Nucypher
/
nucypher
mirror of https://github.com/nucypher/nucypher.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #2780 from KPrasch/unstorage 

Deprecate treasure map publication and storage
pull/2786/head
KPrasch 2021-08-25 15:51:20 -07:00 committed by GitHub
parent b3572c7b65 a3f8df66fc
commit 3200ef05fc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
49 changed files with 249 additions and 1647 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
docs/source/application_development/porter.rst
View File

@ -466,116 +466,6 @@ Example Response
}
POST /publish_treasure_map
^^^^^^^^^^^^^^^^^^^^^^^^^^
Publish a treasure map to the network as part of Alice's ``grant`` workflow. The treasure map associated
with the policy is stored by the network.
Parameters
++++++++++
+----------------------------------+---------------+----------------------------------------+
| **Parameter** | **Type** | **Description** |
+==================================+===============+========================================+
| ``treasure_map`` | String | Treasure map bytes encoded as base64. |
+----------------------------------+---------------+----------------------------------------+
| ``bob_encrypting_key`` | String | Bob's encrypting key encoded as hex. |
+----------------------------------+---------------+----------------------------------------+
Returns
+++++++
Confirmation that the treasure map was published:
* ``published`` - Value of ``true``.
If publishing the treasure map fails, an error status code is returned.
Example Request
+++++++++++++++
.. code:: bash
curl -X POST <PORTER URI>/publish_treasure_map \
-H "Content-Type: application/json" \
-d '{"treasure_map": "Qld7S8sbKFCv2B8KxfJo4oxiTOjZ4VPyqTK5K1xK6DND6TbLg2hvlGaMV69aiiC5QfadB82w/5q1Sw+SNFHN2e ...",
"bob_encrypting_key": "026d1f4ce5b2474e0dae499d6737a8d987ed3c9ab1a55e00f57ad2d8e81fe9e9ac"}'
OR
.. code:: bash
curl -X POST "<PORTER URI>/publish_treasure_map?treasure_map=Qld7S8sbKFCv2B8KxfJo4oxiTOjZ4VPyqTK5K1xK6DND6TbLg2hvlGaMV69aiiC5QfadB82w%2F5q1Sw%2BSNFHN2e ...&bob_encrypting_key=026d1f4ce5b2474e0dae499d6737a8d987ed3c9ab1a55e00f57ad2d8e81fe9e9ac"
Example Response
++++++++++++++++
.. code::
Status: 200 OK
.. code:: json
{
"result": {
"published": true
},
"version": "6.0.0"
}
GET /get_treasure_map
^^^^^^^^^^^^^^^^^^^^^
Retrieve a treasure map from the network as part of Bob's ``retrieve`` workflow. Bob needs to obtain the treasure map
associated with a policy, to learn which Ursulas were assigned to service the policy.
Parameters
++++++++++
+----------------------------------+---------------+----------------------------------------+
| **Parameter** | **Type** | **Description** |
+==================================+===============+========================================+
| ``hrac`` | String | Policy HRAC. |
+----------------------------------+---------------+----------------------------------------+
| ``bob_encrypting_key`` | String | Bob's encrypting key encoded as hex. |
+----------------------------------+---------------+----------------------------------------+
Returns
+++++++
The requested treasure map:
* ``treasure_map`` - Treasure map bytes encoded as base64
Example Request
+++++++++++++++
.. code:: bash
curl -X GET <PORTER URI>/get_treasure_map \
-H "Content-Type: application/json" \
-d '{"hrac": "f6ec73c93084ce91d5542a4ba6070071",
"bob_encrypting_key": "026d1f4ce5b2474e0dae499d6737a8d987ed3c9ab1a55e00f57ad2d8e81fe9e9ac"}'
OR
.. code:: bash
curl -X GET "<PORTER URI>/get_treasure_map?hrac=f6ec73c93084ce91d5542a4ba6070071&bob_encrypting_key=026d1f4ce5b2474e0dae499d6737a8d987ed3c9ab1a55e00f57ad2d8e81fe9e9ac"
Example Response
++++++++++++++++
.. code::
Status: 200 OK
.. code:: json
{
"result": {
"treasure_map": "Qld7S8sbKFCv2B8KxfJo4oxiTOjZ4VPyqTK5K1xK6DND6TbLg2hvlGaMV69aiiC5QfadB82w/5q1Sw+SNFHN2esWgAbs38QuUVUGCzDoWzQAAAGIAuhw12ZiPMNV8LaeWV8uUN+au2HGOjWilqtKsaP9fmnLAzFiTUAu9/VCxOLOQE88BPoWk1H7OxRLDEhnBVYyflpifKbOYItwLLTtWYVFRY90LtNSAzS8d3vNH4c3SHSZwYsCKY+5LvJ68GD0CqhydSxCcGckh0unttHrYGSOQsURUI4AAAEBsSMlukjA1WyYA+FouqkuRtk8bVHcYLqRUkK2n6dShEUGMuY1SzcAbBINvJYmQp+hhzK5m47AzCl463emXepYZQC/evytktG7yXxd3k8Ak+Qr7T4+G2VgJl4YrafTpIT6wowd+8u/SMSrrf/M41OhtLeBC4uDKjO3rYBQfVLTpEAgiX/9jxB80RtNMeCwgcieviAR5tlw2IlxVTEhxXbFeopcOZmfEuhVWqgBUfIakqsNCXkkubV0XS2l5G1vtTM8oNML0rP8PyKd4+0M5N6P/EQqFkHH93LCDD0IQBq9usm3MoJp0eT8N3m5gprI05drDh2xe/W6qnQfw3YXnjdvf2A="
},
"version": "6.0.0"
}
POST /exec_work_order
^^^^^^^^^^^^^^^^^^^^^
Use a work order to execute a re-encrypt operation on the network network as part of Bob's ``retrieve`` workflow.

8
examples/finnegans_wake_demo/finnegans-wake-demo-federated.py
View File

@ -93,7 +93,6 @@ remote_bob = Bob.from_public_keys(encrypting_key=encrypting_key, verifying_key=v
policy = alice.grant(remote_bob, label, threshold=threshold, shares=shares, expiration=policy_end_datetime)
assert policy.public_key == policy_public_key
policy.treasure_map_publisher.block_until_complete()
# Alice puts her public key somewhere for Bob to find later...
alice_verifying_key = alice.stamp.as_umbral_pubkey()
@ -118,9 +117,7 @@ del alice
# Bob the BUIDLer ##
#####################
bob.join_policy(label, alice_verifying_key)
# Now that Bob has joined the Policy, let's show how Enrico the Encryptor
# Now let's show how Enrico the Encryptor
# can share data with the members of this Policy and then how Bob retrieves it.
# In order to avoid re-encrypting the entire book in this demo, we only read some lines.
with open(BOOK_PATH, 'rb') as file:
@ -155,7 +152,8 @@ for counter, plaintext in enumerate(finnegans_wake):
delivered_cleartexts = bob.retrieve(single_passage_ciphertext,
policy_encrypting_key=policy_public_key,
alice_verifying_key=alice_verifying_key,
label=label)
label=label,
encrypted_treasure_map=policy.treasure_map)
# We show that indeed this is the passage originally encrypted by Enrico.
assert plaintext == delivered_cleartexts[0]

5
examples/finnegans_wake_demo/finnegans-wake-demo-testnet.py
View File

@ -114,7 +114,7 @@ rate = Web3.toWei(50, 'gwei')
threshold, shares = 2, 3
# Alice grants access to Bob...
alice.grant(remote_bob, label, threshold=threshold, shares=shares, rate=rate, expiration=expiration)
policy = alice.grant(remote_bob, label, threshold=threshold, shares=shares, rate=rate, expiration=expiration)
# ...and then disappears from the internet.
#
@ -156,7 +156,8 @@ for counter, plaintext in enumerate(finnegans_wake):
cleartexts = bob.retrieve(ciphertext,
label=label,
policy_encrypting_key=policy_public_key,
alice_verifying_key=alice_verifying_key)
alice_verifying_key=alice_verifying_key,
encrypted_treasure_map=policy.treasure_map)
# We show that indeed this is the passage originally encrypted by Enrico.
assert plaintext == cleartexts[0]

4
examples/heartbeat_demo/alicia.py
View File

@ -14,7 +14,7 @@
You should have received a copy of the GNU Affero General Public License
along with nucypher. If not, see <https://www.gnu.org/licenses/>.
"""
import base64
import datetime
import sys
import json
@ -142,7 +142,6 @@ policy = alicia.grant(bob=doctor_strange,
threshold=threshold,
shares=shares,
expiration=policy_end_datetime)
policy.treasure_map_publisher.block_until_complete()
print("Done!")
# For the demo, we need a way to share with Bob some additional info
@ -151,6 +150,7 @@ policy_info = {
"policy_pubkey": bytes(policy.public_key).hex(),
"alice_sig_pubkey": bytes(alicia.stamp).hex(),
"label": label.decode("utf-8"),
"treasure_map": base64.b64encode(bytes(policy.treasure_map)).decode()
}
filename = POLICY_FILENAME

13
examples/heartbeat_demo/doctor.py
View File

@ -14,7 +14,7 @@
You should have received a copy of the GNU Affero General Public License
along with nucypher. If not, see <https://www.gnu.org/licenses/>.
"""
import base64
import json
from pathlib import Path
from timeit import default_timer as timer
@ -31,6 +31,7 @@ from nucypher.crypto.kits import UmbralMessageKit
from nucypher.crypto.powers import DecryptingPower, SigningPower
from nucypher.crypto.umbral_adapter import PublicKey
from nucypher.network.middleware import RestMiddleware
from nucypher.policy.maps import EncryptedTreasureMap
from nucypher.utilities.logging import GlobalLoggerSettings
GlobalLoggerSettings.start_console_logging()
@ -87,12 +88,9 @@ with open("policy-metadata.json", 'r') as f:
policy_pubkey = PublicKey.from_bytes(bytes.fromhex(policy_data["policy_pubkey"]))
alices_sig_pubkey = PublicKey.from_bytes(bytes.fromhex(policy_data["alice_sig_pubkey"]))
label = policy_data["label"].encode()
treasure_map = EncryptedTreasureMap.from_bytes(base64.b64decode(policy_data["treasure_map"].encode()))
print("The Doctor joins policy for label '{}'".format(label.decode("utf-8")))
doctor.join_policy(label, alices_sig_pubkey)
# Now that the Doctor joined the policy in the NuCypher network,
# he can retrieve encrypted data which he can decrypt with his private key.
# The Doctor can retrieve encrypted data which he can decrypt with his private key.
# But first we need some encrypted data!
# Let's read the file produced by the heart monitor and unpack the MessageKits,
# which are the individual ciphertexts.
@ -112,7 +110,8 @@ for message_kit in message_kits:
message_kit,
label=label,
enrico=data_source,
alice_verifying_key=alices_sig_pubkey
alice_verifying_key=alices_sig_pubkey,
encrypted_treasure_map=treasure_map
)
end = timer()

2
newsfragments/2780.removal.rst Normal file
View File

@ -0,0 +1,2 @@
Removal of treasure map storage functionality and supporting publication APIs from the decentralized network.
Encrypted treasure maps must be obtained from side channels instead of Ursulas on the network (unless cached).

1
nucypher/blockchain/eth/actors.py
View File

@ -105,6 +105,7 @@ from nucypher.control.emitters import StdoutEmitter
from nucypher.config.constants import DEFAULT_CONFIG_ROOT
from nucypher.crypto.powers import TransactingPower
from nucypher.policy.hrac import HRAC
from nucypher.policy.policies import Policy
from nucypher.types import NuNits, Period
from nucypher.utilities.logging import Logger

18
nucypher/characters/control/interfaces.py
View File

@ -16,9 +16,10 @@
"""
from base64 import b64decode
import maya
from typing import Union
import maya
from nucypher.characters.base import Character
from nucypher.characters.control.specifications import alice, bob, enrico
from nucypher.control.interfaces import attach_schema, ControlInterface
@ -94,8 +95,6 @@ class AliceInterface(CharacterPublicInterface):
rate=rate,
expiration=expiration)
new_policy.treasure_map_publisher.block_until_success_is_reasonably_likely()
response_data = {'treasure_map': new_policy.treasure_map,
'policy_encrypting_key': new_policy.public_key,
# For the users of this interface, Publisher is always the same as Alice,
@ -162,22 +161,13 @@ class AliceInterface(CharacterPublicInterface):
class BobInterface(CharacterPublicInterface):
@attach_schema(bob.JoinPolicy)
def join_policy(self, label: bytes, publisher_verifying_key: bytes):
"""
Character control endpoint for joining a policy on the network.
"""
self.implementer.join_policy(label=label, publisher_verifying_key=publisher_verifying_key)
response = {'policy_encrypting_key': 'OK'} # FIXME
return response
@attach_schema(bob.Retrieve)
def retrieve(self,
label: bytes,
policy_encrypting_key: bytes,
alice_verifying_key: bytes,
message_kit: bytes,
treasure_map: Union[bytes, str, 'TreasureMap'] = None):
treasure_map: Union[bytes, str, 'TreasureMap']):
"""
Character control endpoint for re-encrypting and decrypting policy data.
"""
@ -191,8 +181,6 @@ class BobInterface(CharacterPublicInterface):
policy_encrypting_key=policy_encrypting_key,
label=label)
self.implementer.join_policy(label=label, publisher_verifying_key=alice_verifying_key)
if isinstance(treasure_map, bytes):
treasure_map = EncryptedTreasureMap.from_bytes(treasure_map)

23
nucypher/characters/control/specifications/bob.py
View File

@ -19,28 +19,11 @@ import click
import nucypher.control.specifications.fields as base_fields
from nucypher.characters.control.specifications import fields as character_fields
from nucypher.characters.control.specifications.fields.treasuremap import EncryptedTreasureMap
from nucypher.control.specifications.base import BaseSchema
from nucypher.cli import options
class JoinPolicy(BaseSchema): #TODO: this doesn't have a cli implementation
label = character_fields.Label(
load_only=True, required=True,
click=options.option_label(required=True))
publisher_verifying_key = character_fields.Key(
load_only=True, required=True,
click=click.option(
'--publisher-verifying-key',
'-pvk',
help="Alice's verifying key as a hexadecimal string",
required=False, type=click.STRING,))
policy_encrypting_key = base_fields.String(dump_only=True)
# this should be a Key Field
# but bob.join_policy outputs {'policy_encrypting_key': 'OK'}
class Retrieve(BaseSchema):
label = character_fields.Label(
required=True,
@ -68,6 +51,10 @@ class Retrieve(BaseSchema):
click=options.option_message_kit(required=False)
)
treasure_map = EncryptedTreasureMap(required=False,
load_only=True,
click=options.option_treasure_map)
cleartexts = base_fields.List(character_fields.Cleartext(), dump_only=True)

