def test_create_lock(self):
'''create_sync() and locking/unlocking'''
# create
self.assertEqual(GnomeKeyring.create_sync(TEST_KEYRING, TEST_PWD),
GnomeKeyring.Result.OK)
(result, info) = GnomeKeyring.get_info_sync(TEST_KEYRING)
self.assertEqual(result, GnomeKeyring.Result.OK)
self.assertFalse(info.get_is_locked())
# try to create already existing ring
self.assertEqual(GnomeKeyring.create_sync(TEST_KEYRING, TEST_PWD),
GnomeKeyring.Result.KEYRING_ALREADY_EXISTS)
# lock
self.assertEqual(GnomeKeyring.lock_sync(TEST_KEYRING),
GnomeKeyring.Result.OK)
self.assertTrue(GnomeKeyring.get_info_sync(TEST_KEYRING)[1].get_is_locked())
# unlock with wrong password
self.assertEqual(GnomeKeyring.unlock_sync(TEST_KEYRING, 'h4ck'),
GnomeKeyring.Result.IO_ERROR)
# unlock with correct password
self.assertEqual(GnomeKeyring.unlock_sync(TEST_KEYRING, TEST_PWD),
GnomeKeyring.Result.OK)
def test_create_lock(self):
'''create_sync() and locking/unlocking'''
# create
self.assertEqual(GnomeKeyring.create_sync(TEST_KEYRING, TEST_PWD),
GnomeKeyring.Result.OK)
(result, info) = GnomeKeyring.get_info_sync(TEST_KEYRING)
self.assertEqual(result, GnomeKeyring.Result.OK)
self.assertFalse(info.get_is_locked())
# try to create already existing ring
self.assertEqual(GnomeKeyring.create_sync(TEST_KEYRING, TEST_PWD),
GnomeKeyring.Result.KEYRING_ALREADY_EXISTS)
# lock
self.assertEqual(GnomeKeyring.lock_sync(TEST_KEYRING),
GnomeKeyring.Result.OK)
self.assertTrue(
GnomeKeyring.get_info_sync(TEST_KEYRING)[1].get_is_locked())
# unlock with wrong password
self.assertEqual(GnomeKeyring.unlock_sync(TEST_KEYRING, 'h4ck'),
GnomeKeyring.Result.IO_ERROR)
# unlock with correct password
self.assertEqual(GnomeKeyring.unlock_sync(TEST_KEYRING, TEST_PWD),
GnomeKeyring.Result.OK)
def process(args):
krname = args.get('namespace')
if krname is None:
err('No namespace (keyring name) specified')
to_write = args.get('write', {})
to_remove = args.get('remove', {})
overwrite_all = args.get('overwrite', False)
password = args.get('password')
try:
keyring_info = verify(gk.get_info_sync(krname),
'access keyring=%s' % krname)
except NoSuchKeyringError:
if password is None:
err('Cannot create keyring=%s without a password' % krname)
# Desired keyring does not yet exist. Create it on-demand.
verify(gk.create_sync(krname, password), 'create keyring=%s' % krname)
# Try to get info again, now that we have created the missing keyring.
keyring_info = verify(gk.get_info_sync(krname),
'access keyring=%s' % krname)
if keyring_info.get_is_locked():
if password is None:
err('Cannot access locked keyring=%s without a password' % krname)
# Unlock the desired keyring.
ok = gk.unlock_sync(krname, password)
if ok is not None:
# Handle pygobject3-style invocation of unlock_sync().
if ok == gk.Result.IO_ERROR:
# An incorrect password causes an IO_ERROR for some reason. Emit a
# clearer error message than the default result_to_message() one.
err('Cannot unlock keyring=%s: Invalid password' % krname)
verify(ok, 'unlock keyring=%s' % krname)
result = {} # By default, emit minimal valid JSON.
