Skip to content

Commit

Permalink
fix: unseal_event_response returns correct EventResponse structure
Browse files Browse the repository at this point in the history
BREAKING CHANGE: rename `events_response` to `event_response` to keep proper naming
  • Loading branch information
ilfa committed Aug 9, 2024
1 parent 1ed2fa3 commit c57000c
Show file tree
Hide file tree
Showing 8 changed files with 68 additions and 48 deletions.
7 changes: 3 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -182,17 +182,16 @@ import os

from dotenv import load_dotenv

from fingerprint_pro_server_api_sdk import EventResponse
from fingerprint_pro_server_api_sdk.sealed import unseal_events_response, DecryptionKey, DecryptionAlgorithm
from fingerprint_pro_server_api_sdk import unseal_event_response, DecryptionKey, DecryptionAlgorithm

load_dotenv()

sealed_result = base64.b64decode(os.environ["BASE64_SEALED_RESULT"])
key = base64.b64decode(os.environ["BASE64_KEY"])

try:
events_response: EventResponse = unseal_events_response(sealed_result, [DecryptionKey(key, DecryptionAlgorithm['Aes256Gcm'])])
print("\n\n\nEvent response: \n", events_response.products)
event_response = unseal_event_response(sealed_result, [DecryptionKey(key, DecryptionAlgorithm['Aes256Gcm'])])
print("\n\n\nEvent response: \n", event_response.products)
except Exception as e:
print("Exception when calling unsealing events response: %s\n" % e)
exit(1)
Expand Down
4 changes: 2 additions & 2 deletions docs/SealedResults.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# Sealed results

## **UnsealEventsResponse**
> unseal_events_response(sealed bytes, keys DecryptionKey[]) -> EventResponse
## **UnsealEventResponse**
> unseal_event_response(sealed: bytes, keys: DecryptionKey[]) -> EventResponse
Decrypts the sealed response with provided keys.
### Required Parameters
Expand Down
2 changes: 2 additions & 0 deletions fingerprint_pro_server_api_sdk/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -113,3 +113,5 @@
from fingerprint_pro_server_api_sdk.models.webhook_visit import WebhookVisit
# import custom methods into sdk package
from fingerprint_pro_server_api_sdk.webhook import Webhook
from fingerprint_pro_server_api_sdk.sealed import ApiClientDeserializer, DecryptionAlgorithm, DecryptionKey, \
UnsealError, UnsealAggregateError, unseal_event_response
44 changes: 30 additions & 14 deletions fingerprint_pro_server_api_sdk/sealed.py
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
import json
from typing import List

from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
import zlib

from fingerprint_pro_server_api_sdk.api_client import ApiClientDeserializer
from fingerprint_pro_server_api_sdk.models.event_response import EventResponse

SEALED_HEADER = bytes([0x9e, 0x85, 0xdc, 0xed])
Expand All @@ -12,49 +15,61 @@


class DecryptionKey:
def __init__(self, key, algorithm):
"""Key for decryption of sealed data."""
exception: Exception
algorithm: str

def __init__(self, key: bytes, algorithm: str):
self.key = key
self.algorithm = algorithm


class UnsealError(Exception):
"""Error during unsealing."""
exception: Exception
key: DecryptionKey

def __init__(self, exception, key):
def __init__(self, exception: Exception, key: DecryptionKey):
self.exception = exception
self.key = key


class UnsealAggregateError(Exception):
def __init__(self, errors):
"""Aggregated error during unsealing."""
errors: List[UnsealError]

def __init__(self, errors: List[UnsealError]):
self.errors = errors
super().__init__("Unable to decrypt sealed data")


def parse_events_response(unsealed):
json_data = json.loads(unsealed)
def unseal_event_response(sealed_data: bytes, decryption_keys: List[DecryptionKey]) -> EventResponse:
"""Unseal event response with one of the provided keys."""
unsealed = __unseal(sealed_data, decryption_keys)
return __parse_event_response(unsealed)

if 'products' not in json_data:
raise ValueError('Sealed data is not valid events response')

