def setUp(self):
super(WhenTestingDogtagCryptoPlugin, self).setUp()
if not imports_ok:
return
self.keyclient_mock = mock.MagicMock(name="KeyClient mock")
self.patcher = mock.patch('pki.cryptoutil.NSSCryptoUtil')
self.patcher.start()
# create nss db for test only
self.nss_dir = tempfile.mkdtemp()
self.cfg_mock = mock.MagicMock(name='config mock')
self.cfg_mock.dogtag_crypto_plugin = mock.MagicMock(
nss_db_path=self.nss_dir)
self.plugin = DogtagCryptoPlugin(self.cfg_mock)
self.plugin.keyclient = self.keyclient_mock
def setUp(self):
super(WhenTestingDogtagCryptoPlugin, self).setUp()
if not imports_ok:
return
self.keyclient_mock = mock.MagicMock(name="KeyClient mock")
self.patcher = mock.patch('pki.cryptoutil.NSSCryptoUtil')
self.patcher.start()
# create nss db for test only
self.nss_dir = tempfile.mkdtemp()
self.cfg_mock = mock.MagicMock(name='config mock')
self.cfg_mock.dogtag_crypto_plugin = mock.MagicMock(
nss_db_path=self.nss_dir)
self.plugin = DogtagCryptoPlugin(self.cfg_mock)
self.plugin.keyclient = self.keyclient_mock
class WhenTestingDogtagCryptoPlugin(testtools.TestCase):
def setUp(self):
super(WhenTestingDogtagCryptoPlugin, self).setUp()
if not imports_ok:
return
self.keyclient_mock = mock.MagicMock(name="KeyClient mock")
self.patcher = mock.patch('pki.cryptoutil.NSSCryptoUtil')
self.patcher.start()
# create nss db for test only
self.nss_dir = tempfile.mkdtemp()
self.cfg_mock = mock.MagicMock(name='config mock')
self.cfg_mock.dogtag_crypto_plugin = mock.MagicMock(
nss_db_path=self.nss_dir)
self.plugin = DogtagCryptoPlugin(self.cfg_mock)
self.plugin.keyclient = self.keyclient_mock
def tearDown(self):
super(WhenTestingDogtagCryptoPlugin, self).tearDown()
if not imports_ok:
return
self.patcher.stop()
os.rmdir(self.nss_dir)
def test_generate(self):
if not imports_ok:
self.skipTest("Dogtag imports not available")
secret = models.Secret()
secret.bit_length = 128
secret.algorithm = "AES"
generate_dto = plugin_import.GenerateDTO(secret.algorithm,
secret.bit_length, None, None)
self.plugin.generate_symmetric(generate_dto, mock.MagicMock(),
mock.MagicMock())
self.keyclient_mock.generate_symmetric_key.assert_called_once_with(
mock.ANY, secret.algorithm.upper(), secret.bit_length, mock.ANY)
def test_generate_non_supported_algorithm(self):
if not imports_ok:
self.skipTest("Dogtag imports not available")
secret = models.Secret()
secret.bit_length = 128
secret.algorithm = "hmacsha256"
generate_dto = plugin_import.GenerateDTO(
plugin_import.PluginSupportTypes.SYMMETRIC_KEY_GENERATION,
secret.algorithm, secret.bit_length, None)
self.assertRaises(DogtagPluginAlgorithmException,
self.plugin.generate_symmetric, generate_dto,
mock.MagicMock(), mock.MagicMock())
def test_raises_error_with_no_pem_path(self):
if not imports_ok:
self.skipTest("Dogtag imports not available")
m = mock.MagicMock()
m.dogtag_crypto_plugin = mock.MagicMock(pem_path=None)
self.assertRaises(
ValueError,
DogtagCryptoPlugin,
m,
)
def test_raises_error_with_no_pem_password(self):
if not imports_ok:
self.skipTest("Dogtag imports not available")
m = mock.MagicMock()
m.dogtag_crypto_plugin = mock.MagicMock(pem_password=None)
self.assertRaises(
ValueError,
DogtagCryptoPlugin,
m,
)
def test_raises_error_with_no_nss_password(self):
if not imports_ok:
self.skipTest("Dogtag imports not available")
m = mock.MagicMock()
m.dogtag_crypto_plugin = mock.MagicMock(nss_password=None)
self.assertRaises(
ValueError,
DogtagCryptoPlugin,
m,
)
def test_encrypt(self):
if not imports_ok:
self.skipTest("Dogtag imports not available")
payload = 'encrypt me!!'