81
nucypher/characters/lawful.py
View File

@ -17,16 +17,14 @@ along with nucypher. If not, see <https://www.gnu.org/licenses/>.
import contextlib
from pathlib import Path
import json
import random
import time
from base64 import b64encode
from collections import OrderedDict, defaultdict, namedtuple
from datetime import datetime
from functools import partial
from json.decoder import JSONDecodeError
from pathlib import Path
from queue import Queue
from random import shuffle
from typing import Dict, Iterable, List, NamedTuple, Tuple, Union, Optional, Sequence, Set, Any
@ -87,7 +85,7 @@ from nucypher.crypto.powers import (
TransactingPower
)
from nucypher.crypto.signing import InvalidSignature
from nucypher.crypto.splitters import key_splitter, signature_splitter
from nucypher.crypto.splitters import key_splitter, signature_splitter, cfrag_splitter
from nucypher.crypto.umbral_adapter import (
Capsule,
PublicKey,
@ -97,7 +95,7 @@ from nucypher.crypto.umbral_adapter import (
VerifiedKeyFrag,
Signature
)
from nucypher.crypto.utils import keccak_digest, encrypt_and_sign
from nucypher.crypto.utils import encrypt_and_sign
from nucypher.datastore.datastore import DatastoreTransactionError, RecordNotFound
from nucypher.datastore.queries import find_expired_policies, find_expired_treasure_maps
from nucypher.network import treasuremap
@ -326,8 +324,6 @@ class Alice(Character, BlockchainPolicyAuthor):
label: bytes,
handpicked_ursulas: set = None,
timeout: int = None,
publish_treasure_map: bool = True,
block_until_success_is_reasonably_likely: bool = True,
**policy_params):
timeout = timeout or self.timeout
@ -364,15 +360,10 @@ class Alice(Character, BlockchainPolicyAuthor):
"or run the learning loop on a network with enough Ursulas.".format(policy.shares))
self.log.debug(f"Enacting {policy} ... ")
# TODO: Make it optional to publish to blockchain? Or is this presumptive based on the `Policy` type?
enacted_policy = policy.enact(network_middleware=self.network_middleware,
handpicked_ursulas=handpicked_ursulas,
publish_treasure_map=publish_treasure_map)
handpicked_ursulas=handpicked_ursulas)
self.add_active_policy(enacted_policy)
if publish_treasure_map and block_until_success_is_reasonably_likely:
enacted_policy.treasure_map_publisher.block_until_success_is_reasonably_likely()
return enacted_policy
def get_policy_encrypting_key_from_label(self, label: bytes) -> PublicKey:
@ -630,25 +621,6 @@ class Bob(Character):
publisher = Alice.from_public_keys(verifying_key=publisher_verifying_key)
return encrypted_treasure_map.decrypt(partial(self.verify_from, publisher, decrypt=True))
def get_treasure_map(self, publisher_verifying_key: PublicKey, label: bytes):
hrac = self.construct_policy_hrac(publisher_verifying_key=publisher_verifying_key, label=label)
if not self.known_nodes and not self._learning_task.running:
# Quick sanity check - if we don't know of *any* Ursulas, and we have no
# plans to learn about any more, than this function will surely fail.
if not self.done_seeding:
self.learn_from_teacher_node()
# If we still don't know of any nodes, we gotta bail.
if not self.known_nodes:
raise self.NotEnoughTeachers("Can't retrieve without knowing about any nodes at all. Pass a teacher or seed node.")
encrypted_treasure_map = self.get_treasure_map_from_known_ursulas(hrac)
treasure_map = self._decrypt_treasure_map(encrypted_treasure_map, publisher_verifying_key)
self.treasure_maps[hrac] = treasure_map
return treasure_map
def construct_policy_hrac(self, publisher_verifying_key: PublicKey, label: bytes) -> HRAC:
return HRAC.derive(publisher_verifying_key=publisher_verifying_key,
bob_verifying_key=self.stamp.as_umbral_pubkey(),
@ -723,16 +695,6 @@ class Bob(Character):
return incomplete_work_orders, complete_work_orders
def join_policy(self,
label: bytes,
publisher_verifying_key: PublicKey,
node_list: Optional[List['Ursula']] = None,
block: bool = False):
if node_list:
self._node_ids_to_learn_about_immediately.update(node_list)
treasure_map = self.get_treasure_map(publisher_verifying_key, label)
self.follow_treasure_map(treasure_map=treasure_map, block=block)
def _filter_work_orders_and_capsules(self,
work_orders: Dict[ChecksumAddress, 'WorkOrder'],
message_kits: Sequence['UmbralMessageKit'],
@ -760,7 +722,10 @@ class Bob(Character):
# We don't have enough CFrags yet. Let's get another one from a WorkOrder.
try:
cfrags_and_signatures = self.network_middleware.reencrypt(work_order)
ursula_rest_response = self.network_middleware.send_work_order_payload_to_ursula(
ursula=work_order.ursula,
work_order_payload=work_order.payload()
)
except NodeSeemsToBeDown as e:
# TODO: What to do here? Ursula isn't supposed to be down. NRN
self.log.info(f"Ursula ({work_order.ursula}) seems to be down while trying to complete WorkOrder: {work_order}")
@ -773,7 +738,9 @@ class Bob(Character):
except self.network_middleware.UnexpectedResponse:
raise # TODO: Handle this
cfrags = work_order.complete(cfrags_and_signatures)
splitter = cfrag_splitter + signature_splitter
cfrags_and_signatures = splitter.repeat(ursula_rest_response.content)
work_order.complete(cfrags_and_signatures)
# TODO: hopefully GIL will allow this to execute concurrently...
# or we'll have to modify tests that rely on it
@ -926,20 +893,18 @@ class Bob(Character):
def _handle_treasure_map(self,
publisher_verifying_key: PublicKey,
label: bytes,
encrypted_treasure_map: Optional['EncryptedTreasureMap'] = None,
) -> 'TreasureMap':
encrypted_treasure_map: Optional['EncryptedTreasureMap'] = None
) -> Tuple['TreasureMap', int]:
"""Decrypt and cache the treasure map by Bob."""
if encrypted_treasure_map:
treasure_map = self._decrypt_treasure_map(encrypted_treasure_map, publisher_verifying_key)
treasure_map: TreasureMap = self._decrypt_treasure_map(encrypted_treasure_map, publisher_verifying_key)
self.treasure_maps[treasure_map.hrac] = treasure_map
else:
hrac = self.construct_policy_hrac(publisher_verifying_key, label)
hrac = HRAC.derive(publisher_verifying_key=publisher_verifying_key, bob_verifying_key=self.stamp, label=label)
try:
treasure_map = self.treasure_maps[hrac]
except KeyError:
# If the treasure map is not known, join the policy as part of retrieval.
self.join_policy(label=label, publisher_verifying_key=publisher_verifying_key)
treasure_map = self.treasure_maps[hrac]
raise ValueError(f"Treasure map for HRAC({hrac}) is not cached.")
_unknown_ursulas, _known_ursulas, threshold = self.follow_treasure_map(treasure_map=treasure_map, block=True)
return treasure_map, threshold
@ -948,8 +913,8 @@ class Bob(Character):
# Policy
*message_kits: UmbralMessageKit,
label: bytes,
policy_encrypting_key: Optional[PublicKey] = None,
encrypted_treasure_map: Optional['EncryptedTreasureMap'] = None,
policy_encrypting_key: Optional[PublicKey] = None,
# Source Authentication
enrico: Optional["Enrico"] = None,
@ -966,7 +931,6 @@ class Bob(Character):
if not publisher_verifying_key:
# If a policy publisher's verifying key is not passed, use Alice's by default.
publisher_verifying_key = alice_verifying_key
treasure_map, threshold = self._handle_treasure_map(encrypted_treasure_map=encrypted_treasure_map,
publisher_verifying_key=publisher_verifying_key,
label=label)
@ -1021,15 +985,6 @@ class Bob(Character):
"""
return controller(method_name='public_keys', control_request=request)
@bob_control.route('/join_policy', methods=['POST'])
def join_policy():
"""
Character control endpoint for joining a policy on the network.
This is an unfinished endpoint. You're probably looking for retrieve.
"""
return controller(method_name='join_policy', control_request=request)
@bob_control.route('/retrieve', methods=['POST'])
def retrieve():
"""

3
nucypher/characters/unlawful.py
View File

@ -192,8 +192,7 @@ class Amonia(Alice):
with patch("nucypher.policy.policies.BlockchainPolicy._publish_to_blockchain",
publish_wrong_payee_address_to_blockchain):
with patch("nucypher.policy.policies.Policy._enact_arrangements", self.enact_without_tabulating_responses):
return super().grant(handpicked_ursulas=ursulas_to_trick_into_working_for_free, *args, **kwargs)
return super().grant(handpicked_ursulas=ursulas_to_trick_into_working_for_free, *args, **kwargs)
def use_ursula_as_an_involuntary_and_unbeknownst_cdn(self, policy, bob, sucker_ursula):
"""

2
nucypher/cli/commands/bob.py
View File

@ -353,6 +353,7 @@ def retrieve(general_config,
label,
policy_encrypting_key,
alice_verifying_key,
treasure_map,
message_kit,
ipfs,
alice,
@ -409,6 +410,7 @@ def retrieve(general_config,
'policy_encrypting_key': policy_encrypting_key,
'alice_verifying_key': alice_verifying_key,
'message_kit': message_kit,
'treasure_map': treasure_map
}
response = BOB.controller.retrieve(request=bob_request_data)

1
nucypher/cli/options.py
View File

@ -64,6 +64,7 @@ option_signer_uri = click.option('--signer', 'signer_uri', '-S', default=None, t
option_staking_address = click.option('--staking-address', help="Address of a NuCypher staker", type=EIP55_CHECKSUM_ADDRESS)
option_teacher_uri = click.option('--teacher', 'teacher_uri', help="An Ursula URI to start learning from (seednode)", type=click.STRING)
option_threshold = click.option('--threshold', '-m', help="M-Threshold KFrags", type=click.INT)
option_treasure_map = click.option('--treasure-map', 'treasure_map', help="Encrypted treasure map as base64 for retrieval", type=click.STRING)
_option_middleware = click.option('-Z', '--mock-networking', help="Use in-memory transport instead of networking", count=True)
# Avoid circular input

41
nucypher/network/middleware.py
View File

@ -16,10 +16,11 @@ along with nucypher. If not, see <https://www.gnu.org/licenses/>.
"""
import requests
import socket
import ssl
import time
import requests
from bytestring_splitter import VariableLengthBytestring
from constant_sorrow.constants import CERTIFICATE_NOT_SAVED, EXEMPT_FROM_VERIFICATION
from cryptography import x509
@ -124,8 +125,14 @@ class NucypherMiddlewareClient:
elif cleaned_response.status_code == 404:
m = f"While trying to {method_name} {args} ({kwargs}), server 404'd. Response: {cleaned_response.content}"
raise RestMiddleware.NotFound(m)
elif cleaned_response.status_code == 402:
# TODO: Use this as a hook to prompt Bob's payment for policy sponsorship
# https://getyarn.io/yarn-clip/ce0d37ba-4984-4210-9a40-c9c9859a3164
raise RestMiddleware.PaymentRequired(cleaned_response.content)
elif cleaned_response.status_code == 403:
raise RestMiddleware.Unauthorized(cleaned_response.content)
else:
return cleaned_response
raise RestMiddleware.UnexpectedResponse(cleaned_response.content, status=cleaned_response.status_code)
return cleaned_response
return method_wrapper
@ -156,6 +163,16 @@ class RestMiddleware:
self.reason = reason
super().__init__(message=reason, status=400, *args, **kwargs)
class PaymentRequired(UnexpectedResponse):
"""Raised for HTTP 402"""
def __init__(self, *args, **kwargs):
super().__init__(status=402, *args, **kwargs)
class Unauthorized(UnexpectedResponse):
"""Raised for HTTP 403"""
def __init__(self, *args, **kwargs):
super().__init__(status=403, *args, **kwargs)
def __init__(self, registry=None):
self.client = self._client_class(registry)
@ -192,13 +209,6 @@ class RestMiddleware:
timeout=120) # TODO: What is an appropriate timeout here?
return response
def reencrypt(self, work_order):
ursula_rest_response = self.send_work_order_payload_to_ursula(ursula=work_order.ursula,
work_order_payload=work_order.payload())
splitter = cfrag_splitter + signature_splitter
cfrags_and_signatures = splitter.repeat(ursula_rest_response.content)
return cfrags_and_signatures
def revoke_arrangement(self, ursula, revocation):
# TODO: Implement revocation confirmations
response = self.client.post(
@ -208,19 +218,6 @@ class RestMiddleware:
)
return response
def get_treasure_map_from_node(self, node, hrac):
response = self.client.get(node_or_sprout=node,
path=f"treasure_map/{bytes(hrac).hex()}",
timeout=2)
return response
def put_treasure_map_on_node(self, node, map_payload):
response = self.client.post(node_or_sprout=node,
path=f"treasure_map/",
data=map_payload,
timeout=2)
return response
def send_work_order_payload_to_ursula(self, ursula: 'Ursula', work_order_payload: bytes):
response = self.client.post(
node_or_sprout=ursula,

90
nucypher/network/server.py
View File

@ -16,34 +16,28 @@ along with nucypher. If not, see <https://www.gnu.org/licenses/>.
"""
import os
import uuid
import weakref
from pathlib import Path
from datetime import datetime, timedelta
from typing import Tuple
from constant_sorrow import constants
from constant_sorrow.constants import FLEET_STATES_MATCH, RELAX, NOT_STAKING
from flask import Flask, Response, jsonify, request
from mako import exceptions as mako_exceptions
from mako.template import Template
from maya import MayaDT
from nucypher.blockchain.eth.constants import NULL_ADDRESS
from nucypher.blockchain.eth.utils import period_to_epoch
from nucypher.config.constants import MAX_UPLOAD_CONTENT_LENGTH
from nucypher.crypto.keypairs import HostingKeypair, DecryptingKeypair
from nucypher.crypto.kits import PolicyMessageKit
from nucypher.crypto.powers import KeyPairBasedPower, PowerUpError
from nucypher.crypto.signing import InvalidSignature
from nucypher.datastore.datastore import Datastore, RecordNotFound
from nucypher.datastore.models import EncryptedTreasureMap as TreasureMapModel
from nucypher.datastore.datastore import Datastore
from nucypher.datastore.models import Workorder as WorkOrderModel
from nucypher.network import LEARNING_LOOP_VERSION
from nucypher.network.exceptions import NodeSeemsToBeDown
from nucypher.network.protocols import InterfaceInfo
from nucypher.policy.hrac import HRAC
from nucypher.utilities.logging import Logger
HERE = BASE_DIR = Path(__file__).parent
@ -287,86 +281,6 @@ def _make_rest_app(datastore: Datastore, this_node, domain: str, log: Logger) ->
# TODO: Implement offchain revocation.
return Response(status=200)
@rest_app.route('/treasure_map/<hrac>')
def provide_treasure_map(hrac):
headers = {'Content-Type': 'application/octet-stream'}
try:
hrac_obj = HRAC.from_bytes(bytes.fromhex(hrac))
except ValueError:
return Response(f"Invalid HRAC format (got: {hrac}).", status=400)
try:
with datastore.describe(TreasureMapModel, hrac) as stored_treasure_map:
response = Response(stored_treasure_map.treasure_map, headers=headers)
log.info(f"{this_node} providing TreasureMap {hrac_obj}")
except RecordNotFound:
log.info(f"{this_node} doesn't have requested TreasureMap under {hrac_obj}")
response = Response(f"No Treasure Map with identifier {hrac_obj}", status=404, headers=headers)
return response
@rest_app.route('/treasure_map/', methods=['POST'])
def receive_treasure_map():
"""
Okay, so we've received a TreasureMap to store. We begin verifying
the treasure map by first validating the request and the received
treasure map itself.
We set the datastore identifier as the HRAC.
"""
from nucypher.policy.maps import EncryptedTreasureMap
# Step 1: First, we verify the signature of the received treasure map.
# This step also deserializes the treasure map if it's signed correctly.
try:
received_treasure_map = EncryptedTreasureMap.from_bytes(request.data)
except EncryptedTreasureMap.InvalidSignature:
log.info(f"Bad TreasureMap HRAC Signature; not storing for HRAC {received_treasure_map.hrac}")
return Response("This TreasureMap's HRAC is not properly signed.", status=401)
hrac = received_treasure_map.hrac
# Step 2: Check if we already have the treasure map.
try:
with datastore.describe(TreasureMapModel, bytes(hrac).hex()) as stored_treasure_map:
if EncryptedTreasureMap.from_bytes(stored_treasure_map.treasure_map) == received_treasure_map:
return Response("Already have this map.", status=303)
except RecordNotFound:
# This appears to be a new treasure map that we don't have!
pass
# Step 3: If the node is decentralized, we check that the received
# treasure map is valid pursuant to an active policy.
# We also set the expiration from the data on the blockchain here.
if not this_node.federated_only:
policy = this_node.policy_agent.fetch_policy(policy_id=bytes(received_treasure_map.hrac))
# If the Policy doesn't exist, the policy_data is all zeros.
if policy.sponsor is NULL_ADDRESS:
log.info(f"TreasureMap is for non-existent Policy; not storing {hrac}")
return Response("The Policy for this TreasureMap doesn't exist.", status=409)
# Check that this treasure map is from Alice per the Policy.
if not received_treasure_map.verify_blockchain_signature(checksum_address=policy.owner):
log.info(f"Bad TreasureMap ID; not storing {hrac}")
return Response("This TreasureMap doesn't match a paid Policy.", status=402)
# Check that this treasure map is valid for the Policy datetime and that it's not disabled.
if policy.disabled or datetime.utcnow() >= datetime.utcfromtimestamp(policy.end_timestamp):
log.info(f"Received TreasureMap for an expired/disabled policy; not storing {hrac}")
return Response("This TreasureMap is for an expired/disabled policy.", status=403)
expiration_date = MayaDT.from_datetime(datetime.utcfromtimestamp(policy.end_timestamp))
else:
# If the node is federated, we also set the expiration for a week.
expiration_date = MayaDT.from_datetime(datetime.utcnow() + timedelta(days=7))
# Step 4: Finally, we store our treasure map under its identifier!
log.info(f"{this_node} storing TreasureMap {hrac}")
with datastore.describe(TreasureMapModel, bytes(hrac).hex(), writeable=True) as new_treasure_map:
new_treasure_map.treasure_map = bytes(received_treasure_map)
new_treasure_map.expiration = expiration_date
return Response("Treasure map stored!", status=201)
@rest_app.route("/ping", methods=['GET', 'POST'])
def ping():
"""

