diff options
author | juerg <juerg@google.com> | 2023-07-19 04:41:56 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-07-19 04:42:59 -0700 |
commit | 65fd1823cd5ca6d5c5675a7bacb1bfeba0f01895 (patch) | |
tree | 6c4b410f046bee908988a9ae702ed580ec2caa1c /java_src/src/test/java | |
parent | 2430b7497cb14db0e861b90e48a197f8a8ff39b0 (diff) | |
download | tink-65fd1823cd5ca6d5c5675a7bacb1bfeba0f01895.tar.gz |
Remove usages of Registry.getKeyManager and Registry.getUntypedKeyManager in some tests.
Instead, to verify that the key manager is registered, try to create a key.
Also, remove the initialization test. It doesn't really add any additional value.
PiperOrigin-RevId: 549278449
Diffstat (limited to 'java_src/src/test/java')
8 files changed, 64 insertions, 244 deletions
diff --git a/java_src/src/test/java/com/google/crypto/tink/daead/BUILD.bazel b/java_src/src/test/java/com/google/crypto/tink/daead/BUILD.bazel index d21a5d825..b6b477f3e 100644 --- a/java_src/src/test/java/com/google/crypto/tink/daead/BUILD.bazel +++ b/java_src/src/test/java/com/google/crypto/tink/daead/BUILD.bazel @@ -29,10 +29,11 @@ java_test( srcs = ["DeterministicAeadConfigTest.java"], tags = ["fips"], deps = [ - "//src/main/java/com/google/crypto/tink:deterministic_aead", - "//src/main/java/com/google/crypto/tink:registry", + "//src/main/java/com/google/crypto/tink:registry_cluster", "//src/main/java/com/google/crypto/tink/config:tink_fips", "//src/main/java/com/google/crypto/tink/daead:deterministic_aead_config", + "//src/main/java/com/google/crypto/tink/daead:predefined_deterministic_aead_parameters", + "@maven//:com_google_truth_truth", "@maven//:junit_junit", ], ) diff --git a/java_src/src/test/java/com/google/crypto/tink/daead/DeterministicAeadConfigTest.java b/java_src/src/test/java/com/google/crypto/tink/daead/DeterministicAeadConfigTest.java index 6040c6fa3..9f62133ef 100644 --- a/java_src/src/test/java/com/google/crypto/tink/daead/DeterministicAeadConfigTest.java +++ b/java_src/src/test/java/com/google/crypto/tink/daead/DeterministicAeadConfigTest.java @@ -16,78 +16,39 @@ package com.google.crypto.tink.daead; -import static org.junit.Assert.assertNotNull; +import static com.google.common.truth.Truth.assertThat; import static org.junit.Assert.assertThrows; -import com.google.crypto.tink.DeterministicAead; -import com.google.crypto.tink.Registry; +import com.google.crypto.tink.KeysetHandle; import com.google.crypto.tink.config.TinkFips; import java.security.GeneralSecurityException; import org.junit.Assume; -import org.junit.FixMethodOrder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; -import org.junit.runners.MethodSorters; -/** - * Tests for DeterministicAeadConfig. Using FixedMethodOrder to ensure that aaaTestInitialization - * runs first, as it tests execution of a static block within DeterministicAeadConfig-class. - */ +/** Tests for DeterministicAeadConfig. */ @RunWith(JUnit4.class) -@FixMethodOrder(MethodSorters.NAME_ASCENDING) public class DeterministicAeadConfigTest { - // This test must run first. @Test - public void aaaTestInitialization() throws Exception { + public void notOnlyFips_shouldRegisterAllKeyTypes() throws Exception { Assume.assumeFalse(TinkFips.useOnlyFips()); - // Before registration, the key manager should be absent. - String typeUrl = "type.googleapis.com/google.crypto.tink.AesSivKey"; - assertThrows(GeneralSecurityException.class, () -> Registry.getUntypedKeyManager(typeUrl)); - - // Initialize the config. - DeterministicAeadConfig.register(); - - // After registration, the key manager should be present. - assertNotNull(Registry.getKeyManager(typeUrl, DeterministicAead.class)); - - // Running init() manually again should succeed. - DeterministicAeadConfig.register(); - } - - @Test - public void testNoFipsRegister() throws Exception { - Assume.assumeFalse(TinkFips.useOnlyFips()); - - // Register AEAD key manager DeterministicAeadConfig.register(); - // Check if all key types are registered when not using FIPS mode. - String[] keyTypeUrls = { - "type.googleapis.com/google.crypto.tink.AesSivKey", - }; - - for (String typeUrl : keyTypeUrls) { - assertNotNull(Registry.getKeyManager(typeUrl, DeterministicAead.class)); - } + assertThat(KeysetHandle.generateNew(PredefinedDeterministicAeadParameters.AES256_SIV)) + .isNotNull(); } @Test - public void testFipsRegisterNonFipsKeys() throws Exception { + public void onlyFips_shouldNotRegisterNonFipsKeyTypes() throws Exception { Assume.assumeTrue(TinkFips.useOnlyFips()); - // Register AEAD key manager DeterministicAeadConfig.register(); - // List of algorithms which are not part of FIPS and should not be registered. - String[] keyTypeUrls = { - "type.googleapis.com/google.crypto.tink.AesSivKey", - }; - - for (String typeUrl : keyTypeUrls) { - assertThrows(GeneralSecurityException.class, () -> Registry.getUntypedKeyManager(typeUrl)); - } + assertThrows( + GeneralSecurityException.class, + () -> KeysetHandle.generateNew(PredefinedDeterministicAeadParameters.AES256_SIV)); } } diff --git a/java_src/src/test/java/com/google/crypto/tink/hybrid/BUILD.bazel b/java_src/src/test/java/com/google/crypto/tink/hybrid/BUILD.bazel index a1356a9f5..b88aced42 100644 --- a/java_src/src/test/java/com/google/crypto/tink/hybrid/BUILD.bazel +++ b/java_src/src/test/java/com/google/crypto/tink/hybrid/BUILD.bazel @@ -6,8 +6,8 @@ java_test( srcs = ["HybridConfigTest.java"], tags = ["fips"], deps = [ - "//src/main/java/com/google/crypto/tink:hybrid_decrypt", - "//src/main/java/com/google/crypto/tink:registry", + "//src/main/java/com/google/crypto/tink:key_templates", + "//src/main/java/com/google/crypto/tink:registry_cluster", "//src/main/java/com/google/crypto/tink/config:tink_fips", "//src/main/java/com/google/crypto/tink/config/internal:tink_fips_util", "//src/main/java/com/google/crypto/tink/hybrid:hybrid_config", diff --git a/java_src/src/test/java/com/google/crypto/tink/hybrid/HybridConfigTest.java b/java_src/src/test/java/com/google/crypto/tink/hybrid/HybridConfigTest.java index 5e1615ee3..bb6032a8e 100644 --- a/java_src/src/test/java/com/google/crypto/tink/hybrid/HybridConfigTest.java +++ b/java_src/src/test/java/com/google/crypto/tink/hybrid/HybridConfigTest.java @@ -17,92 +17,50 @@ package com.google.crypto.tink.hybrid; import static com.google.common.truth.Truth.assertThat; -import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertThrows; -import com.google.crypto.tink.HybridDecrypt; -import com.google.crypto.tink.Registry; +import com.google.crypto.tink.KeyTemplates; +import com.google.crypto.tink.KeysetHandle; import com.google.crypto.tink.config.TinkFips; import com.google.crypto.tink.config.internal.TinkFipsUtil; import java.security.GeneralSecurityException; import org.junit.Assume; -import org.junit.FixMethodOrder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; -import org.junit.runners.MethodSorters; -/** - * Tests for HybridConfig. Using FixedMethodOrder to ensure that aaaTestInitialization runs first, - * as it tests execution of a static block within HybridConfig-class. - */ +/** Tests for HybridConfig. */ @RunWith(JUnit4.class) -@FixMethodOrder(MethodSorters.NAME_ASCENDING) public class HybridConfigTest { - // This test must run first. @Test - public void aaaTestInitialization() throws Exception { + public void notOnlyFips_shouldRegisterAllKeyTypes() throws Exception { Assume.assumeFalse(TinkFips.useOnlyFips()); - String eciesPrivateKeyUrl = "type.googleapis.com/google.crypto.tink.EciesAeadHkdfPrivateKey"; - GeneralSecurityException e = - assertThrows( - GeneralSecurityException.class, - () -> Registry.getUntypedKeyManager(eciesPrivateKeyUrl)); - assertThat(e.toString()).contains("No key manager found"); - - String hpkePrivateKeyUrl = "type.googleapis.com/google.crypto.tink.HpkePrivateKey"; - e = - assertThrows( - GeneralSecurityException.class, - () -> Registry.getUntypedKeyManager(hpkePrivateKeyUrl)); - assertThat(e.toString()).contains("No key manager found"); - - // Initialize the