diff options
author | tholenst <tholenst@google.com> | 2023-05-25 01:17:36 -0700 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2023-05-25 01:19:30 -0700 |
commit | 7d7773052f214efabd83d28b4e583bc90c24177b (patch) | |
tree | c6b117b449278338552a45c595f7ad1ad02fe014 /tools | |
parent | 824a6d69386bc8ebeef201a8df813daa3b27cbb1 (diff) | |
download | tink-7d7773052f214efabd83d28b4e583bc90c24177b.tar.gz |
Refactor the CreateKeysetCommand test.
PiperOrigin-RevId: 535154878
Diffstat (limited to 'tools')
-rw-r--r-- | tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/BUILD.bazel | 14 | ||||
-rw-r--r-- | tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/CreateKeysetCommandTest.java | 166 |
2 files changed, 121 insertions, 59 deletions
diff --git a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/BUILD.bazel b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/BUILD.bazel index a85a29517..956bd9d6c 100644 --- a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/BUILD.bazel +++ b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/BUILD.bazel @@ -43,15 +43,17 @@ java_test( "requires-network", ], deps = [ - "//tinkey/src/main/java/com/google/crypto/tink/tinkey:convert_keyset_command", - "//tinkey/src/main/java/com/google/crypto/tink/tinkey:create_keyset_command", - "//tinkey/src/main/java/com/google/crypto/tink/tinkey:tinkey_util", + "//tinkey/src/main/java/com/google/crypto/tink/tinkey:tinkey", "@maven//:com_google_truth_truth", "@maven//:junit_junit", - "@tink_java//proto:tink_java_proto", - "@tink_java//src/main/java/com/google/crypto/tink:key_template", - "@tink_java//src/main/java/com/google/crypto/tink:key_templates", + "@tink_java//src/main/java/com/google/crypto/tink:aead", + "@tink_java//src/main/java/com/google/crypto/tink:insecure_secret_key_access", + "@tink_java//src/main/java/com/google/crypto/tink:kms_clients", + "@tink_java//src/main/java/com/google/crypto/tink:registry_cluster", + "@tink_java//src/main/java/com/google/crypto/tink:tink_json_proto_keyset_format", + "@tink_java//src/main/java/com/google/crypto/tink:tink_proto_keyset_format", "@tink_java//src/main/java/com/google/crypto/tink/mac:mac_config", + "@tink_java//src/main/java/com/google/crypto/tink/mac:predefined_mac_parameters", "@tink_java//src/main/java/com/google/crypto/tink/testing:test_util", ], ) diff --git a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/CreateKeysetCommandTest.java b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/CreateKeysetCommandTest.java index 6cdea5689..30a15ee82 100644 --- a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/CreateKeysetCommandTest.java +++ b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/CreateKeysetCommandTest.java @@ -17,81 +17,141 @@ package com.google.crypto.tink.tinkey; import static com.google.common.truth.Truth.assertThat; +import static java.nio.charset.StandardCharsets.UTF_8; -import com.google.crypto.tink.KeyTemplate; -import com.google.crypto.tink.KeyTemplates; -import com.google.crypto.tink.mac.MacConfig; -import com.google.crypto.tink.proto.Keyset; +import com.google.crypto.tink.Aead; +import com.google.crypto.tink.InsecureSecretKeyAccess; +import com.google.crypto.tink.KeysetHandle; +import com.google.crypto.tink.KmsClients; +import com.google.crypto.tink.TinkJsonProtoKeysetFormat; +import com.google.crypto.tink.TinkProtoKeysetFormat; +import com.google.crypto.tink.mac.PredefinedMacParameters; import com.google.crypto.tink.testing.TestUtil; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import org.junit.BeforeClass; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.JUnit4; -/** - * Tests for {@code CreateKeysetCommand}. - */ +/** Tests for {@code CreateKeysetCommand}. */ @RunWith(JUnit4.class) public class CreateKeysetCommandTest { - private static KeyTemplate template; + @Test + public void testCreateCleartext_shouldCreateNewKeyset() throws Exception { + Path path = Files.createTempDirectory(/* prefix= */ ""); + Path outputFile = Paths.get(path.toString(), "keyset"); + + Tinkey.main( + new String[] { + "create-keyset", "--key-template", "HMAC_SHA256_128BITTAG", "--out", outputFile.toString() + }); - @BeforeClass - public static void setUp() throws Exception { - MacConfig.register(); - template = KeyTemplates.get("HMAC_SHA256_128BITTAG"); + KeysetHandle handle = + TinkJsonProtoKeysetFormat.parseKeyset( + new String(Files.readAllBytes(outputFile), UTF_8), InsecureSecretKeyAccess.get()); + + assertThat(handle.size()).isEqualTo(1); + assertThat(handle.getPrimary().getKey().getParameters()) + .isEqualTo(PredefinedMacParameters.HMAC_SHA256_128BITTAG); } @Test - public void testCreateCleartext_shouldCreateNewKeyset() throws Exception { - testCreateCleartext_shouldCreateNewKeyset("json"); - testCreateCleartext_shouldCreateNewKeyset("binary"); - } + public void testCreateCleartext_explicitJson_shouldCreateNewKeyset() throws Exception { + Path path = Files.createTempDirectory(/* prefix= */ ""); + Path outputFile = Paths.get(path.toString(), "keyset"); - private void testCreateCleartext_shouldCreateNewKeyset(String