/*
*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.cassandra.security;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import com.google.common.base.Charsets;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.apache.cassandra.config.TransparentDataEncryptionOptions;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail;
public class CipherFactoryTest
{
// http://www.gutenberg.org/files/4300/4300-h/4300-h.htm
static final String ULYSSEUS = "Stately, plump Buck Mulligan came from the stairhead, bearing a bowl of lather on which a mirror and a razor lay crossed. " +
"A yellow dressinggown, ungirdled, was sustained gently behind him on the mild morning air. He held the bowl aloft and intoned: " +
"-Introibo ad altare Dei.";
TransparentDataEncryptionOptions encryptionOptions;
CipherFactory cipherFactory;
SecureRandom secureRandom;
@Before
public void setup()
{
try
{
secureRandom = SecureRandom.getInstance("SHA1PRNG");
assertNotNull(secureRandom.getProvider());
}
catch (NoSuchAlgorithmException e)
{
fail("NoSuchAlgorithmException: SHA1PRNG not found.");
}
long seed = new java.util.Random().nextLong();
System.out.println("Seed: " + seed);
secureRandom.setSeed(seed);
encryptionOptions = EncryptionContextGenerator.createEncryptionOptions();
cipherFactory = new CipherFactory(encryptionOptions);
}
@Test
public void roundTrip() throws IOException, BadPaddingException, IllegalBlockSizeException
{
Cipher encryptor = cipherFactory.getEncryptor(encryptionOptions.cipher, encryptionOptions.key_alias);
byte[] original = ULYSSEUS.getBytes(Charsets.UTF_8);
byte[] encrypted = encryptor.doFinal(original);
Cipher decryptor = cipherFactory.getDecryptor(encryptionOptions.cipher, encryptionOptions.key_alias, encryptor.getIV());
byte[] decrypted = decryptor.doFinal(encrypted);
Assert.assertEquals(ULYSSEUS, new String(decrypted, Charsets.UTF_8));
}
private byte[] nextIV()
{
byte[] b = new byte[16];
secureRandom.nextBytes(b);
return b;
}
@Test
public void buildCipher_SameParams() throws Exception
{
byte[] iv = nextIV();
Cipher c1 = cipherFactory.buildCipher(encryptionOptions.cipher, encryptionOptions.key_alias, iv, Cipher.ENCRYPT_MODE);
Cipher c2 = cipherFactory.buildCipher(encryptionOptions.cipher, encryptionOptions.key_alias, iv, Cipher.ENCRYPT_MODE);
Assert.assertTrue(c1 == c2);
}
@Test
public void buildCipher_DifferentModes() throws Exception
{
byte[] iv = nextIV();
Cipher c1 = cipherFactory.buildCipher(encryptionOptions.cipher, encryptionOptions.key_alias, iv, Cipher.ENCRYPT_MODE);
Cipher c2 = cipherFactory.buildCipher(encryptionOptions.cipher, encryptionOptions.key_alias, iv, Cipher.DECRYPT_MODE);
Assert.assertFalse(c1 == c2);
}
@Test
public void buildCipher_DifferentIVs() throws Exception
{
Cipher c1 = cipherFactory.buildCipher(encryptionOptions.cipher, encryptionOptions.key_alias, nextIV(), Cipher.ENCRYPT_MODE);
Cipher c2 = cipherFactory.buildCipher(encryptionOptions.cipher, encryptionOptions.key_alias, nextIV(), Cipher.DECRYPT_MODE);
Assert.assertFalse(c1 == c2);
}
@Test
public void buildCipher_DifferentAliases() throws Exception
{
Cipher c1 = cipherFactory.buildCipher(encryptionOptions.cipher, encryptionOptions.key_alias, nextIV(), Cipher.ENCRYPT_MODE);
Cipher c2 = cipherFactory.buildCipher(encryptionOptions.cipher, EncryptionContextGenerator.KEY_ALIAS_2, nextIV(), Cipher.DECRYPT_MODE);
Assert.assertFalse(c1 == c2);
}
@Test(expected = AssertionError.class)
public void getDecryptor_NullIv() throws IOException
{
cipherFactory.getDecryptor(encryptionOptions.cipher, encryptionOptions.key_alias, null);
}
@Test(expected = AssertionError.class)
public void getDecryptor_EmptyIv() throws IOException
{
cipherFactory.getDecryptor(encryptionOptions.cipher, encryptionOptions.key_alias, new byte[0]);
}
}