[tor-commits] [stem/master] Randomize network status document fields
atagar at torproject.org
atagar at torproject.org
Sat Jul 1 19:19:44 UTC 2017
commit 5caa371952aab488ae162287d599b78259b03f9b
Author: Damian Johnson <atagar at torproject.org>
Date: Sat Jul 1 12:03:28 2017 -0700
Randomize network status document fields
---
stem/descriptor/networkstatus.py | 128 +++++++++------------
.../networkstatus/directory_authority.py | 41 ++++---
test/unit/descriptor/networkstatus/document_v2.py | 14 +--
test/unit/descriptor/networkstatus/document_v3.py | 30 ++---
.../descriptor/networkstatus/key_certificate.py | 26 ++---
5 files changed, 99 insertions(+), 140 deletions(-)
diff --git a/stem/descriptor/networkstatus.py b/stem/descriptor/networkstatus.py
index 2fc868a..af2e41a 100644
--- a/stem/descriptor/networkstatus.py
+++ b/stem/descriptor/networkstatus.py
@@ -63,7 +63,6 @@ import stem.util.tor_tools
import stem.version
from stem.descriptor import (
- CRYPTO_BLOB,
PGP_BLOCK_END,
Descriptor,
DocumentHandler,
@@ -77,6 +76,11 @@ from stem.descriptor import (
_parse_forty_character_hex,
_parse_protocol_line,
_parse_key_block,
+ _random_nickname,
+ _random_fingerprint,
+ _random_ipv4_address,
+ _random_date,
+ _random_crypto_blob,
)
from stem.descriptor.router_status_entry import (
@@ -216,57 +220,6 @@ PARAM_RANGE = {
'onion-key-grace-period-days': (1, 90), # max is the highest onion-key-rotation-days
}
-AUTHORITY_HEADER = (
- ('dir-source', 'turtles 27B6B5996C426270A5C95488AA5BCEB6BCC86956 no.place.com 76.73.17.194 9030 9090'),
- ('contact', 'Mike Perry <email>'),
-)
-
-KEY_CERTIFICATE_HEADER = (
- ('dir-key-certificate-version', '3'),
- ('fingerprint', '27B6B5996C426270A5C95488AA5BCEB6BCC86956'),
- ('dir-key-published', '2011-11-28 21:51:04'),
- ('dir-key-expires', '2012-11-28 21:51:04'),
- ('dir-identity-key', '\n-----BEGIN RSA PUBLIC KEY-----%s-----END RSA PUBLIC KEY-----' % CRYPTO_BLOB),
- ('dir-signing-key', '\n-----BEGIN RSA PUBLIC KEY-----%s-----END RSA PUBLIC KEY-----' % CRYPTO_BLOB),
-)
-
-KEY_CERTIFICATE_FOOTER = (
- ('dir-key-certification', '\n-----BEGIN SIGNATURE-----%s-----END SIGNATURE-----' % CRYPTO_BLOB),
-)
-
-NETWORK_STATUS_DOCUMENT_HEADER_V2 = (
- ('network-status-version', '2'),
- ('dir-source', '18.244.0.114 18.244.0.114 80'),
- ('fingerprint', '719BE45DE224B607C53707D0E2143E2D423E74CF'),
- ('contact', 'arma at mit dot edu'),
- ('published', '2005-12-16 00:13:46'),
- ('dir-signing-key', '\n-----BEGIN RSA PUBLIC KEY-----%s-----END RSA PUBLIC KEY-----' % CRYPTO_BLOB),
-)
-
-NETWORK_STATUS_DOCUMENT_FOOTER_V2 = (
- ('directory-signature', 'moria2\n-----BEGIN SIGNATURE-----%s-----END SIGNATURE-----' % CRYPTO_BLOB),
-)
-
-NETWORK_STATUS_DOCUMENT_HEADER = (
- ('network-status-version', '3'),
- ('vote-status', 'consensus'),
- ('consensus-methods', None),
- ('consensus-method', None),
- ('published', None),
- ('valid-after', '2012-09-02 22:00:00'),
- ('fresh-until', '2012-09-02 22:00:00'),
- ('valid-until', '2012-09-02 22:00:00'),
- ('voting-delay', '300 300'),
- ('client-versions', None),
- ('server-versions', None),
- ('package', None),
- ('known-flags', 'Authority BadExit Exit Fast Guard HSDir Named Running Stable Unnamed V2Dir Valid'),
- ('params', None),
-)
-
-VOTE_HEADER_DEFAULTS = {'consensus-methods': '1 9', 'published': '2012-09-02 22:00:00'}
-CONSENSUS_HEADER_DEFAULTS = {'consensus-method': '9'}
