def test_base64_decode(self):
dec_one = to_test.decode_value("AA==", to_test.Encoding.BASE64)
dec_string = to_test.decode_value("c29tZSBkYXRh", to_test.Encoding.BASE64)
dec_empty = to_test.decode_value("", to_test.Encoding.BASE64)
self.assertEqual(bytes(1), dec_one, "Decoded value not matching")
self.assertEqual(b"some data", dec_string, "Decoded value not matching")
self.assertEqual(b"", dec_empty, "Decoded value not matching")
def test_hex_decode(self):
dec_one = to_test.decode_value("00", to_test.Encoding.HEX)
dec_string = to_test.decode_value("736f6d652064617461", to_test.Encoding.HEX)
dec_empty = to_test.decode_value("", to_test.Encoding.HEX)
self.assertEqual(bytes(1), dec_one, "Decoded value not matching")
self.assertEqual(b"some data", dec_string, "Decoded value not matching")
self.assertEqual(b"", dec_empty, "Decoded value not matching")
def decrypt_payload(payload, config, _params=None):
"""Decrypt some fields of a JSON payload using the given configuration."""
try:
json_payload = payload if type(payload) is dict else json.loads(
payload)
for elem, target in config.paths["$"].to_decrypt.items():
try:
node = get_node(json_payload, elem)
cipher_text = decode_value(
node.pop(config.encrypted_value_field_name),
config.data_encoding)
if not _params:
try:
encrypted_key = node.pop(
config.encrypted_key_field_name)
iv = node.pop(config.iv_field_name)
except KeyError:
raise EncryptionError(
"Encryption field(s) missing in payload.")
oaep_digest_algo = node.pop(
config.oaep_padding_digest_algorithm_field_name,
config.oaep_padding_digest_algorithm)
_remove_fingerprint_from_node(node, config)
params = SessionKeyParams(config, encrypted_key, iv,
oaep_digest_algo)
else:
params = _params
cleanup_node(json_payload, elem, target)
try:
update_node(
json_payload, target,
_decrypt_bytes(params.key, params.iv_spec,
cipher_text))
except KeyError:
raise EncryptionError("Field '" + target + "' not found!")
except KeyError:
pass # encrypted data node not found, nothing to decrypt
return json_payload
except json.JSONDecodeError: # not a json response - return it as is
return payload
except (IOError, ValueError, TypeError) as e:
raise EncryptionError("Payload decryption failed!", e)
def __unwrap_secret_key(encrypted_key, config, _hash):
try:
hash_algo = load_hash_algorithm(_hash)
encrypted_key = decode_value(encrypted_key, config.data_encoding)
_cipher = PKCS1_OAEP.new(key=config.decryption_key,
hashAlgo=hash_algo)
secret_key = _cipher.decrypt(encrypted_key)
return secret_key
except (IOError, TypeError, Error):
raise KeyWrappingError("Unable to decrypt session secret key.")
def iv_spec(self):
if not self._iv:
self._iv = decode_value(self._iv_value, self._config.data_encoding)
return self._iv