java_src/src/test/java/com/google/crypto/tink/integration/awskms/AwsKmsAeadTest.java - third_party/tink - Git at Google

 // Copyright 2017 Google Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 ////////////////////////////////////////////////////////////////////////////////

 package com.google.crypto.tink.integration.awskms;

 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertThrows;
 import static org.mockito.ArgumentMatchers.isA;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;

 import com.amazonaws.AmazonServiceException;
 import com.amazonaws.services.kms.AWSKMS;
 import com.amazonaws.services.kms.model.DecryptRequest;
 import com.amazonaws.services.kms.model.DecryptResult;
 import com.amazonaws.services.kms.model.EncryptRequest;
 import com.amazonaws.services.kms.model.EncryptResult;
 import com.google.crypto.tink.Aead;
 import com.google.crypto.tink.subtle.Random;
 import java.nio.ByteBuffer;
 import java.security.GeneralSecurityException;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
 import org.mockito.runners.MockitoJUnitRunner;

 /**
  * Tests for AwsKmsAead.
  */
 @RunWith(MockitoJUnitRunner.class)
 public class AwsKmsAeadTest {
   private static final String KEY_ARN =
       "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab";
   @Mock private AWSKMS mockKms;

   @Test
   public void testEncryptDecrypt() throws Exception {
     DecryptResult mockDecryptResult = mock(DecryptResult.class);
     EncryptResult mockEncryptResult = mock(EncryptResult.class);
     when(mockKms.decrypt(isA(DecryptRequest.class)))
         .thenReturn(mockDecryptResult);
     when(mockKms.encrypt(isA(EncryptRequest.class)))
         .thenReturn(mockEncryptResult);

     Aead aead = new AwsKmsAead(mockKms, KEY_ARN);
     byte[] aad = Random.randBytes(20);
     for (int messageSize = 0; messageSize < 75; messageSize++) {
       byte[] message = Random.randBytes(messageSize);
       when(mockDecryptResult.getKeyId()).thenReturn(KEY_ARN);
       when(mockDecryptResult.getPlaintext()).thenReturn(ByteBuffer.wrap(message));
       when(mockEncryptResult.getCiphertextBlob()).thenReturn(ByteBuffer.wrap(message));
       byte[] ciphertext = aead.encrypt(message, aad);
       byte[] decrypted = aead.decrypt(ciphertext, aad);
       assertArrayEquals(message, decrypted);
     }
   }

   @Test
   public void testEncryptShouldThrowExceptionIfRequestFailed() throws Exception {
     AmazonServiceException exception = mock(AmazonServiceException.class);
     when(mockKms.encrypt(isA(EncryptRequest.class)))
         .thenThrow(exception);

     Aead aead = new AwsKmsAead(mockKms, KEY_ARN);
     byte[] aad = Random.randBytes(20);
     byte[] message = Random.randBytes(20);
     assertThrows(GeneralSecurityException.class, () -> aead.encrypt(message, aad));
   }

   @Test
   public void testDecryptShouldThrowExceptionIfRequestFailed() throws Exception {
     EncryptResult mockEncryptResult = mock(EncryptResult.class);
     when(mockKms.encrypt(isA(EncryptRequest.class)))
         .thenReturn(mockEncryptResult);
     AmazonServiceException exception = mock(AmazonServiceException.class);
     when(mockKms.decrypt(isA(DecryptRequest.class)))
         .thenThrow(exception);

     Aead aead = new AwsKmsAead(mockKms, KEY_ARN);
     byte[] aad = Random.randBytes(20);
     byte[] message = Random.randBytes(20);
     when(mockEncryptResult.getCiphertextBlob()).thenReturn(ByteBuffer.wrap(message));
     byte[] ciphertext = aead.encrypt(message, aad);
     assertThrows(GeneralSecurityException.class, () -> aead.decrypt(ciphertext, aad));
   }

