1#!/usr/bin/env python 2############################################################################# 3# Copyright (c) 2020 One Identity 4# 5# This program is free software; you can redistribute it and/or modify it 6# under the terms of the GNU General Public License version 2 as published 7# by the Free Software Foundation, or (at your option) any later version. 8# 9# This program is distributed in the hope that it will be useful, 10# but WITHOUT ANY WARRANTY; without even the implied warranty of 11# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12# GNU General Public License for more details. 13# 14# You should have received a copy of the GNU General Public License 15# along with this program; if not, write to the Free Software 16# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 17# 18# As an additional exemption you are allowed to compile & link against the 19# OpenSSL libraries as published by the OpenSSL project. See the file 20# COPYING for details. 21# 22############################################################################# 23import pytest 24from pathlib2 import Path 25 26import src.testcase_parameters.testcase_parameters as tc_parameters 27from src.common.file import copy_file 28from src.executors.command_executor import CommandExecutor 29from src.syslog_ng.syslog_ng_paths import SyslogNgPaths 30 31 32class SecureLogging(): 33 def __init__(self, testcase_parameters): 34 self.instance_paths = SyslogNgPaths(testcase_parameters).set_syslog_ng_paths("server") 35 self.master_key = None 36 self.derived_key = None 37 self.decryption_key = None 38 self.slogkey = self.instance_paths.get_slogkey_bin() 39 self.slogverify = self.instance_paths.get_slogverify_bin() 40 41 self.create_master_key() 42 self.create_derived_key() 43 self.create_decryption_key() 44 45 def create_master_key(self): 46 slogkey_stdout = Path(tc_parameters.WORKING_DIR, "slogkey_stdout_master") 47 slogkey_stderr = Path(tc_parameters.WORKING_DIR, "slogkey_stderr_master") 48 49 self.master_key = Path(tc_parameters.WORKING_DIR, "master.key") 50 51 CommandExecutor().run( 52 [self.slogkey, "-m", self.master_key], 53 slogkey_stdout, 54 slogkey_stderr, 55 ) 56 57 def create_derived_key(self): 58 slogkey_stdout = Path(tc_parameters.WORKING_DIR, "slogkey_stdout_derived") 59 slogkey_stderr = Path(tc_parameters.WORKING_DIR, "slogkey_stderr_derived") 60 61 self.derived_key = Path(tc_parameters.WORKING_DIR, "derived.key") 62 self.cmac = Path(tc_parameters.WORKING_DIR, "cmac") 63 64 CommandExecutor().run( 65 [self.slogkey, "-d", self.master_key, "foo", "bar", self.derived_key], 66 slogkey_stdout, 67 slogkey_stderr, 68 ) 69 70 def create_decryption_key(self): 71 self.decryption_key = Path(tc_parameters.WORKING_DIR, "decryption.key") 72 copy_file(self.derived_key, self.decryption_key) 73 74 def decrypt(self, input_file): 75 slogverify_stdout = Path(tc_parameters.WORKING_DIR, "slogverify_stdout") 76 slogverify_stderr = Path(tc_parameters.WORKING_DIR, "slogverify_stderr") 77 encrypted = Path(tc_parameters.WORKING_DIR, input_file) 78 decrypted = Path(tc_parameters.WORKING_DIR, "decrypted.txt") 79 80 CommandExecutor().run( 81 [ 82 self.slogverify, 83 "-k", self.decryption_key, 84 "-m", self.cmac, 85 encrypted, decrypted, 86 ], 87 slogverify_stdout, 88 slogverify_stderr, 89 ) 90 return decrypted.read_text().rstrip("\n").split("\n") 91 92 93@pytest.fixture 94def slog(testcase_parameters): 95 yield SecureLogging(testcase_parameters) 96