Mercurial > libervia-backend
comparison tests/e2e/libervia-cli/test_libervia-cli.py @ 3946:f2a5936f2496
tests (e2e/cli): add test for pubsub encryption:
test encryption and keys sharing.
rel 380
author | Goffi <goffi@goffi.org> |
---|---|
date | Sat, 15 Oct 2022 20:38:33 +0200 |
parents | a75874df92b8 |
children | 2d9d0b77e82b |
comparison
equal
deleted
inserted
replaced
3945:2b2856ae5eeb | 3946:f2a5936f2496 |
---|---|
16 # You should have received a copy of the GNU Affero General Public License | 16 # You should have received a copy of the GNU Affero General Public License |
17 # along with this program. If not, see <http://www.gnu.org/licenses/>. | 17 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
18 | 18 |
19 import os | 19 import os |
20 import shutil | 20 import shutil |
21 from time import sleep | |
22 | |
21 import pytest | 23 import pytest |
24 from sat.plugins.plugin_xep_0277 import NS_ATOM | |
25 from sat.plugins.plugin_sec_oxps import NS_OXPS | |
26 from sat.tools.common import uri | |
22 import sh | 27 import sh |
23 from sh import li | 28 from sh import li |
24 from time import sleep | |
25 from sat.tools.common import uri | |
26 | 29 |
27 | 30 |
28 if os.getenv("LIBERVIA_TEST_ENV_E2E") is None: | 31 if os.getenv("LIBERVIA_TEST_ENV_E2E") is None: |
29 pytest.skip( | 32 pytest.skip( |
30 "skipping end-to-end tests, we are not in a test environment", | 33 "skipping end-to-end tests, we are not in a test environment", |
286 finally: | 289 finally: |
287 shutil.rmtree(dest_path) | 290 shutil.rmtree(dest_path) |
288 send_cmd.wait() | 291 send_cmd.wait() |
289 | 292 |
290 assert source_file_hash == dest_file_hash | 293 assert source_file_hash == dest_file_hash |
294 | |
295 | |
296 class TestE2EEncryption: | |
297 | |
298 def test_pubsub_encryption_oxps(self, li_elt): | |
299 secret_blog = "this is a secret blog post" | |
300 node = "e2ee_blog" | |
301 li.blog.set(_in=secret_blog, node="e2ee_blog", item="test_e2ee", encrypt=True) | |
302 | |
303 # the item should be transparently decrypted | |
304 parsed_decrypted = li_elt.pubsub.get( | |
305 node=node, item="test_e2ee", no_cache=True | |
306 ) | |
307 entry_elt = parsed_decrypted.firstChildElement() | |
308 assert entry_elt.name == "entry" | |
309 assert entry_elt.uri == NS_ATOM | |
310 assert secret_blog in parsed_decrypted.toXml() | |
311 | |
312 # with --no-decrypt, we should have the encrypted item | |
313 parsed_ori_item = li_elt.pubsub.get( | |
314 node=node, item="test_e2ee", no_decrypt=True, no_cache=True | |
315 ) | |
316 encrypted_elt = parsed_ori_item.firstChildElement() | |
317 assert encrypted_elt.name == "encrypted" | |
318 assert encrypted_elt.uri == NS_OXPS | |
319 # the body must not be readable in plain text | |
320 assert secret_blog not in parsed_ori_item.toXml() | |
321 | |
322 def test_pubsub_secrets_sharing_oxps(self, li_elt): | |
323 secret_blog = "this is a secret blog post" | |
324 node="secret_sharing" | |
325 | |
326 li.blog.set(_in=secret_blog, node=node, item="test_e2ee", encrypt=True) | |
327 | |
328 # the item must not be decrypted for account1_s2 (secret is not known) | |
329 parsed_item = li_elt.pubsub.get( | |
330 service="account1@server1.test", node=node, item="test_e2ee", no_cache=True, | |
331 profile="account1_s2" | |
332 ) | |
333 encrypted_elt = parsed_item.firstChildElement() | |
334 assert encrypted_elt.name == "encrypted" | |
335 assert encrypted_elt.uri == NS_OXPS | |
336 # the body must not be readable in plain text | |
337 assert secret_blog not in parsed_item.toXml() | |
338 | |
339 # we share the secrets | |
340 li.pubsub.secret.share("account1@server2.test", service="account1@server1.test", node=node) | |
341 | |
342 # and get the item again | |
343 parsed_item = li_elt.pubsub.get( | |
344 service="account1@server1.test", node=node, item="test_e2ee", no_cache=True, | |
345 profile="account1_s2" | |
346 ) | |
347 # now it should be decrypted | |
348 entry_elt = parsed_item.firstChildElement() | |
349 assert entry_elt.name == "entry" | |
350 assert entry_elt.uri == NS_ATOM | |
351 assert secret_blog in parsed_item.toXml() |