def testReadAcrastructInAcrastruct(self):
"""test correct decrypting acrastruct when acrastruct concatenated to
partial another acrastruct"""
keyname = 'keypair1_storage'
with open('.acrakeys/{}.pub'.format(keyname), 'rb') as f:
server_public1 = f.read()
incorrect_data = self.get_random_data()
correct_data = self.get_random_data()
fake_offset = (3 + 45 + 84) - 4
fake_acra_struct = create_acrastruct(incorrect_data.encode('ascii'),
server_public1)[:fake_offset]
inner_acra_struct = create_acrastruct(correct_data.encode('ascii'),
server_public1)
data = fake_acra_struct + inner_acra_struct
row_id = self.get_random_id()
self.log(keyname, data,
fake_acra_struct + correct_data.encode('ascii'))
self.engine1.execute(test_table.insert(), {
'id': row_id,
'data': data,
'raw_data': correct_data
})
result = self.engine1.execute(
sa.select([test_table]).where(test_table.c.id == row_id))
row = result.fetchone()
try:
self.assertEqual(row['data'][fake_offset:],
row['raw_data'].encode('utf-8'))
except UnicodeDecodeError:
print(
'incorrect data: {}\ncorrect data: {}\ndata: {}\n data len: {}'
.format(incorrect_data, correct_data, row['data'],
len(row['data'])))
raise
result = self.engine2.execute(
sa.select([test_table]).where(test_table.c.id == row_id))
row = result.fetchone()
self.assertNotEqual(
row['data'][fake_offset:].decode('ascii', errors='ignore'),
row['raw_data'])
result = self.engine_raw.execute(
sa.select([test_table]).where(test_table.c.id == row_id))
row = result.fetchone()
self.assertNotEqual(
row['data'][fake_offset:].decode('ascii', errors='ignore'),
row['raw_data'])
def testProxyRead(self):
data = self.get_random_data()
zone_public = b64decode(zones[0]['public_key'].encode('ascii'))
acra_struct = create_acrastruct(data.encode('ascii'),
zone_public,
context=zones[0]['id'].encode('ascii'))
row_id = self.get_random_id()
self.log(zones[0]['id'] + '_zone', acra_struct, data.encode('ascii'))
self.engine1.execute(test_table.insert(), {
'id': row_id,
'data': acra_struct,
'raw_data': data
})
zone = zones[0]['id'].encode('ascii')
result = self.engine1.execute(
sa.select([sa.cast(zone, BYTEA),
test_table]).where(test_table.c.id == row_id))
row = result.fetchone()
self.assertEqual(row['data'], row['raw_data'].encode('utf-8'))
# without zone in another proxy, in the same proxy and without any proxy
for engine in self.engines:
result = engine.execute(
sa.select([test_table]).where(test_table.c.id == row_id))
row = result.fetchone()
self.assertNotEqual(row['data'].decode('ascii', errors='ignore'),
row['raw_data'])
def testProxyRead(self):
"""test decrypting with correct acraproxy and not decrypting with
incorrect acraproxy or using direct connection to db"""
keyname = 'keypair1_storage'
with open('.acrakeys/{}.pub'.format(keyname), 'rb') as f:
server_public1 = f.read()
data = self.get_random_data()
acra_struct = create_acrastruct(data.encode('ascii'), server_public1)
row_id = self.get_random_id()
self.log(keyname, acra_struct, data.encode('ascii'))
self.engine1.execute(test_table.insert(), {
'id': row_id,
'data': acra_struct,
'raw_data': data
})
result = self.engine1.execute(
sa.select([test_table]).where(test_table.c.id == row_id))
row = result.fetchone()
self.assertEqual(row['data'], row['raw_data'].encode('utf-8'))
result = self.engine2.execute(
sa.select([test_table]).where(test_table.c.id == row_id))
row = result.fetchone()
self.assertNotEqual(row['data'].decode('ascii', errors='ignore'),
row['raw_data'])
result = self.engine_raw.execute(
sa.select([test_table]).where(test_table.c.id == row_id))
row = result.fetchone()
self.assertNotEqual(row['data'].decode('ascii', errors='ignore'),
row['raw_data'])
def write_data(data, connection, sslcontext=None):
zone_id, key = get_zone(sslcontext=sslcontext)
print("data: {}\nzone: {}".format(data, zone_id))
# here we encrypt our data and wrap into AcraStruct
encrypted_data = create_acrastruct(data.encode('utf-8'), key,
zone_id.encode('utf-8'))
connection.execute(test_table.insert(), data=encrypted_data, raw_data=data)
