def test_oneuser(tmpdir, keyfiles):
# ------------------------------------------------------------
# Create a dummy gpg keyring
gpg = get_gpg(str(tmpdir.join('gnupg')))
assert len(list(gpg.keylist())) == 0
assert len(list(gpg.keylist('', True))) == 0
# Import some keys in keyring
for keyname in ('key1.sec', 'key1.pub', 'key2.pub'):
with keyfiles.open(keyname, 'rb') as fp:
gpg.import_(fp)
assert len(list(gpg.keylist())) == 2 # public
assert len(list(gpg.keylist('', True))) == 1 # secret
# Read fingerprints of the user's private key and other
# available public keys.
privkey = list(gpg.keylist('', True))[0].subkeys[0].fpr
# ------------------------------------------------------------
# Prepare password manager
pm = PasswordManager(
str(tmpdir.join('passwords')),
gpghome=str(tmpdir.join('gnupg')))
pm.setup([privkey])
assert list(pm.list_identities()) == [privkey]
secret = "{'hello': 'World'}"
pm.write_secret('hello', secret)
assert pm.read_secret('hello') == secret
def test_oneuser(tmpdir, keyfiles):
# ------------------------------------------------------------
# Create a dummy gpg keyring
gpg = get_gpg(str(tmpdir.join('gnupg')))
assert len(list(gpg.keylist())) == 0
assert len(list(gpg.keylist('', True))) == 0
# Import some keys in keyring
for keyname in ('key1.sec', 'key1.pub', 'key2.pub'):
with keyfiles.open(keyname, 'rb') as fp:
gpg.import_(fp)
assert len(list(gpg.keylist())) == 2 # public
assert len(list(gpg.keylist('', True))) == 1 # secret
# Read fingerprints of the user's private key and other
# available public keys.
privkey = list(gpg.keylist('', True))[0].subkeys[0].fpr
# ------------------------------------------------------------
# Prepare password manager
pm = PasswordManager(str(tmpdir.join('passwords')),
gpghome=str(tmpdir.join('gnupg')))
pm.setup([privkey])
assert list(pm.list_identities()) == [privkey]
secret = "{'hello': 'World'}"
pm.write_secret('hello', secret)
assert pm.read_secret('hello') == secret
def test_multiple_users(tmpdir, keyfiles):
gpg_alice = get_gpg(str(tmpdir.join('gnupg-alice')))
gpg_bob = get_gpg(str(tmpdir.join('gnupg-bob')))
gpg_eve = get_gpg(str(tmpdir.join('gnupg-eve')))
passwords_dir = str(tmpdir.join('passwords'))
for gpg in (gpg_alice, gpg_bob, gpg_eve):
assert len(list(gpg.keylist())) == 0
assert len(list(gpg.keylist('', True))) == 0
# Import public keys in all keyrings..
for gpg in (gpg_alice, gpg_bob, gpg_eve):
for keyname in ('key1.pub', 'key2.pub', 'key3.pub'):
with keyfiles.open(keyname, 'rb') as fp:
gpg.import_(fp)
# For each user's gpg home, import all public keys
for gpg, keyfile in [
(gpg_alice, 'key1.sec'),
(gpg_bob, 'key2.sec'),
(gpg_eve, 'key3.sec')]:
with keyfiles.open(keyfile) as fp:
gpg.import_(fp)
# Verify operations
for gpg in (gpg_alice, gpg_bob, gpg_eve):
assert len(list(gpg.keylist())) == 3
assert len(list(gpg.keylist('', True))) == 1
# Keep key fingerprints in meaningful names..
def _get_first_privkey_fpr(gpg):
all_privkeys = list(gpg.keylist('', True))
assert len(all_privkeys) == 1
# There should be only one subkey (the master one)
assert len(all_privkeys[0].subkeys) == 1
return all_privkeys[0].subkeys[0].fpr
gpg_fp_alice = _get_first_privkey_fpr(gpg_alice)
gpg_fp_bob = _get_first_privkey_fpr(gpg_bob)
gpg_fp_eve = _get_first_privkey_fpr(gpg_eve)
# Make sure users have different keys!
assert len(set((gpg_fp_alice, gpg_fp_bob, gpg_fp_eve))) == 3
# ------------------------------------------------------------
# Now, we can create passwor manager instances
# and start experimenting..
pm_alice = PasswordManager(
passwords_dir, gpghome=str(tmpdir.join('gnupg-alice')))
pm_bob = PasswordManager(
passwords_dir, gpghome=str(tmpdir.join('gnupg-bob')))
pm_eve = PasswordManager(
passwords_dir, gpghome=str(tmpdir.join('gnupg-eve')))
# Alice creates a new password manager.
pm_alice.setup([gpg_fp_alice, gpg_fp_bob])
secret = "{'username': '******', 'password': '******'}"
pm_alice.write_secret('secret1', secret)
