コード例 #1
0
ファイル: test_gpg.py プロジェクト: unioslo/cerebrum
 def test_gnupg_encrypt_decrypt(self):
     """
     Tests GnuPG encryption and decryption
     """
     # test for unicode input
     ciphertext_for_unicode = gpgme_encrypt(
         message=self.rnd_password_unicode, recipient_key_id=self.recipient_key_id
     )
     ciphertext_for_unicode2 = gpgme_encrypt(
         message=self.rnd_password_unicode, recipient_key_id=self.recipient_key_id
     )
     # test for bytestring input
     ciphertext_for_str = gpgme_encrypt(message=self.rnd_password_str, recipient_key_id=self.recipient_key_id)
     # test for decrypt of unicode
     self.assertEqual(
         self.rnd_password_unicode,
         gpgme_decrypt(ciphertext_for_unicode).decode("utf-8"),
         "Unicode string not properly decrypted",
     )
     # test decrypt for bytesstring
     self.assertEqual(self.rnd_password_str, gpgme_decrypt(ciphertext_for_str), "Bytestring not properly decrypted")
     # theoretical and HIGHLY improbable chance for failure
     # when GnuPG and the OS work properly
     # The same input encrypted twice should NOT result
     # in identical ciphertext
     self.assertNotEqual(ciphertext_for_unicode, ciphertext_for_unicode2, "Weak cryptography")
     self.assertEqual(
         gpgme_decrypt(ciphertext_for_unicode),
         gpgme_decrypt(ciphertext_for_unicode2),
         "Identical input should result in identical decrypt",
     )
コード例 #2
0
ファイル: test_gpg.py プロジェクト: chrnux/cerebrum
 def test_gnupg_encrypt_decrypt(self):
     """
     Tests GnuPG encryption and decryption
     """
     # test for unicode input
     ciphertext_for_unicode = gpgme_encrypt(
         message=self.rnd_password_unicode,
         recipient_key_id=self.recipient_key_id)
     ciphertext_for_unicode2 = gpgme_encrypt(
         message=self.rnd_password_unicode,
         recipient_key_id=self.recipient_key_id)
     # test for bytestring input
     ciphertext_for_str = gpgme_encrypt(
         message=self.rnd_password_str,
         recipient_key_id=self.recipient_key_id)
     # test for decrypt of unicode
     self.assertEqual(self.rnd_password_unicode,
                      gpgme_decrypt(ciphertext_for_unicode).decode('utf-8'),
                      'Unicode string not properly decrypted')
     # test decrypt for bytesstring
     self.assertEqual(self.rnd_password_str,
                      gpgme_decrypt(ciphertext_for_str),
                      'Bytestring not properly decrypted')
     # theoretical and HIGHLY improbable chance for failure
     # when GnuPG and the OS work properly
     # The same input encrypted twice should NOT result
     # in identical ciphertext
     self.assertNotEqual(ciphertext_for_unicode, ciphertext_for_unicode2,
                         'Weak cryptography')
     self.assertEqual(gpgme_decrypt(ciphertext_for_unicode),
                      gpgme_decrypt(ciphertext_for_unicode2),
                      'Identical input should result in identical decrypt')
コード例 #3
0
ファイル: test_ad2_ADSync.py プロジェクト: unioslo/cerebrum
 def test_password_gpgme_encrypt(self):
     """
     Test GnuPG and plaintext passwords
     """
     for account in self._accounts:
         self._ac.clear()
         self._ac.find(account["entity_id"])
         self._ac.set_password(self.rnd_password_str)
         self._ac.write_db()
         passwd_events = filter(
             lambda x: bool(
                 x["subject_entity"] == self._ac.entity_id and x["change_type_id"] == self._co.account_password
             ),
             self._db.messages,
         )
         self.assertTrue(bool(passwd_events), "No password event registered")
         self.assertIn("change_params", passwd_events[0], "No change_params in password event")
         change_params = pickle.loads(passwd_events[-1]["change_params"])
         self.assertIsInstance(change_params, dict, "change_params is not a dictionary")
         self.assertIn("password", change_params, "No password-key in change_params")
         stored_password = change_params["password"]
         if hasattr(cereconf, "PASSWORD_GPG_RECIPIENT_ID"):
             # tests when encryption should be performed
             self.assertTrue(stored_password.startswith("GPG:"), "Password not encrypted")
             # test decryption
             self.assertEqual(
                 gpgme_decrypt(base64.b64decode(stored_password[4:])),
                 self.rnd_password_str,
                 'Unable to decrypt password "{0}" != "{1}"'.format(
                     gpgme_decrypt(stored_password), self.rnd_password_str
                 ),
             )
         else:
             # tests when no encryption is performed
             self.assertIn(self.rnd_password_str, stored_password, "Password not stored")
コード例 #4
0
def test_password_gpgme_encrypt(cereconf, database, const, ad_account):
    """
    Test GnuPG and plaintext passwords
    """
    # Note: Requires old cl implementation
    password_str = u'some password'
    ac = ad_account
    ac.set_password(password_str)
    ac.write_db()
    passwd_events = filter(
        lambda x: bool(
            x['subject_entity'] == ac.entity_id and
            x['change_type_id'] == const.account_password),
        database.messages)
    assert bool(passwd_events)  # or no password events registered
    assert 'change_params' in passwd_events[-1]  # or change_params missing

