def test_encrypt(self):
if not imports_ok:
self.skipTest("Dogtag imports not available")
payload = 'encrypt me!!'
encrypt_dto = plugin_import.EncryptDTO(payload)
self.plugin.encrypt(encrypt_dto, mock.MagicMock(), mock.MagicMock())
self.keyclient_mock.archive_key.assert_called_once_with(
mock.ANY, "passPhrase", payload, key_algorithm=None, key_size=None)
def test_random_bytes_encryption(self):
unencrypted = os.urandom(10)
encrypt_dto = plugin.EncryptDTO(unencrypted)
response_dto = self.plugin.encrypt(encrypt_dto, mock.MagicMock(),
mock.MagicMock())
decrypt_dto = plugin.DecryptDTO(response_dto.cypher_text)
decrypted = self.plugin.decrypt(decrypt_dto, mock.MagicMock(),
response_dto.kek_meta_extended,
mock.MagicMock())
self.assertEqual(unencrypted, decrypted)
def test_byte_string_encryption(self):
unencrypted = b'some_secret'
encrypt_dto = plugin.EncryptDTO(unencrypted)
response_dto = self.plugin.encrypt(encrypt_dto, mock.MagicMock(),
mock.MagicMock())
decrypt_dto = plugin.DecryptDTO(response_dto.cypher_text)
decrypted = self.plugin.decrypt(decrypt_dto, mock.MagicMock(),
response_dto.kek_meta_extended,
mock.MagicMock())
self.assertEqual(unencrypted, decrypted)
def test_encrypt_unicode_raises_value_error(self):
unencrypted = u'unicode_beer\U0001F37A'
encrypt_dto = plugin.EncryptDTO(unencrypted)
secret = mock.MagicMock()
secret.mime_type = 'text/plain'
self.assertRaises(
ValueError,
self.plugin.encrypt,
encrypt_dto,
mock.MagicMock(),
mock.MagicMock(),
)
def encrypt(self,
unencrypted,
content_type,
content_encoding,
secret,
tenant,
kek_repo,
enforce_text_only=False):
"""Delegates encryption to first plugin that supports it."""
if len(self.extensions) < 1:
raise CryptoPluginNotFound()
for ext in self.extensions:
if ext.obj.supports(plugin_mod.PluginSupportTypes.ENCRYPT_DECRYPT):
encrypting_plugin = ext.obj
break
else:
raise CryptoSupportedPluginNotFound()
unencrypted, content_type = normalize_before_encryption(
unencrypted,
content_type,
content_encoding,
enforce_text_only=enforce_text_only)
# Find or create a key encryption key metadata.
kek_datum, kek_meta_dto = self._find_or_create_kek_objects(
encrypting_plugin, tenant, kek_repo)
encrypt_dto = plugin_mod.EncryptDTO(unencrypted)
# Create an encrypted datum instance and add the encrypted cypher text.
datum = models.EncryptedDatum(secret, kek_datum)
datum.content_type = content_type
response_dto = encrypting_plugin.encrypt(encrypt_dto, kek_meta_dto,
tenant.keystone_id)
datum.cypher_text = response_dto.cypher_text
datum.kek_meta_extended = response_dto.kek_meta_extended
# Convert binary data into a text-based format.
#TODO(jwood) Figure out by storing binary (BYTEA) data in Postgres
# isn't working.
datum.cypher_text = base64.b64encode(datum.cypher_text)
return datum
def test_encrypt(self):
key = 'key1'
payload = 'encrypt me!!'
self.session.findObjects.return_value = [key]
self.session.generateRandom.return_value = [
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16
]
mech = mock.MagicMock()
self.p11_mock.Mechanism.return_value = mech
self.session.encrypt.return_value = [1, 2, 3, 4, 5]
encrypt_dto = plugin_import.EncryptDTO(payload)
response_dto = self.plugin.encrypt(encrypt_dto, mock.MagicMock(),
mock.MagicMock())
self.session.encrypt.assert_called_once_with(key, payload, mech)
self.assertEqual(b'\x01\x02\x03\x04\x05', response_dto.cypher_text)
self.assertEqual('{"iv": "AQIDBAUGBwgJCgsMDQ4PEA=="}',
response_dto.kek_meta_extended)
def generate_symmetric(self, generate_dto, kek_meta_dto, keystone_id):
byte_length = generate_dto.bit_length / 8
rand = self.session.generateRandom(byte_length)
if len(rand) != byte_length:
raise P11CryptoPluginException()
return self.encrypt(plugin.EncryptDTO(rand), kek_meta_dto, keystone_id)