def benchmarkDecodeDataSeconds(nIterations, useCrypto, encoding): """ Loop to decode a data packet nIterations times. :param int nIterations: The number of iterations. :param bool useCrypto: If true, verify the signature. If false, don't verify. :param Blob encoding: The wire encoding to decode. """ # Initialize the private key storage in case useCrypto is true. identityStorage = MemoryIdentityStorage() privateKeyStorage = MemoryPrivateKeyStorage() keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage), SelfVerifyPolicyManager(identityStorage)) keyName = Name("/testname/DSK-123") certificateName = keyName.getSubName( 0, keyName.size() - 1).append("KEY").append( keyName[-1]).append("ID-CERT").append("0") identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER)) start = getNowSeconds() for i in range(nIterations): data = Data() data.wireDecode(encoding) if useCrypto: keyChain.verifyData(data, onVerified, onVerifyFailed) finish = getNowSeconds() return finish - start
def benchmarkDecodeDataSeconds(nIterations, useCrypto, keyType, encoding): """ Loop to decode a data packet nIterations times. :param int nIterations: The number of iterations. :param bool useCrypto: If true, verify the signature. If false, don't verify. :param KeyType keyType: KeyType.RSA or EC, used if useCrypto is True. :param Blob encoding: The wire encoding to decode. :return: The number of seconds for all iterations. :rtype: float """ # Initialize the KeyChain in case useCrypto is true. keyChain = KeyChain("pib-memory:", "tpm-memory:") # This puts the public key in the pibImpl used by the SelfVerifyPolicyManager. keyChain.importSafeBag(SafeBag (Name("/testname/KEY/123"), Blob(DEFAULT_EC_PRIVATE_KEY_DER if keyType == KeyType.EC else DEFAULT_RSA_PRIVATE_KEY_DER, False), Blob(DEFAULT_EC_PUBLIC_KEY_DER if keyType == KeyType.EC else DEFAULT_RSA_PUBLIC_KEY_DER, False))) validator = Validator(ValidationPolicyFromPib(keyChain.getPib())) start = getNowSeconds() for i in range(nIterations): data = Data() data.wireDecode(encoding) if useCrypto: validator.validate(data,onVerifySuccess, onVerifyFailed) finish = getNowSeconds() return finish - start
def test_constructor(self): certificate = CertificateV2() certificate.wireDecode(Blob(CERT, False)) self.assertEqual( Name("/ndn/site1/KEY/ksk-1416425377094/0123/%FD%00%00%01I%C9%8B"), certificate.getName()) self.assertEqual(Name("/ndn/site1/KEY/ksk-1416425377094"), certificate.getKeyName()) self.assertEqual(Name("/ndn/site1"), certificate.getIdentity()) self.assertEqual(Name.Component("0123"), certificate.getIssuerId()) self.assertEqual(Name.Component("ksk-1416425377094"), certificate.getKeyId()) self.assertEqual(Name("/ndn/site1/KEY/ksk-2516425377094"), KeyLocator.getFromSignature(certificate.getSignature()).getKeyName()) self.assertEqual(fromIsoString("20150814T223739"), certificate.getValidityPeriod().getNotBefore(), 0) self.assertEqual(fromIsoString("20150818T223738"), certificate.getValidityPeriod().getNotAfter(), 0) try: certificate.getPublicKey() except: self.fail("Error in getPublicKey"); data = Data() data.wireDecode(Blob(CERT, False)) certificate2 = CertificateV2(data) self.assertEqual(certificate.getName(), certificate2.getName()) self.assertTrue(certificate.getPublicKey().equals(certificate2.getPublicKey()))
def benchmarkDecodeDataSeconds(nIterations, useCrypto, encoding): """ Loop to decode a data packet nIterations times. :param int nIterations: The number of iterations. :param bool useCrypto: If true, verify the signature. If false, don't verify. :param Blob encoding: The wire encoding to decode. """ # Initialize the private key storage in case useCrypto is true. identityStorage = MemoryIdentityStorage() privateKeyStorage = MemoryPrivateKeyStorage() keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage), SelfVerifyPolicyManager(identityStorage)) keyName = Name("/testname/DSK-123") certificateName = keyName.getSubName(0, keyName.size() - 1).append( "KEY").append(keyName[-1]).append("ID-CERT").append("0") identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER)) start = getNowSeconds() for i in range(nIterations): data = Data() data.wireDecode(encoding) if useCrypto: keyChain.verifyData(data, onVerified, onVerifyFailed) finish = getNowSeconds() return finish - start
def main(): data = Data() data.wireDecode(TlvData) # Use a hard-wired secret for testing. In a real application the signer # ensures that the verifier knows the shared key and its keyName. key = Blob(bytearray([ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31 ])) if KeyChain.verifyDataWithHmacWithSha256(data, key): dump("Hard-coded data signature verification: VERIFIED") else: dump("Hard-coded data signature verification: FAILED") freshData = Data(Name("/ndn/abc")) signature = HmacWithSha256Signature() signature.getKeyLocator().setType(KeyLocatorType.KEYNAME) signature.getKeyLocator().setKeyName(Name("key1")) freshData.setSignature(signature) freshData.setContent("SUCCESS!") dump("Signing fresh data packet", freshData.getName().toUri()) KeyChain.signWithHmacWithSha256(freshData, key) if KeyChain.verifyDataWithHmacWithSha256(freshData, key): dump("Freshly-signed data signature verification: VERIFIED") else: dump("Freshly-signed data signature verification: FAILED")
def benchmarkDecodeDataSeconds(nIterations, useCrypto, keyType, encoding): """ Loop to decode a data packet nIterations times. :param int nIterations: The number of iterations. :param bool useCrypto: If true, verify the signature. If false, don't verify. :param KeyType keyType: KeyType.RSA or EC, used if useCrypto is True. :param Blob encoding: The wire encoding to decode. :return: The number of seconds for all iterations. :rtype: float """ # Initialize the private key storage in case useCrypto is true. identityStorage = MemoryIdentityStorage() privateKeyStorage = MemoryPrivateKeyStorage() keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage), SelfVerifyPolicyManager(identityStorage)) keyName = Name("/testname/DSK-123") identityStorage.addKey( keyName, keyType, Blob( DEFAULT_EC_PUBLIC_KEY_DER if keyType == KeyType.ECDSA else DEFAULT_RSA_PUBLIC_KEY_DER)) start = getNowSeconds() for i in range(nIterations): data = Data() data.wireDecode(encoding) if useCrypto: keyChain.verifyData(data, onVerified, onValidationFailed) finish = getNowSeconds() return finish - start
def test_full_name(self): data = Data() data.wireDecode(codedData) # Check the full name format. self.assertEqual(data.getFullName().size(), data.getName().size() + 1) self.assertEqual(data.getName(), data.getFullName().getPrefix(-1)) self.assertEqual(data.getFullName().get(-1).getValue().size(), 32) # Check the independent digest calculation. sha256 = hashes.Hash(hashes.SHA256(), backend=default_backend()) sha256.update(Blob(codedData).toBytes()) newDigest = Blob(bytearray(sha256.finalize()), False) self.assertTrue(newDigest.equals( data.getFullName().get(-1).getValue())) # Check the expected URI. self.assertEqual( data.getFullName().toUri(), "/ndn/abc/sha256digest=" + "96556d685dcb1af04be4ae57f0e7223457d4055ea9b3d07c0d337bef4a8b3ee9") # Changing the Data packet should change the full name. saveFullName = Name(data.getFullName()) data.setContent(Blob()) self.assertNotEqual(data.getFullName().get(-1), saveFullName.get(-1))
