Further work on licensing

Author: pjkundert

GNUmakefile

@@ -41,7 +41,7 @@ else
 endif
 
 # To see all pytest output, uncomment --capture=no, ...
-PYTESTOPTS	= --capture=no --log-cli-level=INFO
+PYTESTOPTS	= --capture=no --log-cli-level=5  # INFO
 
 PY3TEST		= $(PY3) -m pytest $(PYTESTOPTS)
 

requirements.txt

@@ -1,7 +1,7 @@
 base58			>=2.0.1,<3
 chacha20poly1305	>=0.0.3
 click			>=8.1.3,<9
-crypto-licensing	>=3.2.0,<4
+crypto-licensing	>=3.3.0,<4
 cx_Freeze		>=6.12		; sys_platform == "win32"
 fpdf2			>=2.5.7,<3
 hdwallet		>=2.2.1,<3

slip39/invoice/payments.py

@@ -208,11 +208,16 @@ def reload(
             credentials		= None
             while True:
                 key,lic		= authorizations.send( credentials )
+                log.detail( f"Reloading key: {key}, lic: {lic}" )
                 credentials	= None
                 if key is None or lic is None:
                     if key is not None:
                         # Found a Keypair (but no License); yield it
                         yield Process.KEYPAIR, key
+                        continue
+
+                    # Neither Keypair nor License; authorized has indicated it is out of options and
+                    # is about to give up: unless we provide new credentials.
                     what		= "No License found for Agent ID {}".format(
                         licensing.into_b64( key.vk )) if key else "(No Agent ID Keypair found)"
                     if userpass_input:
@@ -234,7 +239,8 @@ def reload(
                         log.warning( "Asking for username..." )
                         username_update	= (
                             yield Process.PROMPT, "Enter {} username (leave empty for no change): ".format(
-                                deduce_name( basename=basename, filename=kwds.get( 'filename' ), package=kwds.get( 'package' )))
+                                deduce_name( basename=basename, filename=kwds.get( 'filename' ), package=kwds.get( 'package' ),
+                                             default=client and client.servicekey or "the" ))
                         )
                         userpass_updated |= bool( username_update )
                         if username_update:
@@ -243,7 +249,8 @@ def reload(
                         log.warning( "Asking for password..." )
                         password_update	= (
                             yield Process.PROMPT, "Enter {} password (leave empty for no change): ".format(
-                                deduce_name( basename=basename, filename=kwds.get( 'filename' ), package=kwds.get( 'package' )))
+                                deduce_name( basename=basename, filename=kwds.get( 'filename' ), package=kwds.get( 'package' ),
+                                             default=client and client.servicekey or "the" ))
                         )
                         userpass_updated |= bool( password_update )
                         if password_update:
@@ -294,7 +301,7 @@ def reload(
             exc=''.join( traceback.format_exception( *sys.exc_info() )) if log.isEnabledFor( logging.TRACE ) else exc ))
         with open( Path( crypto_licensing.__file__ ).resolve().parent / 'licensing' / 'static' / 'txt' / 'CL-KEYPAIR-MISSING.txt', 'r' ) as f:
             error		= f.read().format(
-                DISTRIBUTION	= deduce_name( basename=basename, filename=kwds.get( 'filename' ), package=kwds.get( 'package' )),
+                DISTRIBUTION	= deduce_name( basename=basename, filename=kwds.get( 'filename' ), package=kwds.get( 'package' ), default=client and client.servicekey or "" ),
                 KEYPATTERN	= licensing.KEYPATTERN,
                 LICENSE_OPTION	= '--license',
             )
@@ -377,16 +384,17 @@ def process(
     if acquiring is None:
         acquiring		= True
 
