diff options
author | tholenst <tholenst@google.com> | 2023-06-15 03:08:20 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-06-15 03:09:41 -0700 |
commit | 1c82d444461c3af86716f8dc343b4003a62305ae (patch) | |
tree | fc518baa1c62f7236118c5861409a03c75662546 /tools | |
parent | 0973976286145211bb78340843bef1b5c03171e4 (diff) | |
download | tink-1c82d444461c3af86716f8dc343b4003a62305ae.tar.gz |
Extend the test coverage of Tinkey.
PiperOrigin-RevId: 540524742
Diffstat (limited to 'tools')
-rw-r--r-- | tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/BUILD.bazel | 23 | ||||
-rw-r--r-- | tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/ConvertKeysetCommandTest.java | 217 |
2 files changed, 240 insertions, 0 deletions
diff --git a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/BUILD.bazel b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/BUILD.bazel index 2e064a1de..a9bdd3925 100644 --- a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/BUILD.bazel +++ b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/BUILD.bazel @@ -95,6 +95,29 @@ java_test( ) java_test( + name = "ConvertKeysetCommandTest", + size = "small", + srcs = ["ConvertKeysetCommandTest.java"], + deps = [ + "@maven//:com_google_truth_truth", + "@maven//:junit_junit", + "@tink_java//src/main/java/com/google/crypto/tink:aead", + "@tink_java//src/main/java/com/google/crypto/tink:insecure_secret_key_access", + "@tink_java//src/main/java/com/google/crypto/tink:registry_cluster", + "@tink_java//src/main/java/com/google/crypto/tink:tink_json_proto_keyset_format", + "@tink_java//src/main/java/com/google/crypto/tink:tink_proto_keyset_format", + "@tink_java//src/main/java/com/google/crypto/tink/aead:aead_config", + "@tink_java//src/main/java/com/google/crypto/tink/aead:predefined_aead_parameters", + "@tink_java//src/main/java/com/google/crypto/tink/mac:mac_config", + "@tink_java//src/main/java/com/google/crypto/tink/mac:predefined_mac_parameters", + "//tinkey/src/main/java/com/google/crypto/tink/tinkey", + "//tinkey/src/main/java/com/google/crypto/tink/tinkey:kms_clients_factory", + "//tinkey/src/main/java/com/google/crypto/tink/tinkey:tinkey_test_kms_client", + ], +) + + +java_test( name = "TinkeyTestKmsClientTest", size = "small", srcs = ["TinkeyTestKmsClientTest.java"], diff --git a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/ConvertKeysetCommandTest.java b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/ConvertKeysetCommandTest.java new file mode 100644 index 000000000..c02608ceb --- /dev/null +++ b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/ConvertKeysetCommandTest.java @@ -0,0 +1,217 @@ +// Copyright 2023 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +package com.google.crypto.tink.tinkey; + +import static com.google.common.truth.Truth.assertThat; +import static java.nio.charset.StandardCharsets.UTF_8; +import static org.junit.Assert.assertTrue; + +import com.google.crypto.tink.Aead; +import com.google.crypto.tink.InsecureSecretKeyAccess; +import com.google.crypto.tink.KeysetHandle; +import com.google.crypto.tink.TinkJsonProtoKeysetFormat; +import com.google.crypto.tink.TinkProtoKeysetFormat; +import com.google.crypto.tink.aead.AeadConfig; +import com.google.crypto.tink.aead.PredefinedAeadParameters; +import com.google.crypto.tink.mac.MacConfig; +import com.google.crypto.tink.mac.PredefinedMacParameters; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.security.GeneralSecurityException; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.JUnit4; + +@RunWith(JUnit4.class) +public final class ConvertKeysetCommandTest { + private Path tempDirectory; + private Path credentialFile; + private KeysetHandle masterKeyAeadKeyset; + private Aead masterKeyAead; + private String masterKeyUri; + + @BeforeClass + public static void setUp() throws Exception { + AeadConfig.register(); + MacConfig.register(); + KmsClientsFactory.globalInstance().addFactory(TinkeyTestKmsClient::new); + } + + @Before + public void setUpEncryption() throws Exception { + tempDirectory = Files.createTempDirectory(/* prefix= */ ""); + credentialFile = Paths.get(tempDirectory.toString(), "credentials"); + TinkeyTestKmsClient.createCredentialFile(credentialFile); + + masterKeyAeadKeyset = KeysetHandle.generateNew(PredefinedAeadParameters.AES128_GCM); + masterKeyAead = masterKeyAeadKeyset.getPrimitive(Aead.class); + masterKeyUri = TinkeyTestKmsClient.createKeyUri(masterKeyAeadKeyset); + } + + private static KeysetHandle