def test_create_lock(self):
'''create_sync() and locking/unlocking'''
# create
self.assertEqual(GnomeKeyring.create_sync(TEST_KEYRING, TEST_PWD),
GnomeKeyring.Result.OK)
(result, info) = GnomeKeyring.get_info_sync(TEST_KEYRING)
self.assertEqual(result, GnomeKeyring.Result.OK)
self.assertFalse(info.get_is_locked())
# try to create already existing ring
self.assertEqual(GnomeKeyring.create_sync(TEST_KEYRING, TEST_PWD),
GnomeKeyring.Result.KEYRING_ALREADY_EXISTS)
# lock
self.assertEqual(GnomeKeyring.lock_sync(TEST_KEYRING),
GnomeKeyring.Result.OK)
self.assertTrue(
GnomeKeyring.get_info_sync(TEST_KEYRING)[1].get_is_locked())
# unlock with wrong password
self.assertEqual(GnomeKeyring.unlock_sync(TEST_KEYRING, 'h4ck'),
GnomeKeyring.Result.IO_ERROR)
# unlock with correct password
self.assertEqual(GnomeKeyring.unlock_sync(TEST_KEYRING, TEST_PWD),
GnomeKeyring.Result.OK)
def test_create_lock(self):
'''create_sync() and locking/unlocking'''
# create
self.assertEqual(GnomeKeyring.create_sync(TEST_KEYRING, TEST_PWD),
GnomeKeyring.Result.OK)
(result, info) = GnomeKeyring.get_info_sync(TEST_KEYRING)
self.assertEqual(result, GnomeKeyring.Result.OK)
self.assertFalse(info.get_is_locked())
# try to create already existing ring
self.assertEqual(GnomeKeyring.create_sync(TEST_KEYRING, TEST_PWD),
GnomeKeyring.Result.KEYRING_ALREADY_EXISTS)
# lock
self.assertEqual(GnomeKeyring.lock_sync(TEST_KEYRING),
GnomeKeyring.Result.OK)
self.assertTrue(GnomeKeyring.get_info_sync(TEST_KEYRING)[1].get_is_locked())
# unlock with wrong password
self.assertEqual(GnomeKeyring.unlock_sync(TEST_KEYRING, 'h4ck'),
GnomeKeyring.Result.IO_ERROR)
# unlock with correct password
self.assertEqual(GnomeKeyring.unlock_sync(TEST_KEYRING, TEST_PWD),
GnomeKeyring.Result.OK)
def add_account(self, name, secret_code, image):
"""
Add an account to accounts table
:param name: (str) account name
:param secret_code: (str) ASCII Secret code
:param image: image path or icon name
:return:
"""
encrypted_secret = sha256(secret_code.encode('utf-8')).hexdigest()
t = (
name,
encrypted_secret,
image,
)
query = "INSERT INTO accounts (name, secret_code, image) VALUES (?, ?, ?)"
