Skip to content

Commit 34203fb

Browse files
author
kevin.w.wall
committed
Major changes were adding test for serialization and changes to allow JUnit 4 test cases to be run from JUnit 3 test runner. Lots of other minor changes made as result of debugging and refactoring.
1 parent a76589e commit 34203fb

1 file changed

Lines changed: 90 additions & 13 deletions

File tree

src/test/java/org/owasp/esapi/reference/DefaultCipherTextTest.java

Lines changed: 90 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,22 @@
22

33
import static org.junit.Assert.*;
44

5+
import java.io.File;
6+
import java.io.FileInputStream;
7+
import java.io.FileOutputStream;
8+
import java.io.IOException;
9+
import java.io.ObjectInputStream;
10+
import java.io.ObjectOutputStream;
11+
import java.security.InvalidAlgorithmParameterException;
12+
import java.security.InvalidKeyException;
13+
14+
import javax.crypto.BadPaddingException;
515
import javax.crypto.Cipher;
16+
import javax.crypto.IllegalBlockSizeException;
617
import javax.crypto.SecretKey;
718
import javax.crypto.spec.IvParameterSpec;
819

20+
import junit.framework.JUnit4TestAdapter;
921
import org.junit.After;
1022
import org.junit.Before;
1123
import org.junit.Test;
@@ -14,7 +26,6 @@
1426
import org.owasp.esapi.errors.EncryptionException;
1527
import org.owasp.esapi.util.CipherSpec;
1628
import org.owasp.esapi.util.CryptoHelper;
17-
import org.owasp.esapi.util.ObjFactory;
1829

1930
public class DefaultCipherTextTest {
2031

@@ -39,14 +50,8 @@ public void tearDown() throws Exception {
3950
/** Test the default CTOR */
4051
@Test
4152
public final void testDefaultCipherText() {
42-
// Make sure we can get this via reflection.
43-
String cipherTextImpl = ESAPI.securityConfiguration().getCipherTextImplementation();
44-
CipherText ct = (new ObjFactory<CipherText>()).make(cipherTextImpl, "CipherText");
45-
46-
assertTrue( ct != null );
47-
// If someone overrides this in ESAPI.properties this would fail. While
48-
// not likely, it could happen.
49-
// assertTrue( ct.getClass().getName().equals(DefaultCipherText.class.getName()));
53+
CipherText ct = new DefaultCipherText();
54+
5055
cipherSpec = new CipherSpec();
5156
assertTrue( ct.getCipherTransformation().equals( cipherSpec.getCipherTransformation()));
5257
assertTrue( ct.getBlockSize() == cipherSpec.getBlockSize() );
@@ -139,21 +144,23 @@ public final void testMIC() {
139144
byte[] ctraw = encryptor.doFinal("Hello".getBytes("UTF8"));
140145
DefaultCipherText ct = new DefaultCipherText(cipherSpec, ctraw);
141146
assertTrue( ct.getIV() != null && ct.getIV().length > 0 );
142-
ct.computeAndStoreMIC(key.getEncoded());
147+
SecretKey authKey = CryptoHelper.computeDerivedKey(key, key.getEncoded().length * 8, "authenticity");
148+
ct.computeAndStoreMAC( authKey );
143149
try {
144150
ct.setIVandCiphertext(ivSpec.getIV(), ctraw); // Expected to log & throw.
145151
} catch( Exception ex ) {
146152
assertTrue( ex instanceof EncryptionException );
147153
}
148154
try {
149-
ct.setCiphertext(ctraw); // Expected to log and throw.
155+
ct.setCiphertext(ctraw); // Expected to log and throw message about
156+
// not being able to store raw ciphertext.
150157
} catch( Exception ex ) {
151158
assertTrue( ex instanceof EncryptionException );
152159
}
153-
decryptor.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(ct.getIV()));
160+
decryptor.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec( ct.getIV() ) );
154161
byte[] ptraw = decryptor.doFinal( ct.getRawCipherText() );
155162
assertTrue( ptraw != null && ptraw.length > 0 );
156-
ct.validateMIC( key.getEncoded() );
163+
ct.validateMAC( authKey );
157164
} catch( Exception ex) {
158165
// As far as test coverage goes, we really don't want this to be covered.
159166
ex.printStackTrace(System.err);
@@ -162,4 +169,74 @@ public final void testMIC() {
162169
}
163170
}
164171

