import asyncio import msgpack import pytest from kademlia.utils import digest from nkms.characters import Ursula, Character from nkms.crypto.signature import Signature from nkms.crypto.utils import BytestringSplitter from nkms.network import blockchain_client from nkms.network.protocols import dht_value_splitter from nkms.policy.models import Policy from tests.utilities import MockNetworkyStuff, EVENT_LOOP, URSULA_PORT, NUMBER_OF_URSULAS_IN_NETWORK def test_all_ursulas_know_about_all_other_ursulas(fake_ursulas): """ Once launched, all Ursulas know about - and can help locate - all other Ursulas in the network. """ ignorance = [] for acounter, announcing_ursula in enumerate(blockchain_client._ursulas_on_blockchain): for counter, propagating_ursula in enumerate(fake_ursulas): if not digest(announcing_ursula) in propagating_ursula.server.storage: ignorance.append((counter, acounter)) if ignorance: pytest.fail(str(["{} didn't know about {}".format(counter, acounter) for counter, acounter in ignorance])) def test_vladimir_illegal_interface_key_does_not_propagate(fake_ursulas): """ Although Ursulas propagate each other's interface information, as demonstrated above, they do not propagate interface information for Vladimir, an Evil Ursula. """ vladimir = fake_ursulas[0] ursula = fake_ursulas[1] # Ursula hasn't seen any illegal keys. assert ursula.server.protocol.illegal_keys_seen == [] # Vladimir does almost everything right.... value = vladimir.interface_dht_value() # Except he sets an illegal key for his interface. illegal_key = "Not allowed to set arbitrary key for this." setter = vladimir.server.set(key=illegal_key, value=value) loop = asyncio.get_event_loop() loop.run_until_complete(setter) # Now Ursula has seen an illegal key. assert digest(illegal_key) in ursula.server.protocol.illegal_keys_seen def test_alice_cannot_offer_policy_without_first_finding_ursula(alice, bob, fake_ursulas): """ Alice can't just offer a Policy if she doesn't know whether any Ursulas are available (she gets Ursula.NotFound). """ networky_stuff = MockNetworkyStuff(fake_ursulas) policy = Policy(alice, bob) with pytest.raises(Ursula.NotFound): policy_offer = policy.encrypt_payload_for_ursula() def test_trying_to_find_unknown_actor_raises_not_found(alice): """ Tony the test character can't make reference to a character he doesn't know about yet. """ tony_clifton = Character() message = b"some_message" signature = alice.seal(message) # Tony can't reference Alice... with pytest.raises(Character.NotFound): verification = tony_clifton.verify_from(alice, signature, message) # ...before learning about Alice. tony_clifton.learn_about_actor(alice) verification, NO_DECRYPTION_PERFORMED = tony_clifton.verify_from(alice, message, signature) assert verification is True def test_alice_finds_ursula(alice, fake_ursulas): """ With the help of any Ursula, Alice can find a specific Ursula. """ ursula_index = 1 all_ursulas = blockchain_client._ursulas_on_blockchain getter = alice.server.get(all_ursulas[ursula_index]) loop = asyncio.get_event_loop() value = loop.run_until_complete(getter) _signature, _ursula_pubkey_sig, _hrac, interface_info = dht_value_splitter(value.lstrip(b"uaddr-"), return_remainder=True) port = msgpack.loads(interface_info)[0] assert port == URSULA_PORT + ursula_index def test_alice_creates_policy_group_with_correct_hrac(alices_policy_group): """ Alice creates a PolicyGroup. It has the proper HRAC, unique per her, Bob, and the uri (resource_id). """ alice = alices_policy_group.alice bob = alices_policy_group.bob assert alices_policy_group.hrac() == alices_policy_group.hash( bytes(alice.seal) + bytes(bob.seal) + alice.