57
nucypher/network/treasuremap.py
View File

@ -14,65 +14,10 @@ GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with nucypher. If not, see <https://www.gnu.org/licenses/>.
"""
from random import shuffle
import maya
from nucypher.crypto.umbral_adapter import PublicKey
from nucypher.acumen.perception import FleetSensor
from nucypher.crypto.signing import InvalidSignature
from nucypher.network.exceptions import NodeSeemsToBeDown
from nucypher.crypto.umbral_adapter import PublicKey
from nucypher.network.nodes import Learner
from nucypher.policy.hrac import HRAC
from nucypher.policy.maps import TreasureMap, EncryptedTreasureMap
def get_treasure_map_from_known_ursulas(learner: Learner,
hrac: HRAC,
bob_encrypting_key: PublicKey,
timeout=3):
"""
Iterate through the nodes we know, asking for the TreasureMap.
Return the first one who has it.
"""
start = maya.now()
# Spend no more than half the timeout finding the nodes. 8 nodes is arbitrary. Come at me.
learner.block_until_number_of_known_nodes_is(8, timeout=timeout / 2, learn_on_this_thread=True)
while True:
nodes_with_map = find_matching_nodes(known_nodes=learner.known_nodes, bob_encrypting_key=bob_encrypting_key)
# TODO nodes_with_map can be large - what if treasure map not present in any of them? Without checking the
# timeout within the loop, this could take a long time.
shuffle(nodes_with_map)
for node in nodes_with_map:
try:
response = learner.network_middleware.get_treasure_map_from_node(node, hrac)
except (*NodeSeemsToBeDown, learner.NotEnoughNodes):
continue
except learner.network_middleware.NotFound:
learner.log.info(f"Node {node} claimed not to have TreasureMap {hrac}")
continue
except node.NotStaking:
# TODO this wasn't here before - check with myles
learner.log.info(f"Node {node} not staking")
continue
if response.status_code == 200 and response.content:
try:
treasure_map = EncryptedTreasureMap.from_bytes(response.content)
return treasure_map
except InvalidSignature:
# TODO: What if a node gives a bunk TreasureMap? NRN
raise
else:
continue # TODO: Actually, handle error case here. NRN
else:
learner.learn_from_teacher_node()
if (start - maya.now()).seconds > timeout:
raise TreasureMap.NowhereToBeFound(f"Asked {len(learner.known_nodes)} nodes, "
f"but none had map {hrac}")
def find_matching_nodes(known_nodes: FleetSensor,

10
nucypher/policy/orders.py
View File

@ -220,11 +220,11 @@ class WorkOrder:
"""
tasks_bytes = b''.join(bytes(item) for item in self.tasks.values())
result = bytes(self.receipt_signature) \
+ bytes(self.alice_verifying_key) \
+ bytes(self.publisher_verifying_key) \
+ bytes(self.bob.stamp) \
+ bytes(self.hrac) \
result = bytes(self.receipt_signature) \
+ bytes(self.alice_verifying_key) \
+ bytes(self.publisher_verifying_key) \
+ bytes(self.bob.stamp) \
+ bytes(self.hrac) \
+ bytes(VariableLengthBytestring(self.encrypted_kfrag)) \
+ tasks_bytes
return result

115
nucypher/policy/policies.py
View File

@ -16,19 +16,16 @@ along with nucypher. If not, see <https://www.gnu.org/licenses/>.
"""
import math
from abc import ABC, abstractmethod
from typing import Tuple, Sequence, Optional, Iterable, List, Dict, Type
from typing import Tuple, Sequence, Optional, Iterable, Dict, Type
import maya
from bytestring_splitter import BytestringSplitter, VariableLengthBytestring
from eth_typing.evm import ChecksumAddress
from twisted.internet import reactor
from nucypher.crypto.kits import RevocationKit
from nucypher.crypto.powers import TransactingPower, DecryptingPower
from nucypher.crypto.powers import TransactingPower
from nucypher.crypto.splitters import key_splitter
from nucypher.crypto.utils import keccak_digest
from nucypher.crypto.umbral_adapter import PublicKey, VerifiedKeyFrag, Signature
from nucypher.network.middleware import RestMiddleware
from nucypher.policy.hrac import HRAC
@ -39,7 +36,7 @@ from nucypher.policy.reservoir import (
PrefetchStrategy,
make_decentralized_staker_reservoir
)
from nucypher.utilities.concurrency import WorkerPool, AllAtOnceFactory
from nucypher.utilities.concurrency import WorkerPool
from nucypher.utilities.logging import Logger
@ -75,82 +72,6 @@ class Arrangement:
return f"Arrangement(publisher={self.publisher_verifying_key})"
class TreasureMapPublisher:
log = Logger('TreasureMapPublisher')
def __init__(self,
treasure_map_bytes: bytes,
nodes: Sequence['Ursula'],
network_middleware: RestMiddleware,
percent_to_complete_before_release: int = 5,
threadpool_size: int = 120,
timeout: float = 20):
self._total = len(nodes)
self._block_until_this_many_are_complete = math.ceil(len(nodes) * percent_to_complete_before_release / 100)
def put_treasure_map_on_node(node: 'Ursula'):
try:
response = network_middleware.put_treasure_map_on_node(node=node,
map_payload=treasure_map_bytes)
except Exception as e:
self.log.warn(f"Putting treasure map on {node} failed: {e}")
raise
# Received an HTTP response
if response.status_code != 201:
message = f"Putting treasure map on {node} failed with response status: {response.status}"
self.log.warn(message)
return response
self._worker_pool = WorkerPool(worker=put_treasure_map_on_node,
value_factory=AllAtOnceFactory(nodes),
target_successes=self._block_until_this_many_are_complete,
timeout=timeout,
stagger_timeout=0,
threadpool_size=threadpool_size)
@property
def completed(self):
# TODO: lock dict before copying?
return self._worker_pool.get_successes()
def start(self):
self.log.info(f"TreasureMapPublisher starting")
self._worker_pool.start()
if reactor.running:
reactor.callInThread(self.block_until_complete)
def block_until_success_is_reasonably_likely(self):
# Note: `OutOfValues`/`TimedOut` may be raised here, which means we didn't even get to
# `percent_to_complete_before_release` successes. For now just letting it fire.
self._worker_pool.block_until_target_successes()
completed = self.completed
self.log.debug(f"The minimal amount of nodes ({len(completed)}) were contacted "
"while blocking for treasure map publication.")
successes = self._worker_pool.get_successes()
responses = {ursula.checksum_address: status for ursula, status in successes.items()}
if not all(response.status_code == 201 for response in responses.values()):
report = "\n".join(f"{address}: {status}" for address, status in responses.items())
self.log.debug(f"Policy enactment failed. Request statuses:\n{report}")
# OK, let's check: if any Ursulas claimed we didn't pay,
# we need to re-evaluate our situation here.
claims_of_freeloading = any(response.status_code == 402 for response in responses.values())
if claims_of_freeloading:
raise Policy.Unpaid
# otherwise just raise a more generic error
raise Policy.EnactmentError(report)
return completed
def block_until_complete(self):
self._worker_pool.join()
class Policy(ABC):
"""
An edict by Alice, arranged with n Ursulas, to perform re-encryption for a specific Bob.
@ -339,27 +260,12 @@ class Policy(ABC):
return accepted_arrangements
def _make_publisher(self,
treasure_map: 'EncryptedTreasureMap',
network_middleware: RestMiddleware,
) -> TreasureMapPublisher:
# TODO (#2516): remove hardcoding of 8 nodes
self.publisher.block_until_number_of_known_nodes_is(8, timeout=2, learn_on_this_thread=True)
target_nodes = self.bob.matching_nodes_among(self.publisher.known_nodes)
treasure_map_bytes = bytes(treasure_map) # prevent holding of the reference
return TreasureMapPublisher(treasure_map_bytes=treasure_map_bytes,
nodes=target_nodes,
network_middleware=network_middleware)
def _encrypt_treasure_map(self, treasure_map):
return treasure_map.encrypt(self.publisher, self.bob)
def enact(self,
network_middleware: RestMiddleware,
handpicked_ursulas: Optional[Iterable['Ursula']] = None,
publish_treasure_map: bool = True,
) -> 'EnactedPolicy':
"""
Attempts to enact the policy, returns an `EnactedPolicy` object on success.
@ -384,9 +290,6 @@ class Policy(ABC):
enc_treasure_map = self._encrypt_treasure_map(treasure_map)
treasure_map_publisher = self._make_publisher(treasure_map=enc_treasure_map,
network_middleware=network_middleware)
# TODO: Signal revocation without using encrypted kfrag
revocation_kit = RevocationKit(treasure_map=treasure_map, signer=self.publisher.stamp)
@ -395,13 +298,9 @@ class Policy(ABC):
self.public_key,
treasure_map.threshold,
enc_treasure_map,
treasure_map_publisher,
revocation_kit,
self.publisher.stamp.as_umbral_pubkey())
if publish_treasure_map is True:
enacted_policy.publish_treasure_map()
return enacted_policy
@abstractmethod
@ -547,20 +446,14 @@ class EnactedPolicy:
public_key: PublicKey,
threshold: int,
treasure_map: 'EncryptedTreasureMap',
treasure_map_publisher: TreasureMapPublisher,
revocation_kit: RevocationKit,
publisher_verifying_key: PublicKey,
):
publisher_verifying_key: PublicKey):
self.hrac = hrac
self.label = label
self.public_key = public_key
self.treasure_map = treasure_map
self.treasure_map_publisher = treasure_map_publisher
self.revocation_kit = revocation_kit
self.threshold = threshold
self.shares = len(self.revocation_kit)
self.publisher_verifying_key = publisher_verifying_key
def publish_treasure_map(self):
self.treasure_map_publisher.start()

17
nucypher/utilities/concurrency.py
View File

@ -336,20 +336,3 @@ class WorkerPool:
break
self._result_queue.put(PRODUCER_STOPPED)
class AllAtOnceFactory:
"""
A simple value factory that returns all its values in a single batch.
"""
def __init__(self, values):
self.values = values
self._produced = False
def __call__(self, _successes):
if self._produced:
return None
else:
self._produced = True
return self.values

19
nucypher/utilities/porter/control/interfaces.py
View File

@ -46,16 +46,6 @@ class PorterInterface(ControlInterface):
}
return response_data
@attach_schema(porter_schema.AlicePublishTreasureMap)
def publish_treasure_map(self,
treasure_map: bytes,
bob_encrypting_key: bytes) -> dict:
bob_enc_key = PublicKey.from_bytes(bob_encrypting_key)
self.implementer.publish_treasure_map(treasure_map_bytes=treasure_map,
bob_encrypting_key=bob_enc_key)
response_data = {'published': True} # always True - if publish failed, an exception is raised by implementer
return response_data
@attach_schema(porter_schema.AliceRevoke)
def revoke(self) -> dict:
# Steps (analogous to nucypher.character.control.interfaces):
@ -67,15 +57,6 @@ class PorterInterface(ControlInterface):
#
# Bob Endpoints
#
@attach_schema(porter_schema.BobGetTreasureMap)
def get_treasure_map(self,
hrac: bytes,
bob_encrypting_key: bytes) -> dict:
bob_enc_key = PublicKey.from_bytes(bob_encrypting_key)
treasure_map = self.implementer.get_treasure_map(hrac=hrac,
bob_encrypting_key=bob_enc_key)
response_data = {'treasure_map': treasure_map}
return response_data
@attach_schema(porter_schema.BobExecWorkOrder)
def exec_work_order(self,

40
nucypher/utilities/porter/control/specifications/porter_schema.py
View File

@ -14,6 +14,8 @@
You should have received a copy of the GNU Affero General Public License
along with nucypher. If not, see <https://www.gnu.org/licenses/>.
"""
import click
from marshmallow import validates_schema
from marshmallow import fields as marshmallow_fields
@ -113,25 +115,6 @@ class AliceGetUrsulas(BaseSchema):
f"common entries {common_ursulas}")
class AlicePublishTreasureMap(BaseSchema):
treasure_map = character_fields.EncryptedTreasureMap(
required=True,
load_only=True,
click=click.option(
'--treasure-map',
'-t',
help="Treasure Map to publish",
type=click.STRING,
required=True))
bob_encrypting_key = character_fields.Key(
required=True,
load_only=True,
click=option_bob_encrypting_key())
# output
published = marshmallow_fields.Bool(dump_only=True)
class AliceRevoke(BaseSchema):
pass # TODO need to understand revoke process better
@ -139,25 +122,6 @@ class AliceRevoke(BaseSchema):
#
# Bob Endpoints
#
class BobGetTreasureMap(BaseSchema):
hrac = fields.HRAC(
required=True,
load_only=True,
click=click.option(
'--hrac',
'-h',
help="Policy HRAC as hex",
type=click.STRING,
required=True))
bob_encrypting_key = character_fields.Key(
required=True,
load_only=True,
click=option_bob_encrypting_key())
# output
# treasure map only used for serialization so no need to provide federated/non-federated context
treasure_map = character_fields.EncryptedTreasureMap(dump_only=True)
class BobExecWorkOrder(BaseSchema):
ursula = fields.UrsulaChecksumAddress(

