[test] fix test and remove leftovers defer_encryption

5 files changed, 16 insertions, 29 deletions

diff --git a/client/src/leap/soledad/client/_crypto.py b/client/src/leap/soledad/client/_crypto.py
index cee4f0f4..1492c1ab 100644
--- a/client/src/leap/soledad/client/_crypto.py
+++ b/client/src/leap/soledad/client/_crypto.py
@@ -28,7 +28,6 @@ import struct
 import time
 
 from io import BytesIO
-from cStringIO import StringIO
 from collections import namedtuple
 
 import six
@@ -36,8 +35,6 @@ import six
 from twisted.internet import defer
 from twisted.internet import interfaces
 from twisted.logger import Logger
-from twisted.persisted import dirdbm
-from twisted.web import client
 from twisted.web.client import FileBodyProducer
 
 from cryptography.exceptions import InvalidSignature
@@ -50,8 +47,6 @@ from cryptography.hazmat.backends.openssl.backend \
 
 from zope.interface import implements
 
-from leap.common.config import get_path_prefix
-
 
 log = Logger()
 
@@ -241,7 +236,6 @@ class BlobDecryptor(object):
             raise InvalidBlob
         self.ciphertext.close()
 
-        current_time = int(time.time())
         if not data or six.indexbytes(data, 0) != 0x80:
             raise InvalidBlob
         try:
@@ -259,7 +253,6 @@ class BlobDecryptor(object):
         iv = data[11:27]
         docidlen = len(self.doc_id)
         ciph_idx = 26 + docidlen
-        doc_id = data[26:ciph_idx]
         revlen = len(self.rev)
         rev_idx = ciph_idx + 1 + revlen
         rev = data[ciph_idx + 1:rev_idx]
@@ -313,7 +306,7 @@ class AESEncryptor(object):
 
     def end(self):
         if not self.done:
-            final = self.encryptor.finalize()
+            self.fd.write(self.encryptor.finalize())
         self.done = True
 
 
@@ -354,7 +347,7 @@ class AESDecryptor(object):
         if iv is None:
             iv = os.urandom(16)
         if len(key) != 32:
-            raise EncryptionhDecryptionError('key is not 256 bits')
+            raise EncryptionDecryptionError('key is not 256 bits')
         if len(iv) != 16:
             raise EncryptionDecryptionError('iv is not 128 bits')
 
@@ -380,9 +373,12 @@ class AESDecryptor(object):
 
 
 def is_symmetrically_encrypted(payload):
-    header = base64.urlsafe_b64decode(enc[:15] + '===')
+    if not payload or len(payload) < 24 \
+            or not payload.startswith('{"raw": "'):
+        return False
+    header = base64.urlsafe_b64decode(payload[9:24] + '==')
     ts, sch, meth = struct.unpack('Qbb', header[1:11])
-    return sch == ENC_SCHEME.symkey
+    return sch == ENC_SCHEME.symkey and meth == ENC_METHOD.aes_256_ctr
 
 
 # utils
diff --git a/client/src/leap/soledad/client/api.py b/client/src/leap/soledad/client/api.py
index 8ce77d24..1f151e7d 100644
--- a/client/src/leap/soledad/client/api.py
+++ b/client/src/leap/soledad/client/api.py
@@ -60,7 +60,6 @@ from leap.soledad.client import sqlcipher
 from leap.soledad.client.secrets import SoledadSecrets
 from leap.soledad.client.shared_db import SoledadSharedDatabase
 from leap.soledad.client._crypto import SoledadCrypto
-from leap.soledad.client._crypto import BlobEncryptor
 
 logger = getLogger(__name__)
 
@@ -183,7 +182,6 @@ class Soledad(object):
         self._passphrase = passphrase
         self._local_db_path = local_db_path
         self._server_url = server_url
-        self._defer_encryption = defer_encryption
         self._secrets_path = None
         self._dbsyncer = None
 
