def test_write_invalid(self): """ Test that a ValueError gets raised when required Decrypt response payload attributes are missing when encoding the payload. """ payload = payloads.DecryptResponsePayload() self.assertIsNone(payload.unique_identifier) stream = utils.BytearrayStream() args = (stream, ) self.assertRaisesRegex( ValueError, "invalid payload missing the unique identifier attribute", payload.write, *args ) payload = payloads.DecryptResponsePayload( unique_identifier='b4faee10-aa2a-4446-8ad4-0881f3422959' ) stream = utils.BytearrayStream() args = (stream, ) self.assertRaisesRegex( ValueError, "invalid payload missing the data attribute", payload.write, *args )
def test_not_equal_on_not_equal_data(self): """ Test that the inequality operator returns True when comparing two Decrypt response payloads with different data. """ a = payloads.DecryptResponsePayload(data=b'\x11') b = payloads.DecryptResponsePayload(data=b'\xFF') self.assertTrue(a != b) self.assertTrue(b != a)
def test_not_equal_on_not_equal_unique_identifier(self): """ Test that the inequality operator returns True when comparing two Decrypt response payloads with different unique identifiers. """ a = payloads.DecryptResponsePayload(unique_identifier='a') b = payloads.DecryptResponsePayload(unique_identifier='b') self.assertTrue(a != b) self.assertTrue(b != a)
def test_read_invalid(self): """ Test that a ValueError gets raised when required Decrypt response payload attributes are missing from the payload encoding. """ payload = payloads.DecryptResponsePayload() args = (self.empty_encoding, ) self.assertRaisesRegex( ValueError, "invalid payload missing the unique identifier attribute", payload.read, *args) payload = payloads.DecryptResponsePayload() args = (self.incomplete_encoding, ) self.assertRaisesRegex(ValueError, "invalid payload missing the data attribute", payload.read, *args)
def test_invalid_data(self): """ Test that a TypeError is raised when an invalid value is used to set the data of a Decrypt response payload. """ payload = payloads.DecryptResponsePayload() args = (payload, 'data', 0) self.assertRaisesRegex(TypeError, "data must be bytes", setattr, *args)
def test_init(self): """ Test that an Decrypt response payload can be constructed with no arguments. """ payload = payloads.DecryptResponsePayload() self.assertEqual(None, payload.unique_identifier) self.assertEqual(None, payload.data)
def test_invalid_unique_identifier(self): """ Test that a TypeError is raised when an invalid value is used to set the unique identifier of a Decrypt response payload. """ payload = payloads.DecryptResponsePayload() args = (payload, 'unique_identifier', 0) self.assertRaisesRegex(TypeError, "unique identifier must be a string", setattr, *args)
def test_not_equal_on_type_mismatch(self): """ Test that the inequality operator returns True when comparing two Decrypt response payloads with different types. """ a = payloads.DecryptResponsePayload() b = 'invalid' self.assertTrue(a != b) self.assertTrue(b != a)
def test_decrypt(self, send_mock, build_mock): """ Test that the client can decrypt data. """ payload = payloads.DecryptResponsePayload( unique_identifier='1', data=( b'\x37\x36\x35\x34\x33\x32\x31\x20' b'\x4E\x6F\x77\x20\x69\x73\x20\x74' b'\x68\x65\x20\x74\x69\x6D\x65\x20' b'\x66\x6F\x72\x20\x00' ) ) batch_item = ResponseBatchItem( operation=Operation(OperationEnum.DECRYPT), result_status=ResultStatus(ResultStatusEnum.SUCCESS), response_payload=payload ) response = ResponseMessage(batch_items=[batch_item]) build_mock.return_value = None send_mock.return_value = response result = self.client.decrypt( ( b'\x6B\x77\xB4\xD6\x30\x06\xDE\xE6' b'\x05\xB1\x56\xE2\x74\x03\x97\x93' b'\x58\xDE\xB9\xE7\x15\x46\x16\xD9' b'\x74\x9D\xEC\xBE\xC0\x5D\x26\x4B' ), unique_identifier='1', cryptographic_parameters=CryptographicParameters( block_cipher_mode=enums.BlockCipherMode.CBC, padding_method=enums.PaddingMethod.PKCS5, cryptographic_algorithm=enums.CryptographicAlgorithm.BLOWFISH ), iv_counter_nonce=b'\xFE\xDC\xBA\x98\x76\x54\x32\x10' ) self.assertEqual('1', result.get('unique_identifier')) self.assertEqual( ( b'\x37\x36\x35\x34\x33\x32\x31\x20' b'\x4E\x6F\x77\x20\x69\x73\x20\x74' b'\x68\x65\x20\x74\x69\x6D\x65\x20' b'\x66\x6F\x72\x20\x00' ), result.get('data') ) self.assertEqual( ResultStatusEnum.SUCCESS, result.get('result_status') ) self.assertEqual(None, result.get('result_reason')) self.assertEqual(None, result.get('result_message'))
