def test_tvb_export_of_simple_datatype_with_encryption(
self, dummy_datatype_index_factory):
"""
Test export of an encrypted data type which has no data stored on file system
"""
datatype = dummy_datatype_index_factory()
storage_interface = StorageInterface()
import_export_encryption_handler = StorageInterface.get_import_export_encryption_handler(
)
import_export_encryption_handler.generate_public_private_key_pair(
TvbProfile.current.TVB_TEMP_FOLDER)
_, file_path, _ = self.export_manager.export_data(
datatype, self.TVB_EXPORTER, self.test_project,
os.path.join(TvbProfile.current.TVB_TEMP_FOLDER,
import_export_encryption_handler.PUBLIC_KEY_NAME))
assert file_path is not None, "Export process should return path to export file"
assert os.path.exists(
file_path), "Could not find export file: %s on disk." % file_path
result = storage_interface.unpack_zip(
file_path, TvbProfile.current.TVB_TEMP_FOLDER)
encrypted_password_path = import_export_encryption_handler.extract_encrypted_password_from_list(
result)
decrypted_file_path = import_export_encryption_handler.decrypt_content(
encrypted_password_path, result,
os.path.join(TvbProfile.current.TVB_TEMP_FOLDER,
import_export_encryption_handler.PRIVATE_KEY_NAME))[0]
original_path = h5.path_for_stored_index(datatype)
self.compare_files(original_path, decrypted_file_path)
def test_tvb_linked_export_of_simple_datatype_with_encryption(
self, connectivity_index_factory, surface_index_factory,
region_mapping_index_factory):
"""
Test export of an encrypted data type and its linked data types which have no data stored on file system
"""
conn = connectivity_index_factory()
surface_idx, surface = surface_index_factory(cortical=True)
region_mapping_index = region_mapping_index_factory(
conn_gid=conn.gid, surface_gid=surface.gid.hex)
storage_interface = StorageInterface()
import_export_encryption_handler = StorageInterface.get_import_export_encryption_handler(
)
import_export_encryption_handler.generate_public_private_key_pair(
TvbProfile.current.TVB_TEMP_FOLDER)
_, file_path, _ = self.export_manager.export_data(
region_mapping_index, self.TVB_LINKED_EXPORTER, self.test_project,
os.path.join(TvbProfile.current.TVB_TEMP_FOLDER,
import_export_encryption_handler.PUBLIC_KEY_NAME))
assert file_path is not None, "Export process should return path to export file"
assert os.path.exists(
file_path), "Could not find export file;: %s on disk." % file_path
result = storage_interface.unpack_zip(
file_path, TvbProfile.current.TVB_TEMP_FOLDER)
encrypted_password = import_export_encryption_handler.extract_encrypted_password_from_list(
result)
decrypted_file_paths = import_export_encryption_handler.decrypt_content(
encrypted_password, result,
os.path.join(TvbProfile.current.TVB_TEMP_FOLDER,
import_export_encryption_handler.PRIVATE_KEY_NAME))
original_conn_path = h5.path_for_stored_index(conn)
decrypted_conn_path, idx = (decrypted_file_paths[0], 0) if 'Connectivity' in decrypted_file_paths[0] else \
(decrypted_file_paths[1], 1) if 'Connectivity' in decrypted_file_paths[1] else (decrypted_file_paths[2], 2)
self.compare_files(original_conn_path, decrypted_conn_path)
original_surface_path = h5.path_for_stored_index(surface_idx)
del decrypted_file_paths[idx]
decrypted_surface_path, idx = (decrypted_file_paths[0], 0) if 'Surface' in decrypted_file_paths[0] else \
(decrypted_file_paths[1], 1)
self.compare_files(original_surface_path, decrypted_surface_path)
original_rm_path = h5.path_for_stored_index(region_mapping_index)
del decrypted_file_paths[idx]
self.compare_files(original_rm_path, decrypted_file_paths[0])
def test_tvb_export_for_encrypted_datatype_group_with_links(
self, datatype_group_factory):
"""
This method checks export of an encrypted data type group
"""
ts_datatype_group, dm_datatype_group = datatype_group_factory(
project=self.test_project, store_vm=True)
storage_interface = StorageInterface()
import_export_encryption_handler = StorageInterface.get_import_export_encryption_handler(