172+
/** Test serialization */
173+
@Test public void testSerialization() {
174+
try {
175+
String filename = "ciphertext.ser";
176+
File serializedFile = new File(filename);
177+
serializedFile.delete(); // Delete any old serialized file.
178+
179+
CipherSpec cipherSpec = new CipherSpec(encryptor, 128);
180+
cipherSpec.setIV(ivSpec.getIV());
181+
SecretKey key =
182+
CryptoHelper.generateSecretKey(cipherSpec.getCipherAlgorithm(), 128);
183+
encryptor.init(Cipher.ENCRYPT_MODE, key, ivSpec);
184+
byte[] raw = encryptor.doFinal("Hello".getBytes("UTF8"));
185+
CipherText ciphertext = new DefaultCipherText(cipherSpec, raw);
186+
187+
FileOutputStream fos = new FileOutputStream(filename);
188+
ObjectOutputStream out = new ObjectOutputStream(fos);
189+
out.writeObject(ciphertext);
190+
out.close();
191+
fos.close();
192+
193+
FileInputStream fis = new FileInputStream(filename);
194+
ObjectInputStream in = new ObjectInputStream(fis);
195+
CipherText restoredCipherText = (CipherText)in.readObject();
196+
in.close();
197+
fis.close();
198+
199+
// check that ciphertext and restoredCipherText are equal. Requires
200+
// multiple checks. (Hmmm... maybe overriding equals() and hashCode()
201+
// is in order???)
202+
assertEquals("1: Serialized restored CipherText differs from saved CipherText",
203+
ciphertext.toString(), restoredCipherText.toString());
204+
assertArrayEquals("2: Serialized restored CipherText differs from saved CipherText",
205+
ciphertext.getIV(), restoredCipherText.getIV());
206+
assertEquals("3: Serialized restored CipherText differs from saved CipherText",
207+
ciphertext.getBase64EncodedRawCipherText(),
208+
restoredCipherText.getBase64EncodedRawCipherText());
209+
210+
} catch(IOException ex) {
211+
ex.printStackTrace(System.err);
212+
fail("testSerialization(): Unexpected IOException: " + ex);
213+
} catch(ClassNotFoundException ex) {
214+
ex.printStackTrace(System.err);
215+
fail("testSerialization(): Unexpected ClassNotFoundException: " + ex);
216+
} catch (EncryptionException ex) {
217+
ex.printStackTrace(System.err);
218+
fail("testSerialization(): Unexpected EncryptionException: " + ex);
219+
} catch (IllegalBlockSizeException ex) {
220+
ex.printStackTrace(System.err);
221+
fail("testSerialization(): Unexpected IllegalBlockSizeException: " + ex);
222+
} catch (BadPaddingException ex) {
223+
ex.printStackTrace(System.err);
224+
fail("testSerialization(): Unexpected BadPaddingException: " + ex);
225+
} catch (InvalidKeyException ex) {
226+
ex.printStackTrace(System.err);
227+
fail("testSerialization(): Unexpected InvalidKeyException: " + ex);
228+
} catch (InvalidAlgorithmParameterException ex) {
229+
ex.printStackTrace(System.err);
230+
fail("testSerialization(): Unexpected InvalidAlgorithmParameterException: " + ex);
231+
}
232+
}
233+
234+
/**
235+
* Run all the test cases in this suite.
236+
* This is to allow running from {@code org.owasp.esapi.AllTests} which
237+
* uses a JUnit 3 test runner.
238+
*/
239+
public static junit.framework.Test suite() {
240+
return new JUnit4TestAdapter(DefaultCipherTextTest.class);
241+
}
165242
}

0 commit comments

Comments
 (0)