Fixing the end2end tests

karen-avetisyan-mc · karen-avetisyan-mc · commit cad0c97329e8 · 2024-02-21T17:16:21.000Z
diff --git a/client_encryption/constraints.txt b/client_encryption/constraints.txt
@@ -0,0 +1,69 @@
+# requirements.txt
+
+buyer-payment-agent-openapi-gen-v5 @ file:///Users/e142756/work/client-libs-end-to-end-tests-python/client_encryption_tests/services/clients/openapi_gen_v5/buyer_payment_agent
+buyer-payment-agent-openapi-gen-v6 @ file:///Users/e142756/work/client-libs-end-to-end-tests-python/client_encryption_tests/services/clients/openapi_gen_v6/buyer_payment_agent
+certifi==2023.5.7
+cffi==1.15.1
+charset-normalizer==2.0.12
+click==8.1.7
+client-encryption-python-service-test @ file:///Users/e142756/work/client-libs-end-to-end-tests-python
+colorama==0.4.6
+ConfigArgParse==1.7
+coverage==7.4.1
+cryptography==41.0.7
+Deprecated==1.2.5
+digital-enablement-openapi-gen-v5 @ file:///Users/e142756/work/client-libs-end-to-end-tests-python/client_encryption_tests/services/clients/openapi_gen_v5/digital_enablement
+digital-enablement-openapi-gen-v6 @ file:///Users/e142756/work/client-libs-end-to-end-tests-python/client_encryption_tests/services/clients/openapi_gen_v6/digital_enablement
+distlib==0.3.6
+filelock==3.12.2
+frozendict==2.3.10
+fsspec==2023.10.0
+huggingface-hub==0.17.3
+id-assist-openapi-gen-v5 @ file:///Users/e142756/work/client-libs-end-to-end-tests-python/client_encryption_tests/services/clients/openapi_gen_v5/id_assist
+id-assist-openapi-gen-v6 @ file:///Users/e142756/work/client-libs-end-to-end-tests-python/client_encryption_tests/services/clients/openapi_gen_v6/id_assist
+idna==3.4
+installments-fi-openapi-gen-v5 @ file:///Users/e142756/work/client-libs-end-to-end-tests-python/client_encryption_tests/services/clients/openapi_gen_v5/installments_fi
+installments-fi-openapi-gen-v6 @ file:///Users/e142756/work/client-libs-end-to-end-tests-python/client_encryption_tests/services/clients/openapi_gen_v6/installments_fi
+Jinja2==3.1.2
+joblib==1.3.2
+MarkupSafe==2.1.3
+-e git+https://github.com/Mastercard/client-encryption-python.git@515938505e376d3e458d468c054701b5e29d8cf0#egg=mastercard_client_encryption
+-e git+https://github.com/Mastercard/oauth1-signer-python.git@4177b42109b0884fd477c15789f02529eff0fd5e#egg=mastercard_oauth1_signer
+mpmath==1.3.0
+networkx==3.2.1
+nltk==3.8.1
+numpy==1.26.1
+packaging==23.2
+payment-account-management-openapi-gen-v5 @ file:///Users/e142756/work/client-libs-end-to-end-tests-python/client_encryption_tests/services/clients/openapi_gen_v5/payment_account_management
+Pillow==10.1.0
+pipenv==2023.6.12
+platformdirs==3.5.3
+pycparser==2.21
+pycryptodome==3.19.1
+pyLanguagetool==0.10.0
+pyOpenSSL==23.2.0
+pyspellchecker==0.7.2
+python-dateutil==2.7.5
+PyYAML==6.0
+regex==2023.10.3
+reportlab==4.0.7
+requests==2.27.1
+safetensors==0.4.0
+sentencepiece==0.1.99
+six==1.16.0
+supplier-payment-agent-openapi-gen-v5 @ file:///Users/e142756/work/client-libs-end-to-end-tests-python/client_encryption_tests/services/clients/openapi_gen_v5/supplier_payment_agent
+supplier-payment-agent-openapi-gen-v6 @ file:///Users/e142756/work/client-libs-end-to-end-tests-python/client_encryption_tests/services/clients/openapi_gen_v6/supplier_payment_agent
+sympy==1.12
+tabulate==0.9.0
+token-connect-openapi-gen-v5 @ file:///Users/e142756/work/client-libs-end-to-end-tests-python/client_encryption_tests/services/clients/openapi_gen_v5/token_connect
+token-connect-openapi-gen-v6 @ file:///Users/e142756/work/client-libs-end-to-end-tests-python/client_encryption_tests/services/clients/openapi_gen_v6/token_connect
+tokenizers==0.14.1
+torch==2.1.0
+tqdm==4.66.1
+transformers==4.35.0
+typing_extensions==4.3.0
+urllib3==1.26.18
+virtualenv==20.23.0
+virtualenv-clone==0.5.7
+wordninja==2.0.0
+wrapt==1.16.0
diff --git a/client_encryption/encoding_utils.py b/client_encryption/encoding_utils.py
@@ -7,9 +7,9 @@ def encode_bytes(_bytes, encoding):
     """Encode byte sequence to Hex or Base64."""
 