-
class PackageVersion(collections.namedtuple('PackageVersion', ['name', 'version', 'url', 'digests'])):
"""
@@ -515,7 +468,16 @@ class NetworkStatusDocumentV2(NetworkStatusDocument):
if sign:
raise NotImplementedError('Signing of %s not implemented' % cls.__name__)
- return _descriptor_content(attr, exclude, sign, NETWORK_STATUS_DOCUMENT_HEADER_V2, NETWORK_STATUS_DOCUMENT_FOOTER_V2)
+ return _descriptor_content(attr, exclude, sign, (
+ ('network-status-version', '2'),
+ ('dir-source', '%s %s 80' % (_random_ipv4_address(), _random_ipv4_address())),
+ ('fingerprint', _random_fingerprint()),
+ ('contact', 'arma at mit dot edu'),
+ ('published', _random_date()),
+ ('dir-signing-key', _random_crypto_blob('RSA PUBLIC KEY')),
+ ), (
+ ('directory-signature', 'moria2' + _random_crypto_blob('SIGNATURE')),
+ ))
def __init__(self, raw_content, validate = False):
super(NetworkStatusDocumentV2, self).__init__(raw_content, lazy_load = not validate)
@@ -967,9 +929,12 @@ class NetworkStatusDocumentV3(NetworkStatusDocument):
raise NotImplementedError('Signing of %s not implemented' % cls.__name__)
attr = {} if attr is None else dict(attr)
-
is_vote = attr.get('vote-status') == 'vote'
- extra_defaults = VOTE_HEADER_DEFAULTS if is_vote else CONSENSUS_HEADER_DEFAULTS
+
+ if is_vote:
+ extra_defaults = {'consensus-methods': '1 9', 'published': _random_date()}
+ else:
+ extra_defaults = {'consensus-method': '9'}
if is_vote and authorities is None:
authorities = [DirectoryAuthority.create(is_vote = is_vote)]
@@ -980,7 +945,26 @@ class NetworkStatusDocumentV3(NetworkStatusDocument):
elif k not in attr:
attr[k] = v
- desc_content = _descriptor_content(attr, exclude, sign, NETWORK_STATUS_DOCUMENT_HEADER, NETWORK_STATUS_DOCUMENT_FOOTER)
+ desc_content = _descriptor_content(attr, exclude, sign, (
+ ('network-status-version', '3'),
+ ('vote-status', 'consensus'),
+ ('consensus-methods', None),
+ ('consensus-method', None),
+ ('published', None),
+ ('valid-after', _random_date()),
+ ('fresh-until', _random_date()),
+ ('valid-until', _random_date()),
+ ('voting-delay', '300 300'),
+ ('client-versions', None),
+ ('server-versions', None),
+ ('package', None),
+ ('known-flags', 'Authority BadExit Exit Fast Guard HSDir Named Running Stable Unnamed V2Dir Valid'),
+ ('params', None),
+ ), (
+ ('directory-footer', ''),
+ ('bandwidth-weights', None),
+ ('directory-signature', '%s %s%s' % (_random_fingerprint(), _random_fingerprint(), _random_crypto_blob('SIGNATURE'))),
+ ))
# inject the authorities and/or routers between the header and footer
@@ -1438,9 +1422,12 @@ class DirectoryAuthority(Descriptor):
# include mandatory 'vote-digest' if a consensus
if not is_vote and not ('vote-digest' in attr or (exclude and 'vote-digest' in exclude)):
- attr['vote-digest'] = '0B6D1E9A300B895AA2D0B427F92917B6995C3C1C'
+ attr['vote-digest'] = _random_fingerprint()
- content = _descriptor_content(attr, exclude, sign, AUTHORITY_HEADER)
+ content = _descriptor_content(attr, exclude, sign, (
+ ('dir-source', '%s %s no.place.com %s 9030 9090' % (_random_nickname(), _random_fingerprint(), _random_ipv4_address())),
+ ('contact', 'Mike Perry <email>'),
+ ))
if is_vote:
content += b'\n' + KeyCertificate.content()
@@ -1630,7 +1617,16 @@ class KeyCertificate(Descriptor):
if sign:
raise NotImplementedError('Signing of %s not implemented' % cls.__name__)
