def test_write_invalid(self):
"""
Test that a ValueError gets raised when required Decrypt response
payload attributes are missing when encoding the payload.
"""
payload = payloads.DecryptResponsePayload()
self.assertIsNone(payload.unique_identifier)
stream = utils.BytearrayStream()
args = (stream, )
self.assertRaisesRegex(
ValueError,
"invalid payload missing the unique identifier attribute",
payload.write,
*args
)
payload = payloads.DecryptResponsePayload(
unique_identifier='b4faee10-aa2a-4446-8ad4-0881f3422959'
)
stream = utils.BytearrayStream()
args = (stream, )
self.assertRaisesRegex(
ValueError,
"invalid payload missing the data attribute",
payload.write,
*args
)
def test_not_equal_on_not_equal_data(self):
"""
Test that the inequality operator returns True when comparing two
Decrypt response payloads with different data.
"""
a = payloads.DecryptResponsePayload(data=b'\x11')
b = payloads.DecryptResponsePayload(data=b'\xFF')
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_not_equal_on_not_equal_unique_identifier(self):
"""
Test that the inequality operator returns True when comparing two
Decrypt response payloads with different unique identifiers.
"""
a = payloads.DecryptResponsePayload(unique_identifier='a')
b = payloads.DecryptResponsePayload(unique_identifier='b')
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_read_invalid(self):
"""
Test that a ValueError gets raised when required Decrypt response
payload attributes are missing from the payload encoding.
"""
payload = payloads.DecryptResponsePayload()
args = (self.empty_encoding, )
self.assertRaisesRegex(
ValueError,
"invalid payload missing the unique identifier attribute",
payload.read, *args)
payload = payloads.DecryptResponsePayload()
args = (self.incomplete_encoding, )
self.assertRaisesRegex(ValueError,
"invalid payload missing the data attribute",
payload.read, *args)
def test_invalid_data(self):
"""
Test that a TypeError is raised when an invalid value is used to set
the data of a Decrypt response payload.
"""
payload = payloads.DecryptResponsePayload()
args = (payload, 'data', 0)
self.assertRaisesRegex(TypeError, "data must be bytes", setattr, *args)
def test_init(self):
"""
Test that an Decrypt response payload can be constructed with no
arguments.
"""
payload = payloads.DecryptResponsePayload()
self.assertEqual(None, payload.unique_identifier)
self.assertEqual(None, payload.data)
def test_invalid_unique_identifier(self):
"""
Test that a TypeError is raised when an invalid value is used to set
the unique identifier of a Decrypt response payload.
"""
payload = payloads.DecryptResponsePayload()
args = (payload, 'unique_identifier', 0)
self.assertRaisesRegex(TypeError, "unique identifier must be a string",
setattr, *args)
def test_not_equal_on_type_mismatch(self):
"""
Test that the inequality operator returns True when comparing two
Decrypt response payloads with different types.
"""
a = payloads.DecryptResponsePayload()
b = 'invalid'
self.assertTrue(a != b)
self.assertTrue(b != a)
def test_decrypt(self, send_mock, build_mock):
"""
Test that the client can decrypt data.
"""
payload = payloads.DecryptResponsePayload(
unique_identifier='1',
data=(
b'\x37\x36\x35\x34\x33\x32\x31\x20'
b'\x4E\x6F\x77\x20\x69\x73\x20\x74'
b'\x68\x65\x20\x74\x69\x6D\x65\x20'
b'\x66\x6F\x72\x20\x00'
)
)
batch_item = ResponseBatchItem(
operation=Operation(OperationEnum.DECRYPT),
result_status=ResultStatus(ResultStatusEnum.SUCCESS),
response_payload=payload
)
response = ResponseMessage(batch_items=[batch_item])
build_mock.return_value = None
send_mock.return_value = response
result = self.client.decrypt(
(
b'\x6B\x77\xB4\xD6\x30\x06\xDE\xE6'
b'\x05\xB1\x56\xE2\x74\x03\x97\x93'
b'\x58\xDE\xB9\xE7\x15\x46\x16\xD9'
b'\x74\x9D\xEC\xBE\xC0\x5D\x26\x4B'
),
unique_identifier='1',
cryptographic_parameters=CryptographicParameters(
block_cipher_mode=enums.BlockCipherMode.CBC,
padding_method=enums.PaddingMethod.PKCS5,
cryptographic_algorithm=enums.CryptographicAlgorithm.BLOWFISH
),
iv_counter_nonce=b'\xFE\xDC\xBA\x98\x76\x54\x32\x10'
)
self.assertEqual('1', result.get('unique_identifier'))
self.assertEqual(
(
b'\x37\x36\x35\x34\x33\x32\x31\x20'
b'\x4E\x6F\x77\x20\x69\x73\x20\x74'
b'\x68\x65\x20\x74\x69\x6D\x65\x20'
b'\x66\x6F\x72\x20\x00'
),
result.get('data')
)
self.assertEqual(
ResultStatusEnum.SUCCESS,
result.get('result_status')
)
self.assertEqual(None, result.get('result_reason'))
self.assertEqual(None, result.get('result_message'))
def test_not_equal_on_equal(self):
"""
Test that the inequality operator returns False when comparing two
Decrypt response payloads with the same data.
