diff tests/e2e/libervia-cli/test_libervia-cli.py @ 3974:5e3b983ab2c6

tests (e2e/cli): test for Pubsub Targeted Encryption: rel 382
author Goffi <goffi@goffi.org>
date Mon, 31 Oct 2022 13:48:31 +0100
parents 9b1d74a6b48c
children 524856bd7b19
line wrap: on
line diff
--- a/tests/e2e/libervia-cli/test_libervia-cli.py	Mon Oct 31 13:48:01 2022 +0100
+++ b/tests/e2e/libervia-cli/test_libervia-cli.py	Mon Oct 31 13:48:31 2022 +0100
@@ -26,6 +26,7 @@
 
 import pytest
 from sat.plugins.plugin_sec_oxps import NS_OXPS
+from sat.plugins.plugin_sec_pte import NS_PTE
 from sat.plugins.plugin_xep_0277 import NS_ATOM
 from sat.tools.common import uri
 
@@ -394,3 +395,37 @@
 
         assert source_file_hash == dest_file_hash
         li.encryption.stop("account1@server2.test")
+
+    def test_pubsub_targeted_encryption_pte(self, li_elt):
+        """An item is encrypted for specific recipients"""
+        secret_blog = "this is a secret blog post"
+        node = "e2ee_blog"
+        item = "test_pte"
+        li.encryption.start("account1@server2.test", name="twomemo")
+        li.encryption.start(
+            "account1@server1.test", name="twomemo", profile="account1_s2"
+        )
+        li.blog.set(
+            _in=secret_blog, node="e2ee_blog", item=item,
+            encrypt_for="account1@server2.test"
+        )
+
+        # the item should be transparently decrypted
+        parsed_decrypted = li_elt.pubsub.get(
+            service="account1@server1.test", node=node, item=item, no_cache=True,
+            profile="account1_s2"
+        )
+        entry_elt = parsed_decrypted.firstChildElement()
+        assert entry_elt.name == "entry"
+        assert entry_elt.uri == NS_ATOM
+        assert secret_blog in parsed_decrypted.toXml()
+
+        # with --no-decrypt, we should have the encrypted item
+        parsed_ori_item = li_elt.pubsub.get(
+            node=node, item=item, no_decrypt=True, no_cache=True
+        )
+        encrypted_elt = parsed_ori_item.firstChildElement()
+        assert encrypted_elt.name == "encrypted"
+        assert encrypted_elt.uri == NS_PTE
+        # the body must not be readable in plain text
+        assert secret_blog not in parsed_ori_item.toXml()