Island: Add UnlockError

monkey/monkey_island/cc/server_utils/encryption/__init__.py

@@ -7,7 +7,7 @@ from .password_based_bytes_encryptor import (
     InvalidCredentialsError,
     InvalidCiphertextError,
 )
-from .i_lockable_encryptor import ILockableEncryptor, LockedKeyError
+from .i_lockable_encryptor import ILockableEncryptor, LockedKeyError, UnlockError
 from .repository_encryptor import RepositoryEncryptor
 from .data_store_encryptor import (
     get_datastore_encryptor,

monkey/monkey_island/cc/server_utils/encryption/i_lockable_encryptor.py

@@ -21,6 +21,12 @@ class LockedKeyError(Exception):
     """
 
 
+class UnlockError(Exception):
+    """
+    Raised if an error occurs while attempting to unlock an ILockableEncryptor
+    """
+
+
 class ILockableEncryptor(IEncryptor):
     """
     An encryptor that can be locked or unlocked.
@@ -35,6 +41,7 @@ class ILockableEncryptor(IEncryptor):
         Unlock the encryptor
 
         :param secret: A secret that must be used to access the ILockableEncryptor's key material.
+        :raises UnlockError: If the ILockableEncryptor could not be unlocked
         """
 
     @abstractmethod

monkey/monkey_island/cc/server_utils/encryption/repository_encryptor.py

@@ -3,7 +3,7 @@ from pathlib import Path
 
 from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file
 
-from . import ILockableEncryptor, LockedKeyError
+from . import ILockableEncryptor, LockedKeyError, UnlockError
 from .key_based_encryptor import KeyBasedEncryptor
 from .password_based_bytes_encryptor import PasswordBasedBytesEncryptor
 
@@ -17,8 +17,11 @@ class RepositoryEncryptor(ILockableEncryptor):
         self._key_based_encryptor = None
 
     def unlock(self, secret: bytes):
-        self._password_based_encryptor = PasswordBasedBytesEncryptor(secret.decode())
+        try:
-        self._key_based_encryptor = self._initialize_key_based_encryptor()
+            self._password_based_encryptor = PasswordBasedBytesEncryptor(secret.decode())
+            self._key_based_encryptor = self._initialize_key_based_encryptor()
+        except Exception as err:
+            raise UnlockError(err)
 
     def _initialize_key_based_encryptor(self):
         if self._key_file.is_file():

monkey/tests/unit_tests/monkey_island/cc/server_utils/encryption/test_repository_encryptor.py

@@ -4,7 +4,11 @@ import string
 import pytest
 
 from common.utils.file_utils import get_file_sha256_hash
-from monkey_island.cc.server_utils.encryption import LockedKeyError, RepositoryEncryptor
+from monkey_island.cc.server_utils.encryption import (
+    LockedKeyError,
+    RepositoryEncryptor,
+    UnlockError,
+)
 
 PLAINTEXT = b"Hello, Monkey!"
 SECRET = b"53CR31"
@@ -51,6 +55,20 @@ def test_existing_key_reused(encryptor, key_file):
     assert key_file_hash_1 == key_file_hash_2
 
 
+def test_unlock_os_error(encryptor, key_file):
+    key_file.mkdir()
+
+    with pytest.raises(UnlockError):
+        encryptor.unlock(SECRET)
+
+
+def test_unlock_wrong_password(encryptor):
+    encryptor.unlock(SECRET)
+
+    with pytest.raises(UnlockError):
+        encryptor.unlock(b"WRONG_PASSWORD")
+
+
 def test_use_locked_encryptor__encrypt(encryptor):
     with pytest.raises(LockedKeyError):
         encryptor.encrypt(PLAINTEXT)