src/leap/soledad/tests/test_encrypted.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135

from leap.soledad.backends.leap_backend import LeapDocument
from leap.soledad.tests import BaseSoledadTest
from leap.soledad.tests import KEY_FINGERPRINT
from leap.soledad import (
    Soledad,
    KeyAlreadyExists,
)
from leap.soledad.util import GPGWrapper

try:
    import simplejson as json
except ImportError:
    import json  # noqa


class EncryptedSyncTestCase(BaseSoledadTest):
    """
    Tests that guarantee that data will always be encrypted when syncing.
    """

    def test_get_set_encrypted_json(self):
        """
        Test getting and setting encrypted content.
        """
        doc1 = LeapDocument(soledad=self._soledad)
        doc1.content = {'key': 'val'}
        doc2 = LeapDocument(doc_id=doc1.doc_id,
                            encrypted_json=doc1.get_encrypted_json(),
                            soledad=self._soledad)
        res1 = doc1.get_json()
        res2 = doc2.get_json()
        self.assertEqual(res1, res2, 'incorrect document encryption')

    def test_successful_symmetric_encryption(self):
        """
        Test for successful symmetric encryption.
        """
        doc1 = LeapDocument(soledad=self._soledad)
        doc1.content = {'key': 'val'}
        enc_json = json.loads(doc1.get_encrypted_json())['_encrypted_json']
        self.assertEqual(
            True,
            self._soledad._gpg.is_encrypted_sym(enc_json),
            "could not encrypt with passphrase.")

    def test_export_recovery_document_raw(self):
        rd = self._soledad.export_recovery_document(None)
        self.assertEqual(
            {
                'user_email': self._soledad._user_email,
                'privkey': self._soledad._gpg.export_keys(
                    self._soledad._fingerprint,
                    secret=True),
                'secret': self._soledad._secret
            },
            json.loads(rd),
            "Could not export raw recovery document."
        )

    def test_export_recovery_document_crypt(self):
        rd = self._soledad.export_recovery_document('123456')
        self.assertEqual(True,
                         self._soledad._gpg.is_encrypted_sym(rd))
        data = {
            'user_email': self._soledad._user_email,
            'privkey': self._soledad._gpg.export_keys(
                self._soledad._fingerprint,
                secret=True),
            'secret': self._soledad._secret,
        }
        raw_data = json.loads(str(self._soledad._gpg.decrypt(
            rd,
            passphrase='123456')))
        self.assertEqual(
            raw_data,
            data,
            "Could not export raw recovery document."
        )

    def test_import_recovery_document_raises_exception(self):
        rd = self._soledad.export_recovery_document(None)
        self.assertRaises(KeyAlreadyExists,
                          self._soledad.import_recovery_document, rd, None)

    def test_import_recovery_document_raw(self):
        rd = self._soledad.export_recovery_document(None)
        gnupg_home = self.gnupg_home = "%s/gnupg2" % self.tempdir
        s = Soledad('anotheruser@leap.se', gnupg_home=gnupg_home,
                    initialize=False, prefix=self.tempdir)
        s._init_dirs()
        s._gpg = GPGWrapper(gnupghome=gnupg_home)
        s.import_recovery_document(rd, None)
        self.assertEqual(self._soledad._user_email,
                         s._user_email, 'Failed setting user email.')
        self.assertEqual(self._soledad._secret,
                         s._secret,
                         'Failed settinng secret for symmetric encryption.')
        self.assertEqual(self._soledad._fingerprint,
                         s._fingerprint,
                         'Failed settinng fingerprint.')
        pk1 = self._soledad._gpg.export_keys(
            self._soledad._fingerprint,
            secret=True)
        pk2 = s._gpg.export_keys(s._fingerprint, secret=True)
        self.assertEqual(
            pk1,
            pk2,
            'Failed settinng private key.'
        )

    def test_import_recovery_document_crypt(self):
        rd = self._soledad.export_recovery_document('123456')
        gnupg_home = self.gnupg_home = "%s/gnupg2" % self.tempdir
        s = Soledad('anotheruser@leap.se', gnupg_home=gnupg_home,
                    initialize=False, prefix=self.tempdir)
        s._init_dirs()
        s._gpg = GPGWrapper(gnupghome=gnupg_home)
        s.import_recovery_document(rd, '123456')
        self.assertEqual(self._soledad._user_email,
                         s._user_email, 'Failed setting user email.')
        self.assertEqual(self._soledad._secret,
                         s._secret,
                         'Failed settinng secret for symmetric encryption.')
        self.assertEqual(self._soledad._fingerprint,
                         s._fingerprint,
                         'Failed settinng fingerprint.')
        pk1 = self._soledad._gpg.export_keys(
            self._soledad._fingerprint,
            secret=True)
        pk2 = s._gpg.export_keys(s._fingerprint, secret=True)
        self.assertEqual(
            pk1,
            pk2,
            'Failed settinng private key.'
        )