- return _descriptor_content(attr, exclude, sign, KEY_CERTIFICATE_HEADER, KEY_CERTIFICATE_FOOTER)
+ return _descriptor_content(attr, exclude, sign, (
+ ('dir-key-certificate-version', '3'),
+ ('fingerprint', _random_fingerprint()),
+ ('dir-key-published', _random_date()),
+ ('dir-key-expires', _random_date()),
+ ('dir-identity-key', _random_crypto_blob('RSA PUBLIC KEY')),
+ ('dir-signing-key', _random_crypto_blob('RSA PUBLIC KEY')),
+ ), (
+ ('dir-key-certification', _random_crypto_blob('SIGNATURE')),
+ ))
def __init__(self, raw_content, validate = False):
super(KeyCertificate, self).__init__(raw_content, lazy_load = not validate)
@@ -1771,17 +1767,3 @@ class BridgeNetworkStatusDocument(NetworkStatusDocument):
)
self.routers = dict((desc.fingerprint, desc) for desc in router_iter)
-
-
-DOC_SIG = DocumentSignature(
- 'sha1',
- '14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4',
- 'BF112F1C6D5543CFD0A32215ACABD4197B5279AD',
- '-----BEGIN SIGNATURE-----%s-----END SIGNATURE-----' % CRYPTO_BLOB,
-)
-
-NETWORK_STATUS_DOCUMENT_FOOTER = (
- ('directory-footer', ''),
- ('bandwidth-weights', None),
- ('directory-signature', '%s %s\n%s' % (DOC_SIG.identity, DOC_SIG.key_digest, DOC_SIG.signature)),
-)
diff --git a/test/unit/descriptor/networkstatus/directory_authority.py b/test/unit/descriptor/networkstatus/directory_authority.py
index f2c270e..8c1e64e 100644
--- a/test/unit/descriptor/networkstatus/directory_authority.py
+++ b/test/unit/descriptor/networkstatus/directory_authority.py
@@ -7,11 +7,12 @@ import unittest
import test.require
from stem.descriptor.networkstatus import (
- AUTHORITY_HEADER,
DirectoryAuthority,
KeyCertificate,
)
+DIR_SOURCE_LINE = 'turtles 27B6B5996C426270A5C95488AA5BCEB6BCC86956 no.place.com 76.73.17.194 9030 9090'
+
class TestDirectoryAuthority(unittest.TestCase):
def test_minimal_consensus_authority(self):
@@ -21,15 +22,14 @@ class TestDirectoryAuthority(unittest.TestCase):
authority = DirectoryAuthority.create()
- self.assertEqual('turtles', authority.nickname)
- self.assertEqual('27B6B5996C426270A5C95488AA5BCEB6BCC86956', authority.fingerprint)
+ self.assertTrue(authority.nickname.startswith('Unnamed'))
+ self.assertEqual(40, len(authority.fingerprint))
self.assertEqual('no.place.com', authority.hostname)
- self.assertEqual('76.73.17.194', authority.address)
self.assertEqual(9030, authority.dir_port)
self.assertEqual(9090, authority.or_port)
self.assertEqual(False, authority.is_legacy)
self.assertEqual('Mike Perry <email>', authority.contact)
- self.assertEqual('0B6D1E9A300B895AA2D0B427F92917B6995C3C1C', authority.vote_digest)
+ self.assertEqual(40, len(authority.vote_digest))
self.assertEqual(None, authority.legacy_dir_key)
self.assertEqual(None, authority.key_certificate)
self.assertEqual([], authority.get_unrecognized_lines())
@@ -41,17 +41,15 @@ class TestDirectoryAuthority(unittest.TestCase):
authority = DirectoryAuthority.create(is_vote = True)
- self.assertEqual('turtles', authority.nickname)
- self.assertEqual('27B6B5996C426270A5C95488AA5BCEB6BCC86956', authority.fingerprint)
+ self.assertTrue(authority.nickname.startswith('Unnamed'))
+ self.assertEqual(40, len(authority.fingerprint))
self.assertEqual('no.place.com', authority.hostname)
- self.assertEqual('76.73.17.194', authority.address)
self.assertEqual(9030, authority.dir_port)
