Merge "Fix exception handling and add tests"
This commit is contained in:
commit
566c792658
|
@ -15,8 +15,7 @@
|
||||||
import base64
|
import base64
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
from cryptography.exceptions import InvalidSignature
|
from cryptography import fernet
|
||||||
from cryptography.fernet import Fernet
|
|
||||||
from cryptography.hazmat.backends import default_backend
|
from cryptography.hazmat.backends import default_backend
|
||||||
from cryptography.hazmat.primitives import hashes
|
from cryptography.hazmat.primitives import hashes
|
||||||
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
|
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
|
||||||
|
@ -57,8 +56,8 @@ def encrypt(unencrypted_data,
|
||||||
:rtype: bytes
|
:rtype: bytes
|
||||||
"""
|
"""
|
||||||
|
|
||||||
return Fernet(_generate_key(passphrase, salt, key_length,
|
return fernet.Fernet(_generate_key(
|
||||||
iterations)).encrypt(unencrypted_data)
|
passphrase, salt, key_length, iterations)).encrypt(unencrypted_data)
|
||||||
|
|
||||||
|
|
||||||
def decrypt(encrypted_data,
|
def decrypt(encrypted_data,
|
||||||
|
@ -88,14 +87,14 @@ def decrypt(encrypted_data,
|
||||||
:type iterations: positive integer.
|
:type iterations: positive integer.
|
||||||
:return: Decrypted secret data
|
:return: Decrypted secret data
|
||||||
:rtype: bytes
|
:rtype: bytes
|
||||||
:raises InvalidSignature: If the provided passphrase, and/or
|
:raises InvalidToken: If the provided passphrase, and/or
|
||||||
salt does not match the values used to encrypt the data.
|
salt does not match the values used to encrypt the data.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
try:
|
try:
|
||||||
return Fernet(_generate_key(passphrase, salt, key_length,
|
return fernet.Fernet(_generate_key(
|
||||||
iterations)).decrypt(encrypted_data)
|
passphrase, salt, key_length, iterations)).decrypt(encrypted_data)
|
||||||
except InvalidSignature:
|
except fernet.InvalidToken:
|
||||||
LOG.error('Signature verification to decrypt secrets failed. Please '
|
LOG.error('Signature verification to decrypt secrets failed. Please '
|
||||||
'check your provided passphrase and salt and try again.')
|
'check your provided passphrase and salt and try again.')
|
||||||
raise
|
raise
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
# Testing
|
# Testing
|
||||||
pytest==3.2.1
|
pytest==3.2.1
|
||||||
pytest-cov==2.5.1
|
pytest-cov==2.5.1
|
||||||
|
testfixtures
|
||||||
mock==2.0.0
|
mock==2.0.0
|
||||||
|
|
||||||
# Formatting
|
# Formatting
|
||||||
|
|
|
@ -14,9 +14,13 @@
|
||||||
|
|
||||||
import os
|
import os
|
||||||
import tempfile
|
import tempfile
|
||||||
|
import uuid
|
||||||
|
|
||||||
|
from cryptography import fernet
|
||||||
import mock
|
import mock
|
||||||
|
import pytest
|
||||||
import string
|
import string
|
||||||
|
from testfixtures import log_capture
|
||||||
import yaml
|
import yaml
|
||||||
|
|
||||||
from pegleg.engine.util.cryptostring import CryptoString
|
from pegleg.engine.util.cryptostring import CryptoString
|
||||||
|
@ -176,3 +180,23 @@ def test_generate_passphrases(*_):
|
||||||
assert len(decrypted_passphrase) == 25
|
assert len(decrypted_passphrase) == 25
|
||||||
else:
|
else:
|
||||||
assert len(decrypted_passphrase) == 24
|
assert len(decrypted_passphrase) == 24
|
||||||
|
|
||||||
|
|
||||||
|
@log_capture()
|
||||||
|
def test_generate_passphrases_exception(capture):
|
||||||
|
unenc_data = uuid.uuid4().bytes
|
||||||
|
passphrase1 = uuid.uuid4().bytes
|
||||||
|
passphrase2 = uuid.uuid4().bytes
|
||||||
|
salt1 = uuid.uuid4().bytes
|
||||||
|
salt2 = uuid.uuid4().bytes
|
||||||
|
|
||||||
|
# Generate random data and encrypt it
|
||||||
|
enc_data = encryption.encrypt(unenc_data, passphrase1, salt1)
|
||||||
|
|
||||||
|
# Decrypt using the wrong key to see to see the InvalidToken error
|
||||||
|
with pytest.raises(fernet.InvalidToken):
|
||||||
|
encryption.decrypt(enc_data, passphrase2, salt2)
|
||||||
|
capture.check(('pegleg.engine.util.encryption', 'ERROR',
|
||||||
|
('Signature verification to decrypt secrets failed. '
|
||||||
|
'Please check your provided passphrase and salt and '
|
||||||
|
'try again.')))
|
||||||
|
|
|
@ -0,0 +1,26 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
import logging
|
||||||
|
|
||||||
|
import pytest
|
||||||
|
from testfixtures import log_capture
|
||||||
|
|
||||||
|
from pegleg.engine import exceptions as exc
|
||||||
|
|
||||||
|
|
||||||
|
@log_capture()
|
||||||
|
def test_exception_with_missing_kwargs(capture):
|
||||||
|
message = 'Testing missing kwargs exception with {text}'
|
||||||
|
with pytest.raises(exc.PeglegBaseException):
|
||||||
|
raise exc.PeglegBaseException(message=message, key="value")
|
||||||
|
capture.check(('pegleg.engine.exceptions', 'WARNING', 'Missing kwargs'))
|
2
tox.ini
2
tox.ini
|
@ -60,7 +60,7 @@ commands =
|
||||||
{toxinidir}/tools/install-cfssl.sh
|
{toxinidir}/tools/install-cfssl.sh
|
||||||
bash -c 'PATH=$PATH:~/.local/bin; pytest --cov=pegleg --cov-report \
|
bash -c 'PATH=$PATH:~/.local/bin; pytest --cov=pegleg --cov-report \
|
||||||
html:cover --cov-report xml:cover/coverage.xml --cov-report term \
|
html:cover --cov-report xml:cover/coverage.xml --cov-report term \
|
||||||
--cov-fail-under 84 tests/'
|
--cov-fail-under 86 tests/'
|
||||||
whitelist_externals =
|
whitelist_externals =
|
||||||
bash
|
bash
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue