From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2FB5F42D17 for ; Wed, 21 Jun 2023 21:54:09 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 1117A4068E; Wed, 21 Jun 2023 21:54:09 +0200 (CEST) Received: from mail-pl1-f228.google.com (mail-pl1-f228.google.com [209.85.214.228]) by mails.dpdk.org (Postfix) with ESMTP id 2D95C4003C for ; Wed, 21 Jun 2023 21:54:08 +0200 (CEST) Received: by mail-pl1-f228.google.com with SMTP id d9443c01a7336-1b4f9583404so48445735ad.2 for ; Wed, 21 Jun 2023 12:54:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iol.unh.edu; s=unh-iol; t=1687377247; x=1689969247; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=LrxypyzSSyqRg6C1W7biNE9joX6o2m4u6kll2Hm/x5U=; b=MglHsIeYiEJxEuHDtNoGfD6TVJ02GLYQGiK910V3iGZ1v1kpaGeoKtvyBl+rdSlzOT RLn+5NGuJlUEUMl7W5BDPcgvwTNt/piBS4j/MNRU2UIj5/o36c2A7xF6lqLw0mktrncT qlqopO3X4OFGg4F2O0soXZrlrkdpLMpwtFw18= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687377247; x=1689969247; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=LrxypyzSSyqRg6C1W7biNE9joX6o2m4u6kll2Hm/x5U=; b=chxz9dvPiGJ6JXvjAGSq12XiovZEvbPpsYGmZ138MLarOOX/wWWZCsJvaa09GYPnHP u/VgizqfByIKR2JrEh3x059e5o398n8mRVTbKEPj10Em+9DVT2iiC4SsxeshEX6oaQ89 Q5nOQbmpRfNVqtEZLE43L+A6noFdeBreL0181bgJ+PiAt6KF7t6a/RrBVkXYgSUtzdJu gYB3Gv2L4IcS1pYu12jASUym2xipUkP3gtXPZ9SrzZbcbVX3oIxFouhdeJCdF5GbzqTE aGwVAYDduxdvz5afWQjf559AEQY7xpSqDV8It08D8JYaNrYTrbDMQSPxJMSYl0cYDaxp zVFw== X-Gm-Message-State: AC+VfDzuMJK57IzT/w5Sij1Fh6BPbi7SJUfXxmcXa+9qswhJS8vKYJ+i Q4sKlmKxRjCBcscXkzRx/fXhgg0xluD3hPE/PO3ocn0AJMCwFyoJdAmLT1AzFpNdq3+aXOVhkgb hQ/FTzr8vgSaN5TA1AXsXw0pTNsRipTc9vD8gGb/umy3rJSyKFlmcu0wYIjskeNcg4qq/m0GJhq Mm+JIJYOPoWBcamuvyrljJ X-Google-Smtp-Source: ACHHUZ7sma3jMBCw5w1X2H6I09zvnUMZBeFnVVraUIKHTGnQUFzA7M2uUC3wQiF5UT2Xc4WSy0DtYP0wLXbT X-Received: by 2002:a17:902:d2c2:b0:1b6:9551:e2b8 with SMTP id n2-20020a170902d2c200b001b69551e2b8mr4297627plc.34.1687377247203; Wed, 21 Jun 2023 12:54:07 -0700 (PDT) Received: from postal.iol.unh.edu (postal.iol.unh.edu. [2606:4100:3880:1234::84]) by smtp-relay.gmail.com with ESMTPS id h3-20020a170902b94300b001b39ec97db7sm466768pls.144.2023.06.21.12.54.06 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 21 Jun 2023 12:54:07 -0700 (PDT) X-Relaying-Domain: iol.unh.edu Received: from iol.unh.edu (unknown [IPv6:2606:4100:3880:1271:90f9:1b64:f6e6:867f]) by postal.iol.unh.edu (Postfix) with ESMTP id 31528605246B; Wed, 21 Jun 2023 15:54:06 -0400 (EDT) From: jspewock@iol.unh.edu To: aconole@redhat.com Cc: ci@dpdk.org, Jeremy Spewock Subject: [PATCH v1] tools: add jwt renewal function to acvp_tool Date: Wed, 21 Jun 2023 15:53:21 -0400 Message-ID: <20230621195342.5035-2-jspewock@iol.unh.edu> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: ci@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK CI discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ci-bounces@dpdk.org From: Jeremy Spewock Adds a method that follows the process for renewing your jwt according to NIST API documentation. This way, if there are load issues and it takes too long to get vectors back with multi-algorithm testing, you can still get restuls and the script will not error. Also, added a maximum number of renewals so that the script cannot run infinitely. Signed-off-by: Jeremy Spewock --- tools/acvp/acvp_tool.py | 73 +++++++++++++++++++++++++++++++++++------ 1 file changed, 63 insertions(+), 10 deletions(-) diff --git a/tools/acvp/acvp_tool.py b/tools/acvp/acvp_tool.py index 40d2f2f..8d50a58 100755 --- a/tools/acvp/acvp_tool.py +++ b/tools/acvp/acvp_tool.py @@ -1,7 +1,7 @@ #!