def main(): data = Data() data.wireDecode(TlvData) # Use a hard-wired secret for testing. In a real application the signer # ensures that the verifier knows the shared key and its keyName. key = Blob( bytearray([ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31 ])) if KeyChain.verifyDataWithHmacWithSha256(data, key): dump("Hard-coded data signature verification: VERIFIED") else: dump("Hard-coded data signature verification: FAILED") freshData = Data(Name("/ndn/abc")) signature = HmacWithSha256Signature() signature.getKeyLocator().setType(KeyLocatorType.KEYNAME) signature.getKeyLocator().setKeyName(Name("key1")) freshData.setSignature(signature) freshData.setContent("SUCCESS!") dump("Signing fresh data packet", freshData.getName().toUri()) KeyChain.signWithHmacWithSha256(freshData, key) if KeyChain.verifyDataWithHmacWithSha256(freshData, key): dump("Freshly-signed data signature verification: VERIFIED") else: dump("Freshly-signed data signature verification: FAILED")
def __init__(self, identityName): super(DecryptorFixture, self).__init__() # Include the code here from the NAC unit-tests class # DecryptorStaticDataEnvironment instead of making it a base class. self._storage = InMemoryStorageRetaining() for array in EncryptStaticData.managerPackets: data = Data() data.wireDecode(array) self._storage.insert(data) for array in EncryptStaticData.encryptorPackets: data = Data() data.wireDecode(array) self._storage.insert(data) # Import the "/first/user" identity. self._keyChain.importSafeBag(SafeBag(EncryptStaticData.userIdentity), Blob("password").buf()) self.addIdentity(Name("/not/authorized")) self._face = InMemoryStorageFace(self._storage) self._validator = ValidatorNull() self._decryptor = DecryptorV2( self._keyChain.getPib().getIdentity(identityName).getDefaultKey(), self._validator, self._keyChain, self._face)
def __init__(self, identityName): super(DecryptorFixture, self).__init__() # Include the code here from the NAC unit-tests class # DecryptorStaticDataEnvironment instead of making it a base class. self._storage = InMemoryStorageRetaining() for array in EncryptStaticData.managerPackets: data = Data() data.wireDecode(array) self._storage.insert(data) for array in EncryptStaticData.encryptorPackets: data = Data() data.wireDecode(array) self._storage.insert(data) # Import the "/first/user" identity. self._keyChain.importSafeBag( SafeBag(EncryptStaticData.userIdentity), Blob("password").buf()) self.addIdentity(Name("/not/authorized")) self._face = InMemoryStorageFace(self._storage) self._validator = ValidatorNull() self._decryptor = DecryptorV2( self._keyChain.getPib().getIdentity(identityName).getDefaultKey(), self._validator, self._keyChain, self._face)
def test_refresh_10s(self): with open('policy_config/testData', 'r') as dataFile: encodedData = dataFile.read() data = Data() dataBlob = Blob(b64decode(encodedData)) data.wireDecode(dataBlob) # This test is needed, since the KeyChain will express interests in # unknown certificates. vr = doVerify(self.policyManager, data) self.assertTrue(vr.hasFurtherSteps, "ConfigPolicyManager did not create ValidationRequest for unknown certificate") self.assertEqual(vr.successCount, 0, "ConfigPolicyManager called success callback with pending ValidationRequest") self.assertEqual(vr.failureCount, 0, "ConfigPolicyManager called failure callback with pending ValidationRequest") # Now save the cert data to our anchor directory, and wait. # We have to sign it with the current identity or the policy manager # will create an interest for the signing certificate. cert = CertificateV2() certData = b64decode(CERT_DUMP) cert.wireDecode(Blob(certData, False)) signingInfo = SigningInfo() signingInfo.setSigningIdentity(self.identityName) # Make sure the validity period is current for two years. now = Common.getNowMilliseconds() signingInfo.setValidityPeriod(ValidityPeriod (now, now + 2 * 365 * 24 * 3600 * 1000.0)) self.keyChain.sign(cert, signingInfo) encodedCert = b64encode(cert.wireEncode().toBytes()) with open(self.testCertFile, 'w') as certFile: certFile.write(Blob(encodedCert, False).toRawStr()) # Still too early for refresh to pick it up. vr = doVerify(self.policyManager, data) self.assertTrue(vr.hasFurtherSteps, "ConfigPolicyManager refresh occured sooner than specified") self.assertEqual(vr.successCount, 0, "ConfigPolicyManager called success callback with pending ValidationRequest") self.assertEqual(vr.failureCount, 0, "ConfigPolicyManager called failure callback with pending ValidationRequest") time.sleep(6) # Now we should find it. vr = doVerify(self.policyManager, data) self.assertFalse(vr.hasFurtherSteps, "ConfigPolicyManager did not refresh certificate store") self.assertEqual(vr.successCount, 1, "Verification success called {} times instead of 1".format( vr.successCount)) self.assertEqual(vr.failureCount, 0, "ConfigPolicyManager did not verify valid signed data")
def test_encode_decode(self): data = Data() data.wireDecode(codedData) data.setContent(data.getContent()) encoding = data.wireEncode() reDecodedData = Data() reDecodedData.wireDecode(encoding) self.assertEqual(dumpData(reDecodedData), initialDump, 'Re-decoded data does not match original dump')
def test_encode_decode(self): data = Data() data.wireDecode(codedData2) data.setContent(data.getContent()) encoding = data.wireEncode() reDecodedData = Data() reDecodedData.wireDecode(encoding) self.assertEqual(dumpData(reDecodedData), initialDump2, 'Re-decoded data does not match original dump')
def on_interest(self, _prefix, interest: Interest, face, _filter_id, _filter): name = interest.getName() if not self.storage.exists(str(name)): return raw_data = self.storage.get(str(name)) data = Data() data.wireDecode(Blob(pickle.loads(raw_data))) self.face.putData(data) logging.info('Read handle: serve data {}'.format(interest.getName()))
