Refactor the CreateKeysetCommand test.

PiperOrigin-RevId: 535154878
author: tholenst <tholenst@google.com> 2023-05-25 01:17:36 -0700
committer: Copybara-Service <copybara-worker@google.com> 2023-05-25 01:19:30 -0700
commit: 7d7773052f214efabd83d28b4e583bc90c24177b (patch)
tree: c6b117b449278338552a45c595f7ad1ad02fe014 /tools
parent: 824a6d69386bc8ebeef201a8df813daa3b27cbb1 (diff)
download: tink-7d7773052f214efabd83d28b4e583bc90c24177b.tar.gz
2 files changed, 121 insertions, 59 deletions
diff --git a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/BUILD.bazel b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/BUILD.bazel
index a85a29517..956bd9d6c 100644
--- a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/BUILD.bazel
+++ b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/BUILD.bazel
@@ -43,15 +43,17 @@ java_test(
         "requires-network",
     ],
     deps = [
-        "//tinkey/src/main/java/com/google/crypto/tink/tinkey:convert_keyset_command",
-        "//tinkey/src/main/java/com/google/crypto/tink/tinkey:create_keyset_command",
-        "//tinkey/src/main/java/com/google/crypto/tink/tinkey:tinkey_util",
+        "//tinkey/src/main/java/com/google/crypto/tink/tinkey:tinkey",
         "@maven//:com_google_truth_truth",
         "@maven//:junit_junit",
-        "@tink_java//proto:tink_java_proto",
-        "@tink_java//src/main/java/com/google/crypto/tink:key_template",
-        "@tink_java//src/main/java/com/google/crypto/tink:key_templates",
+        "@tink_java//src/main/java/com/google/crypto/tink:aead",
+        "@tink_java//src/main/java/com/google/crypto/tink:insecure_secret_key_access",
+        "@tink_java//src/main/java/com/google/crypto/tink:kms_clients",
+        "@tink_java//src/main/java/com/google/crypto/tink:registry_cluster",
+        "@tink_java//src/main/java/com/google/crypto/tink:tink_json_proto_keyset_format",
+        "@tink_java//src/main/java/com/google/crypto/tink:tink_proto_keyset_format",
         "@tink_java//src/main/java/com/google/crypto/tink/mac:mac_config",
+        "@tink_java//src/main/java/com/google/crypto/tink/mac:predefined_mac_parameters",
         "@tink_java//src/main/java/com/google/crypto/tink/testing:test_util",
     ],
 )
diff --git a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/CreateKeysetCommandTest.java b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/CreateKeysetCommandTest.java
index 6cdea5689..30a15ee82 100644
--- a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/CreateKeysetCommandTest.java
+++ b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/CreateKeysetCommandTest.java
@@ -17,81 +17,141 @@
 package com.google.crypto.tink.tinkey;
 
 import static com.google.common.truth.Truth.assertThat;
+import static java.nio.charset.StandardCharsets.UTF_8;
 
-import com.google.crypto.tink.KeyTemplate;
-import com.google.crypto.tink.KeyTemplates;
-import com.google.crypto.tink.mac.MacConfig;
-import com.google.crypto.tink.proto.Keyset;
+import com.google.crypto.tink.Aead;
+import com.google.crypto.tink.InsecureSecretKeyAccess;
+import com.google.crypto.tink.KeysetHandle;
+import com.google.crypto.tink.KmsClients;
+import com.google.crypto.tink.TinkJsonProtoKeysetFormat;
+import com.google.crypto.tink.TinkProtoKeysetFormat;
+import com.google.crypto.tink.mac.PredefinedMacParameters;
 import com.google.crypto.tink.testing.TestUtil;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import org.junit.BeforeClass;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
-/**
- * Tests for {@code CreateKeysetCommand}.
- */
+/** Tests for {@code CreateKeysetCommand}. */
 @RunWith(JUnit4.class)
 public class CreateKeysetCommandTest {
-  private static KeyTemplate template;
+  @Test
+  public void testCreateCleartext_shouldCreateNewKeyset() throws Exception {
+    Path path = Files.createTempDirectory(/* prefix= */ "");
+    Path outputFile = Paths.get(path.toString(), "keyset");
+
+    Tinkey.main(
+        new String[] {
+          "create-keyset", "--key-template", "HMAC_SHA256_128BITTAG", "--out", outputFile.toString()
+        });
 
