mirror of
https://github.com/BigBodyCobain/Shadowbroker.git
synced 2026-05-13 03:54:45 +02:00
BigBodyCobain
128 lines
4.9 KiB
Python
128 lines
4.9 KiB
Python
import time
|
|
|
|
import pytest
|
|
|
|
|
|
@pytest.fixture(autouse=True)
|
|
def _clear_settings_and_revocation_cache():
|
|
from services.config import get_settings
|
|
from services.mesh import mesh_metrics, mesh_signed_events
|
|
|
|
get_settings.cache_clear()
|
|
mesh_metrics.reset()
|
|
mesh_signed_events._reset_revocation_ttl_cache()
|
|
yield
|
|
get_settings.cache_clear()
|
|
mesh_metrics.reset()
|
|
mesh_signed_events._reset_revocation_ttl_cache()
|
|
|
|
|
|
def test_revocation_cache_uses_fresh_entries_and_refreshes_stale(monkeypatch):
|
|
from services.mesh import mesh_hashchain, mesh_signed_events
|
|
|
|
rebuilds = {"count": 0}
|
|
|
|
def _rebuild():
|
|
rebuilds["count"] += 1
|
|
|
|
monkeypatch.setattr(mesh_hashchain.infonet, "_rebuild_revocations", _rebuild)
|
|
monkeypatch.setattr(
|
|
mesh_hashchain.infonet,
|
|
"_revocation_status",
|
|
lambda _key: (
|
|
rebuilds["count"] >= 2,
|
|
{"event_id": "evt-2"} if rebuilds["count"] >= 2 else None,
|
|
),
|
|
)
|
|
|
|
first = mesh_signed_events._revocation_status_with_ttl("pub-a")
|
|
second = mesh_signed_events._revocation_status_with_ttl("pub-a")
|
|
mesh_signed_events._REVOCATION_TTL_CACHE["pub-a"]["checked_at"] = time.time() - 1000.0
|
|
third = mesh_signed_events._revocation_status_with_ttl("pub-a")
|
|
|
|
assert first == (False, None)
|
|
assert second == (False, None)
|
|
assert third[0] is True
|
|
assert rebuilds["count"] == 2
|
|
|
|
|
|
def test_preflight_allows_refresh_failures_in_observe_mode(monkeypatch):
|
|
from services.mesh import mesh_hashchain, mesh_metrics, mesh_signed_events
|
|
|
|
monkeypatch.setenv("MESH_SIGNED_REVOCATION_CACHE_ENFORCE", "false")
|
|
monkeypatch.setattr(mesh_hashchain.infonet, "_rebuild_revocations", lambda: (_ for _ in ()).throw(RuntimeError("offline")))
|
|
monkeypatch.setattr(mesh_hashchain.infonet, "check_replay", lambda *_args, **_kwargs: False)
|
|
mesh_hashchain.infonet.node_sequences.clear()
|
|
mesh_hashchain.infonet.public_key_bindings.clear()
|
|
|
|
ok, reason = mesh_signed_events.preflight_signed_event_integrity(
|
|
event_type="message",
|
|
node_id="node-a",
|
|
sequence=7,
|
|
public_key="pub-a",
|
|
public_key_algo="Ed25519",
|
|
signature="sig",
|
|
protocol_version=mesh_signed_events.PROTOCOL_VERSION,
|
|
)
|
|
|
|
assert ok is True
|
|
assert reason == "ok"
|
|
snapshot = mesh_metrics.snapshot()
|
|
assert snapshot["counters"]["revocation_refresh_attempts"] == 1
|
|
assert snapshot["counters"]["revocation_refresh_failures"] == 1
|
|
assert snapshot["counters"]["revocation_refresh_fail_open"] == 1
|
|
assert snapshot["counters"].get("revocation_refresh_fail_closed", 0) == 0
|
|
|
|
|
|
def test_preflight_fails_closed_when_refresh_enforcement_is_enabled(monkeypatch):
|
|
from services.mesh import mesh_hashchain, mesh_metrics, mesh_signed_events
|
|
|
|
monkeypatch.setenv("MESH_SIGNED_REVOCATION_CACHE_ENFORCE", "true")
|
|
monkeypatch.setattr(mesh_hashchain.infonet, "_rebuild_revocations", lambda: (_ for _ in ()).throw(RuntimeError("offline")))
|
|
monkeypatch.setattr(mesh_hashchain.infonet, "check_replay", lambda *_args, **_kwargs: False)
|
|
mesh_hashchain.infonet.node_sequences.clear()
|
|
mesh_hashchain.infonet.public_key_bindings.clear()
|
|
|
|
ok, reason = mesh_signed_events.preflight_signed_event_integrity(
|
|
event_type="message",
|
|
node_id="node-a",
|
|
sequence=7,
|
|
public_key="pub-a",
|
|
public_key_algo="Ed25519",
|
|
signature="sig",
|
|
protocol_version=mesh_signed_events.PROTOCOL_VERSION,
|
|
)
|
|
|
|
assert ok is False
|
|
assert reason == "Signed event integrity preflight unavailable"
|
|
snapshot = mesh_metrics.snapshot()
|
|
assert snapshot["counters"]["revocation_refresh_attempts"] == 1
|
|
assert snapshot["counters"]["revocation_refresh_failures"] == 1
|
|
assert snapshot["counters"]["revocation_refresh_fail_closed"] == 1
|
|
assert snapshot["counters"].get("revocation_refresh_fail_open", 0) == 0
|
|
|
|
|
|
def test_revocation_cache_fail_fast_window_skips_repeat_refresh_when_enforcing(monkeypatch):
|
|
from services.mesh import mesh_hashchain, mesh_metrics, mesh_signed_events
|
|
|
|
monkeypatch.setenv("MESH_SIGNED_REVOCATION_CACHE_ENFORCE", "true")
|
|
rebuilds = {"count": 0}
|
|
|
|
def _rebuild():
|
|
rebuilds["count"] += 1
|
|
raise RuntimeError("offline")
|
|
|
|
monkeypatch.setattr(mesh_hashchain.infonet, "_rebuild_revocations", _rebuild)
|
|
|
|
with pytest.raises(mesh_signed_events._RevocationRefreshUnavailable):
|
|
mesh_signed_events._revocation_status_with_ttl("pub-a")
|
|
with pytest.raises(mesh_signed_events._RevocationRefreshUnavailable):
|
|
mesh_signed_events._revocation_status_with_ttl("pub-a")
|
|
|
|
snapshot = mesh_metrics.snapshot()
|
|
assert rebuilds["count"] == 1
|
|
assert snapshot["counters"]["revocation_refresh_attempts"] == 1
|
|
assert snapshot["counters"]["revocation_refresh_failures"] == 1
|
|
assert snapshot["counters"]["revocation_refresh_fail_closed"] == 1
|
|
assert snapshot["counters"]["revocation_refresh_waits"] == 1
|