def test_generic_signature(self): # Test correct encoding. signature = GenericSignature() signature.setSignatureInfoEncoding( Blob(experimentalSignatureInfo, False), None) signatureValue = Blob([1, 2, 3, 4], False) signature.setSignature(signatureValue) self.freshData.setSignature(signature) encoding = self.freshData.wireEncode() decodedData = Data() decodedData.wireDecode(encoding) decodedSignature = decodedData.getSignature() self.assertEqual(decodedSignature.getTypeCode(), experimentalSignatureType) self.assertTrue( Blob(experimentalSignatureInfo, False).equals(decodedSignature.getSignatureInfoEncoding())) self.assertTrue(signatureValue.equals(decodedSignature.getSignature())) # Test bad encoding. signature = GenericSignature() signature.setSignatureInfoEncoding( Blob(experimentalSignatureInfoNoSignatureType, False), None) signature.setSignature(signatureValue) self.freshData.setSignature(signature) gotError = True try: self.freshData.wireEncode() gotError = False except: pass if not gotError: self.fail( "Expected encoding error for experimentalSignatureInfoNoSignatureType" ) signature = GenericSignature() signature.setSignatureInfoEncoding( Blob(experimentalSignatureInfoBadTlv, False), None) signature.setSignature(signatureValue) self.freshData.setSignature(signature) gotError = True try: self.freshData.wireEncode() gotError = False except: pass if not gotError: self.fail( "Expected encoding error for experimentalSignatureInfoBadTlv")
def test_refresh_10s(self): with open('policy_config/testData', 'r') as dataFile: encodedData = dataFile.read() data = Data() dataBlob = Blob(b64decode(encodedData)) data.wireDecode(dataBlob) # needed, since the KeyChain will express interests in unknown # certificates vr = doVerify(self.policyManager, data) self.assertTrue(vr.hasFurtherSteps, "ConfigPolicyManager did not create ValidationRequest for unknown certificate") self.assertEqual(vr.successCount, 0, "ConfigPolicyManager called success callback with pending ValidationRequest") self.assertEqual(vr.failureCount, 0, "ConfigPolicyManager called failure callback with pending ValidationRequest") # now save the cert data to our anchor directory, and wait # we have to sign it with the current identity or the # policy manager will create an interest for the signing certificate with open(self.testCertFile, 'w') as certFile: cert = IdentityCertificate() certData = b64decode(CERT_DUMP) cert.wireDecode(Blob(certData, False)) self.keyChain.signByIdentity(cert, self.identityName) encodedCert = b64encode(cert.wireEncode().toBuffer()) certFile.write(Blob(encodedCert, False).toRawStr()) # still too early for refresh to pick it up vr = doVerify(self.policyManager, data) self.assertTrue(vr.hasFurtherSteps, "ConfigPolicyManager refresh occured sooner than specified") self.assertEqual(vr.successCount, 0, "ConfigPolicyManager called success callback with pending ValidationRequest") self.assertEqual(vr.failureCount, 0, "ConfigPolicyManager called failure callback with pending ValidationRequest") time.sleep(6) # now we should find it vr = doVerify(self.policyManager, data) self.assertFalse(vr.hasFurtherSteps, "ConfigPolicyManager did not refresh certificate store") self.assertEqual(vr.successCount, 1, "Verification success called {} times instead of 1".format( vr.successCount)) self.assertEqual(vr.failureCount, 0, "ConfigPolicyManager did not verify valid signed data")
def test_get_group_key_without_regeneration(self): # Create the group manager. manager = GroupManager( Name("Alice"), Name("data_type"), Sqlite3GroupManagerDb(self.groupKeyDatabaseFilePath), 1024, 1, self.keyChain) self.setManager(manager) # Get the data list from the group manager. timePoint1 = Schedule.fromIsoString("20150825T093000") result = manager.getGroupKey(timePoint1) self.assertEqual(4, len(result)) # The first data packet contains the group's encryption key (public key). data1 = result[0] self.assertEqual( "/Alice/READ/data_type/E-KEY/20150825T090000/20150825T100000", data1.getName().toUri()) groupEKey1 = EncryptKey(data1.getContent()) # Get the second data packet and decrypt. data = result[1] self.assertEqual( "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberA/ksk-123", data.getName().toUri()) # Add new members to the database. dataBlob = self.certificate.wireEncode() memberD = Data() memberD.wireDecode(dataBlob) memberD.setName(Name("/ndn/memberD/KEY/ksk-123/ID-CERT/123")) manager.addMember("schedule1", memberD) result2 = manager.getGroupKey(timePoint1, False) self.assertEqual(5, len(result2)) # Check that the new EKey is the same as the previous one. data2 = result2[0] self.assertEqual( "/Alice/READ/data_type/E-KEY/20150825T090000/20150825T100000", data2.getName().toUri()) groupEKey2 = EncryptKey(data2.getContent()) self.assertTrue(groupEKey1.getKeyBits().equals( groupEKey2.getKeyBits())) # Check the second data packet. data2 = result2[1] self.assertEqual( "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberA/ksk-123", data2.getName().toUri())
def test_refresh_10s(self): with open('policy_config/testData', 'r') as dataFile: encodedData = dataFile.read() data = Data() dataBlob = Blob(b64decode(encodedData)) data.wireDecode(dataBlob) # needed, since the KeyChain will express interests in unknown # certificates vr = doVerify(self.policyManager, data) self.assertTrue(vr.hasFurtherSteps, "ConfigPolicyManager did not create ValidationRequest for unknown certificate") self.assertEqual(vr.successCount, 0, "ConfigPolicyManager called success callback with pending ValidationRequest") self.assertEqual(vr.failureCount, 0, "ConfigPolicyManager called failure callback with pending ValidationRequest") # now save the cert data to our anchor directory, and wait # we have to sign it with the current identity or the # policy manager will create an interest for the signing certificate with open(self.testCertFile, 'w') as certFile: cert = IdentityCertificate() certData = b64decode(CERT_DUMP) cert.wireDecode(Blob(certData, False)) self.keyChain.signByIdentity(cert, self.identityName) encodedCert = b64encode(cert.wireEncode().toBytes()) certFile.write(Blob(encodedCert, False).toRawStr()) # still too early for refresh to pick it up vr = doVerify(self.policyManager, data) self.assertTrue(vr.hasFurtherSteps, "ConfigPolicyManager refresh occured sooner than specified") self.assertEqual(vr.successCount, 0, "ConfigPolicyManager called success callback with pending ValidationRequest") self.assertEqual(vr.failureCount, 0, "ConfigPolicyManager called failure callback with pending ValidationRequest") time.sleep(6) # now we should find it vr = doVerify(self.policyManager, data) self.assertFalse(vr.hasFurtherSteps, "ConfigPolicyManager did not refresh certificate store") self.assertEqual(vr.successCount, 1, "Verification success called {} times instead of 1".format( vr.successCount)) self.assertEqual(vr.failureCount, 0, "ConfigPolicyManager did not verify valid signed data")
def test_congestion_mark(self): # Imitate onReceivedElement. lpPacket = LpPacket() # Set copy False so that the fragment is a slice which will be # copied below. The header fields are all integers and don't need to # be copied. TlvWireFormat.get().decodeLpPacket(lpPacket, CONGESTION_MARK_PACKET.buf(), False) element = lpPacket.getFragmentWireEncoding().buf() data = Data() data.wireDecode(element, TlvWireFormat.get()) data.setLpPacket(lpPacket) self.assertEqual(1, data.getCongestionMark())