@@ -285,8 +283,7 @@ class Soledad(object):
 
         opts = sqlcipher.SQLCipherOptions(
             self._local_db_path, key,
-            is_raw_key=True, create=True,
-            defer_encryption=self._defer_encryption)
+            is_raw_key=True, create=True)
         self._sqlcipher_opts = opts
         self._dbpool = adbapi.getConnectionPool(opts)
 
diff --git a/client/src/leap/soledad/client/examples/soledad_sync.py b/client/src/leap/soledad/client/examples/soledad_sync.py
index 63077ee3..3aed10eb 100644
--- a/client/src/leap/soledad/client/examples/soledad_sync.py
+++ b/client/src/leap/soledad/client/examples/soledad_sync.py
@@ -40,7 +40,7 @@ def init_soledad(_):
     global soledad
     soledad = Soledad(uuid, _pass, secrets_path, local_db_path,
                       server_url, cert_file,
-                      auth_token=token, defer_encryption=False)
+                      auth_token=token)
 
     def getall(_):
         d = soledad.get_all_docs()
diff --git a/client/src/leap/soledad/client/http_target/fetch.py b/client/src/leap/soledad/client/http_target/fetch.py
index a0c35063..5356f872 100644
--- a/client/src/leap/soledad/client/http_target/fetch.py
+++ b/client/src/leap/soledad/client/http_target/fetch.py
@@ -106,10 +106,10 @@ class HTTPDocFetcher(object):
 
         doc = SoledadDocument(doc_info['id'], doc_info['rev'], content)
 
-        payload = doc.content['raw']
-        if is_symmetrically_encrypted(payload):
-            decrypted = yield self._crypto.decrypt_doc(doc)
-            doc.set_json(decrypted)
+        if is_symmetrically_encrypted(content):
+            content = yield self._crypto.decrypt_doc(doc)
+
+        doc.set_json(content)
 
         # TODO insert blobs here on the blob backend
         self._insert_doc_cb(doc, doc_info['gen'], doc_info['trans_id'])
diff --git a/client/src/leap/soledad/client/sqlcipher.py b/client/src/leap/soledad/client/sqlcipher.py
index 618b17b9..bd7d2cc1 100644
--- a/client/src/leap/soledad/client/sqlcipher.py
+++ b/client/src/leap/soledad/client/sqlcipher.py
@@ -117,7 +117,7 @@ class SQLCipherOptions(object):
     @classmethod
     def copy(cls, source, path=None, key=None, create=None,
              is_raw_key=None, cipher=None, kdf_iter=None,
-             cipher_page_size=None, defer_encryption=None, sync_db_key=None):
+             cipher_page_size=None, sync_db_key=None):
         """
         Return a copy of C{source} with parameters different than None
         replaced by new values.
@@ -134,7 +134,7 @@ class SQLCipherOptions(object):
                 args.append(getattr(source, name))
 
         for name in ["create", "is_raw_key", "cipher", "kdf_iter",
-                     "cipher_page_size", "defer_encryption", "sync_db_key"]:
+                     "cipher_page_size", "sync_db_key"]:
             val = local_vars[name]
             if val is not None:
                 kwargs[name] = val
@@ -145,7 +145,7 @@ class SQLCipherOptions(object):
 
     def __init__(self, path, key, create=True, is_raw_key=False,
                  cipher='aes-256-cbc', kdf_iter=4000, cipher_page_size=1024,
-                 defer_encryption=False, sync_db_key=None):
+                 sync_db_key=None):
         """
         :param path: The filesystem path for the database to open.
         :type path: str
@@ -163,10 +163,6 @@ class SQLCipherOptions(object):
         :type kdf_iter: int
         :param cipher_page_size: The page size.
         :type cipher_page_size: int
-        :param defer_encryption:
-            Whether to defer encryption of documents, or do it
-            inline while syncing.
-        :type defer_encryption: bool
         """
         self.path = path
         self.key = key
@@ -175,7 +171,6 @@ class SQLCipherOptions(object):
         self.cipher = cipher
         self.kdf_iter = kdf_iter
         self.cipher_page_size = cipher_page_size
-        self.defer_encryption = defer_encryption
         self.sync_db_key = sync_db_key
 
     def __str__(self):
@@ -201,7 +196,6 @@ class SQLCipherDatabase(sqlite_backend.SQLitePartialExpandDatabase):
     """
     A U1DB implementation that uses SQLCipher as its persistence layer.
     """
-    defer_encryption = False
 
     # The attribute _index_storage_value will be used as the lookup key for the
     # implementation of the SQLCipher storage backend.