36
nucypher/utilities/porter/porter.py
View File

@ -19,19 +19,15 @@ from typing import List, Optional, Sequence, NamedTuple
from constant_sorrow.constants import NO_CONTROL_PROTOCOL, NO_BLOCKCHAIN_CONNECTION
from eth_typing import ChecksumAddress
from flask import request, Response
from nucypher.crypto.umbral_adapter import PublicKey
from nucypher.blockchain.eth.agents import ContractAgency, StakingEscrowAgent
from nucypher.blockchain.eth.interfaces import BlockchainInterfaceFactory
from nucypher.blockchain.eth.registry import BaseContractRegistry, InMemoryContractRegistry
from nucypher.characters.lawful import Ursula
from nucypher.control.controllers import WebController, JSONRPCController
from nucypher.crypto.powers import DecryptingPower
from nucypher.crypto.umbral_adapter import PublicKey
from nucypher.network.nodes import Learner
from nucypher.network import treasuremap
from nucypher.policy.policies import TreasureMapPublisher
from nucypher.policy.reservoir import (
make_federated_staker_reservoir,
make_decentralized_staker_reservoir,
@ -110,24 +106,6 @@ the Pipe for nucypher network operations
self.make_cli_controller()
self.log.info(self.BANNER)
def get_treasure_map(self, hrac: bytes, bob_encrypting_key: PublicKey):
return treasuremap.get_treasure_map_from_known_ursulas(learner=self,
hrac=hrac,
bob_encrypting_key=bob_encrypting_key,
timeout=self.DEFAULT_EXECUTION_TIMEOUT)
def publish_treasure_map(self, treasure_map_bytes: bytes, bob_encrypting_key: PublicKey) -> None:
# TODO (#2516): remove hardcoding of 8 nodes
self.block_until_number_of_known_nodes_is(8, timeout=self.DEFAULT_EXECUTION_TIMEOUT, learn_on_this_thread=True)
target_nodes = treasuremap.find_matching_nodes(known_nodes=self.known_nodes,
bob_encrypting_key=bob_encrypting_key)
treasure_map_publisher = TreasureMapPublisher(treasure_map_bytes=treasure_map_bytes,
nodes=target_nodes,
network_middleware=self.network_middleware,
timeout=self.DEFAULT_EXECUTION_TIMEOUT)
treasure_map_publisher.start() # let's do this
treasure_map_publisher.block_until_success_is_reasonably_likely()
def get_ursulas(self,
quantity: int,
duration_periods: int = None, # optional for federated mode
@ -245,24 +223,12 @@ the Pipe for nucypher network operations
response = controller(method_name='get_ursulas', control_request=request)
return response
@porter_flask_control.route("/publish_treasure_map", methods=['POST'])
def publish_treasure_map() -> Response:
"""Porter control endpoint for publishing a treasure map on behalf of Alice."""
response = controller(method_name='publish_treasure_map', control_request=request)
return response
@porter_flask_control.route("/revoke", methods=['POST'])
def revoke():
"""Porter control endpoint for off-chain revocation of a policy on behalf of Alice."""
response = controller(method_name='revoke', control_request=request)
return response
@porter_flask_control.route('/get_treasure_map', methods=['GET'])
def get_treasure_map() -> Response:
"""Porter control endpoint for retrieving a treasure map on behalf of Bob."""
response = controller(method_name='get_treasure_map', control_request=request)
return response
@porter_flask_control.route("/exec_work_order", methods=['POST'])
def exec_work_order() -> Response:
"""Porter control endpoint for executing a PRE work order on behalf of Bob."""

12
tests/acceptance/characters/control/conftest.py
View File

@ -117,17 +117,6 @@ def grant_control_request(blockchain_bob):
return method_name, params
@pytest.fixture(scope='module')
def join_control_request(blockchain_alice, blockchain_bob, enacted_blockchain_policy):
method_name = 'join_policy'
params = {
'label': enacted_blockchain_policy.label.decode(),
'publisher_verifying_key': bytes(enacted_blockchain_policy.publisher_verifying_key).hex(),
}
return method_name, params
@pytest.fixture(scope='function')
def retrieve_control_request(blockchain_alice, blockchain_bob, enacted_blockchain_policy, capsule_side_channel_blockchain):
capsule_side_channel_blockchain.reset()
@ -139,6 +128,7 @@ def retrieve_control_request(blockchain_alice, blockchain_bob, enacted_blockchai
'policy_encrypting_key': bytes(enacted_blockchain_policy.public_key).hex(),
'alice_verifying_key': bytes(enacted_blockchain_policy.publisher_verifying_key).hex(),
'message_kit': b64encode(message_kit.to_bytes()).decode(),
'treasure_map': b64encode(bytes(enacted_blockchain_policy.treasure_map)).decode()
}
return method_name, params

36
tests/acceptance/characters/control/test_rpc_control_blockchain.py
View File

@ -14,41 +14,17 @@
You should have received a copy of the GNU Affero General Public License
along with nucypher. If not, see <https://www.gnu.org/licenses/>.
"""
import os
import pytest
from base64 import b64encode
import pytest
from nucypher.characters.control.interfaces import AliceInterface
from nucypher.characters.control.interfaces import BobInterface, EnricoInterface
from nucypher.crypto.constants import EIP712_MESSAGE_SIGNATURE_SIZE
from nucypher.crypto.powers import DecryptingPower
from nucypher.policy.maps import TreasureMap
from nucypher.characters.control.interfaces import EnricoInterface
from tests.utils.controllers import get_fields, validate_json_rpc_response_data
def test_bob_rpc_character_control_join_policy(bob_rpc_controller,
join_control_request,
blockchain_treasure_map,
enacted_blockchain_policy,
blockchain_bob,
blockchain_ursulas):
for ursula in blockchain_ursulas:
if ursula.checksum_address in blockchain_treasure_map.destinations:
# Simulate passing in a teacher-uri
blockchain_bob.remember_node(ursula)
break
else:
# Shouldn't happen
raise Exception("No known Ursulas present in the treasure map destinations")
method_name, params = join_control_request
request_data = {'method': method_name, 'params': params}
response = bob_rpc_controller.send(request_data)
assert validate_json_rpc_response_data(response=response,
method_name=method_name,
interface=BobInterface)
def test_enrico_rpc_character_control_encrypt_message(enrico_rpc_controller_test_client, encrypt_control_request):
method_name, params = encrypt_control_request
request_data = {'method': method_name, 'params': params}
@ -74,7 +50,7 @@ def test_bob_rpc_character_control_retrieve_with_tmap(
assert response.data['result']['cleartexts'][0] == 'Welcome to flippering number 1.'
# Make a wrong treasure map
enc_wrong_tmap = bytes(enacted_blockchain_policy.treasure_map)[:-1]
enc_wrong_tmap = bytes(enacted_blockchain_policy.treasure_map)[1:-1]
tmap_bytes = bytes(enc_wrong_tmap)
tmap_64 = b64encode(tmap_bytes).decode()

35
tests/acceptance/characters/control/test_web_control_blockchain.py
View File

@ -175,40 +175,6 @@ def test_alice_character_control_decrypt(alice_web_controller_test_client,
assert response.status_code == 405
def test_bob_character_control_join_policy(bob_web_controller_test_client,
blockchain_treasure_map,
enacted_blockchain_policy,
blockchain_alice,
blockchain_bob,
blockchain_ursulas):
request_data = {
'label': enacted_blockchain_policy.label.decode(),
'publisher_verifying_key': bytes(enacted_blockchain_policy.publisher_verifying_key).hex(),
}
for ursula in blockchain_ursulas:
if ursula.checksum_address in blockchain_treasure_map.destinations:
# Simulate passing in a teacher-uri
blockchain_bob.remember_node(ursula)
break
else:
# Shouldn't happen
raise Exception("No known Ursulas present in the treasure map destinations")
response = bob_web_controller_test_client.post('/join_policy', data=json.dumps(request_data))
assert b'{"result": {"policy_encrypting_key": "OK"}' in response.data # TODO
assert response.status_code == 200
# Send bad data to assert error returns
response = bob_web_controller_test_client.post('/join_policy', data=json.dumps({'bad': 'input'}))
assert response.status_code == 400
# Missing Key results in bad request
del (request_data['publisher_verifying_key'])
response = bob_web_controller_test_client.post('/join_policy', data=json.dumps(request_data))
assert response.status_code == 400
def test_bob_web_character_control_retrieve(bob_web_controller_test_client, retrieve_control_request):
method_name, params = retrieve_control_request
@ -340,6 +306,7 @@ def test_web_character_control_lifecycle(alice_web_controller_test_client,
'policy_encrypting_key': policy_pubkey_enc_hex,
'alice_verifying_key': alice_verifying_key_hex,
'message_kit': encoded_message_kit,
'treasure_map': alice_response_data['result']['treasure_map']
}
# Give bob a node to remember

39
tests/acceptance/characters/test_decentralized_grant.py
View File

@ -55,42 +55,3 @@ def test_decentralized_grant(blockchain_alice, blockchain_bob, blockchain_ursula
# TODO: try to decrypt?
# TODO: Use a new type for EncryptedKFrags?
assert isinstance(kfrag_kit, PolicyMessageKit)
def test_alice_sets_treasure_map_decentralized(enacted_blockchain_policy, blockchain_alice, blockchain_bob, blockchain_ursulas):
"""
Same as test_alice_sets_treasure_map except with a blockchain policy.
"""
treasure_map_hrac = enacted_blockchain_policy.treasure_map.hrac
found = 0
for node in blockchain_bob.matching_nodes_among(blockchain_alice.known_nodes):
with node.datastore.describe(DatastoreTreasureMap, bytes(treasure_map_hrac).hex()) as treasure_map_on_node:
assert EncryptedTreasureMap.from_bytes(treasure_map_on_node.treasure_map).hrac == enacted_blockchain_policy.hrac
found += 1
assert found
def test_bob_retrieves_treasure_map_from_decentralized_node(enacted_blockchain_policy, blockchain_alice, blockchain_bob):
"""
This is the same test as `test_bob_retrieves_the_treasure_map_and_decrypt_it`,
except with an `enacted_blockchain_policy`.
"""
bob = blockchain_bob
_previous_domain = bob.domain
bob.domain = None # Bob has no knowledge of the network.
with pytest.raises(bob.NotEnoughTeachers):
treasure_map_from_wire = bob.get_treasure_map(blockchain_alice.stamp.as_umbral_pubkey(),
enacted_blockchain_policy.label)
# Bob finds out about one Ursula (in the real world, a seed node, hardcoded based on his learning domain)
bob.done_seeding = False
bob.domain = _previous_domain
# ...and then learns about the rest of the network.
bob.learn_from_teacher_node(eager=True)
# Now he'll have better success finding that map.
treasure_map_from_wire = bob.get_treasure_map(blockchain_alice.stamp.as_umbral_pubkey(),
enacted_blockchain_policy.label)
assert enacted_blockchain_policy.treasure_map.hrac == treasure_map_from_wire.hrac

144
tests/acceptance/characters/test_freerider_attacks.py
View File

@ -17,49 +17,59 @@ along with nucypher. If not, see <https://www.gnu.org/licenses/>.
import datetime
import maya
import pytest
from nucypher.characters.lawful import Enrico, Ursula
from nucypher.characters.unlawful import Amonia
from nucypher.datastore.datastore import RecordNotFound
from nucypher.datastore.queries import find_policy_arrangements
from nucypher.network.middleware import RestMiddleware
from nucypher.policy.policies import Policy
def test_policy_simple_sinpa(blockchain_ursulas, blockchain_alice, blockchain_bob, agency, testerchain):
def test_policy_simple_sinpa(blockchain_ursulas,
blockchain_alice,
blockchain_bob,
agency,
testerchain):
"""
Making a Policy without paying.
"""
amonia = Amonia.from_lawful_alice(blockchain_alice)
# Setup the policy details
shares = 3
policy_end_datetime = maya.now() + datetime.timedelta(days=35)
label = b"this_is_the_path_to_which_access_is_being_granted"
with pytest.raises(Policy.Unpaid):
_bupkiss_policy = amonia.grant_without_paying(bob=blockchain_bob,
label=label,
threshold=2,
shares=shares,
rate=int(1e18), # one ether
expiration=policy_end_datetime)
bupkiss_policy = amonia.grant_without_paying(bob=blockchain_bob,
label=label,
threshold=2,
shares=shares,
rate=int(1e18), # one ether
expiration=policy_end_datetime)
# Enrico becomes
enrico = Enrico(policy_encrypting_key=bupkiss_policy.public_key)
plaintext = b"A crafty campaign"
message_kit, _signature = enrico.encrypt_message(plaintext)
with pytest.raises(Ursula.NotEnoughUrsulas): # Return a more descriptive request error?
blockchain_bob.retrieve(message_kit,
enrico=enrico,
alice_verifying_key=amonia.stamp,
label=bupkiss_policy.label,
retain_cfrags=True,
encrypted_treasure_map=bupkiss_policy.treasure_map)
for ursula in blockchain_ursulas:
# Reset the Ursula for the next test.
ursula.suspicious_activities_witnessed['freeriders'] = []
# TODO: Show that there is no KFrag available to Bob
# try:
# with ursula.datastore.query_by(PolicyArrangement, writeable=True) as arrangements:
# [arrangement.delete() for arrangement in arrangements]
# except RecordNotFound:
# # No records were found; this Ursula didn't have the arrangement.
# continue
def test_try_to_post_free_arrangement_by_hacking_enact(blockchain_ursulas, blockchain_alice, blockchain_bob, agency,
def test_try_to_post_free_arrangement_by_hacking_enact(blockchain_ursulas,
blockchain_alice,
blockchain_bob,
agency,
testerchain):
"""
This time we won't rely on the tabulation in Alice's enact() to catch the problem.
@ -75,32 +85,25 @@ def test_try_to_post_free_arrangement_by_hacking_enact(blockchain_ursulas, block
threshold=2,
shares=shares,
rate=int(1e18), # one ether
expiration=policy_end_datetime,
publish_treasure_map=False)
expiration=policy_end_datetime)
for ursula in blockchain_ursulas:
# Even though the grant executed without error...
try:
with find_policy_arrangements(ursula.datastore) as all_arrangements:
arrangement = all_arrangements[0] # ...and Ursula did save the Arrangement after considering it...
with pytest.raises(AttributeError):
should_error = arrangement.kfrag # ...Ursula did *not* save a KFrag and will not service this Policy.
# Enrico becomes
enrico = Enrico(policy_encrypting_key=bupkiss_policy.public_key)
plaintext = b"A crafty campaign"
message_kit, _signature = enrico.encrypt_message(plaintext)
# Additionally, Ursula logged Amonia as a freerider:
freeriders = ursula.suspicious_activities_witnessed['freeriders']
assert len(freeriders) == 1
assert freeriders[0][0] == amonia
# Reset the Ursula for the next test.
ursula.suspicious_activities_witnessed['freeriders'] = []
for arrangement in all_arrangements:
arrangement.delete()
except RecordNotFound:
# No records were found; this Ursula didn't have the arrangement.
continue
with pytest.raises(Ursula.NotEnoughUrsulas): # Return a more descriptive request error?
blockchain_bob.retrieve(message_kit,
enrico=enrico,
alice_verifying_key=amonia.stamp,
label=bupkiss_policy.label,
retain_cfrags=True,
encrypted_treasure_map=bupkiss_policy.treasure_map)
def test_pay_a_flunky_instead_of_the_arranged_ursula(blockchain_alice, blockchain_bob, blockchain_ursulas,
def test_pay_a_flunky_instead_of_the_arranged_ursula(blockchain_alice,
blockchain_bob,
blockchain_ursulas,
ursula_decentralized_test_config,
testerchain):
amonia = Amonia.from_lawful_alice(blockchain_alice)
@ -119,48 +122,17 @@ def test_pay_a_flunky_instead_of_the_arranged_ursula(blockchain_alice, blockchai
threshold=2,
shares=shares,
rate=int(1e18), # one ether
expiration=policy_end_datetime,
publish_treasure_map=False)
expiration=policy_end_datetime)
# Same exact set of assertions as the last test:
for ursula in blockchain_ursulas:
# Even though the grant executed without error...
try:
with find_policy_arrangements(ursula.datastore) as all_arrangements:
arrangement = all_arrangements[0] # ...and Ursula did save the Arrangement after considering it...
with pytest.raises(AttributeError):
should_error = arrangement.kfrag # ...Ursula did *not* save a KFrag and will not service this Policy.
# Enrico becomes
enrico = Enrico(policy_encrypting_key=bupkiss_policy.public_key)
plaintext = b"A crafty campaign"
message_kit, _signature = enrico.encrypt_message(plaintext)
# Additionally, Ursula logged Amonia as a freerider:
freeriders = ursula.suspicious_activities_witnessed['freeriders']
assert len(freeriders) == 1
assert freeriders[0][0] == amonia
# Reset the Ursula for the next test.
ursula.suspicious_activities_witnessed['freeriders'] = []
for arrangement in all_arrangements:
arrangement.delete()
except RecordNotFound:
# No records were found; this Ursula didn't have the arrangement.
continue
def test_put_additional_treasure_map_on_network(blockchain_ursulas, blockchain_alice, blockchain_bob, agency, testerchain):
amonia = Amonia.from_lawful_alice(blockchain_alice)
# Setup the policy details
shares = 3
policy_end_datetime = maya.now() + datetime.timedelta(days=35)
label = b"this_is_another_path_to_which_access_is_being_granted"
policy = amonia.grant(bob=blockchain_bob,
label=label,
threshold=2,
shares=shares,
rate=int(1e18), # one ether
expiration=policy_end_datetime)
sucker = blockchain_ursulas[0]
# This should 409 because Ursula won't be able to find an HRAC on-chain
# with the modified HRAC.
response = amonia.use_ursula_as_an_involuntary_and_unbeknownst_cdn(policy, blockchain_bob, sucker_ursula=blockchain_ursulas[0])
assert response.status_code == 402
with pytest.raises(RestMiddleware.PaymentRequired):
blockchain_bob.retrieve(message_kit,
enrico=enrico,
alice_verifying_key=amonia.stamp,
label=bupkiss_policy.label,
retain_cfrags=True,
encrypted_treasure_map=bupkiss_policy.treasure_map)

