def test_rsa_provider_init_invalid_passphrase(self):
private_key = RSA.generate(2048)
public_key = private_key.publickey()
passphrase = random_string(6)
invalid_passphrase = random_string(8)
with open('./rsa-test.private_key.pem', 'wb') as f:
f.write(private_key.exportKey(passphrase=passphrase))
with open('./rsa-test.public_key.pem', 'wb') as f:
f.write(public_key.exportKey(passphrase=passphrase))
self.assertRaises(ClientError,
LocalRsaProvider,
dir='./',
key='rsa-test',
passphrase=invalid_passphrase)
silently_remove('./rsa-test.public_key.pem')
silently_remove('./rsa-test.private_key.pem')
private_key_str = RsaKey.exportKey(private_key, passphrase=passphrase)
public_key_str = RsaKey.exportKey(public_key, passphrase=passphrase)
self.assertRaises(ClientError,
RsaProvider,
key_pair={
'private_key': private_key_str,
'public_key': public_key_str
},
passphrase=invalid_passphrase)
def test_rsa_provider_init_invalid_keys(self):
private_key = RSA.generate(2048)
public_key = private_key.publickey()
# 这个地方修改private_key的内容
private_key = random_string(2048)
with open('./rsa-test.private_key.pem', 'wb') as f:
f.write(oss2.to_bytes(private_key))
with open('./rsa-test.public_key.pem', 'wb') as f:
f.write(public_key.exportKey())
self.assertRaises(ClientError,
LocalRsaProvider,
dir='./',
key='rsa-test')
silently_remove('./rsa-test.public_key.pem')
silently_remove('./rsa-test.private_key.pem')
self.assertRaises(ClientError,
RsaProvider,
key_pair={
'private_key': private_key,
'public_key': public_key
})
def test_rsa_basic(self):
silently_remove('./rsa-test.public_key.pem')
silently_remove('./rsa-test.private_key.pem')
crypto = LocalRsaProvider(dir='./', key='rsa-test', passphrase='1234')
with patch.object(oss2.utils,
'random_aes256_key',
return_value=unittests.common.fixed_aes_key,
autospect=True):
with patch.object(oss2.utils,
'random_counter',
return_value=unittests.common.fixed_aes_start,
autospect=True):
crypto.get_key()
crypto.get_start()
header = crypto.build_header()
self.assertEqual(
unittests.common.fixed_aes_key,
crypto.decrypt_oss_meta_data(header,
'x-oss-meta-oss-crypto-key'))
self.assertEqual(
unittests.common.fixed_aes_start,
crypto.decrypt_oss_meta_data(
header, 'x-oss-meta-oss-crypto-start',
lambda x: int(x)))
self.assertEqual(None,
crypto.decrypt_oss_meta_data(header, '1231'))
silently_remove('./rsa-test.public_key.pem')
silently_remove('./rsa-test.private_key.pem')
def test_crypto_get_compact_deprecated_rsa(self, do_request):
utils.silently_remove('./rsa-test.public_key.pem')
utils.silently_remove('./rsa-test.private_key.pem')
with open("./rsa-test.private_key.pem", 'wb') as f:
f.write(oss2.to_bytes(private_key_compact))
with open("./rsa-test.public_key.pem", 'wb') as f:
f.write(oss2.to_bytes(public_key_compact))
content = b'a' * 1024 * 1024
encrypted_rsa_path = "tests/deprecated_encrypted_1MB_a_rsa"
encrypted_meta_rsa_path = "tests/deprecated_encrypted_1MB_a_meta_rsa.json"
with open(encrypted_rsa_path, 'rb') as f:
encrypted_content = f.read()
with open(encrypted_meta_rsa_path, 'r') as f:
meta = json.loads(f.read())
key = random_string(10)
provider = oss2.LocalRsaProvider(dir='./', key='rsa-test')
request_text, response_text = make_get_encrypted_object_compact_deprecated(
key, encrypted_content, meta)
req_info = unittests.common.mock_response(do_request, response_text)
result = unittests.common.bucket(provider).get_object(key)
self.assertRequest(req_info, request_text)
self.assertEqual(result.read(), content)
utils.silently_remove('./rsa-test.public_key.pem')
utils.silently_remove('./rsa-test.private_key.pem')
def test_rsa_provider_init_keys_not_exist(self):
silently_remove('./rsa-test.public_key.pem')
silently_remove('./rsa-test.private_key.pem')
provider = LocalRsaProvider(dir='./', key='rsa-test')
self.assertTrue(os.path.exists('./rsa-test.public_key.pem'))
self.assertTrue(os.path.exists('./rsa-test.private_key.pem'))
silently_remove('./rsa-test.public_key.pem')
silently_remove('./rsa-test.private_key.pem')
def test_rsa_provider_basic(self):
