This file is indexed.

/usr/share/pyshared/obnamlib/encryption_tests.py is in obnam 1.6.1-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
# Copyright 2011  Lars Wirzenius
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.


import os
import shutil
import subprocess
import tempfile
import unittest

import obnamlib


def cat(filename):
    f = open(filename, 'rb')
    data = f.read()
    f.close()
    return data


class SymmetricEncryptionTests(unittest.TestCase):

    # We don't test the quality of keys or encryption here. Doing that is
    # hard to do well, and we'll just assume that reading /dev/random
    # for keys, and using gpg for encryption, is going to work well.
    # In these tests, we care about making sure we use the tools right,
    # not that the tools themselves work right.

    def test_generates_key_of_correct_length(self):
        numbits = 16
        key = obnamlib.generate_symmetric_key(numbits, filename='/dev/zero')
        self.assertEqual(len(key) * 8 / 2, numbits) # /2 for hex encoding

    def test_generates_key_with_size_rounded_up(self):
        numbits = 15
        key = obnamlib.generate_symmetric_key(numbits, filename='/dev/zero')
        self.assertEqual(len(key)/2, 2) # /2 for hex encoding

    def test_encrypts_into_different_string_than_cleartext(self):
        cleartext = 'hello world'
        key = 'sekr1t'
        encrypted = obnamlib.encrypt_symmetric(cleartext, key)
        self.assertNotEqual(cleartext, encrypted)

    def test_encrypt_decrypt_round_trip(self):
        cleartext = 'hello, world'
        key = 'sekr1t'
        encrypted = obnamlib.encrypt_symmetric(cleartext, key)
        decrypted = obnamlib.decrypt_symmetric(encrypted, key)
        self.assertEqual(decrypted, cleartext)


class SymmetricKeyCacheTests(unittest.TestCase):

    def setUp(self):
        self.cache = obnamlib.SymmetricKeyCache()
        self.repo = 'repo'
        self.repo2 = 'repo2'
        self.toplevel = 'toplevel'
        self.key = 'key'
        self.key2 = 'key2'

    def test_does_not_have_key_initially(self):
        self.assertEqual(self.cache.get(self.repo, self.toplevel), None)

    def test_remembers_key(self):
        self.cache.put(self.repo, self.toplevel, self.key)
        self.assertEqual(self.cache.get(self.repo, self.toplevel), self.key)

    def test_does_not_remember_key_for_different_repo(self):
        self.cache.put(self.repo, self.toplevel, self.key)
        self.assertEqual(self.cache.get(self.repo2, self.toplevel), None)

    def test_remembers_keys_for_both_repos(self):
        self.cache.put(self.repo, self.toplevel, self.key)
        self.cache.put(self.repo2, self.toplevel, self.key2)
        self.assertEqual(self.cache.get(self.repo, self.toplevel), self.key)
        self.assertEqual(self.cache.get(self.repo2, self.toplevel), self.key2)

    def test_clears_cache(self):
        self.cache.put(self.repo, self.toplevel, self.key)
        self.cache.clear()
        self.assertEqual(self.cache.get(self.repo, self.toplevel), None)


class GetPublicKeyTests(unittest.TestCase):

    def setUp(self):
        self.dirname = tempfile.mkdtemp()
        self.gpghome = os.path.join(self.dirname, 'gpghome')
        shutil.copytree('test-gpghome', self.gpghome)
        self.keyid = '1B321347'

    def tearDown(self):
        shutil.rmtree(self.dirname)

    def test_exports_key(self):
        key = obnamlib.get_public_key(self.keyid, gpghome=self.gpghome)
        self.assert_('-----BEGIN PGP PUBLIC KEY BLOCK-----' in key)


class KeyringTests(unittest.TestCase):

    def setUp(self):
        self.keyring = obnamlib.Keyring()
        self.keyid = '3B1802F81B321347'
        self.key = '''
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)

