def test_01_fill(self): """ Validate the filling of a UserKey with public key material. """ alice_uk = UserKey(user=User.objects.get(username='******')) self.assertFalse(alice_uk.is_filled(), "UserKey with empty public_key is_filled() did not return False") alice_uk.public_key = self.TEST_KEYS['alice_public'] self.assertTrue(alice_uk.is_filled(), "UserKey with public key is_filled() did not return True")
def test_04_master_key_retrieval(self): """ Test the decryption of a master key using the user's private key. """ master_key = generate_random_key() alice_uk = UserKey(user=User.objects.get(username='******'), public_key=self.TEST_KEYS['alice_public']) alice_uk.activate(master_key) retrieved_master_key = alice_uk.get_master_key(self.TEST_KEYS['alice_private']) self.assertEqual(master_key, retrieved_master_key, "Master key retrieval failed with correct private key")
def test_02_activate(self): """ Validate the activation of a UserKey. """ master_key = generate_random_key() alice_uk = UserKey(user=User.objects.get(username='******'), public_key=self.TEST_KEYS['alice_public']) self.assertFalse(alice_uk.is_active(), "Inactive UserKey is_active() did not return False") alice_uk.activate(master_key) self.assertTrue(alice_uk.is_active(), "ActiveUserKey is_active() did not return True")
def setUp(self): super().setUp() # Create a UserKey for the test user userkey = UserKey(user=self.user, public_key=PUBLIC_KEY) userkey.save() # Create a SessionKey for the user self.master_key = userkey.get_master_key(PRIVATE_KEY) session_key = SessionKey(userkey=userkey) session_key.save(self.master_key) # Append the session key to the test client's request header self.header['HTTP_X_SESSION_KEY'] = base64.b64encode(session_key.key) site = Site.objects.create(name='Site 1', slug='site-1') manufacturer = Manufacturer.objects.create(name='Manufacturer 1', slug='manufacturer-1') devicetype = DeviceType.objects.create(manufacturer=manufacturer, model='Device Type 1') devicerole = DeviceRole.objects.create(name='Device Role 1', slug='device-role-1') device = Device.objects.create(name='Device 1', site=site, device_type=devicetype, device_role=devicerole) secret_roles = ( SecretRole(name='Secret Role 1', slug='secret-role-1'), SecretRole(name='Secret Role 2', slug='secret-role-2'), ) SecretRole.objects.bulk_create(secret_roles) secrets = ( Secret(device=device, role=secret_roles[0], name='Secret 1', plaintext='ABC'), Secret(device=device, role=secret_roles[0], name='Secret 2', plaintext='DEF'), Secret(device=device, role=secret_roles[0], name='Secret 3', plaintext='GHI'), ) for secret in secrets: secret.encrypt(self.master_key) secret.save() self.create_data = [ { 'device': device.pk, 'role': secret_roles[1].pk, 'name': 'Secret 4', 'plaintext': 'JKL', }, { 'device': device.pk, 'role': secret_roles[1].pk, 'name': 'Secret 5', 'plaintext': 'MNO', }, { 'device': device.pk, 'role': secret_roles[1].pk, 'name': 'Secret 6', 'plaintext': 'PQR', }, ]
def setUp(self): super().setUp() # Set up a master key for the test user userkey = UserKey(user=self.user, public_key=PUBLIC_KEY) userkey.save() master_key = userkey.get_master_key(PRIVATE_KEY) self.session_key = SessionKey(userkey=userkey) self.session_key.save(master_key)
def setUp(self): user = User.objects.create(username='******', is_superuser=True) token = Token.objects.create(user=user) userkey = UserKey(user=user, public_key=PUBLIC_KEY) userkey.save() self.master_key = userkey.get_master_key(PRIVATE_KEY) session_key = SessionKey(userkey=userkey) session_key.save(self.master_key) self.header = { 'HTTP_AUTHORIZATION': 'Token {}'.format(token.key), 'HTTP_X_SESSION_KEY': base64.b64encode(session_key.key), } self.plaintext = { 'secret1': 'Secret #1 Plaintext', 'secret2': 'Secret #2 Plaintext', 'secret3': 'Secret #3 Plaintext', } site = Site.objects.create(name='Test Site 1', slug='test-site-1') manufacturer = Manufacturer.objects.create(name='Test Manufacturer 1', slug='test-manufacturer-1') devicetype = DeviceType.objects.create(manufacturer=manufacturer, model='Test Device Type 