)
import_export_encryption_handler.generate_public_private_key_pair(
TvbProfile.current.TVB_TEMP_FOLDER)
file_name, file_path, _ = self.export_manager.export_data(
dm_datatype_group, self.TVB_EXPORTER, self.test_project,
os.path.join(TvbProfile.current.TVB_TEMP_FOLDER,
import_export_encryption_handler.PUBLIC_KEY_NAME))
assert file_name is not None, "Export process should return a file name"
assert file_path is not None, "Export process should return path to export file"
assert os.path.exists(
file_path), "Could not find export file: %s on disk." % file_path
# Now check if the generated file is a correct ZIP file
assert zipfile.is_zipfile(
file_path), "Generated file is not a valid ZIP file"
result = storage_interface.unpack_zip(
file_path, TvbProfile.current.TVB_TEMP_FOLDER)
encrypted_password = import_export_encryption_handler.extract_encrypted_password_from_list(
result)
decrypted_file_paths = import_export_encryption_handler.decrypt_content(
encrypted_password, result,
os.path.join(TvbProfile.current.TVB_TEMP_FOLDER,
import_export_encryption_handler.PRIVATE_KEY_NAME))
# Here we only test if the length of decrypted_file_paths is the one expected
assert len(decrypted_file_paths) == len(
result
), "Number of decrypted data type group files is not correct!"
def test_encrypt_decrypt(self, dir_name, file_name):
import_export_encryption_handler = StorageInterface.get_import_export_encryption_handler(
)
# Generate a private key and public key
private_key = rsa.generate_private_key(public_exponent=65537,
key_size=2048,
backend=default_backend())
public_key = private_key.public_key()
# Convert private key to bytes and save it so ABCUploader can use it
pem = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption())
private_key_path = os.path.join(
TvbProfile.current.TVB_TEMP_FOLDER,
import_export_encryption_handler.PRIVATE_KEY_NAME)
with open(private_key_path, 'wb') as f:
f.write(pem)
path_to_file = os.path.join(os.path.dirname(tvb_data.__file__),
dir_name, file_name)
# Create model for ABCUploader
connectivity_model = ZIPConnectivityImporterModel()
# Generate password
pass_size = TvbProfile.current.hpc.CRYPT_PASS_SIZE
password = EncryptionHandler.generate_random_password(pass_size)
# Encrypt files using an AES symmetric key
encrypted_file_path = import_export_encryption_handler.get_path_to_encrypt(
path_to_file)
buffer_size = TvbProfile.current.hpc.CRYPT_BUFFER_SIZE
pyAesCrypt.encryptFile(path_to_file, encrypted_file_path, password,
buffer_size)
# Asynchronously encrypt the password used at the previous step for the symmetric encryption
password = str.encode(password)
encrypted_password = import_export_encryption_handler.encrypt_password(
public_key, password)
# Save encrypted password
import_export_encryption_handler.save_encrypted_password(
encrypted_password, TvbProfile.current.TVB_TEMP_FOLDER)
path_to_encrypted_password = os.path.join(
TvbProfile.current.TVB_TEMP_FOLDER,
import_export_encryption_handler.ENCRYPTED_PASSWORD_NAME)
# Prepare model for decrypting
connectivity_model.uploaded = encrypted_file_path
connectivity_model.encrypted_aes_key = path_to_encrypted_password
TvbProfile.current.UPLOAD_KEY_PATH = os.path.join(
TvbProfile.current.TVB_TEMP_FOLDER,
import_export_encryption_handler.PRIVATE_KEY_NAME)
# Decrypting
decrypted_download_path = import_export_encryption_handler.decrypt_content(
connectivity_model.encrypted_aes_key,
[connectivity_model.uploaded],
TvbProfile.current.UPLOAD_KEY_PATH)[0]
connectivity_model.uploaded = decrypted_download_path
storage_interface = StorageInterface()
decrypted_file_path = connectivity_model.uploaded.replace(
import_export_encryption_handler.ENCRYPTED_DATA_SUFFIX,
import_export_encryption_handler.DECRYPTED_DATA_SUFFIX)
TestExporters.compare_files(path_to_file, decrypted_file_path)
# Clean-up
storage_interface.remove_files([
encrypted_file_path, decrypted_file_path, private_key_path,
path_to_encrypted_password
])
