Ejemplo n.º 1
0
 def test_01_fill(self):
     """
     Validate the filling of a UserKey with public key material.
     """
     alice_uk = UserKey(user=User.objects.get(username='******'))
     self.assertFalse(alice_uk.is_filled(), "UserKey with empty public_key is_filled() did not return False")
     alice_uk.public_key = self.TEST_KEYS['alice_public']
     self.assertTrue(alice_uk.is_filled(), "UserKey with public key is_filled() did not return True")
Ejemplo n.º 2
0
 def test_01_fill(self):
     """
     Validate the filling of a UserKey with public key material.
     """
     alice_uk = UserKey(user=User.objects.get(username='******'))
     self.assertFalse(alice_uk.is_filled(), "UserKey with empty public_key is_filled() did not return False")
     alice_uk.public_key = self.TEST_KEYS['alice_public']
     self.assertTrue(alice_uk.is_filled(), "UserKey with public key is_filled() did not return True")
Ejemplo n.º 3
0
 def test_04_master_key_retrieval(self):
     """
     Test the decryption of a master key using the user's private key.
     """
     master_key = generate_random_key()
     alice_uk = UserKey(user=User.objects.get(username='******'), public_key=self.TEST_KEYS['alice_public'])
     alice_uk.activate(master_key)
     retrieved_master_key = alice_uk.get_master_key(self.TEST_KEYS['alice_private'])
     self.assertEqual(master_key, retrieved_master_key, "Master key retrieval failed with correct private key")
Ejemplo n.º 4
0
 def test_02_activate(self):
     """
     Validate the activation of a UserKey.
     """
     master_key = generate_random_key()
     alice_uk = UserKey(user=User.objects.get(username='******'), public_key=self.TEST_KEYS['alice_public'])
     self.assertFalse(alice_uk.is_active(), "Inactive UserKey is_active() did not return False")
     alice_uk.activate(master_key)
     self.assertTrue(alice_uk.is_active(), "ActiveUserKey is_active() did not return True")
Ejemplo n.º 5
0
 def test_04_master_key_retrieval(self):
     """
     Test the decryption of a master key using the user's private key.
     """
     master_key = generate_random_key()
     alice_uk = UserKey(user=User.objects.get(username='******'), public_key=self.TEST_KEYS['alice_public'])
     alice_uk.activate(master_key)
     retrieved_master_key = alice_uk.get_master_key(self.TEST_KEYS['alice_private'])
     self.assertEqual(master_key, retrieved_master_key, "Master key retrieval failed with correct private key")
Ejemplo n.º 6
0
    def setUp(self):
        super().setUp()

        # Create a UserKey for the test user
        userkey = UserKey(user=self.user, public_key=PUBLIC_KEY)
        userkey.save()

        # Create a SessionKey for the user
        self.master_key = userkey.get_master_key(PRIVATE_KEY)
        session_key = SessionKey(userkey=userkey)
        session_key.save(self.master_key)

        # Append the session key to the test client's request header
        self.header['HTTP_X_SESSION_KEY'] = base64.b64encode(session_key.key)

        site = Site.objects.create(name='Site 1', slug='site-1')
        manufacturer = Manufacturer.objects.create(name='Manufacturer 1', slug='manufacturer-1')
        devicetype = DeviceType.objects.create(manufacturer=manufacturer, model='Device Type 1')
        devicerole = DeviceRole.objects.create(name='Device Role 1', slug='device-role-1')
        device = Device.objects.create(name='Device 1', site=site, device_type=devicetype, device_role=devicerole)

        secret_roles = (
            SecretRole(name='Secret Role 1', slug='secret-role-1'),
            SecretRole(name='Secret Role 2', slug='secret-role-2'),
        )
        SecretRole.objects.bulk_create(secret_roles)

        secrets = (
            Secret(device=device, role=secret_roles[0], name='Secret 1', plaintext='ABC'),
            Secret(device=device, role=secret_roles[0], name='Secret 2', plaintext='DEF'),
            Secret(device=device, role=secret_roles[0], name='Secret 3', plaintext='GHI'),
        )
        for secret in secrets:
            secret.encrypt(self.master_key)
            secret.save()

        self.create_data = [
            {
                'device': device.pk,
                'role': secret_roles[1].pk,
                'name': 'Secret 4',
                'plaintext': 'JKL',
            },
            {
                'device': device.pk,
                'role': secret_roles[1].pk,
                'name': 'Secret 5',
                'plaintext': 'MNO',
            },
            {
                'device': device.pk,
                'role': secret_roles[1].pk,
                'name': 'Secret 6',
                'plaintext': 'PQR',
            },
        ]
Ejemplo n.º 7
0
    def setUp(self):

        super().setUp()

