diff options
author | tholenst <tholenst@google.com> | 2023-06-12 09:20:30 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-06-12 09:21:35 -0700 |
commit | 040be39f998f631212405e6b83b822d09cfd8192 (patch) | |
tree | d57ac1b9c68c91fcda356264b947cd2beb1bfa4f /tools | |
parent | 385c2102189e319392049b54ebae6532c4f34667 (diff) | |
download | tink-040be39f998f631212405e6b83b822d09cfd8192.tar.gz |
Migrate all Tinkey tests to use TinkeyTestKmsClient instead of a real client.
This makes the tests hermetic and suffices.
PiperOrigin-RevId: 539674470
Diffstat (limited to 'tools')
4 files changed, 99 insertions, 84 deletions
diff --git a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/BUILD.bazel b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/BUILD.bazel index d44998d59..63f3be7d3 100644 --- a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/BUILD.bazel +++ b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/BUILD.bazel @@ -5,14 +5,10 @@ java_test( size = "small", srcs = ["CreatePublicKeysetCommandTest.java"], data = ["//testdata/gcp:credentials"], - tags = [ - "manual", - "no_rbe", - "requires-network", - ], deps = [ "//tinkey/src/main/java/com/google/crypto/tink/tinkey", "//tinkey/src/main/java/com/google/crypto/tink/tinkey:kms_clients_factory", + "//tinkey/src/main/java/com/google/crypto/tink/tinkey:tinkey_test_kms_client", "//tinkey/src/main/java/com/google/crypto/tink/tinkey:tinkey_util", "@maven//:com_google_truth_truth", "@maven//:junit_junit", @@ -24,10 +20,12 @@ java_test( "@tink_java//src/main/java/com/google/crypto/tink:registry_cluster", "@tink_java//src/main/java/com/google/crypto/tink:tink_json_proto_keyset_format", "@tink_java//src/main/java/com/google/crypto/tink:tink_proto_keyset_format", + "@tink_java//src/main/java/com/google/crypto/tink/aead:aead_config", + "@tink_java//src/main/java/com/google/crypto/tink/aead:predefined_aead_parameters", "@tink_java//src/main/java/com/google/crypto/tink/hybrid:hybrid_config", + "@tink_java//src/main/java/com/google/crypto/tink/mac:mac_config", "@tink_java//src/main/java/com/google/crypto/tink/signature:ed25519_parameters", "@tink_java//src/main/java/com/google/crypto/tink/signature:signature_config", - "@tink_java//src/main/java/com/google/crypto/tink/testing:test_util", ], ) @@ -35,15 +33,10 @@ java_test( name = "CreateKeysetCommandTest", size = "small", srcs = ["CreateKeysetCommandTest.java"], - data = ["//testdata/gcp:credentials"], - tags = [ - "manual", - "no_rbe", - "requires-network", - ], deps = [ "//tinkey/src/main/java/com/google/crypto/tink/tinkey", "//tinkey/src/main/java/com/google/crypto/tink/tinkey:kms_clients_factory", + "//tinkey/src/main/java/com/google/crypto/tink/tinkey:tinkey_test_kms_client", "@maven//:com_google_truth_truth", "@maven//:junit_junit", "@tink_java//src/main/java/com/google/crypto/tink:aead", @@ -51,9 +44,10 @@ java_test( "@tink_java//src/main/java/com/google/crypto/tink:registry_cluster", "@tink_java//src/main/java/com/google/crypto/tink:tink_json_proto_keyset_format", "@tink_java//src/main/java/com/google/crypto/tink:tink_proto_keyset_format", + "@tink_java//src/main/java/com/google/crypto/tink/aead:aead_config", + "@tink_java//src/main/java/com/google/crypto/tink/aead:predefined_aead_parameters", "@tink_java//src/main/java/com/google/crypto/tink/mac:mac_config", "@tink_java//src/main/java/com/google/crypto/tink/mac:predefined_mac_parameters", - "@tink_java//src/main/java/com/google/crypto/tink/testing:test_util", ], ) @@ -61,9 +55,6 @@ java_test( name = "AddKeyCommandTest", size = "small", srcs = ["AddKeyCommandTest.java"], - runtime_deps = [ - "//tinkey/src/main/java/com/google/crypto/tink/tinkey:tinkey_test_kms_client", - ], deps = [ "//tinkey/src/main/java/com/google/crypto/tink/tinkey", "//tinkey/src/main/java/com/google/crypto/tink/tinkey:kms_clients_factory", @@ -86,15 +77,10 @@ java_test( name = "RotateKeysetCommandTest", size = "small", srcs = ["RotateKeysetCommandTest.java"], - data = ["//testdata/gcp:credentials"], - tags = [ - "manual", - "no_rbe", - "requires-network", - ], deps = [ "//tinkey/src/main/java/com/google/crypto/tink/tinkey", "//tinkey/src/main/java/com/google/crypto/tink/tinkey:kms_clients_factory", + "//tinkey/src/main/java/com/google/crypto/tink/tinkey:tinkey_test_kms_client", "@maven//:com_google_truth_truth", "@maven//:junit_junit", "@tink_java//src/main/java/com/google/crypto/tink:aead", @@ -102,9 +88,10 @@ java_test( "@tink_java//src/main/java/com/google/crypto/tink:registry_cluster", "@tink_java//src/main/java/com/google/crypto/tink:tink_json_proto_keyset_format", "@tink_java//src/main/java/com/google/crypto/tink:tink_proto_keyset_format", + "@tink_java//src/main/java/com/google/crypto/tink/aead:aead_config", + "@tink_java//src/main/java/com/google/crypto/tink/aead:predefined_aead_parameters", "@tink_java//src/main/java/com/google/crypto/tink/mac:mac_config", "@tink_java//src/main/java/com/google/crypto/tink/mac:predefined_mac_parameters", - "@tink_java//src/main/java/com/google/crypto/tink/testing:test_util", ], ) @@ -112,9 +99,6 @@ java_test( name = "TinkeyTestKmsClientTest", size = "small", srcs = ["TinkeyTestKmsClientTest.java"], - runtime_deps = [ - "//tinkey/src/main/java/com/google/crypto/tink/tinkey:tinkey_test_kms_client", - ], deps = [ "//tinkey/src/main/java/com/google/crypto/tink/tinkey:kms_clients_factory", "//tinkey/src/main/java/com/google/crypto/tink/tinkey:tinkey_test_kms_client", @@ -133,9 +117,9 @@ java_test( size = "small", srcs = ["KmsClientsFactoryTest.java"], deps = [ - "@maven//:com_google_truth_truth", - "@maven//:junit_junit", "//tinkey/src/main/java/com/google/crypto/tink/tinkey:kms_clients_factory", "//tinkey/src/main/java/com/google/crypto/tink/tinkey:tinkey_test_kms_client", + "@maven//:com_google_truth_truth", + "@maven//:junit_junit", ], ) diff --git a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/CreateKeysetCommandTest.java b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/CreateKeysetCommandTest.java index 9b83b8f5d..af9afb482 100644 --- a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/CreateKeysetCommandTest.java +++ b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/CreateKeysetCommandTest.java @@ -24,11 +24,14 @@ import com.google.crypto.tink.InsecureSecretKeyAccess; import com.google.crypto.tink.KeysetHandle; import com.google.crypto.tink.TinkJsonProtoKeysetFormat; import com.google.crypto.tink.TinkProtoKeysetFormat; +import com.google.crypto.tink.aead.AeadConfig; +import com.google.crypto.tink.aead.PredefinedAeadParameters; +import com.google.crypto.tink.mac.MacConfig; import com.google.crypto.tink.mac.PredefinedMacParameters; -import com.google.crypto.tink.testing.TestUtil; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; +import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; @@ -36,6 +39,13 @@ import org.junit.runners.JUnit4; /** Tests for {@code CreateKeysetCommand}. */ @RunWith(JUnit4.class) public class CreateKeysetCommandTest { + @BeforeClass + public static void setUp() throws Exception { + AeadConfig.register(); + MacConfig.register(); + KmsClientsFactory.globalInstance().addFactory(TinkeyTestKmsClient::new); + } + @Test public void testCreateCleartext_shouldCreateNewKeyset() throws Exception { Path path = Files.createTempDirectory(/* prefix= */ ""); @@ -98,25 +108,27 @@ public class CreateKeysetCommandTest { } @Test - public void testCreateCleartext_gcp_shouldCreateNewKeyset() throws Exception { + public void testCreateCleartext_withMasterKey_shouldCreateNewKeyset() throws Exception { Path path = Files.createTempDirectory(/* prefix= */ ""); Path outputFile = Paths.get(path.toString(), "keyset"); + Path credentialFile = Paths.get(path.toString(), "credentials"); + TinkeyTestKmsClient.createCredentialFile(credentialFile); + + KeysetHandle masterKeyAeadKeyset = + KeysetHandle.generateNew(PredefinedAeadParameters.AES128_GCM); + Aead masterKeyAead = masterKeyAeadKeyset.getPrimitive(Aead.class); + String masterKeyUri = TinkeyTestKmsClient.createKeyUri(masterKeyAeadKeyset); + String commandLine = String.format( "create-keyset --key-template HMAC_SHA256_128BITTAG --out-format binary " + "--master-key-uri %s " + "--credential %s " + "--out %s", - TestUtil.GCP_KMS_TEST_KEY_URI, TestUtil.SERVICE_ACCOUNT_FILE, outputFile.toString()); + masterKeyUri, credentialFile, outputFile.toString()); Tinkey.main(commandLine.split(" ")); - Aead masterKeyAead = - KmsClientsFactory.globalInstance() - .newClientFor(TestUtil.GCP_KMS_TEST_KEY_URI) - .withCredentials(TestUtil.SERVICE_ACCOUNT_FILE) - .getAead(TestUtil.GCP_KMS_TEST_KEY_URI); - KeysetHandle handle = TinkProtoKeysetFormat.parseEncryptedKeyset( Files.readAllBytes(outputFile), masterKeyAead, new byte[] {}); @@ -127,25 +139,28 @@ public class CreateKeysetCommandTest { } @Test - public void testCreateCleartext_gcp_jsonFormat_shouldCreateNewKeyset() throws Exception { + public void testCreateCleartext_withMasterKey_jsonFormat_shouldCreateNewKeyset() + throws Exception { Path path = Files.createTempDirectory(/* prefix= */ ""); Path outputFile = Paths.get(path.toString(), "keyset"); + Path credentialFile = Paths.get(path.toString(), "credentials"); + TinkeyTestKmsClient.createCredentialFile(credentialFile); + + KeysetHandle masterKeyAeadKeyset = + KeysetHandle.generateNew(PredefinedAeadParameters.AES128_GCM); + Aead masterKeyAead = masterKeyAeadKeyset.getPrimitive(Aead.class); + String masterKeyUri = TinkeyTestKmsClient.createKeyUri(masterKeyAeadKeyset); + String commandLine = String.format( "create-keyset --key-template HMAC_SHA256_128BITTAG --out-format json " + "--master-key-uri %s " + "--credential %s " + "--out %s", - TestUtil.GCP_KMS_TEST_KEY_URI, TestUtil.SERVICE_ACCOUNT_FILE, outputFile.toString()); + masterKeyUri, credentialFile, outputFile.toString()); Tinkey.main(commandLine.split(" ")); - Aead masterKeyAead = - KmsClientsFactory.globalInstance() - .newClientFor(TestUtil.GCP_KMS_TEST_KEY_URI) - .withCredentials(TestUtil.SERVICE_ACCOUNT_FILE) - .getAead(TestUtil.GCP_KMS_TEST_KEY_URI); - KeysetHandle handle = TinkJsonProtoKeysetFormat.parseEncryptedKeyset( new String(Files.readAllBytes(outputFile), UTF_8), masterKeyAead, new byte[] {}); diff --git a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/CreatePublicKeysetCommandTest.java b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/CreatePublicKeysetCommandTest.java index fb4d910e6..d589fb44b 100644 --- a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/CreatePublicKeysetCommandTest.java +++ b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/CreatePublicKeysetCommandTest.java @@ -27,10 +27,12 @@ import com.google.crypto.tink.KeysetHandle; import com.google.crypto.tink.PrivateKey; import com.google.crypto.tink.TinkJsonProtoKeysetFormat; import com.google.crypto.tink.TinkProtoKeysetFormat; +import com.google.crypto.tink.aead.AeadConfig; +import com.google.crypto.tink.aead.PredefinedAeadParameters; import com.google.crypto.tink.hybrid.HybridConfig; +import com.google.crypto.tink.mac.MacConfig; import com.google.crypto.tink.signature.Ed25519Parameters; import com.google.crypto.tink.signature.SignatureConfig; -import com.google.crypto.tink.testing.TestUtil; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; @@ -44,18 +46,14 @@ import org.junit.runners.JUnit4; */ @RunWith(JUnit4.class) public class CreatePublicKeysetCommandTest { - private enum KeyType { - HYBRID, - SIGNATURE, - }; - - private static final String OUTPUT_FORMAT = "json"; - private static final String INPUT_FORMAT = "json"; @BeforeClass public static void setUp() throws Exception { + AeadConfig.register(); + MacConfig.register(); HybridConfig.register(); SignatureConfig.register(); + KmsClientsFactory.globalInstance().addFactory(TinkeyTestKmsClient::new); } @Test @@ -124,15 +122,17 @@ public class CreatePublicKeysetCommandTest { Path path = Files.createTempDirectory(/* prefix= */ ""); Path privateKeyFile = Paths.get(path.toString(), "privateKeyFile"); Path publicKeyFile = Paths.get(path.toString(), "publicKeyFile"); + Path credentialFile = Paths.get(path.toString(), "credentials"); + TinkeyTestKmsClient.createCredentialFile(credentialFile); + + KeysetHandle masterKeyAeadKeyset = + KeysetHandle.generateNew(PredefinedAeadParameters.AES128_GCM); + Aead masterKeyAead = masterKeyAeadKeyset.getPrimitive(Aead.class); + String masterKeyUri = TinkeyTestKmsClient.createKeyUri(masterKeyAeadKeyset); KeysetHandle privateKeyset = KeysetHandle.generateNew(Ed25519Parameters.create(Ed25519Parameters.Variant.TINK)); - Aead masterKeyAead = - KmsClientsFactory.globalInstance() - .newClientFor(TestUtil.GCP_KMS_TEST_KEY_URI) - .withCredentials(TestUtil.SERVICE_ACCOUNT_FILE) - .getAead(TestUtil.GCP_KMS_TEST_KEY_URI); String serializedKeyset = TinkJsonProtoKeysetFormat.serializeEncryptedKeyset( privateKeyset, masterKeyAead, new byte[] {}); @@ -147,9 +147,9 @@ public class CreatePublicKeysetCommandTest { "--out", publicKeyFile.toString(), "--master-key-uri", - TestUtil.GCP_KMS_TEST_KEY_URI, + masterKeyUri, "--credential", - TestUtil.SERVICE_ACCOUNT_FILE + credentialFile.toString() }); KeysetHandle publicKeyset = @@ -165,15 +165,17 @@ public class CreatePublicKeysetCommandTest { Path path = Files.createTempDirectory(/* prefix= */ ""); Path privateKeyFile = Paths.get(path.toString(), "privateKeyFile"); Path publicKeyFile = Paths.get(path.toString(), "publicKeyFile"); + Path credentialFile = Paths.get(path.toString(), "credentials"); + TinkeyTestKmsClient.createCredentialFile(credentialFile); + + KeysetHandle masterKeyAeadKeyset = + KeysetHandle.generateNew(PredefinedAeadParameters.AES128_GCM); + Aead masterKeyAead = masterKeyAeadKeyset.getPrimitive(Aead.class); + String masterKeyUri = TinkeyTestKmsClient.createKeyUri(masterKeyAeadKeyset); KeysetHandle privateKeyset = KeysetHandle.generateNew(Ed25519Parameters.create(Ed25519Parameters.Variant.TINK)); - Aead masterKeyAead = - KmsClientsFactory.globalInstance() - .newClientFor(TestUtil.GCP_KMS_TEST_KEY_URI) - .withCredentials(TestUtil.SERVICE_ACCOUNT_FILE) - .getAead(TestUtil.GCP_KMS_TEST_KEY_URI); byte[] serializedKeyset = TinkProtoKeysetFormat.serializeEncryptedKeyset(privateKeyset, masterKeyAead, new byte[] {}); @@ -189,9 +191,9 @@ public class CreatePublicKeysetCommandTest { "--out", publicKeyFile.toString(), "--master-key-uri", - TestUtil.GCP_KMS_TEST_KEY_URI, + masterKeyUri, "--credential", - TestUtil.SERVICE_ACCOUNT_FILE + credentialFile.toString() }); KeysetHandle publicKeyset = diff --git a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/RotateKeysetCommandTest.java b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/RotateKeysetCommandTest.java index 8c5eaeebc..8185bb1a6 100644 --- a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/RotateKeysetCommandTest.java +++ b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/RotateKeysetCommandTest.java @@ -25,9 +25,10 @@ import com.google.crypto.tink.InsecureSecretKeyAccess; import com.google.crypto.tink.KeysetHandle; import com.google.crypto.tink.TinkJsonProtoKeysetFormat; import com.google.crypto.tink.TinkProtoKeysetFormat; +import com.google.crypto.tink.aead.AeadConfig; +import com.google.crypto.tink.aead.PredefinedAeadParameters; import com.google.crypto.tink.mac.MacConfig; import com.google.crypto.tink.mac.PredefinedMacParameters; -import com.google.crypto.tink.testing.TestUtil; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; @@ -41,7 +42,9 @@ import org.junit.runners.JUnit4; public class