1
tests/acceptance/characters/test_transacting_power_acceptance.py
View File

@ -15,6 +15,7 @@ You should have received a copy of the GNU Affero General Public License
along with nucypher. If not, see <https://www.gnu.org/licenses/>.
"""
from eth_account._utils.legacy_transactions import Transaction
from eth_utils import to_checksum_address

2
tests/acceptance/characters/test_ursula_prepares_to_act_as_worker.py
View File

@ -155,9 +155,9 @@ def test_blockchain_ursulas_reencrypt(blockchain_ursulas, blockchain_alice, bloc
message_kit, signature = enrico.encrypt_message(message)
blockchain_bob.start_learning_loop(now=True)
blockchain_bob.join_policy(label, blockchain_alice.stamp.as_umbral_pubkey())
plaintext = blockchain_bob.retrieve(message_kit,
encrypted_treasure_map=_policy.treasure_map,
alice_verifying_key=blockchain_alice.stamp.as_umbral_pubkey(),
label=label,
enrico=enrico)

15
tests/acceptance/cli/lifecycle.py
View File

@ -34,6 +34,7 @@ from nucypher.config.characters import AliceConfiguration, BobConfiguration
from nucypher.config.constants import NUCYPHER_ENVVAR_KEYSTORE_PASSWORD, TEMPORARY_DOMAIN, \
NUCYPHER_ENVVAR_ALICE_ETH_PASSWORD, NUCYPHER_ENVVAR_BOB_ETH_PASSWORD
from nucypher.crypto.kits import UmbralMessageKit
from nucypher.policy.maps import EncryptedTreasureMap
from nucypher.utilities.logging import GlobalLoggerSettings
from tests.constants import INSECURE_DEVELOPMENT_PASSWORD, TEST_PROVIDER_URI
@ -53,6 +54,7 @@ class MockSideChannel:
def __init__(self):
self.__message_kits = []
self.__policies = []
self.__treasure_map = []
self.__alice_public_keys = []
self.__bob_public_keys = []
@ -88,6 +90,13 @@ class MockSideChannel:
policy = self.__bob_public_keys.pop()
return policy
def save_treasure_map(self, treasure_map: EncryptedTreasureMap):
self.__treasure_map.append(treasure_map)
def fetch_treasure_map(self) -> EncryptedTreasureMap:
tmap = self.__treasure_map.pop()
return tmap
def run_entire_cli_lifecycle(click_runner,
random_policy_label,
@ -329,9 +338,8 @@ def run_entire_cli_lifecycle(click_runner,
grant_result = json.loads(grant_result.output)
# TODO: Expand test to consider manual treasure map handing
# # Alice puts the Treasure Map somewhere Bob can get it.
# side_channel.save_treasure_map(treasure_map=grant_result['result']['treasure_map'])
# Alice puts the Treasure Map somewhere Bob can get it.
side_channel.save_treasure_map(treasure_map=grant_result['result']['treasure_map'])
return grant_result
@ -355,6 +363,7 @@ def run_entire_cli_lifecycle(click_runner,
'--config-file', str(bob_configuration_file_location.absolute()),
'--message-kit', ciphertext_message_kit,
'--label', label,
'--treasure-map', side_channel.fetch_treasure_map(),
'--policy-encrypting-key', policy_encrypting_key,
'--alice-verifying-key', alice_signing_key)

4
tests/acceptance/cli/ursula/test_stakeholder_and_ursula.py
View File

@ -627,7 +627,6 @@ def test_collect_rewards_integration(click_runner,
# Bob learns about the new staker and joins the policy
blockchain_bob.start_learning_loop()
blockchain_bob.remember_node(node=ursula)
blockchain_bob.join_policy(random_policy_label, bytes(blockchain_alice.stamp))
# Enrico Encrypts (of course)
enrico = Enrico(policy_encrypting_key=blockchain_policy.public_key,
@ -647,7 +646,8 @@ def test_collect_rewards_integration(click_runner,
cleartexts = blockchain_bob.retrieve(ciphertext,
enrico=enrico,
alice_verifying_key=verifying_key,
label=random_policy_label)
label=random_policy_label,
encrypted_treasure_map=blockchain_policy.treasure_map)
assert random_data == cleartexts[0]
# Ursula Staying online and the clock advancing

40
tests/acceptance/network/test_network_actors.py
View File

@ -151,43 +151,3 @@ def test_alice_refuses_to_make_arrangement_unless_ursula_is_valid(blockchain_ali
with pytest.raises(vladimir.InvalidNode):
idle_blockchain_policy._propose_arrangement(address=vladimir.checksum_address,
network_middleware=blockchain_alice.network_middleware)
# FIXME: This test needs a descriptive name (was using a duplicated name)
def test_treasure_map_cannot_be_duplicated_again(blockchain_ursulas,
blockchain_alice,
blockchain_bob,
agency):
# Setup the policy details
shares = 3
policy_end_datetime = maya.now() + datetime.timedelta(days=35)
label = b"this_is_the_path_to_which_access_is_being_granted"
# Create the Policy, Granting access to Bob
policy = blockchain_alice.grant(bob=blockchain_bob,
label=label,
threshold=2,
shares=shares,
rate=int(1e18), # one ether
expiration=policy_end_datetime)
matching_ursulas = blockchain_bob.matching_nodes_among(blockchain_ursulas)
completed_ursulas = policy.treasure_map_publisher.block_until_success_is_reasonably_likely()
# Ursulas in `treasure_map_publisher` are not real Ursulas, but just some metadata of remote ones.
# We need a real one to access its datastore.
first_completed_ursula = [ursula for ursula in matching_ursulas if ursula in completed_ursulas][0]
with first_completed_ursula.datastore.describe(EncryptedTreasureMap, bytes(policy.treasure_map.hrac).hex()) as saved_map_record:
assert saved_map_record.treasure_map == bytes(policy.treasure_map)
# This Ursula was actually a Vladimir.
# Thus, he has access to the (encrypted) TreasureMap and can use its details to
# try to store his own fake details.
vladimir = Vladimir.from_target_ursula(first_completed_ursula)
ursulas_who_probably_do_not_have_the_map = [u for u in blockchain_ursulas if not u in matching_ursulas]
node_on_which_to_store_bad_map = ursulas_who_probably_do_not_have_the_map[0]
# with pytest.raises(vladimir.network_middleware.UnexpectedResponse) as e:
response = vladimir.publish_fraudulent_treasure_map(legit_treasure_map=policy.treasure_map,
target_node=node_on_which_to_store_bad_map)
assert response.status_code == 402 # Payment required

47
tests/acceptance/porter/control/test_porter_rpc_control_blockchain.py
View File

@ -81,50 +81,6 @@ def test_get_ursulas(blockchain_porter_rpc_controller, blockchain_ursulas):
blockchain_porter_rpc_controller.send(request_data)
def test_publish_and_get_treasure_map(blockchain_porter_rpc_controller,
blockchain_alice,
blockchain_bob,
idle_blockchain_policy):
# ensure that random treasure map cannot be obtained since not available
with pytest.raises(TreasureMap.NowhereToBeFound):
random_bob_encrypting_key = PublicKey.from_bytes(
bytes.fromhex("026d1f4ce5b2474e0dae499d6737a8d987ed3c9ab1a55e00f57ad2d8e81fe9e9ac"))
random_hrac = "93a9482bdf3b4f2e9df906a35144ca84"
assert len(bytes.fromhex(random_hrac)) == HRAC.SIZE
get_treasure_map_params = {
'hrac': random_hrac,
'bob_encrypting_key': bytes(random_bob_encrypting_key).hex()
}
request_data = {'method': 'get_treasure_map', 'params': get_treasure_map_params}
blockchain_porter_rpc_controller.send(request_data)
blockchain_bob_encrypting_key = blockchain_bob.public_keys(DecryptingPower)
# try publishing a new policy
network_middleware = MockRestMiddleware()
enacted_policy = idle_blockchain_policy.enact(network_middleware=network_middleware,
publish_treasure_map=False) # enact but don't publish
treasure_map = enacted_policy.treasure_map
publish_treasure_map_params = {
'treasure_map': b64encode(bytes(treasure_map)).decode(),
'bob_encrypting_key': bytes(blockchain_bob_encrypting_key).hex()
}
request_data = {'method': 'publish_treasure_map', 'params': publish_treasure_map_params}
response = blockchain_porter_rpc_controller.send(request_data)
assert response.success
# try getting the recently published treasure map
hrac = blockchain_bob.construct_policy_hrac(blockchain_alice.stamp.as_umbral_pubkey(),
enacted_policy.label)
get_treasure_map_params = {
'hrac': bytes(hrac).hex(),
'bob_encrypting_key': bytes(blockchain_bob_encrypting_key).hex()
}
request_data = {'method': 'get_treasure_map', 'params': get_treasure_map_params}
response = blockchain_porter_rpc_controller.send(request_data)
assert response.success
assert response.content['treasure_map'] == b64encode(bytes(treasure_map)).decode()
def test_exec_work_order(blockchain_porter_rpc_controller,
random_blockchain_policy,
blockchain_ursulas,
@ -135,8 +91,7 @@ def test_exec_work_order(blockchain_porter_rpc_controller,
# Setup
network_middleware = MockRestMiddleware()
# enact new random policy since idle_blockchain_policy/enacted_blockchain_policy already modified in previous tests
enacted_policy = random_blockchain_policy.enact(network_middleware=network_middleware,
publish_treasure_map=False) # enact but don't publish
enacted_policy = random_blockchain_policy.enact(network_middleware=network_middleware)
ursula_address, work_order = work_order_setup(enacted_policy,
blockchain_ursulas,
blockchain_bob,

67
tests/acceptance/porter/control/test_porter_web_control_blockchain.py
View File

@ -90,70 +90,6 @@ def test_get_ursulas(blockchain_porter_web_controller, blockchain_ursulas):
blockchain_porter_web_controller.get('/get_ursulas', data=json.dumps(failed_ursula_params))
def test_publish_and_get_treasure_map(blockchain_porter_web_controller,
blockchain_alice,
blockchain_bob,
idle_blockchain_policy):
# Send bad data to assert error return
response = blockchain_porter_web_controller.get('/get_treasure_map', data=json.dumps({'bad': 'input'}))
assert response.status_code == 400
response = blockchain_porter_web_controller.post('/publish_treasure_map', data=json.dumps({'bad': 'input'}))
assert response.status_code == 400
# ensure that random treasure map cannot be obtained since not available
with pytest.raises(TreasureMap.NowhereToBeFound):
random_bob_encrypting_key = PublicKey.from_bytes(
bytes.fromhex("026d1f4ce5b2474e0dae499d6737a8d987ed3c9ab1a55e00f57ad2d8e81fe9e9ac"))
random_hrac = "93a9482bdf3b4f2e9df906a35144ca84"
assert len(bytes.fromhex(random_hrac)) == HRAC.SIZE
get_treasure_map_params = {
'hrac': random_hrac,
'bob_encrypting_key': bytes(random_bob_encrypting_key).hex()
}
blockchain_porter_web_controller.get('/get_treasure_map',
data=json.dumps(get_treasure_map_params))
blockchain_bob_encrypting_key = blockchain_bob.public_keys(DecryptingPower)
# try publishing a new policy
network_middleware = MockRestMiddleware()
enacted_policy = idle_blockchain_policy.enact(network_middleware=network_middleware,
publish_treasure_map=False) # enact but don't publish
treasure_map = enacted_policy.treasure_map
publish_treasure_map_params = {
'treasure_map': b64encode(bytes(treasure_map)).decode(),
'bob_encrypting_key': bytes(blockchain_bob_encrypting_key).hex()
}
# this query string is long (~6840 characters), but still seems to work ...
# json data payload is tested in federated tests
response = blockchain_porter_web_controller.post(f'/publish_treasure_map'
f'?{urlencode(publish_treasure_map_params)}')
assert response.status_code == 200
response_data = json.loads(response.data)
assert response_data['result']['published']
# try getting the recently published treasure map
hrac = blockchain_bob.construct_policy_hrac(blockchain_alice.stamp.as_umbral_pubkey(),
enacted_policy.label)
get_treasure_map_params = {
'hrac': bytes(hrac).hex(),
'bob_encrypting_key': bytes(blockchain_bob_encrypting_key).hex()
}
response = blockchain_porter_web_controller.get('/get_treasure_map',
data=json.dumps(get_treasure_map_params))
assert response.status_code == 200
response_data = json.loads(response.data)
assert response_data['result']['treasure_map'] == b64encode(bytes(treasure_map)).decode()
# try getting recently published treasure map using query parameters
response = blockchain_porter_web_controller.get(f'/get_treasure_map'
f'?{urlencode(get_treasure_map_params)}')
assert response.status_code == 200
response_data = json.loads(response.data)
assert response_data['result']['treasure_map'] == b64encode(bytes(treasure_map)).decode()
def test_exec_work_order(blockchain_porter_web_controller,
random_blockchain_policy,
blockchain_ursulas,
@ -167,8 +103,7 @@ def test_exec_work_order(blockchain_porter_web_controller,
# Setup
network_middleware = MockRestMiddleware()
# enact new random policy since idle_blockchain_policy/enacted_blockchain_policy already modified in previous tests
enacted_policy = random_blockchain_policy.enact(network_middleware=network_middleware,
publish_treasure_map=False) # enact but don't publish
enacted_policy = random_blockchain_policy.enact(network_middleware=network_middleware)
ursula_address, work_order = work_order_setup(enacted_policy,
blockchain_ursulas,
blockchain_bob,

