comparison tests/e2e/libervia-cli/test_libervia-cli.py @ 3946:f2a5936f2496

tests (e2e/cli): add test for pubsub encryption: test encryption and keys sharing. rel 380
author Goffi <goffi@goffi.org>
date Sat, 15 Oct 2022 20:38:33 +0200
parents a75874df92b8
children 2d9d0b77e82b
comparison
equal deleted inserted replaced
3945:2b2856ae5eeb 3946:f2a5936f2496
16 # You should have received a copy of the GNU Affero General Public License 16 # You should have received a copy of the GNU Affero General Public License
17 # along with this program. If not, see <http://www.gnu.org/licenses/>. 17 # along with this program. If not, see <http://www.gnu.org/licenses/>.
18 18
19 import os 19 import os
20 import shutil 20 import shutil
21 from time import sleep
22
21 import pytest 23 import pytest
24 from sat.plugins.plugin_xep_0277 import NS_ATOM
25 from sat.plugins.plugin_sec_oxps import NS_OXPS
26 from sat.tools.common import uri
22 import sh 27 import sh
23 from sh import li 28 from sh import li
24 from time import sleep
25 from sat.tools.common import uri
26 29
27 30
28 if os.getenv("LIBERVIA_TEST_ENV_E2E") is None: 31 if os.getenv("LIBERVIA_TEST_ENV_E2E") is None:
29 pytest.skip( 32 pytest.skip(
30 "skipping end-to-end tests, we are not in a test environment", 33 "skipping end-to-end tests, we are not in a test environment",
286 finally: 289 finally:
287 shutil.rmtree(dest_path) 290 shutil.rmtree(dest_path)
288 send_cmd.wait() 291 send_cmd.wait()
289 292
290 assert source_file_hash == dest_file_hash 293 assert source_file_hash == dest_file_hash
294
295
296 class TestE2EEncryption:
297
298 def test_pubsub_encryption_oxps(self, li_elt):
299 secret_blog = "this is a secret blog post"
300 node = "e2ee_blog"
301 li.blog.set(_in=secret_blog, node="e2ee_blog", item="test_e2ee", encrypt=True)
302
303 # the item should be transparently decrypted
304 parsed_decrypted = li_elt.pubsub.get(
305 node=node, item="test_e2ee", no_cache=True
306 )
307 entry_elt = parsed_decrypted.firstChildElement()
308 assert entry_elt.name == "entry"
309 assert entry_elt.uri == NS_ATOM
310 assert secret_blog in parsed_decrypted.toXml()
311
312 # with --no-decrypt, we should have the encrypted item
313 parsed_ori_item = li_elt.pubsub.get(
314 node=node, item="test_e2ee", no_decrypt=True, no_cache=True
315 )
316 encrypted_elt = parsed_ori_item.firstChildElement()
317 assert encrypted_elt.name == "encrypted"
318 assert encrypted_elt.uri == NS_OXPS
319 # the body must not be readable in plain text
320 assert secret_blog not in parsed_ori_item.toXml()
321
322 def test_pubsub_secrets_sharing_oxps(self, li_elt):
323 secret_blog = "this is a secret blog post"
324 node="secret_sharing"
325
326 li.blog.set(_in=secret_blog, node=node, item="test_e2ee", encrypt=True)
327
328 # the item must not be decrypted for account1_s2 (secret is not known)
329 parsed_item = li_elt.pubsub.get(
330 service="account1@server1.test", node=node, item="test_e2ee", no_cache=True,
331 profile="account1_s2"
332 )
333 encrypted_elt = parsed_item.firstChildElement()
334 assert encrypted_elt.name == "encrypted"
335 assert encrypted_elt.uri == NS_OXPS
336 # the body must not be readable in plain text
337 assert secret_blog not in parsed_item.toXml()
338
339 # we share the secrets
340 li.pubsub.secret.share("account1@server2.test", service="account1@server1.test", node=node)
341
342 # and get the item again
343 parsed_item = li_elt.pubsub.get(
344 service="account1@server1.test", node=node, item="test_e2ee", no_cache=True,
345 profile="account1_s2"
346 )
347 # now it should be decrypted
348 entry_elt = parsed_item.firstChildElement()
349 assert entry_elt.name == "entry"
350 assert entry_elt.uri == NS_ATOM
351 assert secret_blog in parsed_item.toXml()