"""Unit tests: encryption functions"""
import pytest
@pytest.mark.parametrize('condition', ['default', 'override'])
def test_get_cipher(runner, paths, condition):
"""Test _get_cipher()"""
if condition == 'override':
paths.config.write('[yadm]\n\tcipher = override-cipher')
script = f"""
YADM_TEST=1 source {paths.pgm}
YADM_DIR="{paths.yadm}"
set_yadm_dirs
configure_paths
_get_cipher test-archive
echo "output_archive:$output_archive"
echo "yadm_cipher:$yadm_cipher"
"""
run = runner(command=['bash'], inp=script)
assert run.success
assert run.err == ''
assert 'output_archive:test-archive' in run.out
if condition == 'override':
assert 'yadm_cipher:override-cipher' in run.out
else:
assert 'yadm_cipher:gpg' in run.out
@pytest.mark.parametrize('cipher', ['gpg', 'openssl', 'bad'])
@pytest.mark.parametrize('mode', ['_encrypt_to', '_decrypt_from'])
def test_encrypt_decrypt(runner, paths, cipher, mode):
"""Test _encrypt_to() & _decrypt_from"""
script = f"""
YADM_TEST=1 source {paths.pgm}
YADM_DIR="{paths.yadm}"
set_yadm_dirs
configure_paths
function mock_openssl() {{ echo openssl $*; }}
function mock_gpg() {{ echo gpg $*; }}
function _get_cipher() {{
output_archive="$1"
yadm_cipher="{cipher}"
}}
OPENSSL_PROGRAM=mock_openssl
GPG_PROGRAM=mock_gpg
{mode} {paths.archive}
"""
run = runner(command=['bash'], inp=script)
if cipher != 'bad':
assert run.success
assert run.out.startswith(cipher)
assert str(paths.archive) in run.out
assert run.err == ''
else:
assert run.failure
assert 'Unknown cipher' in run.err
@pytest.mark.parametrize('condition', ['default', 'override'])
def test_get_openssl_ciphername(runner, paths, condition):
"""Test _get_openssl_ciphername()"""
if condition == 'override':
paths.config.write('[yadm]\n\topenssl-ciphername = override-cipher')
script = f"""
YADM_TEST=1 source {paths.pgm}
YADM_DIR="{paths.yadm}"
set_yadm_dirs
configure_paths
result=$(_get_openssl_ciphername)
echo "result:$result"
"""
run = runner(command=['bash'], inp=script)
assert run.success
assert run.err == ''
if condition == 'override':
assert run.out.strip() == 'result:override-cipher'
else:
assert run.out.strip() == 'result:aes-256-cbc'
@pytest.mark.parametrize('condition', ['old', 'not-old'])
def test_set_openssl_options(runner, paths, condition):
"""Test _set_openssl_options()"""
if condition == 'old':
paths.config.write('[yadm]\n\topenssl-old = true')
script = f"""
YADM_TEST=1 source {paths.pgm}
YADM_DIR="{paths.yadm}"
set_yadm_dirs
configure_paths
function _get_openssl_ciphername() {{ echo "testcipher"; }}
_set_openssl_options
echo "result:${{OPENSSL_OPTS[@]}}"
"""
run = runner(command=['bash'], inp=script)
assert run.success
assert run.err == ''
if condition == 'old':
assert '-testcipher -salt -md md5' in run.out
else:
assert '-testcipher -salt -pbkdf2 -iter 100000 -md sha512' in run.out
@pytest.mark.parametrize('recipient', ['ASK', 'present', ''])
def test_set_gpg_options(runner, paths, recipient):
"""Test _set_gpg_options()"""
paths.config.write(f'[yadm]\n\tgpg-recipient = {recipient}')
script = f"""
YADM_TEST=1 source {paths.pgm}
YADM_DIR="{paths.yadm}"
set_yadm_dirs
configure_paths
_set_gpg_options
echo "result:${{GPG_OPTS[@]}}"
"""
run = runner(command=['bash'], inp=script)
assert run.success
assert run.err == ''
if recipient == 'ASK':
assert run.out.strip() == 'result:--no-default-recipient -e'
elif recipient != '':
assert run.out.strip() == f'result:-e -r {recipient}'
else:
assert run.out.strip() == 'result:-c'