38
tests/acceptance/porter/test_decentralized_porter.py
View File

@ -15,12 +15,7 @@
along with nucypher. If not, see <https://www.gnu.org/licenses/>.
"""
import pytest
from nucypher.crypto.umbral_adapter import PublicKey
from nucypher.crypto.powers import DecryptingPower
from nucypher.policy.hrac import HRAC
from nucypher.policy.maps import TreasureMap
from tests.utils.middleware import MockRestMiddleware
from tests.utils.policy import work_order_setup
@ -73,36 +68,6 @@ def test_get_ursulas(blockchain_porter, blockchain_ursulas):
assert address not in returned_ursula_addresses
def test_publish_and_get_treasure_map(blockchain_porter,
blockchain_alice,
blockchain_bob,
idle_blockchain_policy):
# ensure that random treasure map cannot be obtained since not available
with pytest.raises(TreasureMap.NowhereToBeFound):
random_bob_encrypting_key = PublicKey.from_bytes(
bytes.fromhex("026d1f4ce5b2474e0dae499d6737a8d987ed3c9ab1a55e00f57ad2d8e81fe9e9ac"))
random_hrac = bytes.fromhex("93a9482bdf3b4f2e9df906a35144ca84")
assert len(random_hrac) == HRAC.SIZE
blockchain_porter.get_treasure_map(hrac=random_hrac,
bob_encrypting_key=random_bob_encrypting_key)
blockchain_bob_encrypting_key = blockchain_bob.public_keys(DecryptingPower)
# try publishing a new policy
network_middleware = MockRestMiddleware()
enacted_policy = idle_blockchain_policy.enact(network_middleware=network_middleware,
publish_treasure_map=False) # enact but don't publish
treasure_map = enacted_policy.treasure_map
blockchain_porter.publish_treasure_map(bytes(treasure_map), blockchain_bob_encrypting_key)
# try getting the recently published treasure map
hrac = blockchain_bob.construct_policy_hrac(blockchain_alice.stamp.as_umbral_pubkey(),
enacted_policy.label)
retrieved_treasure_map = blockchain_porter.get_treasure_map(hrac=hrac,
bob_encrypting_key=blockchain_bob_encrypting_key)
assert retrieved_treasure_map.hrac == treasure_map.hrac
def test_exec_work_order(blockchain_porter,
random_blockchain_policy,
blockchain_ursulas,
@ -111,8 +76,7 @@ def test_exec_work_order(blockchain_porter,
# Setup
network_middleware = MockRestMiddleware()
# enact new random policy since idle_blockchain_policy/enacted_blockchain_policy already modified in previous tests
enacted_policy = random_blockchain_policy.enact(network_middleware=network_middleware,
publish_treasure_map=False) # enact but don't publish
enacted_policy = random_blockchain_policy.enact(network_middleware=network_middleware) # enact but don't publish
ursula_address, work_order = work_order_setup(enacted_policy,
blockchain_ursulas,
blockchain_bob,

75
tests/acceptance/porter/test_publish_treasure_map_schema_non_federated_context.py
View File

@ -1,75 +0,0 @@
"""
This file is part of nucypher.
nucypher is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
nucypher is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with nucypher. If not, see <https://www.gnu.org/licenses/>.
"""
from base64 import b64encode
import pytest
from nucypher.control.specifications.exceptions import InvalidInputData
from nucypher.crypto.powers import DecryptingPower
from nucypher.utilities.porter.control.specifications.porter_schema import AlicePublishTreasureMap
def test_alice_publish_treasure_map_schema_blockchain_context(enacted_blockchain_policy, blockchain_bob):
alice_publish_treasure_map_schema = AlicePublishTreasureMap() # default is decentralized
run_publish_treasuremap_schema_tests(alice_publish_treasure_map_schema=alice_publish_treasure_map_schema,
enacted_blockchain_policy=enacted_blockchain_policy,
blockchain_bob=blockchain_bob)
def run_publish_treasuremap_schema_tests(alice_publish_treasure_map_schema, enacted_blockchain_policy, blockchain_bob):
# no args
with pytest.raises(InvalidInputData):
alice_publish_treasure_map_schema.load({})
treasure_map_b64 = b64encode(bytes(enacted_blockchain_policy.treasure_map)).decode()
bob_encrypting_key = blockchain_bob.public_keys(DecryptingPower)
bob_encrypting_key_hex = bytes(bob_encrypting_key).hex()
required_data = {
'treasure_map': treasure_map_b64,
'bob_encrypting_key': bob_encrypting_key_hex
}
# required args
alice_publish_treasure_map_schema.load(required_data)
# missing required args
updated_data = {k: v for k, v in required_data.items() if k != 'treasure_map'}
with pytest.raises(InvalidInputData):
alice_publish_treasure_map_schema.load(updated_data)
updated_data = {k: v for k, v in required_data.items() if k != 'bob_encrypting_key'}
with pytest.raises(InvalidInputData):
alice_publish_treasure_map_schema.load(updated_data)
# invalid treasure map
updated_data = dict(required_data)
updated_data['treasure_map'] = b64encode(b"testing").decode()
with pytest.raises(InvalidInputData):
alice_publish_treasure_map_schema.load(updated_data)
# invalid encrypting key
updated_data = dict(required_data)
updated_data['bob_encrypting_key'] = b'123456'.hex()
with pytest.raises(InvalidInputData):
alice_publish_treasure_map_schema.load(updated_data)
# Test Output - test only true since there is no false ever returned
response_data = {'published': True}
output = alice_publish_treasure_map_schema.dump(obj=response_data)
assert output == response_data

19
tests/acceptance/utilities/test_concurrency.py
View File

@ -21,7 +21,24 @@ from typing import Iterable, Tuple, List, Callable
import pytest
from nucypher.utilities.concurrency import WorkerPool, AllAtOnceFactory
from nucypher.utilities.concurrency import WorkerPool
class AllAtOnceFactory:
"""
A simple value factory that returns all its values in a single batch.
"""
def __init__(self, values):
self.values = values
self._produced = False
def __call__(self, _successes):
if self._produced:
return None
else:
self._produced = True
return self.values
@pytest.fixture(scope='function')

3
tests/fixtures.py
View File

@ -239,8 +239,6 @@ def enacted_federated_policy(idle_federated_policy, federated_ursulas):
# REST call happens here, as does population of TreasureMap.
enacted_policy = idle_federated_policy.enact(network_middleware=network_middleware,
handpicked_ursulas=federated_ursulas)
enacted_policy.treasure_map_publisher.block_until_complete()
return enacted_policy
@ -287,7 +285,6 @@ def enacted_blockchain_policy(idle_blockchain_policy, blockchain_ursulas):
# REST call happens here, as does population of TreasureMap.
enacted_policy = idle_blockchain_policy.enact(network_middleware=network_middleware,
handpicked_ursulas=list(blockchain_ursulas))
enacted_policy.treasure_map_publisher.block_until_complete()
return enacted_policy

12
tests/integration/characters/control/conftest.py
View File

@ -115,17 +115,6 @@ def grant_control_request(federated_bob):
return method_name, params
@pytest.fixture(scope='module')
def join_control_request(federated_bob, enacted_federated_policy):
method_name = 'join_policy'
params = {
'label': enacted_federated_policy.label.decode(),
'publisher_verifying_key': bytes(enacted_federated_policy.publisher_verifying_key).hex(),
}
return method_name, params
@pytest.fixture(scope='module')
def retrieve_control_request(federated_bob, enacted_federated_policy, capsule_side_channel):
method_name = 'retrieve'
@ -136,6 +125,7 @@ def retrieve_control_request(federated_bob, enacted_federated_policy, capsule_si
'policy_encrypting_key': bytes(enacted_federated_policy.public_key).hex(),
'alice_verifying_key': bytes(enacted_federated_policy.publisher_verifying_key).hex(),
'message_kit': b64encode(message_kit.to_bytes()).decode(),
'treasure_map': b64encode(bytes(enacted_federated_policy.treasure_map)).decode()
}
return method_name, params

23
tests/integration/characters/control/test_rpc_control_federated.py
View File

@ -15,6 +15,7 @@
along with nucypher. If not, see <https://www.gnu.org/licenses/>.
"""
import pytest
from nucypher.characters.control.interfaces import BobInterface
@ -72,28 +73,6 @@ def test_alice_rpc_character_control_grant(alice_rpc_test_client, grant_control_
assert 'jsonrpc' in response.data
def test_bob_rpc_character_control_join_policy(bob_rpc_controller,
join_control_request,
federated_treasure_map,
enacted_federated_policy,
federated_bob,
federated_ursulas):
for ursula in federated_ursulas:
if ursula.checksum_address in federated_treasure_map.destinations:
# Simulate passing in a teacher-uri
federated_bob.remember_node(ursula)
break
else:
# Shouldn't happen
raise Exception("No known Ursulas present in the treasure map destinations")
method_name, params = join_control_request
request_data = {'method': method_name, 'params': params}
response = bob_rpc_controller.send(request_data)
assert 'jsonrpc' in response.data
def test_enrico_rpc_character_control_encrypt_message(enrico_rpc_controller_test_client, encrypt_control_request):
method_name, params = encrypt_control_request
request_data = {'method': method_name, 'params': params}

34
tests/integration/characters/control/test_web_control_federated.py
View File

@ -169,39 +169,6 @@ def test_alice_character_control_decrypt(alice_web_controller_test_client,
assert response.status_code == 405
def test_bob_character_control_join_policy(bob_web_controller_test_client,
federated_bob,
federated_ursulas,
federated_treasure_map,
enacted_federated_policy):
request_data = {
'label': enacted_federated_policy.label.decode(),
'publisher_verifying_key': bytes(enacted_federated_policy.publisher_verifying_key).hex(),
}
for ursula in federated_ursulas:
if ursula.checksum_address in federated_treasure_map.destinations:
# Simulate passing in a teacher-uri
federated_bob.remember_node(ursula)
break
else:
# Shouldn't happen
raise Exception("No known Ursulas present in the treasure map destinations")
response = bob_web_controller_test_client.post('/join_policy', data=json.dumps(request_data))
assert b'{"result": {"policy_encrypting_key": "OK"}' in response.data # TODO
assert response.status_code == 200
# Send bad data to assert error returns
response = bob_web_controller_test_client.post('/join_policy', data=json.dumps({'bad': 'input'}))
assert response.status_code == 400
# Missing Key results in bad request
del(request_data['publisher_verifying_key'])
response = bob_web_controller_test_client.post('/join_policy', data=json.dumps(request_data))
assert response.status_code == 400
def test_bob_web_character_control_retrieve(bob_web_controller_test_client, retrieve_control_request):
method_name, params = retrieve_control_request
endpoint = f'/{method_name}'
@ -335,6 +302,7 @@ def test_web_character_control_lifecycle(alice_web_controller_test_client,
'policy_encrypting_key': policy_pubkey_enc_hex,
'alice_verifying_key': alice_verifying_key_hex,
'message_kit': encoded_message_kit,
'treasure_map': alice_response_data['result']['treasure_map']
}
# Give bob a node to remember

60
tests/integration/characters/test_bob_handles_frags.py
View File

@ -58,8 +58,8 @@ def test_bob_already_knows_all_nodes_in_treasure_map(enacted_federated_policy,
federated_bob.remember_node(ursula)
# Now, Bob can get the TreasureMap all by himself, and doesn't need a side channel.
the_map = federated_bob.get_treasure_map(publisher_verifying_key=federated_alice.stamp.as_umbral_pubkey(),
label=enacted_federated_policy.label)
the_map = federated_bob._decrypt_treasure_map(enacted_federated_policy.treasure_map,
publisher_verifying_key=federated_alice.stamp)
unknown, known = federated_bob.peek_at_treasure_map(treasure_map=the_map)
# He finds that he didn't need to discover any new nodes...
@ -383,17 +383,18 @@ def test_federated_bob_retrieves_a_single_message(federated_bob,
delivered_cleartexts = federated_bob.retrieve(the_message_kit,
enrico=capsule_side_channel.enrico,
alice_verifying_key=alices_verifying_key,
label=enacted_federated_policy.label)
label=enacted_federated_policy.label,
encrypted_treasure_map=enacted_federated_policy.treasure_map)
# We show that indeed this is the passage originally encrypted by the Enrico.
assert b"Welcome to flippering number 1." == delivered_cleartexts[0]
def test_federated_bob_retrieves_multiple_messages_from_same_enrico(federated_bob,
federated_alice,
capsule_side_channel,
enacted_federated_policy,
):
federated_alice,
capsule_side_channel,
enacted_federated_policy,
):
# The side channel delivers all that Bob needs at this point:
# - A single MessageKit, containing a Capsule
# - A representation of the data source
@ -406,7 +407,8 @@ def test_federated_bob_retrieves_multiple_messages_from_same_enrico(federated_bo
delivered_cleartexts = federated_bob.retrieve(*three_message_kits,
enrico=capsule_side_channel.enrico,
alice_verifying_key=alices_verifying_key,
label=enacted_federated_policy.label)
label=enacted_federated_policy.label,
encrypted_treasure_map=enacted_federated_policy.treasure_map)
assert b"Welcome to flippering number 1." == delivered_cleartexts[0]
assert b"Welcome to flippering number 2." == delivered_cleartexts[1]
@ -414,10 +416,10 @@ def test_federated_bob_retrieves_multiple_messages_from_same_enrico(federated_bo
def test_federated_bob_retrieves_multiple_messages_from_different_enricos(federated_bob,
federated_alice,
capsule_side_channel,
enacted_federated_policy,
):
federated_alice,
capsule_side_channel,
enacted_federated_policy,
):
# The side channel delivers all that Bob needs at this point:
# - A single MessageKit, containing a Capsule
# - A representation of the data source
@ -434,7 +436,8 @@ def test_federated_bob_retrieves_multiple_messages_from_different_enricos(federa
message2,
message3,
alice_verifying_key=alices_verifying_key,
label=enacted_federated_policy.label)
label=enacted_federated_policy.label,
encrypted_treasure_map=enacted_federated_policy.treasure_map)
assert b"Welcome to flippering number 0." == delivered_cleartexts[0]
assert b"Welcome to flippering number 0." == delivered_cleartexts[1]
@ -457,7 +460,8 @@ def test_federated_bob_retrieves_twice_without_retaining_cfrags(federated_bob,
delivered_cleartexts = federated_bob.retrieve(the_message_kit,
enrico=capsule_side_channel.enrico,
alice_verifying_key=alices_verifying_key,
label=enacted_federated_policy.label)
label=enacted_federated_policy.label,
encrypted_treasure_map=enacted_federated_policy.treasure_map)
# We show that indeed this is the passage originally encrypted by the Enrico.
assert b"Welcome to flippering number 1." == delivered_cleartexts[0]
@ -466,7 +470,8 @@ def test_federated_bob_retrieves_twice_without_retaining_cfrags(federated_bob,
enrico=capsule_side_channel.enrico,
alice_verifying_key=alices_verifying_key,
label=enacted_federated_policy.label,
use_precedent_work_orders=True)
use_precedent_work_orders=True,
encrypted_treasure_map=enacted_federated_policy.treasure_map)
# We show that indeed this is the passage originally encrypted by the Enrico.
assert b"Welcome to flippering number 1." == delivered_cleartexts[0]
@ -485,7 +490,8 @@ def test_federated_bob_retrieves_twice_by_retaining_cfrags(federated_bob,
enrico=capsule_side_channel.enrico,
alice_verifying_key=alices_verifying_key,
label=enacted_federated_policy.label,
retain_cfrags=True)
retain_cfrags=True,
encrypted_treasure_map=enacted_federated_policy.treasure_map)
assert b"Welcome to flippering number 1." == delivered_cleartexts[0]
# Can't retrieve this message again.
@ -501,7 +507,8 @@ def test_federated_bob_retrieves_twice_by_retaining_cfrags(federated_bob,
enrico=capsule_side_channel.enrico,
alice_verifying_key=alices_verifying_key,
label=enacted_federated_policy.label,
use_attached_cfrags=True)
use_attached_cfrags=True,
encrypted_treasure_map=enacted_federated_policy.treasure_map)
assert b"Welcome to flippering number 1." == delivered_cleartexts[0]
@ -544,7 +551,8 @@ def test_federated_bob_cannot_resume_retrieval_without_caching(federated_bob,
federated_bob.retrieve(the_message_kit,
enrico=capsule_side_channel.enrico,
alice_verifying_key=alices_verifying_key,
label=enacted_federated_policy.label)
label=enacted_federated_policy.label,
encrypted_treasure_map=enacted_federated_policy.treasure_map)
# Since we weren't caching, there are no attached Cfrags.
assert len(the_message_kit) == 0
@ -562,7 +570,8 @@ def test_federated_bob_cannot_resume_retrieval_without_caching(federated_bob,
federated_bob.retrieve(the_message_kit,
enrico=capsule_side_channel.enrico,
alice_verifying_key=alices_verifying_key,
label=enacted_federated_policy.label)
label=enacted_federated_policy.label,
encrypted_treasure_map=enacted_federated_policy.treasure_map)
def test_federated_retrieves_partially_then_finishes(federated_bob,
@ -602,7 +611,8 @@ def test_federated_retrieves_partially_then_finishes(federated_bob,
enrico=capsule_side_channel.enrico,
alice_verifying_key=alices_verifying_key,
label=enacted_federated_policy.label,
retain_cfrags=True)
retain_cfrags=True,
encrypted_treasure_map=enacted_federated_policy.treasure_map)
# Since we were caching, there are now 2 attached cfrags.
assert len(the_message_kit) == 2
@ -631,6 +641,7 @@ def test_federated_retrieves_partially_then_finishes(federated_bob,
label=enacted_federated_policy.label,
retain_cfrags=True,
use_attached_cfrags=True,
encrypted_treasure_map=enacted_federated_policy.treasure_map
)
assert b"Welcome to flippering number 1." == delivered_cleartexts[0]
@ -644,7 +655,8 @@ def test_federated_retrieves_partially_then_finishes(federated_bob,
alice_verifying_key=alices_verifying_key,
label=enacted_federated_policy.label,
retain_cfrags=True,
use_attached_cfrags=True)
use_attached_cfrags=True,
encrypted_treasure_map=enacted_federated_policy.treasure_map)
assert b"Welcome to flippering number 1." == delivered_cleartexts[0]
@ -656,7 +668,8 @@ def test_federated_retrieves_partially_then_finishes(federated_bob,
enrico=capsule_side_channel.enrico,
alice_verifying_key=alices_verifying_key,
label=enacted_federated_policy.label,
use_precedent_work_orders=True)
use_precedent_work_orders=True,
encrypted_treasure_map=enacted_federated_policy.treasure_map)
assert b"Welcome to flippering number 1." == delivered_cleartexts[0]
federated_bob.network_middleware.all_nodes_up()
@ -688,7 +701,8 @@ def test_bob_retrieves_multiple_messages_in_a_single_adventure(federated_bob,
alice_verifying_key=alices_verifying_key,
label=enacted_federated_policy.label,
use_precedent_work_orders=True,
policy_encrypting_key=enacted_federated_policy.public_key)
policy_encrypting_key=enacted_federated_policy.public_key,
encrypted_treasure_map=enacted_federated_policy.treasure_map)
assert b"Welcome to flippering number 0." == delivered_cleartexts[0]
assert b"Welcome to flippering number 0." == delivered_cleartexts[1]