createArbitraryKeyset() throws GeneralSecurityException { + return KeysetHandle.newBuilder() + .addEntry( + KeysetHandle.generateEntryFromParameters(PredefinedMacParameters.HMAC_SHA256_128BITTAG) + .withRandomId() + .makePrimary()) + .addEntry( + KeysetHandle.generateEntryFromParameters(PredefinedMacParameters.HMAC_SHA256_128BITTAG) + .withRandomId()) + .build(); + } + + @Test + public void testConvertKeyset_json2Binary_works() throws Exception { + Path inputFile = Paths.get(tempDirectory.toString(), "input"); + Path outputFile = Paths.get(tempDirectory.toString(), "output"); + + KeysetHandle inputKeyset = createArbitraryKeyset(); + String serializedKeyset = + TinkJsonProtoKeysetFormat.serializeKeyset(inputKeyset, InsecureSecretKeyAccess.get()); + Files.write(inputFile, serializedKeyset.getBytes(UTF_8)); + + Tinkey.main( + new String[] { + "convert-keyset", + "--in", + inputFile.toString(), + "--out", + outputFile.toString(), + "--in-format", + "json", + "--out-format", + "binary", + }); + + KeysetHandle outputKeyset = + TinkProtoKeysetFormat.parseKeyset( + Files.readAllBytes(outputFile), InsecureSecretKeyAccess.get()); + + assertThat(outputKeyset.size()).isEqualTo(inputKeyset.size()); + for (int i = 0; i < inputKeyset.size(); i++) { + assertTrue(outputKeyset.getAt(i).getKey().equalsKey(inputKeyset.getAt(i).getKey())); + } + } + + @Test + public void testConvertKeyset_binary2Json_works() throws Exception { + Path inputFile = Paths.get(tempDirectory.toString(), "input"); + Path outputFile = Paths.get(tempDirectory.toString(), "output"); + + KeysetHandle inputKeyset = createArbitraryKeyset(); + byte[] serializedKeyset = + TinkProtoKeysetFormat.serializeKeyset(inputKeyset, InsecureSecretKeyAccess.get()); + Files.write(inputFile, serializedKeyset); + + Tinkey.main( + new String[] { + "convert-keyset", + "--in", + inputFile.toString(), + "--out", + outputFile.toString(), + "--in-format", + "binary", + "--out-format", + "json", + }); + + KeysetHandle outputKeyset = + TinkJsonProtoKeysetFormat.parseKeyset( + new String(Files.readAllBytes(outputFile), UTF_8), InsecureSecretKeyAccess.get()); + + assertThat(outputKeyset.size()).isEqualTo(inputKeyset.size()); + for (int i = 0; i < inputKeyset.size(); i++) { + assertTrue(outputKeyset.getAt(i).getKey().equalsKey(inputKeyset.getAt(i).getKey())); + } + } + + @Test + public void testConvertKeyset_json2encryptedBinary_works() throws Exception { + Path inputFile = Paths.get(tempDirectory.toString(), "input"); + Path outputFile = Paths.get(tempDirectory.toString(), "output"); + + KeysetHandle inputKeyset = createArbitraryKeyset(); + byte[] serializedKeyset = + TinkProtoKeysetFormat.serializeKeyset(inputKeyset, InsecureSecretKeyAccess.get()); + Files.write(inputFile, serializedKeyset); + Tinkey.main( + new String[] { + "convert-keyset", + "--in", + inputFile.toString(), + "--out", + outputFile.toString(), + "--in-format", + "binary", + "--out-format", + "json", + "--new-master-key-uri", + masterKeyUri, + "--new-credential", + credentialFile.toString(), + }); + + KeysetHandle outputKeyset = + TinkJsonProtoKeysetFormat.parseEncryptedKeyset( + new String(Files.readAllBytes(outputFile), UTF_8), masterKeyAead, new byte[] {}); + + assertThat(outputKeyset.size()).isEqualTo(inputKeyset.size()); + for (int i = 0; i < inputKeyset.size(); i++) { + assertTrue(outputKeyset.getAt(i).getKey().equalsKey(inputKeyset.getAt(i).getKey())); + } + } + + @Test + public void testConvertKeyset_encryptedBinary2Json_works() throws Exception { + Path inputFile = Paths.get(tempDirectory.toString(), "input"); + Path outputFile = Paths.get(tempDirectory.toString(), "output"); + + KeysetHandle inputKeyset = createArbitraryKeyset(); + byte[] serializedKeyset = + TinkProtoKeysetFormat.serializeEncryptedKeyset(inputKeyset, masterKeyAead, new byte[] {}); + Files.write(inputFile, serializedKeyset); + Tinkey.main( + new String[] { + "convert-keyset", + "--in", + inputFile.toString(), + "--out", + outputFile.toString(), + "--in-format", + "binary", + "--out-format", + "json", + "--master-key-uri", + masterKeyUri, + "--credential", + credentialFile.toString(), + }); + + KeysetHandle outputKeyset = + TinkJsonProtoKeysetFormat.parseKeyset( + new String(Files.readAllBytes(outputFile), UTF_8), InsecureSecretKeyAccess.get()); + + assertThat(outputKeyset.size()).isEqualTo(inputKeyset.size()); + for (int i = 0; i < inputKeyset.size(); i++) { + assertTrue(outputKeyset.getAt(i).getKey().equalsKey(inputKeyset.getAt(i).getKey())); + } + } +} |