"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "barbican/tests/plugin/crypto/test_p11_crypto.py" between
barbican-11.0.0.tar.gz and barbican-12.0.0.tar.gz

About: OpenStack Barbican is the OpenStack Key Manager service. It provides secure storage, provisioning and management of secret data.
The "Wallaby" series (latest release).

test_p11_crypto.py  (barbican-11.0.0):test_p11_crypto.py  (barbican-12.0.0)
skipping to change at line 55 skipping to change at line 55
self.pkcs11.compute_hmac.return_value = b'1' self.pkcs11.compute_hmac.return_value = b'1'
self.pkcs11.verify_hmac.return_value = None self.pkcs11.verify_hmac.return_value = None
self.pkcs11.destroy_object.return_value = None self.pkcs11.destroy_object.return_value = None
self.pkcs11.finalize.return_value = None self.pkcs11.finalize.return_value = None
self.cfg_mock = mock.MagicMock(name='config mock') self.cfg_mock = mock.MagicMock(name='config mock')
self.cfg_mock.p11_crypto_plugin.mkek_label = 'mkek_label' self.cfg_mock.p11_crypto_plugin.mkek_label = 'mkek_label'
self.cfg_mock.p11_crypto_plugin.hmac_label = 'hmac_label' self.cfg_mock.p11_crypto_plugin.hmac_label = 'hmac_label'
self.cfg_mock.p11_crypto_plugin.mkek_length = 32 self.cfg_mock.p11_crypto_plugin.mkek_length = 32
self.cfg_mock.p11_crypto_plugin.slot_id = 1 self.cfg_mock.p11_crypto_plugin.slot_id = 1
self.cfg_mock.p11_crypto_plugin.token_serial_number = None
self.cfg_mock.p11_crypto_plugin.token_label = None
self.cfg_mock.p11_crypto_plugin.token_labels = None
self.cfg_mock.p11_crypto_plugin.rw_session = True self.cfg_mock.p11_crypto_plugin.rw_session = True
self.cfg_mock.p11_crypto_plugin.pkek_length = 32 self.cfg_mock.p11_crypto_plugin.pkek_length = 32
self.cfg_mock.p11_crypto_plugin.pkek_cache_ttl = 900 self.cfg_mock.p11_crypto_plugin.pkek_cache_ttl = 900
self.cfg_mock.p11_crypto_plugin.pkek_cache_limit = 10 self.cfg_mock.p11_crypto_plugin.pkek_cache_limit = 10
self.cfg_mock.p11_crypto_plugin.encryption_mechanism = 'CKM_AES_CBC' self.cfg_mock.p11_crypto_plugin.encryption_mechanism = 'CKM_AES_CBC'
self.cfg_mock.p11_crypto_plugin.seed_file = '' self.cfg_mock.p11_crypto_plugin.seed_file = ''
self.cfg_mock.p11_crypto_plugin.seed_length = 32 self.cfg_mock.p11_crypto_plugin.seed_length = 32
self.cfg_mock.p11_crypto_plugin.hmac_keywrap_mechanism = \ self.cfg_mock.p11_crypto_plugin.hmac_keywrap_mechanism = \
'CKM_SHA256_HMAC' 'CKM_SHA256_HMAC'
self.plugin_name = 'Test PKCS11 plugin' self.plugin_name = 'Test PKCS11 plugin'
self.cfg_mock.p11_crypto_plugin.plugin_name = self.plugin_name self.cfg_mock.p11_crypto_plugin.plugin_name = self.plugin_name
self.plugin = p11_crypto.P11CryptoPlugin( self.plugin = p11_crypto.P11CryptoPlugin(
conf=self.cfg_mock, pkcs11=self.pkcs11 conf=self.cfg_mock,
pkcs11=self.pkcs11
) )
def test_invalid_library_path(self): def test_invalid_library_path(self):
cfg = self.cfg_mock.p11_crypto_plugin cfg = self.cfg_mock.p11_crypto_plugin
cfg.library_path = None cfg.library_path = None
self.assertRaises(ValueError, p11_crypto.P11CryptoPlugin, self.assertRaises(ValueError, p11_crypto.P11CryptoPlugin,
conf=self.cfg_mock, pkcs11=self.pkcs11) conf=self.cfg_mock, pkcs11=self.pkcs11)
def test_bind_kek_metadata_without_existing_key(self): def test_bind_kek_metadata_without_existing_key(self):
