def test_encrypt(homedir, source, config, mocker, session_maker):
'''
Check that calling `encrypt` encrypts the message.
Using the `config` fixture to ensure the config is written to disk.
'''
helper = GpgHelper(homedir, session_maker, is_qubes=False)
# first we have to ensure the pubkeys are available
helper._import(PUB_KEY)
helper._import(JOURNO_KEY)
plaintext = 'bueller?'
cyphertext = helper.encrypt_to_source(source['uuid'], plaintext)
# check that we go *any* output just for sanity
assert cyphertext
cyphertext_file = os.path.join(homedir, 'cyphertext.out')
decrypted_file = os.path.join(homedir, 'decrypted.out')
gpg_home = os.path.join(homedir, 'gpg')
with open(cyphertext_file, 'w') as f:
f.write(cyphertext)
subprocess.check_call([
'gpg', '--homedir', gpg_home, '--output', decrypted_file, '--decrypt',
cyphertext_file
])
with open(decrypted_file) as f:
decrypted = f.read()
assert decrypted == plaintext
def test_gzip_header_without_filename(homedir, config, mocker, session_maker):
"""
Test processing of a gzipped file without a filename in the header.
"""
gpg = GpgHelper(homedir, session_maker, is_qubes=False)
gpg._import(PUB_KEY)
gpg._import(JOURNO_KEY)
mocker.patch("os.unlink")
mocker.patch("gzip.open")
mocker.patch("shutil.copy")
mocker.patch("shutil.copyfileobj")
# pretend the gzipped file header lacked the original filename
mock_read_gzip_header_filename = mocker.patch(
"securedrop_client.crypto.read_gzip_header_filename"
)
mock_read_gzip_header_filename.return_value = ""
test_gzip = "tests/files/test-doc.gz.gpg"
output_filename = "test-doc"
expected_output_filename = "tests/files/test-doc"
original_filename = gpg.decrypt_submission_or_reply(test_gzip, output_filename, is_doc=True)
assert original_filename == output_filename
os.remove(expected_output_filename)
def test_gunzip_logic(homedir, config, mocker, session_maker):
"""
Ensure that gzipped documents/files are handled
Using the `config` fixture to ensure the config is written to disk.
"""
gpg = GpgHelper(homedir, session_maker, is_qubes=False)
gpg._import(PUB_KEY)
gpg._import(JOURNO_KEY)
test_gzip = "tests/files/test-doc.gz.gpg"
expected_output_filepath = "tests/files/test-doc.txt"
# mock_gpg = mocker.patch('subprocess.call', return_value=0)
mock_unlink = mocker.patch("os.unlink")
original_filename = gpg.decrypt_submission_or_reply(
test_gzip, expected_output_filepath, is_doc=True
)
assert original_filename == "test-doc.txt"
# We should remove two files in the success scenario: err, filepath
assert mock_unlink.call_count == 2
mock_unlink.stop()
os.remove(expected_output_filepath)
def test_encrypt(homedir, source, config, mocker, session_maker):
"""
Check that calling `encrypt` encrypts the message.
Using the `config` fixture to ensure the config is written to disk.
"""
helper = GpgHelper(homedir, session_maker, is_qubes=False)
# first we have to ensure the pubkeys are available
helper._import(PUB_KEY)
helper._import(JOURNO_KEY)
plaintext = "bueller?"
cyphertext = helper.encrypt_to_source(source["uuid"], plaintext)
# check that we go *any* output just for sanity
assert cyphertext
cyphertext_file = os.path.join(homedir, "cyphertext.out")
decrypted_file = os.path.join(homedir, "decrypted.out")
gpg_home = os.path.join(homedir, "gpg")
with open(cyphertext_file, "w") as f:
f.write(cyphertext)
subprocess.check_call(
["gpg", "--homedir", gpg_home, "--output", decrypted_file, "--decrypt", cyphertext_file]
)
with open(decrypted_file) as f:
decrypted = f.read()
assert decrypted == plaintext
def test_import_key_gpg_call_fail(homedir, config, mocker, session_maker):
'''
Check that a `CryptoError` is raised if calling `gpg` fails.
Using the `config` fixture to ensure the config is written to disk.
'''
helper = GpgHelper(homedir, session_maker, is_qubes=False)
err = subprocess.CalledProcessError(cmd=['foo'], returncode=1)
mock_call = mocker.patch('securedrop_client.crypto.subprocess.check_call',
side_effect=err)
with pytest.raises(CryptoError, match='Could not import key\\.'):
helper._import(PUB_KEY)
# ensure the mock was used
assert mock_call.called
def test_encrypt_fail(homedir, source, config, mocker, session_maker):
'''
Check that a `CryptoError` is raised if the call to `gpg` fails.
Using the `config` fixture to ensure the config is written to disk.
'''
helper = GpgHelper(homedir, session_maker, is_qubes=False)
# first we have to ensure the pubkeys are available
helper._import(PUB_KEY)
plaintext = 'bueller?'
err = subprocess.CalledProcessError(cmd=['foo'], returncode=1)
mock_gpg = mocker.patch('securedrop_client.crypto.subprocess.check_call',
side_effect=err)
with pytest.raises(CryptoError):
helper.encrypt_to_source(source['uuid'], plaintext)
# check mock called to prevent "dead code"
assert mock_gpg.called