     if type(_bytes) is bytes:
-        if encoding == Encoding.HEX:
+        if encoding == ClientEncoding.HEX:
             encoded = _bytes.hex()
-        elif encoding == Encoding.BASE64:
+        elif encoding == ClientEncoding.BASE64:
             encoded = base64.b64encode(_bytes).decode('utf-8')
         else:
             raise EncodingError("Encode: Invalid encoding.")
@@ -32,9 +32,9 @@ def decode_value(value, encoding):
     """Decode Hex or Base64 string to byte sequence."""
 
     if type(value) is str:
-        if encoding == Encoding.HEX:
+        if encoding == ClientEncoding.HEX:
             decoded = bytes.fromhex(value)
-        elif encoding == Encoding.BASE64:
+        elif encoding == ClientEncoding.BASE64:
             decoded = base64.b64decode(value)
         else:
             raise EncodingError("Decode: Invalid encoding.")
@@ -44,6 +44,6 @@ def decode_value(value, encoding):
         raise ValueError("Decode: Invalid or missing input string.")
 
 
-class Encoding(Enum):
+class ClientEncoding(Enum):
     BASE64 = 'BASE64'
     HEX = 'HEX'
diff --git a/client_encryption/field_level_encryption_config.py b/client_encryption/field_level_encryption_config.py
@@ -2,7 +2,8 @@
 from Crypto.Hash import SHA256
 from client_encryption import encoding_utils
 from client_encryption.encryption_utils import load_encryption_certificate, load_decryption_key, validate_hash_algorithm
-from cryptography.hazmat.primitives.serialization import PublicFormat
+from cryptography.hazmat.primitives.serialization import PublicFormat, Encoding
+
 
 
 class FieldLevelEncryptionConfig(object):
@@ -26,7 +27,8 @@ def __init__(self, conf):
         if "encryptionCertificate" in json_config:
             x509_cert, cert_type = load_encryption_certificate(json_config["encryptionCertificate"])
             self._encryption_certificate = x509_cert
-            self._encryption_certificate_type = cert_type
+            #Fixed encoding is required, regardless of initial cerrtificate encoding to ensure correct calcualtion of fingerprint value
+            self._encryption_certificate_type = Encoding.DER 
             self._encryption_key_fingerprint = \
                 json_config.get("encryptionKeyFingerprint",self.__compute_fingerprint(x509_cert.public_key().public_bytes(cert_type, PublicFormat.SubjectPublicKeyInfo)))                  
             self._encryption_certificate_fingerprint = \
@@ -46,7 +48,7 @@ def __init__(self, conf):
 
         self._oaep_padding_digest_algorithm = validate_hash_algorithm(json_config["oaepPaddingDigestAlgorithm"])
 
