"""Unit tests: encryption functions""" import pytest @pytest.mark.parametrize('condition', ['default', 'override']) def test_get_cipher(runner, paths, condition): """Test _get_cipher()""" if condition == 'override': paths.config.write('[yadm]\n\tcipher = override-cipher') script = f""" YADM_TEST=1 source {paths.pgm} YADM_DIR="{paths.yadm}" set_yadm_dirs configure_paths _get_cipher test-archive echo "output_archive:$output_archive" echo "yadm_cipher:$yadm_cipher" """ run = runner(command=['bash'], inp=script) assert run.success assert run.err == '' assert 'output_archive:test-archive' in run.out if condition == 'override': assert 'yadm_cipher:override-cipher' in run.out else: assert 'yadm_cipher:gpg' in run.out @pytest.mark.parametrize('cipher', ['gpg', 'openssl', 'bad']) @pytest.mark.parametrize('mode', ['_encrypt_to', '_decrypt_from']) def test_encrypt_decrypt(runner, paths, cipher, mode): """Test _encrypt_to() & _decrypt_from""" script = f""" YADM_TEST=1 source {paths.pgm} YADM_DIR="{paths.yadm}" set_yadm_dirs configure_paths function mock_openssl() {{ echo openssl $*; }} function mock_gpg() {{ echo gpg $*; }} function _get_cipher() {{ output_archive="$1" yadm_cipher="{cipher}" }} OPENSSL_PROGRAM=mock_openssl GPG_PROGRAM=mock_gpg {mode} {paths.archive} """ run = runner(command=['bash'], inp=script) if cipher != 'bad': assert run.success assert run.out.startswith(cipher) assert str(paths.archive) in run.out assert run.err == '' else: assert run.failure assert 'Unknown cipher' in run.err @pytest.mark.parametrize('condition', ['default', 'override']) def test_get_openssl_ciphername(runner, paths, condition): """Test _get_openssl_ciphername()""" if condition == 'override': paths.config.write('[yadm]\n\topenssl-ciphername = override-cipher') script = f""" YADM_TEST=1 source {paths.pgm} YADM_DIR="{paths.yadm}" set_yadm_dirs configure_paths result=$(_get_openssl_ciphername) echo "result:$result" """ run = runner(command=['bash'], inp=script) assert run.success assert run.err == '' if condition == 'override': assert run.out.strip() == 'result:override-cipher' else: assert run.out.strip() == 'result:aes-256-cbc' @pytest.mark.parametrize('condition', ['old', 'not-old']) def test_set_openssl_options(runner, paths, condition): """Test _set_openssl_options()""" if condition == 'old': paths.config.write('[yadm]\n\topenssl-old = true') script = f""" YADM_TEST=1 source {paths.pgm} YADM_DIR="{paths.yadm}" set_yadm_dirs configure_paths function _get_openssl_ciphername() {{ echo "testcipher"; }} _set_openssl_options echo "result:${{OPENSSL_OPTS[@]}}" """ run = runner(command=['bash'], inp=script) assert run.success assert run.err == '' if condition == 'old': assert '-testcipher -salt -md md5' in run.out else: assert '-testcipher -salt -pbkdf2 -iter 100000 -md sha512' in run.out @pytest.mark.parametrize('recipient', ['ASK', 'present', '']) def test_set_gpg_options(runner, paths, recipient): """Test _set_gpg_options()""" paths.config.write(f'[yadm]\n\tgpg-recipient = {recipient}') script = f""" YADM_TEST=1 source {paths.pgm} YADM_DIR="{paths.yadm}" set_yadm_dirs configure_paths _set_gpg_options echo "result:${{GPG_OPTS[@]}}" """ run = runner(command=['bash'], inp=script) assert run.success assert run.err == '' if recipient == 'ASK': assert run.out.strip() == 'result:--no-default-recipient -e' elif recipient != '': assert run.out.strip() == f'result:-e -r {recipient}' else: assert run.out.strip() == 'result:-c'