1') devicerole = DeviceRole.objects.create(name='Test Device Role 1', slug='test-device-role-1') self.device = Device.objects.create(name='Test Device 1', site=site, device_type=devicetype, device_role=devicerole) self.secretrole1 = SecretRole.objects.create(name='Test Secret Role 1', slug='test-secret-role-1') self.secretrole2 = SecretRole.objects.create(name='Test Secret Role 2', slug='test-secret-role-2') self.secret1 = Secret(device=self.device, role=self.secretrole1, name='Test Secret 1', plaintext=self.plaintext['secret1']) self.secret1.encrypt(self.master_key) self.secret1.save() self.secret2 = Secret(device=self.device, role=self.secretrole1, name='Test Secret 2', plaintext=self.plaintext['secret2']) self.secret2.encrypt(self.master_key) self.secret2.save() self.secret3 = Secret(device=self.device, role=self.secretrole1, name='Test Secret 3', plaintext=self.plaintext['secret3']) self.secret3.encrypt(self.master_key) self.secret3.save()
def setUp(self): # Create a non-superuser test user self.user = create_test_user('testuser', permissions=( 'secrets.add_secret', 'secrets.change_secret', 'secrets.delete_secret', 'secrets.view_secret', )) self.token = Token.objects.create(user=self.user) self.header = {'HTTP_AUTHORIZATION': 'Token {}'.format(self.token.key)} userkey = UserKey(user=self.user, public_key=PUBLIC_KEY) userkey.save() self.master_key = userkey.get_master_key(PRIVATE_KEY) session_key = SessionKey(userkey=userkey) session_key.save(self.master_key) self.header = { 'HTTP_AUTHORIZATION': 'Token {}'.format(self.token.key), 'HTTP_X_SESSION_KEY': base64.b64encode(session_key.key), } self.plaintexts = ( 'Secret #1 Plaintext', 'Secret #2 Plaintext', 'Secret #3 Plaintext', ) site = Site.objects.create(name='Test Site 1', slug='test-site-1') manufacturer = Manufacturer.objects.create(name='Test Manufacturer 1', slug='test-manufacturer-1') devicetype = DeviceType.objects.create(manufacturer=manufacturer, model='Test Device Type 1') devicerole = DeviceRole.objects.create(name='Test Device Role 1', slug='test-device-role-1') self.device = Device.objects.create( name='Test Device 1', site=site, device_type=devicetype, device_role=devicerole ) self.secretrole1 = SecretRole.objects.create(name='Test Secret Role 1', slug='test-secret-role-1') self.secretrole2 = SecretRole.objects.create(name='Test Secret Role 2', slug='test-secret-role-2') self.secret1 = Secret( device=self.device, role=self.secretrole1, name='Test Secret 1', plaintext=self.plaintexts[0] ) self.secret1.encrypt(self.master_key) self.secret1.save() self.secret2 = Secret( device=self.device, role=self.secretrole1, name='Test Secret 2', plaintext=self.plaintexts[1] ) self.secret2.encrypt(self.master_key) self.secret2.save() self.secret3 = Secret( device=self.device, role=self.secretrole1, name='Test Secret 3', plaintext=self.plaintexts[2] ) self.secret3.encrypt(self.master_key) self.secret3.save()
def setUp(self): user = create_test_user(permissions=[ 'secrets.view_secret', 'secrets.add_secret', ]) # Set up a master key userkey = UserKey(user=user, public_key=PUBLIC_KEY) userkey.save() master_key = userkey.get_master_key(PRIVATE_KEY) self.session_key = SessionKey(userkey=userkey) self.session_key.save(master_key) self.client = Client() self.client.force_login(user) site = Site(name='Site 1', slug='site-1') site.save() manufacturer = Manufacturer(name='Manufacturer 1', slug='manufacturer-1') manufacturer.save() devicetype = DeviceType(manufacturer=manufacturer, model='Device Type 1') devicetype.save() devicerole = DeviceRole(name='Device Role 1', slug='device-role-1') devicerole.save() device = Device(name='Device 1', site=site, device_type=devicetype, device_role=devicerole) device.save() secretrole = SecretRole(name='Secret Role 1', slug='secret-role-1') secretrole.save() Secret.objects.bulk_create([ Secret(device=device, role=secretrole, name='Secret 1', ciphertext=b'1234567890'), Secret(device=device, role=secretrole, name='Secret 2', ciphertext=b'1234567890'), Secret(device=device, role=secretrole, name='Secret 3', ciphertext=b'1234567890'), ])
