def test__deals_fine_with_whitespace_in_filesystem_value(self): secret = self.write_secret() write_text_file( security.get_shared_secret_filesystem_path(), " %s\n" % security.to_hex(secret), ) self.assertEqual(secret, security.get_shared_secret_from_filesystem())
def get_shared_secret_txn(): # Load secret from database, if it exists. secret_in_db_hex = Config.objects.get_config("rpc_shared_secret") if secret_in_db_hex is None: secret_in_db = None else: secret_in_db = to_bin(secret_in_db_hex) # Load secret from the filesystem, if it exists. secret_on_fs = get_shared_secret_from_filesystem() if secret_in_db is None and secret_on_fs is None: secret = os.urandom(16) # 16-bytes of crypto-standard noise. Config.objects.set_config("rpc_shared_secret", to_hex(secret)) set_shared_secret_on_filesystem(secret) elif secret_in_db is None: secret = secret_on_fs Config.objects.set_config("rpc_shared_secret", to_hex(secret)) elif secret_on_fs is None: secret = secret_in_db set_shared_secret_on_filesystem(secret) elif secret_in_db == secret_on_fs: secret = secret_in_db # or secret_on_fs. else: raise AssertionError( "The secret stored in the database does not match the secret " "stored on the filesystem at %s. Please investigate." % get_shared_secret_filesystem_path()) return secret
def test__writes_with_secure_permissions(self): secret = factory.make_bytes() security.set_shared_secret_on_filesystem(secret) secret_path = security.get_shared_secret_filesystem_path() perms_observed = stat(secret_path).st_mode & 0o777 perms_expected = 0o640 self.assertEqual( perms_expected, perms_observed, "Expected %04o, got %04o." % (perms_expected, perms_observed))
def test__writes_with_lock(self): lock = FileLock(security.get_shared_secret_filesystem_path()) self.assertFalse(lock.is_locked()) def check_lock(path, data): self.assertTrue(lock.is_locked()) write_text_file = self.patch_autospec(security, "write_text_file") write_text_file.side_effect = check_lock security.set_shared_secret_on_filesystem(b"foo") self.assertThat(write_text_file, MockCalledOnceWith(ANY, ANY)) self.assertFalse(lock.is_locked())
def test__reads_with_lock(self): lock = FileLock(security.get_shared_secret_filesystem_path()) self.assertFalse(lock.is_locked()) def check_lock(path): self.assertTrue(lock.is_locked()) return "12" # Two arbitrary hex characters. read_text_file = self.patch_autospec(security, "read_text_file") read_text_file.side_effect = check_lock security.get_shared_secret_from_filesystem() self.assertThat(read_text_file, MockCalledOnceWith(ANY)) self.assertFalse(lock.is_locked())
def test__prints_message_when_secret_is_installed(self): stdin = self.patch_autospec(security, "stdin") stdin.readline.return_value = ( b2a_hex(factory.make_bytes()).decode("ascii")) stdin.isatty.return_value = False print = self.patch(security, "print") self.installAndCheckExitCode(0) shared_secret_path = security.get_shared_secret_filesystem_path() self.assertThat( print, MockCalledOnceWith( "Secret installed to %s." % shared_secret_path))
def test__errors_when_filesystem_value_cannot_be_decoded(self): self.write_secret() write_text_file(security.get_shared_secret_filesystem_path(), "_") self.assertRaises(binascii.Error, security.get_shared_secret_from_filesystem)
def test__errors_reading_file_are_raised(self): self.write_secret() secret_path = security.get_shared_secret_filesystem_path() chmod(secret_path, 0o000) self.assertRaises(IOError, security.get_shared_secret_from_filesystem)
def write_secret(self): secret = factory.make_bytes() secret_path = security.get_shared_secret_filesystem_path() makedirs(dirname(secret_path), exist_ok=True) write_text_file(secret_path, security.to_hex(secret)) return secret
def delete_secret(self): security._fernet_psk = None secret_file = security.get_shared_secret_filesystem_path() if os.path.isfile(secret_file): os.remove(secret_file)
def read_secret(self): secret_path = security.get_shared_secret_filesystem_path() secret_hex = read_text_file(secret_path) return security.to_bin(secret_hex)
def write_secret(self): secret = factory.make_bytes() secret_path = security.get_shared_secret_filesystem_path() secret_path.parent.mkdir(parents=True, exist_ok=True) secret_path.write_text(security.to_hex(secret)) return secret
def delete_secret(self): security._fernet_psk = None secret_file = security.get_shared_secret_filesystem_path() if secret_file.exists(): secret_file.unlink()