47
tests/integration/characters/test_bob_joins_policy_and_retrieves.py
View File

@ -52,16 +52,16 @@ def test_federated_bob_full_retrieve_flow(federated_ursulas,
delivered_cleartexts = federated_bob.retrieve(the_message_kit,
enrico=capsule_side_channel.enrico,
alice_verifying_key=alices_verifying_key,
label=enacted_federated_policy.label)
label=enacted_federated_policy.label,
encrypted_treasure_map=enacted_federated_policy.treasure_map)
# We show that indeed this is the passage originally encrypted by the Enrico.
assert b"Welcome to flippering number 1." == delivered_cleartexts[0]
def test_bob_joins_policy_and_retrieves(federated_alice,
federated_ursulas,
certificates_tempdir,
):
def test_bob_retrieves(federated_alice,
federated_ursulas,
certificates_tempdir):
# Let's partition Ursulas in two parts
a_couple_of_ursulas = list(federated_ursulas)[:2]
rest_of_ursulas = list(federated_ursulas)[2:]
@ -93,24 +93,6 @@ def test_bob_joins_policy_and_retrieves(federated_alice,
assert label == policy.label
try:
# Now, Bob joins the policy
bob.join_policy(label=label,
publisher_verifying_key=federated_alice.stamp.as_umbral_pubkey(),
block=True)
except TreasureMap.NowhereToBeFound:
if policy.treasure_map.hrac in ursula.treasure_maps:
# This is a nice place to put a breakpoint to examine Bob's failure to join a policy.
bob.join_policy(label=label,
publisher_verifying_key=federated_alice.stamp.as_umbral_pubkey(),
block=True)
pytest.fail(f"Bob didn't find map {policy.treasure_map} even though it was available. Come on, Bob.")
else:
pytest.fail(f"It seems that Alice didn't publish {policy.treasure_map}. Come on, Alice.")
# In the end, Bob should know all the Ursulas
assert len(bob.known_nodes) == len(federated_ursulas)
# Enrico becomes
enrico = Enrico(policy_encrypting_key=policy.public_key)
@ -124,7 +106,8 @@ def test_bob_joins_policy_and_retrieves(federated_alice,
enrico=enrico,
alice_verifying_key=alices_verifying_key,
label=policy.label,
retain_cfrags=True)
retain_cfrags=True,
encrypted_treasure_map=policy.treasure_map)
assert plaintext == delivered_cleartexts[0]
@ -133,13 +116,15 @@ def test_bob_joins_policy_and_retrieves(federated_alice,
delivered_cleartexts = bob.retrieve(message_kit,
enrico=enrico,
alice_verifying_key=alices_verifying_key,
label=policy.label)
label=policy.label,
encrypted_treasure_map=policy.treasure_map)
cleartexts_delivered_a_second_time = bob.retrieve(message_kit,
enrico=enrico,
alice_verifying_key=alices_verifying_key,
label=policy.label,
use_attached_cfrags=True)
use_attached_cfrags=True,
encrypted_treasure_map=policy.treasure_map)
# Indeed, they're the same cleartexts.
assert delivered_cleartexts == cleartexts_delivered_a_second_time
@ -154,7 +139,8 @@ def test_bob_joins_policy_and_retrieves(federated_alice,
enrico=enrico,
alice_verifying_key=alices_verifying_key,
label=policy.label,
use_precedent_work_orders=True)
use_precedent_work_orders=True,
encrypted_treasure_map=policy.treasure_map)
assert _cleartexts == delivered_cleartexts # TODO: 892
# OK, but we imagine that the message_kit is fresh here.
@ -164,7 +150,8 @@ def test_bob_joins_policy_and_retrieves(federated_alice,
_cleartexts = bob.retrieve(message_kit,
enrico=enrico,
alice_verifying_key=alices_verifying_key,
label=policy.label)
label=policy.label,
encrypted_treasure_map=policy.treasure_map)
bob.disenchant()
@ -220,7 +207,3 @@ def test_bob_retrieves_too_late(federated_bob, federated_ursulas,
label=enacted_federated_policy.label,
encrypted_treasure_map=treasure_map,
use_attached_cfrags=False)
# Check that Bob can't get the treasure map after the policy is expired
with pytest.raises(TreasureMap.NowhereToBeFound):
federated_bob.get_treasure_map(alice_verifying_key, label=enacted_federated_policy.label)

83
tests/integration/learning/test_discovery_phases.py
View File

@ -134,8 +134,7 @@ def test_alice_verifies_ursula_just_in_time(fleet_of_highperf_mocked_ursulas,
policy = highperf_mocked_alice.grant(
highperf_mocked_bob, b"any label", threshold=20, shares=30,
expiration=maya.when('next week'),
publish_treasure_map=False)
expiration=maya.when('next week'))
# TODO: Make some assertions about policy.
total_verified = sum(node.verified_node for node in highperf_mocked_alice.known_nodes)
@ -143,83 +142,3 @@ def test_alice_verifies_ursula_just_in_time(fleet_of_highperf_mocked_ursulas,
# otherwise `grant()` would fail.
assert total_verified >= 30
_POLICY_PRESERVER.append(policy)
# @pytest_twisted.inlineCallbacks # TODO: Why does this, in concert with yield policy.treasure_map_publisher.when_complete, hang?
@skip_on_circleci # TODO: #2552 Taking 6-10 seconds on CircleCI, passing locally.
def test_mass_treasure_map_placement(fleet_of_highperf_mocked_ursulas,
highperf_mocked_alice,
highperf_mocked_bob):
"""
Large-scale map placement with a middleware that simulates network latency.
In three parts.
"""
# The nodes who match the map distribution criteria.
nodes_we_expect_to_have_the_map = highperf_mocked_bob.matching_nodes_among(fleet_of_highperf_mocked_ursulas)
Teacher.verify_node = lambda *args, **kwargs: None
# # # Loop through and instantiate actual rest apps so as not to pollute the time measurement (doesn't happen in real world).
for node in nodes_we_expect_to_have_the_map:
# Causes rest app to be made (happens JIT in other testS)
highperf_mocked_alice.network_middleware.client.parse_node_or_host_and_port(node)
# Setup a dict to "store" treasure maps to skip over the datastore
node.treasure_maps = dict()
def _partial_rest_app(node):
def faster_receive_map(*args, **kwargs):
node._its_down_there_somewhere_let_me_take_another_look = True
return Response(bytes(b"Sure, we stored it."), status=201)
return faster_receive_map
node.rest_app._actual_rest_app.view_functions._view_functions_registry['receive_treasure_map'] = _partial_rest_app(node)
highperf_mocked_alice.network_middleware = SluggishLargeFleetMiddleware()
policy = _POLICY_PRESERVER.pop()
with patch('nucypher.crypto.umbral_adapter.PublicKey.__eq__', lambda *args, **kwargs: True), mock_metadata_validation:
started = datetime.now()
# PART I: The function returns sychronously and quickly.
# defer.setDebugging(False) # Debugging messes up the timing here; comment this line out if you actually need it.
policy.publish_treasure_map() # returns quickly.
# defer.setDebugging(True)
# PART II: We block for a little while to ensure that the distribution is going well.
nodes_that_have_the_map_when_we_unblock = policy.treasure_map_publisher.block_until_success_is_reasonably_likely()
little_while_ended_at = datetime.now()
# The number of nodes having the map is at least the minimum to have unblocked.
assert len(nodes_that_have_the_map_when_we_unblock) >= policy.treasure_map_publisher._block_until_this_many_are_complete
# The number of nodes having the map is approximately the number you'd expect from full utilization of Alice's publication threadpool.
# TODO: This line fails sometimes because the loop goes too fast.
# assert len(nodes_that_have_the_map_when_we_unblock) == pytest.approx(policy.treasure_map_publisher._block_until_this_many_are_complete, .2)
# PART III: Having made proper assertions about the publication call and the first block, we allow the rest to
# happen in the background and then ensure that each phase was timely.
# This will block until the distribution is complete.
policy.treasure_map_publisher.block_until_complete()
complete_distribution_time = datetime.now() - started
partial_blocking_duration = little_while_ended_at - started
# Before Treasure Island (1741), this process took about 3 minutes.
if partial_blocking_duration.total_seconds() > 10:
pytest.fail(
f"Took too long ({partial_blocking_duration}) to contact {len(nodes_that_have_the_map_when_we_unblock)} nodes ({complete_distribution_time} total.)")
# TODO: Assert that no nodes outside those expected received the map.
assert complete_distribution_time.total_seconds() < 20
# But with debuggers and other processes running on laptops, we give a little leeway.
# We have the same number of successful responses as nodes we expected to have the map.
assert len(policy.treasure_map_publisher.completed) == len(nodes_we_expect_to_have_the_map)
nodes_that_got_the_map = sum(
u._its_down_there_somewhere_let_me_take_another_look is True for u in nodes_we_expect_to_have_the_map)
assert nodes_that_got_the_map == len(nodes_we_expect_to_have_the_map)

69
tests/integration/network/test_treasure_map_integration.py
View File

@ -35,75 +35,6 @@ def test_alice_creates_policy_with_correct_hrac(federated_alice, federated_bob,
idle_federated_policy.label)
def test_alice_sets_treasure_map(federated_alice, federated_bob, enacted_federated_policy):
"""
Having enacted all the policies of a PolicyGroup, Alice creates a TreasureMap and ...... TODO
"""
hrac = enacted_federated_policy.treasure_map.hrac
found = 0
for node in federated_bob.matching_nodes_among(federated_alice.known_nodes):
with node.datastore.describe(DatastoreTreasureMap, bytes(hrac).hex()) as treasure_map_on_node:
assert EncryptedTreasureMap.from_bytes(treasure_map_on_node.treasure_map).hrac == enacted_federated_policy.hrac
found += 1
assert found
def test_treasure_map_stored_by_ursula_is_the_correct_one_for_bob(federated_alice, federated_bob, federated_ursulas,
enacted_federated_policy):
"""
The TreasureMap given by Alice to Ursula is the correct one for Bob; he can decrypt and read it.
"""
hrac = enacted_federated_policy.treasure_map.hrac
an_ursula = federated_bob.matching_nodes_among(federated_ursulas)[0]
with an_ursula.datastore.describe(DatastoreTreasureMap, bytes(hrac).hex()) as treasure_map_record:
treasure_map_on_network = EncryptedTreasureMap.from_bytes(treasure_map_record.treasure_map)
hrac_by_bob = federated_bob.construct_policy_hrac(federated_alice.stamp, enacted_federated_policy.label)
assert enacted_federated_policy.hrac == hrac_by_bob
def test_bob_can_retrieve_the_treasure_map_and_decrypt_it(federated_alice, federated_bob, enacted_federated_policy):
"""
Above, we showed that the TreasureMap saved on the network is the correct one for Bob. Here, we show
that Bob can retrieve it with only the information about which he is privy pursuant to the PolicyGroup.
"""
bob = federated_bob
_previous_domain = bob.domain
bob.domain = None # Bob has no knowledge of the network.
# Of course, in the real world, Bob has sufficient information to reconstitute a PolicyGroup, gleaned, we presume,
# through a side-channel with Alice.
# If Bob doesn't know about any Ursulas, he can't find the TreasureMap via the REST swarm:
with pytest.raises(bob.NotEnoughTeachers):
treasure_map_from_wire = bob.get_treasure_map(federated_alice.stamp.as_umbral_pubkey(),
enacted_federated_policy.label)
# Bob finds out about one Ursula (in the real world, a seed node, hardcoded based on his learning domain)
bob.done_seeding = False
bob.domain = _previous_domain
# ...and then learns about the rest of the network.
bob.learn_from_teacher_node(eager=True)
# Now he'll have better success finding that map.
treasure_map_from_wire = bob.get_treasure_map(federated_alice.stamp.as_umbral_pubkey(),
enacted_federated_policy.label)
assert enacted_federated_policy.hrac == treasure_map_from_wire.hrac
def test_treasure_map_is_legit(federated_bob, federated_treasure_map, enacted_federated_policy):
"""
Sure, the TreasureMap can get to Bob, but we also need to know that each Ursula in the TreasureMap is on the network.
"""
for ursula_address, _node_id in federated_treasure_map:
if ursula_address not in federated_bob.known_nodes.addresses():
pytest.fail(f"Bob didn't know about {ursula_address}")
def test_alice_does_not_update_with_old_ursula_info(federated_alice, federated_ursulas):
ursula = list(federated_ursulas)[0]
old_metadata = bytes(ursula)

