Island: Add UnlockError

This commit is contained in:
Mike Salvatore 2022-07-11 11:21:43 -04:00
parent 0356596a41
commit 5c65d581b5
4 changed files with 33 additions and 5 deletions

View File

@ -7,7 +7,7 @@ from .password_based_bytes_encryptor import (
InvalidCredentialsError,
InvalidCiphertextError,
)
from .i_lockable_encryptor import ILockableEncryptor, LockedKeyError
from .i_lockable_encryptor import ILockableEncryptor, LockedKeyError, UnlockError
from .repository_encryptor import RepositoryEncryptor
from .data_store_encryptor import (
get_datastore_encryptor,

View File

@ -21,6 +21,12 @@ class LockedKeyError(Exception):
"""
class UnlockError(Exception):
"""
Raised if an error occurs while attempting to unlock an ILockableEncryptor
"""
class ILockableEncryptor(IEncryptor):
"""
An encryptor that can be locked or unlocked.
@ -35,6 +41,7 @@ class ILockableEncryptor(IEncryptor):
Unlock the encryptor
:param secret: A secret that must be used to access the ILockableEncryptor's key material.
:raises UnlockError: If the ILockableEncryptor could not be unlocked
"""
@abstractmethod

View File

@ -3,7 +3,7 @@ from pathlib import Path
from monkey_island.cc.server_utils.file_utils import open_new_securely_permissioned_file
from . import ILockableEncryptor, LockedKeyError
from . import ILockableEncryptor, LockedKeyError, UnlockError
from .key_based_encryptor import KeyBasedEncryptor
from .password_based_bytes_encryptor import PasswordBasedBytesEncryptor
@ -17,8 +17,11 @@ class RepositoryEncryptor(ILockableEncryptor):
self._key_based_encryptor = None
def unlock(self, secret: bytes):
try:
self._password_based_encryptor = PasswordBasedBytesEncryptor(secret.decode())
self._key_based_encryptor = self._initialize_key_based_encryptor()
except Exception as err:
raise UnlockError(err)
def _initialize_key_based_encryptor(self):
if self._key_file.is_file():

View File

@ -4,7 +4,11 @@ import string
import pytest
from common.utils.file_utils import get_file_sha256_hash
from monkey_island.cc.server_utils.encryption import LockedKeyError, RepositoryEncryptor
from monkey_island.cc.server_utils.encryption import (
LockedKeyError,
RepositoryEncryptor,
UnlockError,
)
PLAINTEXT = b"Hello, Monkey!"
SECRET = b"53CR31"
@ -51,6 +55,20 @@ def test_existing_key_reused(encryptor, key_file):
assert key_file_hash_1 == key_file_hash_2
def test_unlock_os_error(encryptor, key_file):
key_file.mkdir()
with pytest.raises(UnlockError):
encryptor.unlock(SECRET)
def test_unlock_wrong_password(encryptor):
encryptor.unlock(SECRET)
with pytest.raises(UnlockError):
encryptor.unlock(b"WRONG_PASSWORD")
def test_use_locked_encryptor__encrypt(encryptor):
with pytest.raises(LockedKeyError):
encryptor.encrypt(PLAINTEXT)