try:
GK.create_sync("TwoFactorAuth", None)
attr = GK.Attribute.list_new()
GK.Attribute.list_append_string(attr, 'id', encrypted_secret)
GK.Attribute.list_append_string(attr, 'secret_code', secret_code)
GK.item_create_sync("TwoFactorAuth", GK.ItemType.GENERIC_SECRET,
repr(encrypted_secret), attr, secret_code,
False)
self.conn.execute(query, t)
self.conn.commit()
except Exception as e:
logging.error("SQL: Couldn't add a new account : %s ", str(e))
def do_store(self, id, username, password):
GnomeKeyring.create_sync("liferea", None)
attrs = GnomeKeyring.Attribute.list_new()
GnomeKeyring.Attribute.list_append_string(attrs, "id", id)
GnomeKeyring.Attribute.list_append_string(attrs, "user", username)
GnomeKeyring.item_create_sync(
"liferea", GnomeKeyring.ItemType.GENERIC_SECRET, repr(id), attrs, "@@@".join([username, password]), True
)
def do_store(self, id, username, password):
GnomeKeyring.create_sync("liferea", None)
attrs = GnomeKeyring.Attribute.list_new()
GnomeKeyring.Attribute.list_append_string(attrs, 'id', id)
GnomeKeyring.Attribute.list_append_string(attrs, 'user', username)
GnomeKeyring.item_create_sync("liferea",
GnomeKeyring.ItemType.GENERIC_SECRET,
repr(id), attrs,
'@@@'.join([username, password]), True)
def __init__(self):
self.loginDetails = False
if gk.is_available() is True:
if "Gusic" in gk.list_keyring_names_sync()[1]:
self.keyring = gk.list_item_ids_sync("Gusic")[1]
self.loginDetails = self._get_first_key("Gusic")
else:
gk.create_sync("Gusic", "Gusic")
def store_password(self,
entry,
password,
attributes=None,
entry_type=EntryType.GENERIC):
"""Create new entry in keyring with specified data"""
assert self.is_available()
# create a new keyring if it doesn't exist
if not self.KEYRING_NAME in keyring.list_keyring_names_sync()[1]:
dialog = PasswordDialog(self._application)
dialog.set_title(_('New keyring'))
dialog.set_label(
_('We need to create a new keyring to safely '
'store your passwords. Choose the password you '
'want to use for it.'))
response = dialog.get_response()
if response[0] == Gtk.ResponseType.OK \
and response[1] == response[2]:
# create new keyring
keyring.create_sync(self.KEYRING_NAME, response[1])
self.__update_info()
else:
# wrong password
raise KeyringCreateError('No keyring to store password to.')
# if keyring is locked, try to unlock it
if self.is_locked() and not self.__unlock_keyring():
return False
attribute_array = keyring.Attribute.list_new()
for key in attributes:
keyring.Attribute.list_append_string(attribute_array, key,
attributes[key])
# store password to existing keyring
keyring.item_create_sync(
self.KEYRING_NAME,
self.KEYRING_TYPE[entry_type],
entry,
attribute_array,
password,
True # update if exists
)
return True
def test_item_create_info(self):
'''item_create_sync(), item_get_info_sync(), list_item_ids_sync()'''
self.assertEqual(GnomeKeyring.create_sync(TEST_KEYRING, TEST_PWD),
GnomeKeyring.Result.OK)
self.assertEqual(
GnomeKeyring.get_info_sync(TEST_KEYRING)[0],
GnomeKeyring.Result.OK)
attrs = GnomeKeyring.Attribute.list_new()
GnomeKeyring.Attribute.list_append_string(attrs, 'context',
'testsuite')
GnomeKeyring.Attribute.list_append_uint32(attrs, 'answer', 42)
(result, id) = GnomeKeyring.item_create_sync(
TEST_KEYRING, GnomeKeyring.ItemType.GENERIC_SECRET, 'my_password',
attrs, 'my_secret', False)
self.assertEqual(result, GnomeKeyring.Result.OK)
# now query for it
(result, info) = GnomeKeyring.item_get_info_sync(TEST_KEYRING, id)
self.assertEqual(result, GnomeKeyring.Result.OK)
self.assertEqual(info.get_display_name(), 'my_password')
self.assertEqual(info.get_secret(), 'my_secret')
# list_item_ids_sync()
(result, items) = GnomeKeyring.list_item_ids_sync(TEST_KEYRING)
self.assertEqual(result, GnomeKeyring.Result.OK)
self.assertEqual(items, [id])
def __init__(self):
self._protocol = "network"
self._key = gk.ItemType.NETWORK_PASSWORD
if not gk.is_available():
raise KeyringException("The Gnome keyring is not available")
logger.debug("GnomeKeyring is available")
self.loaded = False
self.lock = threading.RLock()
if not self.loaded:
(result, keyring_names) = gk.list_keyring_names_sync()
if self._KEYRING_NAME not in keyring_names:
