def test_encrypt_aes_v1(self):
iv = utils.base64_url_decode('KvsOJmE4JNK1HwKSpkBeRw')
block = utils.base64_url_decode('6lf4FGVyhDRnRhJ91TrahjIW8lTqGA')
key = utils.base64_url_decode(
'pAZmcxEoV2chXsFQ6bzn7Lop8yO4F8ERIuS7XpFtr7Y')
enc = crypto.encrypt_aes_v1(block, key, iv)
encoded = utils.base64_url_encode(enc)
self.assertEqual(
encoded,
'KvsOJmE4JNK1HwKSpkBeR5R9YDms86uOb3wjNvc4LbUnZhKQtDxWifgA99tH2ZuP')
def register_record(record, key_type=None):
# type: (record.Record, int or None) -> bytes
data = {
'title': record.title or '',
'secret1': record.login or '',
'secret2': record.password or '',
'link': record.login_url or '',
'notes': record.notes or '',
'custom': record.custom_fields or '',
'folder': record.folder or ''
}
extra = None
udata = None
if record.attachments:
extra = {'files': record.attachments}
udata = {'file_id': [x['id'] for x in record.attachments]}
record_key = api.generate_aes_key() if key_type != 0 else _USER_DATA_KEY
rec_object = {
'record_uid': record.record_uid,
'revision': record.revision if
(0 < record.revision <= _REVISION) else _REVISION,
'version': 2 if key_type != 0 else 1,
'shared': key_type not in [0, 1],
'data': api.encrypt_aes(json.dumps(data).encode('utf-8'), record_key),
}
if extra:
rec_object['extra'] = api.encrypt_aes(
json.dumps(extra).encode('utf-8'), record_key)
if udata:
rec_object['udata'] = udata
_RECORDS.append(rec_object)
meta_data = {
'record_uid': record.record_uid,
'owner': key_type in [0, 1],
'can_share': key_type == 1,
'can_edit': key_type == 1,
'record_key_type': key_type
}
if key_type == 0:
_RECORD_METADATA.append(meta_data)
if key_type == 1:
meta_data['record_key'] = utils.base64_url_encode(
crypto.encrypt_aes_v1(record_key, _USER_DATA_KEY))
_RECORD_METADATA.append(meta_data)
elif key_type == 2:
meta_data['record_key'] = utils.base64_url_encode(
crypto.encrypt_rsa(record_key, _IMPORTED_PUBLIC_KEY))
_RECORD_METADATA.append(meta_data)
return record_key
def test_download_attachment_command(self):
params = get_synced_params()
cmd = recordv2.RecordDownloadAttachmentCommand()
records = [
x for x in params.record_cache.values()
if len(x['extra_unencrypted']) > 10
]
rec = records[0]
record_uid = rec['record_uid']
extra = json.loads(rec['extra_unencrypted'].decode('utf-8'))
attachments = {
} # type: dict[any, tuple[attachment.AttachmentDownloadRequest, bytes]]
for file in extra['files']:
atta_id = file['id'] # type: str
key = utils.base64_url_decode(file['key'])
body_encoded = crypto.encrypt_aes_v1(os.urandom(file['size']), key)
rq = attachment.AttachmentDownloadRequest()
rq.title = 'Title'
rq.url = f'https://keepersecurity.com/files/{atta_id}'
rq.is_gcm_encrypted = False
rq.encryption_key = key
attachments[atta_id] = (rq, body_encoded)
def prepare_download(params, record_uid):
return (x[0] for x in attachments.values())
def requests_get(url, **kwargs):
body = next(
(x[1] for x in attachments.values() if x[0].url == url), None)
if not body:
raise Exception(f'URL \"{url}\" not found.')
rs = mock.Mock()
rs.status_code = 200
stream = io.BytesIO(body)
rs.raw = stream
rs.__enter__ = mock.Mock(return_value=rs)
rs.__exit__ = mock.Mock(return_value=None)
return rs
with mock.patch('keepercommander.attachment.prepare_attachment_download', side_effect=prepare_download), \
mock.patch('requests.get', side_effect=requests_get), \
mock.patch('builtins.open', mock.mock_open()), \
mock.patch('os.path.abspath', return_value='/file_name'):
cmd.execute(params, record=record_uid)
def get_enterprise_data(params):
# type: (KeeperParams) -> dict
encrypted_tree_key = crypto.encrypt_aes_v1(_TREE_KEY, params.data_key) \
if _USE_DATA_KEY else crypto.encrypt_rsa(_TREE_KEY, _VAULT_ENV.public_key)
tree_key_type = 1 if _USE_DATA_KEY else 2
rs = {
'result': 'success',
'result_code': '',
'message': '',
'enterprise_name': 'Enterprise 1',
'tree_key': utils.base64_url_encode(encrypted_tree_key),
'key_type_id': tree_key_type
}
rs['nodes'] = [
{
'node_id': _NODE1_ID,
'encrypted_data': api.encrypt_aes(json.dumps({}).encode('utf-8'), _TREE_KEY)
},
{
'node_id': _NODE2_ID,
'parent_id': _NODE1_ID,
'encrypted_data': api.encrypt_aes(json.dumps({'displayname': 'Sub node 1'}).encode('utf-8'), _TREE_KEY)
}
]
rs['users'] = [
{
'enterprise_user_id': _USER1_ID,
'node_id': _NODE1_ID,
'username': params.user,
'encrypted_data': api.encrypt_aes(json.dumps({'displayname': 'User 1'}).encode('utf-8'), _TREE_KEY),
'status': 'active',
'lock': 0
},
{
'enterprise_user_id': _USER2_ID,
'node_id': _NODE2_ID,
'username': _USER2_EMAIL,
'encrypted_data': api.encrypt_aes(json.dumps({'displayname': 'User 2'}).encode('utf-8'), _TREE_KEY),
'status': 'active',
'lock': 1
}
]
rs['roles'] = [
{
'role_id': _ROLE1_ID,
'node_id': _NODE1_ID,
'encrypted_data': api.encrypt_aes(json.dumps({'displayname': _ROLE1_NAME}).encode('utf-8'), _TREE_KEY),
'visible_below': True,
'new_user_inherit': True
}
]
rs['managed_nodes'] = [
{
'role_id': _ROLE1_ID,
'managed_node_id': _NODE1_ID,
'cascade_node_management': True,
}
]
rs['role_users'] = [
{
'role_id': _ROLE1_ID,
'enterprise_user_id': _USER1_ID
}
]
rs['teams'] = [
{
'team_uid': _TEAM1_UID,
'name': _TEAM1_NAME,
'node_id': _NODE1_ID,
'restrict_sharing': False,
'restrict_edit': False,
'restrict_view': False,
},
{
'team_uid': _TEAM2_UID,
'name': _TEAM2_NAME,
'node_id': _NODE1_ID,
'restrict_sharing': False,
'restrict_edit': False,
'restrict_view': False,
}
]
rs['team_users'] = [
{
'team_uid': _TEAM1_UID,
'enterprise_user_id': _USER1_ID,
'user_type': 1
},
{
'team_uid': _TEAM1_UID,
'enterprise_user_id': _USER2_ID,
'user_type': 1
}
]
return rs