-        data_enc = encoding_utils.Encoding(json_config["dataEncoding"].upper())
+        data_enc = encoding_utils.ClientEncoding(json_config["dataEncoding"].upper())
         self._data_encoding = data_enc
         self._iv_field_name = json_config["ivFieldName"]
         self._encrypted_key_field_name = json_config["encryptedKeyFieldName"]
diff --git a/client_encryption/jwe_encryption_config.py b/client_encryption/jwe_encryption_config.py
@@ -2,9 +2,10 @@
 
 from Crypto.Hash import SHA256
 
-from client_encryption.encoding_utils import Encoding
+from client_encryption.encoding_utils import ClientEncoding
 from client_encryption.encryption_utils import load_encryption_certificate, load_decryption_key
-from cryptography.hazmat.primitives.serialization import PublicFormat
+from cryptography.hazmat.primitives.serialization import PublicFormat, Encoding
+
 
 class JweEncryptionConfig(object):
     """Class implementing a full configuration for field level encryption."""
@@ -27,9 +28,10 @@ def __init__(self, conf):
         if "encryptionCertificate" in json_config:
             x509_cert, cert_type = load_encryption_certificate(json_config["encryptionCertificate"])
             self._encryption_certificate = x509_cert
-            self._encryption_certificate_type = cert_type
+            #Fixed encoding is required, regardless of initial cerrtificate encoding to ensure correct calcualtion of fingerprint value
+            self._encryption_certificate_type = Encoding.DER 
             self._encryption_key_fingerprint = \
-                json_config.get("encryptionKeyFingerprint",self.__compute_fingerprint(x509_cert.public_key().public_bytes(cert_type, PublicFormat.SubjectPublicKeyInfo)))                  
+                json_config.get("encryptionKeyFingerprint",self.__compute_fingerprint(x509_cert.public_key().public_bytes(Encoding.DER, PublicFormat.SubjectPublicKeyInfo)))                  
         else:
             self._encryption_certificate = None
             self._encryption_key_fingerprint = None
@@ -44,7 +46,7 @@ def __init__(self, conf):
         self._encrypted_value_field_name = json_config["encryptedValueFieldName"]
 
         # Fixed properties
-        self._data_encoding = Encoding.BASE64
+        self._data_encoding = ClientEncoding.BASE64
         self._oaep_padding_digest_algorithm = "SHA256"
 
     @property
diff --git a/tests/test_encoding_utils.py b/tests/test_encoding_utils.py
@@ -6,65 +6,65 @@
 class EncodingUtilsTest(unittest.TestCase):
 
     def test_hex_encode(self):
-        enc_one = to_test.encode_bytes(bytes(1), to_test.Encoding.HEX)
-        enc_string = to_test.encode_bytes(b"some data", to_test.Encoding.HEX)
-        enc_empty = to_test.encode_bytes(b"", to_test.Encoding.HEX)
+        enc_one = to_test.encode_bytes(bytes(1), to_test.ClientEncoding.HEX)
+        enc_string = to_test.encode_bytes(b"some data", to_test.ClientEncoding.HEX)
+        enc_empty = to_test.encode_bytes(b"", to_test.ClientEncoding.HEX)
 
         self.assertEqual("00", enc_one, "Encoded bytes not matching")
         self.assertEqual("736f6d652064617461", enc_string, "Encoded bytes not matching")
         self.assertEqual("", enc_empty, "Encoded bytes not matching")
 
     def test_hex_decode(self):
-        dec_one = to_test.decode_value("00", to_test.Encoding.HEX)
-        dec_string = to_test.decode_value("736f6d652064617461", to_test.Encoding.HEX)
-        dec_empty = to_test.decode_value("", to_test.Encoding.HEX)
+        dec_one = to_test.decode_value("00", to_test.ClientEncoding.HEX)
+        dec_string = to_test.decode_value("736f6d652064617461", to_test.ClientEncoding.HEX)
+        dec_empty = to_test.decode_value("", to_test.ClientEncoding.HEX)
 
