From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 74F0242D60 for ; Mon, 26 Jun 2023 23:38:03 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 50FF840223; Mon, 26 Jun 2023 23:38:03 +0200 (CEST) Received: from mail-pg1-f226.google.com (mail-pg1-f226.google.com [209.85.215.226]) by mails.dpdk.org (Postfix) with ESMTP id 8666D4013F for ; Mon, 26 Jun 2023 23:38:02 +0200 (CEST) Received: by mail-pg1-f226.google.com with SMTP id 41be03b00d2f7-55ae51a45deso730238a12.3 for ; Mon, 26 Jun 2023 14:38:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iol.unh.edu; s=unh-iol; t=1687815481; x=1690407481; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=B8v5C7kDs+ttA1RUQDO+/0dFNTqYfTA2/3O15i+zEH0=; b=YG6DCnv42/7JD34RbTpv7nDJFNmU06+HU5jo79xjqBwNMDBG8AVx9gCkHSslwLNCV+ vmEXgVMJZvYfv7pLTeJjiP+FjamtUtwoxplo1NwFXIwLdnRsosSBce17+lunbYw4jAOv T1QGJH4pY04p0E7ICKLbPCN/gP2tgs7gMUHxA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687815481; x=1690407481; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=B8v5C7kDs+ttA1RUQDO+/0dFNTqYfTA2/3O15i+zEH0=; b=Kis2H2xWeO+MCqgIsKusY2ITBcOALguoQxuI0jsfqNsFVIyly5ARwTOmTgLrY09ujE WwQW1RKBAIJgza+1VuC28ga8PpYtY+NNyxN436p95lX21srABlYY6HESsbMhDt/6A1eh zAY+P/PL5E8LHi/EMpr2meUp8jruRu1nzlcr/B0XavT8539av5xDZ8XFTrXLcu5vdAhv Ge/JTYDyl47PB5HCqh6r3jFReescSKDRUzDPMoKPjPJUsSOAltz1SLSVCHGVyXzDyhJo iynnrNs/K+5YPrrFJT9NyH2N9Sr6rBzPTBRzkWh9uePF5c9oiSBf72J/VIwgurvyMw8R oDaA== X-Gm-Message-State: AC+VfDzTZG5tMhVVQ8m09VaS6g8U6iRYjV+96ouyL+XqHpmLCNCG/gFf FgP8J3u+0cFzF1l9J6MgQ5PAcIUk1kKnThPmpzZGmFjpknw9Q10nvwflm0TCKa4rzlLgVGBixUZ PnJNh2WVvP5TAcYfKTkOQ4kr/6WjXxwQIoVowr9yreUpydRrFVrgUtZJm1KNPsn1uuza60DQXtn ioBI75Jgv6rbCzibPAZ3Hp X-Google-Smtp-Source: ACHHUZ6mUajh/KeNSGUr8MG5N4PtLDaZiYy+ka6UuUp0pOwg8Myvzzr228GOkdPygBv4tLift6f7lU8KkknU X-Received: by 2002:a17:90a:64cc:b0:262:fab9:b12 with SMTP id i12-20020a17090a64cc00b00262fab90b12mr2068798pjm.45.1687815481482; Mon, 26 Jun 2023 14:38:01 -0700 (PDT) Received: from postal.iol.unh.edu (postal.iol.unh.edu. [2606:4100:3880:1234::84]) by smtp-relay.gmail.com with ESMTPS id nn3-20020a17090b38c300b0026316cbea67sm10992pjb.15.2023.06.26.14.38.01 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 26 Jun 2023 14:38:01 -0700 (PDT) X-Relaying-Domain: iol.unh.edu Received: from iol.unh.edu (unknown [IPv6:2606:4100:3880:1271:90f9:1b64:f6e6:867f]) by postal.iol.unh.edu (Postfix) with ESMTP id 89D55605246B; Mon, 26 Jun 2023 17:38:00 -0400 (EDT) From: jspewock@iol.unh.edu To: aconole@redhat.com Cc: ci@dpdk.org, Jeremy Spewock Subject: [PATCH v2] tools: add jwt renewal function to acvp_tool Date: Mon, 26 Jun 2023 17:36:01 -0400 Message-ID: <20230626213746.25465-2-jspewock@iol.unh.edu> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: ci@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK CI discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ci-bounces@dpdk.org From: Jeremy Spewock Adds a method that follows the process for renewing your jwt according to NIST API documentation. This way, if there are load issues and it takes too long to get vectors back with multi-algorithm testing, the script will always handle the jwt expiring. Also added a maximum number of renewals so that the script cannot run infinitely. Signed-off-by: Jeremy Spewock --- tools/acvp/acvp_tool.py | 71 ++++++++++++++++++++++++++++++++++++----- 1 file changed, 63 insertions(+), 8 deletions(-) mode change 100755 => 100644 tools/acvp/acvp_tool.py diff --git a/tools/acvp/acvp_tool.py b/tools/acvp/acvp_tool.py old mode 100755 new mode 100644 index 40d2f2f..a28760d --- a/tools/acvp/acvp_tool.py +++ b/tools/acvp/acvp_tool.py @@ -1,7 +1,7 @@ #!