mirror of
https://github.com/esphome/esphome.git
synced 2025-10-03 10:32:21 +01:00
52 lines
2.0 KiB
Python
52 lines
2.0 KiB
Python
"""Integration test for noise encryption key protection from YAML."""
|
|
|
|
from __future__ import annotations
|
|
|
|
import base64
|
|
|
|
from aioesphomeapi import InvalidEncryptionKeyAPIError
|
|
import pytest
|
|
|
|
from .types import APIClientConnectedFactory, RunCompiledFunction
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_noise_encryption_key_protection(
|
|
yaml_config: str,
|
|
run_compiled: RunCompiledFunction,
|
|
api_client_connected: APIClientConnectedFactory,
|
|
) -> None:
|
|
"""Test that noise encryption key set in YAML cannot be changed via API."""
|
|
# The key that's set in the YAML fixture
|
|
noise_psk = "zX9/JHxMKwpP0jUGsF0iESCm1wRvNgR6NkKVOhn7kSs="
|
|
|
|
# Keep ESPHome process running throughout all tests
|
|
async with run_compiled(yaml_config):
|
|
# First connection - test key change attempt
|
|
async with api_client_connected(noise_psk=noise_psk) as client:
|
|
# Verify connection is established
|
|
device_info = await client.device_info()
|
|
assert device_info is not None
|
|
|
|
# Try to set a new encryption key via API
|
|
new_key = base64.b64encode(
|
|
b"x" * 32
|
|
) # Valid 32-byte key in base64 as bytes
|
|
|
|
# This should fail since key was set in YAML
|
|
success = await client.noise_encryption_set_key(new_key)
|
|
assert success is False
|
|
|
|
# Reconnect with the original key to verify it still works
|
|
async with api_client_connected(noise_psk=noise_psk) as client:
|
|
# Verify connection is still successful with original key
|
|
device_info = await client.device_info()
|
|
assert device_info is not None
|
|
assert device_info.name == "noise-key-test"
|
|
|
|
# Verify that connecting with a wrong key fails
|
|
wrong_key = base64.b64encode(b"y" * 32).decode() # Different key
|
|
with pytest.raises(InvalidEncryptionKeyAPIError):
|
|
async with api_client_connected(noise_psk=wrong_key) as client:
|
|
await client.device_info()
|