RotateKeysetCommandTest { @BeforeClass public static void setUp() throws Exception { + AeadConfig.register(); MacConfig.register(); + KmsClientsFactory.globalInstance().addFactory(TinkeyTestKmsClient::new); } @Test @@ -84,6 +87,8 @@ public class RotateKeysetCommandTest { Path path = Files.createTempDirectory(/* prefix= */ ""); Path inputFile = Paths.get(path.toString(), "input"); Path outputFile = Paths.get(path.toString(), "output"); + Path credentialFile = Paths.get(path.toString(), "credentials"); + TinkeyTestKmsClient.createCredentialFile(credentialFile); KeysetHandle inputKeyset = KeysetHandle.generateNew(PredefinedMacParameters.HMAC_SHA256_128BITTAG); @@ -123,12 +128,13 @@ public class RotateKeysetCommandTest { Path path = Files.createTempDirectory(/* prefix= */ ""); Path inputFile = Paths.get(path.toString(), "input"); Path outputFile = Paths.get(path.toString(), "output"); + Path credentialFile = Paths.get(path.toString(), "credentials"); + TinkeyTestKmsClient.createCredentialFile(credentialFile); - Aead masterKeyAead = - KmsClientsFactory.globalInstance() - .newClientFor(TestUtil.GCP_KMS_TEST_KEY_URI) - .withCredentials(TestUtil.SERVICE_ACCOUNT_FILE) - .getAead(TestUtil.GCP_KMS_TEST_KEY_URI); + KeysetHandle masterKeyAeadKeyset = + KeysetHandle.generateNew(PredefinedAeadParameters.AES128_GCM); + Aead masterKeyAead = masterKeyAeadKeyset.getPrimitive(Aead.class); + String masterKeyUri = TinkeyTestKmsClient.createKeyUri(masterKeyAeadKeyset); KeysetHandle inputKeyset = KeysetHandle.generateNew(PredefinedMacParameters.HMAC_SHA256_128BITTAG); @@ -150,9 +156,9 @@ public class RotateKeysetCommandTest { "--key-template", "HMAC_SHA256_256BITTAG", "--master-key-uri", - TestUtil.GCP_KMS_TEST_KEY_URI, + masterKeyUri, "--credential", - TestUtil.SERVICE_ACCOUNT_FILE + credentialFile.toString() }); KeysetHandle handle = @@ -172,12 +178,13 @@ public class RotateKeysetCommandTest { Path path = Files.createTempDirectory(/* prefix= */ ""); Path inputFile = Paths.get(path.toString(), "input"); Path outputFile = Paths.get(path.toString(), "output"); + Path credentialFile = Paths.get(path.toString(), "credentials"); + TinkeyTestKmsClient.createCredentialFile(credentialFile); - Aead masterKeyAead = - KmsClientsFactory.globalInstance() - .newClientFor(TestUtil.GCP_KMS_TEST_KEY_URI) - .withCredentials(TestUtil.SERVICE_ACCOUNT_FILE) - .getAead(TestUtil.GCP_KMS_TEST_KEY_URI); + KeysetHandle masterKeyAeadKeyset = + KeysetHandle.generateNew(PredefinedAeadParameters.AES128_GCM); + Aead masterKeyAead = masterKeyAeadKeyset.getPrimitive(Aead.class); + String masterKeyUri = TinkeyTestKmsClient.createKeyUri(masterKeyAeadKeyset); KeysetHandle inputKeyset = KeysetHandle.generateNew(PredefinedMacParameters.HMAC_SHA256_128BITTAG); @@ -200,9 +207,9 @@ public class RotateKeysetCommandTest { "--key-template", "HMAC_SHA256_256BITTAG", "--master-key-uri", - TestUtil.GCP_KMS_TEST_KEY_URI, + masterKeyUri, "--credential", - TestUtil.SERVICE_ACCOUNT_FILE + credentialFile.toString() }); KeysetHandle handle = @@ -222,6 +229,13 @@ public class RotateKeysetCommandTest { Path path = Files.createTempDirectory(/* prefix= */ ""); Path inputFile = Paths.get(path.toString(), "input"); Path outputFile = Paths.get(path.toString(), "output"); + Path credentialFile = Paths.get(path.toString(), "credentials"); + TinkeyTestKmsClient.createCredentialFile(credentialFile); + + KeysetHandle masterKeyAeadKeyset = + KeysetHandle.generateNew(PredefinedAeadParameters.AES128_GCM); + String masterKeyUri = TinkeyTestKmsClient.createKeyUri(masterKeyAeadKeyset); + Files.write(inputFile, new byte[] {}); assertThrows( @@ -241,9 +255,9 @@ public class RotateKeysetCommandTest { "--key-template", "HMAC_SHA256_256BITTAG", "--master-key-uri", - TestUtil.GCP_KMS_TEST_KEY_URI, + masterKeyUri, "--credential", - TestUtil.SERVICE_ACCOUNT_FILE + credentialFile.toString() })); } } |