def test_chap_encryption(self):
private_key = rsa.generate_private_key(public_exponent=65537,
key_size=2048,
backend=default_backend())
priv_pem = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.TraditionalOpenSSL,
encryption_algorithm=serialization.NoEncryption())
priv_key_file = tempfile.mkstemp()
with open(priv_key_file[1], "wb") as kf:
kf.write(priv_pem)
pub_pem = private_key.public_key().public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo)
pub_key_file = tempfile.mkstemp()
with open(pub_key_file[1], "wb") as kf:
kf.write(pub_pem)
settings.config.priv_key = priv_key_file[1]
settings.config.pub_key = pub_key_file[1]
settings.config.ceph_config_dir = ""
chap = CHAP("username", "passwordverylonglong", False)
encrypted_password = chap.encrypted_password(True)
chap2 = CHAP(chap.user, encrypted_password, True)
self.assertEqual(chap2.user, "username")
self.assertEqual(chap2.password, "passwordverylonglong")
self.assertEqual(chap2.password_str, encrypted_password)
self.assertNotEqual(encrypted_password, "passwordverylonglong")
def set_discovery_auth_config(username, password, mutual_username,
mutual_password, config):
encryption_enabled = encryption_available()
discovery_auth_config = {
'username': '',
'password': '',
'password_encryption_enabled': encryption_enabled,
'mutual_username': '',
'mutual_password': '',
'mutual_password_encryption_enabled': encryption_enabled
}
if username != '':
chap = CHAP(username, password, encryption_enabled)
chap_mutual = CHAP(mutual_username, mutual_password,
encryption_enabled)
discovery_auth_config['username'] = chap.user
discovery_auth_config['password'] = chap.encrypted_password(
encryption_enabled)
discovery_auth_config['mutual_username'] = chap_mutual.user
discovery_auth_config['mutual_password'] = \
chap_mutual.encrypted_password(encryption_enabled)
config.update_item('discovery_auth', '', discovery_auth_config)