logger.error("Error getting the gnome keyring. We'll try to create it: %s")
logger.debug("Creating keyring " + self._KEYRING_NAME)
gk.create_sync(self._KEYRING_NAME, None)
self.loaded = True
def test_item_create_info(self):
'''item_create_sync(), item_get_info_sync(), list_item_ids_sync()'''
self.assertEqual(GnomeKeyring.create_sync(TEST_KEYRING, TEST_PWD),
GnomeKeyring.Result.OK)
self.assertEqual(GnomeKeyring.get_info_sync(TEST_KEYRING)[0], GnomeKeyring.Result.OK)
attrs = GnomeKeyring.Attribute.list_new()
GnomeKeyring.Attribute.list_append_string(attrs, 'context', 'testsuite')
GnomeKeyring.Attribute.list_append_uint32(attrs, 'answer', 42)
(result, id) = GnomeKeyring.item_create_sync(TEST_KEYRING,
GnomeKeyring.ItemType.GENERIC_SECRET, 'my_password', attrs,
'my_secret', False)
self.assertEqual(result, GnomeKeyring.Result.OK)
# now query for it
(result, info) = GnomeKeyring.item_get_info_sync(TEST_KEYRING, id)
self.assertEqual(result, GnomeKeyring.Result.OK)
self.assertEqual(info.get_display_name(), 'my_password')
self.assertEqual(info.get_secret(), 'my_secret')
# list_item_ids_sync()
(result, items) = GnomeKeyring.list_item_ids_sync(TEST_KEYRING)
self.assertEqual(result, GnomeKeyring.Result.OK)
self.assertEqual(items, [id])
def __init__(self):
self._protocol = "network"
self._key = gk.ItemType.NETWORK_PASSWORD
if not gk.is_available():
raise KeyringException("The Gnome keyring is not available")
logger.debug("GnomeKeyring is available")
self.loaded = False
self.lock = threading.RLock()
if not self.loaded:
(result, keyring_names) = gk.list_keyring_names_sync()
if self._KEYRING_NAME not in keyring_names:
logger.error(
"Error getting the gnome keyring. We'll try to create it: %s"
)
logger.debug("Creating keyring " + self._KEYRING_NAME)
gk.create_sync(self._KEYRING_NAME, None)
self.loaded = True
def setup_gnome_keyring():
"""
Provide clean login Gnome keyring (removes the previous one
beforehand, if there is a one).
"""
try:
# Delete originally stored password
(response, keyring) = GnomeKeyring.get_default_keyring_sync()
log.debug('get_info default: %s, %s' % (response, keyring))
if response == GnomeKeyring.Result.OK:
if keyring is not None:
delete_response = GnomeKeyring.delete_sync(keyring)
log.debug('delete default: %s' % delete_response)
assert delete_response == GnomeKeyring.Result.OK, \
"Delete failed: %s" % delete_response
response, keyring = GnomeKeyring.get_info_sync('login')
if response == GnomeKeyring.Result.OK:
if keyring is not None:
delete_response = GnomeKeyring.delete_sync('login')
log.debug('delete login: %s' % delete_response)
assert delete_response == GnomeKeyring.Result.OK, \
"Delete failed: %s" % delete_response
elif response != GnomeKeyring.Result.NO_SUCH_KEYRING:
raise IOError(
'Unexpected error when manipulating login keyring')
# This is result of the underlying DBus error:
# CKR_WRAPPED_KEY_INVALID, CKR_WRAPPED_KEY_LEN_RANGE,
# CKR_MECHANISM_PARAM_INVALID
# So, failed either
# * egg_padding_pkcs7_unpad
# (gnome-keyring/egg/egg-padding.c)
# * gkm_aes_mechanism_unwrap
# (gnome-keyring/pkcs11/gkm/gkm-aes-mechanism.c)
# * gkm_dh_mechanism_derive
# (gnome-keyring/pkcs11/gkm/gkm-dh-mechanism.c)
# * gkm_null_mechanism_unwrap or gkm_null_mechanism_wrap
# (gnome-keyring/pkcs11/gkm/gkm-null-mechanism.c)
create_response = GnomeKeyring.create_sync('login', 'redhat')
log.debug('create login: %s' % create_response)
if create_response != GnomeKeyring.Result.OK:
raise IOError(
'Create failed: %s\n%s' %
(create_response,
GnomeKeyring.result_to_message(create_response)))
set_default_response = \
GnomeKeyring.set_default_keyring_sync('login')
assert set_default_response == GnomeKeyring.Result.OK, \
"Set default failed: %s" % set_default_response
unlock_response = GnomeKeyring.unlock_sync("login", 'redhat')
assert unlock_response == GnomeKeyring.Result.OK, \
"Unlock failed: %s" % unlock_response
except Exception as e:
log.error("Exception while unlocking a keyring: %s", e.message)
raise # We shouldn’t let this exception evaporate
def setup_gnome_keyring():
"""
Provide clean login Gnome keyring (removes the previous one
beforehand, if there is a one).
