Island: Add ResetKeyError

This commit is contained in:
Mike Salvatore 2022-07-11 11:53:07 -04:00
parent e362875201
commit faf9cba182
4 changed files with 31 additions and 4 deletions

View File

@ -7,7 +7,7 @@ from .password_based_bytes_encryptor import (
InvalidCredentialsError,
InvalidCiphertextError,
)
from .i_lockable_encryptor import ILockableEncryptor, LockedKeyError, UnlockError
from .i_lockable_encryptor import ILockableEncryptor, LockedKeyError, UnlockError, ResetKeyError
from .repository_encryptor import RepositoryEncryptor
from .data_store_encryptor import (
get_datastore_encryptor,

View File

@ -27,6 +27,12 @@ class UnlockError(Exception):
"""
class ResetKeyError(Exception):
"""
Raised if an error occurs while attempting to reset an ILockableEncryptor's key
"""
class ILockableEncryptor(IEncryptor):
"""
An encryptor that can be locked or unlocked.
@ -54,6 +60,10 @@ class ILockableEncryptor(IEncryptor):
def reset_key(self):
"""
Reset the encryptor's key
Remove the existing key material so that it can never be used again.
:raises ResetKeyError: If an error occurred while attemping to reset the key
"""
@abstractmethod

View File

@ -3,7 +3,7 @@ from pathlib import Path
from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file
from . import ILockableEncryptor, LockedKeyError, UnlockError
from . import ILockableEncryptor, LockedKeyError, ResetKeyError, UnlockError
from .key_based_encryptor import KeyBasedEncryptor
from .password_based_bytes_encryptor import PasswordBasedBytesEncryptor
@ -49,8 +49,11 @@ class RepositoryEncryptor(ILockableEncryptor):
self._key_based_encryptor = None
def reset_key(self):
try:
if self._key_file.is_file():
self._key_file.unlink()
except Exception as err:
raise ResetKeyError(err)
self._password_based_encryptor = None
self._key_based_encryptor = None

View File

@ -7,6 +7,7 @@ from common.utils.file_utils import get_file_sha256_hash
from monkey_island.cc.server_utils.encryption import (
LockedKeyError,
RepositoryEncryptor,
ResetKeyError,
UnlockError,
)
@ -110,3 +111,16 @@ def test_encrypt_after_reset(encryptor, key_file):
def test_reset_before_unlock(encryptor):
# Test will fail if an exception is raised
encryptor.reset_key()
def test_reset_key_error(key_file):
class UnlinkErrorWrapper(key_file.__class__):
def unlink(self):
raise OSError("Can't delete file")
encryptor = RepositoryEncryptor(UnlinkErrorWrapper(key_file))
encryptor.unlock(SECRET)
encryptor.lock()
with pytest.raises(ResetKeyError):
encryptor.reset_key()