From bd5a4020099f419c5a54a7c2d8de0b6f1b90b9cc Mon Sep 17 00:00:00 2001 From: tierno Date: Wed, 30 Jan 2019 09:48:38 +0000 Subject: [PATCH] Capture UnicodeDecodeError if decrypting with wrong key Change-Id: If4904c0eeac396eee7082d19784e440991131297 Signed-off-by: tierno --- osm_common/__init__.py | 2 +- osm_common/dbbase.py | 6 +++++- osm_common/tests/test_dbbase.py | 8 ++++++++ 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/osm_common/__init__.py b/osm_common/__init__.py index eb858ee..edf5308 100644 --- a/osm_common/__init__.py +++ b/osm_common/__init__.py @@ -15,6 +15,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -version = '0.1.16' +version = '0.1.18' # TODO add package version filling commit id with 0's; e.g.: '5.0.0.post11+00000000.dirty-1' date_version = '2019-01-28' diff --git a/osm_common/dbbase.py b/osm_common/dbbase.py index d199dde..09eddbc 100644 --- a/osm_common/dbbase.py +++ b/osm_common/dbbase.py @@ -236,7 +236,11 @@ class DbBase(object): encrypted_msg = b64decode(value) cipher = AES.new(secret_key) decrypted_msg = cipher.decrypt(encrypted_msg) - unpadded_private_msg = decrypted_msg.decode().rstrip('\0') + try: + unpadded_private_msg = decrypted_msg.decode().rstrip('\0') + except UnicodeDecodeError: + raise DbException("Cannot decrypt information. Are you using same COMMONKEY in all OSM components?", + http_code=HTTPStatus.INTERNAL_SERVER_ERROR) return unpadded_private_msg diff --git a/osm_common/tests/test_dbbase.py b/osm_common/tests/test_dbbase.py index 33b8782..ca1336d 100644 --- a/osm_common/tests/test_dbbase.py +++ b/osm_common/tests/test_dbbase.py @@ -22,6 +22,7 @@ import pytest import unittest from osm_common.dbbase import DbBase, DbException, deep_update from os import urandom +from http import HTTPStatus def exception_message(message): @@ -137,6 +138,13 @@ class TestEncryption(unittest.TestCase): for j in range(i+1, len(encrypted)): self.assertNotEqual(encrypted[i], encrypted[j], "encryption with different salt must contain different result") + # decrypt with a different master key + try: + decrypted = self.db_bases[-1].decrypt(encrypted[0], schema_version='1.1', salt=None) + self.assertNotEqual(encrypted[0], decrypted, "Decryption with different KEY must generate different result") + except DbException as e: + self.assertEqual(e.http_code, HTTPStatus.INTERNAL_SERVER_ERROR, + "Decryption with different KEY does not provide expected http_code") class TestDeepUpdate(unittest.TestCase): -- 2.17.1