def test_walk_and_encrypt_unencrypted(self): """Walk the branch with whitelisted leaves and verify they are untouched.""" m = mock.mock_open(read_data="""{ "str_unencrypted": "STRING", "list_unencrypted": ["A", "B"], "dict_unencrypted": { "key": "value" }, "foo": "bar" }""") # Verify data stays unencrypted upon encryption key = os.urandom(32) tree = OrderedDict() with mock.patch.object(builtins, 'open', m): tree = sops.load_file_into_tree('path', 'json') tree['sops'] = dict() crypttree = sops.walk_and_encrypt(OrderedDict(tree), key, isRoot=True) assert crypttree['str_unencrypted'] == 'STRING' assert crypttree['list_unencrypted'] == ['A', 'B'] assert crypttree['dict_unencrypted'] == {"key": "value"} assert crypttree['foo'].startswith("ENC[AES256_GCM,data:") # Verify we have a MAC and it includes unencrypted values assert tree['sops']['mac'].startswith("ENC[AES256_GCM,data:") empty_tree = OrderedDict() empty_tree['sops'] = dict() sops.walk_and_encrypt(OrderedDict(empty_tree), key, isRoot=True) tree_mac = sops.decrypt(tree['sops']['mac'], key, aad=tree['sops']['lastmodified'].encode('utf-8')) empty_tree_mac = sops.decrypt(empty_tree['sops']['mac'], key, aad=empty_tree['sops']['lastmodified'].encode('utf-8')) assert tree_mac != empty_tree_mac
def view(file): """ Display a file to stdout """ if sops.is_enc(file): sops.decrypt(file, inplace=False) else: with open(file, "r") as f: shutil.copyfileobj(f, sys.stdout)
def dec(file): """ Decrypt file to .yaml.dec file """ if not sops.is_enc(file): raise FileExistsError("file is not encrypted") with open(__decfile(file), "w") as of: sops.decrypt(file, inplace=False, outfile=of) return __decfile(file)
def test_encrypt_decrypt(self): """Test a roundtrip in the encryption/decryption code""" origin = "AAAAAAAA" key = os.urandom(32) aad = os.urandom(32) clearstr = sops.decrypt(sops.encrypt(origin, key, aad=aad), key, aad=aad) assert clearstr == origin
def test_walk_and_encrypt_unencrypted(self): """Walk the branch with whitelisted leaves and verify they are untouched.""" m = mock.mock_open(read_data="""{ "str_unencrypted": "STRING", "list_unencrypted": ["A", "B"], "dict_unencrypted": { "key": "value" }, "foo": "bar" }""") # Verify data stays unencrypted upon encryption key = os.urandom(32) tree = OrderedDict() with mock.patch.object(builtins, 'open', m): tree = sops.load_file_into_tree('path', 'json') tree['sops'] = dict() crypttree = sops.walk_and_encrypt(OrderedDict(tree), key, isRoot=True) assert crypttree['str_unencrypted'] == 'STRING' assert crypttree['list_unencrypted'] == ['A', 'B'] assert crypttree['dict_unencrypted'] == {"key": "value"} assert crypttree['foo'].startswith("ENC[AES256_GCM,data:") # Verify we have a MAC and it includes unencrypted values assert tree['sops']['mac'].startswith("ENC[AES256_GCM,data:") empty_tree = OrderedDict() empty_tree['sops'] = dict() sops.walk_and_encrypt(OrderedDict(empty_tree), key, isRoot=True) tree_mac = sops.decrypt( tree['sops']['mac'], key, aad=tree['sops']['lastmodified'].encode('utf-8')) empty_tree_mac = sops.decrypt( empty_tree['sops']['mac'], key, aad=empty_tree['sops']['lastmodified'].encode('utf-8')) assert tree_mac != empty_tree_mac