instead of 1".format( vr.successCount)) def test_self_verification(self): policyManager = SelfVerifyPolicyManager(self.identityStorage) keyChain = KeyChain(self.identityManager, policyManager) identityName = Name('TestValidator/RsaSignatureVerification') keyChain.createIdentityAndCertificate(identityName) data = Data(Name('/TestData/1')) keyChain.signByIdentity(data, identityName) vr = doVerify(policyManager, data) self.assertFalse(vr.hasFurtherSteps, "SelfVerifyPolicyManager returned a ValidationRequest") self.assertEqual(vr.failureCount, 0, "Verification of identity-signed data failed") self.assertEqual(vr.successCount, 1, "Verification success called {} times instead of 1".format( vr.successCount)) data2 = Data(Name('/TestData/2')) vr = doVerify(policyManager, data2) self.assertFalse(vr.hasFurtherSteps, "SelfVerifyPolicyManager returned a ValidationRequest") self.assertEqual(vr.successCount, 0, "Verification of unsigned data succeeded") self.assertEqual(vr.failureCount, 1, "Verification failure callback called {} times instead of 1".format( vr.failureCount)) def test_interest_timestamp(self): interestName = Name('/ndn/ucla/edu/something') certName = self.identityManager.getDefaultCertificateNameForIdentity( self.identityName) self.face.setCommandSigningInfo(self.keyChain, certName) oldInterest = Interest(interestName) self.face.makeCommandInterest(oldInterest) time.sleep(0.1) # make sure timestamps are different newInterest = Interest(interestName) self.face.makeCommandInterest(newInterest) vr = doVerify(self.policyManager, newInterest) self.assertFalse(vr.hasFurtherSteps, "ConfigPolicyManager returned ValidationRequest but certificate is known") self.assertEqual(vr.failureCount, 0, "Verification of valid interest failed") self.assertEqual(vr.successCount, 1, "Verification success called {} times instead of 1".format( vr.successCount)) vr = doVerify(self.policyManager, oldInterest) self.assertFalse(vr.hasFurtherSteps, "ConfigPolicyManager returned ValidationRequest but certificate is known") self.assertEqual(vr.successCount, 0, "Verification of stale interest succeeded") self.assertEqual(vr.failureCount, 1, "Failure callback called {} times instead of 1".format( vr.failureCount)) def _removeFile(self, filename): try: os.remove(filename) except OSError: # no such file pass def test_refresh_10s(self): with open('policy_config/testData', 'r') as dataFile: encodedData = dataFile.read() data = Data() dataBlob = Blob(b64decode(encodedData)) data.wireDecode(dataBlob) # needed, since the KeyChain will express interests in unknown # certificates vr = doVerify(self.policyManager, data) self.assertTrue(vr.hasFurtherSteps, "ConfigPolicyManager did not create ValidationRequest for unknown certificate") self.assertEqual(vr.successCount, 0, "ConfigPolicyManager called success callback with pending ValidationRequest") self.assertEqual(vr.failureCount, 0, "ConfigPolicyManager called failure callback with pending ValidationRequest") # now save the cert data to our anchor directory, and wait # we have to sign it with the current identity or the # policy manager will create an interest for the signing certificate with open(self.testCertFile, 'w') as certFile: cert = IdentityCertificate() certData = b64decode(CERT_DUMP) cert.wireDecode(Blob(certData, False)) self.keyChain.signByIdentity(cert, self.identityName) encodedCert = b64encode(cert.wireEncode().toBytes()) certFile.write(Blob(encodedCert, False).toRawStr()) # still too early for refresh to pick it up vr = doVerify(self.policyManager, data) self.assertTrue(vr.hasFurtherSteps, "ConfigPolicyManager refresh occured sooner than specified") self.assertEqual(vr.successCount, 0, "ConfigPolicyManager called success callback with pending ValidationRequest") self.assertEqual(vr.failureCount, 0, "ConfigPolicyManager called failure callback with pending ValidationRequest") time.sleep(6) # now we should find it vr = doVerify(self.policyManager, data) self.assertFalse(vr.hasFurtherSteps, "ConfigPolicyManager did not refresh certificate store") self.assertEqual(vr.successCount, 1, "Verification success called {} times instead of 1".format( vr.successCount)) self.assertEqual(vr.failureCount, 0, "ConfigPolicyManager did not verify valid signed data")