def test_get_group_key_without_regeneration(self): # Create the group manager. manager = GroupManager( Name("Alice"), Name("data_type"), Sqlite3GroupManagerDb(self.groupKeyDatabaseFilePath), 1024, 1, self.keyChain) self.setManager(manager) # Get the data list from the group manager. timePoint1 = Schedule.fromIsoString("20150825T093000") result = manager.getGroupKey(timePoint1) self.assertEqual(4, len(result)) # The first data packet contains the group's encryption key (public key). data1 = result[0] self.assertEqual( "/Alice/READ/data_type/E-KEY/20150825T090000/20150825T100000", data1.getName().toUri()) groupEKey1 = EncryptKey(data1.getContent()) # Get the second data packet and decrypt. data = result[1] self.assertEqual( "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberA/ksk-123", data.getName().toUri()) # Add new members to the database. dataBlob = self.certificate.wireEncode() memberD = Data() memberD.wireDecode(dataBlob) memberD.setName(Name("/ndn/memberD/KEY/ksk-123/ID-CERT/123")) manager.addMember("schedule1", memberD) result2 = manager.getGroupKey(timePoint1, False) self.assertEqual(5, len(result2)) # Check that the new EKey is the same as the previous one. data2 = result2[0] self.assertEqual( "/Alice/READ/data_type/E-KEY/20150825T090000/20150825T100000", data2.getName().toUri()) groupEKey2 = EncryptKey(data2.getContent()) self.assertTrue(groupEKey1.getKeyBits().equals(groupEKey2.getKeyBits())); # Check the second data packet. data2 = result2[1] self.assertEqual( "/Alice/READ/data_type/D-KEY/20150825T090000/20150825T100000/FOR/ndn/memberA/ksk-123", data2.getName().toUri())
def test_generic_signature(self): # Test correct encoding. signature = GenericSignature() signature.setSignatureInfoEncoding( Blob(experimentalSignatureInfo, False), None) signatureValue = Blob([1, 2, 3, 4], False) signature.setSignature(signatureValue) self.freshData.setSignature(signature) encoding = self.freshData.wireEncode() decodedData = Data() decodedData.wireDecode(encoding) decodedSignature = decodedData.getSignature() self.assertEqual(decodedSignature.getTypeCode(), experimentalSignatureType) self.assertTrue(Blob(experimentalSignatureInfo, False).equals (decodedSignature.getSignatureInfoEncoding())) self.assertTrue(signatureValue.equals(decodedSignature.getSignature())) # Test bad encoding. signature = GenericSignature() signature.setSignatureInfoEncoding( Blob(experimentalSignatureInfoNoSignatureType, False), None) signature.setSignature(signatureValue) self.freshData.setSignature(signature) gotError = True try: self.freshData.wireEncode() gotError = False except: pass if not gotError: self.fail("Expected encoding error for experimentalSignatureInfoNoSignatureType") signature = GenericSignature() signature.setSignatureInfoEncoding( Blob(experimentalSignatureInfoBadTlv, False), None) signature.setSignature(signatureValue) self.freshData.setSignature(signature) gotError = True try: self.freshData.wireEncode() gotError = False except: pass if not gotError: self.fail("Expected encoding error for experimentalSignatureInfoBadTlv")
def main(): data = Data() data.wireDecode(TlvData) dump("Decoded Data:") dumpData(data) # Set the content again to clear the cached encoding so we encode again. data.setContent(data.getContent()) encoding = data.wireEncode() reDecodedData = Data() reDecodedData.wireDecode(encoding) dump("") dump("Re-decoded Data:") dumpData(reDecodedData) identityStorage = MemoryIdentityStorage() privateKeyStorage = MemoryPrivateKeyStorage() keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage), SelfVerifyPolicyManager(identityStorage)) # Initialize the storage. keyName = Name("/testname/DSK-123") certificateName = keyName.getSubName( 0, keyName.size() - 1).append("KEY").append( keyName[-1]).append("ID-CERT").append("0") identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER)) privateKeyStorage.setKeyPairForKeyName(keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER) keyChain.verifyData(reDecodedData, makeOnVerified("Re-decoded Data"), makeOnVerifyFailed("Re-decoded Data")) freshData = Data(Name("/ndn/abc")) freshData.setContent("SUCCESS!") freshData.getMetaInfo().setFreshnessPeriod(5000) freshData.getMetaInfo().setFinalBlockId(Name("/%00%09")[0]) keyChain.sign(freshData, certificateName) dump("") dump("Freshly-signed Data:") dumpData(freshData) keyChain.verifyData(freshData, makeOnVerified("Freshly-signed Data"), makeOnVerifyFailed("Freshly-signed Data"))
def main(): data = Data() data.wireDecode(TlvData) dump("Decoded Data:") dumpData(data) # Set the content again to clear the cached encoding so we encode again. data.setContent(data.getContent()) encoding = data.wireEncode() reDecodedData = Data() reDecodedData.wireDecode(encoding) dump("") dump("Re-decoded Data:") dumpData(reDecodedData) identityStorage = MemoryIdentityStorage() privateKeyStorage = MemoryPrivateKeyStorage() keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage), SelfVerifyPolicyManager(identityStorage)) # Initialize the storage. keyName = Name("/testname/DSK-123") certificateName = keyName.getSubName(0, keyName.size() - 1).append( "KEY").append(keyName[-1]).append("ID-CERT").append("0") identityStorage.addKey(keyName, KeyType.RSA, Blob(DEFAULT_RSA_PUBLIC_KEY_DER)) privateKeyStorage.setKeyPairForKeyName( keyName, KeyType.RSA, DEFAULT_RSA_PUBLIC_KEY_DER, DEFAULT_RSA_PRIVATE_KEY_DER) keyChain.verifyData(reDecodedData, makeOnVerified("Re-decoded Data"), makeOnVerifyFailed("Re-decoded Data")) freshData = Data(Name("/ndn/abc")) freshData.setContent("SUCCESS!") freshData.getMetaInfo().setFreshnessPeriod(5000) freshData.getMetaInfo().setFinalBlockId(Name("/%00%09")[0]) keyChain.sign(freshData, certificateName) dump("") dump("Freshly-signed Data:") dumpData(freshData) keyChain.verifyData(freshData, makeOnVerified("Freshly-signed Data"), makeOnVerifyFailed("Freshly-signed Data"))
def on_refs_interest(self, _prefix, interest: Interest, face, _filter_id, _filter): name = interest.name print("ON REFS INTEREST", name.toUri()) if name[-1].isTimestamp: timestamp = name[-1].toTimestamp() name = name[:-1] else: timestamp = None branch = name[-1].toEscapedString() if branch not in self.branches: return if timestamp is not None and timestamp != self.branches[branch].timestamp: if timestamp > self.branches[branch].timestamp: self.on_sync_update(branch, timestamp) return data = Data() raw_data = pickle.loads(self.repo_db.get(branch)) data.wireDecode(raw_data.head_data) data.metaInfo.freshnessPeriod = 1000 face.putData(data)
