test_pskc2pskc.doctest - tests for the pskc2pskc script Copyright (C) 2018 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA >>> from binascii import a2b_hex >>> import shlex >>> import sys >>> import tempfile >>> from pskc import PSKC >>> from pskc.scripts.pskc2pskc import main Sadly we cannot test --help and --version properly because argparse calls exit(0) which doctest does not like. >>> sys.argv = shlex.split('pskc2pskc --help') >>> main() # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... SystemExit: 0 >>> sys.argv = shlex.split('pskc2pskc --version') >>> main() # doctest: +IGNORE_EXCEPTION_DETAIL Traceback (most recent call last): ... SystemExit: 0 We can convert the PSKC file and just dump it to stdout. >>> sys.argv = shlex.split('pskc2pskc tests/rfc6030/figure2.pskcxml') >>> main() #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE +REPORT_UDIFF Issuer-A MTIzNA== We can also save the output to a file. >>> f = tempfile.NamedTemporaryFile() >>> sys.argv = shlex.split( ... 'pskc2pskc tests/rfc6030/figure2.pskcxml --output') + [f.name] >>> main() >>> with open(f.name, 'r') as r: ... x = sys.stdout.write(r.read()) #doctest: +REPORT_UDIFF +NORMALIZE_WHITESPACE Issuer-A MTIzNA== We can also re-write the file without decrypting the data at all. >>> sys.argv = shlex.split( ... 'pskc2pskc tests/encryption/aes128-cbc.pskcxml') >>> main() #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE +REPORT_UDIFF Pre-shared-key SVZJVklWSVZJVklWSVZJViZS3d+rzbWqD74OQPuyiwrD+XlDXK7ef602mwOebfTR AAECAwQFBgcICQoLDA0OD+cIHItlB3Wra1DUpxVvOx2lef1VmNPCMl8jwZqIUqGv CjGsEXpmZYGMyejd8WJdLFRBWE9XGJLiigPObg== This should also work with legacy PSKC files that have a global encryption IV. The output file should be a clean PSKC 1.0 format with the IV embedded in the CipherValue. Note however that the MAC key is missing because it is equal to the encryption key so we cannot make en encrypted version. >>> sys.argv = shlex.split( ... 'pskc2pskc tests/actividentity/test.pskcxml') >>> main() #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE +REPORT_UDIFF ActivIdentity 0950380269 ActivIdentity Xus0lsc+rJLi0nc/ANE0XtRwSU4Zs2AwlO2AqzC+jmSjLEUK4kr2aaKnjHwbovXS SlinEB9YUzcR04MUZDF5dBLtK1c= 837830147 OTP We can also output a decrypted version of an encrypted PSKC file. >>> sys.argv = shlex.split( ... 'pskc2pskc tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/password-encrypted.pskcxml' + ... ' --passwd qwerty') >>> main() #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE +REPORT_UDIFF Token Manufacturer 98765432187 2008-01-01T00:00:00 Credential Issuer MySecondToken ZWcLvpFoXNHAG+lx3+Rw 100 The password can also be read from a file. >>> f = tempfile.NamedTemporaryFile() >>> with open(f.name, 'wt') as f2: # open second file to keep tempfile ... x = f2.write('qwerty\n') >>> sys.argv = shlex.split( ... 'pskc2pskc tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/password-encrypted.pskcxml' + ... ' --passwd') + [f.name] >>> main() #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE +REPORT_UDIFF ... ZWcLvpFoXNHAG+lx3+Rw ... But we get an error if the password is wrong. >>> sys.argv = shlex.split( ... 'pskc2pskc tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/password-encrypted.pskcxml' + ... ' --passwd wrongpassword') >>> main() #doctest: +ELLIPSIS Traceback (most recent call last): ... DecryptionError: ... We can also supply a secret (both on the command line and via a file). >>> sys.argv = shlex.split( ... 'pskc2csv tests/rfc6030/figure6.pskcxml' + ... ' --secret 12345678901234567890123456789012') >>> main() #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE +REPORT_UDIFF ... MTIzNDU2Nzg5MDEyMzQ1Njc4OTA= ... >>> sys.argv = shlex.split( ... 'pskc2csv tests/rfc6030/figure6.pskcxml' + ... ' --secret 12345678901234567890123456789012') >>> main() #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE +REPORT_UDIFF ... MTIzNDU2Nzg5MDEyMzQ1Njc4OTA= ... >>> f = tempfile.NamedTemporaryFile() >>> with open(f.name, 'wb') as f2: # open second file to keep tempfile ... x = f2.write(a2b_hex('12345678901234567890123456789012')) >>> sys.argv = shlex.split( ... 'pskc2csv tests/rfc6030/figure6.pskcxml' + ... ' --secret') + [f.name] >>> main() #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE +REPORT_UDIFF ... MTIzNDU2Nzg5MDEyMzQ1Njc4OTA= ... We can also decrypt a file and configure a new passphrase. >>> sys.argv = shlex.split( ... 'pskc2pskc tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/password-encrypted.pskcxml' + ... ' --passwd qwerty --new-passwd moresecure') >>> main() #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE +REPORT_UDIFF ... ... 16 ... ... ... ... ... Alternatively we can switch from passphrase-based encryption to key-based encryption. >>> sys.argv = shlex.split( ... 'pskc2pskc tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/password-encrypted.pskcxml' + ... ' --passwd qwerty --new-secret 12345678901234567890123456789012') >>> main() #doctest: +ELLIPSIS +NORMALIZE_WHITESPACE +REPORT_UDIFF ... ... ... ... ... If we leave out the original password we get an error. >>> sys.argv = shlex.split( ... 'pskc2pskc tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/password-encrypted.pskcxml' + ... ' --new-passwd moresecure') >>> main() #doctest: +ELLIPSIS Traceback (most recent call last): ... AssertionError