return EventResponse(json_data['products'])
def __parse_event_response(unsealed: str) -> EventResponse:
"""Parse event response from unsealed data."""
json_data = json.loads(unsealed)

if 'products' not in json_data:
raise ValueError('Sealed data is not valid event response')

def unseal_events_response(sealed_data, decryption_keys):
unsealed = unseal(sealed_data, decryption_keys)
return parse_events_response(unsealed)
result: EventResponse = ApiClientDeserializer.deserialize(json_data, 'EventResponse')
return result


def unseal(sealed_data, decryption_keys):
def __unseal(sealed_data: bytes, decryption_keys: List[DecryptionKey]) -> str:
"""Unseal data with one of the provided keys."""
if sealed_data[:len(SEALED_HEADER)].hex() != SEALED_HEADER.hex():
raise ValueError('Invalid sealed data header')

errors = []
for decryption_key in decryption_keys:
if decryption_key.algorithm == DecryptionAlgorithm['Aes256Gcm']:
try:
return unseal_aes256gcm(sealed_data, decryption_key.key)
return __unseal_aes256gcm(sealed_data, decryption_key.key)
except Exception as e:
errors.append(UnsealError(e, decryption_key))
continue
Expand All @@ -64,7 +79,8 @@ def unseal(sealed_data, decryption_keys):
raise UnsealAggregateError(errors)


def unseal_aes256gcm(sealed_data, decryption_key):
def __unseal_aes256gcm(sealed_data: bytes, decryption_key: bytes) -> str:
"""Unseal data with AES-256-GCM."""
nonce_length = 12
nonce = sealed_data[len(SEALED_HEADER):len(SEALED_HEADER) + nonce_length]

Expand Down
7 changes: 3 additions & 4 deletions sealed_results_example.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,16 @@

from dotenv import load_dotenv

from fingerprint_pro_server_api_sdk import EventResponse
from fingerprint_pro_server_api_sdk.sealed import unseal_events_response, DecryptionKey, DecryptionAlgorithm
from fingerprint_pro_server_api_sdk.sealed import unseal_event_response, DecryptionKey, DecryptionAlgorithm

load_dotenv()

sealed_result = base64.b64decode(os.environ["BASE64_SEALED_RESULT"])
key = base64.b64decode(os.environ["BASE64_KEY"])

try:
events_response: EventResponse = unseal_events_response(sealed_result, [DecryptionKey(key, DecryptionAlgorithm['Aes256Gcm'])])
print("\n\n\nEvent response: \n", events_response.products)
event_response = unseal_event_response(sealed_result, [DecryptionKey(key, DecryptionAlgorithm['Aes256Gcm'])])
print("\n\n\nEvent response: \n", event_response.products)
except Exception as e:
print("Exception when calling unsealing events response: %s\n" % e)
exit(1)
Expand Down
7 changes: 3 additions & 4 deletions template/README.mustache
Original file line number Diff line number Diff line change
Expand Up @@ -188,17 +188,16 @@ import os

from dotenv import load_dotenv

from fingerprint_pro_server_api_sdk import EventResponse
from fingerprint_pro_server_api_sdk.sealed import unseal_events_response, DecryptionKey, DecryptionAlgorithm
from fingerprint_pro_server_api_sdk import unseal_event_response, DecryptionKey, DecryptionAlgorithm

load_dotenv()

sealed_result = base64.b64decode(os.environ["BASE64_SEALED_RESULT"])
key = base64.b64decode(os.environ["BASE64_KEY"])

