mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
Add tests for create_encrypted_pem() and create_from_encrypted_pem()
This commit is contained in:
parent
f613f85e31
commit
7c7349a9c8
2 changed files with 74 additions and 6 deletions
|
|
@ -502,17 +502,16 @@ def create_encrypted_pem(rsakey_dict, passphrase):
|
|||
|
||||
passphrase:
|
||||
The passphrase, or password, to encrypt the private part of the RSA
|
||||
key. 'passphrase' is not used directly as the encryption key, but used
|
||||
to derive a stronger encryption key.
|
||||
key. 'passphrase' is not used directly as the encryption key, a stronger
|
||||
encryption key is derived from it.
|
||||
|
||||
<Exceptions>
|
||||
TypeError, if a private key is not defined for 'rsakey_dict'.
|
||||
|
||||
tuf.FormatError, if an incorrect format is found for the
|
||||
'rsakey_dict' object.
|
||||
tuf.FormatError, if an incorrect format is found for 'rsakey_dict'.
|
||||
|
||||
<Side Effects>
|
||||
PyCrypto's 'Crypto.PublicKey.RSA.exportKey()' called to perform the actual
|
||||
PyCrypto's Crypto.PublicKey.RSA.exportKey() called to perform the actual
|
||||
generation of the PEM-formatted output.
|
||||
|
||||
<Returns>
|
||||
|
|
@ -608,7 +607,7 @@ def create_from_encrypted_pem(encrypted_pem, passphrase):
|
|||
try:
|
||||
rsa_key_object = Crypto.PublicKey.RSA.importKey(encrypted_pem, passphrase)
|
||||
except (ValueError, IndexError, TypeError), e:
|
||||
message = 'An RSA key object could not be generated from the encrypted'+\
|
||||
message = 'An RSA key object could not be generated from the encrypted '+\
|
||||
'PEM string.'
|
||||
raise tuf.CryptoError(message)
|
||||
|
||||
|
|
|
|||
|
|
@ -183,6 +183,75 @@ def test_verify_signature(self):
|
|||
self.assertRaises(TypeError,RSA_KEY.verify_signature)
|
||||
|
||||
|
||||
def test_create_encrypted_pem(self):
|
||||
passphrase = 'pw'
|
||||
|
||||
# Check format of 'rsakey_dict'.
|
||||
self.assertEqual(None, tuf.formats.RSAKEY_SCHEMA.check_match(rsakey_dict),
|
||||
FORMAT_ERROR_MSG)
|
||||
|
||||
# Check format of 'passphrase'.
|
||||
self.assertEqual(None, tuf.formats.PASSWORD_SCHEMA.check_match(passphrase),
|
||||
FORMAT_ERROR_MSG)
|
||||
|
||||
# Generate the encrypted PEM string of 'rsakey_dict'.
|
||||
pem_rsakey = tuf.rsa_key.create_encrypted_pem(rsakey_dict, passphrase)
|
||||
|
||||
# Check for invalid arguments.
|
||||
self.assertRaises(tuf.FormatError,
|
||||
tuf.rsa_key.create_encrypted_pem, 'Biff', passphrase)
|
||||
self.assertRaises(tuf.FormatError,
|
||||
tuf.rsa_key.create_encrypted_pem, rsakey_dict, ['pw'])
|
||||
|
||||
|
||||
|
||||
def test_create_from_encrypted_pem(self):
|
||||
passphrase = 'pw'
|
||||
|
||||
# Check format of 'rsakey_dict'.
|
||||
self.assertEqual(None, tuf.formats.RSAKEY_SCHEMA.check_match(rsakey_dict),
|
||||
FORMAT_ERROR_MSG)
|
||||
|
||||
# Check format of 'passphrase'.
|
||||
self.assertEqual(None, tuf.formats.PASSWORD_SCHEMA.check_match(passphrase),
|
||||
FORMAT_ERROR_MSG)
|
||||
|
||||
# Generate the encrypted PEM string of 'rsakey_dict'.
|
||||
pem_rsakey = tuf.rsa_key.create_encrypted_pem(rsakey_dict, passphrase)
|
||||
|
||||
# Decrypt 'pem_rsakey' and verify the decrypted object is properly
|
||||
# formatted.
|
||||
decrypted_rsakey = tuf.rsa_key.create_from_encrypted_pem(pem_rsakey,
|
||||
passphrase)
|
||||
self.assertEqual(None, tuf.formats.RSAKEY_SCHEMA.check_match(decrypted_rsakey),
|
||||
FORMAT_ERROR_MSG)
|
||||
|
||||
# Does 'decrypted_rsakey' match the original 'rsakey_dict'.
|
||||
self.assertEqual(rsakey_dict, decrypted_rsakey)
|
||||
|
||||
# Attempt decryption of 'pem_rsakey' using an incorrect passphrase.
|
||||
self.assertRaises(tuf.CryptoError,
|
||||
tuf.rsa_key.create_from_encrypted_pem, pem_rsakey,
|
||||
'bad_pw')
|
||||
# Check for non-encrypted PEM string. create_from_encrypted_pem()/PyCrypto
|
||||
# returns a tuf.formats.RSAKEY_SCHEMA object if PEM formatted string is
|
||||
# not actually encrypted but still a valid PEM string.
|
||||
non_encrypted_private_key = rsakey_dict['keyval']['private']
|
||||
decrypted_non_encrypted = tuf.rsa_key.create_from_encrypted_pem(
|
||||
non_encrypted_private_key, passphrase)
|
||||
self.assertEqual(None, tuf.formats.RSAKEY_SCHEMA.check_match(
|
||||
decrypted_non_encrypted), FORMAT_ERROR_MSG)
|
||||
|
||||
# Check for invalid arguments.
|
||||
self.assertRaises(tuf.FormatError,
|
||||
tuf.rsa_key.create_from_encrypted_pem, 123, passphrase)
|
||||
self.assertRaises(tuf.FormatError,
|
||||
tuf.rsa_key.create_from_encrypted_pem, pem_rsakey, ['pw'])
|
||||
self.assertRaises(tuf.CryptoError,
|
||||
tuf.rsa_key.create_from_encrypted_pem, 'invalid_pem',
|
||||
passphrase)
|
||||
|
||||
|
||||
|
||||
# Run the unit tests.
|
||||
if __name__ == '__main__':
|
||||
|
|
|
|||
Loading…
Reference in a new issue