encrypt_dto = plugin_import.EncryptDTO(payload)
self.plugin.encrypt(encrypt_dto, mock.MagicMock(), mock.MagicMock())
self.keyclient_mock.archive_key.assert_called_once_with(
mock.ANY, "passPhrase", payload, key_algorithm=None, key_size=None)
def test_decrypt(self):
if not imports_ok:
self.skipTest("Dogtag imports not available")
key_id = 'key1'
decrypt_dto = plugin_import.DecryptDTO(key_id)
self.plugin.decrypt(decrypt_dto, mock.MagicMock(), mock.MagicMock(),
mock.MagicMock())
self.keyclient_mock.retrieve_key.assert_called_once_with(key_id)
def test_supports_encrypt_decrypt(self):
if not imports_ok:
self.skipTest("Dogtag imports not available")
self.assertTrue(
self.plugin.supports(
plugin_import.PluginSupportTypes.ENCRYPT_DECRYPT))
def test_supports_symmetric_key_generation(self):
if not imports_ok:
self.skipTest("Dogtag imports not available")
self.assertTrue(
self.plugin.supports(
plugin_import.PluginSupportTypes.SYMMETRIC_KEY_GENERATION,
'aes', 256))
def test_supports_symmetric_hmacsha256_key_generation(self):
if not imports_ok:
self.skipTest("Dogtag imports not available")
self.assertFalse(
self.plugin.supports(
plugin_import.PluginSupportTypes.SYMMETRIC_KEY_GENERATION,
'hmacsha256', 128))
def test_supports_asymmetric_key_generation(self):
if not imports_ok:
self.skipTest("Dogtag imports not available")
self.assertFalse(
self.plugin.supports(
plugin_import.PluginSupportTypes.ASYMMETRIC_KEY_GENERATION))
def test_does_not_support_unknown_type(self):
if not imports_ok:
self.skipTest("Dogtag imports not available")
self.assertFalse(self.plugin.supports("SOMETHING_RANDOM"))
class WhenTestingDogtagCryptoPlugin(testtools.TestCase):
def setUp(self):
super(WhenTestingDogtagCryptoPlugin, self).setUp()
if not imports_ok:
return
self.keyclient_mock = mock.MagicMock(name="KeyClient mock")
self.patcher = mock.patch('pki.cryptoutil.NSSCryptoUtil')
self.patcher.start()
# create nss db for test only
self.nss_dir = tempfile.mkdtemp()
self.cfg_mock = mock.MagicMock(name='config mock')
self.cfg_mock.dogtag_crypto_plugin = mock.MagicMock(
nss_db_path=self.nss_dir)
self.plugin = DogtagCryptoPlugin(self.cfg_mock)
self.plugin.keyclient = self.keyclient_mock
def tearDown(self):
super(WhenTestingDogtagCryptoPlugin, self).tearDown()
if not imports_ok:
return
self.patcher.stop()
os.rmdir(self.nss_dir)
def test_generate(self):
if not imports_ok:
self.skipTest("Dogtag imports not available")
secret = models.Secret()
secret.bit_length = 128
secret.algorithm = "AES"
generate_dto = plugin_import.GenerateDTO(
plugin_import.PluginSupportTypes.SYMMETRIC_KEY_GENERATION,
secret.algorithm,
secret.bit_length,
None)
_encrypted, _kek_ext = self.plugin.generate(
generate_dto,
mock.MagicMock(),
mock.MagicMock()
)
self.keyclient_mock.generate_symmetric_key.assert_called_once_with(
mock.ANY,
secret.algorithm.upper(),
secret.bit_length,
mock.ANY)
def test_raises_error_with_no_pem_path(self):
if not imports_ok:
self.skipTest("Dogtag imports not available")
m = mock.MagicMock()
m.dogtag_crypto_plugin = mock.MagicMock(pem_path=None)
self.assertRaises(
ValueError,
DogtagCryptoPlugin,
m,
)
def test_raises_error_with_no_pem_password(self):
if not imports_ok:
self.skipTest("Dogtag imports not available")
m = mock.MagicMock()
m.dogtag_crypto_plugin = mock.MagicMock(pem_password=None)
self.assertRaises(
ValueError,
DogtagCryptoPlugin,
m,
)
def test_raises_error_with_no_nss_password(self):
if not imports_ok:
self.skipTest("Dogtag imports not available")
m = mock.MagicMock()
m.dogtag_crypto_plugin = mock.MagicMock(nss_password=None)
self.assertRaises(
ValueError,
DogtagCryptoPlugin,
m,
)
def test_encrypt(self):
if not imports_ok:
self.skipTest("Dogtag imports not available")
payload = 'encrypt me!!'
encrypt_dto = plugin_import.EncryptDTO(payload)
_cyphertext, _kek_meta_extended = self.plugin.encrypt(encrypt_dto,
mock.MagicMock(),
mock.MagicMock())
self.keyclient_mock.archive_key.assert_called_once_with(
mock.ANY,
"passPhrase",
payload,
key_algorithm=None,
key_size=None)
def test_decrypt(self):
if not imports_ok:
self.skipTest("Dogtag imports not available")
key_id = 'key1'
decrypt_dto = plugin_import.DecryptDTO(key_id)
self.plugin.decrypt(decrypt_dto,
mock.MagicMock(),
mock.MagicMock(),
mock.MagicMock())
self.keyclient_mock.retrieve_key.assert_called_once_with(key_id)
def test_supports_encrypt_decrypt(self):
if not imports_ok:
self.skipTest("Dogtag imports not available")
self.assertTrue(
self.plugin.supports(
plugin_import.PluginSupportTypes.ENCRYPT_DECRYPT
)
)
def test_supports_symmetric_key_generation(self):
if not imports_ok:
self.skipTest("Dogtag imports not available")
self.assertTrue(
self.plugin.supports(
plugin_import.PluginSupportTypes.SYMMETRIC_KEY_GENERATION
)
)
def test_does_not_support_unknown_type(self):
if not imports_ok:
self.skipTest("Dogtag imports not available")
self.assertFalse(
self.plugin.supports("SOMETHING_RANDOM")
)