assert pm_alice.read_secret('secret1') == secret
# And Bob is able to read the secret too..
assert pm_bob.read_secret('secret1') == secret
# But Eve cannot. Yet
with pytest.raises(PasswordManagerException):
pm_eve.read_secret('secret1')
# Alice decides to add eve..
pm_alice.add_identity(gpg_fp_eve)
# Now Eve can read too..
assert pm_eve.read_secret('secret1') == secret
# But then Alice changes her mind
pm_alice.remove_identity(gpg_fp_eve)
assert pm_alice.read_secret('secret1') == secret
assert pm_bob.read_secret('secret1') == secret
# Eve cannot read password anymore.
with pytest.raises(PasswordManagerException):
pm_eve.read_secret('secret1')
# Btw, Alice things it would be better to change password too..
secret = "{'username': '******', 'password': '******'}"
pm_alice.write_secret('secret1', secret)
assert pm_alice.read_secret('secret1') == secret
assert pm_bob.read_secret('secret1') == secret
with pytest.raises(PasswordManagerException):
pm_eve.read_secret('secret1')
def test_multiple_users(tmpdir, keyfiles):
gpg_alice = get_gpg(str(tmpdir.join('gnupg-alice')))
gpg_bob = get_gpg(str(tmpdir.join('gnupg-bob')))
gpg_eve = get_gpg(str(tmpdir.join('gnupg-eve')))
passwords_dir = str(tmpdir.join('passwords'))
for gpg in (gpg_alice, gpg_bob, gpg_eve):
assert len(list(gpg.keylist())) == 0
assert len(list(gpg.keylist('', True))) == 0
# Import public keys in all keyrings..
for gpg in (gpg_alice, gpg_bob, gpg_eve):
for keyname in ('key1.pub', 'key2.pub', 'key3.pub'):
with keyfiles.open(keyname, 'rb') as fp:
gpg.import_(fp)
# For each user's gpg home, import all public keys
for gpg, keyfile in [(gpg_alice, 'key1.sec'), (gpg_bob, 'key2.sec'),
(gpg_eve, 'key3.sec')]:
with keyfiles.open(keyfile) as fp:
gpg.import_(fp)
# Verify operations
for gpg in (gpg_alice, gpg_bob, gpg_eve):
assert len(list(gpg.keylist())) == 3
assert len(list(gpg.keylist('', True))) == 1
# Keep key fingerprints in meaningful names..
def _get_first_privkey_fpr(gpg):
all_privkeys = list(gpg.keylist('', True))
assert len(all_privkeys) == 1
# There should be only one subkey (the master one)
assert len(all_privkeys[0].subkeys) == 1
return all_privkeys[0].subkeys[0].fpr
gpg_fp_alice = _get_first_privkey_fpr(gpg_alice)
gpg_fp_bob = _get_first_privkey_fpr(gpg_bob)
gpg_fp_eve = _get_first_privkey_fpr(gpg_eve)
# Make sure users have different keys!
assert len(set((gpg_fp_alice, gpg_fp_bob, gpg_fp_eve))) == 3
# ------------------------------------------------------------
# Now, we can create passwor manager instances
# and start experimenting..
pm_alice = PasswordManager(passwords_dir,
gpghome=str(tmpdir.join('gnupg-alice')))
pm_bob = PasswordManager(passwords_dir,
gpghome=str(tmpdir.join('gnupg-bob')))
pm_eve = PasswordManager(passwords_dir,
gpghome=str(tmpdir.join('gnupg-eve')))
# Alice creates a new password manager.
pm_alice.setup([gpg_fp_alice, gpg_fp_bob])
secret = "{'username': '******', 'password': '******'}"
pm_alice.write_secret('secret1', secret)
assert pm_alice.read_secret('secret1') == secret
# And Bob is able to read the secret too..
assert pm_bob.read_secret('secret1') == secret
# But Eve cannot. Yet
with pytest.raises(PasswordManagerException):
pm_eve.read_secret('secret1')
# Alice decides to add eve..
pm_alice.add_identity(gpg_fp_eve)
# Now Eve can read too..
assert pm_eve.read_secret('secret1') == secret
# But then Alice changes her mind
pm_alice.remove_identity(gpg_fp_eve)
assert pm_alice.read_secret('secret1') == secret
assert pm_bob.read_secret('secret1') == secret
# Eve cannot read password anymore.
with pytest.raises(PasswordManagerException):
pm_eve.read_secret('secret1')
# Btw, Alice things it would be better to change password too..
secret = "{'username': '******', 'password': '******'}"
pm_alice.write_secret('secret1', secret)
assert pm_alice.read_secret('secret1') == secret
assert pm_bob.read_secret('secret1') == secret
with pytest.raises(PasswordManagerException):
pm_eve.read_secret('secret1')