silently_remove('./rsa-test.public_key.pem')
silently_remove('./rsa-test.private_key.pem')
provider = LocalRsaProvider(dir='./',
key='rsa-test',
passphrase=random_string(8))
self.assertEqual(provider.wrap_alg,
"RSA/NONE/OAEPWithSHA-1AndMGF1Padding")
self.assertEqual(provider.cipher.alg, "AES/CTR/NoPadding")
plain_key = provider.get_key()
self.assertEqual(len(plain_key), provider.cipher.key_len)
plain_iv = provider.get_iv()
with patch.object(oss2.utils,
'random_key',
return_value=plain_key,
autospect=True):
with patch.object(oss2.utils,
'random_iv',
return_value=plain_iv,
autospect=True):
content_crypto_material = provider.create_content_material()
self.assertFalse(content_crypto_material.is_unencrypted())
decrypted_key = provider.decrypt_encrypted_key(
content_crypto_material.encrypted_key)
decrypted_iv = provider.decrypt_encrypted_iv(
content_crypto_material.encrypted_iv)
self.assertEqual(plain_key, decrypted_key)
self.assertEqual(plain_iv, decrypted_iv)
silently_remove('./rsa-test.public_key.pem')
silently_remove('./rsa-test.private_key.pem')
provider = RsaProvider(key_pair=key_pair, passphrase=random_string(8))
self.assertEqual(provider.wrap_alg, "RSA/NONE/PKCS1Padding")
self.assertEqual(provider.cipher.alg, "AES/CTR/NoPadding")
plain_key = provider.get_key()
self.assertEqual(len(plain_key), provider.cipher.key_len)
plain_iv = provider.get_iv()
with patch.object(oss2.utils,
'random_key',
return_value=plain_key,
autospect=True):
with patch.object(oss2.utils,
'random_iv',
return_value=plain_iv,
autospect=True):
content_crypto_material = provider.create_content_material()
self.assertFalse(content_crypto_material.is_unencrypted())
decrypted_key = provider.decrypt_encrypted_key(
content_crypto_material.encrypted_key)
decrypted_iv = provider.decrypt_encrypted_iv(
content_crypto_material.encrypted_iv)
self.assertEqual(plain_key, decrypted_key)
self.assertEqual(plain_iv, decrypted_iv)
def test_rsa_with_error_parameter(self):
silently_remove('./rsa-test.public_key.pem')
silently_remove('./rsa-test.private_key.pem')
crypto = LocalRsaProvider(dir='./', key='rsa-test', passphrase='1234')
self.assertRaises(ClientError, LocalRsaProvider, dir='./', key='rsa-test')
silently_remove('./rsa-test.public_key.pem')
silently_remove('./rsa-test.private_key.pem')
def test_rsa_with_error_parameter(self):
silently_remove('./rsa-test.public_key.pem')
silently_remove('./rsa-test.private_key.pem')
crypto = LocalRsaProvider(dir='./', key='rsa-test', passphrase='1234')
self.assertRaises(ClientError,
LocalRsaProvider,
dir='./',
key='rsa-test')
silently_remove('./rsa-test.public_key.pem')
silently_remove('./rsa-test.private_key.pem')
def test_rsa_basic(self):
silently_remove('./rsa-test.public_key.pem')
silently_remove('./rsa-test.private_key.pem')
crypto = LocalRsaProvider(dir='./', key='rsa-test', passphrase='1234')
with patch.object(oss2.utils, 'random_aes256_key', return_value=unittests.common.fixed_aes_key, autospect=True):
with patch.object(oss2.utils, 'random_counter', return_value=unittests.common.fixed_aes_start, autospect=True):
crypto.get_key()
crypto.get_start()
header = crypto.build_header()
self.assertEqual(unittests.common.fixed_aes_key, crypto.decrypt_oss_meta_data(header, 'x-oss-meta-oss-crypto-key'))
self.assertEqual(unittests.common.fixed_aes_start, crypto.decrypt_oss_meta_data(header, 'x-oss-meta-oss-crypto-start', lambda x:int(x)))
self.assertEqual(None, crypto.decrypt_oss_meta_data(header, '1231'))
silently_remove('./rsa-test.public_key.pem')
silently_remove('./rsa-test.private_key.pem')
def test_rsa_adapter(self):
silently_remove('./rsa-test.public_key.pem')
silently_remove('./rsa-test.private_key.pem')
content = b'1234'*10
rsa = LocalRsaProvider(dir='./', key='rsa-test', passphrase='1234')
key = rsa.get_key()
start = rsa.get_start()
adapter = rsa.make_encrypt_adapter(content, key, start)
encrypt_content = adapter.read()
self.assertNotEqual(content, encrypt_content)
adapter1 = rsa.make_decrypt_adapter(encrypt_content, key, start)
