def test_gnupg_encrypt_decrypt(self):
"""
Tests GnuPG encryption and decryption
"""
# test for unicode input
ciphertext_for_unicode = gpgme_encrypt(
message=self.rnd_password_unicode, recipient_key_id=self.recipient_key_id
)
ciphertext_for_unicode2 = gpgme_encrypt(
message=self.rnd_password_unicode, recipient_key_id=self.recipient_key_id
)
# test for bytestring input
ciphertext_for_str = gpgme_encrypt(message=self.rnd_password_str, recipient_key_id=self.recipient_key_id)
# test for decrypt of unicode
self.assertEqual(
self.rnd_password_unicode,
gpgme_decrypt(ciphertext_for_unicode).decode("utf-8"),
"Unicode string not properly decrypted",
)
# test decrypt for bytesstring
self.assertEqual(self.rnd_password_str, gpgme_decrypt(ciphertext_for_str), "Bytestring not properly decrypted")
# theoretical and HIGHLY improbable chance for failure
# when GnuPG and the OS work properly
# The same input encrypted twice should NOT result
# in identical ciphertext
self.assertNotEqual(ciphertext_for_unicode, ciphertext_for_unicode2, "Weak cryptography")
self.assertEqual(
gpgme_decrypt(ciphertext_for_unicode),
gpgme_decrypt(ciphertext_for_unicode2),
"Identical input should result in identical decrypt",
)
def test_gnupg_encrypt_decrypt(self):
"""
Tests GnuPG encryption and decryption
"""
# test for unicode input
ciphertext_for_unicode = gpgme_encrypt(
message=self.rnd_password_unicode,
recipient_key_id=self.recipient_key_id)
ciphertext_for_unicode2 = gpgme_encrypt(
message=self.rnd_password_unicode,
recipient_key_id=self.recipient_key_id)
# test for bytestring input
ciphertext_for_str = gpgme_encrypt(
message=self.rnd_password_str,
recipient_key_id=self.recipient_key_id)
# test for decrypt of unicode
self.assertEqual(self.rnd_password_unicode,
gpgme_decrypt(ciphertext_for_unicode).decode('utf-8'),
'Unicode string not properly decrypted')
# test decrypt for bytesstring
self.assertEqual(self.rnd_password_str,
gpgme_decrypt(ciphertext_for_str),
'Bytestring not properly decrypted')
# theoretical and HIGHLY improbable chance for failure
# when GnuPG and the OS work properly
# The same input encrypted twice should NOT result
# in identical ciphertext
self.assertNotEqual(ciphertext_for_unicode, ciphertext_for_unicode2,
'Weak cryptography')
self.assertEqual(gpgme_decrypt(ciphertext_for_unicode),
gpgme_decrypt(ciphertext_for_unicode2),
'Identical input should result in identical decrypt')
def test_password_gpgme_encrypt(self):
"""
Test GnuPG and plaintext passwords
"""
for account in self._accounts:
self._ac.clear()
self._ac.find(account["entity_id"])
self._ac.set_password(self.rnd_password_str)
self._ac.write_db()
passwd_events = filter(
lambda x: bool(
x["subject_entity"] == self._ac.entity_id and x["change_type_id"] == self._co.account_password
),
self._db.messages,
)
self.assertTrue(bool(passwd_events), "No password event registered")
self.assertIn("change_params", passwd_events[0], "No change_params in password event")
change_params = pickle.loads(passwd_events[-1]["change_params"])
self.assertIsInstance(change_params, dict, "change_params is not a dictionary")
self.assertIn("password", change_params, "No password-key in change_params")
stored_password = change_params["password"]
if hasattr(cereconf, "PASSWORD_GPG_RECIPIENT_ID"):
# tests when encryption should be performed
self.assertTrue(stored_password.startswith("GPG:"), "Password not encrypted")
# test decryption
self.assertEqual(
gpgme_decrypt(base64.b64decode(stored_password[4:])),
self.rnd_password_str,
'Unable to decrypt password "{0}" != "{1}"'.format(
gpgme_decrypt(stored_password), self.rnd_password_str
),
)
else:
# tests when no encryption is performed
self.assertIn(self.rnd_password_str, stored_password, "Password not stored")