def testReadAcrastructInAcrastruct(self):
incorrect_data = self.get_random_data()
correct_data = self.get_random_data()
zone_public = b64decode(zones[0]['public_key'].encode('ascii'))
fake_offset = (3 + 45 + 84) - 1
fake_acra_struct = create_acrastruct(
incorrect_data.encode('ascii'),
zone_public,
context=zones[0]['id'].encode('ascii'))[:fake_offset]
inner_acra_struct = create_acrastruct(
correct_data.encode('ascii'),
zone_public,
context=zones[0]['id'].encode('ascii'))
data = fake_acra_struct + inner_acra_struct
self.log(zones[0]['id'] + '_zone', data,
fake_acra_struct + correct_data.encode('ascii'))
row_id = self.get_random_id()
self.engine1.execute(test_table.insert(), {
'id': row_id,
'data': data,
'raw_data': correct_data
})
zone = zones[0]['id'].encode('ascii')
result = self.engine1.execute(
sa.select([sa.cast(zone, BYTEA),
test_table]).where(test_table.c.id == row_id))
row = result.fetchone()
self.assertEqual(row['data'][fake_offset:],
row['raw_data'].encode('utf-8'))
result = self.engine2.execute(
sa.select([test_table]).where(test_table.c.id == row_id))
row = result.fetchone()
self.assertNotEqual(
row['data'][fake_offset:].decode('ascii', errors='ignore'),
row['raw_data'])
result = self.engine_raw.execute(
sa.select([test_table]).where(test_table.c.id == row_id))
row = result.fetchone()
self.assertNotEqual(
row['data'][fake_offset:].decode('ascii', errors='ignore'),
row['raw_data'])
def get_db_prep_value(self, value, connection, prepared=False):
value = super(CharField,
self).get_db_prep_value(value, connection, prepared)
if value == '':
return b''
elif value is None:
return None
else:
return acrawriter.create_acrastruct(value.encode(self._encoding),
self._public_key)
def setup_df(table, zone_id, key, n=1000000, encrypt=False):
zone_id_utf8 = zone_id.encode('utf-8')
data = dict()
for i in range(n):
raw = str(
i
) + ': een beetje lange string om wat vulling te creëren, raw_' + str(
i)
if encrypt:
enc = create_acrastruct(raw.encode('utf-8'), key, zone_id_utf8)
else:
enc = raw
data[i] = (i, zone_id, enc, raw)
return pd.DataFrame.from_dict(data,
columns=[c.name for c in table.columns],
orient='index')
def test_with_zone_to_file(self):
zone_public = b64decode(zones[0]['public_key'].encode('ascii'))
rows = []
for _ in range(self.DATA_COUNT):
data = self.get_random_data()
row = {
'raw_data':
data,
'data':
create_acrastruct(data.encode('ascii'),
zone_public,
context=zones[0]['id'].encode('ascii')),
'id':
self.get_random_id()
}
rows.append(row)
self.engine_raw.execute(test_table.insert(), rows)
subprocess.check_call([
'./acra_rollback', '--client_id=keypair1',
'--connection_string=dbname={dbname} user={user} '
'password={password} host={host} port={port}'.format(
dbname=self.DB_NAME,
user=self.DB_USER,
port=self.DB_PORT,
password=self.DB_USER_PASSWORD,
host=self.DB_HOST), '--output_file={}'.format(
self.output_filename),
'--select=select \'{id}\'::bytea, data from {table};'.format(
id=zones[0]['id'], table=test_table.name), '--zonemode=true',
'--insert=insert into {} values($1);'.format(
rollback_output_table.name)
],
cwd=os.getcwd())
# execute file
with open(self.output_filename, 'r') as f:
for line in f:
self.engine_raw.execute(line)
source_data = set([i['raw_data'].encode('ascii') for i in rows])
result = self.engine_raw.execute(rollback_output_table.select())
result = result.fetchall()
for data in result:
self.assertIn(data[0], source_data)
def test_without_zone_to_file(self):
keyname = 'keypair1_storage'
with open('.acrakeys/{}.pub'.format(keyname), 'rb') as f:
server_public1 = f.read()
rows = []
for _ in range(self.DATA_COUNT):
data = self.get_random_data()
row = {
'raw_data': data,
'data': create_acrastruct(data.encode('ascii'),
server_public1),
'id': self.get_random_id()
}
rows.append(row)
self.engine_raw.execute(test_table.insert(), rows)
subprocess.check_call([
'./acra_rollback', '--client_id=keypair1',
'--connection_string=dbname={dbname} user={user} '
'password={password} host={host} port={port}'.format(
dbname=self.DB_NAME,