class TestConfigPolicyManager(ut.TestCase): def setUp(self): testCertDirectory = 'policy_config/certs' self.testCertFile = os.path.join(testCertDirectory, 'test.cert') # Reuse the policy_config subdirectory for the temporary SQLite file. self.databaseFilePath = "policy_config/test-public-info.db" try: os.remove(self.databaseFilePath) except OSError: # no such file pass self.identityStorage = BasicIdentityStorage(self.databaseFilePath) self.privateKeyStorage = MemoryPrivateKeyStorage() self.identityManager = IdentityManager(self.identityStorage, self.privateKeyStorage) self.policyManager = ConfigPolicyManager('policy_config/simple_rules.conf') self.identityName = Name('/TestConfigPolicyManager/temp') # to match the anchor cert keyName = Name(self.identityName).append('ksk-1416010123') self.privateKeyStorage.setKeyPairForKeyName( keyName, KeyType.RSA, TEST_RSA_PUBLIC_KEY_DER, TEST_RSA_PRIVATE_KEY_DER) self.identityStorage.addKey( keyName, KeyType.RSA, Blob(TEST_RSA_PUBLIC_KEY_DER)) cert = self.identityManager.selfSign(keyName) self.identityStorage.setDefaultKeyNameForIdentity(keyName) self.identityManager.addCertificateAsDefault(cert) self.keyChain = KeyChain(self.identityManager, self.policyManager) self.keyName = keyName self.face = Face() def tearDown(self): try: os.remove(self.databaseFilePath) except OSError: pass self.privateKeyStorage.deleteKeyPair(self.keyName) self.face.shutdown() try: os.remove(self.testCertFile) except OSError: pass def test_no_verify(self): policyManager = NoVerifyPolicyManager() identityName = Name('TestValidator/Null').appendVersion(int(time.time())) keyChain = KeyChain(self.identityManager, policyManager) keyChain.createIdentityAndCertificate(identityName) data = Data(Name(identityName).append('data')) keyChain.signByIdentity(data, identityName) vr = doVerify(policyManager, data) self.assertFalse(vr.hasFurtherSteps, "NoVerifyPolicyManager returned a ValidationRequest") self.assertEqual(vr.failureCount, 0, "Verification failed with NoVerifyPolicyManager") self.assertEqual(vr.successCount, 1, "Verification success called {} times instead of 1".format( vr.successCount)) def test_self_verification(self): policyManager = SelfVerifyPolicyManager(self.identityStorage) keyChain = KeyChain(self.identityManager, policyManager) identityName = Name('TestValidator/RsaSignatureVerification') keyChain.createIdentityAndCertificate(identityName) data = Data(Name('/TestData/1')) keyChain.signByIdentity(data, identityName) vr = doVerify(policyManager, data) self.assertFalse(vr.hasFurtherSteps, "SelfVerifyPolicyManager returned a ValidationRequest") self.assertEqual(vr.failureCount, 0, "Verification of identity-signed data failed") self.assertEqual(vr.successCount, 1, "Verification success called {} times instead of 1".format( vr.successCount)) data2 = Data(Name('/TestData/2')) vr = doVerify(policyManager, data2) self.assertFalse(vr.hasFurtherSteps, "SelfVerifyPolicyManager returned a ValidationRequest") self.assertEqual(vr.successCount, 0, "Verification of unsigned data succeeded") self.assertEqual(vr.failureCount, 1, "Verification failure callback called {} times instead of 1".format( vr.failureCount)) def