def main(): data = Data() data.wireDecode(TlvData) dump("Decoded Data:") dumpData(data) # Set the content again to clear the cached encoding so we encode again. data.setContent(data.getContent()) encoding = data.wireEncode() reDecodedData = Data() reDecodedData.wireDecode(encoding) dump("") dump("Re-decoded Data:") dumpData(reDecodedData) # Set up the KeyChain. pibImpl = PibMemory() keyChain = KeyChain( pibImpl, TpmBackEndMemory(), SelfVerifyPolicyManager(pibImpl)) # This puts the public key in the pibImpl used by the SelfVerifyPolicyManager. keyChain.importSafeBag(SafeBag (Name("/testname/KEY/123"), Blob(DEFAULT_RSA_PRIVATE_KEY_DER, False), Blob(DEFAULT_RSA_PUBLIC_KEY_DER, False))) keyChain.verifyData(reDecodedData, makeOnVerified("Re-decoded Data"), makeOnValidationFailed("Re-decoded Data")) freshData = Data(Name("/ndn/abc")) freshData.setContent("SUCCESS!") freshData.getMetaInfo().setFreshnessPeriod(5000) freshData.getMetaInfo().setFinalBlockId(Name("/%00%09")[0]) keyChain.sign(freshData) dump("") dump("Freshly-signed Data:") dumpData(freshData) keyChain.verifyData(freshData, makeOnVerified("Freshly-signed Data"), makeOnValidationFailed("Freshly-signed Data"))
def onInterest(self, prefix, interest, face, interestFilterId, filter): #print interest.getName() interestName = interest.getName() if interestName.isPrefixOf( Name( "/org/openmhealth/KEY/ksk-1490231565751/ID-CERT/%FD%00%00%01Z%F8%B9%1Et" )): face.putData( self.keyChain.getCertificate( Name( "/org/openmhealth/KEY/ksk-1490231565751/ID-CERT/%FD%00%00%01Z%F8%B9%1Et" ))) return with app.app_context(): certCursor = current_app.mongo.db.certs.find({}) for record in certCursor: print record['name'] if interestName.isPrefixOf(Name(record['name'])): data = Data() data.wireDecode( ndn.Blob(buffer(base64.b64decode(record['cert'])))) face.putData(data)
def main(): data = Data() data.wireDecode(TlvData) dump("Decoded Data:") dumpData(data) # Set the content again to clear the cached encoding so we encode again. data.setContent(data.getContent()) encoding = data.wireEncode() reDecodedData = Data() reDecodedData.wireDecode(encoding) dump("") dump("Re-decoded Data:") dumpData(reDecodedData) # Set up the KeyChain. keyChain = KeyChain("pib-memory:", "tpm-memory:") keyChain.importSafeBag( SafeBag(Name("/testname/KEY/123"), Blob(DEFAULT_RSA_PRIVATE_KEY_DER, False), Blob(DEFAULT_RSA_PUBLIC_KEY_DER, False))) validator = Validator(ValidationPolicyFromPib(keyChain.getPib())) validator.validate(reDecodedData, makeSuccessCallback("Re-decoded Data"), makeFailureCallback("Re-decoded Data")) freshData = Data(Name("/ndn/abc")) freshData.setContent("SUCCESS!") freshData.getMetaInfo().setFreshnessPeriod(5000) freshData.getMetaInfo().setFinalBlockId(Name("/%00%09")[0]) keyChain.sign(freshData) dump("") dump("Freshly-signed Data:") dumpData(freshData) validator.validate(freshData, makeSuccessCallback("Freshly-signed Data"), makeFailureCallback("Freshly-signed Data"))
def benchmarkDecodeDataSeconds(nIterations, useCrypto, keyType, encoding): """ Loop to decode a data packet nIterations times. :param int nIterations: The number of iterations. :param bool useCrypto: If true, verify the signature. If false, don't verify. :param KeyType keyType: KeyType.RSA or EC, used if useCrypto is True. :param Blob encoding: The wire encoding to decode. :return: The number of seconds for all iterations. :rtype: float """ # Initialize the private key storage in case useCrypto is true. pibImpl = PibMemory() keyChain = KeyChain(pibImpl, TpmBackEndMemory(), SelfVerifyPolicyManager(pibImpl)) # This puts the public key in the pibImpl used by the SelfVerifyPolicyManager. keyChain.importSafeBag( SafeBag( Name("/testname/KEY/123"), Blob( DEFAULT_EC_PRIVATE_KEY_DER if keyType == KeyType.ECDSA else DEFAULT_RSA_PRIVATE_KEY_DER, False), Blob( DEFAULT_EC_PUBLIC_KEY_DER if keyType == KeyType.ECDSA else DEFAULT_RSA_PUBLIC_KEY_DER, False))) start = getNowSeconds() for i in range(nIterations): data = Data() data.wireDecode(encoding) if useCrypto: keyChain.verifyData(data, onVerified, onValidationFailed) finish = getNowSeconds() return finish - start
def main(): data = Data() data.wireDecode(TlvData) dump("Decoded Data:") dumpData(data) # Set the content again to clear the cached encoding so we encode again. data.setContent(data.getContent()) encoding = data.wireEncode() reDecodedData = Data() reDecodedData.wireDecode(encoding) dump("") dump("Re-decoded Data:") dumpData(reDecodedData) # Set up the KeyChain. keyChain = KeyChain("pib-memory:", "tpm-memory:") keyChain.importSafeBag(SafeBag (Name("/testname/KEY/123"), Blob(DEFAULT_RSA_PRIVATE_KEY_DER, False), Blob(DEFAULT_RSA_PUBLIC_KEY_DER, False))) validator = Validator(ValidationPolicyFromPib(keyChain.getPib())) validator.validate(reDecodedData, makeSuccessCallback("Re-decoded Data"), makeFailureCallback("Re-decoded Data")) freshData = Data(Name("/ndn/abc")) freshData.setContent("SUCCESS!") freshData.getMetaInfo().setFreshnessPeriod(5000) freshData.getMetaInfo().setFinalBlockId(Name("/%00%09")[0]) keyChain.sign(freshData) dump("") dump("Freshly-signed Data:") dumpData(freshData) validator.validate(freshData, makeSuccessCallback("Freshly-signed Data"), makeFailureCallback("Freshly-signed Data"))
def extract_co_from_db(self, leaf_node, wired=True): try: # by design, there is AT MOST one C2S relation for each node query = 'START s=node(%s)\n' % leaf_node._id + \ 'MATCH (s)-[r:%s]->(c)\n' % RELATION_C2S + \ 'RETURN c' records = neo4j.CypherQuery(self.db_handler, query).execute() nodes = [record.values[0] for record in records.data] segment_node = nodes[0] properties = segment_node.get_properties() wrapped = eval(properties[PROPERTY_WRAPPED]) _data = properties[PROPERTY_DATA] data = base64.b64decode(_data) # decode wired co to ContentObject instance # if not wired: co = Data() co.wireDecode(Blob.fromRawStr(data)) return co # else: # return data except StopIteration as ex: return None
def benchmarkDecodeDataSeconds(nIterations, useCrypto, keyType, encoding): """ Loop to decode a data packet nIterations times. :param int nIterations: The number of iterations. :param bool useCrypto: If true, verify the signature. If false, don't verify. :param KeyType keyType: KeyType.RSA or EC, used if useCrypto is True. :param Blob encoding: The wire encoding to decode. :return: The number of seconds for all iterations. :rtype: float """ # Initialize the KeyChain in case useCrypto is true. keyChain = KeyChain("pib-memory:", "tpm-memory:") # This puts the public key in the pibImpl used by the SelfVerifyPolicyManager. keyChain.importSafeBag( SafeBag( Name("/testname/KEY/123"), Blob( DEFAULT_EC_PRIVATE_KEY_DER if keyType == KeyType.EC else DEFAULT_RSA_PRIVATE_KEY_DER, False), Blob( DEFAULT_EC_PUBLIC_KEY_DER if keyType == KeyType.EC else DEFAULT_RSA_PUBLIC_KEY_DER, False))) validator = Validator(ValidationPolicyFromPib(keyChain.getPib())) start = getNowSeconds() for i in range(nIterations): data = Data() data.wireDecode(encoding) if useCrypto: validator.validate(data, onVerifySuccess, onVerifyFailed) finish = getNowSeconds() return finish - start
