<div dir="ltr"><div class="gmail_default" style="font-family:arial,sans-serif">Fixed in v2, thanks for the feedback!</div><div class="gmail_default" style="font-family:arial,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,sans-serif">-Jeremy<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jun 26, 2023 at 3:00 PM Aaron Conole <<a href="mailto:aconole@redhat.com">aconole@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Jeremy Spewock <<a href="mailto:jspewock@iol.unh.edu" target="_blank">jspewock@iol.unh.edu</a>> writes:<br>
<br>
> On Fri, Jun 23, 2023 at 10:15 AM Aaron Conole <<a href="mailto:aconole@redhat.com" target="_blank">aconole@redhat.com</a>> wrote:<br>
><br>
> <a href="mailto:jspewock@iol.unh.edu" target="_blank">jspewock@iol.unh.edu</a> writes:<br>
><br>
> > From: Jeremy Spewock <<a href="mailto:jspewock@iol.unh.edu" target="_blank">jspewock@iol.unh.edu</a>><br>
> ><br>
> > Adds a method that follows the process for renewing your jwt according<br>
> > to NIST API documentation. This way, if there are load issues and it<br>
> > takes too long to get vectors back with multi-algorithm testing, you can<br>
> > still get restuls and the script will not error.<br>
> ><br>
> > Also, added a maximum number of renewals so that the script cannot run<br>
> > infinitely.<br>
> ><br>
> > Signed-off-by: Jeremy Spewock <<a href="mailto:jspewock@iol.unh.edu" target="_blank">jspewock@iol.unh.edu</a>><br>
> > ---<br>
><br>
> Just some nits - I haven't run this through black / flake8.<br>
><br>
> > tools/acvp/acvp_tool.py | 73 +++++++++++++++++++++++++++++++++++------<br>
> > 1 file changed, 63 insertions(+), 10 deletions(-)<br>
> ><br>
> > diff --git a/tools/acvp/acvp_tool.py b/tools/acvp/acvp_tool.py<br>
> > index 40d2f2f..8d50a58 100755<br>
> > --- a/tools/acvp/acvp_tool.py<br>
> > +++ b/tools/acvp/acvp_tool.py<br>
> > @@ -1,7 +1,7 @@<br>
> > #!/usr/bin/env python3<br>
> > <br>
> > # SPDX-License-Identifier: BSD-3-Clause<br>
> > -# Copyright 2022 The University of New Hampshire<br>
> > +# Copyright 2023 The University of New Hampshire<br>
> > <br>
> > import hashlib<br>
> > import sys<br>
> > @@ -36,6 +36,8 @@ class ACVPProxy:<br>
> > self.totp_path: str = totp_path<br>
> > self.login_data: Optional[Dict[str, Any]] = None<br>
> > self.session_data: Optional[Dict[str, Any]] = None<br>
> > + self.retries: int = 0<br>
> > + self.max_retries: int = 2<br>
> > <br>
> > with open(config_path, 'r') as f:<br>
> > self.config: Any = json.load(f)<br>
> > @@ -70,7 +72,13 @@ class ACVPProxy:<br>
> > cert=self.cert,<br>
> > headers={'Authorization': f'Bearer {token}'}<br>
> > )<br>
> > - if not response.ok:<br>
> > + if response.status_code == 401:<br>
> > + if self.__renew_jwt():<br>
> > + token = self.session_data['jwt']<br>
> > + continue<br>
> > + logging.error("Failed to renew expired jwt")<br>
> > + return None<br>
> > + elif not response.ok:<br>
> > logging.error(f'Failed to fetch vector set {url}')<br>
> > logging.error(json.dumps(response.json(), indent=4))<br>
> > return None<br>
> > @@ -85,6 +93,35 @@ class ACVPProxy:<br>
> > <a href="http://logging.info" rel="noreferrer" target="_blank">logging.info</a>(f'Downloaded vector set {url}')<br>
> > return vector_set_json<br>
> > <br>
> > + def __renew_jwt(self) -> bool:<br>
> > + """Renews the jwt in session_data.<br>
> > +<br>
> > + JWTs provided by the NIST API last 30 minutes which can cause this<br>
> > + script to fail even with good data. This method renews the jwt using<br>
> > + the login endpoint.<br>
> > +<br>
> > + @return: True if successfully renewed token<br>
> > + """<br>
> > + if self.retries >= self.max_retries:<br>
> > + logging.error("Maximum number of jwt renewals has been reached.")<br>
> > + return False<br>
> > + response = <a href="http://requests.post" rel="noreferrer" target="_blank">requests.post</a>(<br>
> > + url=f'{self.config["url"]}/acvp/v1/login',<br>
> > + json=[<br>
