def initialize_cryptor(self):
self.cryptor = FileCryptor()
class FileCryptorTest(unittest.TestCase):
def setUp(self):
self.filepath = {
'unencrypted': os.path.join(TEST_FILES_DIR, "config.ini"),
'encrypted': os.path.join(TEST_FILES_DIR, "config.ini.encrypted"),
'test': os.path.join(TEST_FILES_DIR, "config.ini.test"),
'encryption-test-result': os.path.join(TEST_FILES_DIR, "config.ini.test.encrypted"),
'decryption-test-result': os.path.join(TEST_FILES_DIR, "config.ini.test.decrypted"),
}
self.initialize_cryptor()
def tearDown(self):
for f in self.filepath.keys():
if "test" in f and os.path.exists(self.filepath[f]):
os.remove(self.filepath[f])
def initialize_cryptor(self):
self.cryptor = FileCryptor()
def test_encrypt_and_decrypt_are_reversible(self):
# setup - create test file
shutil.copyfile(self.filepath['unencrypted'], self.filepath['test'])
# test encrypt
self.cryptor.encrypt_file(TEST_KEY,
self.filepath['test'],
self.filepath['encryption-test-result'],
verify=False)
# assert is different from the original
self.assertFalse(filecmp.cmp(self.filepath['encryption-test-result'],
self.filepath['test']))
self.cryptor.decrypt_file(TEST_KEY,
self.filepath['encryption-test-result'],
self.filepath['test'],
verify=False)
# assert back to original
self.assertTrue(filecmp.cmp(self.filepath['test'],
self.filepath['unencrypted']),
"Files don't match!")
def test_encrypt_and_decrypt_verified_are_reversible(self):
# setup - create test file
shutil.copyfile(self.filepath['unencrypted'], self.filepath['test'])
# test encrypt
self.cryptor.encrypt_file(TEST_KEY,
self.filepath['test'],
self.filepath['encryption-test-result'],
verify=True)
# assert is different from the original
self.assertFalse(filecmp.cmp(self.filepath['encryption-test-result'],
self.filepath['test']))
self.cryptor.decrypt_file(TEST_KEY,
self.filepath['encryption-test-result'],
self.filepath['test'], verify=True)
# assert back to original
self.assertTrue(filecmp.cmp(self.filepath['test'],
self.filepath['unencrypted']),
"Files don't match!")
def test_decrypt_file_should_create_new_file_with_decrypted_extension(self):
# setup - create test file
self.cryptor.encrypt_file(TEST_KEY,
self.filepath['unencrypted'], self.filepath['test'])
# test
self.cryptor.decrypt_file(TEST_KEY, self.filepath['test'])
# assert
self.assertTrue(os.path.exists(self.filepath['decryption-test-result']), "Decrypted file not created")
def test_decrypt_file_should_create_new_file_with_provided_output_filename(self):
# setup
specified_output_file_path = os.path.join(TEST_FILES_DIR, "foobar.test")
assert not os.path.exists(specified_output_file_path)
# setup - create test file
self.cryptor.encrypt_file(TEST_KEY, self.filepath['unencrypted'], self.filepath['test'])
try:
# test
self.cryptor.decrypt_file(TEST_KEY, self.filepath['test'], specified_output_file_path)
# assert
self.assertTrue(os.path.exists(specified_output_file_path), "Decrypted file not created")
# cleanup
finally:
if os.path.exists(specified_output_file_path):
os.remove(specified_output_file_path)
def test_decrypt_file_should_remove_encrypted_extension_if_exists(self):
# setup - create test file
self.cryptor.encrypt_file(TEST_KEY, self.filepath['unencrypted'], self.filepath['encryption-test-result'])
# test
self.cryptor.decrypt_file(TEST_KEY, self.filepath['encryption-test-result'])
# assert
self.assertTrue(os.path.exists(self.filepath['test']), "Decrypted file '%s' not created" % self.filepath['test'])
def test_decrypt_file_should_not_allow_input_and_output_to_match(self):
# setup - create test file
self.cryptor.encrypt_file(TEST_KEY, self.filepath['unencrypted'], self.filepath['test'])
with self.assertRaises(AssertionError):
self.cryptor.decrypt_file(TEST_KEY, self.filepath['test'], self.filepath['test'])
def test_decrypt_file_should_not_overwrite_existing_file_if_overwrite_is_false(self):
# setup - create test file
self.cryptor.encrypt_file(TEST_KEY, self.filepath['unencrypted'], self.filepath['test'])
shutil.copyfile(self.filepath['encrypted'], self.filepath['encryption-test-result'])
with self.assertRaises(IOError):
# test
self.cryptor.decrypt_file(TEST_KEY, self.filepath['test'], self.filepath['encryption-test-result'], overwrite_existing=False)
def test_decrypt_file_should_handle_encrypted_file_where_line_break_is_in_initialization_vector(self):
# setup
# Inject an artifical iv with linebreaks in it
iv_with_line_break = "123\n1234\n2341234\nt3jgeggggg\ng43g33g3g3af1"[:self.cryptor.block_size]
random_generator = Mock()
random_generator.read = Mock()
random_generator.read.return_value = iv_with_line_break
try:
original_random_generator = self.cryptor.random_generator
self.cryptor.random_generator = random_generator
# test
self.cryptor.encrypt_file(TEST_KEY, self.filepath['unencrypted'], self.filepath['test'])
# Ensure ValueError is not raised
self.cryptor.decrypt_file(TEST_KEY, self.filepath['test'], self.filepath['decryption-test-result'])
