def test_file_read(program, filesystem, directory, keyring):
""" tests that we can create an encrypted file, read it and then fail to
read it if the required key is not present """
program("", "set_policy", test_descriptor, directory)
program(test_key, "insert_key", "--ext4")
file = os.path.join(directory, "bar.txt")
write_file(file)
# Should be able to read with key in the keyring (even if we remount)
assert read_file(file) == test_data
remount(filesystem)
assert read_file(file) == test_data
# After key removed (and cache cleared), filename should not exist.
keyutils.clear(keyring)
remount(filesystem)
assert not os.path.isfile(file)
# There should be one encrypted file, and it should not be readable
[encryptedName] = os.listdir(directory)
encryptedFile = os.path.join(directory, encryptedName)
assert os.path.isfile(encryptedFile)
with pytest.raises(Exception) as e:
read_file(encryptedFile)
# Putting the key back in should make the file readable again
program(test_key, "insert_key", "--ext4")
assert read_file(file) == test_data
def keyring():
""" This fixture creates a new anonymous session keyring and subscribes the
process to it. The id of this keyring is returned. On cleanup, the keyring
will be cleared. """
keyring_id = keyutils.join_session_keyring()
yield keyring_id
keyutils.clear(keyring_id)
def testClear(self):
desc = b"dummyKey"
value = b"dummyValue"
keyring = keyutils.KEY_SPEC_THREAD_KEYRING
key_id = keyutils.add_key(desc, value, keyring)
self.assertEqual(keyutils.request_key(desc, keyring), key_id)
keyutils.clear(keyring)
self.assertRaises(keyutils.Error, keyutils.read_key, key_id)