def test_full_name(self): data = Data() data.wireDecode(codedData) # Check the full name format. self.assertEqual(data.getFullName().size(), data.getName().size() + 1) self.assertEqual(data.getName(), data.getFullName().getPrefix(-1)) self.assertEqual(data.getFullName().get(-1).getValue().size(), 32) # Check the independent digest calculation. sha256 = hashes.Hash(hashes.SHA256(), backend=default_backend()) sha256.update(Blob(codedData).toBytes()) newDigest = Blob(bytearray(sha256.finalize()), False) self.assertTrue(newDigest.equals(data.getFullName().get(-1).getValue())) # Check the expected URI. self.assertEqual( data.getFullName().toUri(), "/ndn/abc/sha256digest=" + "96556d685dcb1af04be4ae57f0e7223457d4055ea9b3d07c0d337bef4a8b3ee9") # Changing the Data packet should change the full name. saveFullName = Name(data.getFullName()) data.setContent(Blob()) self.assertNotEqual(data.getFullName().get(-1), saveFullName.get(-1))
def setManager(self, manager): # Set up the first schedule. schedule1 = Schedule() interval11 = RepetitiveInterval( Schedule.fromIsoString("20150825T000000"), Schedule.fromIsoString("20150827T000000"), 5, 10, 2, RepetitiveInterval.RepeatUnit.DAY) interval12 = RepetitiveInterval( Schedule.fromIsoString("20150825T000000"), Schedule.fromIsoString("20150827T000000"), 6, 8, 1, RepetitiveInterval.RepeatUnit.DAY) interval13 = RepetitiveInterval( Schedule.fromIsoString("20150827T000000"), Schedule.fromIsoString("20150827T000000"), 7, 8) schedule1.addWhiteInterval(interval11) schedule1.addWhiteInterval(interval12) schedule1.addBlackInterval(interval13) # Set up the second schedule. schedule2 = Schedule() interval21 = RepetitiveInterval( Schedule.fromIsoString("20150825T000000"), Schedule.fromIsoString("20150827T000000"), 9, 12, 1, RepetitiveInterval.RepeatUnit.DAY) interval22 = RepetitiveInterval( Schedule.fromIsoString("20150827T000000"), Schedule.fromIsoString("20150827T000000"), 6, 8) interval23 = RepetitiveInterval( Schedule.fromIsoString("20150827T000000"), Schedule.fromIsoString("20150827T000000"), 2, 4) schedule2.addWhiteInterval(interval21) schedule2.addWhiteInterval(interval22) schedule2.addBlackInterval(interval23) # Add them to the group manager database. manager.addSchedule("schedule1", schedule1) manager.addSchedule("schedule2", schedule2) # Make some adaptions to certificate. dataBlob = self.certificate.wireEncode() memberA = Data() memberA.wireDecode(dataBlob, TlvWireFormat.get()) memberA.setName(Name("/ndn/memberA/KEY/ksk-123/ID-CERT/123")) memberB = Data() memberB.wireDecode(dataBlob, TlvWireFormat.get()) memberB.setName(Name("/ndn/memberB/KEY/ksk-123/ID-CERT/123")) memberC = Data() memberC.wireDecode(dataBlob, TlvWireFormat.get()) memberC.setName(Name("/ndn/memberC/KEY/ksk-123/ID-CERT/123")) # Add the members to the database. manager.addMember("schedule1", memberA) manager.addMember("schedule1", memberB) manager.addMember("schedule2", memberC)
def test_dump(self): data = Data() data.wireDecode(codedData) self.assertEqual(dumpData(data), initialDump, 'Initial dump does not have expected format')
def publish(self, line): # Pull out and parse datetime for log entry # (note we shoudld use point time for timestamp) try: if not ": (point" in line: return point = parse.search("(point {})", line)[0].split(" ") except Exception as detail: print("publish: Parse error for", line, "-", detail) return try: tempTime = datetime.strptime( parse.search("[{}]", line)[0], "%Y-%m-%d %H:%M:%S.%f") except Exception as detail: print("publish: Date/time conversion error for", line, "-", detail) return sensorName = point[0] aggregationNamePrefix = self.pointNameToNDNName(sensorName) dataDict = self.pointToJSON(point) if aggregationNamePrefix is not None: #if __debug__: # print(dateTime, aggregationNamePrefix, dataDict["timestamp"], "payload:", dataDict["value"]) try: # TODO: since the leaf sensor publisher is not a separate node for now, we also publish aggregated data # of the same sensor over the past given time period in this code; # bms_node code has adaptation for leaf sensor publishers as well, ref: example-sensor1.conf # Here we make the assumption of fixed time window for *all* sensors # First publish aggregation dataTime = int(float(dataDict["timestamp"]) * 1000) if self._startTime == 0: self._startTime = dataTime if not (sensorName in self._dataQueue): # We don't have record of this sensor, so we create an identity for it, and print the cert string for now to get signed sensorIdentityName = Name(self._namespace).append( aggregationNamePrefix).getPrefix(-3) sensorCertificateName = self._keyChain.createIdentityAndCertificate( sensorIdentityName) if __debug__: print("Sensor identity name: " + sensorIdentityName.toUri()) certificateData = self._keyChain.getIdentityManager( )._identityStorage.getCertificate(sensorCertificateName) # We should only ask for cert to be signed upon the first run of a certain sensor if DO_CERT_SETUP: if (KeyLocator.getFromSignature( certificateData.getSignature()).getKeyName(). equals(sensorCertificateName.getPrefix(-1))): # Need to configure for remote gateway deployment; for now, remote uses its own branch with my public IP. print("certificate " + sensorCertificateName.toUri() + " asking for signature") response = urllib2.urlopen( "http://192.168.56.1:5000/bms-cert-hack?cert=" + b64encode( certificateData.wireEncode().toBuffer()) + "&cert_prefix=" + sensorIdentityName.toUri() + '&subject_name=' + sensorIdentityName.toUri()).read() signedCertData = Data() signedCertData.wireDecode(Blob( b64decode(response))) self._cache.add(signedCertData) cmdline = ['ndnsec-install-cert', '-'] p = subprocess.Popen(cmdline, stdin=subprocess.PIPE, stdout=subprocess.PIPE) cert, err = p.communicate(response) if p.returncode != 0: raise RuntimeError("ndnsec-install-cert error") else: self._cache.add(certificateData) else: self._cache.add(certificateData) self._dataQueue[sensorName] = DataQueueItem( [], self._startTime + self._defaultInterval, sensorIdentityName, sensorCertificateName) self._dataQueue[sensorName]._dataList.append( dataDict["value"]) elif dataTime > self._dataQueue[sensorName]._timeThreshold: # calculate the aggregation with what's already in the queue, publish data packet, and delete current queue # TODO: This should be mutex locked against self if len(self._dataQueue[sensorName]._dataList) > 0: avg = 0.0 for item in self._dataQueue[sensorName]._dataList: avg += float(item) avg = avg / len(self._dataQueue[sensorName]._dataList) data = Data( Name(self._namespace). append(aggregationNamePrefix).append("avg").append( str(self._dataQueue[sensorName]._timeThreshold) ).append( str(self._dataQueue[sensorName]._timeThreshold + self._defaultInterval))) data.setContent(str(avg)) data.getMetaInfo().setFreshnessPeriod( self.DEFAULT_DATA_LIFETIME) self._keyChain.sign( data, self._dataQueue[sensorName]._certificateName) self._cache.add(data) print("Aggregation produced " + data.getName().toUri()) self._dataQueue[sensorName]._dataList = [dataDict["value"]] self._dataQueue[ sensorName]._timeThreshold = self._dataQueue[ sensorName]._timeThreshold + self._defaultInterval else: self._dataQueue[sensorName]._dataList.append( dataDict["value"]) # Then publish raw data # Timestamp in data name uses the timestamp from data payload instDataPrefix = self.pointNameToNDNName(sensorName, False) dataTemp = self.createData( instDataPrefix, dataDict["timestamp"], dataDict["value"], self._dataQueue[sensorName]._certificateName) if __debug__: print("Produced raw data name " + dataTemp.getName().toUri()) print("Produced raw data content " + dataTemp.getContent().toRawStr()) self._cache.add(dataTemp) except Exception as detail: print("publish: Error calling createData for", line, "-", detail)