finally:
self.cryptor.random_generator = original_random_generator
def test_decrypt_file_verified_should_raise_value_error_if_password_incorrect(self):
# setup
shutil.copyfile(self.filepath['encrypted'], self.filepath['test'])
self.cryptor.encrypt_file(TEST_KEY, self.filepath['test'], verify=True)
with self.assertRaises(ValueError):
# test
self.cryptor.decrypt_file("bad key!",
self.filepath['encryption-test-result'],
self.filepath['decryption-test-result'],
verify=True)
def test_decrypt_file_should_not_raise_value_error_if_password_incorrect(self):
# setup
shutil.copyfile(self.filepath['encrypted'], self.filepath['test'])
self.cryptor.encrypt_file(TEST_KEY, self.filepath['test'], verify=False)
# test doesn't raise Value Error
self.cryptor.decrypt_file("bad key!", self.filepath['encryption-test-result'], self.filepath['decryption-test-result'], verify=False)
def test_decrypt_file_should_not_create_file_if_decryption_fails(self):
# setup
shutil.copyfile(self.filepath['encrypted'], self.filepath['test'])
self.cryptor.encrypt_file(TEST_KEY, self.filepath['test'], verify=True)
# test
try:
self.cryptor.decrypt_file("bad key!",
self.filepath['encryption-test-result'],
self.filepath['decryption-test-result'],
verify=True)
except ValueError:
pass
# assert
self.assertFalse(os.path.exists(self.filepath['decryption-test-result']),
"File '%s' should not be created if decryption fails." % self.filepath['decryption-test-result'])
def test_encrypt_file_should_create_new_file_with_default_encrypted_extension(self):
# setup - create test file
shutil.copyfile(self.filepath['unencrypted'], self.filepath['test'])
# test
self.cryptor.encrypt_file(TEST_KEY, self.filepath['test'])
# assert
self.assertTrue(os.path.exists(self.filepath['encryption-test-result']), "Encrypted file not created")
def test_encrypt_file_should_create_new_file_with_provided_output_filename(self):
# setup
specified_output_filename = "foobar.encrypted"
specified_output_file_path = os.path.join(TEST_FILES_DIR, specified_output_filename)
assert not os.path.exists(specified_output_file_path)
try:
# test
self.cryptor.encrypt_file(TEST_KEY, self.filepath['unencrypted'], specified_output_file_path)
# assert
self.assertTrue(os.path.exists(specified_output_file_path), "Encrypted file not created")
# cleanup
finally:
if os.path.exists(specified_output_file_path):
os.remove(specified_output_file_path)
def test_encrypt_file_should_not_allow_input_and_output_to_match(self):
# setup
shutil.copyfile(self.filepath['unencrypted'], self.filepath['test'])
# test and assert
with self.assertRaises(AssertionError):
self.cryptor.encrypt_file(TEST_KEY, self.filepath['test'], self.filepath['test'])
def test_encrypt_file_should_not_overwrite_existing_file_if_overwrite_is_false(self):
shutil.copyfile(self.filepath['unencrypted'], self.filepath['test'])
shutil.copyfile(self.filepath['unencrypted'], self.filepath['decryption-test-result'])
with self.assertRaises(IOError):
# test
self.cryptor.encrypt_file(TEST_KEY,
self.filepath['test'],
self.filepath['decryption-test-result'],
overwrite_existing=False)
def test_verify_file_should_return_true_if_key_and_file_are_valid(self):
# setup - create test file
self.cryptor.encrypt_file(TEST_KEY,
self.filepath['unencrypted'],
self.filepath['test'],
verify=True)
# test
result = self.cryptor.verify_file(TEST_KEY, self.filepath['test'])
# assert
self.assertTrue(result)
def test_verify_file_should_return_false_if_key_is_wrong(self):
# setup - create test file
self.cryptor.encrypt_file(TEST_KEY,
self.filepath['unencrypted'],
self.filepath['test'], verify=True)
# test
result = self.cryptor.verify_file("bad key!", self.filepath['test'])
# assert
self.assertFalse(result)
def test_verify_file_should_return_false_if_file_is_corrupt(self):
# setup - create test file
self.cryptor.encrypt_file(TEST_KEY,
self.filepath['unencrypted'],
self.filepath['test'], verify=True)
with open(self.filepath['test'], 'rb+') as test_file:
test_file.write("Some junk!")
# test
result = self.cryptor.verify_file(TEST_KEY, self.filepath['test'])
# assert
self.assertFalse(result)
def test_digest_and_salt_in_file_should_be_unique_for_duplicate_encryptions(self):
# setup
shutil.copyfile(self.filepath['unencrypted'], self.filepath['test'])
self.cryptor.encrypt_file(TEST_KEY,
self.filepath['unencrypted'],
self.filepath['encryption-test-result'],
verify=True)
# Use the decryption file slot just for this test
self.cryptor.encrypt_file(TEST_KEY,
self.filepath['test'],
self.filepath['decryption-test-result'],
verify=True)
with open(self.filepath['encryption-test-result'], 'rb') as input_file:
parsed1 = self.cryptor._parse_file_obj(input_file, verified=True)
with open(self.filepath['decryption-test-result'], 'rb') as input_file:
parsed2 = self.cryptor._parse_file_obj(input_file, verified=True)
# assert
self.assertNotEqual(parsed1['digest'], parsed2['digest'])
self.assertNotEqual(parsed1['salt'], parsed2['salt'])
