Table Of Contents

Previous topic

7. Fake services for testing

Next topic

7.2. LDAPServer data injection

7.1. CredentialStore data injection

To inject a user defined CredentialStore database into the CredentialStore API when testing outside the SPS box.

Patch/overwrite the safeguard.sessions.plugin_impl.credential_store.credential_stores with your own dictionary.

Note that for x509 certificates, the fake credential_store does not decrypt password protected private keys.

The credential_stores is a dictionary where the key is the name of the local Credential Store policy to define. Inside a policy the data is keyed with user name first, then host name and then as value a list of passwords, private keys or X509 credentials. Passwords are encoded as a simple sequence of strings. Private keys and X509 credentials are encoded as maps where “type” indicates the kind of data present in the map.

See the examples bellow for more information.

7.1.1. Example usage

from safeguard.sessions.plugin.credential_store import CredentialStore as CredStore
from safeguard.sessions.plugin.plugin_configuration import PluginConfiguration as PluginConfig
from safeguard.sessions.plugin_impl.credential_store import credential_stores

# Data injection
credential_stores['local'] = {
    "user": {"host": [("password",)]},
    "user1": {"host1": [({"type": "ssh-rsa", "key": "theKey"},)]},
    "user2": {"host2": [({"type": "x509v3-sign-rsa", "key": "theKey", "cert": "theCert"},)],
}

# Test the injected data
pc = PluginConfig('''
[credential_store]
name=local
''')

cs = CredStore.from_config(pc)

assert cs.get_passwords('host', 'user') == ['password']

7.1.2. Example usage with pytest and monkeypatch

from safeguard.sessions.plugin.credential_store import CredentialStore as CredStore
from safeguard.sessions.plugin.plugin_configuration import PluginConfiguration as PluginConfig
from safeguard.sessions.plugin_impl.credential_store import credential_stores

def test_credential_store(monkeypatch):
    # Data injection
    testdb = {
        # This user has a password and a private key as well
        "user": {"host": [("password",), ({"type": "ssh-rsa", "key": "theKey"},)]},
    }
    monkeypatch.setitem(credential_stores, 'local', testdb)

    # Test the injected data
    pc = PluginConfig('''
    [credential_store]
    name=local
    ''')

    cs = CredStore.from_config(pc)

    assert cs.get_passwords('host', 'user') == ['password']