CipherFactoryTest.java example

Explorer
cassandra-master
- cassandra-trunk
/*
 *
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 *
 */
package org.apache.cassandra.security;

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;

import com.google.common.base.Charsets;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

import org.apache.cassandra.config.TransparentDataEncryptionOptions;

import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail;

public class CipherFactoryTest
{
    // http://www.gutenberg.org/files/4300/4300-h/4300-h.htm
    static final String ULYSSEUS = "Stately, plump Buck Mulligan came from the stairhead, bearing a bowl of lather on which a mirror and a razor lay crossed. " +
                                   "A yellow dressinggown, ungirdled, was sustained gently behind him on the mild morning air. He held the bowl aloft and intoned: " +
                                   "-Introibo ad altare Dei.";
    TransparentDataEncryptionOptions encryptionOptions;
    CipherFactory cipherFactory;
    SecureRandom secureRandom;

    @Before
    public void setup()
    {
        try
        {
            secureRandom = SecureRandom.getInstance("SHA1PRNG");
            assertNotNull(secureRandom.getProvider());
        }
        catch (NoSuchAlgorithmException e)
        {
            fail("NoSuchAlgorithmException: SHA1PRNG not found.");
        }
        long seed = new java.util.Random().nextLong();
        System.out.println("Seed: " + seed);
        secureRandom.setSeed(seed);
        encryptionOptions = EncryptionContextGenerator.createEncryptionOptions();
        cipherFactory = new CipherFactory(encryptionOptions);
    }

    @Test
    public void roundTrip() throws IOException, BadPaddingException, IllegalBlockSizeException
    {
        Cipher encryptor = cipherFactory.getEncryptor(encryptionOptions.cipher, encryptionOptions.key_alias);
        byte[] original = ULYSSEUS.getBytes(Charsets.UTF_8);
        byte[] encrypted = encryptor.doFinal(original);

        Cipher decryptor = cipherFactory.getDecryptor(encryptionOptions.cipher, encryptionOptions.key_alias, encryptor.getIV());
        byte[] decrypted = decryptor.doFinal(encrypted);
        Assert.assertEquals(ULYSSEUS, new String(decrypted, Charsets.UTF_8));
    }

    private byte[] nextIV()
    {
        byte[] b = new byte[16];
        secureRandom.nextBytes(b);
        return b;
    }

    @Test
    public void buildCipher_SameParams() throws Exception
    {
        byte[] iv = nextIV();
        Cipher c1 = cipherFactory.buildCipher(encryptionOptions.cipher, encryptionOptions.key_alias, iv, Cipher.ENCRYPT_MODE);
        Cipher c2 = cipherFactory.buildCipher(encryptionOptions.cipher, encryptionOptions.key_alias, iv, Cipher.ENCRYPT_MODE);
        Assert.assertTrue(c1 == c2);
    }

    @Test
    public void buildCipher_DifferentModes() throws Exception
    {
        byte[] iv = nextIV();
        Cipher c1 = cipherFactory.buildCipher(encryptionOptions.cipher, encryptionOptions.key_alias, iv, Cipher.ENCRYPT_MODE);
        Cipher c2 = cipherFactory.buildCipher(encryptionOptions.cipher, encryptionOptions.key_alias, iv, Cipher.DECRYPT_MODE);
        Assert.assertFalse(c1 == c2);
    }

    @Test
    public void buildCipher_DifferentIVs() throws Exception
    {
        Cipher c1 = cipherFactory.buildCipher(encryptionOptions.cipher, encryptionOptions.key_alias, nextIV(), Cipher.ENCRYPT_MODE);
        Cipher c2 = cipherFactory.buildCipher(encryptionOptions.cipher, encryptionOptions.key_alias, nextIV(), Cipher.DECRYPT_MODE);
        Assert.assertFalse(c1 == c2);
    }

    @Test
    public void buildCipher_DifferentAliases() throws Exception
    {
        Cipher c1 = cipherFactory.buildCipher(encryptionOptions.cipher, encryptionOptions.key_alias, nextIV(), Cipher.ENCRYPT_MODE);
        Cipher c2 = cipherFactory.buildCipher(encryptionOptions.cipher, EncryptionContextGenerator.KEY_ALIAS_2, nextIV(), Cipher.DECRYPT_MODE);
        Assert.assertFalse(c1 == c2);
    }

    @Test(expected = AssertionError.class)
    public void getDecryptor_NullIv() throws IOException
    {
        cipherFactory.getDecryptor(encryptionOptions.cipher, encryptionOptions.key_alias, null);
    }

    @Test(expected = AssertionError.class)
    public void getDecryptor_EmptyIv() throws IOException
    {
        cipherFactory.getDecryptor(encryptionOptions.cipher, encryptionOptions.key_alias, new byte[0]);
    }
}