Add a trivial KeyHolder utility.

zopefoundation · Sep 4, 2008 · 17ba274 · 17ba274
1 parent 4421f48
commit 17ba274
Show file tree

Hide file tree

Showing 3 changed files with 87 additions and 0 deletions.
diff --git a/src/keas/kmi/keyholder.py b/src/keas/kmi/keyholder.py
@@ -0,0 +1,31 @@
+##############################################################################
+#
+# Copyright (c) 2008 Zope Foundation and Contributors.
+# All Rights Reserved.
+#
+# This software is subject to the provisions of the Zope Public License,
+# Version 2.1 (ZPL).  A copy of the ZPL should accompany this distribution.
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY AND ALL EXPRESS OR IMPLIED
+# WARRANTIES ARE DISCLAIMED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF TITLE, MERCHANTABILITY, AGAINST INFRINGEMENT, AND FITNESS
+# FOR A PARTICULAR PURPOSE.
+#
+##############################################################################
+"""
+$Id
+"""
+__docformat__ = "reStructuredText"
+
+from zope.interface import implements
+
+from keas.kmi.interfaces import IKeyHolder
+
+
+class KeyHolder(object):
+    """A key holder utility that loads the key from a file and keeps it in RAM."""
+
+    implements(IKeyHolder)
+
+    def __init__(self, filename):
+        self.key = file(filename, 'rb').read()
+
diff --git a/src/keas/kmi/keyholder.txt b/src/keas/kmi/keyholder.txt
@@ -0,0 +1,42 @@
+===================
+Database key holder
+===================
+
+If you want to have encrypted objects in the database, you need to store the
+key encrypting key somewhere.  A DatabaseKeyHolder stores it in the database
+alongside your encrypted objects.  This is convenient, and slightly secure:
+If someone steals your database, they won't be able to decrypt your data
+without gaining access to the Key Management Server.
+
+    >>> from keas.kmi.keyholder import DatabaseKeyHolder
+    >>> from keas.kmi.interfaces import IKeyHolder
+    >>> from zope.interface.verify import verifyObject
+    >>> holder = DatabaseKeyHolder()
+    >>> verifyObject(IKeyHolder, holder)
+    True
+
+Initially there is no key
+
+    >>> holder.key
+
+We can set it
+
+    >>> holder.key = 'xyzzy'
+    >>> holder.key
+    'xyzzy'
+
+It is actually stored in the database
+
+    >>> from keas.kmi.keyholder improt KEY
+    >>> from zope.component import getUtility
+    >>> from ZODB.interfaces import IDatabase
+    >>> getUtility(IDatabase).open().root()[KEY]
+    'xyzzy'
+
+You cannot change the key once it's set
+
+    >>> holder.key = 'wubawuba'
+    Traceback (most recent call last):
+      ...
+    ValueError: waaah
+
diff --git a/src/keas/kmi/tests.py b/src/keas/kmi/tests.py
@@ -20,9 +20,12 @@
 from zope.testing import doctest
 from zope.app.testing import setup
 from zope.component import provideUtility
+from zope.interface.verify import verifyObject
 
 from keas.kmi.testing import TestingKeyManagementFacility
+from keas.kmi.keyholder import KeyHolder
 from keas.kmi.interfaces import IKeyManagementFacility
+from keas.kmi.interfaces import IKeyHolder
 
 
 def setUpPersistent(test):
@@ -38,6 +41,16 @@ def tearDownPersistent(test):
     setup.tearDownTestAsModule(test)
 
 
+def doctest_KeyHolder():
+    """Smoke test for the KeyHolder class.
+
+        >>> holder = KeyHolder(__file__)
+        >>> verifyObject(IKeyHolder, holder)
+        True
+
+    """
+
+
 def test_suite():
     return unittest.TestSuite([
         doctest.DocFileSuite(
@@ -48,4 +61,5 @@ def test_suite():
             'persistent.txt',
             setUp=setUpPersistent, tearDown=tearDownPersistent,
             optionflags=doctest.NORMALIZE_WHITESPACE|doctest.ELLIPSIS),
+        doctest.DocTestSuite(),
     ])