def test_01_default_security_module(self): config = current_app.config hsm = DefaultSecurityModule({"file": config.get("PI_ENCFILE")}) hsm.setup_module({"file": config.get("PI_ENCFILE")}) self.assertTrue(hsm is not None, hsm) self.assertTrue(hsm.secFile is not None, hsm.secFile) self.assertTrue(hsm.is_ready)
def test_07_encrypted_key_file(self): config = current_app.config hsm = DefaultSecurityModule({"file": config.get("PI_ENCFILE_ENC"), "crypted": True}) # The HSM is not ready, since the file is crypted and we did not # provide the password, yet self.assertFalse(hsm.is_ready) # Now, provide the password, that will decrypt the encrypted file # But the password is missing self.assertRaises(Exception, hsm.setup_module, {}) # As long as the HSM is not ready, we can not encrypt and not decrypt self.assertRaises(Exception, hsm.encrypt, "data", "iv") self.assertRaises(Exception, hsm.decrypt, "data", "iv") # If we provide a wrong password, that decryption will fail with a # unicode error and an exception is raised. self.assertRaises(Exception, hsm.setup_module, {"password": "******"}) # Now we provide the password hsm.setup_module({"password": "******"}) self.assertTrue(hsm.is_ready) self.assertTrue(0 in hsm.secrets, hsm.secrets) self.assertTrue(1 in hsm.secrets, hsm.secrets) self.assertTrue(2 in hsm.secrets, hsm.secrets) # test _get_secret # this raises an exception, that the file does not contain a 4th key self.assertRaises(Exception, hsm._get_secret, 4) # calling the same slot two times, returns the cache the second time self.assertTrue(hsm._get_secret(2)) self.assertTrue(hsm._get_secret(2))