format) - throws Exception { - // Create a cleartext keyset. - String masterKeyUri = null; // This ensures that the keyset won't be encrypted. - String credentialPath = null; - ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); - CreateKeysetCommand.create(outputStream, format, masterKeyUri, credentialPath, template); - - Keyset keyset = TinkeyUtil.createKeysetReader( - new ByteArrayInputStream(outputStream.toByteArray()), format).read(); - assertThat(keyset.getKeyCount()).isEqualTo(1); - TestUtil.assertHmacKey(template, keyset.getKey(0)); + String commandLine = + String.format( + "create-keyset --key-template HMAC_SHA256_128BITTAG --out-format json --out %s", + outputFile.toString()); + + Tinkey.main(commandLine.split(" ")); + + KeysetHandle handle = + TinkJsonProtoKeysetFormat.parseKeyset( + new String(Files.readAllBytes(outputFile), UTF_8), InsecureSecretKeyAccess.get()); + + assertThat(handle.size()).isEqualTo(1); + assertThat(handle.getPrimary().getKey().getParameters()) + .isEqualTo(PredefinedMacParameters.HMAC_SHA256_128BITTAG); } @Test - public void testCreateEncrypted_shouldCreateNewKeyset() throws Exception { - testCreateEncrypted_shouldCreateNewKeyset("json"); - testCreateEncrypted_shouldCreateNewKeyset("binary"); + public void testCreateCleartext_binary_shouldCreateNewKeyset() throws Exception { + Path path = Files.createTempDirectory(/* prefix= */ ""); + Path outputFile = Paths.get(path.toString(), "keyset"); + + String commandLine = + String.format( + "create-keyset --key-template HMAC_SHA256_128BITTAG --out-format binary --out %s", + outputFile); + + Tinkey.main(commandLine.split(" ")); + + KeysetHandle handle = + TinkProtoKeysetFormat.parseKeyset( + Files.readAllBytes(outputFile), InsecureSecretKeyAccess.get()); + + assertThat(handle.size()).isEqualTo(1); + assertThat(handle.getPrimary().getKey().getParameters()) + .isEqualTo(PredefinedMacParameters.HMAC_SHA256_128BITTAG); } - private void testCreateEncrypted_shouldCreateNewKeyset( - String format) throws Exception { - // Create an encrypted keyset. - String masterKeyUri = TestUtil.GCP_KMS_TEST_KEY_URI; - String credentialPath = TestUtil.SERVICE_ACCOUNT_FILE; - ByteArrayOutputStream createOutputStream = new ByteArrayOutputStream(); - CreateKeysetCommand.create(createOutputStream, format, masterKeyUri, credentialPath, template); + @Test + public void testCreateCleartext_gcp_shouldCreateNewKeyset() throws Exception { + Path path = Files.createTempDirectory(/* prefix= */ ""); + Path outputFile = Paths.get(path.toString(), "keyset"); + String commandLine = + String.format( + "create-keyset --key-template HMAC_SHA256_128BITTAG --out-format binary " + + "--master-key-uri %s " + + "--credential %s " + + "--out %s", + TestUtil.GCP_KMS_TEST_KEY_URI, TestUtil.SERVICE_ACCOUNT_FILE, outputFile.toString()); + + Tinkey.main(commandLine.split(" ")); + + Aead masterKeyAead = + KmsClients.getAutoLoaded(TestUtil.GCP_KMS_TEST_KEY_URI) + .withCredentials(TestUtil.SERVICE_ACCOUNT_FILE) + .getAead(TestUtil.GCP_KMS_TEST_KEY_URI); - byte[] encryptedKeyset = createOutputStream.toByteArray(); + KeysetHandle handle = + TinkProtoKeysetFormat.parseEncryptedKeyset( + Files.readAllBytes(outputFile), masterKeyAead, new byte[] {}); - // Now, use the ConvertKeysetCommand command to convert the encrypted keyset into an - // unencrypted keyset. - ByteArrayOutputStream convertOutputStream = new ByteArrayOutputStream(); + assertThat(handle.size()).isEqualTo(1); + assertThat(handle.getPrimary().getKey().getParameters()) + .isEqualTo(PredefinedMacParameters.HMAC_SHA256_128BITTAG); + } + + @Test + public void testCreateCleartext_gcp_jsonFormat_shouldCreateNewKeyset() throws Exception { + Path path = Files.createTempDirectory(/* prefix= */ ""); + Path outputFile = Paths.get(path.toString(), "keyset"); + String commandLine = + String.format( + "create-keyset --key-template HMAC_SHA256_128BITTAG --out-format json " + + "--master-key-uri %s " + + "--credential %s " + + "--out %s", + TestUtil.GCP_KMS_TEST_KEY_URI, TestUtil.SERVICE_ACCOUNT_FILE, outputFile.toString()); - ConvertKeysetCommand.convert(convertOutputStream, format, - new ByteArrayInputStream(encryptedKeyset), format, - masterKeyUri, credentialPath, - /* newMasterKeyUri = */ null, /* newCredentialPath = */ null); + Tinkey.main(commandLine.split(" ")); - Keyset keyset = TinkeyUtil.createKeysetReader( - new ByteArrayInputStream(convertOutputStream.toByteArray()), format).read(); + Aead masterKeyAead = + KmsClients.getAutoLoaded(TestUtil.GCP_KMS_TEST_KEY_URI) + .withCredentials(TestUtil.SERVICE_ACCOUNT_FILE) + .getAead(TestUtil.GCP_KMS_TEST_KEY_URI); - assertThat(keyset.getKeyCount()).isEqualTo(1); - TestUtil.assertHmacKey(template, keyset.getKey(0)); + KeysetHandle handle = + TinkJsonProtoKeysetFormat.parseEncryptedKeyset( + new String(Files.readAllBytes(outputFile), UTF_8), masterKeyAead, new byte[] {}); + + assertThat(handle.size()).isEqualTo(1); + assertThat(handle.getPrimary().getKey().getParameters()) + .isEqualTo(PredefinedMacParameters.HMAC_SHA256_128BITTAG); } + } |