1package s3crypto 2 3import ( 4 "strings" 5 "testing" 6 7 "github.com/aws/aws-sdk-go/awstesting/unit" 8 "github.com/aws/aws-sdk-go/service/kms" 9) 10 11func TestAESGCMContentCipherBuilder(t *testing.T) { 12 generator := mockGenerator{} 13 if builder := AESGCMContentCipherBuilder(generator); builder == nil { 14 t.Error("expected non-nil value") 15 } 16} 17 18func TestAESGCMContentCipherNewEncryptor(t *testing.T) { 19 generator := mockGenerator{} 20 builder := AESGCMContentCipherBuilder(generator) 21 cipher, err := builder.ContentCipher() 22 23 if err != nil { 24 t.Errorf("expected no error, but received %v", err) 25 } 26 27 if cipher == nil { 28 t.Errorf("expected non-nil vaue") 29 } 30} 31 32func TestAESGCMContentCipherBuilderV2(t *testing.T) { 33 builder := AESGCMContentCipherBuilderV2(mockGeneratorV2{}) 34 cipher, err := builder.ContentCipher() 35 36 if err != nil { 37 t.Errorf("expected no error, but received %v", err) 38 } 39 40 if cipher == nil { 41 t.Errorf("expected non-nil vaue") 42 } 43} 44 45func TestGcmContentCipherBuilder_isFixtureEncryptionCompatible(t *testing.T) { 46 builder := AESGCMContentCipherBuilder(NewKMSKeyGenerator(mockKMS{}, "cmkID")) 47 features, ok := builder.(compatibleEncryptionFixture) 48 if !ok { 49 t.Errorf("expected to implement compatibleEncryptionFixture interface") 50 } 51 52 if err := features.isEncryptionVersionCompatible(v1ClientVersion); err != nil { 53 t.Errorf("expected to receive no error, got %v", err) 54 } 55 56 if err := features.isEncryptionVersionCompatible(v2ClientVersion); err == nil { 57 t.Errorf("expected to receive error, got nil") 58 } 59} 60 61func TestGcmContentCipherBuilderV2_isFixtureEncryptionCompatible(t *testing.T) { 62 builder := AESGCMContentCipherBuilderV2(NewKMSContextKeyGenerator(mockKMS{}, "cmkID", nil)) 63 features, ok := builder.(compatibleEncryptionFixture) 64 if !ok { 65 t.Errorf("expected to implement compatibleEncryptionFixture interface") 66 } 67 68 if err := features.isEncryptionVersionCompatible(v1ClientVersion); err == nil { 69 t.Error("expected to receive error, got nil") 70 } 71 72 if err := features.isEncryptionVersionCompatible(v2ClientVersion); err != nil { 73 t.Errorf("expected to receive no error, got %v", err) 74 } 75} 76 77func TestRegisterAESGCMContentCipher(t *testing.T) { 78 cr := NewCryptoRegistry() 79 err := RegisterAESGCMContentCipher(cr) 80 if err != nil { 81 t.Fatalf("expected no error, got %v", err) 82 } 83 84 if v, ok := cr.GetCEK("AES/GCM/NoPadding"); !ok { 85 t.Fatal("expected cek handler to be registered") 86 } else if v == nil { 87 t.Fatal("expected non-nil cek handler") 88 } 89 90 if v, ok := cr.GetPadder("NoPadding"); !ok { 91 t.Fatal("expected padder to be registered") 92 } else if v != NoPadder { 93 t.Fatal("padder did not match expected type") 94 } 95 96 err = RegisterAESGCMContentCipher(cr) 97 if err == nil { 98 t.Fatal("expected error, got none") 99 } else if !strings.Contains(err.Error(), "duplicate cek registry entry") { 100 t.Errorf("expected duplicate entry, got %v", err) 101 } 102 103 if _, ok := cr.RemoveCEK("AES/GCM/NoPadding"); !ok { 104 t.Error("expected value to be removed") 105 } 106 err = RegisterAESGCMContentCipher(cr) 107 if err != nil { 108 t.Fatalf("expected no error, got %v", err) 109 } 110 111 if _, ok := cr.RemoveCEK("AES/GCM/NoPadding"); !ok { 112 t.Fatalf("expected value to be removed") 113 } 114 if _, ok := cr.RemovePadder("NoPadding"); !ok { 115 t.Fatalf("expected value to be removed") 116 } 117 if err := cr.AddPadder("NoPadding", mockPadder{}); err != nil { 118 t.Fatalf("expected no error, got %v", err) 119 } 120 121 err = RegisterAESGCMContentCipher(cr) 122 if err == nil { 123 t.Fatalf("expected error, got %v", err) 124 } else if !strings.Contains(err.Error(), "does not match expected type") { 125 t.Errorf("expected padder type error, got %v", err) 126 } 127} 128 129func TestAESGCMContentCipherBuilderV2_isAWSFixture(t *testing.T) { 130 builder := AESGCMContentCipherBuilderV2(NewKMSContextKeyGenerator(kms.New(unit.Session.Copy()), "cmk", nil)) 131 if !builder.(awsFixture).isAWSFixture() { 132 t.Error("expected to be AWS ContentCipherBuilder constructed with a AWS CipherDataGenerator") 133 } 134 135 builder = AESGCMContentCipherBuilderV2(mockGeneratorV2{}) 136 if builder.(awsFixture).isAWSFixture() { 137 t.Error("expected to return that this is not an AWS fixture") 138 } 139} 140