         self.assertEqual(bytes(1), dec_one, "Decoded value not matching")
         self.assertEqual(b"some data", dec_string, "Decoded value not matching")
         self.assertEqual(b"", dec_empty, "Decoded value not matching")
 
     def test_hex_decode_not_valid_hex(self):
-        self.assertRaises(ValueError, to_test.decode_value, "736f6d65p064617461", to_test.Encoding.HEX)
+        self.assertRaises(ValueError, to_test.decode_value, "736f6d65p064617461", to_test.ClientEncoding.HEX)
 
     def test_base64_encode(self):
-        enc_one = to_test.encode_bytes(bytes(1), to_test.Encoding.BASE64)
-        enc_string = to_test.encode_bytes(b"some data", to_test.Encoding.BASE64)
-        enc_empty = to_test.encode_bytes(b"", to_test.Encoding.BASE64)
+        enc_one = to_test.encode_bytes(bytes(1), to_test.ClientEncoding.BASE64)
+        enc_string = to_test.encode_bytes(b"some data", to_test.ClientEncoding.BASE64)
+        enc_empty = to_test.encode_bytes(b"", to_test.ClientEncoding.BASE64)
 
         self.assertEqual("AA==", enc_one, "Encoded bytes not matching")
         self.assertEqual("c29tZSBkYXRh", enc_string, "Encoded bytes not matching")
         self.assertEqual("", enc_empty, "Encoded bytes not matching")
 
     def test_base64_decode(self):
-        dec_one = to_test.decode_value("AA==", to_test.Encoding.BASE64)
-        dec_string = to_test.decode_value("c29tZSBkYXRh", to_test.Encoding.BASE64)
-        dec_empty = to_test.decode_value("", to_test.Encoding.BASE64)
+        dec_one = to_test.decode_value("AA==", to_test.ClientEncoding.BASE64)
+        dec_string = to_test.decode_value("c29tZSBkYXRh", to_test.ClientEncoding.BASE64)
+        dec_empty = to_test.decode_value("", to_test.ClientEncoding.BASE64)
 
         self.assertEqual(bytes(1), dec_one, "Decoded value not matching")
         self.assertEqual(b"some data", dec_string, "Decoded value not matching")
         self.assertEqual(b"", dec_empty, "Decoded value not matching")
 
     def test_base64_decode_not_valid_base64(self):
-        self.assertRaises(ValueError, to_test.decode_value, "c29tZS?kYXRh", to_test.Encoding.BASE64)
+        self.assertRaises(ValueError, to_test.decode_value, "c29tZS?kYXRh", to_test.ClientEncoding.BASE64)
 
     def test_encode_no_value(self):
-        self.assertRaises(ValueError, to_test.encode_bytes, None, to_test.Encoding.HEX)
-        self.assertRaises(ValueError, to_test.encode_bytes, None, to_test.Encoding.BASE64)
+        self.assertRaises(ValueError, to_test.encode_bytes, None, to_test.ClientEncoding.HEX)
+        self.assertRaises(ValueError, to_test.encode_bytes, None, to_test.ClientEncoding.BASE64)
 
     def test_encode_not_a_byte_sequence(self):
-        self.assertRaises(ValueError, to_test.encode_bytes, "not a byte sequence", to_test.Encoding.HEX)
-        self.assertRaises(ValueError, to_test.encode_bytes, "not a byte sequence", to_test.Encoding.BASE64)
+        self.assertRaises(ValueError, to_test.encode_bytes, "not a byte sequence", to_test.ClientEncoding.HEX)
+        self.assertRaises(ValueError, to_test.encode_bytes, "not a byte sequence", to_test.ClientEncoding.BASE64)
 
     def test_encode_invalid_encoding(self):
         self.assertRaises(EncodingError, to_test.encode_bytes, b"whatever", "ABC")
 
