def _encrypt_payload(self, headers, body): """Encryption enforcement based on configuration - encrypt and add session key params to header or body""" conf = self._encryption_conf if conf.use_http_headers: params = SessionKeyParams.generate(conf) encryption_params = { conf.iv_field_name: params.iv_value, conf.encrypted_key_field_name: params.encrypted_key_value } if conf.encryption_certificate_fingerprint_field_name: encryption_params[conf.encryption_certificate_fingerprint_field_name] = \ conf.encryption_certificate_fingerprint if conf.encryption_key_fingerprint_field_name: encryption_params[conf.encryption_key_fingerprint_field_name] = conf.encryption_key_fingerprint if conf.oaep_padding_digest_algorithm_field_name: encryption_params[conf.oaep_padding_digest_algorithm_field_name] = conf.oaep_padding_digest_algorithm encrypted_payload = encrypt_payload(body, conf, params) headers.update(encryption_params) else: encrypted_payload = encrypt_payload(body, conf) return encrypted_payload
def request(self, method, url, query_params=None, headers=None, post_params=None, body=None, _preload_content=True, _request_timeout=None): check = -1 if body: if url == "testservice/headers": iv = headers["x-iv"] encrypted_key = headers["x-key"] oaep_digest_algo = headers[ "x-oaep-digest"] if "x-oaep-digest" in headers else None params = SessionKeyParams(self._config, encrypted_key, iv, oaep_digest_algo) else: params = None plain = encryption.decrypt_payload(body, self._config, params) check = plain["data"]["secret2"] - plain["data"]["secret1"] res = {"data": {"secret": check}} else: res = {"data": {"secret": [53, 84, 75]}} if url == "testservice/headers" and method in ["GET", "POST", "PUT"]: params = SessionKeyParams.generate(self._config) json_resp = encryption.encrypt_payload(res, self._config, params) response_headers = { "Content-Type": "application/json", "x-iv": params.iv_value, "x-key": params.encrypted_key_value, "x-oaep-digest": self._config.oaep_padding_digest_algorithm } mock_headers = Mock(return_value=response_headers) else: json_resp = encryption.encrypt_payload(res, self._config) mock_headers = Mock( return_value={"Content-Type": "application/json"}) response = Mock() response.status = 200 response.getheaders = mock_headers if method in ["GET", "POST", "PUT"]: response.data = json_resp else: response.data = "OK" if check == 0 else "KO" return response
def test_encrypt_payload_with_multiple_encryption_paths(self): self._config._paths["$"]._to_encrypt = { "data1": "encryptedData1", "data2": "encryptedData2" } payload = { "data1": { "field1": "value1", "field2": "value2" }, "data2": { "field3": "value3", "field4": "value4" }, "encryptedData1": {}, "encryptedData2": {} } encrypted_payload = to_test.encrypt_payload(payload, self._config) self.assertNotIn("data1", encrypted_payload) self.assertNotIn("data2", encrypted_payload) enc_data1 = encrypted_payload["encryptedData1"] enc_data2 = encrypted_payload["encryptedData2"] self.assertIsNotNone(enc_data1["iv"]) self.assertIsNotNone(enc_data1["encryptedKey"]) self.assertIsNotNone(enc_data1["encryptedValue"]) self.assertIsNotNone(enc_data2["iv"]) self.assertIsNotNone(enc_data2["encryptedKey"]) self.assertIsNotNone(enc_data2["encryptedValue"]) self.assertNotEqual(enc_data1["iv"], enc_data2["iv"], "using same set of params")
def test_encrypt_payload_with_type_list(self): payload = { "data": ["item1", "item2", "item3"], "encryptedData": {} } encrypted_payload = to_test.encrypt_payload(payload, self._config) self.__assert_payload_encrypted(payload, encrypted_payload, self._config)
def test_encrypt_payload_with_type_boolean(self): payload = { "data": False, "encryptedData": {} } encrypted_payload = to_test.encrypt_payload(payload, self._config) self.__assert_payload_encrypted(payload, encrypted_payload, self._config)
def test_encrypt_payload_with_type_string(self): payload = { "data": "string", "encryptedData": {} } encrypted_payload = to_test.encrypt_payload(payload, self._config) self.__assert_payload_encrypted(payload, encrypted_payload, self._config)
def test_encrypt_payload_with_type_float(self): payload = { "data": 123.34, "encryptedData": {} } encrypted_payload = to_test.encrypt_payload(payload, self._config) self.__assert_payload_encrypted(payload, encrypted_payload, self._config)
def test_encrypt_payload_when_root_as_in_path(self): self._config._paths["$"]._to_encrypt = {"$": "encryptedData"} payload = {"field1": "value1", "field2": "value2"} encrypted_payload = to_test.encrypt_payload(payload, self._config) self.assertNotIn("field1", encrypted_payload) self.assertNotIn("field2", encrypted_payload) self.assertIn("encryptedData", encrypted_payload) self.assertEqual(6, len(encrypted_payload["encryptedData"].keys()))
