def testMaxDecryptionKeys(self):
"""Tests a config file with the maximum number of decryption keys."""
keys = []
boto_101_key_config = []
# Generate 101 keys.
for i in range(1, 102):
keys.append(base64.encodestring(os.urandom(32)).rstrip(b'\n'))
boto_101_key_config.append(
('GSUtil', 'decryption_key%s' % i, keys[i - 1]))
with SetBotoConfigForTest(boto_101_key_config):
self.assertIsNotNone(
FindMatchingCSEKInBotoConfig(
Base64Sha256FromBase64EncryptionKey(keys[0]), boto.config))
self.assertIsNotNone(
FindMatchingCSEKInBotoConfig(
Base64Sha256FromBase64EncryptionKey(keys[99]), boto.config))
# Only 100 keys are supported.
self.assertIsNone(
FindMatchingCSEKInBotoConfig(
Base64Sha256FromBase64EncryptionKey(keys[100]), boto.config))
boto_100_key_config = list(boto_101_key_config)
boto_100_key_config.pop()
with SetBotoConfigForTest(boto_100_key_config):
self.assertIsNotNone(
FindMatchingCSEKInBotoConfig(
Base64Sha256FromBase64EncryptionKey(keys[0]), boto.config))
self.assertIsNotNone(
FindMatchingCSEKInBotoConfig(
Base64Sha256FromBase64EncryptionKey(keys[99]), boto.config))
def testNonSequentialDecryptionKeys(self):
"""Tests a config file with non-sequential decryption key numbering."""
keys = []
for _ in range(3):
try:
keys.append(base64.encodebytes(os.urandom(32)).rstrip(b'\n'))
except AttributeError:
# For Python 2 compatability.
keys.append(base64.encodestring(os.urandom(32)).rstrip(b'\n'))
boto_config = [('GSUtil', 'decryption_key4', keys[2]),
('GSUtil', 'decryption_key1', keys[0]),
('GSUtil', 'decryption_key2', keys[1])]
with SetBotoConfigForTest(boto_config):
# Because decryption_key3 does not exist in boto_config, decryption_key4
# should be ignored.
self.assertIsNone(
FindMatchingCSEKInBotoConfig(
Base64Sha256FromBase64EncryptionKey(keys[2]), boto.config))
# decryption_key1 and decryption_key2 should work, though.
self.assertIsNotNone(
FindMatchingCSEKInBotoConfig(
Base64Sha256FromBase64EncryptionKey(keys[0]), boto.config))
self.assertIsNotNone(
FindMatchingCSEKInBotoConfig(
Base64Sha256FromBase64EncryptionKey(keys[1]), boto.config))
def AssertObjectUsesCSEK(self, object_uri_str, encryption_key):
"""Strongly consistent check that the correct CSEK encryption key is used.
This check forces use of the JSON API, as encryption information is not
returned in object metadata via the XML API.
"""
with SetBotoConfigForTest([('GSUtil', 'prefer_api', 'json')]):
stdout = self.RunGsUtil(['stat', object_uri_str], return_stdout=True)
self.assertIn(
Base64Sha256FromBase64EncryptionKey(encryption_key), stdout,
'Object %s did not use expected encryption key with hash %s. '
'Actual object: %s'%
(object_uri_str, Base64Sha256FromBase64EncryptionKey(encryption_key),
stdout))
# Note that because the system's GID mapping can change mid-test, tests that
# check for specific errors should always re-fetch these GID-related values,
# rather than reusing these LazyWrapper values.
INVALID_GID = LazyWrapper(lambda: GetInvalidGid())
NON_PRIMARY_GID = LazyWrapper(lambda: GetNonPrimaryGid())
PRIMARY_GID = LazyWrapper(lambda: GetPrimaryGid())
# Get a list of all groups on the system where the current username is listed
# as a member of the group in the gr_mem group attribute. Make this a list of
# all group IDs and cast as a set for more efficient lookup times.
USER_GROUPS = LazyWrapper(lambda: GetUserGroups())
# 256-bit base64 encryption keys used for testing AES256 customer-supplied
# encryption. These are public and open-source, so don't ever use them for
# real data.
TEST_ENCRYPTION_KEY1 = b'iMSM9eeXliDZHSBJZO71R98tfeW/+87VXTpk5chGd6Y='
TEST_ENCRYPTION_KEY1_SHA256_B64 = Base64Sha256FromBase64EncryptionKey(
TEST_ENCRYPTION_KEY1)
TEST_ENCRYPTION_KEY2 = b'4TSaQ3S4U+5oxAbByA7HgIigD51zfzGed/c03Ts2TXc='
TEST_ENCRYPTION_KEY2_SHA256_B64 = Base64Sha256FromBase64EncryptionKey(
TEST_ENCRYPTION_KEY2)
TEST_ENCRYPTION_KEY3 = b'HO4Q2X28N/6SmuAJ1v1CTuJjf5emQcXf7YriKzT1gj0='
TEST_ENCRYPTION_KEY3_SHA256_B64 = Base64Sha256FromBase64EncryptionKey(
TEST_ENCRYPTION_KEY3)
TEST_ENCRYPTION_KEY4 = b'U6zIErjZCK/IpIeDS0pJrDayqlZurY8M9dvPJU0SXI8='
TEST_ENCRYPTION_KEY4_SHA256_B64 = Base64Sha256FromBase64EncryptionKey(
TEST_ENCRYPTION_KEY4)
TEST_ENCRYPTION_CONTENT1 = b'bar'
TEST_ENCRYPTION_CONTENT1_MD5 = 'N7UdGUp1E+RbVvZSTy1R8g=='