if len(to_write) == 0 and len(to_remove) == 0:
# Given nothing to write, we emit existing secrets.
result = get_secrets(krname)
if len(to_write) > 0:
set_secrets(krname, to_write, overwrite_all)
if len(to_remove) > 0:
remove_secrets(krname, to_remove)
json.dump(result, sys.stdout)
def test_item_create_info(self):
'''item_create_sync(), item_get_info_sync(), list_item_ids_sync()'''
self.assertEqual(GnomeKeyring.create_sync(TEST_KEYRING, TEST_PWD),
GnomeKeyring.Result.OK)
self.assertEqual(GnomeKeyring.get_info_sync(TEST_KEYRING)[0], GnomeKeyring.Result.OK)
attrs = GnomeKeyring.Attribute.list_new()
GnomeKeyring.Attribute.list_append_string(attrs, 'context', 'testsuite')
GnomeKeyring.Attribute.list_append_uint32(attrs, 'answer', 42)
(result, id) = GnomeKeyring.item_create_sync(TEST_KEYRING,
GnomeKeyring.ItemType.GENERIC_SECRET, 'my_password', attrs,
'my_secret', False)
self.assertEqual(result, GnomeKeyring.Result.OK)
# now query for it
(result, info) = GnomeKeyring.item_get_info_sync(TEST_KEYRING, id)
self.assertEqual(result, GnomeKeyring.Result.OK)
self.assertEqual(info.get_display_name(), 'my_password')
self.assertEqual(info.get_secret(), 'my_secret')
# list_item_ids_sync()
(result, items) = GnomeKeyring.list_item_ids_sync(TEST_KEYRING)
self.assertEqual(result, GnomeKeyring.Result.OK)
self.assertEqual(items, [id])
def test_item_create_info(self):
'''item_create_sync(), item_get_info_sync(), list_item_ids_sync()'''
self.assertEqual(GnomeKeyring.create_sync(TEST_KEYRING, TEST_PWD),
GnomeKeyring.Result.OK)
self.assertEqual(
GnomeKeyring.get_info_sync(TEST_KEYRING)[0],
GnomeKeyring.Result.OK)
attrs = GnomeKeyring.Attribute.list_new()
GnomeKeyring.Attribute.list_append_string(attrs, 'context',
'testsuite')
GnomeKeyring.Attribute.list_append_uint32(attrs, 'answer', 42)
(result, id) = GnomeKeyring.item_create_sync(
TEST_KEYRING, GnomeKeyring.ItemType.GENERIC_SECRET, 'my_password',
attrs, 'my_secret', False)
self.assertEqual(result, GnomeKeyring.Result.OK)
# now query for it
(result, info) = GnomeKeyring.item_get_info_sync(TEST_KEYRING, id)
self.assertEqual(result, GnomeKeyring.Result.OK)
self.assertEqual(info.get_display_name(), 'my_password')
self.assertEqual(info.get_secret(), 'my_secret')
# list_item_ids_sync()
(result, items) = GnomeKeyring.list_item_ids_sync(TEST_KEYRING)
self.assertEqual(result, GnomeKeyring.Result.OK)
self.assertEqual(items, [id])
def test_info_default(self):
'''get_info_sync() for default keyring'''
# we cannot assume too much about the default keyring; it might be
# locked or not, and we should avoid poking in it too much
(result, info) = GnomeKeyring.get_info_sync(None)
self.assertEqual(result, GnomeKeyring.Result.OK)
self.assertTrue(info.get_is_locked() in (False, True))
def test_info_default(self):
'''get_info_sync() for default keyring'''
# we cannot assume too much about the default keyring; it might be
# locked or not, and we should avoid poking in it too much
(result, info) = GnomeKeyring.get_info_sync(None)
self.assertEqual(result, GnomeKeyring.Result.OK)
self.assertTrue(info.get_is_locked() in (False, True))
def setup_gnome_keyring():
"""
Provide clean login Gnome keyring (removes the previous one
beforehand, if there is a one).