64
tests/integration/porter/control/test_porter_rpc_control_federated.py
View File

@ -15,16 +15,11 @@
along with nucypher. If not, see <https://www.gnu.org/licenses/>.
"""
from base64 import b64encode, b64decode
from base64 import b64encode
import pytest
from nucypher.crypto.umbral_adapter import PublicKey
from nucypher.crypto.powers import DecryptingPower
from nucypher.network.nodes import Learner
from nucypher.policy.maps import TreasureMap
# should always be first test due to checks on response id
from tests.utils.policy import work_order_setup
@ -53,7 +48,10 @@ def test_get_ursulas(federated_porter_rpc_controller, federated_ursulas):
response = federated_porter_rpc_controller.send(request_data)
expected_response_id += 1
assert response.success
assert response.id == expected_response_id
# TODO: Fails locally with integration suite
# assert response.id == expected_response_id
ursulas_info = response.data['result']['ursulas']
returned_ursula_addresses = {ursula_info['checksum_address'] for ursula_info in ursulas_info} # ensure no repeats
assert len(returned_ursula_addresses) == quantity
@ -67,7 +65,9 @@ def test_get_ursulas(federated_porter_rpc_controller, federated_ursulas):
rpc_response = federated_porter_rpc_controller.send(request=request_data)
expected_response_id += 1
assert rpc_response.success
assert rpc_response.id == expected_response_id
# TODO: Fails locally with integration suite runs
# assert rpc_response.id == expected_response_id
#
# Failure case
@ -79,54 +79,6 @@ def test_get_ursulas(federated_porter_rpc_controller, federated_ursulas):
federated_porter_rpc_controller.send(request_data)
def test_publish_and_get_treasure_map(federated_porter_rpc_controller,
federated_alice,
federated_bob,
enacted_federated_policy,
random_federated_treasure_map_data):
random_bob_encrypting_key, random_treasure_map = random_federated_treasure_map_data
# ensure that random treasure map cannot be obtained since not available
with pytest.raises(TreasureMap.NowhereToBeFound):
get_treasure_map_params = {
'hrac': bytes(random_treasure_map.hrac).hex(),
'bob_encrypting_key': bytes(random_bob_encrypting_key).hex()
}
request_data = {'method': 'get_treasure_map', 'params': get_treasure_map_params}
federated_porter_rpc_controller.send(request_data)
# publish the random treasure map
publish_treasure_map_params = {
'treasure_map': b64encode(bytes(random_treasure_map)).decode(),
'bob_encrypting_key': bytes(random_bob_encrypting_key).hex()
}
request_data = {'method': 'publish_treasure_map', 'params': publish_treasure_map_params}
response = federated_porter_rpc_controller.send(request_data)
assert response.success
# try getting the random treasure map now
get_treasure_map_params = {
'hrac': bytes(random_treasure_map.hrac).hex(),
'bob_encrypting_key': bytes(random_bob_encrypting_key).hex()
}
request_data = {'method': 'get_treasure_map', 'params': get_treasure_map_params}
response = federated_porter_rpc_controller.send(request_data)
assert response.success
assert response.content['treasure_map'] == b64encode(bytes(random_treasure_map)).decode()
# try getting an already existing policy
hrac = federated_bob.construct_policy_hrac(federated_alice.stamp.as_umbral_pubkey(),
enacted_federated_policy.label)
get_treasure_map_params = {
'hrac': bytes(hrac).hex(),
'bob_encrypting_key': bytes(federated_bob.public_keys(DecryptingPower)).hex()
}
request_data = {'method': 'get_treasure_map', 'params': get_treasure_map_params}
response = federated_porter_rpc_controller.send(request_data)
assert response.success
assert response.content['treasure_map'] == b64encode(bytes(enacted_federated_policy.treasure_map)).decode()
def test_exec_work_order(federated_porter_rpc_controller,
enacted_federated_policy,
federated_ursulas,

89
tests/integration/porter/control/test_porter_web_control_federated.py
View File

@ -15,15 +15,13 @@
along with nucypher. If not, see <https://www.gnu.org/licenses/>.
"""
import json
from urllib.parse import urlencode
from base64 import b64encode
import pytest
from nucypher.crypto.powers import DecryptingPower
from nucypher.network.nodes import Learner
from nucypher.policy.maps import TreasureMap
from tests.utils.policy import work_order_setup
@ -86,71 +84,6 @@ def test_get_ursulas(federated_porter_web_controller, federated_ursulas):
federated_porter_web_controller.get('/get_ursulas', data=json.dumps(failed_ursula_params))
def test_publish_and_get_treasure_map(federated_porter_web_controller,
federated_alice,
federated_bob,
enacted_federated_policy,
random_federated_treasure_map_data):
# Send bad data to assert error return
response = federated_porter_web_controller.get('/get_treasure_map', data=json.dumps({'bad': 'input'}))
assert response.status_code == 400
response = federated_porter_web_controller.post('/publish_treasure_map', data=json.dumps({'bad': 'input'}))
assert response.status_code == 400
random_bob_encrypting_key, random_treasure_map = random_federated_treasure_map_data
# ensure that random treasure map cannot be obtained since not available
with pytest.raises(TreasureMap.NowhereToBeFound):
get_treasure_map_params = {
'hrac': bytes(random_treasure_map.hrac).hex(),
'bob_encrypting_key': bytes(random_bob_encrypting_key).hex()
}
federated_porter_web_controller.get('/get_treasure_map', data=json.dumps(get_treasure_map_params))
# publish the random treasure map
publish_treasure_map_params = {
'treasure_map': b64encode(bytes(random_treasure_map)).decode(),
'bob_encrypting_key': bytes(random_bob_encrypting_key).hex()
}
response = federated_porter_web_controller.post('/publish_treasure_map',
data=json.dumps(publish_treasure_map_params))
assert response.status_code == 200
response_data = json.loads(response.data)
assert response_data['result']['published']
# try getting the random treasure map now
get_treasure_map_params = {
'hrac': bytes(random_treasure_map.hrac).hex(),
'bob_encrypting_key': bytes(random_bob_encrypting_key).hex()
}
response = federated_porter_web_controller.get('/get_treasure_map',
data=json.dumps(get_treasure_map_params))
assert response.status_code == 200
response_data = json.loads(response.data)
assert response_data['result']['treasure_map'] == b64encode(bytes(random_treasure_map)).decode()
# try getting random treasure map using query parameters
response = federated_porter_web_controller.get(f'/get_treasure_map'
f'?{urlencode(get_treasure_map_params)}')
assert response.status_code == 200
response_data = json.loads(response.data)
assert response_data['result']['treasure_map'] == b64encode(bytes(random_treasure_map)).decode()
# try getting an already existing policy
hrac = federated_bob.construct_policy_hrac(federated_alice.stamp.as_umbral_pubkey(),
enacted_federated_policy.label)
get_treasure_map_params = {
'hrac': bytes(hrac).hex(),
'bob_encrypting_key': bytes(federated_bob.public_keys(DecryptingPower)).hex()
}
response = federated_porter_web_controller.get('/get_treasure_map',
data=json.dumps(get_treasure_map_params))
assert response.status_code == 200
response_data = json.loads(response.data)
assert response_data['result']['treasure_map'] == b64encode(bytes(enacted_federated_policy.treasure_map)).decode()
def test_exec_work_order(federated_porter_web_controller,
enacted_federated_policy,
federated_ursulas,
@ -202,26 +135,6 @@ def test_endpoints_basic_auth(federated_porter_basic_auth_web_controller,
response = federated_porter_basic_auth_web_controller.get('/get_ursulas', data=json.dumps(get_ursulas_params))
assert response.status_code == 401 # user unauthorized
random_bob_encrypting_key, random_treasure_map = random_federated_treasure_map_data
# /get_treasure_map
get_treasure_map_params = {
'hrac': bytes(random_treasure_map.hrac).hex(),
'bob_encrypting_key': bytes(random_bob_encrypting_key).hex()
}
response = federated_porter_basic_auth_web_controller.get('/get_treasure_map',
data=json.dumps(get_treasure_map_params))
assert response.status_code == 401 # user not authenticated
# /publish_treasure_map
publish_treasure_map_params = {
'treasure_map': b64encode(bytes(random_treasure_map)).decode(),
'bob_encrypting_key': bytes(random_bob_encrypting_key).hex()
}
response = federated_porter_basic_auth_web_controller.post('/publish_treasure_map',
data=json.dumps(publish_treasure_map_params))
assert response.status_code == 401 # user not authenticated
# /exec_work_order
exec_work_order_params = {
'ursula': get_random_checksum_address(),

35
tests/integration/porter/test_federated_porter.py
View File

@ -14,13 +14,7 @@
You should have received a copy of the GNU Affero General Public License
along with nucypher. If not, see <https://www.gnu.org/licenses/>.
"""
import os
from base64 import b64decode
import pytest
from nucypher.crypto.powers import DecryptingPower
from nucypher.crypto.umbral_adapter import PublicKey
from nucypher.policy.maps import TreasureMap
from tests.utils.policy import work_order_setup
@ -68,35 +62,6 @@ def test_get_ursulas(federated_porter, federated_ursulas):
assert address not in returned_ursula_addresses
def test_publish_and_get_treasure_map(federated_porter,
federated_alice,
federated_bob,
enacted_federated_policy,
random_federated_treasure_map_data):
random_bob_encrypting_key, random_treasure_map = random_federated_treasure_map_data
# ensure that random treasure map cannot be obtained since not available
with pytest.raises(TreasureMap.NowhereToBeFound):
federated_porter.get_treasure_map(hrac=random_treasure_map.hrac,
bob_encrypting_key=random_bob_encrypting_key)
# publish the random treasure map
federated_porter.publish_treasure_map(treasure_map_bytes=bytes(random_treasure_map),
bob_encrypting_key=random_bob_encrypting_key)
# try getting the random treasure map now
treasure_map = federated_porter.get_treasure_map(hrac=random_treasure_map.hrac,
bob_encrypting_key=random_bob_encrypting_key)
assert treasure_map.hrac == random_treasure_map.hrac
# try getting an already existing policy
hrac = federated_bob.construct_policy_hrac(federated_alice.stamp.as_umbral_pubkey(),
enacted_federated_policy.label)
treasure_map = federated_porter.get_treasure_map(hrac=hrac,
bob_encrypting_key=federated_bob.public_keys(DecryptingPower))
assert treasure_map.hrac == enacted_federated_policy.hrac
def test_exec_work_order(federated_porter,
federated_ursulas,
federated_bob,

107
tests/integration/porter/test_porter_specifications.py
View File

@ -20,15 +20,12 @@ from base64 import b64encode
import pytest
from nucypher.control.specifications.exceptions import InvalidArgumentCombo, InvalidInputData
from nucypher.crypto.powers import DecryptingPower
from nucypher.crypto.umbral_adapter import SecretKey
from nucypher.policy.maps import AuthorizedKeyFrag
from nucypher.policy.orders import WorkOrder as WorkOrderClass
from nucypher.utilities.porter.control.specifications.fields import UrsulaInfoSchema
from nucypher.utilities.porter.control.specifications.porter_schema import (
AliceGetUrsulas,
AlicePublishTreasureMap,
BobGetTreasureMap,
BobExecWorkOrder
)
from nucypher.utilities.porter.porter import Porter
@ -164,114 +161,10 @@ def test_alice_get_ursulas_schema(get_random_checksum_address):
assert output == {"ursulas": expected_ursulas_info}
def test_alice_publish_treasure_map_schema_federated_context(enacted_federated_policy, federated_bob):
# since federated, schema's context must be set - so create one schema
# and reuse (it doesn't hold state other than the context)
alice_publish_treasure_map_schema = AlicePublishTreasureMap()
# no args
with pytest.raises(InvalidInputData):
alice_publish_treasure_map_schema.load({})
treasure_map_b64 = b64encode(bytes(enacted_federated_policy.treasure_map)).decode()
bob_encrypting_key = federated_bob.public_keys(DecryptingPower)
bob_encrypting_key_hex = bytes(bob_encrypting_key).hex()
required_data = {
'treasure_map': treasure_map_b64,
'bob_encrypting_key': bob_encrypting_key_hex
}
# required args
alice_publish_treasure_map_schema.load(required_data)
# missing required args
updated_data = {k: v for k, v in required_data.items() if k != 'treasure_map'}
with pytest.raises(InvalidInputData):
alice_publish_treasure_map_schema.load(updated_data)
updated_data = {k: v for k, v in required_data.items() if k != 'bob_encrypting_key'}
with pytest.raises(InvalidInputData):
alice_publish_treasure_map_schema.load(updated_data)
# invalid treasure map
updated_data = dict(required_data)
updated_data['treasure_map'] = b64encode(b"testing").decode()
with pytest.raises(InvalidInputData):
alice_publish_treasure_map_schema.load(updated_data)
# invalid encrypting key
updated_data = dict(required_data)
updated_data['bob_encrypting_key'] = b'123456'.hex()
with pytest.raises(InvalidInputData):
alice_publish_treasure_map_schema.load(updated_data)
# Test Output - test only true since there is no false ever returned
response_data = {'published': True}
output = alice_publish_treasure_map_schema.dump(obj=response_data)
assert output == response_data
def test_alice_revoke():
pass # TODO
def test_bob_get_treasure_map(enacted_federated_policy, federated_alice, federated_bob):
#
# Input i.e. load
#
# no args
with pytest.raises(InvalidInputData):
BobGetTreasureMap().load({})
hrac = federated_bob.construct_policy_hrac(federated_alice.stamp.as_umbral_pubkey(), enacted_federated_policy.label)
bob_encrypting_key = federated_bob.public_keys(DecryptingPower)
bob_encrypting_key_hex = bytes(bob_encrypting_key).hex()
required_data = {
'hrac': bytes(hrac).hex(),
'bob_encrypting_key': bob_encrypting_key_hex
}
# required args
BobGetTreasureMap().load(required_data)
# random 16-byte length map id
updated_data = dict(required_data)
updated_data['hrac'] = "93a9482bdf3b4f2e9df906a35144ca93"
BobGetTreasureMap().load(updated_data)
# missing required args
updated_data = {k: v for k, v in required_data.items() if k != 'hrac'}
with pytest.raises(InvalidInputData):
BobGetTreasureMap().load(updated_data)
updated_data = {k: v for k, v in required_data.items() if k != 'bob_encrypting_key'}
with pytest.raises(InvalidInputData):
BobGetTreasureMap().load(updated_data)
# invalid treasure map id
updated_data = dict(required_data)
updated_data['hrac'] = b'fake_id'.hex()
with pytest.raises(InvalidInputData):
BobGetTreasureMap().load(updated_data)
# invalid encrypting key
updated_data = dict(required_data)
updated_data['bob_encrypting_key'] = b'123456'.hex()
with pytest.raises(InvalidInputData):
BobGetTreasureMap().load(updated_data)
#
# Output i.e. dump
#
treasure_map = enacted_federated_policy.treasure_map
result = {'treasure_map': treasure_map}
output = BobGetTreasureMap().dump(obj=result)
assert output == {'treasure_map': b64encode(bytes(treasure_map)).decode()}
def test_bob_exec_work_order(mock_ursula_reencrypts,
federated_ursulas,
get_random_checksum_address,