self.assertEqual(9090, authority.or_port)
self.assertEqual(False, authority.is_legacy)
self.assertEqual('Mike Perry <email>', authority.contact)
self.assertEqual(None, authority.vote_digest)
self.assertEqual(None, authority.legacy_dir_key)
- self.assertEqual(KeyCertificate.create(), authority.key_certificate)
self.assertEqual([], authority.get_unrecognized_lines())
@test.require.cryptography
@@ -96,7 +94,7 @@ class TestDirectoryAuthority(unittest.TestCase):
self.assertRaises(ValueError, DirectoryAuthority, content, True)
authority = DirectoryAuthority(content, False)
- self.assertEqual('turtles', authority.nickname)
+ self.assertTrue(authority.nickname.startswith('Unnamed'))
self.assertEqual(['ho-hum 567'], authority.get_unrecognized_lines())
def test_missing_fields(self):
@@ -113,14 +111,14 @@ class TestDirectoryAuthority(unittest.TestCase):
if excluded_field == 'dir-source':
self.assertEqual('Mike Perry <email>', authority.contact)
else:
- self.assertEqual('turtles', authority.nickname)
+ self.assertTrue(authority.nickname.startswith('Unnamed'))
def test_blank_lines(self):
"""
Includes blank lines, which should be ignored.
"""
- authority = DirectoryAuthority.create({'dir-source': AUTHORITY_HEADER[0][1] + '\n\n\n'})
+ authority = DirectoryAuthority.create({'dir-source': DIR_SOURCE_LINE + '\n\n\n'})
self.assertEqual('Mike Perry <email>', authority.contact)
def test_duplicate_lines(self):
@@ -135,15 +133,15 @@ class TestDirectoryAuthority(unittest.TestCase):
self.assertRaises(ValueError, DirectoryAuthority, content, True)
authority = DirectoryAuthority(content, False)
- self.assertEqual('turtles', authority.nickname)
+ self.assertTrue(authority.nickname.startswith('Unnamed'))
def test_missing_dir_source_field(self):
"""
Excludes fields from the 'dir-source' line.
"""
- for missing_value in AUTHORITY_HEADER[0][1].split(' '):
- dir_source = AUTHORITY_HEADER[0][1].replace(missing_value, '').replace(' ', ' ')
+ for missing_value in DIR_SOURCE_LINE.split(' '):
+ dir_source = DIR_SOURCE_LINE.replace(missing_value, '').replace(' ', ' ')
content = DirectoryAuthority.content({'dir-source': dir_source})
self.assertRaises(ValueError, DirectoryAuthority, content, True)
@@ -168,7 +166,7 @@ class TestDirectoryAuthority(unittest.TestCase):
)
for value in test_values:
- dir_source = AUTHORITY_HEADER[0][1].replace('27B6B5996C426270A5C95488AA5BCEB6BCC86956', value)
+ dir_source = DIR_SOURCE_LINE.replace('27B6B5996C426270A5C95488AA5BCEB6BCC86956', value)
content = DirectoryAuthority.content({'dir-source': dir_source})
self.assertRaises(ValueError, DirectoryAuthority, content, True)
@@ -190,7 +188,7 @@ class TestDirectoryAuthority(unittest.TestCase):
)
for value in test_values:
- dir_source = AUTHORITY_HEADER[0][1].replace('76.73.17.194', value)
+ dir_source = DIR_SOURCE_LINE.replace('76.73.17.194', value)
content = DirectoryAuthority.content({'dir-source': dir_source})
self.assertRaises(ValueError, DirectoryAuthority, content, True)
@@ -215,7 +213,7 @@ class TestDirectoryAuthority(unittest.TestCase):
if not include_or_port and not include_dir_port:
continue
- dir_source = AUTHORITY_HEADER[0][1]
+ dir_source = DIR_SOURCE_LINE
if include_or_port:
dir_source = dir_source.replace('9090', value)
@@ -269,11 +267,12 @@ class TestDirectoryAuthority(unittest.TestCase):
self.assertRaises(ValueError, DirectoryAuthority, content, True)
