def test_client_not_bound(self): gcp_key1 = 'gcp-kms://projects/someProject/.../cryptoKeys/key1' aws_client = awskms.AwsKmsClient(KEY_URI, CREDENTIAL_PATH) self.assertEqual(aws_client.does_support(KEY_URI), True) self.assertEqual(aws_client.does_support(gcp_key1), False)
def test_encrypt_with_bad_credentials(self): aws_client = awskms.AwsKmsClient(KEY_URI, BAD_CREDENTIALS_PATH) aead = aws_client.get_aead(KEY_URI) plaintext = b'hello' associated_data = b'world' with self.assertRaises(core.TinkError): aead.encrypt(plaintext, associated_data)
def test_encrypt_decrypt(self): aws_client = awskms.AwsKmsClient(KEY_URI, CREDENTIAL_PATH) aead = aws_client.get_aead(KEY_URI) plaintext = b'hello' associated_data = b'world' ciphertext = aead.encrypt(plaintext, associated_data) self.assertEqual(plaintext, aead.decrypt(ciphertext, associated_data)) plaintext = b'hello' ciphertext = aead.encrypt(plaintext, b'') self.assertEqual(plaintext, aead.decrypt(ciphertext, b''))
def test_corrupted_ciphertext(self): aws_client = awskms.AwsKmsClient(KEY_URI, CREDENTIAL_PATH) aead = aws_client.get_aead(KEY_URI) plaintext = b'helloworld' ciphertext = aead.encrypt(plaintext, b'') self.assertEqual(plaintext, aead.decrypt(ciphertext, b'')) # Corrupt each byte once and check that decryption fails # NOTE: Skipping two bytes as they are malleable for byte_idx in [ b for b in range(len(ciphertext)) if b not in [77, 123] ]: tmp_ciphertext = list(ciphertext) tmp_ciphertext[byte_idx] ^= 1 corrupted_ciphertext = bytes(tmp_ciphertext) with self.assertRaises(core.TinkError): aead.decrypt(corrupted_ciphertext, b'')
def test_encrypt_with_bad_uri(self): with self.assertRaises(core.TinkError): aws_client = awskms.AwsKmsClient(KEY_URI, CREDENTIAL_PATH) aws_client.get_aead(BAD_KEY_URI)
def test_wrong_credentials_path(self): with self.assertRaises(ValueError): awskms.AwsKmsClient(KEY_URI, '../credentials.txt')
def test_wrong_key_uri(self): with self.assertRaises(core.TinkError): awskms.AwsKmsClient(BAD_KEY_URI, CREDENTIAL_PATH)
def test_client_generation(self): aws_client = awskms.AwsKmsClient(KEY_URI, CREDENTIAL_PATH) self.assertNotEqual(aws_client, None)
def test_client_registration(self): aws_client = awskms.AwsKmsClient('', CREDENTIAL_PATH) aws_client.register_client('', CREDENTIAL_PATH)