tests/test_policy_unit.py

87 lines · python

"""
test_policy_unit
================
 
Focused policy/container checks around successful-open counting.
"""
from __future__ import annotations
 
import sys
from pathlib import Path
 
ROOT = Path(__file__).resolve().parent.parent
sys.path.insert(0, str(ROOT))
 
from oversight_core import (
    ClassicIdentity,
    Manifest,
    Recipient,
    content_hash,
    open_sealed,
    seal,
)
from oversight_core.policy import PolicyContext, PolicyViolation, record_open
 
 
def test_wrong_recipient_does_not_consume_open_count(tmp_path):
    issuer = ClassicIdentity.generate()
    alice = ClassicIdentity.generate()
    bob = ClassicIdentity.generate()
    plaintext = b"hello policy"
    recipient = Recipient(
        recipient_id="alice",
        x25519_pub=alice.x25519_pub.hex(),
        ed25519_pub=alice.ed25519_pub.hex(),
    )
    manifest = Manifest.new(
        "test.txt",
        content_hash(plaintext),
        len(plaintext),
        "issuer",
        issuer.ed25519_pub.hex(),
        recipient,
        "http://localhost:8765",
        "text/plain",
    )
    manifest.policy["max_opens"] = 1
    blob = seal(plaintext, manifest, issuer.ed25519_priv, alice.x25519_pub)
 
    ctx = PolicyContext(state_dir=tmp_path, mode="LOCAL_ONLY")
    try:
        open_sealed(blob, bob.x25519_priv, policy_ctx=ctx)
    except Exception:
        pass
    else:
        raise AssertionError("wrong recipient unexpectedly decrypted file")
 
    recovered, _ = open_sealed(blob, alice.x25519_priv, policy_ctx=ctx)
    assert recovered == plaintext
 
 
def test_registry_modes_fail_closed():
    issuer = ClassicIdentity.generate()
    alice = ClassicIdentity.generate()
    plaintext = b"hello policy"
    recipient = Recipient(
        recipient_id="alice",
        x25519_pub=alice.x25519_pub.hex(),
        ed25519_pub=alice.ed25519_pub.hex(),
    )
    manifest = Manifest.new(
        "test.txt",
        content_hash(plaintext),
        len(plaintext),
        "issuer",
        issuer.ed25519_pub.hex(),
        recipient,
        "http://localhost:8765",
        "text/plain",
    )
    manifest.policy["max_opens"] = 1
    for mode in ("REGISTRY", "HYBRID"):
        try:
            record_open(manifest, PolicyContext(mode=mode, registry_url="https://registry.test"))
        except PolicyViolation as exc:
            assert "refusing to fall back" in str(exc)
        else:
            raise AssertionError(f"{mode} should fail closed until implemented")

1	"""
2	test_policy_unit
3	================
4
5	Focused policy/container checks around successful-open counting.
6	"""
7	from __future__ import annotations
8
9	import sys
10	from pathlib import Path
11
12	ROOT = Path(__file__).resolve().parent.parent
13	sys.path.insert(0, str(ROOT))
14
15	from oversight_core import (
16	ClassicIdentity,
17	Manifest,
18	Recipient,
19	content_hash,
20	open_sealed,
21	seal,
22	)
23	from oversight_core.policy import PolicyContext, PolicyViolation, record_open
24
25
26	def test_wrong_recipient_does_not_consume_open_count(tmp_path):
27	issuer = ClassicIdentity.generate()
28	alice = ClassicIdentity.generate()
29	bob = ClassicIdentity.generate()
30	plaintext = b"hello policy"
31	recipient = Recipient(
32	recipient_id="alice",
33	x25519_pub=alice.x25519_pub.hex(),
34	ed25519_pub=alice.ed25519_pub.hex(),
35	)
36	manifest = Manifest.new(
37	"test.txt",
38	content_hash(plaintext),
39	len(plaintext),
40	"issuer",
41	issuer.ed25519_pub.hex(),
42	recipient,
43	"http://localhost:8765",
44	"text/plain",
45	)
46	manifest.policy["max_opens"] = 1
47	blob = seal(plaintext, manifest, issuer.ed25519_priv, alice.x25519_pub)
48
49	ctx = PolicyContext(state_dir=tmp_path, mode="LOCAL_ONLY")
50	try:
51	open_sealed(blob, bob.x25519_priv, policy_ctx=ctx)
52	except Exception:
53	pass
54	else:
55	raise AssertionError("wrong recipient unexpectedly decrypted file")
56
57	recovered, _ = open_sealed(blob, alice.x25519_priv, policy_ctx=ctx)
58	assert recovered == plaintext
59
60
61	def test_registry_modes_fail_closed():
62	issuer = ClassicIdentity.generate()
63	alice = ClassicIdentity.generate()
64	plaintext = b"hello policy"
65	recipient = Recipient(
66	recipient_id="alice",
67	x25519_pub=alice.x25519_pub.hex(),
68	ed25519_pub=alice.ed25519_pub.hex(),
69	)
70	manifest = Manifest.new(
71	"test.txt",
72	content_hash(plaintext),
73	len(plaintext),
74	"issuer",
75	issuer.ed25519_pub.hex(),
76	recipient,
77	"http://localhost:8765",
78	"text/plain",
79	)
80	manifest.policy["max_opens"] = 1
81	for mode in ("REGISTRY", "HYBRID"):
82	try:
83	record_open(manifest, PolicyContext(mode=mode, registry_url="https://registry.test"))
84	except PolicyViolation as exc:
85	assert "refusing to fall back" in str(exc)
86	else:
87	raise AssertionError(f"{mode} should fail closed until implemented")