authority = DirectoryAuthority(content, False)
- self.assertEqual('turtles', authority.nickname)
+ self.assertTrue(authority.nickname.startswith('Unnamed'))
# exclude key cert from a vote
- content = DirectoryAuthority.content(is_vote = True).replace(b'\n' + key_cert, b'')
+
+ content = '\n'.join(DirectoryAuthority.content(is_vote = True).splitlines()[:-5])
self.assertRaises(ValueError, DirectoryAuthority, content, True, True)
authority = DirectoryAuthority(content, False, True)
- self.assertEqual('turtles', authority.nickname)
+ self.assertTrue(authority.nickname.startswith('Unnamed'))
diff --git a/test/unit/descriptor/networkstatus/document_v2.py b/test/unit/descriptor/networkstatus/document_v2.py
index 2ed3177..5ff66ea 100644
--- a/test/unit/descriptor/networkstatus/document_v2.py
+++ b/test/unit/descriptor/networkstatus/document_v2.py
@@ -7,12 +7,7 @@ import unittest
import test.require
-from stem.descriptor.networkstatus import (
- NETWORK_STATUS_DOCUMENT_HEADER_V2,
- NETWORK_STATUS_DOCUMENT_FOOTER_V2,
- NetworkStatusDocumentV2,
-)
-
+from stem.descriptor.networkstatus import NetworkStatusDocumentV2
from test.unit.descriptor import get_resource
@@ -101,18 +96,13 @@ TpQQk3nNQF8z6UIvdlvP+DnJV4izWVkQEZgUZgIVM0E=
self.assertEqual({}, document.routers)
self.assertEqual(2, document.version)
- self.assertEqual('18.244.0.114', document.hostname)
- self.assertEqual('18.244.0.114', document.address)
self.assertEqual(80, document.dir_port)
- self.assertEqual('719BE45DE224B607C53707D0E2143E2D423E74CF', document.fingerprint)
+ self.assertEqual(40, len(document.fingerprint))
self.assertEqual('arma at mit dot edu', document.contact)
- self.assertEqual(NETWORK_STATUS_DOCUMENT_HEADER_V2[5][1][1:], document.signing_key)
self.assertEqual([], document.client_versions)
self.assertEqual([], document.server_versions)
- self.assertEqual(datetime.datetime(2005, 12, 16, 0, 13, 46), document.published)
self.assertEqual([], document.options)
self.assertEqual('moria2', document.signing_authority)
- self.assertEqual(NETWORK_STATUS_DOCUMENT_FOOTER_V2[0][1][7:], document.signature)
@test.require.cryptography
def test_descriptor_signing(self):
diff --git a/test/unit/descriptor/networkstatus/document_v3.py b/test/unit/descriptor/networkstatus/document_v3.py
index 832ba9c..8c662a3 100644
--- a/test/unit/descriptor/networkstatus/document_v3.py
+++ b/test/unit/descriptor/networkstatus/document_v3.py
@@ -14,11 +14,11 @@ import test.require
from stem import Flag
from stem.util import str_type
+from stem.descriptor import CRYPTO_BLOB
+
from stem.descriptor.networkstatus import (
HEADER_STATUS_DOCUMENT_FIELDS,
FOOTER_STATUS_DOCUMENT_FIELDS,
- NETWORK_STATUS_DOCUMENT_FOOTER,
- DOC_SIG,
DEFAULT_PARAMS,
PackageVersion,
DirectoryAuthority,
@@ -309,9 +309,6 @@ DnN5aFtYKiTc19qIC7Nmo+afPdDEf0MlJvEOP5EWl3w=
self.assertEqual(9, document.consensus_method)
self.assertEqual([], document.consensus_methods)
self.assertEqual(None, document.published)
- self.assertEqual(datetime.datetime(2012, 9, 2, 22, 0, 0), document.valid_after)
- self.assertEqual(datetime.datetime(2012, 9, 2, 22, 0, 0), document.fresh_until)
- self.assertEqual(datetime.datetime(2012, 9, 2, 22, 0, 0), document.valid_until)
self.assertEqual(300, document.vote_delay)
self.assertEqual(300, document.dist_delay)
self.assertEqual([], document.client_versions)