        # Set up a master key for the test user
        userkey = UserKey(user=self.user, public_key=PUBLIC_KEY)
        userkey.save()
        master_key = userkey.get_master_key(PRIVATE_KEY)
        self.session_key = SessionKey(userkey=userkey)
        self.session_key.save(master_key)
Ejemplo n.º 8
0
    def setUp(self):

        user = User.objects.create(username='******', is_superuser=True)
        token = Token.objects.create(user=user)

        userkey = UserKey(user=user, public_key=PUBLIC_KEY)
        userkey.save()
        self.master_key = userkey.get_master_key(PRIVATE_KEY)
        session_key = SessionKey(userkey=userkey)
        session_key.save(self.master_key)

        self.header = {
            'HTTP_AUTHORIZATION': 'Token {}'.format(token.key),
            'HTTP_X_SESSION_KEY': base64.b64encode(session_key.key),
        }

        self.plaintext = {
            'secret1': 'Secret #1 Plaintext',
            'secret2': 'Secret #2 Plaintext',
            'secret3': 'Secret #3 Plaintext',
        }

        site = Site.objects.create(name='Test Site 1', slug='test-site-1')
        manufacturer = Manufacturer.objects.create(name='Test Manufacturer 1',
                                                   slug='test-manufacturer-1')
        devicetype = DeviceType.objects.create(manufacturer=manufacturer,
                                               model='Test Device Type 1')
        devicerole = DeviceRole.objects.create(name='Test Device Role 1',
                                               slug='test-device-role-1')
        self.device = Device.objects.create(name='Test Device 1',
                                            site=site,
                                            device_type=devicetype,
                                            device_role=devicerole)
        self.secretrole1 = SecretRole.objects.create(name='Test Secret Role 1',
                                                     slug='test-secret-role-1')
        self.secretrole2 = SecretRole.objects.create(name='Test Secret Role 2',
                                                     slug='test-secret-role-2')
        self.secret1 = Secret(device=self.device,
                              role=self.secretrole1,
                              name='Test Secret 1',
                              plaintext=self.plaintext['secret1'])
        self.secret1.encrypt(self.master_key)
        self.secret1.save()
        self.secret2 = Secret(device=self.device,
                              role=self.secretrole1,
                              name='Test Secret 2',
                              plaintext=self.plaintext['secret2'])
        self.secret2.encrypt(self.master_key)
        self.secret2.save()
        self.secret3 = Secret(device=self.device,
                              role=self.secretrole1,
                              name='Test Secret 3',
                              plaintext=self.plaintext['secret3'])
        self.secret3.encrypt(self.master_key)
        self.secret3.save()
Ejemplo n.º 9
0
    def setUp(self):

        # Create a non-superuser test user
        self.user = create_test_user('testuser', permissions=(
            'secrets.add_secret',
            'secrets.change_secret',
            'secrets.delete_secret',
            'secrets.view_secret',
        ))
        self.token = Token.objects.create(user=self.user)
        self.header = {'HTTP_AUTHORIZATION': 'Token {}'.format(self.token.key)}

        userkey = UserKey(user=self.user, public_key=PUBLIC_KEY)
        userkey.save()
        self.master_key = userkey.get_master_key(PRIVATE_KEY)
        session_key = SessionKey(userkey=userkey)
        session_key.save(self.master_key)

        self.header = {
            'HTTP_AUTHORIZATION': 'Token {}'.format(self.token.key),
            'HTTP_X_SESSION_KEY': base64.b64encode(session_key.key),
        }

        self.plaintexts = (
            'Secret #1 Plaintext',
            'Secret #2 Plaintext',
            'Secret #3 Plaintext',
        )

