def test_rsa_provider_init_invalid_passphrase(self): private_key = RSA.generate(2048) public_key = private_key.publickey() passphrase = random_string(6) invalid_passphrase = random_string(8) with open('./rsa-test.private_key.pem', 'wb') as f: f.write(private_key.exportKey(passphrase=passphrase)) with open('./rsa-test.public_key.pem', 'wb') as f: f.write(public_key.exportKey(passphrase=passphrase)) self.assertRaises(ClientError, LocalRsaProvider, dir='./', key='rsa-test', passphrase=invalid_passphrase) silently_remove('./rsa-test.public_key.pem') silently_remove('./rsa-test.private_key.pem') private_key_str = RsaKey.exportKey(private_key, passphrase=passphrase) public_key_str = RsaKey.exportKey(public_key, passphrase=passphrase) self.assertRaises(ClientError, RsaProvider, key_pair={ 'private_key': private_key_str, 'public_key': public_key_str }, passphrase=invalid_passphrase)
def test_rsa_provider_init_invalid_keys(self): private_key = RSA.generate(2048) public_key = private_key.publickey() # 这个地方修改private_key的内容 private_key = random_string(2048) with open('./rsa-test.private_key.pem', 'wb') as f: f.write(oss2.to_bytes(private_key)) with open('./rsa-test.public_key.pem', 'wb') as f: f.write(public_key.exportKey()) self.assertRaises(ClientError, LocalRsaProvider, dir='./', key='rsa-test') silently_remove('./rsa-test.public_key.pem') silently_remove('./rsa-test.private_key.pem') self.assertRaises(ClientError, RsaProvider, key_pair={ 'private_key': private_key, 'public_key': public_key })
def test_rsa_basic(self): silently_remove('./rsa-test.public_key.pem') silently_remove('./rsa-test.private_key.pem') crypto = LocalRsaProvider(dir='./', key='rsa-test', passphrase='1234') with patch.object(oss2.utils, 'random_aes256_key', return_value=unittests.common.fixed_aes_key, autospect=True): with patch.object(oss2.utils, 'random_counter', return_value=unittests.common.fixed_aes_start, autospect=True): crypto.get_key() crypto.get_start() header = crypto.build_header() self.assertEqual( unittests.common.fixed_aes_key, crypto.decrypt_oss_meta_data(header, 'x-oss-meta-oss-crypto-key')) self.assertEqual( unittests.common.fixed_aes_start, crypto.decrypt_oss_meta_data( header, 'x-oss-meta-oss-crypto-start', lambda x: int(x))) self.assertEqual(None, crypto.decrypt_oss_meta_data(header, '1231')) silently_remove('./rsa-test.public_key.pem') silently_remove('./rsa-test.private_key.pem')
def test_crypto_get_compact_deprecated_rsa(self, do_request): utils.silently_remove('./rsa-test.public_key.pem') utils.silently_remove('./rsa-test.private_key.pem') with open("./rsa-test.private_key.pem", 'wb') as f: f.write(oss2.to_bytes(private_key_compact)) with open("./rsa-test.public_key.pem", 'wb') as f: f.write(oss2.to_bytes(public_key_compact)) content = b'a' * 1024 * 1024 encrypted_rsa_path = "tests/deprecated_encrypted_1MB_a_rsa" encrypted_meta_rsa_path = "tests/deprecated_encrypted_1MB_a_meta_rsa.json" with open(encrypted_rsa_path, 'rb') as f: encrypted_content = f.read() with open(encrypted_meta_rsa_path, 'r') as f: meta = json.loads(f.read()) key = random_string(10) provider = oss2.LocalRsaProvider(dir='./', key='rsa-test') request_text, response_text = make_get_encrypted_object_compact_deprecated( key, encrypted_content, meta) req_info = unittests.common.mock_response(do_request, response_text) result = unittests.common.bucket(provider).get_object(key) self.assertRequest(req_info, request_text) self.assertEqual(result.read(), content) utils.silently_remove('./rsa-test.public_key.pem') utils.silently_remove('./rsa-test.private_key.pem')
def test_rsa_provider_init_keys_not_exist(self): silently_remove('./rsa-test.public_key.pem') silently_remove('./rsa-test.private_key.pem') provider = LocalRsaProvider(dir='./', key='rsa-test') self.assertTrue(os.path.exists('./rsa-test.public_key.pem')) self.assertTrue(os.path.exists('./rsa-test.private_key.pem')) silently_remove('./rsa-test.public_key.pem') silently_remove('./rsa-test.private_key.pem')