try:
events_response: EventResponse = unseal_events_response(sealed_result, [DecryptionKey(key, DecryptionAlgorithm['Aes256Gcm'])])
print("\n\n\nEvent response: \n", events_response.products)
event_response = unseal_event_response(sealed_result, [DecryptionKey(key, DecryptionAlgorithm['Aes256Gcm'])])
print("\n\n\nEvent response: \n", event_response.products)
except Exception as e:
print("Exception when calling unsealing events response: %s\n" % e)
exit(1)
Expand Down
2 changes: 2 additions & 0 deletions template/__init__package.mustache
Original file line number Diff line number Diff line change
Expand Up @@ -17,3 +17,5 @@ from {{packageName}}.base_model import BaseModel
{{/model}}{{/models}}
# import custom methods into sdk package
from {{packageName}}.webhook import Webhook
from {{packageName}}.sealed import ApiClientDeserializer, DecryptionAlgorithm, DecryptionKey, \
UnsealError, UnsealAggregateError, unseal_event_response
43 changes: 23 additions & 20 deletions test/test_sealed.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,35 +3,38 @@
import json
import unittest

from fingerprint_pro_server_api_sdk import EventResponse
from fingerprint_pro_server_api_sdk.sealed import DecryptionAlgorithm, DecryptionKey, unseal_events_response, \
UnsealError, UnsealAggregateError

from fingerprint_pro_server_api_sdk import ApiClientDeserializer, DecryptionAlgorithm, DecryptionKey, \
unseal_event_response, UnsealError, UnsealAggregateError, EventResponse, ProductsResponse, \
ProductsResponseIdentification, BrowserDetails

class TestSealed(unittest.TestCase):
valid_key = base64.b64decode('p2PA7MGy5tx56cnyJaFZMr96BCFwZeHjZV2EqMvTq53=')
invalid_key = base64.b64decode('a2PA7MGy5tx56cnyJaFZMr96BCFwZeHjZV2EqMvTq53=')

def test_unseal_aes256gcm(self):
with io.open("./test/mocks/sealed_result.json", 'r', encoding='utf-8') as f:
expected_result = EventResponse(json.load(f)['products'])
expected_result = ApiClientDeserializer.deserialize(json.load(f), 'EventResponse')

sealed_data = base64.b64decode(
'noXc7SXO+mqeAGrvBMgObi/S0fXTpP3zupk8qFqsO/1zdtWCD169iLA3VkkZh9ICHpZ0oWRzqG0M9/TnCeKFohgBLqDp6O0zEfXOv6i5q++aucItznQdLwrKLP+O0blfb4dWVI8/aSbd4ELAZuJJxj9bCoVZ1vk+ShbUXCRZTD30OIEAr3eiG9aw00y1UZIqMgX6CkFlU9L9OnKLsNsyomPIaRHTmgVTI5kNhrnVNyNsnzt9rY7fUD52DQxJILVPrUJ1Q+qW7VyNslzGYBPG0DyYlKbRAomKJDQIkdj/Uwa6bhSTq4XYNVvbk5AJ/dGwvsVdOnkMT2Ipd67KwbKfw5bqQj/cw6bj8Cp2FD4Dy4Ud4daBpPRsCyxBM2jOjVz1B/lAyrOp8BweXOXYugwdPyEn38MBZ5oL4D38jIwR/QiVnMHpERh93jtgwh9Abza6i4/zZaDAbPhtZLXSM5ztdctv8bAb63CppLU541Kf4OaLO3QLvfLRXK2n8bwEwzVAqQ22dyzt6/vPiRbZ5akh8JB6QFXG0QJF9DejsIspKF3JvOKjG2edmC9o+GfL3hwDBiihYXCGY9lElZICAdt+7rZm5UxMx7STrVKy81xcvfaIp1BwGh/HyMsJnkE8IczzRFpLlHGYuNDxdLoBjiifrmHvOCUDcV8UvhSV+UAZtAVejdNGo5G/bz0NF21HUO4pVRPu6RqZIs/aX4hlm6iO/0Ru00ct8pfadUIgRcephTuFC2fHyZxNBC6NApRtLSNLfzYTTo/uSjgcu6rLWiNo5G7yfrM45RXjalFEFzk75Z/fu9lCJJa5uLFgDNKlU+IaFjArfXJCll3apbZp4/LNKiU35ZlB7ZmjDTrji1wLep8iRVVEGht/DW00MTok7Zn7Fv+MlxgWmbZB3BuezwTmXb/fNw==')

