def test_load_config_with_key_password(self):
json_conf = json.loads(self._test_config_file)
json_conf["decryptionKey"] = resource_path("keys/test_key.p12")
json_conf["decryptionKeyPassword"] = "******"
conf = to_test.FieldLevelEncryptionConfig(json_conf)
self.assertIsNotNone(conf.decryption_key, "No key password set")
def test_load_decryption_key_pkcs8_der(self):
key_path = resource_path("keys/test_key_pkcs8-2048.der")
key = to_test.load_decryption_key(key_path)
self.assertIsNotNone(key)
self.assertIsInstance(key, RSA.RsaKey, "Must be RSA key")
self.assertEqual(self._pkcs8_2048, self.__strip_key(key),
"Decryption key does not match")
def test_load_decryption_key_pkcs1_4096bits_pem(self):
key_path = resource_path("keys/test_key_pkcs1-4096.pem")
key = to_test.load_decryption_key(key_path)
self.assertIsNotNone(key)
self.assertIsInstance(key, RSA.RsaKey, "Must be RSA key")
self.assertEqual(self._pkcs1_4096, self.__strip_key(key),
"Decryption key does not match")
def test_load_decryption_key_pkcs12(self):
key_path = resource_path("keys/test_key.p12")
key_password = "******"
p12_key = to_test.load_decryption_key(key_path, key_password)
self.assertIsNotNone(p12_key)
self.assertIsInstance(p12_key, RSA.RsaKey, "Must be RSA key")
self.assertEqual(self._pkcs12, self.__strip_key(p12_key),
"Decryption key does not match")
def test_load_config_with_missing_required_key_password(self):
json_conf = json.loads(self._test_config_file)
json_conf["decryptionKey"] = resource_path("keys/test_key.p12")
self.assertRaises(PrivateKeyError, to_test.FieldLevelEncryptionConfig, json_conf)
def test_load_config_decryption_key_file_not_found(self):
wrong_json = json.loads(self._test_config_file)
wrong_json["decryptionKey"] = resource_path("keys/wrong_private_key_name.pem")
self.assertRaises(PrivateKeyError, to_test.FieldLevelEncryptionConfig, wrong_json)
def setUp(self):
self._test_config_file = get_config_for_test()
x509_cert = load_encryption_certificate(resource_path("certificates/test_certificate-2048.der"))
self._expected_cert = dump_certificate(FILETYPE_ASN1, x509_cert)
self._expected_key = "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQD0ynqAQWn0T7/VJLletTJgoxsTt5TR3IkJ+Yk/Pxg6Q5hXuiGrBdC+OVo/9hrNnptuZh9rZYKto6lbSjYFiKMeBDvPZrYDPzusp0C0KllIoVbzYiOezD76XHsQAEje0UXbzZlXstPXef2bi2HkqV26ST167L5O4moK8+7jHMT80T6XgsUyvyt8PjsQ9CSu6fnD9NfCSYmt2cb16OXcEtA7To2zoGznXqB6JhntFjG0jxee7RkLR+moOqMI9kFM5GSIV4uhwQ9FtOCjUf7TFAU12wwfX/QXUEj6G93GVtzf6QdkVkWh4EyRHeMLyMNc5c0Iw1ZvXdOKfoeo9F47QpbzAgMBAAECggEAK3dMmzuCSdxjTsCPnc6E3H35z914Mm97ceb6RN26OpZIFcO6OLj2oOBkMxlLFxnDta2yhIpo0tZNuyUJRKBHfov35tLxHNB8kyK7rYIbincDjoHtm0PfJuuG+odiaRY11lrCkLzzOr6xlo4AWu7r8qkQnqQtAqrXc4xu7artG4rfMIunGnjjWQGzovtey1JgZctO97MU4Wvw18vgYBI6JM4eHJkZxgEhVQblBTKZs4OfiWk6MRHchgvqnWugwl213FgCzwy9cnyxTP13i9QKaFzL29TYmmN6bRWBH95z41M8IAa0CGahrSJjudZCFwsFh413YWv/pdqdkKHg1sqseQKBgQD641RYQkMn4G9vOiwB/is5M0OAhhUdWH1QtB8vvhY5ISTjFMqgIIVQvGmqDDk8QqFMOfFFqLtnArGn8HrKmBXMpRigS4ae/QgHEz34/RFjNDQ9zxIf/yoCRH5PmnPPU6x8j3bj/vJMRQA6/yngoca+9qvi3R32AtC5DUELnwyzNwKBgQD5x1iEV+albyCNNyLoT/f6LSH1NVcO+0IOvIaAVMtfy+hEEXz7izv3/AgcogVZzRARSK0qsQ+4WQN6Q2WG5cQYSyB92PR+VgwhnagVvA+QHNDL988xoMhB5r2D2IVSRuTB2EOg7LiWHUHIExaxVkbADODDj7YV2aQCJVv0gbDQJQKBgQCaABix5Fqci6NbPvXsczvM7K6uoZ8sWDjz5NyPzbqObs3ZpdWK3Ot4V270tnQbjTq9M4PqIlyGKp0qXO7ClQAskdq/6hxEU0UuMp2DzLNzlYPLvON/SH1czvZJnqEfzli+TMHJyaCpOGGf1Si7fhIk/f0cUGYnsCq2rHAU1hhRmQKBgE/BJTRs1MqyJxSwLEc9cZLCYntnYrr342nNLK1BZgbalvlVFDFFjgpqwTRTT54S6jR6nkBpdPmKAqBBcOOX7ftL0b4dTkQguZLqQkdeWyHK8aiPIetYyVixkoXM1xUkadqzcTSrIW1dPiniXnaVc9XSxtnqw1tKuSGuSCRUXN65AoGBAN/AmT1S4PAQpSWufC8NUJey8S0bURUNNjd52MQ7pWzGq2QC00+dBLkTPj3KOGYpXw9ScZPbxOthBFzHOxERWo16AFw3OeRtn4VB1QJ9XvoA/oz4lEhJKbwUfuFGGvSpYvg3vZcOHF2zlvcUu7C0ub/WhOjV9jZvU5B2Ev8x1neb"
def test_load_config_encryption_certificate_file_not_found(self):
wrong_json = json.loads(self._test_config_file)
wrong_json["encryptionCertificate"] = resource_path("certificates/wrong_certificate_name.pem")
self.assertRaises(CertificateError, to_test.FieldLevelEncryptionConfig, wrong_json)
def test_load_encryption_certificate_file_does_not_exist(self):
cert_path = resource_path("certificates/non_existing_file.pem")
self.assertRaises(CertificateError,
to_test.load_encryption_certificate, cert_path)
def test_load_encryption_certificate_invalid(self):
cert_path = resource_path("keys/test_invalid_key.der")
self.assertRaises(CertificateError,
to_test.load_encryption_certificate, cert_path)
def test_load_encryption_certificate_der(self):
cert_path = resource_path("certificates/test_certificate-2048.der")
cert = to_test.load_encryption_certificate(cert_path)
self.assertIsNotNone(cert)
self.assertIsInstance(cert, X509, "Must be X509 certificate")
def test_load_decryption_key_file_does_not_exist(self):
key_path = resource_path("keys/non_existing_file.pem")
self.assertRaises(PrivateKeyError, to_test.load_decryption_key,
key_path)
def test_load_decryption_key_invalid_key(self):
key_path = resource_path("keys/test_invalid_key.der")
self.assertRaises(PrivateKeyError, to_test.load_decryption_key,
key_path)