def test_rsa_provider_basic(self): silently_remove('./rsa-test.public_key.pem') silently_remove('./rsa-test.private_key.pem') provider = LocalRsaProvider(dir='./', key='rsa-test', passphrase=random_string(8)) self.assertEqual(provider.wrap_alg, "RSA/NONE/OAEPWithSHA-1AndMGF1Padding") self.assertEqual(provider.cipher.alg, "AES/CTR/NoPadding") plain_key = provider.get_key() self.assertEqual(len(plain_key), provider.cipher.key_len) plain_iv = provider.get_iv() with patch.object(oss2.utils, 'random_key', return_value=plain_key, autospect=True): with patch.object(oss2.utils, 'random_iv', return_value=plain_iv, autospect=True): content_crypto_material = provider.create_content_material() self.assertFalse(content_crypto_material.is_unencrypted()) decrypted_key = provider.decrypt_encrypted_key( content_crypto_material.encrypted_key) decrypted_iv = provider.decrypt_encrypted_iv( content_crypto_material.encrypted_iv) self.assertEqual(plain_key, decrypted_key) self.assertEqual(plain_iv, decrypted_iv) silently_remove('./rsa-test.public_key.pem') silently_remove('./rsa-test.private_key.pem') provider = RsaProvider(key_pair=key_pair, passphrase=random_string(8)) self.assertEqual(provider.wrap_alg, "RSA/NONE/PKCS1Padding") self.assertEqual(provider.cipher.alg, "AES/CTR/NoPadding") plain_key = provider.get_key() self.assertEqual(len(plain_key), provider.cipher.key_len) plain_iv = provider.get_iv() with patch.object(oss2.utils, 'random_key', return_value=plain_key, autospect=True): with patch.object(oss2.utils, 'random_iv', return_value=plain_iv, autospect=True): content_crypto_material = provider.create_content_material() self.assertFalse(content_crypto_material.is_unencrypted()) decrypted_key = provider.decrypt_encrypted_key( content_crypto_material.encrypted_key) decrypted_iv = provider.decrypt_encrypted_iv( content_crypto_material.encrypted_iv) self.assertEqual(plain_key, decrypted_key) self.assertEqual(plain_iv, decrypted_iv)
def test_rsa_with_error_parameter(self): silently_remove('./rsa-test.public_key.pem') silently_remove('./rsa-test.private_key.pem') crypto = LocalRsaProvider(dir='./', key='rsa-test', passphrase='1234') self.assertRaises(ClientError, LocalRsaProvider, dir='./', key='rsa-test') silently_remove('./rsa-test.public_key.pem') silently_remove('./rsa-test.private_key.pem')
def test_rsa_basic(self): silently_remove('./rsa-test.public_key.pem') silently_remove('./rsa-test.private_key.pem') crypto = LocalRsaProvider(dir='./', key='rsa-test', passphrase='1234') with patch.object(oss2.utils, 'random_aes256_key', return_value=unittests.common.fixed_aes_key, autospect=True): with patch.object(oss2.utils, 'random_counter', return_value=unittests.common.fixed_aes_start, autospect=True): crypto.get_key() crypto.get_start() header = crypto.build_header() self.assertEqual(unittests.common.fixed_aes_key, crypto.decrypt_oss_meta_data(header, 'x-oss-meta-oss-crypto-key')) self.assertEqual(unittests.common.fixed_aes_start, crypto.decrypt_oss_meta_data(header, 'x-oss-meta-oss-crypto-start', lambda x:int(x))) self.assertEqual(None, crypto.decrypt_oss_meta_data(header, '1231')) silently_remove('./rsa-test.public_key.pem') silently_remove('./rsa-test.private_key.pem')
def test_rsa_adapter(self): silently_remove('./rsa-test.public_key.pem') silently_remove('./rsa-test.private_key.pem') content = b'1234'*10 rsa = LocalRsaProvider(dir='./', key='rsa-test', passphrase='1234') key = rsa.get_key() start = rsa.get_start() adapter = rsa.make_encrypt_adapter(content, key, start) encrypt_content = adapter.read() self.assertNotEqual(content, encrypt_content) adapter1 = rsa.make_decrypt_adapter(encrypt_content, key, start) self.assertEqual(content, adapter1.read()) silently_remove('./rsa-test.public_key.pem') silently_remove('./rsa-test.private_key.pem')
