Mercurial > libervia-backend
diff tests/e2e/libervia-cli/test_libervia-cli.py @ 3946:f2a5936f2496
tests (e2e/cli): add test for pubsub encryption:
test encryption and keys sharing.
rel 380
author | Goffi <goffi@goffi.org> |
---|---|
date | Sat, 15 Oct 2022 20:38:33 +0200 |
parents | a75874df92b8 |
children | 2d9d0b77e82b |
line wrap: on
line diff
--- a/tests/e2e/libervia-cli/test_libervia-cli.py Sat Oct 15 20:38:33 2022 +0200 +++ b/tests/e2e/libervia-cli/test_libervia-cli.py Sat Oct 15 20:38:33 2022 +0200 @@ -18,11 +18,14 @@ import os import shutil +from time import sleep + import pytest +from sat.plugins.plugin_xep_0277 import NS_ATOM +from sat.plugins.plugin_sec_oxps import NS_OXPS +from sat.tools.common import uri import sh from sh import li -from time import sleep -from sat.tools.common import uri if os.getenv("LIBERVIA_TEST_ENV_E2E") is None: @@ -288,3 +291,61 @@ send_cmd.wait() assert source_file_hash == dest_file_hash + + +class TestE2EEncryption: + + def test_pubsub_encryption_oxps(self, li_elt): + secret_blog = "this is a secret blog post" + node = "e2ee_blog" + li.blog.set(_in=secret_blog, node="e2ee_blog", item="test_e2ee", encrypt=True) + + # the item should be transparently decrypted + parsed_decrypted = li_elt.pubsub.get( + node=node, item="test_e2ee", no_cache=True + ) + entry_elt = parsed_decrypted.firstChildElement() + assert entry_elt.name == "entry" + assert entry_elt.uri == NS_ATOM + assert secret_blog in parsed_decrypted.toXml() + + # with --no-decrypt, we should have the encrypted item + parsed_ori_item = li_elt.pubsub.get( + node=node, item="test_e2ee", no_decrypt=True, no_cache=True + ) + encrypted_elt = parsed_ori_item.firstChildElement() + assert encrypted_elt.name == "encrypted" + assert encrypted_elt.uri == NS_OXPS + # the body must not be readable in plain text + assert secret_blog not in parsed_ori_item.toXml() + + def test_pubsub_secrets_sharing_oxps(self, li_elt): + secret_blog = "this is a secret blog post" + node="secret_sharing" + + li.blog.set(_in=secret_blog, node=node, item="test_e2ee", encrypt=True) + + # the item must not be decrypted for account1_s2 (secret is not known) + parsed_item = li_elt.pubsub.get( + service="account1@server1.test", node=node, item="test_e2ee", no_cache=True, + profile="account1_s2" + ) + encrypted_elt = parsed_item.firstChildElement() + assert encrypted_elt.name == "encrypted" + assert encrypted_elt.uri == NS_OXPS + # the body must not be readable in plain text + assert secret_blog not in parsed_item.toXml() + + # we share the secrets + li.pubsub.secret.share("account1@server2.test", service="account1@server1.test", node=node) + + # and get the item again + parsed_item = li_elt.pubsub.get( + service="account1@server1.test", node=node, item="test_e2ee", no_cache=True, + profile="account1_s2" + ) + # now it should be decrypted + entry_elt = parsed_item.firstChildElement() + assert entry_elt.name == "entry" + assert entry_elt.uri == NS_ATOM + assert secret_blog in parsed_item.toXml()