result = unseal_events_response(sealed_data, [
result = unseal_event_response(sealed_data, [
DecryptionKey(self.invalid_key, DecryptionAlgorithm['Aes256Gcm']),
DecryptionKey(self.valid_key, DecryptionAlgorithm['Aes256Gcm']),
])

self.assertEqual(result, expected_result)
self.assertIsInstance(result, EventResponse)
self.assertIsInstance(result.products, ProductsResponse)
self.assertIsInstance(result.products.identification, ProductsResponseIdentification)
self.assertIsInstance(result.products.identification.data.browser_details, BrowserDetails)

def test_unseal_invalid_header(self):
sealed_data = base64.b64decode(
'xzXc7SXO+mqeAGrvBMgObi/S0fXTpP3zupk8qFqsO/1zdtWCD169iLA3VkkZh9ICHpZ0oWRzqG0M9/TnCeKFohgBLqDp6O0zEfXOv6i5q++aucItznQdLwrKLP+O0blfb4dWVI8/aSbd4ELAZuJJxj9bCoVZ1vk+ShbUXCRZTD30OIEAr3eiG9aw00y1UZIqMgX6CkFlU9L9OnKLsNsyomPIaRHTmgVTI5kNhrnVNyNsnzt9rY7fUD52DQxJILVPrUJ1Q+qW7VyNslzGYBPG0DyYlKbRAomKJDQIkdj/Uwa6bhSTq4XYNVvbk5AJ/dGwvsVdOnkMT2Ipd67KwbKfw5bqQj/cw6bj8Cp2FD4Dy4Ud4daBpPRsCyxBM2jOjVz1B/lAyrOp8BweXOXYugwdPyEn38MBZ5oL4D38jIwR/QiVnMHpERh93jtgwh9Abza6i4/zZaDAbPhtZLXSM5ztdctv8bAb63CppLU541Kf4OaLO3QLvfLRXK2n8bwEwzVAqQ22dyzt6/vPiRbZ5akh8JB6QFXG0QJF9DejsIspKF3JvOKjG2edmC9o+GfL3hwDBiihYXCGY9lElZICAdt+7rZm5UxMx7STrVKy81xcvfaIp1BwGh/HyMsJnkE8IczzRFpLlHGYuNDxdLoBjiifrmHvOCUDcV8UvhSV+UAZtAVejdNGo5G/bz0NF21HUO4pVRPu6RqZIs/aX4hlm6iO/0Ru00ct8pfadUIgRcephTuFC2fHyZxNBC6NApRtLSNLfzYTTo/uSjgcu6rLWiNo5G7yfrM45RXjalFEFzk75Z/fu9lCJJa5uLFgDNKlU+IaFjArfXJCll3apbZp4/LNKiU35ZlB7ZmjDTrji1wLep8iRVVEGht/DW00MTok7Zn7Fv+MlxgWmbZB3BuezwTmXb/fNw==')

