def test_dencrypt(self):
pswdid, obj = 'fooid', 'bar'
vault = crypto.VaultSpec.instance() # @UndefinedVariable
vault.master_key = self.ok_key.fingerprint
ciphertext = vault.encryptobj(pswdid, obj)
msg = (obj, ciphertext)
self.assertTrue(crypto.is_pgp_encrypted(ciphertext), msg)
vault.master_key = test_pgp_key_id
with self.assertRaisesRegex(CmdException, "After July 27 2017"):
ciphertext = vault.encryptobj(pswdid, obj)
vault.allow_test_key = True
ciphertext = vault.encryptobj(pswdid, obj)
msg = (obj, ciphertext)
self.assertTrue(crypto.is_pgp_encrypted(ciphertext), msg)
vault.allow_test_key = False
with self.assertRaisesRegex(CmdException, "After July 27 2017"):
vault.decryptobj(pswdid, ciphertext)
vault.allow_test_key = True
plainbytes2 = vault.decryptobj(pswdid, ciphertext)
self.assertEqual(obj, plainbytes2, msg)
def test_chiphertraits_cmd(self):
plainval = 'foo'
pfile = osp.join(self._tdir, 'foo.json')
prepare_persistent_config_file(pfile, {'MyCmd': {'ctrait': plainval}})
class MyCmd(cmdlets.Cmd):
"OK Cmd"
ctrait = crypto.Cipher(None, allow_none=True).tag(config=True,
persist=True)
c = MyCmd()
self.assertIsNone(c.ctrait)
c.config_paths = [self._tdir]
c.persist_path = pfile
c.initialize([])
cipher0 = c.ctrait # from pconfig-file
self.assertIsNotNone(c.ctrait)
self.assertTrue(crypto.is_pgp_encrypted(cipher0))
c.ctrait = plainval
cipher1 = c.ctrait # 1st runtime encryption
self.assertTrue(crypto.is_pgp_encrypted(cipher1))
self.assertEqual(c.ctrait, cipher1) # Preserved among gets.
self.assertNotEqual(cipher0, cipher1)
self.assertEqual(cipher1, c._trait_values['ctrait'])
self.assertEqual(c.decipher('ctrait'), plainval)
c.ctrait = plainval
cipher2 = c.ctrait # 2nd runtime encryption
self.assertTrue(crypto.is_pgp_encrypted(cipher2))
self.assertNotEqual(cipher1, cipher2) # Due to encryption nonse.
self.assertEqual(c.decipher('ctrait'), plainval)
self.check_persistent_config_file(pfile)
c.store_pconfig(pfile)
self.check_persistent_config_file(pfile, 'MyCmd', 'ctrait', cipher2)
def test_chiphertraits_spec(self):
plainval = 'foo'
pfile = osp.join(self._tdir, 'foo.json')
prepare_persistent_config_file(pfile, {'MySpec': {'ctrait': plainval}})
class MySpec(cmdlets.Spec):
"OK Spec"
ctrait = crypto.Cipher(None, allow_none=True).tag(config=True,
persist=True)
c = MySpec()
## Needed bc only final Cmds load ptraits.
#
c.load_pconfig(pfile)
self.assertIsNone(c.ctrait)
c.update_config(c._pconfig)
cipher0 = c.ctrait # from pconfig-file
self.assertTrue(crypto.is_pgp_encrypted(cipher0))
c.ctrait = plainval
cipher1 = c.ctrait # 1st runtime encryption
self.assertTrue(crypto.is_pgp_encrypted(cipher1))
self.assertEqual(c.ctrait, cipher1) # Preserved among gets.
self.assertNotEqual(cipher0, cipher1)
self.assertEqual(cipher1, c._trait_values['ctrait'])
c.ctrait = plainval
cipher2 = c.ctrait # 2nd runtime encryption
self.assertTrue(crypto.is_pgp_encrypted(cipher2))
self.assertNotEqual(cipher1, cipher2) # Due to encryption nonse.
self.check_persistent_config_file(pfile)
c.store_pconfig(pfile)
self.check_persistent_config_file(pfile, 'MySpec', 'ctrait', cipher2)
def test_1_dencrypt(self, case):
pswdid, obj = case
vault = crypto.VaultSpec.instance() # @UndefinedVariable
ciphertext = vault.encryptobj('enc_test', obj)
msg = ('CASE:', case, ciphertext)
self.assertTrue(crypto.is_pgp_encrypted(ciphertext), msg)
## Check not generating indetical ciphers.
#
self.assertNotIn(ciphertext, _ciphertexts)
_ciphertexts.add(ciphertext)
plainbytes2 = vault.decryptobj(pswdid, ciphertext)
self.assertEqual(obj, plainbytes2, msg)
def test_check_non_encrypted_in_config_files(self):
class MyCmd(cmdlets.Cmd):
"Ok Cmd"
enc = crypto.Cipher().tag(config=True, persist=True)
with tempfile.TemporaryDirectory(prefix='co2conf-') as tdir:
js = '{"MyCmd": {"enc": "BAD_ENC"}}'
persist_path = osp.join(tdir, 'a.json')
with io.open(persist_path, 'w') as fp:
fp.write(js)
## Setup vault not to scream.
#
vault = crypto.VaultSpec.instance() # @UndefinedVariable
vault.gnupghome = tdir
key = cryptotc.gpg_gen_key(vault.GPG,
key_length=1024,
name_real='test user',
name_email='*****@*****.**')
vault.master_key = key.fingerprint
## When read as *static* config file,
# should scream!
cmd = MyCmd()
cmd.config_paths = [persist_path]
with self.assertLogs(cmd.log, 'ERROR') as cm:
cmd.initialize([])
self.assertNotEqual(cmd.enc, "BAD_ENC")
logmsg = "Found 1 non-encrypted params in static-configs:"
self.assertIn(logmsg, str(cm.output), cm.records)
## But if persist-config, autoencrypted
cmd = MyCmd()
cmd.persist_path = persist_path
cmd.initialize([])
self.assertTrue(crypto.is_pgp_encrypted(cmd.enc), cmd.enc)