# HG changeset patch # User Goffi # Date 1667220511 -3600 # Node ID 5e3b983ab2c65e41b1666a3704b8c698a9b8989a # Parent 570254d5a798c378060288237a72251bf0099670 tests (e2e/cli): test for Pubsub Targeted Encryption: rel 382 diff -r 570254d5a798 -r 5e3b983ab2c6 tests/e2e/libervia-cli/test_libervia-cli.py --- a/tests/e2e/libervia-cli/test_libervia-cli.py Mon Oct 31 13:48:01 2022 +0100 +++ b/tests/e2e/libervia-cli/test_libervia-cli.py Mon Oct 31 13:48:31 2022 +0100 @@ -26,6 +26,7 @@ import pytest from sat.plugins.plugin_sec_oxps import NS_OXPS +from sat.plugins.plugin_sec_pte import NS_PTE from sat.plugins.plugin_xep_0277 import NS_ATOM from sat.tools.common import uri @@ -394,3 +395,37 @@ assert source_file_hash == dest_file_hash li.encryption.stop("account1@server2.test") + + def test_pubsub_targeted_encryption_pte(self, li_elt): + """An item is encrypted for specific recipients""" + secret_blog = "this is a secret blog post" + node = "e2ee_blog" + item = "test_pte" + li.encryption.start("account1@server2.test", name="twomemo") + li.encryption.start( + "account1@server1.test", name="twomemo", profile="account1_s2" + ) + li.blog.set( + _in=secret_blog, node="e2ee_blog", item=item, + encrypt_for="account1@server2.test" + ) + + # the item should be transparently decrypted + parsed_decrypted = li_elt.pubsub.get( + service="account1@server1.test", node=node, item=item, no_cache=True, + profile="account1_s2" + ) + entry_elt = parsed_decrypted.firstChildElement() + assert entry_elt.name == "entry" + assert entry_elt.uri == NS_ATOM + assert secret_blog in parsed_decrypted.toXml() + + # with --no-decrypt, we should have the encrypted item + parsed_ori_item = li_elt.pubsub.get( + node=node, item=item, no_decrypt=True, no_cache=True + ) + encrypted_elt = parsed_ori_item.firstChildElement() + assert encrypted_elt.name == "encrypted" + assert encrypted_elt.uri == NS_PTE + # the body must not be readable in plain text + assert secret_blog not in parsed_ori_item.toXml()