     def test_decode_no_value(self):
-        self.assertRaises(ValueError, to_test.decode_value, None, to_test.Encoding.HEX)
-        self.assertRaises(ValueError, to_test.decode_value, None, to_test.Encoding.BASE64)
+        self.assertRaises(ValueError, to_test.decode_value, None, to_test.ClientEncoding.HEX)
+        self.assertRaises(ValueError, to_test.decode_value, None, to_test.ClientEncoding.BASE64)
 
     def test_decode_not_a_string(self):
-        self.assertRaises(ValueError, to_test.decode_value, b"736f6d652064617461", to_test.Encoding.HEX)
-        self.assertRaises(ValueError, to_test.decode_value, b"736f6d652064617461", to_test.Encoding.BASE64)
+        self.assertRaises(ValueError, to_test.decode_value, b"736f6d652064617461", to_test.ClientEncoding.HEX)
+        self.assertRaises(ValueError, to_test.decode_value, b"736f6d652064617461", to_test.ClientEncoding.BASE64)
 
     def test_decode_invalid_encoding(self):
         self.assertRaises(EncodingError, to_test.decode_value, "whatever", "ABC")
diff --git a/tests/test_field_level_encryption.py b/tests/test_field_level_encryption.py
@@ -3,7 +3,7 @@
 import json
 import base64
 from tests import get_mastercard_config_for_test
-from client_encryption.encoding_utils import Encoding
+from client_encryption.encoding_utils import ClientEncoding
 from client_encryption.encryption_exception import EncryptionError
 import client_encryption.field_level_encryption as to_test
 from client_encryption.field_level_encryption_config import FieldLevelEncryptionConfig
@@ -105,7 +105,7 @@ def test_encrypt_payload_base64_field_encoding(self):
         self.__assert_payload_encrypted(payload, encrypted_payload, self._config)
 
     def test_encrypt_payload_hex_field_encoding(self):
-        self._config._data_encoding = Encoding.HEX
+        self._config._data_encoding = ClientEncoding.HEX
 
         payload = {
                     "data": {
@@ -529,7 +529,7 @@ def test_encrypt_payload_when_session_key_params_is_None(self):
         self.assertEqual(6, len(encrypted_payload["encryptedData"].keys()))
 
     def test_decrypt_payload_base64_field_encoding(self):
-        self._config._data_encoding = Encoding.BASE64
+        self._config._data_encoding = ClientEncoding.BASE64
         self._config._encryption_certificate_fingerprint_field_name = "encryptionCertificateFingerprint"
         self._config._encryption_key_fingerprint_field_name = "encryptionKeyFingerprint"
         self._config._oaep_padding_digest_algorithm_field_name = "oaepHashingAlgorithm"
@@ -551,7 +551,7 @@ def test_decrypt_payload_base64_field_encoding(self):
         self.assertDictEqual({"data": {}}, payload)
 
     def test_decrypt_payload_hex_field_encoding(self):
-        self._config._data_encoding = Encoding.HEX
+        self._config._data_encoding = ClientEncoding.HEX
         self._config._encryption_certificate_fingerprint_field_name = "encryptionCertificateFingerprint"
         self._config._encryption_key_fingerprint_field_name = "encryptionKeyFingerprint"
         self._config._oaep_padding_digest_algorithm_field_name = "oaepHashingAlgorithm"
@@ -707,7 +707,7 @@ def test_decrypt_payload_fail_when_out_path_parent_does_not_exist(self):
 
     def test_decrypt_payload_when_out_path_same_as_in_path(self):
         self._config._paths["$"]._to_decrypt = {"data": "data"}
-        self._config._data_encoding = Encoding.HEX
+        self._config._data_encoding = ClientEncoding.HEX
 
         encrypted_payload = {
             "data": {
@@ -729,7 +729,7 @@ def test_decrypt_payload_when_out_path_same_as_in_path(self):
         self.assertNotIn("oaepHashingAlgo", payload["data"])
 
     def test_decrypt_payload_when_out_path_already_contains_data(self):
-        self._config._data_encoding = Encoding.HEX
+        self._config._data_encoding = ClientEncoding.HEX
 