with self.assertRaisesRegex(Exception, "Invalid sealed data header"):
unseal_events_response(sealed_data, [
with self.assertRaisesRegex(ValueError, "Invalid sealed data header"):
unseal_event_response(sealed_data, [
DecryptionKey(self.invalid_key, DecryptionAlgorithm['Aes256Gcm']),
DecryptionKey(self.valid_key, DecryptionAlgorithm['Aes256Gcm']),
])
Expand All @@ -40,8 +43,8 @@ def test_unseal_invalid_algorithm(self):
sealed_data = base64.b64decode(
'noXc7SXO+mqeAGrvBMgObi/S0fXTpP3zupk8qFqsO/1zdtWCD169iLA3VkkZh9ICHpZ0oWRzqG0M9/TnCeKFohgBLqDp6O0zEfXOv6i5q++aucItznQdLwrKLP+O0blfb4dWVI8/aSbd4ELAZuJJxj9bCoVZ1vk+ShbUXCRZTD30OIEAr3eiG9aw00y1UZIqMgX6CkFlU9L9OnKLsNsyomPIaRHTmgVTI5kNhrnVNyNsnzt9rY7fUD52DQxJILVPrUJ1Q+qW7VyNslzGYBPG0DyYlKbRAomKJDQIkdj/Uwa6bhSTq4XYNVvbk5AJ/dGwvsVdOnkMT2Ipd67KwbKfw5bqQj/cw6bj8Cp2FD4Dy4Ud4daBpPRsCyxBM2jOjVz1B/lAyrOp8BweXOXYugwdPyEn38MBZ5oL4D38jIwR/QiVnMHpERh93jtgwh9Abza6i4/zZaDAbPhtZLXSM5ztdctv8bAb63CppLU541Kf4OaLO3QLvfLRXK2n8bwEwzVAqQ22dyzt6/vPiRbZ5akh8JB6QFXG0QJF9DejsIspKF3JvOKjG2edmC9o+GfL3hwDBiihYXCGY9lElZICAdt+7rZm5UxMx7STrVKy81xcvfaIp1BwGh/HyMsJnkE8IczzRFpLlHGYuNDxdLoBjiifrmHvOCUDcV8UvhSV+UAZtAVejdNGo5G/bz0NF21HUO4pVRPu6RqZIs/aX4hlm6iO/0Ru00ct8pfadUIgRcephTuFC2fHyZxNBC6NApRtLSNLfzYTTo/uSjgcu6rLWiNo5G7yfrM45RXjalFEFzk75Z/fu9lCJJa5uLFgDNKlU+IaFjArfXJCll3apbZp4/LNKiU35ZlB7ZmjDTrji1wLep8iRVVEGht/DW00MTok7Zn7Fv+MlxgWmbZB3BuezwTmXb/fNw==')

with self.assertRaisesRegex(Exception, "Unsupported decryption algorithm: invalid"):
unseal_events_response(sealed_data, [
with self.assertRaisesRegex(ValueError, "Unsupported decryption algorithm: invalid"):
unseal_event_response(sealed_data, [
DecryptionKey(self.invalid_key, 'invalid'),
DecryptionKey(self.valid_key, DecryptionAlgorithm['Aes256Gcm']),
])
Expand All @@ -51,8 +54,8 @@ def test_unseal_invalid_data(self):
# "{\"invalid\":true}"
'noXc7VOpBstjjcavDKSKr4HTavt4mdq8h6NC32T0hUtw9S0jXT8lPjZiWL8SyHxmrF3uTGqO+g==')