-    # We're looking for a License authored by Dominion R&D Corp.  This might be encapsulated as
-    # one of the dependencies of the License we find (eg. if Dominion issues a License to some
-    # company, which includes the ability to run a crypto-licensing server), but we'll validate
-    # that the Grant was issued by Dominion R&D Corp.  For example, Dominion issues a License to
-    # awesome-inc.com to sub-License crypto-licensing servers.  They, in turn, issue a License
-    # to Лайка.ru to run a crypto-licensing server, and help them set it up.  When
+    # We're looking for a License authored by an author Agent (eg. Dominion R&D Corp.), for a
+    # certain product or service.  This might be encapsulated as one of the dependencies of the
+    # License we find (eg. if Dominion issues a License to some company, which includes the ability
+    # to run a crypto-licensing server), but we'll validate that the Grant was issued by Dominion
+    # R&D Corp.  For example, Dominion issues a License to awesome-inc.com to sub-License
+    # crypto-licensing servers.  They, in turn, issue a License to Лайка.ru to run a
+    # crypto-licensing server, and help them set it up.  When
     # http://crypto-licensing.xn--80aa0aec.ru/ (crypto-licensing.Лайка.ru) issues a License for
-    # their software, part of the fees are paid to awesome-inc.com and some to dominionrnd.com.
-    # The final software installation uses crypto-licensing's authorized() function, which checks
-    # that each successive License's dependencies are correctly signed, and carries the original
+    # their software, part of the fees are paid to awesome-inc.com and some to dominionrnd.com.  The
+    # final software installation uses crypto-licensing's authorized() function, which checks that
+    # each successive License's dependencies are correctly signed, and carries the original
     # 'crypto-licensing' Grant through to the recipient.
     dominion			= licensing.Agent(
         name	= licensing.COMPANY,

slip39/invoice/payments_test.py

@@ -91,9 +91,9 @@ def test_grants( tmp_path ):
     name_cl			= "client-user"
     base_cl			= here / name_cl
 
-    os.symlink( name_ss + '.crypto-license', base_cl.with_suffix( '.crypto-license' ))
+    # os.symlink( name_ss + '.crypto-license', base_cl.with_suffix( '.crypto-license' ))
 
-    # Get a Client Agent, to use to self-sign the License
+    # Get a Client Agent Keypair, to use to self-sign the License
     seed_cl			= licensing.into_bytes( "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" )
     user_cl			= "[email protected]"
     pswd_cl			= "password"
@@ -104,12 +104,85 @@ def test_grants( tmp_path ):
         password	= pswd_cl,
     )
     assert keyp_cl['vk'] == "fVnFYj3UCnSqTVoyrGRdOz+V2urkwiviVHbdakhvc4I="
+    keyp_cl_raw			= keyp_cl.into_keypair( username=user_cl, password=pswd_cl )
 
     ls				= subprocess.run(
         [ 'ls', '-l', str( here ) ], stdout=subprocess.PIPE,
     )
     log.info( f"Test directory:\n{ls.stdout.decode( 'UTF-8' )}\n\n" )
 