test_interest_timestamp(self): interestName = Name('/ndn/ucla/edu/something') certName = self.identityManager.getDefaultCertificateNameForIdentity( self.identityName) self.face.setCommandSigningInfo(self.keyChain, certName) oldInterest = Interest(interestName) self.face.makeCommandInterest(oldInterest) time.sleep(0.1) # make sure timestamps are different newInterest = Interest(interestName) self.face.makeCommandInterest(newInterest) vr = doVerify(self.policyManager, newInterest) self.assertFalse(vr.hasFurtherSteps, "ConfigPolicyManager returned ValidationRequest but certificate is known") self.assertEqual(vr.failureCount, 0, "Verification of valid interest failed") self.assertEqual(vr.successCount, 1, "Verification success called {} times instead of 1".format( vr.successCount)) vr = doVerify(self.policyManager, oldInterest) self.assertFalse(vr.hasFurtherSteps, "ConfigPolicyManager returned ValidationRequest but certificate is known") self.assertEqual(vr.successCount, 0, "Verification of stale interest succeeded") self.assertEqual(vr.failureCount, 1, "Failure callback called {} times instead of 1".format( vr.failureCount)) def _removeFile(self, filename): try: os.remove(filename) except OSError: # no such file pass def test_refresh_10s(self): with open('policy_config/testData', 'r') as dataFile: encodedData = dataFile.read() data = Data() dataBlob = Blob(b64decode(encodedData)) data.wireDecode(dataBlob) # needed, since the KeyChain will express interests in unknown # certificates vr = doVerify(self.policyManager, data) self.assertTrue(vr.hasFurtherSteps, "ConfigPolicyManager did not create ValidationRequest for unknown certificate") self.assertEqual(vr.successCount, 0, "ConfigPolicyManager called success callback with pending ValidationRequest") self.assertEqual(vr.failureCount, 0, "ConfigPolicyManager called failure callback with pending ValidationRequest") # now save the cert data to our anchor directory, and wait # we have to sign it with the current identity or the # policy manager will create an interest for the signing certificate with open(self.testCertFile, 'w') as certFile: cert = IdentityCertificate() certData = b64decode(CERT_DUMP) cert.wireDecode(Blob(certData, False)) self.keyChain.signByIdentity(cert, self.identityName) encodedCert = b64encode(cert.wireEncode().toBuffer()) certFile.write(Blob(encodedCert, False).toRawStr()) # still too early for refresh to pick it up vr = doVerify(self.policyManager, data) self.assertTrue(vr.hasFurtherSteps, "ConfigPolicyManager refresh occured sooner than specified") self.assertEqual(vr.successCount, 0, "ConfigPolicyManager called success callback with pending ValidationRequest") self.assertEqual(vr.failureCount, 0, "ConfigPolicyManager called failure callback with pending ValidationRequest") time.sleep(6) # now we should find it vr = doVerify(self.policyManager, data) self.assertFalse(vr.hasFurtherSteps, "ConfigPolicyManager did not refresh certificate store") self.assertEqual(vr.successCount, 1, "Verification success called {} times instead of 1".format( vr.successCount)) self.assertEqual(vr.failureCount, 0, "ConfigPolicyManager did not verify valid signed data")