/usr/bin/env python3 # SPDX-License-Identifier: BSD-3-Clause -# Copyright 2022 The University of New Hampshire +# Copyright 2023 The University of New Hampshire import hashlib import sys @@ -36,6 +36,8 @@ class ACVPProxy: self.totp_path: str = totp_path self.login_data: Optional[Dict[str, Any]] = None self.session_data: Optional[Dict[str, Any]] = None + self.retries: int = 0 + self.max_retries: int = 2 with open(config_path, 'r') as f: self.config: Any = json.load(f) @@ -70,7 +72,13 @@ class ACVPProxy: cert=self.cert, headers={'Authorization': f'Bearer {token}'} ) - if not response.ok: + if response.status_code == 401: + if self.__renew_jwt(): + token = self.session_data['jwt'] + continue + logging.error("Failed to renew expired jwt") + return None + elif not response.ok: logging.error(f'Failed to fetch vector set {url}') logging.error(json.dumps(response.json(), indent=4)) return None @@ -85,6 +93,35 @@ class ACVPProxy: logging.info(f'Downloaded vector set {url}') return vector_set_json + def __renew_jwt(self) -> bool: + """Renews the jwt in session_data. + + JWTs provided by the NIST API last 30 minutes which can cause this + script to fail even with good data. This method renews the jwt using + the login endpoint. + + @return: True if successfully renewed token + """ + if self.retries >= self.max_retries: + logging.error("Maximum number of jwt renewals has been reached.") + return False + response = requests.post( + url=f'{self.config["url"]}/acvp/v1/login', + json=[ + {'acvVersion': '1.0'}, + { + 'password': self.__get_totp(), + 'accessToken': self.session_data["jwt"] + } + ], + cert=self.cert, + ) + if response.ok: + self.retries += 1 + self.session_data["jwt"] = response.json()[1].pop("accessToken") + return True + return False + def login(self) -> bool: """Log into the API server. @@ -141,7 +178,6 @@ class ACVPProxy: cert=self.cert, headers={'Authorization': f'Bearer {self.login_data["jwt"]}'} ) - if not response.ok: logging.error('Unable to register.') logging.error(json.dumps(response.json(), indent=4)) @@ -178,6 +214,12 @@ class ACVPProxy: 'Authorization': f'Bearer {self.session_data["jwt"]}' } ) + if result.status_code == 401: + if self.__renew_jwt(): + write_data[0]["jwt"] = self.session_data["jwt"] + continue + logging.error("Failed to renew jwt") + return None version, result_json = result.json() if 'retry' in result_json: duration = result_json['retry'] @@ -207,8 +249,19 @@ class ACVPProxy: cert=self.cert, headers={'Authorization': f'Bearer {self.session_data["jwt"]}'} ) - - if not response.ok: + if response.status_code == 401: + if self.__renew_jwt(): + response = requests.post( + f'{self.config["url"]}{session_url}/vectorSets/' + f'{vector_set["vsId"]}/results', + json=[version, vector_set], + cert=self.cert, + headers={'Authorization': f'Bearer {self.session_data["jwt"]}'} + ) + else: + logging.error("Failed to renew jwt") + return False + elif not response.ok: has_error = True logging.error(f'Could not upload vector set response for ' f'vector set ID {vector_set["vsId"]}.') @@ -239,13 +292,13 @@ def main(request_path: Optional[str], config_path=config_path, ) - logging.info('Attempting to log in...') - if not proxy.login(): - logging.error('Could not log in.') - sys.exit(1) - logging.info('Successfully logged in.') if request_path: + logging.info('Attempting to log in...') + if not proxy.login(): + logging.error('Could not log in.') + sys.exit(1) + logging.info('Successfully logged in.') logging.info('Creating a new test session and downloading vectors...') test_session = proxy.register() if not test_session: -- 2.41.0