diff --git a/AUTHORS.md b/AUTHORS.md index f8b47d9..e1e95c1 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -1,5 +1,5 @@ - Abhishek Ram @abhishek-ram -- Chad Gates @chadgates +- Wassilios Lytras @chadgates - Bruno Ribeiro da Silva @loop0 - Robin C Samuel @robincsamuel - Brandon Joyce @brandonjoyce diff --git a/CHANGELOG.md b/CHANGELOG.md index 356f159..eb7674e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,8 +1,14 @@ # Release History +## 1.4.4 - 2024- + +* feat: added partnership lookup function +* feat: added support for async callback functions +* feat: added support for optional key encryption algorithm rsaes_oaep for encryption and decryption + ## 1.4.3 - 2023-01-25 -* fix: update pyopenssl version to resovle pyca/cryptography#7959 +* fix: update pyopenssl version to resolve pyca/cryptography#7959 ## 1.4.2 - 2022-12-11 diff --git a/pyas2lib/as2.py b/pyas2lib/as2.py index 12ebac7..74ae207 100644 --- a/pyas2lib/as2.py +++ b/pyas2lib/as2.py @@ -1,7 +1,9 @@ """Define the core functions/classes of the pyas2 package.""" -import logging -import hashlib +import asyncio import binascii +import hashlib +import inspect +import logging import traceback from dataclasses import dataclass from email import encoders @@ -9,6 +11,7 @@ from email import message_from_bytes as parse_mime from email import utils as email_utils from email.mime.multipart import MIMEMultipart + from oscrypto import asymmetric from pyas2lib.cms import ( @@ -179,6 +182,12 @@ class Partner: :param canonicalize_as_binary: force binary canonicalization for this partner + :param sign_alg: The signing algorithm to be used for generating the + signature. (default `rsassa_pkcs1v15`) + + :param key_enc_alg: The key encryption algorithm to be used. + (default `rsaes_pkcs1v15`) + """ as2_name: str @@ -197,6 +206,8 @@ class Partner: mdn_confirm_text: str = MDN_CONFIRM_TEXT ignore_self_signed: bool = True canonicalize_as_binary: bool = False + sign_alg: str = "rsassa_pkcs1v15" + key_enc_alg: str = "rsaes_pkcs1v15" def __post_init__(self): """Run the post initialisation checks for this class.""" @@ -466,7 +477,10 @@ def build( ) del signature["MIME-Version"] signature_data = sign_message( - mic_content, self.digest_alg, self.sender.sign_key + mic_content, + self.digest_alg, + self.sender.sign_key, + self.receiver.sign_alg, ) signature.set_payload(signature_data) encoders.encode_base64(signature) @@ -539,7 +553,14 @@ def _decompress_data(self, payload): return False, payload - def parse(self, raw_content, find_org_cb, find_partner_cb, find_message_cb=None): + async def aparse( + self, + raw_content, + find_org_cb=None, + find_partner_cb=None, + find_message_cb=None, + find_org_partner_cb=None, + ): """Function parses the RAW AS2 message; decrypts, verifies and decompresses it and extracts the payload. @@ -547,18 +568,26 @@ def parse(self, raw_content, find_org_cb, find_partner_cb, find_message_cb=None) A byte string of the received HTTP headers followed by the body. :param find_org_cb: - A callback the returns an Organization object if exists. The - as2-to header value is passed as an argument to it. + A conditional callback the returns an Organization object if exists. The + as2-to header value is passed as an argument to it. Must be provided + when find_partner_cb is provided and find_org_partner_cb is None :param find_partner_cb: - A callback the returns an Partner object if exists. The - as2-from header value is passed as an argument to it. + An conditional callback the returns an