class TestSqlIdentityStorage(ut.TestCase): def setUp(self): # Reuse the policy_config subdirectory for the temporary SQLite file. self.databaseFilePath = "policy_config/test-public-info.db" try: os.remove(self.databaseFilePath) except OSError: # no such file pass self.identityStorage = BasicIdentityStorage(self.databaseFilePath) self.identityManager = IdentityManager(self.identityStorage, FilePrivateKeyStorage()) self.policyManager = SelfVerifyPolicyManager(self.identityStorage) self.keyChain = KeyChain(self.identityManager, self.policyManager) def tearDown(self): try: os.remove(self.databaseFilePath) except OSError: pass def test_identity_create_delete(self): identityName = Name('/TestIdentityStorage/Identity').appendVersion( int(time.time())) certificateName = self.keyChain.createIdentityAndCertificate(identityName) keyName = IdentityCertificate.certificateNameToPublicKeyName(certificateName) self.assertTrue(self.identityStorage.doesIdentityExist(identityName), "Identity was not added to IdentityStorage") self.assertIsNotNone(keyName, "New identity has no key") self.assertTrue(self.identityStorage.doesKeyExist(keyName), "Key was not added to IdentityStorage") self.assertIsNotNone(certificateName, "Certificate was not added to IdentityStorage") self.keyChain.deleteIdentity(identityName) self.assertFalse(self.identityStorage.doesIdentityExist(identityName), "Identity still in IdentityStorage after identity was deleted") self.assertFalse(self.identityStorage.doesKeyExist(keyName), "Key still in IdentityStorage after identity was deleted") self.assertFalse(self.identityStorage.doesCertificateExist(certificateName), "Certificate still in IdentityStorage after identity was deleted") with self.assertRaises(SecurityException): self.identityManager.getDefaultCertificateNameForIdentity(identityName) def test_key_create_delete(self): identityName = Name('/TestIdentityStorage/Identity').appendVersion( int(time.time())) keyName1 = self.keyChain.generateRSAKeyPair(identityName, True) self.keyChain.getIdentityManager().setDefaultKeyForIdentity(keyName1) keyName2 = self.keyChain.generateRSAKeyPair(identityName, False) self.assertEqual(self.identityManager.getDefaultKeyNameForIdentity(identityName), keyName1, "Default key name was changed without explicit request") self.assertNotEqual(self.identityManager.getDefaultKeyNameForIdentity(identityName), keyName2, "Newly created key replaced default key without explicit request") self.identityStorage.deletePublicKeyInfo(keyName2) self.assertFalse(self.identityStorage.doesKeyExist(keyName2)) self.keyChain.deleteIdentity(identityName) def test_key_autocreate_identity(self): keyName1 = Name('/TestSqlIdentityStorage/KeyType/RSA/ksk-12345') identityName = keyName1[:-1] decodedKey = base64.b64decode(RSA_DER) self.identityStorage.addKey(keyName1, KeyType.RSA, Blob(decodedKey)) self.identityStorage.setDefaultKeyNameForIdentity(keyName1) self.assertTrue(self.identityStorage.doesKeyExist(keyName1), "Key was not added") self.assertTrue(self.identityStorage.doesIdentityExist(identityName), "Identity for key was not automatically created") self.assertEqual(self.identityManager.getDefaultKeyNameForIdentity(identityName), keyName1, "Default key was not set on identity creation") with self.assertRaises(SecurityException): self.identityStorage.getDefaultCertificateNameForKey(keyName1) with self.assertRaises(SecurityException): # we have no private key for signing self.identityManager.selfSign(keyName1) with self.assertRaises(SecurityException): self.identityStorage.getDefaultCertificateNameForKey(keyName1) with self.assertRaises(SecurityException): self.identityManager.getDefaultCertificateNameForIdentity(identityName) keyName2 = self.identityManager.generateRSAKeyPairAsDefault(identityName) cert = self.identityManager.selfSign(keyName2) self.identityManager.addCertificateAsIdentityDefault(cert) certName1 = self.identityManager.getDefaultCertificateNameForIdentity(identityName) certName2 = self.identityStorage.getDefaultCertificateNameForKey(keyName2) self.assertEqual(certName1, certName2, "Key-certificate mapping and identity-certificate mapping are not consistent") self.keyChain.deleteIdentity(identityName) self.assertFalse(self.identityStorage.doesKeyExist(keyName1)) def