user=self.DB_USER,
port=self.DB_PORT,
password=self.DB_USER_PASSWORD,
host=self.DB_HOST), '--output_file={}'.format(
self.output_filename),
'--select=select data from {};'.format(
test_table.name), '--insert=insert into {} values($1);'.format(
rollback_output_table.name)
],
cwd=os.getcwd())
# execute file
with open(self.output_filename, 'r') as f:
for line in f:
self.engine_raw.execute(line)
source_data = set([i['raw_data'].encode('ascii') for i in rows])
result = self.engine_raw.execute(rollback_output_table.select())
result = result.fetchall()
for data in result:
self.assertIn(data[0], source_data)
def testWithEncoding(self):
test_data = 'some data'
public_key = GenerateKeyPair(KEY_PAIR_TYPE.EC).export_public_key()
self.assertIsNotNone(create_acrastruct(test_data, public_key))
def testWithContext(self):
test_data = b'some data'
context = b'some context'
public_key = GenerateKeyPair(KEY_PAIR_TYPE.EC).export_public_key()
self.assertIsNotNone(create_acrastruct(test_data, public_key, context))
help='Client ID (default: testclientid)')
parser.add_argument(
'--zone_id', nargs='?', help='Zone ID')
parser.add_argument(
'--keys_dir', nargs='?', default='docker/.acrakeys/acra-writer',
help='Directory where keys placed (default: docker/.acrakeys/acra-writer)')
parser.add_argument(
'--data', nargs='?', default='Plain text.',
help='Plain text to encode (default: "Plain text.")')
parser.add_argument(
'--out_file', nargs='?', default='',
help='Save AcraStruct to filename (default: "<client_id>.acrastruct")')
args = parser.parse_args()
as_out_file = args.out_file
if as_out_file == '':
if args.zone_id:
as_out_file = '{}.acrastruct'.format(args.zone_id)
else:
as_out_file = '{}.acrastruct'.format(args.client_id)
if args.zone_id:
encryption_key = read_zone_public_key(args.zone_id, args.keys_dir)
acrastruct = create_acrastruct(args.data, encryption_key, args.zone_id.encode('ascii'))
else:
encryption_key = read_storage_public_key(args.client_id, args.keys_dir)
acrastruct = create_acrastruct(args.data, encryption_key)
with open(as_out_file, 'wb') as f:
f.write(acrastruct)
def process_bind_param(self, value, dialect):
return create_acrastruct(value, self._public_key)
for row in result:
try:
print("{:<3} - {} - {} - {:>10}\n".format(
row['id'], row[0], row['data'].decode('utf-8'),
row['raw_data']))
except:
print("{:<3} - {} - {} - {:>10}\n".format(
row['id'], row[0], row['data'], row['raw_data']))
else:
if args.zone_id:
print("For encrypting will be used random generated zone_id")
exit(1)
zone_id, key = get_zone()
data = bytes([randint(32, 126) for _ in range(randint(10, 20))])
string_data = ''.join(
choice(string.ascii_letters) for _ in range(randint(10, 20)))
data = args.data or string_data
print("data: {}\nzone: {}".format(data, zone_id))
encrypted_data = create_acrastruct(data.encode('utf-8'), key,
zone_id.encode('utf-8'))
rid = randint(1, 100500)
proxy_connection.execute(test.insert(),
data=encrypted_data,
id=rid,
raw_data='(zone: {}) - {}'.format(
zone_id, data))
print("saved with zone: {}".format(zone_id))
default='docker/.acrakeys/acra-writer',
help='Directory where keys placed (default: docker/.acrakeys/acra-writer)')
parser.add_argument('--data',
nargs='?',
default='Plain text.',
help='Plain text to encode (default: "Plain text.")')
parser.add_argument(
'--out_file',
nargs='?',
default='',
help='Save AcraStruct to filename (default: "<client_id>.acrastruct")')
args = parser.parse_args()
as_out_file = args.out_file
if as_out_file == '':
if args.zone_id:
as_out_file = '{}.acrastruct'.format(args.zone_id)
else:
as_out_file = '{}.acrastruct'.format(args.client_id)
if args.zone_id:
encryption_key = read_zone_public_key(args.zone_id, args.keys_dir)
acrastruct = create_acrastruct(args.data.encode('utf-8'), encryption_key,
args.zone_id.encode('utf-8'))
else:
encryption_key = read_storage_public_key(args.client_id, args.keys_dir)
acrastruct = create_acrastruct(args.data.encode('utf-8'), encryption_key)
with open(as_out_file, 'wb') as f:
f.write(acrastruct)