__resource_id) def test_alice_enacts_policies_in_policy_group_via_rest(enacted_policy_group): """ Now that Alice has made a PolicyGroup, she can enact its policies, using Ursula's Public Key to encrypt each offer and transmitting them via REST. """ ursula = enacted_policy_group.policies[0].ursula kfrag_that_was_set = ursula.keystore.get_kfrag(enacted_policy_group.hrac()) assert bool(kfrag_that_was_set) # TODO: This can be a more poignant assertion. def test_alice_sets_treasure_map_on_network(enacted_policy_group, fake_ursulas): """ Having enacted all the policies of a PolicyGroup, Alice creates a TreasureMap and sends it to Ursula via the DHT. """ alice = enacted_policy_group.alice setter, encrypted_treasure_map, packed_encrypted_treasure_map, signature_for_bob, signature_for_ursula = alice.publish_treasure_map( enacted_policy_group) _set_event = EVENT_LOOP.run_until_complete(setter) treasure_map_as_set_on_network = fake_ursulas[0].server.storage[ digest(enacted_policy_group.treasure_map_dht_key())] assert treasure_map_as_set_on_network == b"trmap" + packed_encrypted_treasure_map def test_treasure_map_with_bad_id_does_not_propagate(alices_policy_group, fake_ursulas): """ In order to prevent spam attacks, Ursula refuses to propagate a TreasureMap whose PolicyGroup ID does not comport to convention. """ illegal_policygroup_id = "This is not a conventional policygroup id" alice = alices_policy_group.alice bob = alices_policy_group.bob treasure_map = alices_policy_group.treasure_map encrypted_treasure_map, signature = alice.encrypt_for(bob, treasure_map.packed_payload()) packed_encrypted_treasure_map = msgpack.dumps(encrypted_treasure_map) # TODO: #114? Do we even need to pack here? setter = alice.server.set(illegal_policygroup_id, packed_encrypted_treasure_map) _set_event = EVENT_LOOP.run_until_complete(setter) with pytest.raises(KeyError): fake_ursulas[0].server.storage[digest(illegal_policygroup_id)] def test_treasure_map_stored_by_ursula_is_the_correct_one_for_bob(alice, bob, fake_ursulas, enacted_policy_group): """ The TreasureMap given by Alice to Ursula is the correct one for Bob; he can decrypt and read it. """ treasure_map_as_set_on_network = fake_ursulas[0].server.storage[ digest(enacted_policy_group.treasure_map_dht_key())] _signature_for_ursula, pubkey_sig_alice, hrac, encrypted_treasure_map = dht_value_splitter( treasure_map_as_set_on_network[5::], msgpack_remainder=True) # 5:: to account for prepended "trmap" verified, cleartext = treasure_map_as_decrypted_by_bob = bob.verify_from(alice, encrypted_treasure_map, decrypt=True, signature_is_on_cleartext=True, ) _alices_signature, treasure_map_as_decrypted_by_bob = BytestringSplitter(Signature)(cleartext, return_remainder=True) assert treasure_map_as_decrypted_by_bob == enacted_policy_group.treasure_map.packed_payload() assert verified is True def test_bob_can_retreive_the_treasure_map_and_decrypt_it(enacted_policy_group, fake_ursulas): """ Above, we showed that the TreasureMap saved on the network is the correct one for Bob. Here, we show that Bob can retrieve it with only the information about which he is privy pursuant to the PolicyGroup. """ bob = enacted_policy_group.bob networky_stuff = MockNetworkyStuff(fake_ursulas) # Of course, in the real world, Bob has sufficient information to reconstitute a PolicyGroup, gleaned, we presume, # through a side-channel with Alice. treasure_map_from_wire = bob.get_treasure_map(enacted_policy_group) assert enacted_policy_group.treasure_map == treasure_map_from_wire def test_treaure_map_is_legit(enacted_policy_group): """ Sure, the TreasureMap can get to Bob, but we also need to know that each Ursula in the TreasureMap is on the network. """ alice = enacted_policy_group.alice for ursula_interface_id in enacted_policy_group.treasure_map: getter = alice.server.get(ursula_interface_id) loop = asyncio.get_event_loop() value = loop.run_until_complete(getter) signature, ursula_pubkey_sig, hrac, interface_info = dht_value_splitter(value.lstrip(b"uaddr-"), return_remainder=True) port = msgpack.loads(interface_info)[0] legal_ports = range(NUMBER_OF_URSULAS_IN_NETWORK, NUMBER_OF_URSULAS_IN_NETWORK + URSULA_PORT) assert port in legal_ports