> > + {'acvVersion': '1.0'},<br>
> > + {<br>
> > + 'password': self.__get_totp(),<br>
> > + 'accessToken': self.session_data["jwt"]<br>
> > + }<br>
> > + ],<br>
> > + cert=self.cert,<br>
> > + )<br>
> > + if response.ok:<br>
> > + self.retries += 1<br>
> > + self.session_data["jwt"] = response.json()[1].pop("accessToken")<br>
> > + return True<br>
> > + return False<br>
> > +<br>
> > def login(self) -> bool:<br>
> > """Log into the API server.<br>
> > <br>
> > @@ -141,7 +178,6 @@ class ACVPProxy:<br>
> > cert=self.cert,<br>
> > headers={'Authorization': f'Bearer {self.login_data["jwt"]}'}<br>
> > )<br>
> > -<br>
><br>
> Why this line changed?<br>
><br>
> I guess this line just ended up getting removed when I was making edits. I didn't do it for any deliberate<br>
> reason other than spacing when I was making edits.<br>
> <br>
> <br>
> > if not response.ok:<br>
> > logging.error('Unable to register.')<br>
> > logging.error(json.dumps(response.json(), indent=4))<br>
> > @@ -178,6 +214,12 @@ class ACVPProxy:<br>
> > 'Authorization': f'Bearer {self.session_data["jwt"]}'<br>
> > }<br>
> > )<br>
> > + if result.status_code == 401:<br>
> > + if self.__renew_jwt():<br>
> > + write_data[0]["jwt"] = self.session_data["jwt"]<br>
> > + continue<br>
> > + logging.error("Failed to renew jwt")<br>
> > + return None<br>
> > version, result_json = result.json()<br>
> > if 'retry' in result_json:<br>
> > duration = result_json['retry']<br>
> > @@ -207,8 +249,19 @@ class ACVPProxy:<br>
> > cert=self.cert,<br>
> > headers={'Authorization': f'Bearer {self.session_data["jwt"]}'}<br>
> > )<br>
> > -<br>
> > - if not response.ok:<br>
><br>
> You also dropped a line spacing here as well.<br>
><br>
> I think this is the same thing as above, when I was testing and writing things in a couple of places this line<br>
> also disappeared just because I felt it wasn't needed, but there wasn't any particular reason.<br>
> <br>
> <br>
> > + if response.status_code == 401:<br>
> > + if self.__renew_jwt():<br>
> > + response = <a href="http://requests.post" rel="noreferrer" target="_blank">requests.post</a>(<br>
> > + f'{self.config["url"]}{session_url}/vectorSets/'<br>
> > + f'{vector_set["vsId"]}/results',<br>
> > + json=[version, vector_set],<br>
> > + cert=self.cert,<br>
> > + headers={'Authorization': f'Bearer {self.session_data["jwt"]}'}<br>
> > + )<br>
> > + else:<br>
> > + logging.error("Failed to renew jwt")<br>
> > + return False<br>
> > + elif not response.ok:<br>
> > has_error = True<br>
> > logging.error(f'Could not upload vector set response for '<br>
> > f'vector set ID {vector_set["vsId"]}.')<br>
> > @@ -239,13 +292,13 @@ def main(request_path: Optional[str],<br>
> > config_path=config_path,<br>
> > )<br>
> > <br>
> > - <a href="http://logging.info" rel="noreferrer" target="_blank">logging.info</a>('Attempting to log in...')<br>
> > - if not proxy.login():<br>
> > - logging.error('Could not log in.')<br>
> > - sys.exit(1)<br>
> > - <a href="http://logging.info" rel="noreferrer" target="_blank">logging.info</a>('Successfully logged in.')<br>
> > <br>
> > if request_path:<br>
> > + <a href="http://logging.info" rel="noreferrer" target="_blank">logging.info</a>('Attempting to log in...')<br>
> > + if not proxy.login():<br>
> > + logging.error('Could not log in.')<br>
> > + sys.exit(1)<br>
> > + <a href="http://logging.info" rel="noreferrer" target="_blank">logging.info</a>('Successfully logged in.')<br>
> > <a href="http://logging.info" rel="noreferrer" target="_blank">logging.info</a>('Creating a new test session and downloading vectors...')<br>
> > test_session = proxy.register()<br>
> > if not test_session:<br>
><br>
> Would it be preferred that I add these lines back so that they closer align with the original script?<br>
<br>
Please do, yes. Try to keep whitespace changes to a minimum. It gets<br>
to be difficult sometimes to review.<br>
<br>
> Thanks,<br>
> Jeremy<br>
<br>
</blockquote></div>