def test_cryptostring_has_symbol(): s_util = CryptoString() crypto_string = 'Th1sP@sswordH4sSymbols!' assert s_util.has_symbol(crypto_string) is True crypto_string = r'!@#$%^&*()[]\}{|<>?,./~`' assert s_util.has_symbol(crypto_string) is True crypto_string = 'ThisPasswordH4sNoSymbols' assert s_util.has_symbol(crypto_string) is False
def test_cryptostring_has_lower(): s_util = CryptoString() crypto_string = 'Th1sP@sswordH4sLowers!' assert s_util.has_lower(crypto_string) is True crypto_string = 'thispasswordhasonlylowers' assert s_util.has_lower(crypto_string) is True crypto_string = 'TH1SP@SSWORDH4SNOLOWERS!' assert s_util.has_lower(crypto_string) is False
def test_cryptostring_has_number(): s_util = CryptoString() crypto_string = 'Th1sP@sswordH4sNumbers!' assert s_util.has_number(crypto_string) is True crypto_string = '123456789012345678901234567890' assert s_util.has_number(crypto_string) is True crypto_string = 'ThisP@sswordHasNoNumbers!' assert s_util.has_number(crypto_string) is False
def test_cryptostring_short_len(): s_util = CryptoString() s = s_util.get_crypto_string(0) assert len(s) == 24 s = s_util.get_crypto_string(23) assert len(s) == 24 s = s_util.get_crypto_string(-1) assert len(s) == 24
def test_cryptostring_has_upper(): s_util = CryptoString() crypto_string = 'Th1sP@sswordH4sUppers!' assert s_util.has_upper(crypto_string) is True crypto_string = 'THISPASSWORDHASONLYUPPERS' assert s_util.has_upper(crypto_string) is True crypto_string = 'th1sp@sswordh4snouppers!' assert s_util.has_upper(crypto_string) is False
def test_cryptostring_has_all(): s_util = CryptoString() crypto_string = s_util.get_crypto_string() assert s_util.validate_crypto_str(crypto_string) is True crypto_string = 'Th1sP@sswordH4sItAll!' assert s_util.validate_crypto_str(crypto_string) is True crypto_string = 'th1sp@sswordh4snouppers!' assert s_util.validate_crypto_str(crypto_string) is False crypto_string = 'TH1SP@SSWORDH4SNOLOWERS!' assert s_util.validate_crypto_str(crypto_string) is False crypto_string = 'ThisP@sswordHasNoNumbers!' assert s_util.validate_crypto_str(crypto_string) is False crypto_string = 'ThisPasswordH4sNoSymbols' assert s_util.validate_crypto_str(crypto_string) is False
def test_cryptostring_all_profile(): s_util = CryptoString(profile='all') crypto_string = s_util.get_crypto_string() assert s_util.has_lower(crypto_string) is True assert s_util.has_upper(crypto_string) is True assert s_util.has_number(crypto_string) is True assert s_util.has_symbol(crypto_string) is True
def generate_crypto_string(length): """ Create a cryptographic string. :param int length: Length of cryptographic string. :rtype: string """ return CryptoString().get_crypto_string(length)
def test_cryptostring_hex_upper_profile(): s_util = CryptoString(profile='hex_upper') crypto_string = s_util.get_crypto_string() assert s_util.has_lower(crypto_string) is False assert s_util.has_upper(crypto_string) is True assert s_util.has_number(crypto_string) is True assert s_util.has_symbol(crypto_string) is False bad_letters = any(char in 'GHIJKLMNOPQRSTUVWXYZ' for char in crypto_string) assert not bad_letters
def test_cryptostring_hex_lower_profile(): s_util = CryptoString(profile='hex_lower') crypto_string = s_util.get_crypto_string() assert s_util.has_lower(crypto_string) is True assert s_util.has_upper(crypto_string) is False assert s_util.has_number(crypto_string) is True assert s_util.has_symbol(crypto_string) is False bad_letters = any(char in 'ghijklmnopqrstuvwxyz' for char in crypto_string) assert not bad_letters
def test_cryptostring_default_profile(): s_util = CryptoString(profile='default') crypto_string = s_util.get_crypto_string() assert s_util.has_lower(crypto_string) is True assert s_util.has_upper(crypto_string) is True assert s_util.has_number(crypto_string) is True assert s_util.has_symbol(crypto_string) is True bad_symbols = any( char in '!"$%()*,./:;<>[]^_`{|}~\'' for char in crypto_string) assert not bad_symbols
def test_profiles_catalog(*_): _dir = tempfile.mkdtemp() os.makedirs(os.path.join(_dir, 'cicd_site_repo'), exist_ok=True) PassphraseGenerator('cicd', _dir, 'test_author').generate() s_util = CryptoString() for passphrase in TEST_PROFILES_CATALOG['data']['passphrases']: passphrase_file_name = '{}.yaml'.format(passphrase['document_name']) passphrase_file_path = os.path.join(_dir, 'site', 'cicd', 'secrets', 'passphrases', passphrase_file_name) assert os.path.isfile(passphrase_file_path) with open(passphrase_file_path) as stream: doc = yaml.safe_load(stream) decrypted_passphrase = encryption.decrypt( doc['data']['managedDocument']['data'], os.environ['PEGLEG_PASSPHRASE'].encode(), os.environ['PEGLEG_SALT'].encode()).decode() assert len(decrypted_passphrase) == 24 if passphrase_file_name == "default_passphrase.yaml": assert s_util.has_lower(decrypted_passphrase) is True assert s_util.has_upper(decrypted_passphrase) is True assert s_util.has_number(decrypted_passphrase) is True assert s_util.has_symbol(decrypted_passphrase) is True bad_symbols = any(char in '!"