def test_encrypt_aes_v1(self): iv = utils.base64_url_decode('KvsOJmE4JNK1HwKSpkBeRw') block = utils.base64_url_decode('6lf4FGVyhDRnRhJ91TrahjIW8lTqGA') key = utils.base64_url_decode( 'pAZmcxEoV2chXsFQ6bzn7Lop8yO4F8ERIuS7XpFtr7Y') enc = crypto.encrypt_aes_v1(block, key, iv) encoded = utils.base64_url_encode(enc) self.assertEqual( encoded, 'KvsOJmE4JNK1HwKSpkBeR5R9YDms86uOb3wjNvc4LbUnZhKQtDxWifgA99tH2ZuP')
def register_record(record, key_type=None): # type: (record.Record, int or None) -> bytes data = { 'title': record.title or '', 'secret1': record.login or '', 'secret2': record.password or '', 'link': record.login_url or '', 'notes': record.notes or '', 'custom': record.custom_fields or '', 'folder': record.folder or '' } extra = None udata = None if record.attachments: extra = {'files': record.attachments} udata = {'file_id': [x['id'] for x in record.attachments]} record_key = api.generate_aes_key() if key_type != 0 else _USER_DATA_KEY rec_object = { 'record_uid': record.record_uid, 'revision': record.revision if (0 < record.revision <= _REVISION) else _REVISION, 'version': 2 if key_type != 0 else 1, 'shared': key_type not in [0, 1], 'data': api.encrypt_aes(json.dumps(data).encode('utf-8'), record_key), } if extra: rec_object['extra'] = api.encrypt_aes( json.dumps(extra).encode('utf-8'), record_key) if udata: rec_object['udata'] = udata _RECORDS.append(rec_object) meta_data = { 'record_uid': record.record_uid, 'owner': key_type in [0, 1], 'can_share': key_type == 1, 'can_edit': key_type == 1, 'record_key_type': key_type } if key_type == 0: _RECORD_METADATA.append(meta_data) if key_type == 1: meta_data['record_key'] = utils.base64_url_encode( crypto.encrypt_aes_v1(record_key, _USER_DATA_KEY)) _RECORD_METADATA.append(meta_data) elif key_type == 2: meta_data['record_key'] = utils.base64_url_encode( crypto.encrypt_rsa(record_key, _IMPORTED_PUBLIC_KEY)) _RECORD_METADATA.append(meta_data) return record_key
def test_download_attachment_command(self): params = get_synced_params() cmd = recordv2.RecordDownloadAttachmentCommand() records = [ x for x in params.record_cache.values() if len(x['extra_unencrypted']) > 10 ] rec = records[0] record_uid = rec['record_uid'] extra = json.loads(rec['extra_unencrypted'].decode('utf-8')) attachments = { } # type: dict[any, tuple[attachment.AttachmentDownloadRequest, bytes]] for file in extra['files']: atta_id = file['id'] # type: str key = utils.base64_url_decode(file['key']) body_encoded = crypto.encrypt_aes_v1(os.urandom(file['size']), key) rq = attachment.AttachmentDownloadRequest() rq.title = 'Title' rq.url = f'https://keepersecurity.com/files/{atta_id}' rq.is_gcm_encrypted = False rq.encryption_key = key attachments[atta_id] = (rq, body_encoded) def prepare_download(params, record_uid): return (x[0] for x in attachments.values()) def requests_get(url, **kwargs): body = next( (x[1] for x in attachments.values() if x[0].url == url), None) if not body: raise Exception(f'URL \"{url}\" not found.') rs = mock.Mock() rs.status_code = 200 stream = io.BytesIO(body) rs.raw = stream rs.__enter__ = mock.Mock(return_value=rs) rs.__exit__ = mock.Mock(return_value=None) return rs with mock.patch('keepercommander.attachment.prepare_attachment_download', side_effect=prepare_download), \ mock.patch('requests.get', side_effect=requests_get), \ mock.patch('builtins.open', mock.mock_open()), \ mock.patch('os.path.abspath', return_value='/file_name'): cmd.execute(params, record=record_uid)
def get_enterprise_data(params): # type: (KeeperParams) -> dict encrypted_tree_key = crypto.encrypt_aes_v1(_TREE_KEY, params.data_key) \ if _USE_DATA_KEY else crypto.encrypt_rsa(_TREE_KEY, _VAULT_ENV.public_key) tree_key_type = 1 if _USE_DATA_KEY else 2 rs = { 'result': 'success', 'result_code': '', 'message': '', 'enterprise_name': 'Enterprise 1', 'tree_key': utils.base64_url_encode(encrypted_tree_key), 'key_type_id': tree_key_type } rs['nodes'] = [ { 'node_id': _NODE1_ID, 'encrypted_data': api.encrypt_aes(json.dumps({}).encode('utf-8'), _TREE_KEY) }, { 'node_id': _NODE2_ID, 'parent_id': _NODE1_ID, 'encrypted_data': api.encrypt_aes(json.dumps({'displayname': 'Sub node 1'}).encode('utf-8'), _TREE_KEY) } ] rs['users'] = [ { 'enterprise_user_id': _USER1_ID, 'node_id': _NODE1_ID, 'username': params.user, 'encrypted_data': api.encrypt_aes(json.dumps({'displayname': 'User 1'}).encode('utf-8'), _TREE_KEY), 'status': 'active', 'lock': 0 }, { 'enterprise_user_id': _USER2_ID, 'node_id': _NODE2_ID, 'username': _USER2_EMAIL, 'encrypted_data': api.encrypt_aes(json.dumps({'displayname': 'User 2'}).encode('utf-8'), _TREE_KEY), 'status': 'active', 'lock': 1 } ] rs['roles'] = [ { 'role_id': _ROLE1_ID, 'node_id': _NODE1_ID, 'encrypted_data': api.encrypt_aes(json.dumps({'displayname': _ROLE1_NAME}).encode('utf-8'), _TREE_KEY), 'visible_below': True, 'new_user_inherit': True } ] rs['managed_nodes'] = [ { 'role_id': _ROLE1_ID, 'managed_node_id': _NODE1_ID, 'cascade_node_management': True, } ] rs['role_users'] = [ { 'role_id': _ROLE1_ID, 'enterprise_user_id': _USER1_ID } ] rs['teams'] = [ { 'team_uid': _TEAM1_UID, 'name': _TEAM1_NAME, 'node_id': _NODE1_ID, 'restrict_sharing': False, 'restrict_edit': False, 'restrict_view': False, }, { 'team_uid': _TEAM2_UID, 'name': _TEAM2_NAME, 'node_id': _NODE1_ID, 'restrict_sharing': False, 'restrict_edit': False, 'restrict_view': False, } ] rs['team_users'] = [ { 'team_uid': _TEAM1_UID, 'enterprise_user_id': _USER1_ID, 'user_type': 1 }, { 'team_uid': _TEAM1_UID, 'enterprise_user_id': _USER2_ID, 'user_type': 1 } ] return rs