Partner object if exists. The + as2-from header value is passed as an argument to it. Must be provided + when find_org_cb is provided and find_org_partner_cb is None. :param find_message_cb: An optional callback the returns an Message object if exists in order to check for duplicates. The message id and partner id is passed as arguments to it. + :param find_org_partner_cb: + A conditional callback that return Organization object and + Partner object if exist. The as2-to and as2-from header value + are passed as an argument to it. Must be provided + when find_org_cb and find_org_partner_cb is None. + :return: A three element tuple containing (status, (exception, traceback) , mdn). The status is a string indicating the status of the @@ -567,6 +596,18 @@ def parse(self, raw_content, find_org_cb, find_partner_cb, find_message_cb=None) the partner did not request it. """ + # Validate passed arguments + if not any( + [ + find_org_cb and find_partner_cb and not find_org_partner_cb, + find_org_partner_cb and not find_partner_cb and not find_org_cb, + ] + ): + raise TypeError( + "Incorrect arguments passed: either find_org_cb and find_partner_cb " + "or only find_org_partner_cb must be passed." + ) + # Parse the raw MIME message and extract its content and headers status, detailed_status, exception, mdn = "processed", None, (None, None), None self.payload = parse_mime(raw_content) @@ -580,19 +621,42 @@ def parse(self, raw_content, find_org_cb, find_partner_cb, find_message_cb=None) try: # Get the organization and partner for this transmission org_id = unquote_as2name(as2_headers["as2-to"]) - self.receiver = find_org_cb(org_id) + partner_id = unquote_as2name(as2_headers["as2-from"]) + + if find_org_partner_cb: + if inspect.iscoroutinefunction(find_org_partner_cb): + self.receiver, self.sender = await find_org_partner_cb( + org_id, partner_id + ) + else: + self.receiver, self.sender = find_org_partner_cb(org_id, partner_id) + + elif find_org_cb and find_partner_cb: + if inspect.iscoroutinefunction(find_org_cb): + self.receiver = await find_org_cb(org_id) + else: + self.receiver = find_org_cb(org_id) + + if inspect.iscoroutinefunction(find_partner_cb): + self.sender = await find_partner_cb(partner_id) + else: + self.sender = find_partner_cb(partner_id) + if not self.receiver: raise PartnerNotFound(f"Unknown AS2 organization with id {org_id}") - partner_id = unquote_as2name(as2_headers["as2-from"]) - self.sender = find_partner_cb(partner_id) if not self.sender: raise PartnerNotFound(f"Unknown AS2 partner with id {partner_id}") - if find_message_cb and find_message_cb(self.message_id, partner_id): - raise DuplicateDocument( - "Duplicate message received, message with this ID already processed." - ) + if find_message_cb: + if inspect.iscoroutinefunction(find_message_cb): + message_exists = await find_message_cb(self.message_id, partner_id) + else: + message_exists = find_message_cb(self.message_id, partner_id) + if message_exists: + raise DuplicateDocument( + "Duplicate message received, message with this ID already processed." + ) if ( self.sender.encrypt @@ -713,6 +777,18 @@ def parse(self, raw_content, find_org_cb, find_partner_cb, find_message_cb=None) return status, exception, mdn + def parse(self, *args, **kwargs): + """ + A synchronous wrapper for the asynchronous parse method. + It runs the parse coroutine in an event loop and returns the result. + """ + loop = asyncio.get_event_loop() + if loop.is_running(): + raise RuntimeError( + "Cannot run synchronous