"""
try:
# Delete originally stored password
(response, keyring) = GnomeKeyring.get_default_keyring_sync()
log.debug('get_info default: %s, %s' % (response, keyring))
if response == GnomeKeyring.Result.OK:
if keyring is not None:
delete_response = GnomeKeyring.delete_sync(keyring)
log.debug('delete default: %s' % delete_response)
assert delete_response == GnomeKeyring.Result.OK, \
"Delete failed: %s" % delete_response
response, keyring = GnomeKeyring.get_info_sync('login')
if response == GnomeKeyring.Result.OK:
if keyring is not None:
delete_response = GnomeKeyring.delete_sync('login')
log.debug('delete login: %s' % delete_response)
assert delete_response == GnomeKeyring.Result.OK, \
"Delete failed: %s" % delete_response
elif response != GnomeKeyring.Result.NO_SUCH_KEYRING:
raise IOError(
'Unexpected error when manipulating login keyring')
# This is result of the underlying DBus error:
# CKR_WRAPPED_KEY_INVALID, CKR_WRAPPED_KEY_LEN_RANGE,
# CKR_MECHANISM_PARAM_INVALID
# So, failed either
# * egg_padding_pkcs7_unpad
# (gnome-keyring/egg/egg-padding.c)
# * gkm_aes_mechanism_unwrap
# (gnome-keyring/pkcs11/gkm/gkm-aes-mechanism.c)
# * gkm_dh_mechanism_derive
# (gnome-keyring/pkcs11/gkm/gkm-dh-mechanism.c)
# * gkm_null_mechanism_unwrap or gkm_null_mechanism_wrap
# (gnome-keyring/pkcs11/gkm/gkm-null-mechanism.c)
create_response = GnomeKeyring.create_sync('login', 'redhat')
log.debug('create login: %s' % create_response)
if create_response != GnomeKeyring.Result.OK:
raise IOError(
'Create failed: %s\n%s' %
(create_response,
GnomeKeyring.result_to_message(create_response)))
set_default_response = \
GnomeKeyring.set_default_keyring_sync('login')
assert set_default_response == GnomeKeyring.Result.OK, \
"Set default failed: %s" % set_default_response
unlock_response = GnomeKeyring.unlock_sync("login", 'redhat')
assert unlock_response == GnomeKeyring.Result.OK, \
"Unlock failed: %s" % unlock_response
except Exception as e:
log.error("Exception while unlocking a keyring: %s", e.message)
raise # We shouldn’t let this exception evaporate
def setup_gnome_keyring():
"""
Provide clean login Gnome keyring (removes the previous one
beforehand, if there is a one).
"""
try:
# Delete originally stored password
(response, keyring) = GnomeKeyring.get_default_keyring_sync()
log.debug('get_info default: %s, %s' % (response, keyring))
if response == GnomeKeyring.Result.OK:
if keyring is not None:
delete_response = GnomeKeyring.delete_sync(keyring)
log.debug('delete default: %s' % delete_response)
assert delete_response == GnomeKeyring.Result.OK, \
"Delete failed: %s" % delete_response
response, keyring = GnomeKeyring.get_info_sync('login')
if response == GnomeKeyring.Result.OK:
if keyring is not None:
delete_response = GnomeKeyring.delete_sync('login')
log.debug('delete login: %s' % delete_response)
assert delete_response == GnomeKeyring.Result.OK, \
"Delete failed: %s" % delete_response
elif response != GnomeKeyring.Result.NO_SUCH_KEYRING:
raise IOError(
'Unexpected error when manipulating login keyring')
