-
Notifications
You must be signed in to change notification settings - Fork 197
Expand file tree
/
Copy pathtest_unit_encryption.py
More file actions
135 lines (114 loc) · 4.02 KB
/
Copy pathtest_unit_encryption.py
File metadata and controls
135 lines (114 loc) · 4.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
"""Unit tests: encryption functions"""
import pytest
@pytest.mark.parametrize("condition", ["default", "override"])
def test_get_cipher(runner, paths, condition):
"""Test _get_cipher()"""
if condition == "override":
paths.config.write("[yadm]\n\tcipher = override-cipher")
script = f"""
YADM_TEST=1 source {paths.pgm}
YADM_DIR="{paths.yadm}"
set_yadm_dirs
configure_paths
_get_cipher test-archive
echo "output_archive:$output_archive"
echo "yadm_cipher:$yadm_cipher"
"""
run = runner(command=["bash"], inp=script)
assert run.success
assert run.err == ""
assert "output_archive:test-archive" in run.out
if condition == "override":
assert "yadm_cipher:override-cipher" in run.out
else:
assert "yadm_cipher:gpg" in run.out
@pytest.mark.parametrize("cipher", ["gpg", "openssl", "bad"])
@pytest.mark.parametrize("mode", ["_encrypt_to", "_decrypt_from"])
def test_encrypt_decrypt(runner, paths, cipher, mode):
"""Test _encrypt_to() & _decrypt_from"""
script = f"""
YADM_TEST=1 source {paths.pgm}
YADM_DIR="{paths.yadm}"
set_yadm_dirs
configure_paths
function mock_openssl() {{ echo openssl $*; }}
function mock_gpg() {{ echo gpg $*; }}
function _get_cipher() {{
output_archive="$1"
yadm_cipher="{cipher}"
}}
OPENSSL_PROGRAM=mock_openssl
GPG_PROGRAM=mock_gpg
{mode} {paths.archive}
"""
run = runner(command=["bash"], inp=script)
if cipher != "bad":
assert run.success
assert run.out.startswith(cipher)
assert str(paths.archive) in run.out
assert run.err == ""
else:
assert run.failure
assert "Unknown cipher" in run.err
@pytest.mark.parametrize("condition", ["default", "override"])
def test_get_openssl_ciphername(runner, paths, condition):
"""Test _get_openssl_ciphername()"""
if condition == "override":
paths.config.write("[yadm]\n\topenssl-ciphername = override-cipher")
script = f"""
YADM_TEST=1 source {paths.pgm}
YADM_DIR="{paths.yadm}"
set_yadm_dirs
configure_paths
result=$(_get_openssl_ciphername)
echo "result:$result"
"""
run = runner(command=["bash"], inp=script)
assert run.success
assert run.err == ""
if condition == "override":
assert run.out.strip() == "result:override-cipher"
else:
assert run.out.strip() == "result:aes-256-cbc"
@pytest.mark.parametrize("condition", ["old", "not-old"])
def test_set_openssl_options(runner, paths, condition):
"""Test _set_openssl_options()"""
if condition == "old":
paths.config.write("[yadm]\n\topenssl-old = true")
script = f"""
YADM_TEST=1 source {paths.pgm}
YADM_DIR="{paths.yadm}"
set_yadm_dirs
configure_paths
function _get_openssl_ciphername() {{ echo "testcipher"; }}
_set_openssl_options
echo "result:${{OPENSSL_OPTS[@]}}"
"""
run = runner(command=["bash"], inp=script)
assert run.success
assert run.err == ""
if condition == "old":
assert "-testcipher -salt -md md5" in run.out
else:
assert "-testcipher -salt -pbkdf2 -iter 100000 -md sha512" in run.out
@pytest.mark.parametrize("recipient", ["ASK", "present", ""])
def test_set_gpg_options(runner, paths, recipient):
"""Test _set_gpg_options()"""
paths.config.write(f"[yadm]\n\tgpg-recipient = {recipient}")
script = f"""
YADM_TEST=1 source {paths.pgm}
YADM_DIR="{paths.yadm}"
set_yadm_dirs
configure_paths
_set_gpg_options
echo "result:${{GPG_OPTS[@]}}"
"""
run = runner(command=["bash"], inp=script)
assert run.success
assert run.err == ""
if recipient == "ASK":
assert run.out.strip() == "result:--no-default-recipient -e"
elif recipient != "":
assert run.out.strip() == f"result:-e -r {recipient}"
else:
assert run.out.strip() == "result:-c"