@@ -332,7 +329,6 @@ DnN5aFtYKiTc19qIC7Nmo+afPdDEf0MlJvEOP5EWl3w=
self.assertEqual(DEFAULT_PARAMS, document.params)
self.assertEqual((), document.directory_authorities)
self.assertEqual({}, document.bandwidth_weights)
- self.assertEqual([DOC_SIG], document.signatures)
self.assertEqual([], document.get_unrecognized_lines())
def test_minimal_vote(self):
@@ -353,10 +349,6 @@ DnN5aFtYKiTc19qIC7Nmo+afPdDEf0MlJvEOP5EWl3w=
self.assertEqual(True, document.is_vote)
self.assertEqual(None, document.consensus_method)
self.assertEqual([1, 9], document.consensus_methods)
- self.assertEqual(datetime.datetime(2012, 9, 2, 22, 0, 0), document.published)
- self.assertEqual(datetime.datetime(2012, 9, 2, 22, 0, 0), document.valid_after)
- self.assertEqual(datetime.datetime(2012, 9, 2, 22, 0, 0), document.fresh_until)
- self.assertEqual(datetime.datetime(2012, 9, 2, 22, 0, 0), document.valid_until)
self.assertEqual(300, document.vote_delay)
self.assertEqual(300, document.dist_delay)
self.assertEqual([], document.client_versions)
@@ -372,7 +364,6 @@ DnN5aFtYKiTc19qIC7Nmo+afPdDEf0MlJvEOP5EWl3w=
self.assertEqual(None, document.shared_randomness_current_value)
self.assertEqual(DEFAULT_PARAMS, document.params)
self.assertEqual({}, document.bandwidth_weights)
- self.assertEqual([DOC_SIG], document.signatures)
self.assertEqual([], document.get_unrecognized_lines())
@test.require.cryptography
@@ -464,14 +455,11 @@ DnN5aFtYKiTc19qIC7Nmo+afPdDEf0MlJvEOP5EWl3w=
# the document that the entries refer to should actually be the minimal
# descriptor (ie, without the entries)
- expected_document = NetworkStatusDocumentV3.create()
-
descriptor_file = io.BytesIO(content)
entries = list(_parse_file(descriptor_file))
self.assertEqual(entry1, entries[0])
self.assertEqual(entry2, entries[1])
- self.assertEqual(expected_document, entries[0].document)
def test_missing_fields(self):
"""
@@ -946,7 +934,6 @@ DnN5aFtYKiTc19qIC7Nmo+afPdDEf0MlJvEOP5EWl3w=
self.assertRaises(ValueError, NetworkStatusDocumentV3, content, True)
document = NetworkStatusDocumentV3(content, False)
- self.assertEqual([DOC_SIG], document.signatures)
self.assertEqual([], document.get_unrecognized_lines())
# excludes a footer from a version that shouldn't have it
@@ -969,7 +956,6 @@ DnN5aFtYKiTc19qIC7Nmo+afPdDEf0MlJvEOP5EWl3w=
authorities = (DirectoryAuthority.create(is_vote = True),)
)
- self.assertEqual([DOC_SIG], document.signatures)
self.assertEqual([], document.get_unrecognized_lines())
def test_footer_with_value(self):
@@ -981,7 +967,6 @@ DnN5aFtYKiTc19qIC7Nmo+afPdDEf0MlJvEOP5EWl3w=
self.assertRaises(ValueError, NetworkStatusDocumentV3, content, True)
document = NetworkStatusDocumentV3(content, False)
- self.assertEqual([DOC_SIG], document.signatures)
self.assertEqual([], document.get_unrecognized_lines())
def test_bandwidth_wights_ok(self):
@@ -1059,7 +1044,7 @@ DnN5aFtYKiTc19qIC7Nmo+afPdDEf0MlJvEOP5EWl3w=
document = NetworkStatusDocumentV3.create({
'network-status-version': '3 microdesc',
- 'directory-signature': 'sha256 ' + NETWORK_STATUS_DOCUMENT_FOOTER[2][1],
+ 'directory-signature': 'sha256 14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 BF112F1C6D5543CFD0A32215ACABD4197B5279AD\n-----BEGIN SIGNATURE-----%s-----END SIGNATURE-----' % CRYPTO_BLOB,
})
self.assertEqual('sha256', document.signatures[0].method)
@@ -1085,7 +1070,12 @@ DnN5aFtYKiTc19qIC7Nmo+afPdDEf0MlJvEOP5EWl3w=