/usr/bin/env python3 # SPDX-License-Identifier: BSD-3-Clause -# Copyright 2022 The University of New Hampshire +# Copyright 2023 The University of New Hampshire import hashlib import sys @@ -36,6 +36,8 @@ class ACVPProxy: self.totp_path: str = totp_path self.login_data: Optional[Dict[str, Any]] = None self.session_data: Optional[Dict[str, Any]] = None + self.retries: int = 0 + self.max_retries: int = 2 with open(config_path, 'r') as f: self.config: Any = json.load(f) @@ -70,7 +72,13 @@ class ACVPProxy: cert=self.cert, headers={'Authorization': f'Bearer {token}'} ) - if not response.ok: + if response.status_code == 401: + if self.__renew_jwt(): + token = self.session_data['jwt'] + continue + logging.error("Failed to renew expired jwt") + return None + elif not response.ok: logging.error(f'Failed to fetch vector set {url}') logging.error(json.dumps(response.json(), indent=4)) return None @@ -85,6 +93,35 @@ class ACVPProxy: logging.info(f'Downloaded vector set {url}') return vector_set_json + def __renew_jwt(self) -> bool: + """Renews the jwt in session_data. + + JWTs provided by the NIST API last 30 minutes which can cause this + script to fail even with good data. This method renews the jwt using + the login endpoint. + + @return: True if successfully renewed token + """ + if self.retries >= self.max_retries: + logging.error("Maximum number of jwt renewals has been reached.") + return False + response = requests.post( + url=f'{self.config["url"]}/acvp/v1/login', + json=[ + {'acvVersion': '1.0'}, + { + 'password': self.__get_totp(), + 'accessToken': self.session_data["jwt"] + } + ], + cert=self.cert, + ) + if response.ok: + self.retries += 1 + self.session_data["jwt"] = response.json()[1].pop("accessToken") + return True + return False + def login(self) -> bool: """Log into the API server. @@ -178,6 +215,12 @@ class ACVPProxy: 'Authorization': f'Bearer {self.session_data["jwt"]}' } ) + if result.status_code == 401: + if self.__renew_jwt(): + write_data[0]["jwt"] = self.session_data["jwt"] + continue + logging.error("Failed to renew jwt") + return None version, result_json = result.json() if 'retry' in result_json: duration = result_json['retry'] @@ -208,7 +251,19 @@ class ACVPProxy: headers={'Authorization': f'Bearer {self.session_data["jwt"]}'} ) - if not response.ok: + if response.status_code == 401: + if self.__renew_jwt(): + response = requests.post( + f'{self.config["url"]}{session_url}/vectorSets/' + f'{vector_set["vsId"]}/results', + json=[version, vector_set], + cert=self.cert, + headers={'Authorization': f'Bearer {self.session_data["jwt"]}'} + ) + else: + logging.error("Failed to renew jwt") + return False + elif not response.ok: has_error = True logging.error(f'Could not upload vector set response for ' f'vector set ID {vector_set["vsId"]}.') @@ -239,13 +294,13 @@ def main(request_path: Optional[str], config_path=config_path, ) - logging.info('Attempting to log in...') - if not proxy.login(): - logging.error('Could not log in.') - sys.exit(1) - logging.info('Successfully logged in.') if request_path: + logging.info('Attempting to log in...') + if not proxy.login(): + logging.error('Could not log in.') + sys.exit(1) + logging.info('Successfully logged in.') logging.info('Creating a new test session and downloading vectors...') test_session = proxy.register() if not test_session: -- 2.41.0