forked from p15670423/monkey
Implement data store encryptor key removal on registration and unit tests for data store encryptor
Data store key needs to be deleted upon registration to create a new one.
This commit is contained in:
parent
4f176939bb
commit
f97ec4e9ed
|
@ -9,7 +9,7 @@ from monkey_island.cc.resources.auth.credential_utils import (
|
||||||
get_secret_from_request,
|
get_secret_from_request,
|
||||||
get_user_credentials_from_request,
|
get_user_credentials_from_request,
|
||||||
)
|
)
|
||||||
from monkey_island.cc.server_utils.encryption.data_store_encryptor import setup_datastore_key
|
from monkey_island.cc.server_utils.encryption import remove_old_datastore_key, setup_datastore_key
|
||||||
from monkey_island.cc.setup.mongo.database_initializer import reset_database
|
from monkey_island.cc.setup.mongo.database_initializer import reset_database
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
@ -21,11 +21,11 @@ class Registration(flask_restful.Resource):
|
||||||
return {"needs_registration": is_registration_needed}
|
return {"needs_registration": is_registration_needed}
|
||||||
|
|
||||||
def post(self):
|
def post(self):
|
||||||
# TODO delete the old key here, before creating new one
|
|
||||||
credentials = get_user_credentials_from_request(request)
|
credentials = get_user_credentials_from_request(request)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
env_singleton.env.try_add_user(credentials)
|
env_singleton.env.try_add_user(credentials)
|
||||||
|
remove_old_datastore_key()
|
||||||
setup_datastore_key(get_secret_from_request(request))
|
setup_datastore_key(get_secret_from_request(request))
|
||||||
reset_database()
|
reset_database()
|
||||||
return make_response({"error": ""}, 200)
|
return make_response({"error": ""}, 200)
|
||||||
|
|
|
@ -9,6 +9,9 @@ from monkey_island.cc.server_utils.encryption.data_store_encryptor import (
|
||||||
DataStoreEncryptor,
|
DataStoreEncryptor,
|
||||||
get_datastore_encryptor,
|
get_datastore_encryptor,
|
||||||
initialize_datastore_encryptor,
|
initialize_datastore_encryptor,
|
||||||
|
remove_old_datastore_key,
|
||||||
|
setup_datastore_key,
|
||||||
|
EncryptorNotInitializedError,
|
||||||
)
|
)
|
||||||
from .dict_encryption.dict_encryptor import (
|
from .dict_encryption.dict_encryptor import (
|
||||||
SensitiveField,
|
SensitiveField,
|
||||||
|
|
|
@ -69,12 +69,28 @@ class EncryptorNotInitializedError(Exception):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
def encryptor_initialized_key_not_set(f):
|
||||||
|
def inner_function(*args, **kwargs):
|
||||||
|
if _encryptor is None:
|
||||||
|
raise EncryptorNotInitializedError
|
||||||
|
else:
|
||||||
|
if not _encryptor.is_key_setup():
|
||||||
|
return f(*args, **kwargs)
|
||||||
|
else:
|
||||||
|
pass
|
||||||
|
|
||||||
|
return inner_function
|
||||||
|
|
||||||
|
|
||||||
|
@encryptor_initialized_key_not_set
|
||||||
|
def remove_old_datastore_key():
|
||||||
|
if os.path.isfile(_encryptor.key_file_path):
|
||||||
|
os.remove(_encryptor.key_file_path)
|
||||||
|
|
||||||
|
|
||||||
|
@encryptor_initialized_key_not_set
|
||||||
def setup_datastore_key(secret: str):
|
def setup_datastore_key(secret: str):
|
||||||
if _encryptor is None:
|
_encryptor.init_key(secret)
|
||||||
raise EncryptorNotInitializedError
|
|
||||||
else:
|
|
||||||
if not _encryptor.is_key_setup():
|
|
||||||
_encryptor.init_key(secret)
|
|
||||||
|
|
||||||
|
|
||||||
def get_datastore_encryptor():
|
def get_datastore_encryptor():
|
||||||
|
|
|
@ -5,10 +5,13 @@ from tests.unit_tests.monkey_island.cc.conftest import ENCRYPTOR_SECRET
|
||||||
|
|
||||||
from monkey_island.cc.server_utils.encryption import (
|
from monkey_island.cc.server_utils.encryption import (
|
||||||
DataStoreEncryptor,
|
DataStoreEncryptor,
|
||||||
|
EncryptorNotInitializedError,
|
||||||
|
data_store_encryptor,
|
||||||
get_datastore_encryptor,
|
get_datastore_encryptor,
|
||||||
initialize_datastore_encryptor,
|
initialize_datastore_encryptor,
|
||||||
|
remove_old_datastore_key,
|
||||||
|
setup_datastore_key,
|
||||||
)
|
)
|
||||||
from monkey_island.cc.server_utils.encryption.data_store_encryptor import setup_datastore_key
|
|
||||||
|
|
||||||
PLAINTEXT = "Hello, Monkey!"