parse within an already running event loop, use aparse." + ) + return loop.run_until_complete(self.aparse(*args, **kwargs)) + class Mdn: """Class for handling AS2 MDNs. Includes functions for both @@ -865,7 +941,10 @@ def build( del signature["MIME-Version"] signed_data = sign_message( - canonicalize(self.payload), self.digest_alg, message.receiver.sign_key + canonicalize(self.payload), + self.digest_alg, + message.receiver.sign_key, + message.sender.sign_alg, ) signature.set_payload(signed_data) encoders.encode_base64(signature) @@ -888,7 +967,7 @@ def build( f"content:\n {mime_to_bytes(self.payload)}" ) - def parse(self, raw_content, find_message_cb): + async def aparse(self, raw_content, find_message_cb): """Function parses the RAW AS2 MDN, verifies it and extracts the processing status of the orginal AS2 message. @@ -913,7 +992,17 @@ def parse(self, raw_content, find_message_cb): self.orig_message_id, orig_recipient = self.detect_mdn() # Call the find message callback which should return a Message instance - orig_message = find_message_cb(self.orig_message_id, orig_recipient) + if inspect.iscoroutinefunction(find_message_cb): + orig_message = await find_message_cb( + self.orig_message_id, orig_recipient + ) + else: + orig_message = find_message_cb(self.orig_message_id, orig_recipient) + + if not orig_message: + status = "failed/Failure" + details_status = "original-message-not-found" + return status, details_status # Extract the headers and save it mdn_headers = {} @@ -991,6 +1080,18 @@ def parse(self, raw_content, find_message_cb): logger.error(f"Failed to parse AS2 MDN\n: {traceback.format_exc()}") return status, detailed_status + def parse(self, *args, **kwargs): + """ + A synchronous wrapper for the asynchronous parse method. + It runs the parse coroutine in an event loop and returns the result. + """ + loop = asyncio.get_event_loop() + if loop.is_running(): + raise RuntimeError( + "Cannot run synchronous parse within an already running event loop, use aparse." + ) + return loop.run_until_complete(self.aparse(*args, **kwargs)) + def detect_mdn(self): """Function checks if the received raw message is an AS2 MDN or not. diff --git a/pyas2lib/cms.py b/pyas2lib/cms.py index 0172980..8366bb6 100644 --- a/pyas2lib/cms.py +++ b/pyas2lib/cms.py @@ -3,7 +3,7 @@ import zlib from datetime import datetime, timezone -from asn1crypto import cms, core, algos +from asn1crypto import algos, cms, core from asn1crypto.cms import SMIMECapabilityIdentifier from oscrypto import asymmetric, symmetric, util @@ -65,12 +65,15 @@ def decompress_message(compressed_data): raise DecompressionError("Decompression failed with cause: {}".format(e)) from e -def encrypt_message(data_to_encrypt, enc_alg, encryption_cert): +def encrypt_message( + data_to_encrypt, enc_alg, encryption_cert, key_enc_alg="rsaes_pkcs1v15" +): """Function encrypts data and returns the generated ASN.1 :param data_to_encrypt: A byte string of the data to be encrypted :param enc_alg: The algorithm to be used for encrypting the data :param encryption_cert: The certificate to be used for encrypting the data + :param key_enc_alg: The algo for the key encryption: rsaes_pkcs1v15 (default) or rsaes_oaep :return: A CMS ASN.1 byte string of the encrypted data. """ @@ -136,7 +139,12 @@ def encrypt_message(data_to_encrypt, enc_alg, encryption_cert): raise AS2Exception("Unsupported Encryption Algorithm") # Encrypt the key and build the ASN.1 message - encrypted_key = asymmetric.rsa_pkcs1v15_encrypt(encryption_cert, key) + if