test_pskc2pskc.doctest - tests for the pskc2pskc script
Copyright (C) 2018 Arthur de Jong
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA
>>> from binascii import a2b_hex
>>> import shlex
>>> import sys
>>> import tempfile
>>> from pskc import PSKC
>>> from pskc.scripts.pskc2pskc import main
Sadly we cannot test --help and --version properly because argparse calls
exit(0) which doctest does not like.
>>> sys.argv = shlex.split('pskc2pskc --help')
>>> main() # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
SystemExit: 0
>>> sys.argv = shlex.split('pskc2pskc --version')
>>> main() # doctest: +IGNORE_EXCEPTION_DETAIL
Traceback (most recent call last):
...
SystemExit: 0
We can convert the PSKC file and just dump it to stdout.
>>> sys.argv = shlex.split('pskc2pskc tests/rfc6030/figure2.pskcxml')
>>> main() #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE +REPORT_UDIFF
Issuer-A
MTIzNA==
We can also save the output to a file.
>>> f = tempfile.NamedTemporaryFile()
>>> sys.argv = shlex.split(
... 'pskc2pskc tests/rfc6030/figure2.pskcxml --output') + [f.name]
>>> main()
>>> with open(f.name, 'r') as r:
... x = sys.stdout.write(r.read()) #doctest: +REPORT_UDIFF +NORMALIZE_WHITESPACE
Issuer-A
MTIzNA==
We can also re-write the file without decrypting the data at all.
>>> sys.argv = shlex.split(
... 'pskc2pskc tests/encryption/aes128-cbc.pskcxml')
>>> main() #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE +REPORT_UDIFF
Pre-shared-key
SVZJVklWSVZJVklWSVZJViZS3d+rzbWqD74OQPuyiwrD+XlDXK7ef602mwOebfTR
AAECAwQFBgcICQoLDA0OD+cIHItlB3Wra1DUpxVvOx2lef1VmNPCMl8jwZqIUqGv
CjGsEXpmZYGMyejd8WJdLFRBWE9XGJLiigPObg==
This should also work with legacy PSKC files that have a global encryption
IV. The output file should be a clean PSKC 1.0 format with the IV embedded in
the CipherValue. Note however that the MAC key is missing because it is equal
to the encryption key so we cannot make en encrypted version.
>>> sys.argv = shlex.split(
... 'pskc2pskc tests/actividentity/test.pskcxml')
>>> main() #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE +REPORT_UDIFF
ActivIdentity
0950380269
ActivIdentity
Xus0lsc+rJLi0nc/ANE0XtRwSU4Zs2AwlO2AqzC+jmSjLEUK4kr2aaKnjHwbovXS
SlinEB9YUzcR04MUZDF5dBLtK1c=
837830147
OTP
We can also output a decrypted version of an encrypted PSKC file.
>>> sys.argv = shlex.split(
... 'pskc2pskc tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/password-encrypted.pskcxml' +
... ' --passwd qwerty')
>>> main() #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE +REPORT_UDIFF
Token Manufacturer
98765432187
2008-01-01T00:00:00
Credential Issuer
MySecondToken
ZWcLvpFoXNHAG+lx3+Rw
100
The password can also be read from a file.
>>> f = tempfile.NamedTemporaryFile()
>>> with open(f.name, 'wt') as f2: # open second file to keep tempfile
... x = f2.write('qwerty\n')
>>> sys.argv = shlex.split(
... 'pskc2pskc tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/password-encrypted.pskcxml' +
... ' --passwd') + [f.name]
>>> main() #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE +REPORT_UDIFF
...
ZWcLvpFoXNHAG+lx3+Rw
...
But we get an error if the password is wrong.
>>> sys.argv = shlex.split(
... 'pskc2pskc tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/password-encrypted.pskcxml' +
... ' --passwd wrongpassword')
>>> main() #doctest: +ELLIPSIS
Traceback (most recent call last):
...
DecryptionError: ...
We can also supply a secret (both on the command line and via a file).
>>> sys.argv = shlex.split(
... 'pskc2csv tests/rfc6030/figure6.pskcxml' +
... ' --secret 12345678901234567890123456789012')
>>> main() #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE +REPORT_UDIFF
...
MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=
...
>>> sys.argv = shlex.split(
... 'pskc2csv tests/rfc6030/figure6.pskcxml' +
... ' --secret 12345678901234567890123456789012')
>>> main() #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE +REPORT_UDIFF
...
MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=
...
>>> f = tempfile.NamedTemporaryFile()
>>> with open(f.name, 'wb') as f2: # open second file to keep tempfile
... x = f2.write(a2b_hex('12345678901234567890123456789012'))
>>> sys.argv = shlex.split(
... 'pskc2csv tests/rfc6030/figure6.pskcxml' +
... ' --secret') + [f.name]
>>> main() #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE +REPORT_UDIFF
...
MTIzNDU2Nzg5MDEyMzQ1Njc4OTA=
...
We can also decrypt a file and configure a new passphrase.
>>> sys.argv = shlex.split(
... 'pskc2pskc tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/password-encrypted.pskcxml' +
... ' --passwd qwerty --new-passwd moresecure')
>>> main() #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE +REPORT_UDIFF
...
...
16
...
...
...
...
...
Alternatively we can switch from passphrase-based encryption to key-based
encryption.
>>> sys.argv = shlex.split(
... 'pskc2pskc tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/password-encrypted.pskcxml' +
... ' --passwd qwerty --new-secret 12345678901234567890123456789012')
>>> main() #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE +REPORT_UDIFF
...
...
...
...
...
If we leave out the original password we get an error.
>>> sys.argv = shlex.split(
... 'pskc2pskc tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/password-encrypted.pskcxml' +
... ' --new-passwd moresecure')
>>> main() #doctest: +ELLIPSIS
Traceback (most recent call last):
...
AssertionError