"""
a = payloads.DecryptResponsePayload()
b = payloads.DecryptResponsePayload()
self.assertFalse(a != b)
self.assertFalse(b != a)
a = payloads.DecryptResponsePayload(
unique_identifier='b4faee10-aa2a-4446-8ad4-0881f3422959',
data=b'\x01\x23\x45\x67\x89\xAB\xCD\xEF')
b = payloads.DecryptResponsePayload(
unique_identifier='b4faee10-aa2a-4446-8ad4-0881f3422959',
data=b'\x01\x23\x45\x67\x89\xAB\xCD\xEF')
self.assertFalse(a != b)
self.assertFalse(b != a)
def _process_decrypt_patched(self, payload):
self._logger.info("Processing operation: Decrypt")
unique_identifier = self._id_placeholder
if payload.unique_identifier:
unique_identifier = payload.unique_identifier
# The KMIP spec does not indicate that the Decrypt operation should
# have it's own operation policy entry. Rather, the cryptographic
# usage mask should be used to determine if the object can be used
# to decrypt data (see below).
managed_object = self._get_object_with_access_controls(
unique_identifier, enums.Operation.GET)
cryptographic_parameters = payload.cryptographic_parameters
if cryptographic_parameters is None:
# Monkey patched here -- rather than exception, we set to default params.
default_crypto_params = CryptographicParameters(
block_cipher_mode=enums.BlockCipherMode.CBC,
padding_method=enums.PaddingMethod.PKCS5,
cryptographic_algorithm=enums.CryptographicAlgorithm.AES,
)
cryptographic_parameters = default_crypto_params
if managed_object._object_type != enums.ObjectType.SYMMETRIC_KEY:
raise exceptions.PermissionDenied(
"The requested decryption key is not a symmetric key. "
"Only symmetric decryption is currently supported.")
if managed_object.state != enums.State.ACTIVE:
raise exceptions.PermissionDenied(
"The decryption key must be in the Active state to be used "
"for decryption.")
masks = managed_object.cryptographic_usage_masks
if enums.CryptographicUsageMask.DECRYPT not in masks:
raise exceptions.PermissionDenied(
"The Decrypt bit must be set in the decryption key's "
"cryptographic usage mask.")
result = self._cryptography_engine.decrypt(
cryptographic_parameters.cryptographic_algorithm,
managed_object.value,
payload.data,
cipher_mode=cryptographic_parameters.block_cipher_mode,
padding_method=cryptographic_parameters.padding_method,
iv_nonce=payload.iv_counter_nonce,
auth_additional_data=payload.auth_additional_data,
auth_tag=payload.auth_tag,
)
response_payload = payloads.DecryptResponsePayload(
unique_identifier, result)
return response_payload
def test_init_with_args(self):
"""
Test that a Decrypt response payload can be constructed with valid
values
"""
payload = payloads.DecryptResponsePayload(
unique_identifier='00000000-1111-2222-3333-444444444444',
data=b'\x01\x02\x03')
self.assertEqual('00000000-1111-2222-3333-444444444444',
payload.unique_identifier)
self.assertEqual(b'\x01\x02\x03', payload.data)
def test_write(self):
"""
Test that a Decrypt response payload can be written to a data stream.
"""
payload = payloads.DecryptResponsePayload(
unique_identifier='b4faee10-aa2a-4446-8ad4-0881f3422959',
data=b'\x01\x23\x45\x67\x89\xAB\xCD\xEF')
stream = utils.BytearrayStream()
payload.write(stream)
self.assertEqual(len(self.full_encoding), len(stream))
self.assertEqual(str(self.full_encoding), str(stream))
def test_read(self):
"""
Test that a Decrypt response payload can be read from a data stream.
"""
payload = payloads.DecryptResponsePayload()
self.assertEqual(None, payload.unique_identifier)
self.assertEqual(None, payload.data)
payload.read(self.full_encoding)
self.assertEqual('b4faee10-aa2a-4446-8ad4-0881f3422959',
payload.unique_identifier)
self.assertEqual(b'\x01\x23\x45\x67\x89\xAB\xCD\xEF', payload.data)
def test_repr(self):
"""
Test that repr can be applied to a Decrypt response payload.
"""
payload = payloads.DecryptResponsePayload(
unique_identifier='b4faee10-aa2a-4446-8ad4-0881f3422959',
data=b'\x01\x23\x45\x67\x89\xAB\xCD\xEF')
expected = (
"DecryptResponsePayload("
"unique_identifier='b4faee10-aa2a-4446-8ad4-0881f3422959', "
"data=" + str(b'\x01\x23\x45\x67\x89\xAB\xCD\xEF') + ")")
observed = repr(payload)
self.assertEqual(expected, observed)
def test_str(self):
"""
Test that str can be applied to a Decrypt response payload
"""
payload = payloads.DecryptResponsePayload(
unique_identifier='b4faee10-aa2a-4446-8ad4-0881f3422959',
data=b'\x01\x23\x45\x67\x89\xAB\xCD\xEF')
expected = str({
'unique_identifier': 'b4faee10-aa2a-4446-8ad4-0881f3422959',
'data': b'\x01\x23\x45\x67\x89\xAB\xCD\xEF'
})
observed = str(payload)
self.assertEqual(expected, observed)
def _create_decrypt_payload(self):
return payloads.DecryptResponsePayload()