$%()*,./:;<>[]^_`{|}~\'' for char in decrypted_passphrase) assert not bad_symbols elif passphrase_file_name == "alphanumeric_passphrase.yaml": assert s_util.has_lower(decrypted_passphrase) is True assert s_util.has_upper(decrypted_passphrase) is True assert s_util.has_number(decrypted_passphrase) is True assert s_util.has_symbol(decrypted_passphrase) is False elif passphrase_file_name == "alphanumeric_lower_passphrase.yaml": assert s_util.has_lower(decrypted_passphrase) is True assert s_util.has_upper(decrypted_passphrase) is False assert s_util.has_number(decrypted_passphrase) is True assert s_util.has_symbol(decrypted_passphrase) is False elif passphrase_file_name == "alphanumeric_upper_passphrase.yaml": assert s_util.has_lower(decrypted_passphrase) is False assert s_util.has_upper(decrypted_passphrase) is True assert s_util.has_number(decrypted_passphrase) is True assert s_util.has_symbol(decrypted_passphrase) is False elif passphrase_file_name == "all_passphrase.yaml": assert s_util.has_lower(decrypted_passphrase) is True assert s_util.has_upper(decrypted_passphrase) is True assert s_util.has_number(decrypted_passphrase) is True assert s_util.has_symbol(decrypted_passphrase) is True elif passphrase_file_name == "hex_lower_passphrase.yaml": assert s_util.has_lower(decrypted_passphrase) is True assert s_util.has_upper(decrypted_passphrase) is False assert s_util.has_number(decrypted_passphrase) is True assert s_util.has_symbol(decrypted_passphrase) is False bad_letters = any(char in 'ghijklmnopqrstuvwxyz' for char in decrypted_passphrase) assert not bad_letters elif passphrase_file_name == "hex_upper_passphrase.yaml": assert s_util.has_lower(decrypted_passphrase) is False assert s_util.has_upper(decrypted_passphrase) is True assert s_util.has_number(decrypted_passphrase) is True assert s_util.has_symbol(decrypted_passphrase) is False bad_letters = any(char in 'GHIJKLMNOPQRSTUVWXYZ' for char in decrypted_passphrase) assert not bad_letters
def generate(self, interactive=False, force_cleartext=False): """ For each passphrase entry in the passphrase catalog, generate a random passphrase string, based on a passphrase specification in the catalog. Create a pegleg managed document, wrap the generated passphrase document in the pegleg managed document, and encrypt the passphrase. Write the wrapped and encrypted document in a file at <repo_name>/site/<site_name>/secrets/passphrases/passphrase_name.yaml. :param bool interactive: If true, allow input :param bool force_cleartext: If true, don't encrypt """ for p_name in self._catalog.get_passphrase_names: # Check if this secret is present and should not be regenerated save_path = self.get_save_path(p_name) regenerable = self._catalog.is_passphrase_regenerable(p_name) if os.path.exists(save_path) and not regenerable: continue # Generate secret as it either does not exist yet or is a # regenerable secret and does exist but should be rotated. passphrase = None passphrase_type = self._catalog.get_passphrase_type(p_name) prompt = self._catalog.is_passphrase_prompt(p_name) profile = self._catalog.get_passphrase_profile(p_name) if interactive and prompt: auto_allowed = regenerable if passphrase_type == 'uuid': # nosec passphrase = self._prompt_user_passphrase_and_validate( p_name, 'UUID', self.validate_uuid, auto_allowed=auto_allowed) elif passphrase_type == 'base64': # nosec passphrase = self._prompt_user_passphrase_and_validate( p_name, 'passphrase (b64)', self.validate_base64, auto_allowed=auto_allowed) elif passphrase_type == 'passphrase': passphrase = self._prompt_user_passphrase_and_validate( p_name, 'passphrase', self.validate_passphrase, auto_allowed=auto_allowed) elif not interactive and prompt: LOG.debug('Skipping interactive input for %s', p_name) continue if not passphrase: if passphrase_type == 'uuid': # nosec passphrase = uuidutils.generate_uuid() else: passphrase = CryptoString(profile).get_crypto_string( self._catalog.get_length(p_name)) if passphrase_type == 'base64': # nosec # Take the randomly generated string and convert to a # random base64 string passphrase = passphrase.encode() passphrase = base64.b64encode(passphrase).decode() docs = list() if force_cleartext: storage_policy = passphrase_catalog.P_CLEARTEXT LOG.warning("Passphrases for {} will be " "generated in clear text.".format(p_name)) else: storage_policy = self._catalog.get_storage_policy(p_name) docs.append( self.generate_doc(KIND, p_name, storage_policy, passphrase)) if storage_policy == passphrase_catalog.P_ENCRYPTED: PeglegSecretManagement( docs=docs, generated=True, author=self._author, catalog=self._catalog).encrypt_secrets(save_path) else: files.write(docs, save_path)
def test_cryptostring_long_len(): s_util = CryptoString() s = s_util.get_crypto_string(25) assert len(s) == 25 s = s_util.get_crypto_string(128) assert len(s) == 128
def test_cryptostring_default_len(): s_util = CryptoString() s = s_util.get_crypto_string() assert len(s) == 24