config. HybridConfig.register(); - assertNotNull(Registry.getKeyManager(eciesPrivateKeyUrl, HybridDecrypt.class)); - assertNotNull(Registry.getKeyManager(hpkePrivateKeyUrl, HybridDecrypt.class)); - - // Running init() manually again should succeed. - HybridConfig.register(); + assertThat(KeysetHandle.generateNew(KeyTemplates.get("ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM"))) + .isNotNull(); + assertThat( + KeysetHandle.generateNew( + KeyTemplates.get("DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM"))) + .isNotNull(); } @Test - public void testNoFipsRegister() throws Exception { - Assume.assumeFalse(TinkFips.useOnlyFips()); - - // Register Hybrid key manager - HybridConfig.register(); - - // Check if all key types are registered when not using FIPS mode. - String[] keyTypeUrls = { - "type.googleapis.com/google.crypto.tink.EciesAeadHkdfPrivateKey", - "type.googleapis.com/google.crypto.tink.HpkePrivateKey", - }; - - for (String typeUrl : keyTypeUrls) { - assertNotNull(Registry.getKeyManager(typeUrl, HybridDecrypt.class)); - } - } - - @Test - public void testFipsRegisterNonFipsKeys() throws Exception { + public void onlyFips_shouldNotRegisterNonFipsKeyTypes() throws Exception { Assume.assumeTrue(TinkFips.useOnlyFips()); Assume.assumeTrue(TinkFipsUtil.fipsModuleAvailable()); - // Register Hybrid key manager HybridConfig.register(); - // List of algorithms which are not part of FIPS and should not be registered. - String[] keyTypeUrls = { - "type.googleapis.com/google.crypto.tink.EciesAeadHkdfPrivateKey", - "type.googleapis.com/google.crypto.tink.HpkePrivateKey", - }; - - for (String typeUrl : keyTypeUrls) { - assertThrows(GeneralSecurityException.class, () -> Registry.getUntypedKeyManager(typeUrl)); - } + assertThrows( + GeneralSecurityException.class, + () -> KeysetHandle.generateNew(KeyTemplates.get("ECIES_P256_HKDF_HMAC_SHA256_AES128_GCM"))); + assertThrows( + GeneralSecurityException.class, + () -> + KeysetHandle.generateNew( + KeyTemplates.get("DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_128_GCM"))); } } diff --git a/java_src/src/test/java/com/google/crypto/tink/mac/BUILD.bazel b/java_src/src/test/java/com/google/crypto/tink/mac/BUILD.bazel index 8cbf9ffb9..1a46ce179 100644 --- a/java_src/src/test/java/com/google/crypto/tink/mac/BUILD.bazel +++ b/java_src/src/test/java/com/google/crypto/tink/mac/BUILD.bazel @@ -29,11 +29,11 @@ java_test( srcs = ["MacConfigTest.java"], tags = ["fips"], deps = [ - "//src/main/java/com/google/crypto/tink:mac", - "//src/main/java/com/google/crypto/tink:registry", + "//src/main/java/com/google/crypto/tink:registry_cluster", "//src/main/java/com/google/crypto/tink/config:tink_fips", "//src/main/java/com/google/crypto/tink/config/internal:tink_fips_util", "//src/main/java/com/google/crypto/tink/mac:mac_config", + "//src/main/java/com/google/crypto/tink/mac:predefined_mac_parameters", "@maven//:com_google_truth_truth", "@maven//:junit_junit", ], diff --git a/java_src/src/test/java/com/google/crypto/tink/mac/MacConfigTest.java b/java_src/src/test/java/com/google/crypto/tink/mac/MacConfigTest.java index 47f299119..b1ae0cf75 100644 --- a/java_src/src/test/java/com/google/crypto/tink/mac/MacConfigTest.java +++ b/java_src/src/test/java/com/google/crypto/tink/mac/MacConfigTest.java @@ -17,102 +17,50 @@ package com.google.crypto.tink.mac; import static com.google.common.truth.Truth.assertThat; -import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertThrows; -import com.google.crypto.tink.Mac; -import com.google.crypto.tink.Registry; +import com.google.crypto.tink.KeysetHandle; import com.google.crypto.tink.config.TinkFips; import com.google.crypto.tink.config.internal.TinkFipsUtil; import java.security.GeneralSecurityException; import org.junit.Assume; -import org.junit.FixMethodOrder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; -import org.junit.runners.MethodSorters; -/** - * Tests for MacConfig. Using FixedMethodOrder to ensure that aaaTestInitialization runs first, as - * it tests execution of a static block within MacConfig-class. - */ +/** Tests for MacConfig. */ @RunWith(JUnit4.class) -@FixMethodOrder(MethodSorters.NAME_ASCENDING) public class MacConfigTest { - // This test must run first. @Test - public void aaaTestInitialization() throws Exception { + public void notOnlyFips_shouldRegisterAllKeyTypes() throws Exception { Assume.assumeFalse(TinkFips.useOnlyFips()); - String typeUrl = "type.googleapis.com/google.crypto.tink.HmacKey"; - GeneralSecurityException e = - assertThrows(GeneralSecurityException.class, () -> Registry.getUntypedKeyManager(typeUrl)); - assertThat(e.toString()).contains("No key manager found"); - - // Initialize the config. MacConfig.register(); - // After registration the key manager should be present. - assertNotNull(Registry.getUntypedKeyManager(typeUrl)); - - // Running init() manually again should succeed. - MacConfig.register(); + assertThat(KeysetHandle.generateNew(PredefinedMacParameters.HMAC_SHA256_128BITTAG)).isNotNull(); + assertThat(KeysetHandle.generateNew(PredefinedMacParameters.AES_CMAC)).isNotNull(); } @Test - public void testNoFipsRegister() throws Exception { - Assume.assumeFalse(TinkFips.useOnlyFips()); - - // Register MAC key manager. - MacConfig.register(); - - // Check if all key types are registered when not using FIPS mode. - String[] keyTypeUrls = { - "type.googleapis.com/google.crypto.tink.HmacKey", - "type.googleapis.com/google.crypto.tink.AesCmacKey", - }; - - for (String typeUrl : keyTypeUrls) { - assertNotNull(Registry.getKeyManager(typeUrl, Mac.class)); - } - } - - @Test - public void testFipsRegisterFipsKeys() throws Exception { + public void onlyFips_shouldRegisterFipsKeyTypes() throws Exception { Assume.assumeTrue(TinkFips.useOnlyFips()); Assume.assumeTrue(TinkFipsUtil.fipsModuleAvailable()); - // Register MAC key manager. MacConfig.register(); - String[] keyTypeUrls = { - "type.googleapis.com/google.crypto.tink.HmacKey", - }; - - for (String typeUrl : keyTypeUrls) { - assertNotNull(Registry.getKeyManager(typeUrl, Mac.class)); - } + assertThat(KeysetHandle.generateNew(PredefinedMacParameters.HMAC_SHA256_128BITTAG)).isNotNull(); } @Test - public void testFipsRegisterNonFipsKeys() throws Exception { + public void onlyFips_shouldNotRegisterNonFipsKeyTypes() throws Exception { Assume.assumeTrue(TinkFips.useOnlyFips()); Assume.assumeTrue(TinkFipsUtil.fipsModuleAvailable()); - // Register MAC key manager. MacConfig.register(); - // List of algorithms which are not part of FIPS and should not be registered. - String[] keyTypeUrls = { - "type.googleapis.com/google.crypto.tink.AesCmacKey", - }; - - for (String typeUrl : keyTypeUrls) { - GeneralSecurityException e = - assertThrows( - GeneralSecurityException.class, () -> Registry.getUntypedKeyManager(typeUrl)); - assertThat(e.toString()).contains("No key manager found"); - } + assertThrows( + GeneralSecurityException.class, + () -> KeysetHandle.generateNew(PredefinedMacParameters.AES_CMAC)); } } diff --git a/java_src/src/test/java/com/google/crypto/tink/prf/BUILD.bazel b/java_src/src/test/java/com/google/crypto/tink/prf/BUILD.bazel index 9fd3afc37..368164add 100644 --- a/java_src/src/test/java/com/google/crypto/tink/prf/BUILD.bazel +++ b/java_src/src/test/java/com/google/crypto/tink/prf/BUILD.bazel @@ -126,11 +126,11 @@ java_test( name = "PrfConfigTest", srcs = ["PrfConfigTest.java"], deps = [ - "//src/main/java/com/google/crypto/tink:registry", + "//src/main/java/com/google/crypto/tink:registry_cluster", "//src/main/java/com/google/crypto/tink/config:tink_fips", "//src/main/java/com/google/crypto/tink/config/internal:tink_fips_util", + "//src/main/java/com/google/crypto/tink/prf:predefined_prf_parameters", "//src/main/java/com/google/crypto/tink/prf:prf_config", - "//src/main/java/com/google/crypto/tink/prf:prf_set", "@maven//:com_google_truth_truth", "@maven//:junit_junit", ], diff --git a/java_src/src/test/java/com/google/crypto/tink/prf/PrfConfigTest.java b/java_src/src/test/java/com/google/crypto/tink/prf/PrfConfigTest.java index 3284b6534..b61b4a3dd 100644 --- a/java_src/src/test/java/com/google/crypto/tink/prf/PrfConfigTest.java +++ b/java_src/src/test/java/com/google/crypto/tink/prf/PrfConfigTest.java @@ -17,101 +17,53 @@ package com.google.crypto.tink.prf; import static com.google.common.truth.Truth.assertThat; -import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertThrows; -import com.google.crypto.tink.Registry; +import com.google.crypto.tink.KeysetHandle; import com.google.crypto.tink.config.TinkFips; import com.google.crypto.tink.config.internal.TinkFipsUtil; import java.security.GeneralSecurityException; import org.junit.Assume; -import org.junit.FixMethodOrder; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; -import org.junit.runners.MethodSorters; -/** - * Tests for PrfConfig. Using FixedMethodOrder to ensure that aaaTestInitialization runs first, as - * it tests execution of a static block within AeadConfig-class. - */ +/** Tests for PrfConfig. */ @RunWith(JUnit4.class) -@FixMethodOrder(MethodSorters.NAME_ASCENDING) public class PrfConfigTest { - // This test must run first. - @Test - public void aaaTestInitialization() throws Exception { - Assume.assumeFalse(TinkFips.useOnlyFips()); - - // Before registration, the key manager should be absent. - String typeUrl = "type.googleapis.com/google.crypto.tink.HkdfPrfKey"; - assertThrows(GeneralSecurityException.class, () -> Registry.getUntypedKeyManager(typeUrl)); - - // Initialize the config. - PrfConfig.register(); - - // After registration, the key manager should be present. - assertNotNull(Registry.getKeyManager(typeUrl, Prf.class)); - - // Running init() manually again should succeed. - PrfConfig.register(); - } @Test - public void testNoFipsRegister() throws Exception { + public void notOnlyFips_shouldRegisterAllKeyTypes() throws Exception { Assume.assumeFalse(TinkFips.useOnlyFips()); - // Register Prf key manager PrfConfig.register(); - // Check if all key types are registered when not using FIPS mode. - String[] keyTypeUrls = { - "type.googleapis.com/google.crypto.tink.HmacPrfKey", - "type.googleapis.com/google.crypto.tink.HkdfPrfKey", - "type.googleapis.com/google.crypto.tink.AesCmacPrfKey", - }; - - for (String typeUrl : keyTypeUrls) { - assertNotNull(Registry.getKeyManager(typeUrl, Prf.class)); - } + assertThat(KeysetHandle.generateNew(PredefinedPrfParameters.HMAC_SHA256_PRF)).isNotNull(); + assertThat(KeysetHandle.generateNew(PredefinedPrfParameters.HKDF_SHA256)).isNotNull(); + assertThat(KeysetHandle.generateNew(PredefinedPrfParameters.AES_CMAC_PRF)).isNotNull(); } @Test - public void testFipsRegisterFipsKeys() throws Exception { + public void onlyFips_shouldRegisterFipsKeyTypes() throws Exception { Assume.assumeTrue(TinkFips.useOnlyFips()); Assume.assumeTrue(TinkFipsUtil.fipsModuleAvailable()); - // Register Prf key manager PrfConfig.register(); - String[] keyTypeUrls = { - "type.googleapis.com/google.crypto.tink.HmacPrfKey", - }; - - for (String typeUrl : keyTypeUrls) { - assertNotNull(Registry.getKeyManager(typeUrl, Prf.class)); - } + assertThat(KeysetHandle.generateNew(PredefinedPrfParameters.HMAC_SHA256_PRF)).isNotNull(); } @Test - public void testFipsRegisterNonFipsKeys() throws Exception { + public void onlyFips_shouldNotRegisterNonFipsKeyTypes() throws Exception { Assume.assumeTrue(TinkFips.useOnlyFips()); Assume.assumeTrue(TinkFipsUtil.fipsModuleAvailable()); - // Register Prf key manager PrfConfig.register(); - - // List of algorithms which are not part of FIPS and should not be registered. - String[] keyTypeUrls = { - "type.googleapis.com/google.crypto.tink.HkdfPrfKey", - "type.googleapis.com/google.crypto.tink.AesCmacPrfKey", - }; - - for (String typeUrl : keyTypeUrls) { - GeneralSecurityException e = - assertThrows( - GeneralSecurityException.class, () -> Registry.getUntypedKeyManager(typeUrl)); - assertThat(e.toString()).contains("No key manager found"); - } + assertThrows( + GeneralSecurityException.class, + () -> KeysetHandle.generateNew(PredefinedPrfParameters.HKDF_SHA256)); + assertThrows( + GeneralSecurityException.class, + () -> KeysetHandle.generateNew(PredefinedPrfParameters.AES_CMAC_PRF)); } } |