def test_get_source_public_key_wrong_id( self, setup_journalist_key_and_gpg_folder): # Given an encryption manager journalist_key_fingerprint, gpg_key_dir = setup_journalist_key_and_gpg_folder encryption_mgr = EncryptionManager( gpg_key_dir=gpg_key_dir, journalist_key_fingerprint=journalist_key_fingerprint) # When using the encryption manager to fetch a key for an invalid filesystem id # It fails with pytest.raises(GpgKeyNotFoundError): encryption_mgr.get_source_public_key("1234test")
def test_generate_source_key_pair(self, setup_journalist_key_and_gpg_folder, source_app, app_storage): # Given a source user with source_app.app_context(): source_user = create_source_user( db_session=db.session, source_passphrase=PassphraseGenerator.get_default(). generate_passphrase(), source_app_storage=app_storage, ) # And an encryption manager journalist_key_fingerprint, gpg_key_dir = setup_journalist_key_and_gpg_folder encryption_mgr = EncryptionManager( gpg_key_dir=gpg_key_dir, journalist_key_fingerprint=journalist_key_fingerprint) # When using the encryption manager to generate a key pair for this source user # It succeeds encryption_mgr.generate_source_key_pair(source_user) # And the newly-created key's fingerprint was added to Redis fingerprint_in_redis = encryption_mgr._redis.hget( encryption_mgr.REDIS_FINGERPRINT_HASH, source_user.filesystem_id) assert fingerprint_in_redis source_key_fingerprint = encryption_mgr.get_source_key_fingerprint( source_user.filesystem_id) assert fingerprint_in_redis == source_key_fingerprint # And the user's newly-generated public key can be retrieved assert encryption_mgr.get_source_public_key(source_user.filesystem_id) # And the key has a hardcoded creation date to avoid leaking information about when sources # first created their account source_key_details = encryption_mgr._get_source_key_details( source_user.filesystem_id) assert source_key_details creation_date = _parse_gpg_date_string(source_key_details["date"]) assert creation_date.date( ) == EncryptionManager.DEFAULT_KEY_CREATION_DATE # And the user's key does not expire assert source_key_details["expires"] == ""