def test_password_gpgme_encrypt(cereconf, database, const, ad_account):
"""
Test GnuPG and plaintext passwords
"""
# Note: Requires old cl implementation
password_str = u'some password'
ac = ad_account
ac.set_password(password_str)
ac.write_db()
passwd_events = filter(
lambda x: bool(
x['subject_entity'] == ac.entity_id and
x['change_type_id'] == const.account_password),
database.messages)
assert bool(passwd_events) # or no password events registered
assert 'change_params' in passwd_events[-1] # or change_params missing
change_params = pickle.loads(passwd_events[-1]['change_params'])
assert isinstance(change_params, dict) # bad change_params value
assert 'password' in change_params # missing password param
stored_password = change_params['password']
if hasattr(cereconf, 'PASSWORD_GPG_RECIPIENT_ID'):
# tests when encryption should be performed
assert stored_password.startswith('GPG:')
# test decryption
assert (
gpgme_decrypt(
base64.b64decode(stored_password[4:])
) == password_str)
else:
# tests when no encryption is performed
assert password_str in stored_password
def test_password_gpgme_encrypt(self):
"""
Test GnuPG and plaintext passwords
"""
for account in self._accounts:
self._ac.clear()
self._ac.find(account['entity_id'])
self._ac.set_password(self.rnd_password_str)
self._ac.write_db()
passwd_events = filter(
lambda x: bool(
x['subject_entity'] == self._ac.entity_id and
x['change_type_id'] == self._co.account_password),
self._db.messages)
self.assertTrue(bool(passwd_events),
'No password event registered')
self.assertIn('change_params',
passwd_events[0],
'No change_params in password event')
change_params = pickle.loads(passwd_events[-1]['change_params'])
self.assertIsInstance(change_params,
dict,
'change_params is not a dictionary')
self.assertIn('password',
change_params,
'No password-key in change_params')
stored_password = change_params['password']
if hasattr(cereconf, 'PASSWORD_GPG_RECIPIENT_ID'):
# tests when encryption should be performed
self.assertTrue(stored_password.startswith('GPG:'),
'Password not encrypted')
# test decryption
self.assertEqual(
gpgme_decrypt(base64.b64decode(stored_password[4:])),
self.rnd_password_str,
'Unable to decrypt password "{0}" != "{1}"'.format(
gpgme_decrypt(stored_password),
self.rnd_password_str))
else:
# tests when no encryption is performed
self.assertIn(self.rnd_password_str,
stored_password,
'Password not stored')
def test_password_gpgme_encrypt(self):
"""
Test GnuPG and plaintext passwords
"""
for account in self._accounts:
self._ac.clear()
self._ac.find(account['entity_id'])
self._ac.set_password(self.rnd_password_str)
self._ac.write_db()
passwd_events = filter(
lambda x: bool(
x['subject_entity'] == self._ac.entity_id and
x['change_type_id'] == self._co.account_password),
self._db.messages)
self.assertTrue(bool(passwd_events),
'No password event registered')
self.assertIn('change_params',
passwd_events[0],
'No change_params in password event')
change_params = pickle.loads(passwd_events[-1]['change_params'])
self.assertIsInstance(change_params,
dict,
'change_params is not a dictionary')
self.assertIn('password',
change_params,
'No password-key in change_params')
stored_password = change_params['password']
if hasattr(cereconf, 'PASSWORD_GPG_RECIPIENT_ID'):
# tests when encryption should be performed
self.assertTrue(stored_password.startswith('GPG:'),
'Password not encrypted')
# test decryption
self.assertEqual(
gpgme_decrypt(base64.b64decode(stored_password[4:])),
self.rnd_password_str,
'Unable to decrypt password "{0}" != "{1}"'.format(
gpgme_decrypt(stored_password),
self.rnd_password_str))
else:
# tests when no encryption is performed
self.assertIn(self.rnd_password_str,
stored_password,
'Password not stored')