        site = Site.objects.create(name='Test Site 1', slug='test-site-1')
        manufacturer = Manufacturer.objects.create(name='Test Manufacturer 1', slug='test-manufacturer-1')
        devicetype = DeviceType.objects.create(manufacturer=manufacturer, model='Test Device Type 1')
        devicerole = DeviceRole.objects.create(name='Test Device Role 1', slug='test-device-role-1')
        self.device = Device.objects.create(
            name='Test Device 1', site=site, device_type=devicetype, device_role=devicerole
        )
        self.secretrole1 = SecretRole.objects.create(name='Test Secret Role 1', slug='test-secret-role-1')
        self.secretrole2 = SecretRole.objects.create(name='Test Secret Role 2', slug='test-secret-role-2')
        self.secret1 = Secret(
            device=self.device, role=self.secretrole1, name='Test Secret 1', plaintext=self.plaintexts[0]
        )
        self.secret1.encrypt(self.master_key)
        self.secret1.save()
        self.secret2 = Secret(
            device=self.device, role=self.secretrole1, name='Test Secret 2', plaintext=self.plaintexts[1]
        )
        self.secret2.encrypt(self.master_key)
        self.secret2.save()
        self.secret3 = Secret(
            device=self.device, role=self.secretrole1, name='Test Secret 3', plaintext=self.plaintexts[2]
        )
        self.secret3.encrypt(self.master_key)
        self.secret3.save()
Ejemplo n.º 10
0
    def setUp(self):
        user = create_test_user(permissions=[
            'secrets.view_secret',
            'secrets.add_secret',
        ])

        # Set up a master key
        userkey = UserKey(user=user, public_key=PUBLIC_KEY)
        userkey.save()
        master_key = userkey.get_master_key(PRIVATE_KEY)
        self.session_key = SessionKey(userkey=userkey)
        self.session_key.save(master_key)

        self.client = Client()
        self.client.force_login(user)

        site = Site(name='Site 1', slug='site-1')
        site.save()

        manufacturer = Manufacturer(name='Manufacturer 1',
                                    slug='manufacturer-1')
        manufacturer.save()

        devicetype = DeviceType(manufacturer=manufacturer,
                                model='Device Type 1')
        devicetype.save()

        devicerole = DeviceRole(name='Device Role 1', slug='device-role-1')
        devicerole.save()

        device = Device(name='Device 1',
                        site=site,
                        device_type=devicetype,
                        device_role=devicerole)
        device.save()

        secretrole = SecretRole(name='Secret Role 1', slug='secret-role-1')
        secretrole.save()

        Secret.objects.bulk_create([
            Secret(device=device,
                   role=secretrole,
                   name='Secret 1',
                   ciphertext=b'1234567890'),
            Secret(device=device,
                   role=secretrole,
                   name='Secret 2',
                   ciphertext=b'1234567890'),
            Secret(device=device,
                   role=secretrole,
                   name='Secret 3',
                   ciphertext=b'1234567890'),
        ])
Ejemplo n.º 11
0
    def setUp(self):

        super().setUp()

        userkey = UserKey(user=self.user, public_key=PUBLIC_KEY)
        userkey.save()
        master_key = userkey.get_master_key(PRIVATE_KEY)
        self.session_key = SessionKey(userkey=userkey)
        self.session_key.save(master_key)

        self.header = {
            'HTTP_AUTHORIZATION': 'Token {}'.format(self.token.key),
        }
Ejemplo n.º 12
0
    def setUp(self):

        super().setUp()

        userkey = UserKey(user=self.user, public_key=PUBLIC_KEY)
        userkey.save()
        master_key = userkey.get_master_key(PRIVATE_KEY)
        self.session_key = SessionKey(userkey=userkey)
        self.session_key.save(master_key)

        self.header = {
            'HTTP_AUTHORIZATION': 'Token {}'.format(self.token.key),
        }
Ejemplo n.º 13
0
    def setUp(self):

        user = User.objects.create(username='******', is_superuser=True)
        token = Token.objects.create(user=user)

        userkey = UserKey(user=user, public_key=PUBLIC_KEY)
        userkey.save()
        master_key = userkey.get_master_key(PRIVATE_KEY)
        self.session_key = SessionKey(userkey=userkey)
        self.session_key.save(master_key)

        self.header = {
            'HTTP_AUTHORIZATION': 'Token {}'.format(token.key),
        }
Ejemplo n.º 14
0
    def setUp(self):

        user = User.objects.create(username='******', is_superuser=True)
        token = Token.objects.create(user=user)

        userkey = UserKey(user=user, public_key=PUBLIC_KEY)
        userkey.save()
        master_key = userkey.get_master_key(PRIVATE_KEY)
        self.session_key = SessionKey(userkey=userkey)
        self.session_key.save(master_key)

        self.header = {
            'HTTP_AUTHORIZATION': 'Token {}'.format(token.key),
        }
Ejemplo n.º 15
0
    def dispatch(self, request, *args, **kwargs):
        try:
            self.userkey = UserKey.objects.get(user=request.user)
        except UserKey.DoesNotExist:
            self.userkey = UserKey(user=request.user)

