forked from p15670423/monkey
Island: Add UnlockError
This commit is contained in:
parent
0356596a41
commit
5c65d581b5
|
@ -7,7 +7,7 @@ from .password_based_bytes_encryptor import (
|
||||||
InvalidCredentialsError,
|
InvalidCredentialsError,
|
||||||
InvalidCiphertextError,
|
InvalidCiphertextError,
|
||||||
)
|
)
|
||||||
from .i_lockable_encryptor import ILockableEncryptor, LockedKeyError
|
from .i_lockable_encryptor import ILockableEncryptor, LockedKeyError, UnlockError
|
||||||
from .repository_encryptor import RepositoryEncryptor
|
from .repository_encryptor import RepositoryEncryptor
|
||||||
from .data_store_encryptor import (
|
from .data_store_encryptor import (
|
||||||
get_datastore_encryptor,
|
get_datastore_encryptor,
|
||||||
|
|
|
@ -21,6 +21,12 @@ class LockedKeyError(Exception):
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
|
||||||
|
class UnlockError(Exception):
|
||||||
|
"""
|
||||||
|
Raised if an error occurs while attempting to unlock an ILockableEncryptor
|
||||||
|
"""
|
||||||
|
|
||||||
|
|
||||||
class ILockableEncryptor(IEncryptor):
|
class ILockableEncryptor(IEncryptor):
|
||||||
"""
|
"""
|
||||||
An encryptor that can be locked or unlocked.
|
An encryptor that can be locked or unlocked.
|
||||||
|
@ -35,6 +41,7 @@ class ILockableEncryptor(IEncryptor):
|
||||||
Unlock the encryptor
|
Unlock the encryptor
|
||||||
|
|
||||||
:param secret: A secret that must be used to access the ILockableEncryptor's key material.
|
:param secret: A secret that must be used to access the ILockableEncryptor's key material.
|
||||||
|
:raises UnlockError: If the ILockableEncryptor could not be unlocked
|
||||||
"""
|
"""
|
||||||
|
|
||||||
@abstractmethod
|
@abstractmethod
|
||||||
|
|
|
@ -3,7 +3,7 @@ from pathlib import Path
|
||||||
|
|
||||||
from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file
|
from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file
|
||||||
|
|
||||||
from . import ILockableEncryptor, LockedKeyError
|
from . import ILockableEncryptor, LockedKeyError, UnlockError
|
||||||
from .key_based_encryptor import KeyBasedEncryptor
|
from .key_based_encryptor import KeyBasedEncryptor
|
||||||
from .password_based_bytes_encryptor import PasswordBasedBytesEncryptor
|
from .password_based_bytes_encryptor import PasswordBasedBytesEncryptor
|
||||||
|
|
||||||
|
@ -17,8 +17,11 @@ class RepositoryEncryptor(ILockableEncryptor):
|
||||||
self._key_based_encryptor = None
|
self._key_based_encryptor = None
|
||||||
|
|
||||||
def unlock(self, secret: bytes):
|
def unlock(self, secret: bytes):
|
||||||
|
try:
|
||||||
self._password_based_encryptor = PasswordBasedBytesEncryptor(secret.decode())
|
self._password_based_encryptor = PasswordBasedBytesEncryptor(secret.decode())
|
||||||
self._key_based_encryptor = self._initialize_key_based_encryptor()
|
self._key_based_encryptor = self._initialize_key_based_encryptor()
|
||||||
|
except Exception as err:
|
||||||
|
raise UnlockError(err)
|
||||||
|
|
||||||
def _initialize_key_based_encryptor(self):
|
def _initialize_key_based_encryptor(self):
|
||||||
if self._key_file.is_file():
|
if self._key_file.is_file():
|
||||||
|
|
|
@ -4,7 +4,11 @@ import string
|
||||||
import pytest
|
import pytest
|
||||||
|
|
||||||
from common.utils.file_utils import get_file_sha256_hash
|
from common.utils.file_utils import get_file_sha256_hash
|
||||||
from monkey_island.cc.server_utils.encryption import LockedKeyError, RepositoryEncryptor
|
from monkey_island.cc.server_utils.encryption import (
|
||||||
|
LockedKeyError,
|
||||||
|
RepositoryEncryptor,
|
||||||
|
UnlockError,
|
||||||
|
)
|
||||||
|
|
||||||
PLAINTEXT = b"Hello, Monkey!"
|
PLAINTEXT = b"Hello, Monkey!"
|
||||||
SECRET = b"53CR31"
|
SECRET = b"53CR31"
|
||||||
|
@ -51,6 +55,20 @@ def test_existing_key_reused(encryptor, key_file):
|
||||||
assert key_file_hash_1 == key_file_hash_2
|
assert key_file_hash_1 == key_file_hash_2
|
||||||
|
|
||||||
|
|
||||||
|
def test_unlock_os_error(encryptor, key_file):
|
||||||
|
key_file.mkdir()
|
||||||
|
|
||||||
|
with pytest.raises(UnlockError):
|
||||||
|
encryptor.unlock(SECRET)
|
||||||
|
|
||||||
|
|
||||||
|
def test_unlock_wrong_password(encryptor):
|
||||||
|
encryptor.unlock(SECRET)
|
||||||
|
|
||||||
|
with pytest.raises(UnlockError):
|
||||||
|
encryptor.unlock(b"WRONG_PASSWORD")
|
||||||
|
|
||||||
|
|
||||||
def test_use_locked_encryptor__encrypt(encryptor):
|
def test_use_locked_encryptor__encrypt(encryptor):
|
||||||
with pytest.raises(LockedKeyError):
|
with pytest.raises(LockedKeyError):
|
||||||
encryptor.encrypt(PLAINTEXT)
|
encryptor.encrypt(PLAINTEXT)
|
||||||
|
|
Loading…
Reference in New Issue