key_enc_alg == "rsaes_pkcs1v15": + encrypted_key = asymmetric.rsa_pkcs1v15_encrypt(encryption_cert, key) + elif key_enc_alg == "rsaes_oaep": + encrypted_key = asymmetric.rsa_oaep_encrypt(encryption_cert, key) + else: + raise AS2Exception(f"Unsupported Key Encryption Scheme: {key_enc_alg}") return cms.ContentInfo( { @@ -163,7 +171,11 @@ def encrypt_message(data_to_encrypt, enc_alg, encryption_cert): } ), "key_encryption_algorithm": cms.KeyEncryptionAlgorithm( - {"algorithm": cms.KeyEncryptionAlgorithmId("rsa")} + { + "algorithm": cms.KeyEncryptionAlgorithmId( + key_enc_alg + ) + } ), "encrypted_key": cms.OctetString(encrypted_key), } @@ -199,47 +211,52 @@ def decrypt_message(encrypted_data, decryption_key): key_enc_alg = recipient_info["key_encryption_algorithm"]["algorithm"].native encrypted_key = recipient_info["encrypted_key"].native - if cms.KeyEncryptionAlgorithmId(key_enc_alg) == cms.KeyEncryptionAlgorithmId( - "rsa" - ): - try: + try: + if cms.KeyEncryptionAlgorithmId( + key_enc_alg + ) == cms.KeyEncryptionAlgorithmId("rsaes_pkcs1v15"): key = asymmetric.rsa_pkcs1v15_decrypt(decryption_key[0], encrypted_key) - except Exception as e: - raise DecryptionError( - "Failed to decrypt the payload: Could not extract decryption key." - ) from e - - alg = cms_content["content"]["encrypted_content_info"][ - "content_encryption_algorithm" - ] - encapsulated_data = cms_content["content"]["encrypted_content_info"][ - "encrypted_content" - ].native - try: - if alg["algorithm"].native == "rc4": - decrypted_content = symmetric.rc4_decrypt(key, encapsulated_data) - elif alg.encryption_cipher == "tripledes": - cipher = "tripledes_192_cbc" - decrypted_content = symmetric.tripledes_cbc_pkcs5_decrypt( - key, encapsulated_data, alg.encryption_iv - ) - elif alg.encryption_cipher == "aes": - decrypted_content = symmetric.aes_cbc_pkcs7_decrypt( - key, encapsulated_data, alg.encryption_iv - ) - elif alg.encryption_cipher == "rc2": - decrypted_content = symmetric.rc2_cbc_pkcs5_decrypt( - key, encapsulated_data, alg["parameters"]["iv"].native - ) - else: - raise AS2Exception("Unsupported Encryption Algorithm") - except Exception as e: - raise DecryptionError( - "Failed to decrypt the payload: {}".format(e) - ) from e - else: - raise AS2Exception("Unsupported Encryption Algorithm") + elif cms.KeyEncryptionAlgorithmId( + key_enc_alg + ) == cms.KeyEncryptionAlgorithmId("rsaes_oaep"): + key = asymmetric.rsa_oaep_decrypt(decryption_key[0], encrypted_key) + else: + raise AS2Exception( + f"Unsupported Key Encryption Algorithm {key_enc_alg}" + ) + except Exception as e: + raise DecryptionError( + "Failed to decrypt the payload: Could not extract decryption key." + ) from e + + alg = cms_content["content"]["encrypted_content_info"][ + "content_encryption_algorithm" + ] + encapsulated_data = cms_content["content"]["encrypted_content_info"][ + "encrypted_content" + ].native + + try: + if alg["algorithm"].native == "rc4": + decrypted_content = symmetric.rc4_decrypt(key, encapsulated_data) + elif alg.encryption_cipher == "tripledes": + cipher = "tripledes_192_cbc" + decrypted_content = symmetric.tripledes_cbc_pkcs5_decrypt( + key, encapsulated_data, alg.encryption_iv + ) + elif alg.encryption_cipher == "aes": + decrypted_content = symmetric.aes_cbc_pkcs7_decrypt( + key, encapsulated_data, alg.encryption_iv + ) + elif alg.encryption_cipher == "rc2": + decrypted_content = symmetric.rc2_cbc_pkcs5_decrypt( + key, encapsulated_data, alg["parameters"]["iv"].native + ) + else: + raise AS2Exception("Unsupported Encryption Algorithm") + except Exception as e: + raise DecryptionError("Failed to decrypt the payload: {}".format(e)) from e else: raise DecryptionError("Encrypted data not found in ASN.1 ") diff --git a/pyas2lib/tests/test_advanced.py b/pyas2lib/tests/test_advanced.py index 0bc6db7..836c90b 100644 --- a/pyas2lib/tests/test_advanced.py +++ b/pyas2lib/tests/test_advanced.py @@ -390,6 +390,33 @@ def test_mdn_not_found(self): self.assertEqual(status, "failed/Failure") self.assertEqual(detailed_status, "mdn-not-found") + def test_mdn_original_message_not_found(self): + """Test that the MDN parser raises MDN not found when a non MDN message is passed.""" + self.partner.mdn_mode = as2.SYNCHRONOUS_MDN + self.out_message = as2.Message(self.org, self.partner) + self.out_message.build(self.test_data) + + # Parse the generated AS2 message as the partner + raw_out_message = ( + self.out_message.headers_str + b"\r\n" + self.out_message.content + ) + in_message = as2.Message() + _, _, mdn = in_message.parse( + raw_out_message, + find_org_cb=self.find_org, + find_partner_cb=self.find_partner, + find_message_cb=lambda x, y: False, + ) + + # Parse the MDN + out_mdn = as2.Mdn() + status, detailed_status = out_mdn.parse( + mdn.headers_str + b"\r\n" + mdn.content, find_message_cb=lambda x, y: False + ) + + self.assertEqual(status, "failed/Failure") + self.assertEqual(detailed_status, "original-message-not-found") + def test_unsigned_mdn_sent_error(self): """Test the case where a signed mdn was expected but unsigned mdn was returned.""" self.partner.mdn_mode = as2.SYNCHRONOUS_MDN diff --git a/pyas2lib/tests/test_async.py b/pyas2lib/tests/test_async.py new file mode 100644 index 0000000..d266071 --- /dev/null +++ b/pyas2lib/tests/test_async.py @@ -0,0 +1,131 @@ +import pytest +from pyas2lib import as2 +import os + +from pyas2lib.tests import TEST_DIR + +with open(os.path.join(TEST_DIR, "payload.txt"), "rb") as fp: + test_data = fp.read() + +with open(os.path.join(TEST_DIR, "cert_test.p12"), "rb") as fp: + private_key = fp.read() + +with open(os.path.join(TEST_DIR, "cert_test_public.pem"), "rb") as fp: + public_key = fp.read() + +org = as2.Organization( + as2_name="some_organization", + sign_key=private_key, + sign_key_pass="test", + decrypt_key=private_key, + decrypt_key_pass="test", +) +partner = as2.Partner( + as2_name="some_partner", + verify_cert=public_key, + encrypt_cert=public_key, +) + + +async def afind_org(headers): + return org + + +async def afind_partner(headers): + return partner + + +async def afind_duplicate_message(message_id, message_recipient): + return True + + +async def afind_org_partner(as2_org, as2_partner): + return org, partner + + +@pytest.mark.asyncio +async def test_duplicate_message_async(): + """Test case where a duplicate message is sent to the partner using async callbacks""" + + # Build an As2 message to be transmitted to partner + partner.sign = True + partner.encrypt = True + partner.mdn_mode = as2.SYNCHRONOUS_MDN + out_message = as2.Message(org, partner) + out_message.build(test_data) + + async def afind_message(message_id, message_recipient): + return out_message + + # Parse the generated AS2 message as the partner + raw_out_message = out_message.headers_str + b"\r\n" + out_message.content + in_message = as2.Message() + _, _, mdn = await in_message.aparse( + raw_out_message, + find_org_cb=afind_org, + find_partner_cb=afind_partner, + find_message_cb=afind_duplicate_message, + ) + + out_mdn = as2.Mdn() + status, detailed_status = await out_mdn.aparse( + mdn.headers_str + b"\r\n" + mdn.content, + find_message_cb=afind_message, + ) + assert status == "processed/Warning" + assert detailed_status == "duplicate-document" + + +@pytest.mark.asyncio +async def test_async_partnership(): + """Test Async Partnership callback""" + + # Build an As2 message to be transmitted to partner + out_message = as2.Message(org, partner) + out_message.build(test_data) + raw_out_message = out_message.headers_str + b"\r\n" + out_message.content + + # Parse the generated AS2 message as the partner + in_message = as2.Message() + status, _, _ = await in_message.aparse( + raw_out_message, find_org_partner_cb=afind_org_partner + ) + + # Compare contents of the input and output messages + assert status == "processed" + + +@pytest.mark.asyncio +async def test_runtime_error(): + with pytest.raises(RuntimeError): + out_message = as2.Message(org, partner) + out_message.build(test_data) + raw_out_message = out_message.headers_str + b"\r\n" + out_message.content + + in_message = as2.Message() + status, _, _ = in_message.parse( + raw_out_message, find_org_partner_cb=afind_org_partner + ) + + with pytest.raises(RuntimeError): + partner.sign = True + partner.encrypt = True + partner.mdn_mode = as2.SYNCHRONOUS_MDN + out_message = as2.Message(org, partner) + out_message.build(test_data) + + # Parse the generated AS2 message as the partner + raw_out_message = out_message.headers_str + b"\r\n" + out_message.content + in_message = as2.Message() + _, _, mdn = await in_message.aparse( + raw_out_message, + find_org_cb=afind_org, + find_partner_cb=afind_partner, + find_message_cb=afind_duplicate_message, + ) + + out_mdn = as2.Mdn() + _, _ = out_mdn.parse( + mdn.headers_str + b"\r\n" + mdn.content, + find_message_cb=afind_duplicate_message, + ) diff --git a/pyas2lib/tests/test_basic.py b/pyas2lib/tests/test_basic.py index fed94b9..87f09cb 100644 --- a/pyas2lib/tests/test_basic.py +++ b/pyas2lib/tests/test_basic.py @@ -184,6 +184,30 @@ def test_encrypted_signed_compressed_message(self): self.assertEqual(out_message.mic, in_message.mic) self.assertEqual(self.test_data.splitlines(), in_message.content.splitlines()) + def test_encrypted_signed_message_partnership(self): + """Test Encrypted Signed Uncompressed Message with Partnership""" + + # Build an As2 message to be transmitted to partner + self.partner.sign = True + self.partner.encrypt = True + out_message = as2.Message(self.org, self.partner) + out_message.build(self.test_data) + raw_out_message = out_message.headers_str + b"\r\n" + out_message.content + + # Parse the generated AS2 message as the partner + in_message = as2.Message() + status, _, _ = in_message.parse( + raw_out_message, + find_org_partner_cb=self.find_org_partner, + ) + + # Compare the mic contents of the input and output messages + self.assertEqual(status, "processed") + self.assertTrue(in_message.signed) + self.assertTrue(in_message.encrypted) + self.assertEqual(out_message.mic, in_message.mic) + self.assertEqual(self.test_data.splitlines(), in_message.content.splitlines()) + def test_plain_message_with_domain(self): """Test Message building with an org domain""" @@ -229,3 +253,6 @@ def find_org(self, as2_id): def find_partner(self, as2_id): return self.partner + + def find_org_partner(self, as2_org, as2_partner): + return self.org, self.partner diff --git a/pyas2lib/tests/test_cms.py b/pyas2lib/tests/test_cms.py index 34655db..fa3f596 100644 --- a/pyas2lib/tests/test_cms.py +++ b/pyas2lib/tests/test_cms.py @@ -2,7 +2,9 @@ import os import pytest -from oscrypto import asymmetric +from oscrypto import asymmetric, symmetric, util + +from asn1crypto import algos, cms as crypto_cms, core from pyas2lib.as2 import Organization from pyas2lib import cms @@ -22,6 +24,68 @@ ).dump() +def encrypted_data_with_faulty_key_algo(): + with open(os.path.join(TEST_DIR, "cert_test_public.pem"), "rb") as fp: + encrypt_cert = asymmetric.load_certificate(fp.read()) + enc_alg_list = "rc4_128_cbc".split("_") + cipher, key_length, _ = enc_alg_list[0], enc_alg_list[1], enc_alg_list[2] + key = util.rand_bytes(int(key_length) // 8) + algorithm_id = "1.2.840.113549.3.4" + encrypted_content = symmetric.rc4_encrypt(key, b"data") + enc_alg_asn1 = algos.EncryptionAlgorithm( + { + "algorithm": algorithm_id, + } + ) + encrypted_key = asymmetric.rsa_oaep_encrypt(encrypt_cert, key) + return crypto_cms.ContentInfo( + { + "content_type": crypto_cms.ContentType("enveloped_data"), + "content": crypto_cms.EnvelopedData( + { + "version": crypto_cms.CMSVersion("v0"), + "recipient_infos": [ + crypto_cms.KeyTransRecipientInfo( + { + "version": crypto_cms.CMSVersion("v0"), + "rid": crypto_cms.RecipientIdentifier( + { + "issuer_and_serial_number": crypto_cms.IssuerAndSerialNumber( + { + "issuer": encrypt_cert.asn1[ + "tbs_certificate" + ]["issuer"], + "serial_number": encrypt_cert.asn1[ + "tbs_certificate" + ]["serial_number"], + } + ) + } + ), + "key_encryption_algorithm": crypto_cms.KeyEncryptionAlgorithm( + { + "algorithm": crypto_cms.KeyEncryptionAlgorithmId( + "aes128_wrap" + ) + } + ), + "encrypted_key": crypto_cms.OctetString(encrypted_key), + } + ) + ], + "encrypted_content_info": crypto_cms.EncryptedContentInfo( + { + "content_type": crypto_cms.ContentType("data"), + "content_encryption_algorithm": enc_alg_asn1, + "encrypted_content": encrypted_content, + } + ), + } + ), + } + ).dump() + + def test_compress(): """Test the compression and decompression functions.""" compressed_data = cms.compress_message(b"data") @@ -87,9 +151,22 @@ def test_encryption(): "aes_128_cbc", "aes_192_cbc", "aes_256_cbc", + "tripledes_192_cbc", + ] + + key_enc_algos = [ + "rsaes_oaep", + "rsaes_pkcs1v15", ] - for enc_algorithm in enc_algorithms: - encrypted_data = cms.encrypt_message(b"data", enc_algorithm, encrypt_cert) + + encryption_algos = [ + (alg, key_algo) for alg in enc_algorithms for key_algo in key_enc_algos + ] + + for enc_algorithm, encryption_scheme in encryption_algos: + encrypted_data = cms.encrypt_message( + b"data", enc_algorithm, encrypt_cert, encryption_scheme + ) _, decrypted_data = cms.decrypt_message(encrypted_data, decrypt_key) assert decrypted_data == b"data" @@ -101,3 +178,12 @@ def test_encryption(): encrypted_data = cms.encrypt_message(b"data", "des_64_cbc", encrypt_cert) with pytest.raises(AS2Exception): cms.decrypt_message(encrypted_data, decrypt_key) + + # Test faulty key encryption algorithm + with pytest.raises(AS2Exception): + cms.encrypt_message(b"data", "rc2_128_cbc", encrypt_cert, "des_64_cbc") + + # Test unsupported key encryption algorithm + encrypted_data = encrypted_data_with_faulty_key_algo() + with pytest.raises(AS2Exception): + cms.decrypt_message(encrypted_data, decrypt_key) diff --git a/setup.py b/setup.py index e4d55b8..37128a7 100644 --- a/setup.py +++ b/setup.py @@ -7,7 +7,8 @@ ] tests_require = [ - "pytest==6.2.5", + "pytest==7.4.4", + "pytest-asyncio==0.21.1", "toml==0.10.2", "pytest-cov==2.8.1", "coverage==5.0.4",