diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2016-03-22 22:19:47 +0100 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2016-03-23 23:18:11 +0100 |
| commit | 8b5f6c27e0dde5f8b995b89dd2e3c9fa3caed3d5 (patch) | |
| tree | 1d244e440b3fc71889f638ae2c8bbd78d478b28e | |
| parent | dfa57ae87bbc57605beb416c8a3b7b121a9c94e5 (diff) | |
Also check key expiry in may_use()
| -rw-r--r-- | pskc/policy.py | 26 | ||||
| -rw-r--r-- | tests/test_misc.doctest | 21 | ||||
| -rw-r--r-- | tests/test_rfc6030.doctest | 6 | ||||
| -rw-r--r-- | tests/test_write.doctest | 9 |
4 files changed, 50 insertions, 12 deletions
diff --git a/pskc/policy.py b/pskc/policy.py index 0243d59..87af698 100644 --- a/pskc/policy.py +++ b/pskc/policy.py @@ -21,6 +21,14 @@ """Module that provides PSKC key policy information.""" +def _make_aware(d): + """Make tge specified datetime timezone aware.""" + import dateutil.tz + if not d.tzinfo: + return d.replace(tzinfo=dateutil.tz.tzlocal()) + return d + + class Policy(object): """Representation of a policy that describes key and pin usage. @@ -172,11 +180,25 @@ class Policy(object): mk_elem(policy, 'pskc:NumberOfTransactions', self.number_of_transactions) - def may_use(self, usage): + def may_use(self, usage=None, now=None): """Check whether the key may be used for the provided purpose.""" + import datetime + import dateutil.tz if self.unknown_policy_elements: return False - return not self.key_usage or usage in self.key_usage + if usage is not None and self.key_usage: + if usage not in self.key_usage: + return False + # check start_date and expiry_date + if now is None: + now = datetime.datetime.now(dateutil.tz.tzlocal()) + if self.start_date: + if _make_aware(self.start_date) > _make_aware(now): + return False # not-yet usable key + if self.expiry_date: + if _make_aware(self.expiry_date) < _make_aware(now): + return False # not-yet usable key + return True @property def pin_key(self): diff --git a/tests/test_misc.doctest b/tests/test_misc.doctest index 358abcb..94af520 100644 --- a/tests/test_misc.doctest +++ b/tests/test_misc.doctest @@ -24,6 +24,9 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA >>> def decode(f): ... return lambda x: tostr(f(x)) >>> b2a_hex = decode(b2a_hex) +>>> import datetime +>>> now = datetime.datetime(2016, 3, 23, 0, 0, 0) +>>> import dateutil.tz >>> from pskc import PSKC @@ -151,6 +154,18 @@ datetime.datetime(2026, 5, 31, 0, 0, tzinfo=tzutc()) ['OTP'] >>> key.policy.unknown_policy_elements False +>>> key.policy.may_use('OTP', datetime.datetime(2005, 4, 3, 0, 0, 0)) +False +>>> key.policy.may_use('OTP', now) +True +>>> key.policy.may_use('OTP', datetime.datetime(2028, 12, 31, 0, 0, 0)) +False +>>> key.policy.start_date = datetime.datetime.now() + \ +... datetime.timedelta(seconds=10) +>>> key.policy.may_use('OTP') +False +>>> key.policy.start_date = datetime.datetime.now(dateutil.tz.tzlocal()) - \ +... datetime.timedelta(seconds=10) >>> key.policy.may_use('OTP') True >>> key = pskc.keys[1] @@ -158,21 +173,21 @@ True ['OTP'] >>> key.policy.unknown_policy_elements True ->>> key.policy.may_use('OTP') +>>> key.policy.may_use('OTP', now) False >>> key = pskc.keys[2] >>> key.policy.key_usage ['OTP'] >>> key.policy.unknown_policy_elements True ->>> key.policy.may_use('OTP') +>>> key.policy.may_use('OTP', now) False >>> key = pskc.keys[3] >>> key.policy.key_usage ['OTP'] >>> key.policy.unknown_policy_elements True ->>> key.policy.may_use('OTP') +>>> key.policy.may_use('OTP', now) False diff --git a/tests/test_rfc6030.doctest b/tests/test_rfc6030.doctest index 634e1c7..ba11d59 100644 --- a/tests/test_rfc6030.doctest +++ b/tests/test_rfc6030.doctest @@ -24,6 +24,8 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA >>> def decode(f): ... return lambda x: tostr(f(x)) >>> b2a_hex = decode(b2a_hex) +>>> import datetime +>>> now = datetime.datetime(2016, 3, 23, 0, 0, 0) >>> from pskc import PSKC @@ -125,9 +127,9 @@ This tests the key policy properties as illustrated in Figure 5 from RFC 'Local' >>> key1.policy.key_usage ['OTP'] ->>> key1.policy.may_use('OTP') +>>> key1.policy.may_use('OTP', now) True ->>> key1.policy.may_use('Encrypt') +>>> key1.policy.may_use('Encrypt', now) False >>> key1.policy.unknown_policy_elements False diff --git a/tests/test_write.doctest b/tests/test_write.doctest index 677bd29..d0fa3d4 100644 --- a/tests/test_write.doctest +++ b/tests/test_write.doctest @@ -25,7 +25,6 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA >>> import tempfile >>> from binascii import a2b_hex >>> from dateutil.tz import tzutc ->>> utc = tzutc() Build a PSKC structure. @@ -40,8 +39,8 @@ Add a key with all attributes set. >>> key.serial = '987654321' >>> key.model = 'Model' >>> key.issue_no = 2 ->>> key.start_date = datetime.datetime(2006, 5, 1, 0, 0, tzinfo=utc) ->>> key.expiry_date = datetime.datetime(2014, 5, 31, 0, 0, tzinfo=utc) +>>> key.start_date = datetime.datetime(2006, 5, 1, 0, 0, tzinfo=tzutc()) +>>> key.expiry_date = datetime.datetime(2014, 5, 31, 0, 0, tzinfo=tzutc()) >>> key.device_userid = 'uid=arthur, dc=arthurdejong, dc=org' >>> key.crypto_module = 'CyrptoId' >>> key.algorithm = 'urn:ietf:params:xml:ns:keyprov:pskc:totp' @@ -66,8 +65,8 @@ Add policy information and a PIN. >>> key.policy.key_usage.append('OTP') >>> key.policy.key_usage.append(key.policy.KEY_USE_VERIFY) ->>> key.policy.start_date = datetime.datetime(2008, 5, 1, 0, 0, tzinfo=utc) ->>> key.policy.expiry_date = datetime.datetime(2012, 6, 13, 0, 0, tzinfo=utc) +>>> key.policy.start_date = datetime.datetime(2008, 5, 1, 0, 0, tzinfo=tzutc()) +>>> key.policy.expiry_date = datetime.datetime(2012, 6, 13, 0, 0, tzinfo=tzutc()) >>> key.policy.number_of_transactions = 42 >>> key.policy.pin_key_id = 'pinID' >>> key.policy.pin_usage = 'Local' |