-  @BeforeClass
-  public static void setUp() throws Exception {
-    MacConfig.register();
-    template = KeyTemplates.get("HMAC_SHA256_128BITTAG");
+    KeysetHandle handle =
+        TinkJsonProtoKeysetFormat.parseKeyset(
+            new String(Files.readAllBytes(outputFile), UTF_8), InsecureSecretKeyAccess.get());
+
+    assertThat(handle.size()).isEqualTo(1);
+    assertThat(handle.getPrimary().getKey().getParameters())
+        .isEqualTo(PredefinedMacParameters.HMAC_SHA256_128BITTAG);
   }
 
   @Test
-  public void testCreateCleartext_shouldCreateNewKeyset() throws Exception {
-    testCreateCleartext_shouldCreateNewKeyset("json");
-    testCreateCleartext_shouldCreateNewKeyset("binary");
-  }
+  public void testCreateCleartext_explicitJson_shouldCreateNewKeyset() throws Exception {
+    Path path = Files.createTempDirectory(/* prefix= */ "");
+    Path outputFile = Paths.get(path.toString(), "keyset");
 
-  private void testCreateCleartext_shouldCreateNewKeyset(String format)
-      throws Exception {
-    // Create a cleartext keyset.
-    String masterKeyUri = null; // This ensures that the keyset won't be encrypted.
-    String credentialPath = null;
-    ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
-    CreateKeysetCommand.create(outputStream, format, masterKeyUri, credentialPath, template);
-
-    Keyset keyset = TinkeyUtil.createKeysetReader(
-        new ByteArrayInputStream(outputStream.toByteArray()), format).read();
-    assertThat(keyset.getKeyCount()).isEqualTo(1);
-    TestUtil.assertHmacKey(template, keyset.getKey(0));
+    String commandLine =
+        String.format(
+            "create-keyset --key-template HMAC_SHA256_128BITTAG --out-format json --out %s",
+            outputFile.toString());
+
+    Tinkey.main(commandLine.split(" "));
+
+    KeysetHandle handle =
+        TinkJsonProtoKeysetFormat.parseKeyset(
+            new String(Files.readAllBytes(outputFile), UTF_8), InsecureSecretKeyAccess.get());
+
+    assertThat(handle.size()).isEqualTo(1);
+    assertThat(handle.getPrimary().getKey().getParameters())
+        .isEqualTo(PredefinedMacParameters.HMAC_SHA256_128BITTAG);
   }
 
   @Test
-  public void testCreateEncrypted_shouldCreateNewKeyset() throws Exception {
-    testCreateEncrypted_shouldCreateNewKeyset("json");
-    testCreateEncrypted_shouldCreateNewKeyset("binary");
+  public void testCreateCleartext_binary_shouldCreateNewKeyset() throws Exception {
+    Path path = Files.createTempDirectory(/* prefix= */ "");
+    Path outputFile = Paths.get(path.toString(), "keyset");
+
+    String commandLine =
+        String.format(
+            "create-keyset --key-template HMAC_SHA256_128BITTAG --out-format binary --out %s",
+            outputFile);
+
+    Tinkey.main(commandLine.split(" "));
+
+    KeysetHandle handle =
+        TinkProtoKeysetFormat.parseKeyset(
+            Files.readAllBytes(outputFile), InsecureSecretKeyAccess.get());
+
+    assertThat(handle.size()).isEqualTo(1);
+    assertThat(handle.getPrimary().getKey().getParameters())
+        .isEqualTo(PredefinedMacParameters.HMAC_SHA256_128BITTAG);
   }
 