   @Test
   public void testDecryptShouldThrowExceptionIfKeyArnIsDifferent() throws Exception {
     DecryptResult mockDecryptResult = mock(DecryptResult.class);
     EncryptResult mockEncryptResult = mock(EncryptResult.class);
     when(mockKms.decrypt(isA(DecryptRequest.class)))
         .thenReturn(mockDecryptResult);
     when(mockKms.encrypt(isA(EncryptRequest.class)))
         .thenReturn(mockEncryptResult);

     Aead aead = new AwsKmsAead(mockKms, KEY_ARN);
     byte[] aad = Random.randBytes(20);
     byte[] message = Random.randBytes(20);
     when(mockEncryptResult.getCiphertextBlob()).thenReturn(ByteBuffer.wrap(message));
     when(mockDecryptResult.getKeyId()).thenReturn(KEY_ARN + "1");
     byte[] ciphertext = aead.encrypt(message, aad);
     assertThrows(GeneralSecurityException.class, () -> aead.decrypt(ciphertext, aad));
   }

   @Test
   public void testDecryptShouldNotThrowExceptionIfKeyArnIsAlias() throws Exception {
     DecryptResult mockDecryptResult = mock(DecryptResult.class);
     EncryptResult mockEncryptResult = mock(EncryptResult.class);
     when(mockKms.decrypt(isA(DecryptRequest.class))).thenReturn(mockDecryptResult);
     when(mockKms.encrypt(isA(EncryptRequest.class))).thenReturn(mockEncryptResult);

     String aliasArn = "arn:aws:kms:us-west-2:111122223333:alias/ExampleAlias";
     Aead aead = new AwsKmsAead(mockKms, aliasArn);
     byte[] aad = Random.randBytes(20);
     byte[] message = Random.randBytes(20);
     when(mockEncryptResult.getCiphertextBlob()).thenReturn(ByteBuffer.wrap(message));
     when(mockDecryptResult.getPlaintext()).thenReturn(ByteBuffer.wrap(message));

     byte[] ciphertext = aead.encrypt(message, aad);
     byte[] decrypted = aead.decrypt(ciphertext, aad);
     assertArrayEquals(message, decrypted);
   }
 }
	// Copyright 2017 Google Inc.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//
	////////////////////////////////////////////////////////////////////////////////

	package com.google.crypto.tink.integration.awskms;

	import static org.junit.Assert.assertArrayEquals;
	import static org.junit.Assert.assertThrows;
	import static org.mockito.ArgumentMatchers.isA;
	import static org.mockito.Mockito.mock;
	import static org.mockito.Mockito.when;

	import com.amazonaws.AmazonServiceException;
	import com.amazonaws.services.kms.AWSKMS;
	import com.amazonaws.services.kms.model.DecryptRequest;
	import com.amazonaws.services.kms.model.DecryptResult;
	import com.amazonaws.services.kms.model.EncryptRequest;
	import com.amazonaws.services.kms.model.EncryptResult;
	import com.google.crypto.tink.Aead;
	import com.google.crypto.tink.subtle.Random;
	import java.nio.ByteBuffer;
	import java.security.GeneralSecurityException;
	import org.junit.Test;
	import org.junit.runner.RunWith;
	import org.mockito.Mock;
	import org.mockito.runners.MockitoJUnitRunner;

	/**
	* Tests for AwsKmsAead.
	*/
	@RunWith(MockitoJUnitRunner.class)
	public class AwsKmsAeadTest {
	private static final String KEY_ARN =
	"arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab";
	@Mock private AWSKMS mockKms;

	@Test
	public void testEncryptDecrypt() throws Exception {
	DecryptResult mockDecryptResult = mock(DecryptResult.class);
	EncryptResult mockEncryptResult = mock(EncryptResult.class);
	when(mockKms.decrypt(isA(DecryptRequest.class)))
	.thenReturn(mockDecryptResult);
	when(mockKms.encrypt(isA(EncryptRequest.class)))
	.thenReturn(mockEncryptResult);