with self.assertRaisesRegex(Exception, "Sealed data is not valid events response"):
unseal_events_response(sealed_data, [
with self.assertRaisesRegex(ValueError, "Sealed data is not valid events response"):
unseal_event_response(sealed_data, [
DecryptionKey(self.invalid_key, DecryptionAlgorithm['Aes256Gcm']),
DecryptionKey(self.valid_key, DecryptionAlgorithm['Aes256Gcm']),
])
Expand All @@ -61,8 +64,8 @@ def test_unseal_not_compressed_data(self):
sealed_data = base64.b64decode(
'noXc7dtuk0smGE+ZbaoXzrp6Rq8ySxLepejTsu7+jUXlPhV1w+WuHx9gbPhaENJnOQo8BcGmsaRhL5k2NVj+DRNzYO9cQD7wHxmXKCyTbl/dvSYOMoHziUZ2VbQ7tmaorFny26v8jROr/UBGfvPE0dLKC36IN9ZlJ3X0NZJO8SY+8bCr4mTrkVZsv/hpvZp+OjC4h7e5vxcpmnBWXzxfaO79Lq3aMRIEf9XfK7/bVIptHaEqtPKCTwl9rz1KUpUUNQSHTPM0NlqJe9bjYf5mr1uYvWHhcJoXSyRyVMxIv/quRiw3SKJzAMOTBiAvFICpWuRFa+T/xIMHK0g96w/IMQo0jdY1E067ZEvBUOBmsJnGJg1LllS3rbJVe+E2ClFNL8SzFphyvtlcfvYB+SVSD4bzI0w/YCldv5Sq42BFt5bn4n4aE5A6658DYsfSRYWqP6OpqPJx96cY34W7H1t/ZG0ulez6zF5NvWhc1HDQ1gMtXd+K/ogt1n+FyFtn8xzvtSGkmrc2jJgYNI5Pd0Z0ent73z0MKbJx9v2ta/emPEzPr3cndN5amdr6TmRkDU4bq0vyhAh87DJrAnJQLdrvYLddnrr8xTdeXxj1i1Yug6SGncPh9sbTYkdOfuamPAYOuiJVBAMcfYsYEiQndZe8mOQ4bpCr+hxAAqixhZ16pQ8CeUwa247+D2scRymLB8qJXlaERuFZtWGVAZ8VP/GS/9EXjrzpjGX9vlrIPeJP8fh2S5QPzw55cGNJ7JfAdOyManXnoEw2/QzDhSZQARVl+akFgSO0Y13YmbiL7H6HcKWGcJ2ipDKIaj2fJ7GE0Vzyt+CBEezSQR99Igd8x3p2JtvsVKp35iLPksjS1VqtSCTbuIRUlINlfQHNjeQiE/B/61jo3Mf7SmjYjqtvXt5e9RKb+CQku2qH4ZU8xN3DSg+4mLom3BgKBkm/MoyGBpMK41c96d2tRp3tp4hV0F6ac02Crg7P2lw8IUct+i2VJ8VUjcbRfTIPQs0HjNjM6/gLfLCkWOHYrlFjwusXWQCJz91Kq+hVxj7M9LtplPO4AUq6RUMNhlPGUmyOI2tcUMrjq9vMLXGlfdkH185zM4Mk+O7DRLC8683lXZFZvcBEmxr855PqLLH/9SpYKHBoGRatDRdQe3oRp6gHS0jpQ1SW/si4kvLKiUNjiBExvbQVOUV7/VFXvG1RpM9wbzSoOd40gg7ZzD/72QshUC/25DkM/Pm7RBzwtjgmnRKjT+mROeC/7VQLoz3amv09O8Mvbt+h/lX5+51Q834F7NgIGagbB20WtWcMtrmKrvCEZlaoiZrmYVSbi1RfknRK7CTPJkopw9IjO7Ut2EhKZ+jL4rwk6TlVm6EC6Kuj7KNqp6wB/UNe9eM2Eym/aiHAcja8XN4YQhSIuJD2Wxb0n3LkKnAjK1/GY65c8K6rZsVYQ0MQL1j4lMl0UZPjG/vzKyetIsVDyXc4J9ZhOEMYnt/LaxEeSt4EMJGBA9wpTmz33X4h3ij0Y3DY/rH7lrEScUknw20swTZRm5T6q1bnimj7M1OiOkebdI09MZ0nyaTWRHdB7B52C/moh89Q7qa2Fulp5h8Us1FYRkWBLt37a5rGI1IfVeP38KaPbagND+XzWpNqX4HVrAVPLQVK5EwUvGamED3ooJ0FMieTc0IH0N+IeUYG7Q8XmrRVBcw32W8pEfYLO9L71An/J0jQZCIP8DuQnUG0mOvunOuloBGvP/9LvkBlkamh68F0a5f5ny1jloyIFJhRh5dt2SBlbsXS9AKqUwARYSSsA9Ao4WJWOZMyjp8A+qIBAfW65MdhhUDKYMBgIAbMCc3uiptzElQQopE5TT5xIhwfYxa503jVzQbz1Q==')

