demo: test HMAC initialization

Disabling the creation of a HMAC key when setting up a new network
allows to test that introduction of HMAC on a HMAC-less network works.

demo/demo

@@ -313,11 +313,22 @@ class testHMAC(Thread):
         m_net2 = ['registry2', 'm10']
         print 'Testing HMAC, letting the time to machines to create tunnels...'
         time.sleep(45)
-        print 'Check that the initial HMAC config is deployed on network 1'
+        print 'Test that the HMAC initialization works...'
+        test_hmac.killRe6st('m4')
+        print 'Re6st on machine 4 is stopped'
+        time.sleep(5)
+        registry.screen('wget http://10.0.0.2/updateHMAC')
+        print 'Initialized HMAC (config= hmac1 & hmac2=\'\'), waiting...'
+        time.sleep(45)
+        new_node(machine4, 'm4', '-i%s' % m4_if_0.name,
+                 None, 'http://%s/' % REGISTRY)
+        print 'Started re6st on machine 4, waiting for it to get new conf'
+        time.sleep(60)
+        print ('Check that all nodes now use HMAC, m4 should also be updated')
         test_hmac.checkHMAC(reg1_db, m_net1)
         print 'Test that a HMAC update works with nodes that are up'
         registry.screen('wget http://10.0.0.2/updateHMAC')
-        print 'Updated HMAC (config = hmac0 & hmac1), waiting...'
+        print 'Updated HMAC (config = hmac0), waiting...'
         time.sleep(60)
         print 'Checking HMAC on machines connected to registry 1...'
         test_hmac.checkHMAC(reg1_db, m_net1)
@@ -327,7 +338,7 @@ class testHMAC(Thread):
         print 'Re6st on machine 1 is stopped'
         time.sleep(5)
         registry.screen('wget http://10.0.0.2/updateHMAC')
-        print 'Updated HMAC on registry (config = hmac1 & hmac2), waiting...'
+        print 'Updated HMAC on registry (config = hmac0 & hmac1), waiting...'
         time.sleep(60)
         new_node(machine1, 'm1', '-I%s' % m1_if_0.name,
                  None, 'http://%s/' % REGISTRY)

demo/test_hmac.py

@@ -35,12 +35,20 @@ def checkHMAC(db, machines):
                 else: # state = hmac1 and hmac2
                     sign = 'babel_hmac1'
                     accept = 'babel_hmac2'
-                if ('accept' not in p or
-                    'sign' not in p or
-                    p.split('sign value ',1)[1].split()[0] != hmac[sign] or
-                    p.split('accept value ',1)[1].split()[0] != hmac[accept]):
-                    rc = False
-                    print 'HMAC config wrong in %s' % p
+                if hmac['babel_hmac1'] and hmac['babel_hmac2'] == '': # init
+                    if('sign' not in p or
+                       ('no_hmac_verify true' not in p
+                        and 'ignore_no_hmac' not in p) or
+                       p.split('sign value ',1)[1].split()[0] != hmac[sign]):
+                        rc = False
+                        print 'HMAC config wrong in %s' % p
+                else:
+                    if ('accept' not in p or
+                        'sign' not in p or
+                        p.split('sign value ',1)[1].split()[0] != hmac[sign] or
+                        p.split('accept value ',1)[1].split()[0] != hmac[accept]):
+                        rc = False
+                        print 'HMAC config wrong in %s' % p
     if rc:
         print('All nodes use Babel with the correct HMAC configuration')
     else:

re6st/registry.py

@@ -103,8 +103,6 @@ class RegistryServer(object):
         if self.prefix:
             with self.db:
                 self.updateNetworkConfig()
-        else:
-            self.newHMAC(0)
 
     def getConfig(self, name, *default):
         r, = next(self.db.execute(