	Aead aead = new AwsKmsAead(mockKms, KEY_ARN);
	byte[] aad = Random.randBytes(20);
	for (int messageSize = 0; messageSize < 75; messageSize++) {
	byte[] message = Random.randBytes(messageSize);
	when(mockDecryptResult.getKeyId()).thenReturn(KEY_ARN);
	when(mockDecryptResult.getPlaintext()).thenReturn(ByteBuffer.wrap(message));
	when(mockEncryptResult.getCiphertextBlob()).thenReturn(ByteBuffer.wrap(message));
	byte[] ciphertext = aead.encrypt(message, aad);
	byte[] decrypted = aead.decrypt(ciphertext, aad);
	assertArrayEquals(message, decrypted);
	}
	}

	@Test
	public void testEncryptShouldThrowExceptionIfRequestFailed() throws Exception {
	AmazonServiceException exception = mock(AmazonServiceException.class);
	when(mockKms.encrypt(isA(EncryptRequest.class)))
	.thenThrow(exception);

	Aead aead = new AwsKmsAead(mockKms, KEY_ARN);
	byte[] aad = Random.randBytes(20);
	byte[] message = Random.randBytes(20);
	assertThrows(GeneralSecurityException.class, () -> aead.encrypt(message, aad));
	}

	@Test
	public void testDecryptShouldThrowExceptionIfRequestFailed() throws Exception {
	EncryptResult mockEncryptResult = mock(EncryptResult.class);
	when(mockKms.encrypt(isA(EncryptRequest.class)))
	.thenReturn(mockEncryptResult);
	AmazonServiceException exception = mock(AmazonServiceException.class);
	when(mockKms.decrypt(isA(DecryptRequest.class)))
	.thenThrow(exception);

	Aead aead = new AwsKmsAead(mockKms, KEY_ARN);
	byte[] aad = Random.randBytes(20);
	byte[] message = Random.randBytes(20);
	when(mockEncryptResult.getCiphertextBlob()).thenReturn(ByteBuffer.wrap(message));
	byte[] ciphertext = aead.encrypt(message, aad);
	assertThrows(GeneralSecurityException.class, () -> aead.decrypt(ciphertext, aad));
	}

	@Test
	public void testDecryptShouldThrowExceptionIfKeyArnIsDifferent() throws Exception {
	DecryptResult mockDecryptResult = mock(DecryptResult.class);
	EncryptResult mockEncryptResult = mock(EncryptResult.class);
	when(mockKms.decrypt(isA(DecryptRequest.class)))
	.thenReturn(mockDecryptResult);
	when(mockKms.encrypt(isA(EncryptRequest.class)))
	.thenReturn(mockEncryptResult);

	Aead aead = new AwsKmsAead(mockKms, KEY_ARN);
	byte[] aad = Random.randBytes(20);
	byte[] message = Random.randBytes(20);
	when(mockEncryptResult.getCiphertextBlob()).thenReturn(ByteBuffer.wrap(message));
	when(mockDecryptResult.getKeyId()).thenReturn(KEY_ARN + "1");
	byte[] ciphertext = aead.encrypt(message, aad);
	assertThrows(GeneralSecurityException.class, () -> aead.decrypt(ciphertext, aad));
	}

	@Test
	public void testDecryptShouldNotThrowExceptionIfKeyArnIsAlias() throws Exception {
	DecryptResult mockDecryptResult = mock(DecryptResult.class);
	EncryptResult mockEncryptResult = mock(EncryptResult.class);
	when(mockKms.decrypt(isA(DecryptRequest.class))).thenReturn(mockDecryptResult);
	when(mockKms.encrypt(isA(EncryptRequest.class))).thenReturn(mockEncryptResult);

	String aliasArn = "arn:aws:kms:us-west-2:111122223333:alias/ExampleAlias";
	Aead aead = new AwsKmsAead(mockKms, aliasArn);
	byte[] aad = Random.randBytes(20);
	byte[] message = Random.randBytes(20);
	when(mockEncryptResult.getCiphertextBlob()).thenReturn(ByteBuffer.wrap(message));
	when(mockDecryptResult.getPlaintext()).thenReturn(ByteBuffer.wrap(message));

	byte[] ciphertext = aead.encrypt(message, aad);
	byte[] decrypted = aead.decrypt(ciphertext, aad);
	assertArrayEquals(message, decrypted);
	}
	}