with self.assertRaisesRegex(Exception, "Unable to decrypt sealed data") as context:
unseal_events_response(sealed_data, [
with self.assertRaisesRegex(UnsealAggregateError, "Unable to decrypt sealed data") as context:
unseal_event_response(sealed_data, [
DecryptionKey(self.invalid_key, DecryptionAlgorithm['Aes256Gcm']),
DecryptionKey(self.valid_key, DecryptionAlgorithm['Aes256Gcm']),
])
Expand All @@ -76,26 +79,26 @@ def test_unseal_all_keys_invalid(self):
sealed_data = base64.b64decode(
'noXc7SXO+mqeAGrvBMgObi/S0fXTpP3zupk8qFqsO/1zdtWCD169iLA3VkkZh9ICHpZ0oWRzqG0M9/TnCeKFohgBLqDp6O0zEfXOv6i5q++aucItznQdLwrKLP+O0blfb4dWVI8/aSbd4ELAZuJJxj9bCoVZ1vk+ShbUXCRZTD30OIEAr3eiG9aw00y1UZIqMgX6CkFlU9L9OnKLsNsyomPIaRHTmgVTI5kNhrnVNyNsnzt9rY7fUD52DQxJILVPrUJ1Q+qW7VyNslzGYBPG0DyYlKbRAomKJDQIkdj/Uwa6bhSTq4XYNVvbk5AJ/dGwvsVdOnkMT2Ipd67KwbKfw5bqQj/cw6bj8Cp2FD4Dy4Ud4daBpPRsCyxBM2jOjVz1B/lAyrOp8BweXOXYugwdPyEn38MBZ5oL4D38jIwR/QiVnMHpERh93jtgwh9Abza6i4/zZaDAbPhtZLXSM5ztdctv8bAb63CppLU541Kf4OaLO3QLvfLRXK2n8bwEwzVAqQ22dyzt6/vPiRbZ5akh8JB6QFXG0QJF9DejsIspKF3JvOKjG2edmC9o+GfL3hwDBiihYXCGY9lElZICAdt+7rZm5UxMx7STrVKy81xcvfaIp1BwGh/HyMsJnkE8IczzRFpLlHGYuNDxdLoBjiifrmHvOCUDcV8UvhSV+UAZtAVejdNGo5G/bz0NF21HUO4pVRPu6RqZIs/aX4hlm6iO/0Ru00ct8pfadUIgRcephTuFC2fHyZxNBC6NApRtLSNLfzYTTo/uSjgcu6rLWiNo5G7yfrM45RXjalFEFzk75Z/fu9lCJJa5uLFgDNKlU+IaFjArfXJCll3apbZp4/LNKiU35ZlB7ZmjDTrji1wLep8iRVVEGht/DW00MTok7Zn7Fv+MlxgWmbZB3BuezwTmXb/fNw==')

with self.assertRaisesRegex(Exception, 'Unable to decrypt sealed data'):
unseal_events_response(sealed_data, [
with self.assertRaisesRegex(UnsealAggregateError, 'Unable to decrypt sealed data'):
unseal_event_response(sealed_data, [
DecryptionKey(self.invalid_key, DecryptionAlgorithm['Aes256Gcm']),
DecryptionKey(self.invalid_key, DecryptionAlgorithm['Aes256Gcm']),
])

def test_unseal_empty_data(self):
sealed_data = bytearray(b'')

with self.assertRaisesRegex(Exception, 'Invalid sealed data header'):
unseal_events_response(sealed_data, [
with self.assertRaisesRegex(ValueError, 'Invalid sealed data header'):
unseal_event_response(sealed_data, [
DecryptionKey(self.invalid_key, DecryptionAlgorithm['Aes256Gcm']),
DecryptionKey(self.valid_key, DecryptionAlgorithm['Aes256Gcm']),
])

def test_unseal_invalid_nonce(self):
sealed_data = bytes([0x9E, 0x85, 0xDC, 0xED, 0xAA, 0xBB, 0xCC])

with self.assertRaisesRegex(Exception, 'Unable to decrypt sealed data') as context:
unseal_events_response(sealed_data, [
with self.assertRaisesRegex(UnsealAggregateError, 'Unable to decrypt sealed data') as context:
unseal_event_response(sealed_data, [
DecryptionKey(self.invalid_key, DecryptionAlgorithm['Aes256Gcm']),
DecryptionKey(self.valid_key, DecryptionAlgorithm['Aes256Gcm']),
])
Expand Down

0 comments on commit c57000c

Please sign in to comment.