self.assertEqual(content, adapter1.read())
silently_remove('./rsa-test.public_key.pem')
silently_remove('./rsa-test.private_key.pem')
def test_rsa_adapter(self):
silently_remove('./rsa-test.public_key.pem')
silently_remove('./rsa-test.private_key.pem')
content = b'1234' * 10
rsa = LocalRsaProvider(dir='./', key='rsa-test', passphrase='1234')
key = rsa.get_key()
start = rsa.get_start()
adapter = rsa.make_encrypt_adapter(content, key, start)
encrypt_content = adapter.read()
self.assertNotEqual(content, encrypt_content)
adapter1 = rsa.make_decrypt_adapter(encrypt_content, key, start)
self.assertEqual(content, adapter1.read())
silently_remove('./rsa-test.public_key.pem')
silently_remove('./rsa-test.private_key.pem')
def test_rsa_provider_adapter(self):
silently_remove('./rsa-test.public_key.pem')
silently_remove('./rsa-test.private_key.pem')
provider = LocalRsaProvider(dir='./', key='rsa-test')
content = b'a' * random.randint(1, 100) * 1024
content_crypto_material = provider.create_content_material()
plain_key = provider.decrypt_encrypted_key(
content_crypto_material.encrypted_key)
plain_iv = provider.decrypt_encrypted_iv(
content_crypto_material.encrypted_iv)
cipher = content_crypto_material.cipher
stream_encrypted = provider.make_encrypt_adapter(content, cipher)
encrypted_content = stream_encrypted.read()
# reset cipher
cipher.initialize(plain_key, plain_iv)
stream_decrypted = provider.make_decrypt_adapter(
encrypted_content, cipher)
self.assertEqual(content, stream_decrypted.read())
silently_remove('./rsa-test.public_key.pem')
silently_remove('./rsa-test.private_key.pem')
provider = RsaProvider(key_pair)
content = b'b' * random.randint(1, 100) * 1024
content_crypto_material = provider.create_content_material()
plain_key = provider.decrypt_encrypted_key(
content_crypto_material.encrypted_key)
plain_iv = provider.decrypt_encrypted_iv(
content_crypto_material.encrypted_iv)
cipher = content_crypto_material.cipher
stream_encrypted = provider.make_encrypt_adapter(content, cipher)
encrypted_content = stream_encrypted.read()
# reset cipher
cipher.initialize(plain_key, plain_iv)
stream_decrypted = provider.make_decrypt_adapter(
encrypted_content, cipher)
self.assertEqual(content, stream_decrypted.read())
def test_local_rsa_provider_diff_keys(self):
silently_remove('./rsa-test.public_key.pem')
silently_remove('./rsa-test.private_key.pem')
silently_remove('./rsa-test-diff.public_key.pem')
silently_remove('./rsa-test-diff.private_key.pem')
provider = LocalRsaProvider(dir='./', key='rsa-test')
provider_diff = LocalRsaProvider(dir='./', key='rsa-test-diff')
plain_key = provider.get_key()
plain_iv = provider.get_iv()
with patch.object(oss2.utils,
'random_key',
return_value=plain_key,
autospect=True):
with patch.object(oss2.utils,
'random_iv',
return_value=plain_iv,
autospect=True):
content_crypto_material = provider.create_content_material()
self.assertFalse(content_crypto_material.is_unencrypted())
self.assertRaises(ClientError,
provider_diff.decrypt_encrypted_key,
content_crypto_material.encrypted_key)
self.assertRaises(ClientError,
provider_diff.decrypt_encrypted_iv,
content_crypto_material.encrypted_iv)
silently_remove('./rsa-test.public_key.pem')
silently_remove('./rsa-test.private_key.pem')
silently_remove('./rsa-test-diff.public_key.pem')
silently_remove('./rsa-test-diff.private_key.pem')
provider = RsaProvider(key_pair=key_pair)
provider_diff = RsaProvider(key_pair=key_pair_compact)
plain_key = provider.get_key()
plain_iv = provider.get_iv()
with patch.object(oss2.utils,
'random_key',
return_value=plain_key,
autospect=True):
with patch.object(oss2.utils,
'random_iv',
return_value=plain_iv,
autospect=True):
content_crypto_material = provider.create_content_material()
self.assertFalse(content_crypto_material.is_unencrypted())
self.assertRaises(ClientError,
provider_diff.decrypt_encrypted_key,
content_crypto_material.encrypted_key)
self.assertRaises(ClientError,
provider_diff.decrypt_encrypted_iv,
content_crypto_material.encrypted_iv)