"""
try:
# Delete originally stored password
(response, keyring) = GnomeKeyring.get_default_keyring_sync()
log.debug('get_info default: %s, %s' % (response, keyring))
if response == GnomeKeyring.Result.OK:
if keyring is not None:
delete_response = GnomeKeyring.delete_sync(keyring)
log.debug('delete default: %s' % delete_response)
assert delete_response == GnomeKeyring.Result.OK, \
"Delete failed: %s" % delete_response
response, keyring = GnomeKeyring.get_info_sync('login')
if response == GnomeKeyring.Result.OK:
if keyring is not None:
delete_response = GnomeKeyring.delete_sync('login')
log.debug('delete login: %s' % delete_response)
assert delete_response == GnomeKeyring.Result.OK, \
"Delete failed: %s" % delete_response
elif response != GnomeKeyring.Result.NO_SUCH_KEYRING:
raise IOError(
'Unexpected error when manipulating login keyring')
# This is result of the underlying DBus error:
# CKR_WRAPPED_KEY_INVALID, CKR_WRAPPED_KEY_LEN_RANGE,
# CKR_MECHANISM_PARAM_INVALID
# So, failed either
# * egg_padding_pkcs7_unpad
# (gnome-keyring/egg/egg-padding.c)
# * gkm_aes_mechanism_unwrap
# (gnome-keyring/pkcs11/gkm/gkm-aes-mechanism.c)
# * gkm_dh_mechanism_derive
# (gnome-keyring/pkcs11/gkm/gkm-dh-mechanism.c)
# * gkm_null_mechanism_unwrap or gkm_null_mechanism_wrap
# (gnome-keyring/pkcs11/gkm/gkm-null-mechanism.c)
create_response = GnomeKeyring.create_sync('login', 'redhat')
log.debug('create login: %s' % create_response)
if create_response != GnomeKeyring.Result.OK:
raise IOError(
'Create failed: %s\n%s' %
(create_response,
GnomeKeyring.result_to_message(create_response)))
set_default_response = \
GnomeKeyring.set_default_keyring_sync('login')
assert set_default_response == GnomeKeyring.Result.OK, \
"Set default failed: %s" % set_default_response
unlock_response = GnomeKeyring.unlock_sync("login", 'redhat')
assert unlock_response == GnomeKeyring.Result.OK, \
"Unlock failed: %s" % unlock_response
except Exception as e:
log.error("Exception while unlocking a keyring: %s", e.message)
raise # We shouldn’t let this exception evaporate
def add_account(self, name, secret_code, image):
"""
Add an account to accounts table
:param name: (str) account name
:param secret_code: (str) ASCII Secret code
:param image: image path or icon name
:return:
"""
encrypted_secret = sha256(secret_code.encode('utf-8')).hexdigest()
t = (name, encrypted_secret, image,)
query = "INSERT INTO accounts (name, secret_code, image) VALUES (?, ?, ?)"