def publish(self, line): # Pull out and parse datetime for log entry # (note we shoudld use point time for timestamp) try: if not ": (point" in line: return point = parse.search("(point {})", line)[0].split(" ") except Exception as detail: print("publish: Parse error for", line, "-", detail) return try: tempTime = datetime.strptime(parse.search("[{}]", line)[0], "%Y-%m-%d %H:%M:%S.%f") except Exception as detail: print("publish: Date/time conversion error for", line, "-", detail) return sensorName = point[0] aggregationNamePrefix = self.pointNameToNDNName(sensorName) dataDict = self.pointToJSON(point) self._lastDataTimestamp = time.time() if aggregationNamePrefix is not None: #if __debug__: # print(dateTime, aggregationNamePrefix, dataDict["timestamp"], "payload:", dataDict["value"]) try: # TODO: since the leaf sensor publisher is not a separate node for now, we also publish aggregated data # of the same sensor over the past given time period in this code; # bms_node code has adaptation for leaf sensor publishers as well, ref: example-sensor1.conf # Here we make the assumption of fixed time window for *all* sensors # First publish aggregation dataTime = int(float(dataDict["timestamp"]) * 1000) if self._startTime == 0: self._startTime = dataTime if not (sensorName in self._dataQueue): # We don't have record of this sensor, so we create an identity for it, and print the cert string for now to get signed sensorIdentityName = Name(self._namespace).append(aggregationNamePrefix).getPrefix(-3) sensorCertificateName = self._keyChain.createIdentityAndCertificate(sensorIdentityName) if __debug__: print("Sensor identity name: " + sensorIdentityName.toUri()) certificateData = self._keyChain.getIdentityManager()._identityStorage.getCertificate(sensorCertificateName, True) # We should only ask for cert to be signed upon the first run of a certain sensor if DO_CERT_SETUP: if (KeyLocator.getFromSignature(certificateData.getSignature()).getKeyName().equals(sensorCertificateName.getPrefix(-1))): # Need to configure for remote gateway deployment; for now, remote uses its own branch with my public IP. print("certificate " + sensorCertificateName.toUri() + " asking for signature") response = urllib2.urlopen("http://192.168.56.1:5000/bms-cert-hack?cert=" + b64encode(certificateData.wireEncode().toBuffer()) + "&cert_prefix=" + sensorIdentityName.toUri() + '&subject_name=' + sensorIdentityName.toUri()).read() signedCertData = Data() signedCertData.wireDecode(Blob(b64decode(response))) self._cache.add(signedCertData) cmdline = ['ndnsec-install-cert', '-'] p = subprocess.Popen(cmdline, stdin=subprocess.PIPE, stdout=subprocess.PIPE) cert, err = p.communicate(response) if p.returncode != 0: raise RuntimeError("ndnsec-install-cert error") else: self._cache.add(certificateData) else: self._cache.add(certificateData) self._dataQueue[sensorName] = DataQueueItem([], self._startTime + self._defaultInterval, sensorIdentityName, sensorCertificateName) self._dataQueue[sensorName]._dataList.append(dataDict["value"]) elif dataTime > self._dataQueue[sensorName]._timeThreshold: # calculate the aggregation with what's already in the queue, publish data packet, and delete current queue # TODO: This should be mutex locked against self if len(self._dataQueue[sensorName]._dataList) > 0: avg = 0.0 for item in self._dataQueue[sensorName]._dataList: avg += float(item) avg = avg / len(self._dataQueue[sensorName]._dataList) data = Data(Name(self._namespace).append(aggregationNamePrefix).append("avg").append(str(self._dataQueue[sensorName]._timeThreshold)).append(str(self._dataQueue[sensorName]._timeThreshold + self._defaultInterval))) data.setContent(str(avg)) data.getMetaInfo().setFreshnessPeriod(self.DEFAULT_DATA_LIFETIME) self._keyChain.sign(data, self._dataQueue[sensorName]._certificateName) self._cache.add(data) print("Aggregation produced " + data.getName().toUri()) self._dataQueue[sensorName]._dataList = [dataDict["value"]] self._dataQueue[sensorName]._timeThreshold = self._dataQueue[sensorName]._timeThreshold + self._defaultInterval else: self._dataQueue[sensorName]._dataList.append(dataDict["value"]) # Then publish raw data # Timestamp in data name uses the timestamp from data payload instDataPrefix = self.pointNameToNDNName(sensorName, False) dataTemp = self.createData(instDataPrefix, dataDict["timestamp"], json.dumps(dataDict), self._dataQueue[sensorName]._certificateName) if __debug__: print("Produced raw data name " + dataTemp.getName().toUri()) print("Produced raw data content " + dataTemp.getContent().toRawStr()) self._cache.add(dataTemp) # For now we only insert raw data into repo parameter = repo_command_parameter_pb2.RepoCommandParameterMessage() # Add the Name. for i in range(dataTemp.getName().size()): parameter.repo_command_parameter.name.component.append( dataTemp.getName().get(i).toEscapedString()) # Create the command interest. commandInterest = Interest(Name(repoCommandPrefix).append("insert") .append(Name.Component(ProtobufTlv.encode(parameter)))) self._face.makeCommandInterest(commandInterest) # Send the command interest and get the response or timeout. def onRepoCommandResponse(interest, data): # repo_command_response_pb2 was produced by protoc. response = repo_command_response_pb2.RepoCommandResponseMessage() try: ProtobufTlv.decode(response, data.content) except: print("Cannot decode the repo command response") if response.repo_command_response.status_code == 100: if __debug__: print("Insertion started") else: print("Got repo command error code", response.repo_command_response.status_code) def onRepoCommandTimeout(interest): if __debug__: print("Insert repo command timeout") self._face.expressInterest(commandInterest, onRepoCommandResponse, onRepoCommandTimeout) except Exception as detail: print("publish: Error calling createData for", line, "-", detail)
def test_construction(self): # Debug: This should be a Certificate. certificate = Data() certificate.wireDecode(CERT)