# This is result of the underlying DBus error:
# CKR_WRAPPED_KEY_INVALID, CKR_WRAPPED_KEY_LEN_RANGE,
# CKR_MECHANISM_PARAM_INVALID
# So, failed either
# * egg_padding_pkcs7_unpad
# (gnome-keyring/egg/egg-padding.c)
# * gkm_aes_mechanism_unwrap
# (gnome-keyring/pkcs11/gkm/gkm-aes-mechanism.c)
# * gkm_dh_mechanism_derive
# (gnome-keyring/pkcs11/gkm/gkm-dh-mechanism.c)
# * gkm_null_mechanism_unwrap or gkm_null_mechanism_wrap
# (gnome-keyring/pkcs11/gkm/gkm-null-mechanism.c)
create_response = GnomeKeyring.create_sync('login', 'redhat')
log.debug('create login: %s' % create_response)
if create_response != GnomeKeyring.Result.OK:
raise IOError(
'Create failed: %s\n%s' %
(create_response,
GnomeKeyring.result_to_message(create_response)))
set_default_response = \
GnomeKeyring.set_default_keyring_sync('login')
assert set_default_response == GnomeKeyring.Result.OK, \
"Set default failed: %s" % set_default_response
unlock_response = GnomeKeyring.unlock_sync("login", 'redhat')
assert unlock_response == GnomeKeyring.Result.OK, \
"Unlock failed: %s" % unlock_response
except Exception as e:
log.error("Exception while unlocking a keyring: %s", e.message)
raise # We shouldn’t let this exception evaporate
def test_info_unknown(self):
'''get_info_sync() for unknown keyring'''
(result, info) = GnomeKeyring.get_info_sync(TEST_KEYRING + '_nonexisting')
self.assertEqual(result, GnomeKeyring.Result.NO_SUCH_KEYRING)
else:
screen.addstr('\n')
# Done; pause or eat the key that was ungetch()'d
screen.addstr('Press any key to continue ...')
screen.getch()
if __name__ == '__main__':
gi.require_version('GnomeKeyring', '1.0')
gi.require_version('Secret', '1')
from gi.repository import GnomeKeyring as gkr, Secret
# Unlock the login keyring, if necessary
was_locked = False
if gkr.get_info_sync(KEYRING)[1].get_is_locked():
was_locked = True
import getpass
result = gkr.unlock_sync(
'login',
getpass.getpass(prompt='Enter password for '
'login keyring: '))
if result == gkr.Result.IO_ERROR: # Incorrect password
sys.exit(1)
# Connect to libsecret
service = Secret.Service.get_sync(Secret.ServiceFlags.OPEN_SESSION
| Secret.ServiceFlags.LOAD_COLLECTIONS)
collections = service.get_collections()
# Search the default keyring
def test_info_unknown(self):
'''get_info_sync() for unknown keyring'''
(result,
info) = GnomeKeyring.get_info_sync(TEST_KEYRING + '_nonexisting')
self.assertEqual(result, GnomeKeyring.Result.NO_SUCH_KEYRING)
def isLocked(self): info = GnomeKeyring.get_info_sync(self.keyring)[1] return info.get_is_locked()
def __update_info(self): """Update keyring status information""" self._info = keyring.get_info_sync(self.KEYRING_NAME)[1] # update icon self.__update_icon()
else:
screen.addstr('\n')
# Done; pause or eat the key that was ungetch()'d
screen.addstr('Press any key to continue ...')
screen.getch()
if __name__ == '__main__':
gi.require_version('GnomeKeyring', '1.0')
gi.require_version('Secret', '1')
from gi.repository import GnomeKeyring as gkr, Secret
# Unlock the login keyring, if necessary
was_locked = False
if gkr.get_info_sync(KEYRING)[1].get_is_locked():
was_locked = True
import getpass
result = gkr.unlock_sync('login',
getpass.getpass(prompt='Enter password for '
'login keyring: '))
if result == gkr.Result.IO_ERROR: # Incorrect password
sys.exit(1)
# Connect to libsecret
service = Secret.Service.get_sync(Secret.ServiceFlags.OPEN_SESSION |
Secret.ServiceFlags.LOAD_COLLECTIONS)
collections = service.get_collections()
# Search the default keyring
items = service.unlock_sync(collections, None)[1][0].get_items()