Beispiel #1
0
    def test_get_source_public_key_wrong_id(
            self, setup_journalist_key_and_gpg_folder):
        # Given an encryption manager
        journalist_key_fingerprint, gpg_key_dir = setup_journalist_key_and_gpg_folder
        encryption_mgr = EncryptionManager(
            gpg_key_dir=gpg_key_dir,
            journalist_key_fingerprint=journalist_key_fingerprint)

        # When using the encryption manager to fetch a key for an invalid filesystem id
        # It fails
        with pytest.raises(GpgKeyNotFoundError):
            encryption_mgr.get_source_public_key("1234test")
Beispiel #2
0
    def test_generate_source_key_pair(self,
                                      setup_journalist_key_and_gpg_folder,
                                      source_app, app_storage):
        # Given a source user
        with source_app.app_context():
            source_user = create_source_user(
                db_session=db.session,
                source_passphrase=PassphraseGenerator.get_default().
                generate_passphrase(),
                source_app_storage=app_storage,
            )

        # And an encryption manager
        journalist_key_fingerprint, gpg_key_dir = setup_journalist_key_and_gpg_folder
        encryption_mgr = EncryptionManager(
            gpg_key_dir=gpg_key_dir,
            journalist_key_fingerprint=journalist_key_fingerprint)

        # When using the encryption manager to generate a key pair for this source user
        # It succeeds
        encryption_mgr.generate_source_key_pair(source_user)

        # And the newly-created key's fingerprint was added to Redis
        fingerprint_in_redis = encryption_mgr._redis.hget(
            encryption_mgr.REDIS_FINGERPRINT_HASH, source_user.filesystem_id)
        assert fingerprint_in_redis
        source_key_fingerprint = encryption_mgr.get_source_key_fingerprint(
            source_user.filesystem_id)
        assert fingerprint_in_redis == source_key_fingerprint

        # And the user's newly-generated public key can be retrieved
        assert encryption_mgr.get_source_public_key(source_user.filesystem_id)

        # And the key has a hardcoded creation date to avoid leaking information about when sources
        # first created their account
        source_key_details = encryption_mgr._get_source_key_details(
            source_user.filesystem_id)
        assert source_key_details
        creation_date = _parse_gpg_date_string(source_key_details["date"])
        assert creation_date.date(
        ) == EncryptionManager.DEFAULT_KEY_CREATION_DATE

        # And the user's key does not expire
        assert source_key_details["expires"] == ""