def test_rsa_adapter(self): silently_remove('./rsa-test.public_key.pem') silently_remove('./rsa-test.private_key.pem') content = b'1234' * 10 rsa = LocalRsaProvider(dir='./', key='rsa-test', passphrase='1234') key = rsa.get_key() start = rsa.get_start() adapter = rsa.make_encrypt_adapter(content, key, start) encrypt_content = adapter.read() self.assertNotEqual(content, encrypt_content) adapter1 = rsa.make_decrypt_adapter(encrypt_content, key, start) self.assertEqual(content, adapter1.read()) silently_remove('./rsa-test.public_key.pem') silently_remove('./rsa-test.private_key.pem')
def test_rsa_provider_adapter(self): silently_remove('./rsa-test.public_key.pem') silently_remove('./rsa-test.private_key.pem') provider = LocalRsaProvider(dir='./', key='rsa-test') content = b'a' * random.randint(1, 100) * 1024 content_crypto_material = provider.create_content_material() plain_key = provider.decrypt_encrypted_key( content_crypto_material.encrypted_key) plain_iv = provider.decrypt_encrypted_iv( content_crypto_material.encrypted_iv) cipher = content_crypto_material.cipher stream_encrypted = provider.make_encrypt_adapter(content, cipher) encrypted_content = stream_encrypted.read() # reset cipher cipher.initialize(plain_key, plain_iv) stream_decrypted = provider.make_decrypt_adapter( encrypted_content, cipher) self.assertEqual(content, stream_decrypted.read()) silently_remove('./rsa-test.public_key.pem') silently_remove('./rsa-test.private_key.pem') provider = RsaProvider(key_pair) content = b'b' * random.randint(1, 100) * 1024 content_crypto_material = provider.create_content_material() plain_key = provider.decrypt_encrypted_key( content_crypto_material.encrypted_key) plain_iv = provider.decrypt_encrypted_iv( content_crypto_material.encrypted_iv) cipher = content_crypto_material.cipher stream_encrypted = provider.make_encrypt_adapter(content, cipher) encrypted_content = stream_encrypted.read() # reset cipher cipher.initialize(plain_key, plain_iv) stream_decrypted = provider.make_decrypt_adapter( encrypted_content, cipher) self.assertEqual(content, stream_decrypted.read())
def test_local_rsa_provider_diff_keys(self): silently_remove('./rsa-test.public_key.pem') silently_remove('./rsa-test.private_key.pem') silently_remove('./rsa-test-diff.public_key.pem') silently_remove('./rsa-test-diff.private_key.pem') provider = LocalRsaProvider(dir='./', key='rsa-test') provider_diff = LocalRsaProvider(dir='./', key='rsa-test-diff') plain_key = provider.get_key() plain_iv = provider.get_iv() with patch.object(oss2.utils, 'random_key', return_value=plain_key, autospect=True): with patch.object(oss2.utils, 'random_iv', return_value=plain_iv, autospect=True): content_crypto_material = provider.create_content_material() self.assertFalse(content_crypto_material.is_unencrypted()) self.assertRaises(ClientError, provider_diff.decrypt_encrypted_key, content_crypto_material.encrypted_key) self.assertRaises(ClientError, provider_diff.decrypt_encrypted_iv, content_crypto_material.encrypted_iv) silently_remove('./rsa-test.public_key.pem') silently_remove('./rsa-test.private_key.pem') silently_remove('./rsa-test-diff.public_key.pem') silently_remove('./rsa-test-diff.private_key.pem') provider = RsaProvider(key_pair=key_pair) provider_diff = RsaProvider(key_pair=key_pair_compact) plain_key = provider.get_key() plain_iv = provider.get_iv() with patch.object(oss2.utils, 'random_key', return_value=plain_key, autospect=True): with patch.object(oss2.utils, 'random_iv', return_value=plain_iv, autospect=True): content_crypto_material = provider.create_content_material() self.assertFalse(content_crypto_material.is_unencrypted()) self.assertRaises(ClientError, provider_diff.decrypt_encrypted_key, content_crypto_material.encrypted_key) self.assertRaises(ClientError, provider_diff.decrypt_encrypted_iv, content_crypto_material.encrypted_iv)