mI0ETY8gwwEEAMrSXBIJseIv9miuwnYlCd7CQCzNb8nHYkpo4o1nEQD3k/h7xj9m
/0Gd5kLfF+WLwAxSJYb41JjaKs0FeUexSGNePdNFxn2CCZ4moHH19tTlWGfqCNz7
vcYQpSbPix+zhR7uNqilxtsIrx1iyYwh7L2VKf/KMJ7yXbT+jbAj7fqBABEBAAG0
CFRlc3QgS2V5iLgEEwECACIFAk2PIMMCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
AheAAAoJEDsYAvgbMhNHlEED/1UkiLJ8R3phMRnjLtn+5JobYvOi7WEubnRv1rnN
MC4MyhFiLux7Z8p3xwt1Pf2GqL7q1dD91NOx+6KS3d1PFmiM/i1fYalZPbzm1gNr
8sFK2Gxsnd7mmYf2wKIo335Bk21SCmGcNKvmKW2M6ckzPT0q/RZ2hhY9JhHUiLG4
Lu3muI0ETY8gwwEEAMQoiBCQYky52pDamnH5c7FngCM72AkNq/z0+DHqY202gksd
Vy63TF7UGIsiCLvY787vPm62sOqYO0uI6PV5xVDGyJh4oI/g2zgNkhXRZrIB1Q+T
THp7qSmwQUZv8T+HfgxLiaXDq6oV/HWLElcMQ9ClZ3Sxzlu3ZQHrtmY5XridABEB
AAGInwQYAQIACQUCTY8gwwIbDAAKCRA7GAL4GzITR4hgBAClEurTj5n0/21pWZH0
Ljmokwa3FM++OZxO7shc1LIVNiAKfLiPigU+XbvSeVWTeajKkvj5LCVxKQiRSiYB
Z85TYTo06kHvDCYQmFOSGrLsZxMyJCfHML5spF9+bej5cepmuNVIdJK5vlgDiVr3
uWUO7gMi+AlnxbfXVCTEgw3xhg==
=j+6W
-----END PGP PUBLIC KEY BLOCK-----
'''

    def test_has_no_keys_initially(self):
        self.assertEqual(self.keyring.keyids(), [])
        self.assertEqual(str(self.keyring), '')

    def test_gets_no_keys_from_empty_encoded(self):
        keyring = obnamlib.Keyring(encoded='')
        self.assertEqual(keyring.keyids(), [])

    def test_adds_key(self):
        self.keyring.add(self.key)
        self.assertEqual(self.keyring.keyids(), [self.keyid])
        self.assert_(self.keyid in self.keyring)

    def test_removes_key(self):
        self.keyring.add(self.key)
        self.keyring.remove(self.keyid)
        self.assertEqual(self.keyring.keyids(), [])

    def test_export_import_roundtrip_works(self):
        self.keyring.add(self.key)
        exported = str(self.keyring)
        keyring2 = obnamlib.Keyring(exported)
        self.assertEqual(keyring2.keyids(), [self.keyid])


class SecretKeyringTests(unittest.TestCase):

    def test_lists_correct_key(self):
        keyid1 = '3B1802F81B321347'
        keyid2 = 'DF3D13AA11E69900'
        seckeys = obnamlib.SecretKeyring(cat('test-gpghome/secring.gpg'))
        self.assertEqual(sorted(seckeys.keyids()), sorted([keyid1, keyid2]))


class PublicKeyEncryptionTests(unittest.TestCase):

    def test_roundtrip_works(self):
        cleartext = 'hello, world'
        passphrase = 'password1'
        keyring = obnamlib.Keyring(cat('test-gpghome/pubring.gpg'))
        seckeys = obnamlib.SecretKeyring(cat('test-gpghome/secring.gpg'))

        encrypted = obnamlib.encrypt_with_keyring(cleartext, keyring)
        decrypted = obnamlib.decrypt_with_secret_keys(encrypted,
                                                      gpghome='test-gpghome')

        self.assertEqual(decrypted, cleartext)