def test_encrypt(homedir, source, config, mocker, session_maker): ''' Check that calling `encrypt` encrypts the message. Using the `config` fixture to ensure the config is written to disk. ''' helper = GpgHelper(homedir, session_maker, is_qubes=False) # first we have to ensure the pubkeys are available helper._import(PUB_KEY) helper._import(JOURNO_KEY) plaintext = 'bueller?' cyphertext = helper.encrypt_to_source(source['uuid'], plaintext) # check that we go *any* output just for sanity assert cyphertext cyphertext_file = os.path.join(homedir, 'cyphertext.out') decrypted_file = os.path.join(homedir, 'decrypted.out') gpg_home = os.path.join(homedir, 'gpg') with open(cyphertext_file, 'w') as f: f.write(cyphertext) subprocess.check_call([ 'gpg', '--homedir', gpg_home, '--output', decrypted_file, '--decrypt', cyphertext_file ]) with open(decrypted_file) as f: decrypted = f.read() assert decrypted == plaintext
def test_gzip_header_without_filename(homedir, config, mocker, session_maker): """ Test processing of a gzipped file without a filename in the header. """ gpg = GpgHelper(homedir, session_maker, is_qubes=False) gpg._import(PUB_KEY) gpg._import(JOURNO_KEY) mocker.patch("os.unlink") mocker.patch("gzip.open") mocker.patch("shutil.copy") mocker.patch("shutil.copyfileobj") # pretend the gzipped file header lacked the original filename mock_read_gzip_header_filename = mocker.patch( "securedrop_client.crypto.read_gzip_header_filename" ) mock_read_gzip_header_filename.return_value = "" test_gzip = "tests/files/test-doc.gz.gpg" output_filename = "test-doc" expected_output_filename = "tests/files/test-doc" original_filename = gpg.decrypt_submission_or_reply(test_gzip, output_filename, is_doc=True) assert original_filename == output_filename os.remove(expected_output_filename)
def test_gunzip_logic(homedir, config, mocker, session_maker): """ Ensure that gzipped documents/files are handled Using the `config` fixture to ensure the config is written to disk. """ gpg = GpgHelper(homedir, session_maker, is_qubes=False) gpg._import(PUB_KEY) gpg._import(JOURNO_KEY) test_gzip = "tests/files/test-doc.gz.gpg" expected_output_filepath = "tests/files/test-doc.txt" # mock_gpg = mocker.patch('subprocess.call', return_value=0) mock_unlink = mocker.patch("os.unlink") original_filename = gpg.decrypt_submission_or_reply( test_gzip, expected_output_filepath, is_doc=True ) assert original_filename == "test-doc.txt" # We should remove two files in the success scenario: err, filepath assert mock_unlink.call_count == 2 mock_unlink.stop() os.remove(expected_output_filepath)
def test_encrypt(homedir, source, config, mocker, session_maker): """ Check that calling `encrypt` encrypts the message. Using the `config` fixture to ensure the config is written to disk. """ helper = GpgHelper(homedir, session_maker, is_qubes=False) # first we have to ensure the pubkeys are available helper._import(PUB_KEY) helper._import(JOURNO_KEY) plaintext = "bueller?" cyphertext = helper.encrypt_to_source(source["uuid"], plaintext) # check that we go *any* output just for sanity assert cyphertext cyphertext_file = os.path.join(homedir, "cyphertext.out") decrypted_file = os.path.join(homedir, "decrypted.out") gpg_home = os.path.join(homedir, "gpg") with open(cyphertext_file, "w") as f: f.write(cyphertext) subprocess.check_call( ["gpg", "--homedir", gpg_home, "--output", decrypted_file, "--decrypt", cyphertext_file] ) with open(decrypted_file) as f: decrypted = f.read() assert decrypted == plaintext
def test_import_key_gpg_call_fail(homedir, config, mocker, session_maker): ''' Check that a `CryptoError` is raised if calling `gpg` fails. Using the `config` fixture to ensure the config is written to disk. ''' helper = GpgHelper(homedir, session_maker, is_qubes=False) err = subprocess.CalledProcessError(cmd=['foo'], returncode=1) mock_call = mocker.patch('securedrop_client.crypto.subprocess.check_call', side_effect=err) with pytest.raises(CryptoError, match='Could not import key\\.'): helper._import(PUB_KEY) # ensure the mock was used assert mock_call.called
def test_encrypt_fail(homedir, source, config, mocker, session_maker): ''' Check that a `CryptoError` is raised if the call to `gpg` fails. Using the `config` fixture to ensure the config is written to disk. ''' helper = GpgHelper(homedir, session_maker, is_qubes=False) # first we have to ensure the pubkeys are available helper._import(PUB_KEY) plaintext = 'bueller?' err = subprocess.CalledProcessError(cmd=['foo'], returncode=1) mock_gpg = mocker.patch('securedrop_client.crypto.subprocess.check_call', side_effect=err) with pytest.raises(CryptoError): helper.encrypt_to_source(source['uuid'], plaintext) # check mock called to prevent "dead code" assert mock_gpg.called