test_certificate_add_delete(self): identityName = Name('/TestIdentityStorage/Identity').appendVersion( int(time.time())) self.identityManager.createIdentityAndCertificate( identityName, KeyChain.DEFAULT_KEY_PARAMS) keyName1 = self.identityManager.getDefaultKeyNameForIdentity(identityName) cert2 = self.identityManager.selfSign(keyName1) self.identityStorage.addCertificate(cert2) certName2 = cert2.getName() certName1 = self.identityManager.getDefaultCertificateNameForIdentity(identityName) self.assertNotEqual(certName1, certName2, "New certificate was set as default without explicit request") self.identityStorage.deleteCertificateInfo(certName1) self.assertTrue(self.identityStorage.doesCertificateExist(certName2)) self.assertFalse(self.identityStorage.doesCertificateExist(certName1)) self.keyChain.deleteIdentity(identityName) self.assertFalse(self.identityStorage.doesCertificateExist(certName2)) def test_stress(self): # ndn-cxx/tests/unit-tests/security/test-sec-public-info-sqlite3.cpp identityName = Name("/TestSecPublicInfoSqlite3/Delete").appendVersion( int(time.time())) # ndn-cxx returns the cert name, but the IndentityManager docstring # specifies a key certName1 = self.keyChain.createIdentityAndCertificate(identityName) keyName1 = IdentityCertificate.certificateNameToPublicKeyName(certName1) keyName2 = self.keyChain.generateRSAKeyPairAsDefault(identityName) cert2 = self.identityManager.selfSign(keyName2) certName2 = cert2.getName() self.identityManager.addCertificateAsDefault(cert2) keyName3 = self.keyChain.generateRSAKeyPairAsDefault(identityName) cert3 = self.identityManager.selfSign(keyName3) certName3 = cert3.getName() self.identityManager.addCertificateAsDefault(cert3) cert4 = self.identityManager.selfSign(keyName3) self.identityManager.addCertificateAsDefault(cert4) certName4 = cert4.getName() cert5 = self.identityManager.selfSign(keyName3) self.identityManager.addCertificateAsDefault(cert5) certName5 = cert5.getName() self.assertTrue(self.identityStorage.doesIdentityExist(identityName)) self.assertTrue(self.identityStorage.doesKeyExist(keyName1)) self.assertTrue(self.identityStorage.doesKeyExist(keyName2)) self.assertTrue(self.identityStorage.doesKeyExist(keyName3)) self.assertTrue(self.identityStorage.doesCertificateExist(certName1)) self.assertTrue(self.identityStorage.doesCertificateExist(certName2)) self.assertTrue(self.identityStorage.doesCertificateExist(certName3)) self.assertTrue(self.identityStorage.doesCertificateExist(certName4)) self.assertTrue(self.identityStorage.doesCertificateExist(certName5)) self.identityStorage.deleteCertificateInfo(certName5) self.assertFalse(self.identityStorage.doesCertificateExist(certName5)) self.assertTrue(self.identityStorage.doesCertificateExist(certName4)) self.assertTrue(self.identityStorage.doesCertificateExist(certName3)) self.assertTrue(self.identityStorage.doesKeyExist(keyName2)) self.identityStorage.deletePublicKeyInfo(keyName3) self.assertFalse(self.identityStorage.doesCertificateExist(certName4)) self.assertFalse(self.identityStorage.doesCertificateExist(certName3)) self.assertFalse(self.identityStorage.doesKeyExist(keyName3)) self.assertTrue(self.identityStorage.doesKeyExist(keyName2)) self.assertTrue(self.identityStorage.doesKeyExist(keyName1)) self.assertTrue(self.identityStorage.doesIdentityExist(identityName)) self.keyChain.deleteIdentity(identityName) self.assertFalse(self.identityStorage.doesCertificateExist(certName2)) self.assertFalse(self.identityStorage.doesKeyExist(keyName2)) self.assertFalse(self.identityStorage.doesCertificateExist(certName1)) self.assertFalse(self.identityStorage.doesKeyExist(keyName1)) self.assertFalse(self.identityStorage.doesIdentityExist(identityName))