+    # The licensing.authorized API should now be able to issue this self-signed.crypto-license
+    # on-demand, IF it can find a Keypair.  It will not find it by looking for
+    # self-signed.crypto-license, b/c self-signed.crypto-keypair is encrypted with different
+    # credentials.
+    with pytest.raises( licensing.NotRegistered ) as excinfo:
+        assert list( licensing.authorized(
+            author	= author,
+            basename	= str( base_ss ),
+            confirm	= False,
+            registering	= False,
+            acquiring	= False,
+        )) == [ (None,None) ]
+    # But w/ a Keypair, we can get a self-signed License issued
+    auth_str = licensing.into_JSON(
+        [
+            ( licensing.KeypairPlaintext( k ) if k else None, l )
+            for k,l in licensing.authorized(
+                author	= author,
+                basename	= str( base_ss ),
+                confirm	= False,
+                registering	= False,
+                acquiring	= False,
+                keypairs	= [ keyp_cl_raw ],
+            )
+        ], indent=4, default=str,
+    )
+    print( auth_str )
+    assert auth_str == """\
+[
+    [
+        {
+            "sk":"u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7t9WcViPdQKdKpNWjKsZF07P5Xa6uTCK+JUdt1qSG9zgg==",
+            "vk":"fVnFYj3UCnSqTVoyrGRdOz+V2urkwiviVHbdakhvc4I="
+        },
+        {
+            "license":{
+                "author":{
+                    "name":"fVnFYj3UCnSqTVoyrGRdOz+V2urkwiviVHbdakhvc4I=",
+                    "pubkey":"fVnFYj3UCnSqTVoyrGRdOz+V2urkwiviVHbdakhvc4I="
+                },
+                "dependencies":[
+                    {
+                        "license":{
+                            "author":{
+                                "domain":"self-signed.com",
+                                "name":"Dominion Research & Development Corp.",
+                                "product":"Self Signed",
+                                "pubkey":"5zTqbCtiV95yNV5HKqBaTEh+a0Y8Ap7TBt8vAbVja1g="
+                            },
+                            "grant":{
+                                "self-signed":{
+                                    "some-capability":10
+                                }
+                            }
+                        },
+                        "signature":"I/o9+bacFBOwTPgNfduUwdgldMRPVCQPUEN4h3yynqzv4sDyEe37oCslnB7gjM8VBojp3vdZbdlmO7HhxLJQDA=="
+                    }
+                ]
+            },
+            "signature":"/OWpu8M4HczWnTXwW5yPchZpdI7B/k7c2GtaiK++itlzm8UY2Gl0DMe2k4HDZY6cg6t1cPi3EgjjtZXrWuLACQ=="
+        }
+    ],
+    [
+        {
+            "sk":"u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7u7t9WcViPdQKdKpNWjKsZF07P5Xa6uTCK+JUdt1qSG9zgg==",
+            "vk":"fVnFYj3UCnSqTVoyrGRdOz+V2urkwiviVHbdakhvc4I="
+        },
+        null
+    ]
+]
+"""
+
     client			= licensing.Agent(
         name	= "Perry Kundert",
         service	= "client-user",
@@ -118,17 +191,19 @@ def test_grants( tmp_path ):
     log.info( f"Client: {client}" )
 
     # We'll be loading an existing Client Agent keypair, so restrict it from registering a new one.
-    # It must try to load the Author's License (using the author.service as the basename), and then
-    # attempt to sign and save an instance of it with the client Keypair.  For this, we need access
-    # to an Agent Keypair suitable for signing (access to decrypted private key); so we'll need the
-    # credentials.
+    # We'll look for Licenses issued under the basenames of client.service (an already issued
+    # sub-license), and author.service (eg. an author-issued License we can sub-license). If no
+    # already issued License is found, tt must try to load the Author's License (using the
+    # author.service as the basename), and then attempt to sign and save an instance of it with the
+    # client Agent's Keypair.  For this, we need access to an Agent Keypair suitable for signing
+    # (access to decrypted private key); so we'll need the credentials.
     machine_id_path		= test.with_suffix( '' ) / "payments_test.machine-id"
     reloader			= reload(
         author		= author,
         client		= client,
         registering	= False,
         reverse_save	= True,
-        basename	= name_cl,  # basename of the License, and the Keypair use to self-sign it
+        basename	= None,         # name_cl,  # basename of the License, and the Keypair use to self-sign it
         confirm		= False,
         extra		= [ str( here ) ],
         constraints	= dict(
@@ -194,10 +269,11 @@ def test_grants( tmp_path ):
     log.info( f"Verified self-signed License:\n{constraints}\n\n" )
     assert not constraints
 
-    # Later, we restore from backup and our Machine ID changes...
+    # Later, we restore from backup and our Machine ID changes...  This will cause a
+    # LicenseSigned.verify failure.
     assert len( licenses ) == 1
     with pytest.raises( licensing.LicenseIncompatibility ) as excinfo:
-        constraints			= licenses[0].verify(
+        constraints		= licenses[0].verify(
             author_pubkey	= client.pubkey,
             confirm		= False,
         )