def test_encrypt_payload_base64_field_encoding(self): payload = { "data": { "field1": "value1", "field2": "value2" }, "encryptedData": {} } encrypted_payload = to_test.encrypt_payload(payload, self._config) self.__assert_payload_encrypted(payload, encrypted_payload, self._config)
def test_encrypt_payload_skip_when_in_path_does_not_exist(self): payload = { "dataNotToEncrypt": { "field1": "value1", "field2": "value2" }, "encryptedData": {} } encrypted_payload = to_test.encrypt_payload(payload, self._config) self.assertEqual(payload, encrypted_payload)
def test_encrypt_payload_hex_field_encoding(self): self._config._data_encoding = Encoding.HEX payload = { "data": { "field1": "value1", "field2": "value2" }, "encryptedData": {} } encrypted_payload = to_test.encrypt_payload(payload, self._config) self.__assert_payload_encrypted(payload, encrypted_payload, self._config)
def test_encrypt_payload_when_session_key_params_is_provided(self): payload = {"data": {}, "encryptedData": {}} params = SessionKeyParams.generate(self._config) encrypted_payload = to_test.encrypt_payload(payload, self._config, params) self.assertNotIn("data", encrypted_payload) self.assertIn("encryptedData", encrypted_payload) self.assertIn("encryptedValue", encrypted_payload["encryptedData"]) self.assertEqual(1, len(encrypted_payload["encryptedData"].keys())) del payload["encryptedData"] self.assertEqual( payload, to_test.decrypt_payload(encrypted_payload, self._config, params))
def test_encrypt_payload_when_root_as_in_and_out_path(self): self._config._paths["$"]._to_encrypt = {"$": "$"} payload = {"field1": "value1", "field2": "value2"} encrypted_payload = to_test.encrypt_payload(payload, self._config) self.assertNotIn("field1", encrypted_payload) self.assertNotIn("field2", encrypted_payload) self.assertIn("iv", encrypted_payload) self.assertIn("encryptedKey", encrypted_payload) self.assertIn("encryptedValue", encrypted_payload) self.assertIn("certFingerprint", encrypted_payload) self.assertIn("keyFingerprint", encrypted_payload) self.assertIn("oaepHashingAlgo", encrypted_payload)
def test_encrypt_payload_when_session_key_params_is_None(self): payload = { "data": { "field1": "value1", "field2": "value2" }, "encryptedData": {} } encrypted_payload = to_test.encrypt_payload(payload, self._config, None) self.assertNotIn("field1", encrypted_payload) self.assertNotIn("field2", encrypted_payload) self.assertIn("encryptedData", encrypted_payload) self.assertEqual(6, len(encrypted_payload["encryptedData"].keys()))
def test_encrypt_payload_create_node_when_out_path_parent_exists(self): self._config._paths["$"]._to_encrypt = {"data": "encryptedDataParent.encryptedData"} payload = { "data": { "field1": "value1", "field2": "value2" }, "encryptedDataParent": {} } encrypted_payload = to_test.encrypt_payload(payload, self._config) self.assertNotIn("data", encrypted_payload) self.assertIn("encryptedDataParent", encrypted_payload) self.assertIn("encryptedData", encrypted_payload["encryptedDataParent"])
def test_encrypt_payload_when_oaep_padding_digest_algorithm_field_not_set(self): self._config._oaep_padding_digest_algorithm_field_name = None payload = { "data": { "field1": "value1", "field2": "value2" }, "encryptedData": {} } encrypted_payload = to_test.encrypt_payload(payload, self._config) self.assertNotIn("data", encrypted_payload) self.assertIn("encryptedData", encrypted_payload) self.assertEqual(5, len(encrypted_payload["encryptedData"].keys()))
def test_encrypt_payload_when_out_path_already_contains_data(self): payload = { "data": { "field1": "value1", "field2": "value2" }, "encryptedData": { "field1": "fieldValue", "iv": "previousIv" } } encrypted_payload = to_test.encrypt_payload(payload, self._config) self.assertNotIn("data", encrypted_payload) self.assertIn("encryptedData", encrypted_payload) self.assertIn("field1", encrypted_payload["encryptedData"]) self.assertIn("iv", encrypted_payload["encryptedData"]) self.assertEqual("fieldValue", encrypted_payload["encryptedData"]["field1"]) self.assertNotEqual("previousIv", encrypted_payload["encryptedData"]["iv"])
def test_encrypt_payload_as_string(self): payload = '{"data": {"field1": "value1","field2": "value2"},"encryptedData": {}}' encrypted_payload = to_test.encrypt_payload(payload, self._config) self.__assert_payload_encrypted(json.loads(payload), encrypted_payload, self._config)