        return super().dispatch(request, *args, **kwargs)
Ejemplo n.º 16
0
    def setUp(self):

        user = User.objects.create(username='******', is_superuser=True)
        token = Token.objects.create(user=user)

        userkey = UserKey(user=user, public_key=PUBLIC_KEY)
        userkey.save()
        self.master_key = userkey.get_master_key(PRIVATE_KEY)
        session_key = SessionKey(userkey=userkey)
        session_key.save(self.master_key)

        self.header = {
            'HTTP_AUTHORIZATION': 'Token {}'.format(token.key),
            'HTTP_X_SESSION_KEY': base64.b64encode(session_key.key),
        }

        self.plaintext = {
            'secret1': 'Secret #1 Plaintext',
            'secret2': 'Secret #2 Plaintext',
            'secret3': 'Secret #3 Plaintext',
        }

        site = Site.objects.create(name='Test Site 1', slug='test-site-1')
        manufacturer = Manufacturer.objects.create(name='Test Manufacturer 1', slug='test-manufacturer-1')
        devicetype = DeviceType.objects.create(manufacturer=manufacturer, model='Test Device Type 1')
        devicerole = DeviceRole.objects.create(name='Test Device Role 1', slug='test-device-role-1')
        self.device = Device.objects.create(
            name='Test Device 1', site=site, device_type=devicetype, device_role=devicerole
        )
        self.secretrole1 = SecretRole.objects.create(name='Test Secret Role 1', slug='test-secret-role-1')
        self.secretrole2 = SecretRole.objects.create(name='Test Secret Role 2', slug='test-secret-role-2')
        self.secret1 = Secret(
            device=self.device, role=self.secretrole1, name='Test Secret 1', plaintext=self.plaintext['secret1']
        )
        self.secret1.encrypt(self.master_key)
        self.secret1.save()
        self.secret2 = Secret(
            device=self.device, role=self.secretrole1, name='Test Secret 2', plaintext=self.plaintext['secret2']
        )
        self.secret2.encrypt(self.master_key)
        self.secret2.save()
        self.secret3 = Secret(
            device=self.device, role=self.secretrole1, name='Test Secret 3', plaintext=self.plaintext['secret3']
        )
        self.secret3.encrypt(self.master_key)
        self.secret3.save()
Ejemplo n.º 17
0
 def test_03_key_sizes(self):
     """
     Ensure that RSA keys which are too small or too large are rejected.
     """
     rsa = RSA.generate(getattr(settings, 'SECRETS_MIN_PUBKEY_SIZE', 2048) - 256)
     small_key = rsa.publickey().exportKey('PEM')
     try:
         UserKey(public_key=small_key).clean()
         self.fail("UserKey.clean() did not fail with an undersized RSA key")
     except ValidationError:
         pass
     rsa = RSA.generate(4096 + 256)  # Max size is 4096 (enforced by master_key_cipher field size)
     big_key = rsa.publickey().exportKey('PEM')
     try:
         UserKey(public_key=big_key).clean()
         self.fail("UserKey.clean() did not fail with an oversized RSA key")
     except ValidationError:
         pass
Ejemplo n.º 18
0
 def test_02_activate(self):
     """
     Validate the activation of a UserKey.
     """
     master_key = generate_random_key()
     alice_uk = UserKey(user=User.objects.get(username='******'), public_key=self.TEST_KEYS['alice_public'])
     self.assertFalse(alice_uk.is_active(), "Inactive UserKey is_active() did not return False")
     alice_uk.activate(master_key)
     self.assertTrue(alice_uk.is_active(), "ActiveUserKey is_active() did not return True")
Ejemplo n.º 19
0
def userkey_edit(request):

    try:
        userkey = UserKey.objects.get(user=request.user)
    except UserKey.DoesNotExist:
        userkey = UserKey(user=request.user)

    if request.method == 'POST':
        form = UserKeyForm(data=request.POST, instance=userkey)
        if form.is_valid():
            uk = form.save(commit=False)
            uk.user = request.user
            uk.save()
            messages.success(request, u"Your user key has been saved.")
            return redirect('users:userkey')

    else:
        form = UserKeyForm(instance=userkey)

    return render(request, 'users/userkey_edit.html', {
        'userkey': userkey,
        'form': form,
    })
Ejemplo n.º 20
0
 def setUp(self):
     user = create_test_user(permissions=[
         'secrets.view_secretrole',
         'secrets.add_secretrole',
     ])
     self.userkey = UserKey(user=user)