def test_tvb_export_of_simple_datatype_with_encryption( self, dummy_datatype_index_factory): """ Test export of an encrypted data type which has no data stored on file system """ datatype = dummy_datatype_index_factory() storage_interface = StorageInterface() import_export_encryption_handler = StorageInterface.get_import_export_encryption_handler( ) import_export_encryption_handler.generate_public_private_key_pair( TvbProfile.current.TVB_TEMP_FOLDER) _, file_path, _ = self.export_manager.export_data( datatype, self.TVB_EXPORTER, self.test_project, os.path.join(TvbProfile.current.TVB_TEMP_FOLDER, import_export_encryption_handler.PUBLIC_KEY_NAME)) assert file_path is not None, "Export process should return path to export file" assert os.path.exists( file_path), "Could not find export file: %s on disk." % file_path result = storage_interface.unpack_zip( file_path, TvbProfile.current.TVB_TEMP_FOLDER) encrypted_password_path = import_export_encryption_handler.extract_encrypted_password_from_list( result) decrypted_file_path = import_export_encryption_handler.decrypt_content( encrypted_password_path, result, os.path.join(TvbProfile.current.TVB_TEMP_FOLDER, import_export_encryption_handler.PRIVATE_KEY_NAME))[0] original_path = h5.path_for_stored_index(datatype) self.compare_files(original_path, decrypted_file_path)
def test_tvb_linked_export_of_simple_datatype_with_encryption( self, connectivity_index_factory, surface_index_factory, region_mapping_index_factory): """ Test export of an encrypted data type and its linked data types which have no data stored on file system """ conn = connectivity_index_factory() surface_idx, surface = surface_index_factory(cortical=True) region_mapping_index = region_mapping_index_factory( conn_gid=conn.gid, surface_gid=surface.gid.hex) storage_interface = StorageInterface() import_export_encryption_handler = StorageInterface.get_import_export_encryption_handler( ) import_export_encryption_handler.generate_public_private_key_pair( TvbProfile.current.TVB_TEMP_FOLDER) _, file_path, _ = self.export_manager.export_data( region_mapping_index, self.TVB_LINKED_EXPORTER, self.test_project, os.path.join(TvbProfile.current.TVB_TEMP_FOLDER, import_export_encryption_handler.PUBLIC_KEY_NAME)) assert file_path is not None, "Export process should return path to export file" assert os.path.exists( file_path), "Could not find export file;: %s on disk." % file_path result = storage_interface.unpack_zip( file_path, TvbProfile.current.TVB_TEMP_FOLDER) encrypted_password = import_export_encryption_handler.extract_encrypted_password_from_list( result) decrypted_file_paths = import_export_encryption_handler.decrypt_content( encrypted_password, result, os.path.join(TvbProfile.current.TVB_TEMP_FOLDER, import_export_encryption_handler.PRIVATE_KEY_NAME)) original_conn_path = h5.path_for_stored_index(conn) decrypted_conn_path, idx = (decrypted_file_paths[0], 0) if 'Connectivity' in decrypted_file_paths[0] else \ (decrypted_file_paths[1], 1) if 'Connectivity' in decrypted_file_paths[1] else (decrypted_file_paths[2], 2) self.compare_files(original_conn_path, decrypted_conn_path) original_surface_path = h5.path_for_stored_index(surface_idx) del decrypted_file_paths[idx] decrypted_surface_path, idx = (decrypted_file_paths[0], 0) if 'Surface' in decrypted_file_paths[0] else \ (decrypted_file_paths[1], 1) self.compare_files(original_surface_path, decrypted_surface_path) original_rm_path = h5.path_for_stored_index(region_mapping_index) del decrypted_file_paths[idx] self.compare_files(original_rm_path, decrypted_file_paths[0])
