46adb6649d
cryptography module throws an InvalidToken exception that does not have any error message. Change-Id: Ied520cd9ff60032fad1ae13e4a81dad6847d82ab Closes-Bug: #1711047
77 lines
3.0 KiB
Python
77 lines
3.0 KiB
Python
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from oslo_config import cfg
|
|
import six
|
|
|
|
from heat.common import config
|
|
from heat.common import crypt
|
|
from heat.common import exception
|
|
from heat.tests import common
|
|
|
|
|
|
class CryptTest(common.HeatTestCase):
|
|
|
|
def test_fernet_key(self):
|
|
key = 'x' * 16
|
|
method, result = crypt.encrypt('foo', key)
|
|
self.assertEqual('cryptography_decrypt_v1', method)
|
|
self.assertIsNotNone(result)
|
|
|
|
def test_init_auth_encryption_key_length(self):
|
|
"""Test for length of the auth_encryption_length in config file"""
|
|
cfg.CONF.set_override('auth_encryption_key', 'abcdefghijklma')
|
|
err = self.assertRaises(exception.Error,
|
|
config.startup_sanity_check)
|
|
exp_msg = ('heat.conf misconfigured, auth_encryption_key '
|
|
'must be 32 characters')
|
|
self.assertIn(exp_msg, six.text_type(err))
|
|
|
|
def _test_encrypt_decrypt_dict(self, encryption_key=None):
|
|
data = {'p1': u'happy',
|
|
'2': [u'a', u'little', u'blue'],
|
|
'p3': {u'really': u'exited', u'ok int': 9},
|
|
'4': u'',
|
|
'p5': True,
|
|
'6': 7}
|
|
encrypted_data = crypt.encrypted_dict(data, encryption_key)
|
|
for k in encrypted_data:
|
|
self.assertEqual('cryptography_decrypt_v1',
|
|
encrypted_data[k][0])
|
|
self.assertEqual(2, len(encrypted_data[k]))
|
|
# the keys remain the same
|
|
self.assertEqual(set(data), set(encrypted_data))
|
|
|
|
decrypted_data = crypt.decrypted_dict(encrypted_data, encryption_key)
|
|
self.assertEqual(data, decrypted_data)
|
|
|
|
def test_encrypt_decrypt_dict_custom_enc_key(self):
|
|
self._test_encrypt_decrypt_dict('just for testing not so great re')
|
|
|
|
def test_encrypt_decrypt_dict_default_enc_key(self):
|
|
self._test_encrypt_decrypt_dict()
|
|
|
|
def test_decrypt_dict_invalid_key(self):
|
|
data = {'p1': u'happy',
|
|
'2': [u'a', u'little', u'blue'],
|
|
'6': 7}
|
|
encrypted_data = crypt.encrypted_dict(
|
|
data, '767c3ed056cbaa3b9dfedb8c6f825bf0')
|
|
ex = self.assertRaises(exception.InvalidEncryptionKey,
|
|
crypt.decrypted_dict,
|
|
encrypted_data,
|
|
'767c3ed056cbaa3b9dfedb8c6f825bf1')
|
|
self.assertEqual('Can not decrypt data with the auth_encryption_key '
|
|
'in heat config.',
|
|
six.text_type(ex))
|