for test_value in test_values:
for test_attr in range(3):
- attrs = [DOC_SIG.identity, DOC_SIG.key_digest, DOC_SIG.signature]
+ attrs = [
+ '14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4',
+ 'BF112F1C6D5543CFD0A32215ACABD4197B5279AD',
+ '-----BEGIN SIGNATURE-----%s-----END SIGNATURE-----' % CRYPTO_BLOB,
+ ]
+
attrs[test_attr] = test_value
content = NetworkStatusDocumentV3.content({'directory-signature': '%s %s\n%s' % tuple(attrs)})
@@ -1279,7 +1269,7 @@ DnN5aFtYKiTc19qIC7Nmo+afPdDEf0MlJvEOP5EWl3w=
# make the dir-key-published field of the certiciate be malformed
authority_content = DirectoryAuthority.content(is_vote = True)
- authority_content = authority_content.replace(b'dir-key-published 2011', b'dir-key-published 2011a')
+ authority_content = authority_content.replace(b'dir-key-published 2', b'dir-key-published b2')
authority = DirectoryAuthority(authority_content, False, True)
content = NetworkStatusDocumentV3.content({'vote-status': 'vote'}, authorities = (authority,))
diff --git a/test/unit/descriptor/networkstatus/key_certificate.py b/test/unit/descriptor/networkstatus/key_certificate.py
index d7982ae..5115227 100644
--- a/test/unit/descriptor/networkstatus/key_certificate.py
+++ b/test/unit/descriptor/networkstatus/key_certificate.py
@@ -8,12 +8,7 @@ import unittest
import stem.descriptor
import test.require
-from stem.descriptor.networkstatus import (
- KEY_CERTIFICATE_HEADER,
- KEY_CERTIFICATE_FOOTER,
- KeyCertificate,
-)
-
+from stem.descriptor.networkstatus import KeyCertificate
from test.unit.descriptor import get_resource
@@ -28,13 +23,8 @@ class TestKeyCertificate(unittest.TestCase):
self.assertEqual(3, certificate.version)
self.assertEqual(None, certificate.address)
self.assertEqual(None, certificate.dir_port)
- self.assertEqual('27B6B5996C426270A5C95488AA5BCEB6BCC86956', certificate.fingerprint)
- self.assertTrue(stem.descriptor.CRYPTO_BLOB in certificate.identity_key)
- self.assertEqual(datetime.datetime(2011, 11, 28, 21, 51, 4), certificate.published)
- self.assertEqual(datetime.datetime(2012, 11, 28, 21, 51, 4), certificate.expires)
- self.assertTrue(stem.descriptor.CRYPTO_BLOB in certificate.signing_key)
+ self.assertEqual(40, len(certificate.fingerprint))
self.assertEqual(None, certificate.crosscert)
- self.assertTrue(stem.descriptor.CRYPTO_BLOB in certificate.certification)
self.assertEqual([], certificate.get_unrecognized_lines())
def test_real_certificates(self):
@@ -182,7 +172,15 @@ GM9hAsAMRX9Ogqhq5UjDNqEsvDKuyVeyh7unSZEOip9Zr6K/+7VsVPNb8vfBRBjo
Parse a key certificate where a mandatory field is missing.
"""
- mandatory_fields = [entry[0] for entry in KEY_CERTIFICATE_HEADER + KEY_CERTIFICATE_FOOTER]
+ mandatory_fields = (
+ 'dir-key-certificate-version',
+ 'fingerprint',
+ 'dir-key-published',
+ 'dir-key-expires',
+ 'dir-identity-key',
+ 'dir-signing-key',
+ 'dir-key-certification',
+ )
for excluded_field in mandatory_fields:
content = KeyCertificate.content(exclude = (excluded_field,))
@@ -193,7 +191,7 @@ GM9hAsAMRX9Ogqhq5UjDNqEsvDKuyVeyh7unSZEOip9Zr6K/+7VsVPNb8vfBRBjo
if excluded_field == 'fingerprint':
self.assertEqual(3, certificate.version)
else:
- self.assertEqual('27B6B5996C426270A5C95488AA5BCEB6BCC86956', certificate.fingerprint)
+ self.assertEqual(40, len(certificate.fingerprint))
def test_blank_lines(self):
"""
More information about the tor-commits
mailing list