+class TestEncryption(unittest.TestCase):
+ def setUp(self):
+ master_key = "Setting a long master key with numbers 123 and capitals AGHBNHD and symbols %&8)!'"
+ db_base1 = DbBase()
+ db_base2 = DbBase()
+ db_base3 = DbBase()
+ # set self.secret_key obtained when connect
+ db_base1.set_secret_key(master_key, replace=True)
+ db_base1.set_secret_key(urandom(32))
+ db_base2.set_secret_key(None, replace=True)
+ db_base2.set_secret_key(urandom(30))
+ db_base3.set_secret_key(master_key)
+ self.db_bases = [db_base1, db_base2, db_base3]
+
+ def test_encrypt_decrypt(self):
+ TEST = (
+ ("plain text 1 ! ", None),
+ ("plain text 2 with salt ! ", "1afd5d1a-4a7e-4d9c-8c65-251290183106"),
+ )
+ for db_base in self.db_bases:
+ for value, salt in TEST:
+ # no encryption
+ encrypted = db_base.encrypt(value, schema_version="1.0", salt=salt)
+ self.assertEqual(
+ encrypted, value, "value '{}' has been encrypted".format(value)
+ )
+ decrypted = db_base.decrypt(encrypted, schema_version="1.0", salt=salt)
+ self.assertEqual(
+ decrypted, value, "value '{}' has been decrypted".format(value)
+ )
+
+ # encrypt/decrypt
+ encrypted = db_base.encrypt(value, schema_version="1.1", salt=salt)
+ self.assertNotEqual(
+ encrypted, value, "value '{}' has not been encrypted".format(value)
+ )
+ self.assertIsInstance(encrypted, str, "Encrypted is not ascii text")
+ decrypted = db_base.decrypt(encrypted, schema_version="1.1", salt=salt)
+ self.assertEqual(
+ decrypted, value, "value is not equal after encryption/decryption"
+ )
+
+ def test_encrypt_decrypt_salt(self):
+ value = "value to be encrypted!"
+ encrypted = []
+ for db_base in self.db_bases:
+ for salt in (None, "salt 1", "1afd5d1a-4a7e-4d9c-8c65-251290183106"):
+ # encrypt/decrypt
+ encrypted.append(
+ db_base.encrypt(value, schema_version="1.1", salt=salt)
+ )
+ self.assertNotEqual(
+ encrypted[-1],
+ value,
+ "value '{}' has not been encrypted".format(value),
+ )
+ self.assertIsInstance(encrypted[-1], str, "Encrypted is not ascii text")
+ decrypted = db_base.decrypt(
+ encrypted[-1], schema_version="1.1", salt=salt
+ )
+ self.assertEqual(
+ decrypted, value, "value is not equal after encryption/decryption"
+ )
+ for i in range(0, len(encrypted)):
+ for j in range(i + 1, len(encrypted)):
+ self.assertNotEqual(
+ encrypted[i],
+ encrypted[j],
+ "encryption with different salt must contain different result",
+ )
+ # decrypt with a different master key
+ try:
+ decrypted = self.db_bases[-1].decrypt(
+ encrypted[0], schema_version="1.1", salt=None
+ )
+ self.assertNotEqual(
+ encrypted[0],
+ decrypted,
+ "Decryption with different KEY must generate different result",
+ )
+ except DbException as e:
+ self.assertEqual(
+ e.http_code,
+ HTTPStatus.INTERNAL_SERVER_ERROR,
+ "Decryption with different KEY does not provide expected http_code",
+ )
+
+