         encrypted_payload = {
             "encryptedData": {
@@ -756,7 +756,7 @@ def test_decrypt_payload_when_out_path_already_contains_data(self):
         self.assertEqual("field3Value", payload["data"]["field3"])
 
     def test_decrypt_payload_when_out_path_already_contains_string_data(self):
-        self._config._data_encoding = Encoding.HEX
+        self._config._data_encoding = ClientEncoding.HEX
 
         encrypted_payload = {
             "encryptedData": {
@@ -778,7 +778,7 @@ def test_decrypt_payload_when_out_path_already_contains_string_data(self):
         self.assertEqual("field2Value", payload["data"]["field2"])
 
     def test_decrypt_payload_when_in_path_contains_additional_fields(self):
-        self._config._data_encoding = Encoding.HEX
+        self._config._data_encoding = ClientEncoding.HEX
 
         encrypted_payload = {
             "encryptedData": {
@@ -799,7 +799,7 @@ def test_decrypt_payload_when_in_path_contains_additional_fields(self):
 
     def test_decrypt_payload_with_multiple_decryption_paths(self):
         self._config._paths["$"]._to_decrypt = {"encryptedData1": "data1", "encryptedData2": "data2"}
-        self._config._data_encoding = Encoding.HEX
+        self._config._data_encoding = ClientEncoding.HEX
 
         encrypted_payload = {
             "encryptedData2": {
@@ -836,7 +836,7 @@ def test_decrypt_payload_when_oaep_padding_digest_algorithm_field_not_returned(s
 
     def test_decrypt_payload_when_root_as_in_path(self):
         self._config._paths["$"]._to_decrypt = {"$": "data"}
-        self._config._data_encoding = Encoding.HEX
+        self._config._data_encoding = ClientEncoding.HEX
 
         encrypted_payload = {
             "iv": "6fef040c8fe8ad9ec56b74efa194b5f7",
@@ -853,7 +853,7 @@ def test_decrypt_payload_when_root_as_in_path(self):
 
     def test_decrypt_payload_when_root_as_in_and_out_path(self):
         self._config._paths["$"]._to_decrypt = {"$": "$"}
-        self._config._data_encoding = Encoding.HEX
+        self._config._data_encoding = ClientEncoding.HEX
 
         encrypted_payload = {
             "iv": "6fef040c8fe8ad9ec56b74efa194b5f7",
@@ -870,7 +870,7 @@ def test_decrypt_payload_when_root_as_in_and_out_path(self):
 
     def test_DecryptPayload_ShouldOverwriteInputObject_WhenOutPathSameAsInPath_PrimitiveTypeData(self):
         self._config._paths["$"]._to_decrypt = {"data": "data"}
-        self._config._data_encoding = Encoding.HEX
+        self._config._data_encoding = ClientEncoding.HEX
 
         encrypted_payload = {
             "data": {
@@ -927,7 +927,7 @@ def test_decrypt_payload_when_certificate_and_key_fingerprint_field_name_not_set
         self.assertIn("encryptionKeyFingerprint", payload["encryptedData"])
 
     def test_decrypt_payload_when_session_key_params_is_provided(self):
-        self._config._data_encoding = Encoding.HEX
+        self._config._data_encoding = ClientEncoding.HEX
 
         encrypted_payload = {
             "encryptedData": {
@@ -946,7 +946,7 @@ def test_decrypt_payload_when_session_key_params_is_provided(self):
         self.assertDictEqual({"data": {}}, payload)
 
     def test_decrypt_payload_when_session_key_params_is_None(self):
-        self._config._data_encoding = Encoding.HEX
+        self._config._data_encoding = ClientEncoding.HEX
 
         encrypted_payload = {
             "encryptedData": {
diff --git a/tests/test_field_level_encryption_config.py b/tests/test_field_level_encryption_config.py
diff --git a/tests/test_jwe_encryption_config.py b/tests/test_jwe_encryption_config.py
