Island: Add ILockableEncryptor.reset_key()
This commit is contained in:
Mike Salvatore
parent
92c9ad3c71
commit
0356596a41
|
|
@ -43,6 +43,12 @@ class ILockableEncryptor(IEncryptor):
|
|||
Lock the encryptor, making it unusable
|
||||
"""
|
||||
|
||||
@abstractmethod
|
||||
def reset_key(self):
|
||||
"""
|
||||
Reset the encryptor's key
|
||||
"""
|
||||
|
||||
@abstractmethod
|
||||
def encrypt(self, plaintext: bytes) -> bytes:
|
||||
"""
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
import os
|
||||
import secrets
|
||||
from pathlib import Path
|
||||
|
||||
|
|
@ -22,7 +21,7 @@ class RepositoryEncryptor(ILockableEncryptor):
|
|||
self._key_based_encryptor = self._initialize_key_based_encryptor()
|
||||
|
||||
def _initialize_key_based_encryptor(self):
|
||||
if os.path.exists(self._key_file):
|
||||
if self._key_file.is_file():
|
||||
return self._load_key()
|
||||
|
||||
return self._create_key()
|
||||
|
|
@ -46,6 +45,10 @@ class RepositoryEncryptor(ILockableEncryptor):
|
|||
def lock(self):
|
||||
self._key_based_encryptor = None
|
||||
|
||||
def reset_key(self):
|
||||
if self._key_file.is_file():
|
||||
self._key_file.unlink()
|
||||
|
||||
def encrypt(self, plaintext: bytes) -> bytes:
|
||||
if self._key_based_encryptor is None:
|
||||
raise LockedKeyError("Cannot encrypt while the encryptor is locked)")
|
||||
|
|
|
|||
|
|
@ -68,3 +68,19 @@ def test_lock(encryptor):
|
|||
|
||||
with pytest.raises(LockedKeyError):
|
||||
encryptor.decrypt(encrypted_data)
|
||||
|
||||
|
||||
def test_reset(encryptor, key_file):
|
||||
encryptor.unlock(SECRET)
|
||||
key_file_hash_1 = get_file_sha256_hash(key_file)
|
||||
|
||||
encryptor.reset_key()
|
||||
encryptor.unlock(SECRET)
|
||||
key_file_hash_2 = get_file_sha256_hash(key_file)
|
||||
|
||||
assert key_file_hash_1 != key_file_hash_2
|
||||
|
||||
|
||||
def test_reset_before_unlock(encryptor):
|
||||
# Test will fail if an exception is raised
|
||||
encryptor.reset_key()
|
||||
|
|
|
|||
Loading…
Reference in New Issue