ObjectSealerTest.java example

Explorer

chvote-1-0-master
- admin-offline
  - src
    - main
      - java
        ch
        ge
        ve
        offlineadmin
        OfflineAdminApp.java
        controller
        BallotDecryptionController.java
        ConsoleOutputControl.java
        InterruptibleProcessController.java
        KeyGenerationController.java
        KeyTestingController.java
        PasswordDialogController.java
        exception
        KeyGenerationRuntimeException.java
        KeyProvisioningRuntimeException.java
        MissingKeyFilesException.java
        ProcessInterruptedException.java
        services
        BallotCipherServiceFactory.java
        DecryptionBallotCiphersProvider.java
        DecryptionService.java
        EncryptionBallotCiphersProvider.java
        KeyGenerator.java
        util
        FileUtils.java
        LogLevel.java
        LogMessage.java
        ProgressTracker.java
        PropertyConfigurationServiceFactory.java
        SecurityConstants.java
    - test
      - java
        ch
        ge
        ve
        offlineadmin
        controller
        matchers
        AdditionalTableViewMatchers.java
        GlyphIconMatchers.java
        ProgressBarMatchers.java
- commons-base
  - commons-crypto
    - src
      - main
        java
        ch
        ge
        ve
        commons
        crypto
        ObjectSealer.java
        PropertyConfigurationProviderSecurityImpl.java
        SensitiveDataCryptoUtils.java
        SensitiveDataCryptoUtilsConfiguration.java
        SensitiveDataCryptoUtilsConfigurationDefaultImpl.java
        ballot
        AuthenticatedBallot.java
        BallotCipherService.java
        BallotCiphersProvider.java
        BallotCiphersProviderDefaultImpl.java
        EncryptedBallotAndWrappedKey.java
        exceptions
        AuthenticationTagMismatchException.java
        CryptoConfigurationRuntimeException.java
        CryptoOperationRuntimeException.java
        PrivateKeyPasswordMismatchException.java
        ProtocolNotRespectedException.java
        utils
        CertificateUtils.java
        CipherFactory.java
        HashUtils.java
        MacFactory.java
        MessageDigestFactory.java
        RandomValuesUtilities.java
        SaltUtils.java
        SecureRandomFactory.java
        streamutils
        SafeObjectReader.java
        SafeObjectSecurityRuntimeException.java
      - test
        java
        ch
        ge
        ve
        commons
        crypto
        ObjectSealerTest.java
        SensitiveDataCryptoUtilsST.java
        SensitiveDataCryptoUtilsTest.java
        TestSensitiveDataCryptoUtilsConfiguration.java
        ballot
        BallotCipherServiceTest.java
        matchers
        CodeFormatMatchers.java
        PatternMatcher.java
        utils
        RandomValuesUtilitiesTest.java
  - commons-file-utils
    - src
      - main
        java
        ch
        ge
        ve
        commons
        fileutils
        FileOperationRuntimeException.java
        OutputFilesPattern.java
        StreamHasher.java
  - commons-properties
    - src
      - main
        java
        ch
        ge
        ve
        commons
        properties
        PropertyConfigurationException.java
        PropertyConfigurationProvider.java
        PropertyConfigurationRuntimeException.java
        PropertyConfigurationService.java

package ch.ge.ve.commons.crypto;

/*-
 * #%L
 * Common crypto utilities
 * %%
 * Copyright (C) 2015 - 2016 République et Canton de Genève
 * %%
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 * #L%
 */

import ch.ge.ve.commons.crypto.exceptions.CryptoOperationRuntimeException;
import ch.ge.ve.commons.crypto.utils.CipherFactory;
import ch.ge.ve.commons.crypto.utils.SecureRandomFactory;
import ch.ge.ve.commons.properties.PropertyConfigurationException;
import ch.ge.ve.commons.properties.PropertyConfigurationService;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;

import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import java.io.IOException;
import java.security.*;

import static ch.ge.ve.commons.crypto.SensitiveDataCryptoUtilsConfigurationDefaultImpl.*;

/**
 * This test suit aims at covering the {@link ObjectSealer} utility class.
 */
public class ObjectSealerTest {
    private PropertyConfigurationService pcs = new PropertyConfigurationService();
    private String algo;

    private ObjectSealer objectSealer;
    private Cipher cipher;

    @BeforeClass
    public static void init() {
        Security.addProvider(new BouncyCastleProvider());
    }

    @Before
    public void setUp() throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException, PropertyConfigurationException {
        algo = pcs.getConfigValue(COMMON_CRYPTO_STORAGE_ALGORITHM);
        String blockMode = pcs.getConfigValue(COMMON_CRYPTO_STORAGE_BLOCKMODE);
        cipher = new CipherFactory(new PropertyConfigurationService()).getInstance(algo + blockMode);
        SecureRandom random = SecureRandomFactory.createPRNG();
        byte[] keyBytes = new byte[cipher.getBlockSize()];
        random.nextBytes(keyBytes);
        SecretKey key = new SecretKeySpec(keyBytes, algo);

        objectSealer = new ObjectSealer(cipher, key);
    }

    /**
     * seal() followed by unseal() should give the same object.
     */
    @Test
    public void sealUnsealShouldBeIdentity() throws InvalidKeyException, IOException, IllegalBlockSizeException, NoSuchAlgorithmException, ClassNotFoundException, PropertyConfigurationException {
        String someString = "Whichever string, it doesn't really matter...";
        byte[] sealedObject = objectSealer.sealObject(someString);

        Object o = objectSealer.unsealObject(sealedObject, pcs.getConfigValueAsLong(COMMON_CRYPTO_STREAM_MAX_BYTES));

        MatcherAssert.assertThat("Type shouldn't be lost when sealing", o, Matchers.instanceOf(String.class));
        MatcherAssert.assertThat("Unseal of sealed object should provide the original object", o, Matchers.is(someString));
    }

    /**
     * unseal() with a different key should raise an error.
     */
    @Test(expected = CryptoOperationRuntimeException.class)
    public void unsealWithAnotherKeyShouldFail() throws InvalidKeyException, IOException, IllegalBlockSizeException, NoSuchAlgorithmException, ClassNotFoundException, PropertyConfigurationException {
        String someString = "This is the secret we're trying to protect";
        byte[] sealedObject = objectSealer.sealObject(someString);

        SecureRandom random = SecureRandomFactory.createPRNG();
        byte[] otherKeyBytes = new byte[cipher.getBlockSize()];
        random.nextBytes(otherKeyBytes);
        SecretKey otherKey = new SecretKeySpec(otherKeyBytes, algo);

        ObjectSealer otherObjectSealer = new ObjectSealer(cipher, otherKey);
        otherObjectSealer.unsealObject(sealedObject, pcs.getConfigValueAsLong(COMMON_CRYPTO_STREAM_MAX_BYTES));
    }
}