def startPublishing(self): # One-time security setup self.prepareLogging() privateKeyStorage = FilePrivateKeyStorage() identityStorage = BasicIdentityStorage() policyManager = ConfigPolicyManager(self._trustSchemaFile) self._keyChain = KeyChain( IdentityManager(identityStorage, privateKeyStorage), policyManager) self._certificateName = self._keyChain.createIdentityAndCertificate( self._identityName) print("My Identity name: " + self._identityName.toUri()) print("My certificate name: " + self._certificateName.toUri()) certificateData = self._keyChain.getIdentityManager( )._identityStorage.getCertificate(self._certificateName) print("My certificate string: " + b64encode(certificateData.wireEncode().toBuffer())) # self._keyChain.getIdentityCertificate(self._certificateName).) self._loop = asyncio.get_event_loop() self._face = ThreadsafeFace(self._loop) self._keyChain.setFace(self._face) self._face.setCommandSigningInfo(self._keyChain, self._certificateName) self._memoryContentCache = MemoryContentCache(self._face) # We should only ask for cert to be signed upon the first run of a certain aggregator if DO_CERT_SETUP: if (KeyLocator.getFromSignature( certificateData.getSignature()).getKeyName().equals( self._certificateName.getPrefix(-1))): # Need to configure for mini-ndn; aggregation node runs outside of mini-ndn first so that signed cert get installed and mini-ndn won't ask for this again print("certificate " + self._certificateName.toUri() + " asking for signature") response = urllib2.urlopen( "http://192.168.56.1:5000/bms-cert-hack?cert=" + b64encode(certificateData.wireEncode().toBuffer()) + "&cert_prefix=" + self._identityName.toUri() + '&subject_name=' + self._identityName.toUri()).read() signedCertData = Data() signedCertData.wireDecode(Blob(b64decode(response))) self._memoryContentCache.add(signedCertData) cmdline = ['ndnsec-install-cert', '-'] p = subprocess.Popen(cmdline, stdin=subprocess.PIPE, stdout=subprocess.PIPE) # desanitize + sign in GET request cert, err = p.communicate(response) if p.returncode != 0: raise RuntimeError("ndnsec-install-cert error") else: self._memoryContentCache.add(certificateData) else: self._memoryContentCache.add(certificateData) dataNode = self.conf.getDataNode() childrenNode = self.conf.getChildrenNode() self._memoryContentCache.registerPrefix(Name(self._identityName), self.onRegisterFailed, self.onDataNotFound) # For each type of data, we refresh each type of aggregation according to the interval in the configuration for i in range(len(dataNode.subtrees)): dataType = dataNode.subtrees.keys()[i] aggregationParams = self.conf.getProducingParamsForAggregationType( dataNode.subtrees.items()[i][1]) if childrenNode == None: self._dataQueue[dataType] = DataQueue(None, None, None) self.generateData(dataType, 2, 0) for aggregationType in aggregationParams: childrenList = OrderedDict() if childrenNode != None: for j in range(len(childrenNode.subtrees)): if dataType in childrenNode.subtrees.items( )[j][1].subtrees['data'].subtrees: if aggregationType in childrenNode.subtrees.items( )[j][1].subtrees['data'].subtrees[ dataType].subtrees: childrenList[childrenNode.subtrees.items()[j][ 0]] = self.conf.getProducingParamsForAggregationType( childrenNode.subtrees.items()[j] [1].subtrees['data'].subtrees[dataType] )[aggregationType] self.startPublishingAggregation( aggregationParams[aggregationType], childrenList, dataType, aggregationType) return
def startPublishing(self): # One-time security setup self.prepareLogging() privateKeyStorage = FilePrivateKeyStorage() identityStorage = BasicIdentityStorage() policyManager = ConfigPolicyManager(self._trustSchemaFile) self._keyChain = KeyChain(IdentityManager(identityStorage, privateKeyStorage), policyManager) self._certificateName = self._keyChain.createIdentityAndCertificate(self._identityName) print("My Identity name: " + self._identityName.toUri()) print("My certificate name: " + self._certificateName.toUri()) certificateData = self._keyChain.getIdentityManager()._identityStorage.getCertificate(self._certificateName, True) print("My certificate string: " + b64encode(certificateData.wireEncode().toBuffer())) # self._keyChain.getIdentityCertificate(self._certificateName).) self._loop = asyncio.get_event_loop() self._face = ThreadsafeFace(self._loop) self._keyChain.setFace(self._face) self._face.setCommandSigningInfo(self._keyChain, self._certificateName) self._memoryContentCache = MemoryContentCache(self._face) # We should only ask for cert to be signed upon the first run of a certain aggregator if DO_CERT_SETUP: if (KeyLocator.getFromSignature(certificateData.getSignature()).getKeyName().equals(self._certificateName.getPrefix(-1))): # Need to configure for mini-ndn; aggregation node runs outside of mini-ndn first so that signed cert get installed and mini-ndn won't ask for this again print("certificate " + self._certificateName.toUri() + " asking for signature") response = urllib2.urlopen("http://192.168.56.1:5000/bms-cert-hack?cert=" + b64encode(certificateData.wireEncode().toBuffer()) + "&cert_prefix=" + self._identityName.toUri() + '&subject_name=' + self._identityName.toUri()).read() signedCertData = Data() signedCertData.wireDecode(Blob(b64decode(response))) self._memoryContentCache.add(signedCertData) cmdline = ['ndnsec-install-cert', '-'] p = subprocess.Popen(cmdline, stdin=subprocess.PIPE, stdout=subprocess.PIPE) # desanitize + sign in GET request cert, err = p.communicate(response) if p.returncode != 0: raise RuntimeError("ndnsec-install-cert error") else: self._memoryContentCache.add(certificateData) else: self._memoryContentCache.add(certificateData) dataNode = self.conf.getDataNode() childrenNode = self.conf.getChildrenNode() self._memoryContentCache.registerPrefix(Name(self._identityName), self.onRegisterFailed, self.onDataNotFound) # For each type of data, we refresh each type of aggregation according to the interval in the configuration for i in range(len(dataNode.subtrees)): dataType = dataNode.subtrees.keys()[i] aggregationParams = self.conf.getProducingParamsForAggregationType(dataNode.subtrees.items()[i][1]) if childrenNode == None: self._dataQueue[dataType] = DataQueue(None, None, None) self.generateData(dataType, 2, 0) for aggregationType in aggregationParams: childrenList = OrderedDict() if childrenNode != None: for j in range(len(childrenNode.subtrees)): if dataType in childrenNode.subtrees.items()[j][1].subtrees['data'].subtrees: if aggregationType in childrenNode.subtrees.items()[j][1].subtrees['data'].subtrees[dataType].subtrees: childrenList[childrenNode.subtrees.items()[j][0]] = self.conf.getProducingParamsForAggregationType(childrenNode.subtrees.items()[j][1].subtrees['data'].subtrees[dataType])[aggregationType] self.startPublishingAggregation(aggregationParams[aggregationType], childrenList, dataType, aggregationType) return
def wireDecode(self, buf, wireFormat = None): """ Make sure the fields are populated after decoding """ Data.wireDecode(self, buf, wireFormat) self.decode()
def wireDecode(self, buf, wireFormat=None): """ Make sure the fields are populated after decoding """ Data.wireDecode(self, buf, wireFormat) self.decode()
def publishData(self): for buffer in EncryptStaticData.managerPackets: data = Data() data.wireDecode(buffer) self._storage.insert(data)