    change_params = pickle.loads(passwd_events[-1]['change_params'])

    assert isinstance(change_params, dict)  # bad change_params value
    assert 'password' in change_params  # missing password param

    stored_password = change_params['password']

    if hasattr(cereconf, 'PASSWORD_GPG_RECIPIENT_ID'):
        # tests when encryption should be performed
        assert stored_password.startswith('GPG:')
        # test decryption
        assert (
            gpgme_decrypt(
                base64.b64decode(stored_password[4:])
            ) == password_str)
    else:
        # tests when no encryption is performed
        assert password_str in stored_password
コード例 #5
0
ファイル: test_ad2_ADSync.py プロジェクト: chrnux/cerebrum
 def test_password_gpgme_encrypt(self):
     """
     Test GnuPG and plaintext passwords
     """
     for account in self._accounts:
         self._ac.clear()
         self._ac.find(account['entity_id'])
         self._ac.set_password(self.rnd_password_str)
         self._ac.write_db()
         passwd_events = filter(
             lambda x: bool(
                 x['subject_entity'] == self._ac.entity_id and
                 x['change_type_id'] == self._co.account_password),
             self._db.messages)
         self.assertTrue(bool(passwd_events),
                         'No password event registered')
         self.assertIn('change_params',
                       passwd_events[0],
                       'No change_params in password event')
         change_params = pickle.loads(passwd_events[-1]['change_params'])
         self.assertIsInstance(change_params,
                               dict,
                               'change_params is not a dictionary')
         self.assertIn('password',
                       change_params,
                       'No password-key in change_params')
         stored_password = change_params['password']
         if hasattr(cereconf, 'PASSWORD_GPG_RECIPIENT_ID'):
             # tests when encryption should be performed
             self.assertTrue(stored_password.startswith('GPG:'),
                             'Password not encrypted')
             # test decryption
             self.assertEqual(
                 gpgme_decrypt(base64.b64decode(stored_password[4:])),
                 self.rnd_password_str,
                 'Unable to decrypt password "{0}" != "{1}"'.format(
                     gpgme_decrypt(stored_password),
                     self.rnd_password_str))
         else:
             # tests when no encryption is performed
             self.assertIn(self.rnd_password_str,
                           stored_password,
                           'Password not stored')
コード例 #6
0
ファイル: test_ad2_ADSync.py プロジェクト: unioslo/cerebrum
 def test_password_gpgme_encrypt(self):
     """
     Test GnuPG and plaintext passwords
     """
     for account in self._accounts:
         self._ac.clear()
         self._ac.find(account['entity_id'])
         self._ac.set_password(self.rnd_password_str)
         self._ac.write_db()
         passwd_events = filter(
             lambda x: bool(
                 x['subject_entity'] == self._ac.entity_id and
                 x['change_type_id'] == self._co.account_password),
             self._db.messages)
         self.assertTrue(bool(passwd_events),
                         'No password event registered')
         self.assertIn('change_params',
                       passwd_events[0],
                       'No change_params in password event')
         change_params = pickle.loads(passwd_events[-1]['change_params'])
         self.assertIsInstance(change_params,
                               dict,
                               'change_params is not a dictionary')
         self.assertIn('password',
                       change_params,
                       'No password-key in change_params')
         stored_password = change_params['password']
         if hasattr(cereconf, 'PASSWORD_GPG_RECIPIENT_ID'):
             # tests when encryption should be performed
             self.assertTrue(stored_password.startswith('GPG:'),
                             'Password not encrypted')
             # test decryption
             self.assertEqual(
                 gpgme_decrypt(base64.b64decode(stored_password[4:])),
                 self.rnd_password_str,
                 'Unable to decrypt password "{0}" != "{1}"'.format(
                     gpgme_decrypt(stored_password),
                     self.rnd_password_str))
         else:
             # tests when no encryption is performed
             self.assertIn(self.rnd_password_str,
                           stored_password,
                           'Password not stored')