|
PLAINTEXT = "Hello, Monkey!"
|
||||||
|
|
||||||
|
@ -22,7 +25,47 @@ def test_encryption(data_for_tests_dir):
|
||||||
assert decrypted_data == PLAINTEXT
|
assert decrypted_data == PLAINTEXT
|
||||||
|
|
||||||
|
|
||||||
def test_create_new_password_file(tmpdir):
|
@pytest.fixture
|
||||||
|
def initialized_key_dir(tmpdir):
|
||||||
initialize_datastore_encryptor(tmpdir)
|
initialize_datastore_encryptor(tmpdir)
|
||||||
setup_datastore_key(ENCRYPTOR_SECRET)
|
setup_datastore_key(ENCRYPTOR_SECRET)
|
||||||
|
yield tmpdir
|
||||||
|
data_store_encryptor._encryptor = None
|
||||||
|
|
||||||
|
|
||||||
|
def test_key_creation(initialized_key_dir):
|
||||||
|
assert os.path.isfile(os.path.join(initialized_key_dir, DataStoreEncryptor._KEY_FILENAME))
|
||||||
|
|
||||||
|
|
||||||
|
def test_key_removal_fails_if_key_initialized(initialized_key_dir):
|
||||||
|
remove_old_datastore_key()
|
||||||
|
assert os.path.isfile(os.path.join(initialized_key_dir, DataStoreEncryptor._KEY_FILENAME))
|
||||||
|
|
||||||
|
|
||||||
|
def test_key_removal(initialized_key_dir, monkeypatch):
|
||||||
|
monkeypatch.setattr(DataStoreEncryptor, "is_key_setup", lambda _: False)
|
||||||
|
remove_old_datastore_key()
|
||||||
|
assert not os.path.isfile(os.path.join(initialized_key_dir, DataStoreEncryptor._KEY_FILENAME))
|
||||||
|
|
||||||
|
|
||||||
|
def test_key_removal__no_key(tmpdir):
|
||||||
|
initialize_datastore_encryptor(tmpdir)
|
||||||
|
assert not os.path.isfile(os.path.join(tmpdir, DataStoreEncryptor._KEY_FILENAME))
|
||||||
|
# Make sure no error thrown when we try to remove an non-existing key
|
||||||
|
remove_old_datastore_key()
|
||||||
|
|
||||||
|
data_store_encryptor._encryptor = None
|
||||||
|
|
||||||
|
|
||||||
|
def test_encryptor_not_initialized():
|
||||||
|
with pytest.raises(EncryptorNotInitializedError):
|
||||||
|
remove_old_datastore_key()
|
||||||
|
setup_datastore_key()
|
||||||
|
|
||||||
|
|
||||||
|
def test_setup_datastore_key(tmpdir):
|
||||||
|
initialize_datastore_encryptor(tmpdir)
|
||||||
|
assert not os.path.isfile(os.path.join(tmpdir, DataStoreEncryptor._KEY_FILENAME))
|
||||||
|
setup_datastore_key(ENCRYPTOR_SECRET)
|
||||||
assert os.path.isfile(os.path.join(tmpdir, DataStoreEncryptor._KEY_FILENAME))
|
assert os.path.isfile(os.path.join(tmpdir, DataStoreEncryptor._KEY_FILENAME))
|
||||||
|
assert get_datastore_encryptor().is_key_setup()
|
||||||
|
|
Loading…
Reference in New Issue