try:
GK.create_sync("TwoFactorAuth", None)
attr = GK.Attribute.list_new()
GK.Attribute.list_append_string(attr, 'id', encrypted_secret)
GK.Attribute.list_append_string(attr, 'secret_code', secret_code)
GK.item_create_sync("TwoFactorAuth", GK.ItemType.GENERIC_SECRET, repr(encrypted_secret), attr,
secret_code, False)
self.conn.execute(query, t)
self.conn.commit()
except Exception as e:
logging.error("SQL: Couldn't add a new account : %s ", str(e))
def before_all(context):
"""Setup evolution stuff
Being executed before all features
"""
# Reset GSettings
schemas = [x for x in Gio.Settings.list_schemas() if 'evolution' in x.lower()]
for schema in schemas:
os.system("gsettings reset-recursively %s" % schema)
# Skip warning dialog
os.system("gsettings set org.gnome.evolution.shell skip-warning-dialog true")
# Show switcher buttons as icons (to minimize tree scrolling)
os.system("gsettings set org.gnome.evolution.shell buttons-style icons")
# Wait for things to settle
sleep(0.5)
# Skip dogtail actions to print to stdout
config.logDebugToStdOut = False
config.typingDelay = 0.2
# Include assertion object
context.assertion = dummy()
# Kill initial setup
os.system("killall /usr/libexec/gnome-initial-setup")
# Delete existing ABRT problems
if problem.list():
[x.delete() for x in problem.list()]
try:
from gi.repository import GnomeKeyring
# Delete originally stored password
(response, keyring) = GnomeKeyring.get_default_keyring_sync()
if response == GnomeKeyring.Result.OK:
if keyring is not None:
delete_response = GnomeKeyring.delete_sync(keyring)
assert delete_response == GnomeKeyring.Result.OK, "Delete failed: %s" % delete_response
create_response = GnomeKeyring.create_sync("login", 'gnome')
assert create_response == GnomeKeyring.Result.OK, "Create failed: %s" % create_response
set_default_response = GnomeKeyring.set_default_keyring_sync('login')
assert set_default_response == GnomeKeyring.Result.OK, "Set default failed: %s" % set_default_response
unlock_response = GnomeKeyring.unlock_sync("login", 'gnome')
assert unlock_response == GnomeKeyring.Result.OK, "Unlock failed: %s" % unlock_response
except Exception as e:
print("Exception while unlocking a keyring: %s" % e.message)
context.app = App('evolution')
def process(args):
krname = args.get('namespace')
if krname is None:
err('No namespace (keyring name) specified')
to_write = args.get('write', {})
to_remove = args.get('remove', {})
overwrite_all = args.get('overwrite', False)
password = args.get('password')
try:
keyring_info = verify(gk.get_info_sync(krname),
'access keyring=%s' % krname)
except NoSuchKeyringError:
if password is None:
err('Cannot create keyring=%s without a password' % krname)
# Desired keyring does not yet exist. Create it on-demand.
verify(gk.create_sync(krname, password), 'create keyring=%s' % krname)
# Try to get info again, now that we have created the missing keyring.
keyring_info = verify(gk.get_info_sync(krname),
'access keyring=%s' % krname)
if keyring_info.get_is_locked():
if password is None:
err('Cannot access locked keyring=%s without a password' % krname)
# Unlock the desired keyring.
ok = gk.unlock_sync(krname, password)
if ok is not None:
# Handle pygobject3-style invocation of unlock_sync().
if ok == gk.Result.IO_ERROR:
# An incorrect password causes an IO_ERROR for some reason. Emit a
# clearer error message than the default result_to_message() one.
err('Cannot unlock keyring=%s: Invalid password' % krname)
verify(ok, 'unlock keyring=%s' % krname)
result = {} # By default, emit minimal valid JSON.
if len(to_write) == 0 and len(to_remove) == 0:
# Given nothing to write, we emit existing secrets.
result = get_secrets(krname)
if len(to_write) > 0:
set_secrets(krname, to_write, overwrite_all)
if len(to_remove) > 0:
remove_secrets(krname, to_remove)
json.dump(result, sys.stdout)
def gkr_store(self, id, secret):
GnomeKeyring.create_sync(KEYRING_NAME, None)
attrs = GnomeKeyring.Attribute.list_new()
GnomeKeyring.Attribute.list_append_string(attrs, 'id', id)
GnomeKeyring.item_create_sync(KEYRING_NAME, GnomeKeyring.ItemType.GENERIC_SECRET, id, attrs, secret, True)