def setUp(self): super().setUp() userkey = UserKey(user=self.user, public_key=PUBLIC_KEY) userkey.save() master_key = userkey.get_master_key(PRIVATE_KEY) self.session_key = SessionKey(userkey=userkey) self.session_key.save(master_key) self.header = { 'HTTP_AUTHORIZATION': 'Token {}'.format(self.token.key), }
def setUp(self): user = User.objects.create(username='******', is_superuser=True) token = Token.objects.create(user=user) userkey = UserKey(user=user, public_key=PUBLIC_KEY) userkey.save() master_key = userkey.get_master_key(PRIVATE_KEY) self.session_key = SessionKey(userkey=userkey) self.session_key.save(master_key) self.header = { 'HTTP_AUTHORIZATION': 'Token {}'.format(token.key), }
def dispatch(self, request, *args, **kwargs): try: self.userkey = UserKey.objects.get(user=request.user) except UserKey.DoesNotExist: self.userkey = UserKey(user=request.user) return super().dispatch(request, *args, **kwargs)
def setUp(self): user = User.objects.create(username='******', is_superuser=True) token = Token.objects.create(user=user) userkey = UserKey(user=user, public_key=PUBLIC_KEY) userkey.save() self.master_key = userkey.get_master_key(PRIVATE_KEY) session_key = SessionKey(userkey=userkey) session_key.save(self.master_key) self.header = { 'HTTP_AUTHORIZATION': 'Token {}'.format(token.key), 'HTTP_X_SESSION_KEY': base64.b64encode(session_key.key), } self.plaintext = { 'secret1': 'Secret #1 Plaintext', 'secret2': 'Secret #2 Plaintext', 'secret3': 'Secret #3 Plaintext', } site = Site.objects.create(name='Test Site 1', slug='test-site-1') manufacturer = Manufacturer.objects.create(name='Test Manufacturer 1', slug='test-manufacturer-1') devicetype = DeviceType.objects.create(manufacturer=manufacturer, model='Test Device Type 1') devicerole = DeviceRole.objects.create(name='Test Device Role 1', slug='test-device-role-1') self.device = Device.objects.create( name='Test Device 1', site=site, device_type=devicetype, device_role=devicerole ) self.secretrole1 = SecretRole.objects.create(name='Test Secret Role 1', slug='test-secret-role-1') self.secretrole2 = SecretRole.objects.create(name='Test Secret Role 2', slug='test-secret-role-2') self.secret1 = Secret( device=self.device, role=self.secretrole1, name='Test Secret 1', plaintext=self.plaintext['secret1'] ) self.secret1.encrypt(self.master_key) self.secret1.save() self.secret2 = Secret( device=self.device, role=self.secretrole1, name='Test Secret 2', plaintext=self.plaintext['secret2'] ) self.secret2.encrypt(self.master_key) self.secret2.save() self.secret3 = Secret( device=self.device, role=self.secretrole1, name='Test Secret 3', plaintext=self.plaintext['secret3'] ) self.secret3.encrypt(self.master_key) self.secret3.save()
def test_03_key_sizes(self): """ Ensure that RSA keys which are too small or too large are rejected. """ rsa = RSA.generate(getattr(settings, 'SECRETS_MIN_PUBKEY_SIZE', 2048) - 256) small_key = rsa.publickey().exportKey('PEM') try: UserKey(public_key=small_key).clean() self.fail("UserKey.clean() did not fail with an undersized RSA key") except ValidationError: pass rsa = RSA.generate(4096 + 256) # Max size is 4096 (enforced by master_key_cipher field size) big_key = rsa.publickey().exportKey('PEM') try: UserKey(public_key=big_key).clean() self.fail("UserKey.clean() did not fail with an oversized RSA key") except ValidationError: pass
def userkey_edit(request): try: userkey = UserKey.objects.get(user=request.user) except UserKey.DoesNotExist: userkey = UserKey(user=request.user) if request.method == 'POST': form = UserKeyForm(data=request.POST, instance=userkey) if form.is_valid(): uk = form.save(commit=False) uk.user = request.user uk.save() messages.success(request, u"Your user key has been saved.") return redirect('users:userkey') else: form = UserKeyForm(instance=userkey) return render(request, 'users/userkey_edit.html', { 'userkey': userkey, 'form': form, })
def setUp(self): user = create_test_user(permissions=[ 'secrets.view_secretrole', 'secrets.add_secretrole', ]) self.userkey = UserKey(user=user)