# GPMS Functional Testing

## Imports and Functions

In [1]:
import requests
import json

from Cryptodome.Cipher import AES
from Crypto.Signature import pkcs1_15 as PKC
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA256


In [2]:
AES_BLOCK_SIZE = 16

def PKCS7_pad(data):
    padsize = AES_BLOCK_SIZE - len(data) % AES_BLOCK_SIZE
    return data + bytes([padsize]) * padsize

def PKCS7_unpad(data):
    offset = data[-1]
    return data[:-offset]

In [3]:
def encrypt_aes(text: str, key: str) -> str:
    iv = '0' * AES.block_size * 2
    iv = bytes.fromhex(iv)

    text = text.encode()
    key = key.encode()

    cipher = AES.new(key, AES.MODE_CBC, iv)
    ciphertext = cipher.encrypt(PKCS7_pad(text))
    ciphertext = ciphertext.hex()
    return ciphertext

def decrypt_aes(text: str, key: str) -> str:
    iv = '0' * AES.block_size * 2
    iv = bytes.fromhex(iv)

    ciphertext = bytes.fromhex(text)
    key = key.encode()
    
    cipher = AES.new(key, AES.MODE_CBC, iv)
    text = cipher.decrypt(ciphertext)

    text = PKCS7_unpad(text).decode()

    return text

def verify(signature: str, message: str):
    f = open('../privkey.pem', 'rb')
    key = RSA.importKey(f.read())
    f.close()

    signature = bytes.fromhex(signature)
    hash_ = SHA256.new(message.encode())
    PKC.new(key).verify(hash_, signature)

In [4]:
def encrypt_payload(header: dict, body: dict, api_key: str, shared_secret: str):
    encrytped_body = encrypt_aes(json.dumps(body), api_key)
    payload = {
        "header": json.dumps(header),
        "body": encrytped_body
    }
    encrytped_payload = encrypt_aes(json.dumps(payload), shared_secret)
    return encrytped_payload

def decrypt_payload(r: requests.Response, api_key: str, shared_secret: str, signature: str):
    if r.status_code in (200, 201):
        response = decrypt_aes((r.content).decode(), api_key)
    else:
        response = decrypt_aes((r.content).decode(), shared_secret)
    
    response_json = json.loads(response)
    print(json.dumps(response_json, indent=4))

    response_header = json.loads(response_json['header']) 
    verify(response_header['signature'], signature)

    response_body = json.loads(response_json['body']) 
    return response_body

## Inject Environment Variables

In [5]:
from dotenv import load_dotenv
from pathlib import Path
import os

dotenv_path = Path('../app.env')
load_dotenv(dotenv_path=dotenv_path)

SIGNATURE_MSG = os.getenv('SIGNATURE_MSG')
SHARED_SECRET = os.getenv('SHARED_SECRET')
TEST_API_KEY = os.getenv('TEST_API_KEY')
TEST_SIGNATURE = os.getenv('TEST_SIGNATURE')

## A Simple Test

In [None]:
text = 'The rooster crows at midnight!'
ciphertext = encrypt_aes(text, SHARED_SECRET)
result = decrypt_aes(ciphertext, SHARED_SECRET)
print(result)

In [None]:
verify(TEST_SIGNATURE, SIGNATURE_MSG)

## Functional Testing

### Health Check

In [10]:
url = "http://127.0.0.1:8000/v1/health"
r = requests.post(url)
print(f"status code: {r.status_code}")
print(r.content)

status code: 200
b''


### Password Generation

In [6]:
# happy flow

url = "http://127.0.0.1:8000/v1/password/generate"
header = {
    "clientId": 10000
}
body = {
    "clientId":10000,
    "entryId": 10001,
    "userInput":"google",
    "token": "xk034#9ucpx@k03-2in9xb2"
}

encrytped_payload = encrypt_payload(header, body, TEST_API_KEY, SHARED_SECRET)
r = requests.post(url, json=encrytped_payload)
print(f"status code: {r.status_code}")

response_body = decrypt_payload(r, TEST_API_KEY, SHARED_SECRET, SIGNATURE_MSG)

status code: 200
{
    "header": "{\"signature\":\"4cb5272d707d2e455a13492c011b62b821342a92320febf3383fd6b13d72b841af7360f80a02aa3cd4dbfea4f6ea774f8a3f870c06fd009a05190350b9d3b67cb562443f4278271707ba9ccdf7b83d84f3d516fb54c25515c411d333ea40c82f0c69d31c36576cc67dcbe555fb24bee8e68d5f6d1dbabc2efe4a8eaf1ea06356490dc9d3a2f69779aa5aa6194789aa788111218ac148e89de984471e1281ae4a3edb85a73293489d1b750ae103dd3a9ec9672cbfdcac92a7bcc332289f71d7ab9cf8d392449d022fa281e418ea90a461d26dcbf09a5a799b7f8732fae32880896b0cde7c986b628472a019952962406cfe9a3cb0f836b54a8baa6be7ad9e873e\"}",
    "body": "{\"password\":\"cEV9C8f)8X\\u003cb*{3\"}"
}


In [None]:
# wrong field type

url = "http://127.0.0.1:8000/v1/password/generate"
header = {
    "clientId": 10000
}
body = {
    "clientId": 10000,
    "entryId": "10001", # wrong type
    "userInput":"google",
    "token": "xk034#9ucpx@k03-2in9xb2"
}

encrytped_payload = encrypt_payload(header, body, TEST_API_KEY, SHARED_SECRET)
r = requests.post(url, json=encrytped_payload)
print(f"status code: {r.status_code}")

response_body = decrypt_payload(r, TEST_API_KEY, SHARED_SECRET, SIGNATURE_MSG)