def test_not_equal_on_equal(self): """ Test that the inequality operator returns False when comparing two Decrypt response payloads with the same data. """ a = payloads.DecryptResponsePayload() b = payloads.DecryptResponsePayload() self.assertFalse(a != b) self.assertFalse(b != a) a = payloads.DecryptResponsePayload( unique_identifier='b4faee10-aa2a-4446-8ad4-0881f3422959', data=b'\x01\x23\x45\x67\x89\xAB\xCD\xEF') b = payloads.DecryptResponsePayload( unique_identifier='b4faee10-aa2a-4446-8ad4-0881f3422959', data=b'\x01\x23\x45\x67\x89\xAB\xCD\xEF') self.assertFalse(a != b) self.assertFalse(b != a)
def _process_decrypt_patched(self, payload): self._logger.info("Processing operation: Decrypt") unique_identifier = self._id_placeholder if payload.unique_identifier: unique_identifier = payload.unique_identifier # The KMIP spec does not indicate that the Decrypt operation should # have it's own operation policy entry. Rather, the cryptographic # usage mask should be used to determine if the object can be used # to decrypt data (see below). managed_object = self._get_object_with_access_controls( unique_identifier, enums.Operation.GET) cryptographic_parameters = payload.cryptographic_parameters if cryptographic_parameters is None: # Monkey patched here -- rather than exception, we set to default params. default_crypto_params = CryptographicParameters( block_cipher_mode=enums.BlockCipherMode.CBC, padding_method=enums.PaddingMethod.PKCS5, cryptographic_algorithm=enums.CryptographicAlgorithm.AES, ) cryptographic_parameters = default_crypto_params if managed_object._object_type != enums.ObjectType.SYMMETRIC_KEY: raise exceptions.PermissionDenied( "The requested decryption key is not a symmetric key. " "Only symmetric decryption is currently supported.") if managed_object.state != enums.State.ACTIVE: raise exceptions.PermissionDenied( "The decryption key must be in the Active state to be used " "for decryption.") masks = managed_object.cryptographic_usage_masks if enums.CryptographicUsageMask.DECRYPT not in masks: raise exceptions.PermissionDenied( "The Decrypt bit must be set in the decryption key's " "cryptographic usage mask.") result = self._cryptography_engine.decrypt( cryptographic_parameters.cryptographic_algorithm, managed_object.value, payload.data, cipher_mode=cryptographic_parameters.block_cipher_mode, padding_method=cryptographic_parameters.padding_method, iv_nonce=payload.iv_counter_nonce, auth_additional_data=payload.auth_additional_data, auth_tag=payload.auth_tag, ) response_payload = payloads.DecryptResponsePayload( unique_identifier, result) return response_payload
def test_init_with_args(self): """ Test that a Decrypt response payload can be constructed with valid values """ payload = payloads.DecryptResponsePayload( unique_identifier='00000000-1111-2222-3333-444444444444', data=b'\x01\x02\x03') self.assertEqual('00000000-1111-2222-3333-444444444444', payload.unique_identifier) self.assertEqual(b'\x01\x02\x03', payload.data)
def test_write(self): """ Test that a Decrypt response payload can be written to a data stream. """ payload = payloads.DecryptResponsePayload( unique_identifier='b4faee10-aa2a-4446-8ad4-0881f3422959', data=b'\x01\x23\x45\x67\x89\xAB\xCD\xEF') stream = utils.BytearrayStream() payload.write(stream) self.assertEqual(len(self.full_encoding), len(stream)) self.assertEqual(str(self.full_encoding), str(stream))
def test_read(self): """ Test that a Decrypt response payload can be read from a data stream. """ payload = payloads.DecryptResponsePayload() self.assertEqual(None, payload.unique_identifier) self.assertEqual(None, payload.data) payload.read(self.full_encoding) self.assertEqual('b4faee10-aa2a-4446-8ad4-0881f3422959', payload.unique_identifier) self.assertEqual(b'\x01\x23\x45\x67\x89\xAB\xCD\xEF', payload.data)
def test_repr(self): """ Test that repr can be applied to a Decrypt response payload. """ payload = payloads.DecryptResponsePayload( unique_identifier='b4faee10-aa2a-4446-8ad4-0881f3422959', data=b'\x01\x23\x45\x67\x89\xAB\xCD\xEF') expected = ( "DecryptResponsePayload(" "unique_identifier='b4faee10-aa2a-4446-8ad4-0881f3422959', " "data=" + str(b'\x01\x23\x45\x67\x89\xAB\xCD\xEF') + ")") observed = repr(payload) self.assertEqual(expected, observed)
def test_str(self): """ Test that str can be applied to a Decrypt response payload """ payload = payloads.DecryptResponsePayload( unique_identifier='b4faee10-aa2a-4446-8ad4-0881f3422959', data=b'\x01\x23\x45\x67\x89\xAB\xCD\xEF') expected = str({ 'unique_identifier': 'b4faee10-aa2a-4446-8ad4-0881f3422959', 'data': b'\x01\x23\x45\x67\x89\xAB\xCD\xEF' }) observed = str(payload) self.assertEqual(expected, observed)
def _create_decrypt_payload(self): return payloads.DecryptResponsePayload()