def test_tvb_export_for_encrypted_datatype_group_with_links( self, datatype_group_factory): """ This method checks export of an encrypted data type group """ ts_datatype_group, dm_datatype_group = datatype_group_factory( project=self.test_project, store_vm=True) storage_interface = StorageInterface() import_export_encryption_handler = StorageInterface.get_import_export_encryption_handler( ) import_export_encryption_handler.generate_public_private_key_pair( TvbProfile.current.TVB_TEMP_FOLDER) file_name, file_path, _ = self.export_manager.export_data( dm_datatype_group, self.TVB_EXPORTER, self.test_project, os.path.join(TvbProfile.current.TVB_TEMP_FOLDER, import_export_encryption_handler.PUBLIC_KEY_NAME)) assert file_name is not None, "Export process should return a file name" assert file_path is not None, "Export process should return path to export file" assert os.path.exists( file_path), "Could not find export file: %s on disk." % file_path # Now check if the generated file is a correct ZIP file assert zipfile.is_zipfile( file_path), "Generated file is not a valid ZIP file" result = storage_interface.unpack_zip( file_path, TvbProfile.current.TVB_TEMP_FOLDER) encrypted_password = import_export_encryption_handler.extract_encrypted_password_from_list( result) decrypted_file_paths = import_export_encryption_handler.decrypt_content( encrypted_password, result, os.path.join(TvbProfile.current.TVB_TEMP_FOLDER, import_export_encryption_handler.PRIVATE_KEY_NAME)) # Here we only test if the length of decrypted_file_paths is the one expected assert len(decrypted_file_paths) == len( result ), "Number of decrypted data type group files is not correct!"
def test_encrypt_decrypt(self, dir_name, file_name): import_export_encryption_handler = StorageInterface.get_import_export_encryption_handler( ) # Generate a private key and public key private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=default_backend()) public_key = private_key.public_key() # Convert private key to bytes and save it so ABCUploader can use it pem = private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption()) private_key_path = os.path.join( TvbProfile.current.TVB_TEMP_FOLDER, import_export_encryption_handler.PRIVATE_KEY_NAME) with open(private_key_path, 'wb') as f: f.write(pem) path_to_file = os.path.join(os.path.dirname(tvb_data.__file__), dir_name, file_name) # Create model for ABCUploader connectivity_model = ZIPConnectivityImporterModel() # Generate password pass_size = TvbProfile.current.hpc.CRYPT_PASS_SIZE password = EncryptionHandler.generate_random_password(pass_size) # Encrypt files using an AES symmetric key encrypted_file_path = import_export_encryption_handler.get_path_to_encrypt( path_to_file) buffer_size = TvbProfile.current.hpc.CRYPT_BUFFER_SIZE pyAesCrypt.encryptFile(path_to_file, encrypted_file_path, password, buffer_size) # Asynchronously encrypt the password used at the previous step for the symmetric encryption password = str.encode(password) encrypted_password = import_export_encryption_handler.encrypt_password( public_key, password) # Save encrypted password import_export_encryption_handler.save_encrypted_password( encrypted_password, TvbProfile.current.TVB_TEMP_FOLDER) path_to_encrypted_password = os.path.join( TvbProfile.current.TVB_TEMP_FOLDER, import_export_encryption_handler.ENCRYPTED_PASSWORD_NAME) # Prepare model for decrypting connectivity_model.uploaded = encrypted_file_path connectivity_model.encrypted_aes_key = path_to_encrypted_password TvbProfile.current.UPLOAD_KEY_PATH = os.path.join( TvbProfile.current.TVB_TEMP_FOLDER, import_export_encryption_handler.PRIVATE_KEY_NAME) # Decrypting decrypted_download_path = import_export_encryption_handler.decrypt_content( connectivity_model.encrypted_aes_key, [connectivity_model.uploaded], TvbProfile.current.UPLOAD_KEY_PATH)[0] connectivity_model.uploaded = decrypted_download_path storage_interface = StorageInterface() decrypted_file_path = connectivity_model.uploaded.replace( import_export_encryption_handler.ENCRYPTED_DATA_SUFFIX, import_export_encryption_handler.DECRYPTED_DATA_SUFFIX) TestExporters.compare_files(path_to_file, decrypted_file_path) # Clean-up storage_interface.remove_files([ encrypted_file_path, decrypted_file_path, private_key_path, path_to_encrypted_password ])