In [None]:
# missing fields in request

url = "http://127.0.0.1:8000/v1/password/generate"
header = {
    "clientId": 10000
}
body = {
    "clientId":10000,
    "entryId": 10001,
    "userInput":"google"
    # missing field
}

encrytped_payload = encrypt_payload(header, body, TEST_API_KEY, SHARED_SECRET)
r = requests.post(url, json=encrytped_payload)
print(f"status code: {r.status_code}")

response_body = decrypt_payload(r, TEST_API_KEY, SHARED_SECRET, SIGNATURE_MSG)

In [None]:
# password entry not found in database 

url = "http://127.0.0.1:8000/v1/password/generate"
header = {
    "clientId": 10000
}
body = {
    "clientId":10000,
    "entryId": 20000, # invalid entry id
    "userInput":"google",
    "token": "xk034#9ucpx@k03-2in9xb2"
}

encrytped_payload = encrypt_payload(header, body, TEST_API_KEY, SHARED_SECRET)
r = requests.post(url, json=encrytped_payload)
print(f"status code: {r.status_code}")

response_body = decrypt_payload(r, TEST_API_KEY, SHARED_SECRET, SIGNATURE_MSG)

In [None]:
# wrongly encrypted request

url = "http://127.0.0.1:8000/v1/password/generate"
header = {
    "clientId": 10000
}
body = {
    "clientId":10000,
    "entryId": 20000,
    "userInput":"google",
    "token": "xk034#9ucpx@k03-2in9xb2"
}

encrytped_payload = encrypt_payload(header, body, SHARED_SECRET, TEST_API_KEY)
r = requests.post(url, json=encrytped_payload)
print(f"status code: {r.status_code}")

response_body = decrypt_payload(r, TEST_API_KEY, SHARED_SECRET, SIGNATURE_MSG)

### Entry Creation

In [None]:
# happy flow

url = "http://127.0.0.1:8000/v1/entry/create"
header = {
    "clientId": 10000
}
body = {
    "clientId":10000,
    "entryReferenceId":"G0001",
    "passwordLength":15,
    "siteName":"Google",
    "siteType":"Website",
    "metadata":"www.google.com",
    "username":"abc"
}

encrytped_payload = encrypt_payload(header, body, TEST_API_KEY, SHARED_SECRET)
r = requests.post(url, json=encrytped_payload)
print(f"status code: {r.status_code}")

response_body = decrypt_payload(r, TEST_API_KEY, SHARED_SECRET, SIGNATURE_MSG)

In [None]:
# wrong field type

url = "http://127.0.0.1:8000/v1/entry/create"
header = {
    "clientId": 10000
}
body = {
    "clientId":10000,
    "entryReferenceId":"G0001",
    "passwordLength":"15",
    "siteName":"Google",
    "siteType":"Website",
    "metadata":"www.google.com",
    "username":"abc"
}

encrytped_payload = encrypt_payload(header, body, TEST_API_KEY, SHARED_SECRET)
r = requests.post(url, json=encrytped_payload)
print(f"status code: {r.status_code}")

response_body = decrypt_payload(r, TEST_API_KEY, SHARED_SECRET, SIGNATURE_MSG)

In [None]:
# missing fields

url = "http://127.0.0.1:8000/v1/entry/create"
header = {
    "clientId": 10000
}
body = {
    "clientId":10000,
    "passwordLength":15,
    "siteName":"Google",
    "siteType":"Website",
    "metadata":"www.google.com",
    "username":"abc"
}

encrytped_payload = encrypt_payload(header, body, TEST_API_KEY, SHARED_SECRET)
r = requests.post(url, json=encrytped_payload)
print(f"status code: {r.status_code}")

response_body = decrypt_payload(r, TEST_API_KEY, SHARED_SECRET, SIGNATURE_MSG)

In [None]:
# Less than minimum password length

url = "http://127.0.0.1:8000/v1/entry/create"
header = {
    "clientId": 10000
}
body = {
    "clientId":10000,
    "entryReferenceId":"G0001",
    "passwordLength":4,
    "siteName":"Google",
    "siteType":"Website",
    "metadata":"www.google.com",
    "username":"abc"
}

encrytped_payload = encrypt_payload(header, body, TEST_API_KEY, SHARED_SECRET)
r = requests.post(url, json=encrytped_payload)
print(f"status code: {r.status_code}")

response_body = decrypt_payload(r, TEST_API_KEY, SHARED_SECRET, SIGNATURE_MSG)

In [None]:
# client ID not found in database

url = "http://127.0.0.1:8000/v1/entry/create"
header = {
    "clientId": 10000
}
body = {
    "clientId":20000,
    "entryReferenceId":"G0001",
    "passwordLength":15,
    "siteName":"Google",
    "siteType":"Website",
    "metadata":"www.google.com",
    "username":"abc"
}

encrytped_payload = encrypt_payload(header, body, TEST_API_KEY, SHARED_SECRET)
r = requests.post(url, json=encrytped_payload)
print(f"status code: {r.status_code}")

response_body = decrypt_payload(r, TEST_API_KEY, SHARED_SECRET, SIGNATURE_MSG)

In [None]:
# wrongly encrypted request

url = "http://127.0.0.1:8000/v1/entry/create"
header = {
    "clientId": 10000
}
body = {
    "clientId":10000,
    "entryReferenceId":"G0001",
    "passwordLength":15,
    "siteName":"Google",
    "siteType":"Website",
    "metadata":"www.google.com",
    "username":"abc"
}

encrytped_payload = encrypt_payload(header, body, SHARED_SECRET, TEST_API_KEY)
r = requests.post(url, json=encrytped_payload)
print(f"status code: {r.status_code}")

response_body = decrypt_payload(r, TEST_API_KEY, SHARED_SECRET, SIGNATURE_MSG)