kek_datum = models.KEKDatum() kek_datum = models.KEKDatum()
skipping to change at line 287 skipping to change at line 291
def test_cached_kek_expired(self): def test_cached_kek_expired(self):
self.plugin.pkek_cache['expired_kek'] = p11_crypto.CachedKEK(4, 0) self.plugin.pkek_cache['expired_kek'] = p11_crypto.CachedKEK(4, 0)
self.assertIsNone(self.plugin._pkek_cache_get('expired_kek')) self.assertIsNone(self.plugin._pkek_cache_get('expired_kek'))
def test_create_pkcs11(self): def test_create_pkcs11(self):
def _generate_random(session, buf, length): def _generate_random(session, buf, length):
ffi.buffer(buf)[:] = b'0' * length ffi.buffer(buf)[:] = b'0' * length
return pkcs11.CKR_OK return pkcs11.CKR_OK
lib = mock.Mock() lib = mock.Mock()
lib.C_Initialize.return_value = pkcs11.CKR_OK lib.C_Initialize.return_value = pkcs11.CKR_OK
lib.C_GetSlotList.return_value = pkcs11.CKR_OK
lib.C_GetTokenInfo.return_value = pkcs11.CKR_OK
lib.C_OpenSession.return_value = pkcs11.CKR_OK lib.C_OpenSession.return_value = pkcs11.CKR_OK
lib.C_CloseSession.return_value = pkcs11.CKR_OK lib.C_CloseSession.return_value = pkcs11.CKR_OK
lib.C_GetSessionInfo.return_value = pkcs11.CKR_OK lib.C_GetSessionInfo.return_value = pkcs11.CKR_OK
lib.C_Login.return_value = pkcs11.CKR_OK lib.C_Login.return_value = pkcs11.CKR_OK
lib.C_GenerateRandom.side_effect = _generate_random lib.C_GenerateRandom.side_effect = _generate_random
lib.C_SeedRandom.return_value = pkcs11.CKR_OK lib.C_SeedRandom.return_value = pkcs11.CKR_OK
ffi = pkcs11.build_ffi() ffi = pkcs11.build_ffi()
setattr(ffi, 'dlopen', lambda x: lib) setattr(ffi, 'dlopen', lambda x: lib)
p11 = self.plugin._create_pkcs11(self.cfg_mock.p11_crypto_plugin, ffi) p11 = self.plugin._create_pkcs11(ffi)
self.assertIsInstance(p11, pkcs11.PKCS11) self.assertIsInstance(p11, pkcs11.PKCS11)
# test for when plugin_conf.seed_file is not None # test for when plugin_conf.seed_file is not None
self.cfg_mock.p11_crypto_plugin.seed_file = 'seed_file' self.plugin.seed_file = 'seed_file'
d = '01234567' * 4 d = '01234567' * 4
mo = mock.mock_open(read_data=d) mo = mock.mock_open(read_data=d)
with mock.patch(six.moves.builtins.__name__ + '.open', with mock.patch(six.moves.builtins.__name__ + '.open',
mo, mo,
create=True): create=True):
p11 = self.plugin._create_pkcs11( p11 = self.plugin._create_pkcs11(ffi)
self.cfg_mock.p11_crypto_plugin, ffi)
self.assertIsInstance(p11, pkcs11.PKCS11) self.assertIsInstance(p11, pkcs11.PKCS11)
mo.assert_called_once_with('seed_file', 'rb') mo.assert_called_once_with('seed_file', 'rb')
calls = [mock.call('seed_file', 'rb'), calls = [mock.call('seed_file', 'rb'),
mock.call().__enter__(), mock.call().__enter__(),
mock.call().read(32), mock.call().read(32),
mock.call().__exit__(None, None, None)] mock.call().__exit__(None, None, None)]
self.assertEqual(mo.mock_calls, calls) self.assertEqual(mo.mock_calls, calls)
lib.C_SeedRandom.assert_called_once_with(mock.ANY, mock.ANY, 32) lib.C_SeedRandom.assert_called_once_with(mock.ANY, mock.ANY, 32)
self.cfg_mock.p11_crypto_plugin.seed_file = '' self.cfg_mock.p11_crypto_plugin.seed_file = ''
 End of changes. 6 change blocks. 
5 lines changed or deleted 10 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)