-  private void testCreateEncrypted_shouldCreateNewKeyset(
-      String format) throws Exception {
-    // Create an encrypted keyset.
-    String masterKeyUri = TestUtil.GCP_KMS_TEST_KEY_URI;
-    String credentialPath = TestUtil.SERVICE_ACCOUNT_FILE;
-    ByteArrayOutputStream createOutputStream = new ByteArrayOutputStream();
-    CreateKeysetCommand.create(createOutputStream, format, masterKeyUri, credentialPath, template);
+  @Test
+  public void testCreateCleartext_gcp_shouldCreateNewKeyset() throws Exception {
+    Path path = Files.createTempDirectory(/* prefix= */ "");
+    Path outputFile = Paths.get(path.toString(), "keyset");
+    String commandLine =
+        String.format(
+            "create-keyset --key-template HMAC_SHA256_128BITTAG --out-format binary "
+                + "--master-key-uri %s "
+                + "--credential %s "
+                + "--out %s",
+            TestUtil.GCP_KMS_TEST_KEY_URI, TestUtil.SERVICE_ACCOUNT_FILE, outputFile.toString());
+
+    Tinkey.main(commandLine.split(" "));
+
+    Aead masterKeyAead =
+        KmsClients.getAutoLoaded(TestUtil.GCP_KMS_TEST_KEY_URI)
+            .withCredentials(TestUtil.SERVICE_ACCOUNT_FILE)
+            .getAead(TestUtil.GCP_KMS_TEST_KEY_URI);
 
-    byte[] encryptedKeyset = createOutputStream.toByteArray();
+    KeysetHandle handle =
+        TinkProtoKeysetFormat.parseEncryptedKeyset(
+            Files.readAllBytes(outputFile), masterKeyAead, new byte[] {});
 
-    // Now, use the ConvertKeysetCommand command to convert the encrypted keyset into an
-    // unencrypted keyset.
-    ByteArrayOutputStream convertOutputStream = new ByteArrayOutputStream();
+    assertThat(handle.size()).isEqualTo(1);
+    assertThat(handle.getPrimary().getKey().getParameters())
+        .isEqualTo(PredefinedMacParameters.HMAC_SHA256_128BITTAG);
+  }
+
+  @Test
+  public void testCreateCleartext_gcp_jsonFormat_shouldCreateNewKeyset() throws Exception {
+    Path path = Files.createTempDirectory(/* prefix= */ "");
+    Path outputFile = Paths.get(path.toString(), "keyset");
+    String commandLine =
+        String.format(
+            "create-keyset --key-template HMAC_SHA256_128BITTAG --out-format json "
+                + "--master-key-uri %s "
+                + "--credential %s "
+                + "--out %s",
+            TestUtil.GCP_KMS_TEST_KEY_URI, TestUtil.SERVICE_ACCOUNT_FILE, outputFile.toString());
 
-    ConvertKeysetCommand.convert(convertOutputStream,  format,
-       new ByteArrayInputStream(encryptedKeyset),  format,
-       masterKeyUri,  credentialPath,
-       /* newMasterKeyUri = */ null,  /* newCredentialPath = */ null);
+    Tinkey.main(commandLine.split(" "));
 
-    Keyset keyset = TinkeyUtil.createKeysetReader(
-        new ByteArrayInputStream(convertOutputStream.toByteArray()), format).read();
+    Aead masterKeyAead =
+        KmsClients.getAutoLoaded(TestUtil.GCP_KMS_TEST_KEY_URI)
+            .withCredentials(TestUtil.SERVICE_ACCOUNT_FILE)
+            .getAead(TestUtil.GCP_KMS_TEST_KEY_URI);
 
-    assertThat(keyset.getKeyCount()).isEqualTo(1);
-    TestUtil.assertHmacKey(template, keyset.getKey(0));
+    KeysetHandle handle =
+        TinkJsonProtoKeysetFormat.parseEncryptedKeyset(
+            new String(Files.readAllBytes(outputFile), UTF_8), masterKeyAead, new byte[] {});
+
+    assertThat(handle.size()).isEqualTo(1);
+    assertThat(handle.getPrimary().getKey().getParameters())
+        .isEqualTo(PredefinedMacParameters.HMAC_SHA256_128BITTAG);
   }
+
 }
author	tholenst <tholenst@google.com>	2023-05-25 01:17:36 -0700
committer	Copybara-Service <copybara-worker@google.com>	2023-05-25 01:19:30 -0700
commit	7d7773052f214efabd83d28b4e583bc90c24177b (patch)
tree	c6b117b449278338552a45c595f7ad1ad02fe014 /tools
parent	824a6d69386bc8ebeef201a8df813daa3b27cbb1 (diff)
download	tink-7d7773052f214efabd83d28b4e583bc90c24177b.tar.gz