Example 1 with EncryptResult
use of com.amazonaws.services.kms.model.EncryptResult in project spring-cloud-config-aws-kms by zalando.
the class KmsTextEncryptorTest method setUp.
@Before
public void setUp() throws Exception {
mockKms = mock(AWSKMS.class);
textEncryptor = new KmsTextEncryptor(mockKms, KMS_KEY_ID);
expectedEncryptRequest = new EncryptRequest();
expectedEncryptRequest.setKeyId(KMS_KEY_ID);
expectedEncryptRequest.setPlaintext(wrap(PLAINTEXT.getBytes()));
encryptResult = new EncryptResult();
encryptResult.setCiphertextBlob(wrap(CIPHER_TEXT.getBytes()));
when(mockKms.encrypt(any(EncryptRequest.class))).thenReturn(encryptResult);
expectedDecryptRequest = new DecryptRequest();
expectedDecryptRequest.setCiphertextBlob(wrap(CIPHER_TEXT.getBytes()));
decryptResult = new DecryptResult();
decryptResult.setPlaintext(wrap(PLAINTEXT.getBytes()));
when(mockKms.decrypt(any(DecryptRequest.class))).thenReturn(decryptResult);
}
Also used :
DecryptResult(com.amazonaws.services.kms.model.DecryptResult)
EncryptResult(com.amazonaws.services.kms.model.EncryptResult)
DecryptRequest(com.amazonaws.services.kms.model.DecryptRequest)
AWSKMS(com.amazonaws.services.kms.AWSKMS)
EncryptRequest(com.amazonaws.services.kms.model.EncryptRequest)
Before(org.junit.Before)
Example 2 with EncryptResult
use of com.amazonaws.services.kms.model.EncryptResult in project tink by google.
the class AwsKmsAeadTest method testDecryptShouldThrowExceptionIfKeyIdIsDifferent.
@Test
public void testDecryptShouldThrowExceptionIfKeyIdIsDifferent() throws Exception {
DecryptResult mockDecryptResult = mock(DecryptResult.class);
EncryptResult mockEncryptResult = mock(EncryptResult.class);
when(mockKms.decrypt(isA(DecryptRequest.class))).thenReturn(mockDecryptResult);
when(mockKms.encrypt(isA(EncryptRequest.class))).thenReturn(mockEncryptResult);
Aead aead = new AwsKmsAead(mockKms, KEY_ID);
byte[] aad = Random.randBytes(20);
byte[] message = Random.randBytes(20);
when(mockEncryptResult.getCiphertextBlob()).thenReturn(ByteBuffer.wrap(message));
when(mockDecryptResult.getKeyId()).thenReturn(KEY_ID + "1");
byte[] ciphertext = aead.encrypt(message, aad);
try {
aead.decrypt(ciphertext, aad);
fail("Expected GeneralSecurityException");
} catch (GeneralSecurityException e) {
// expected.
}
}
Also used :
DecryptResult(com.amazonaws.services.kms.model.DecryptResult)
GeneralSecurityException(java.security.GeneralSecurityException)
Aead(com.google.crypto.tink.Aead)
EncryptResult(com.amazonaws.services.kms.model.EncryptResult)
DecryptRequest(com.amazonaws.services.kms.model.DecryptRequest)
EncryptRequest(com.amazonaws.services.kms.model.EncryptRequest)
Test(org.junit.Test)
Example 3 with EncryptResult
use of com.amazonaws.services.kms.model.EncryptResult in project tink by google.
the class AwsKmsAeadTest method testEncryptDecrypt.
@Test
public void testEncryptDecrypt() throws Exception {
DecryptResult mockDecryptResult = mock(DecryptResult.class);
EncryptResult mockEncryptResult = mock(EncryptResult.class);
when(mockKms.decrypt(isA(DecryptRequest.class))).thenReturn(mockDecryptResult);
when(mockKms.encrypt(isA(EncryptRequest.class))).thenReturn(mockEncryptResult);
Aead aead = new AwsKmsAead(mockKms, KEY_ID);
byte[] aad = Random.randBytes(20);
for (int messageSize = 0; messageSize < 75; messageSize++) {
byte[] message = Random.randBytes(messageSize);
when(mockDecryptResult.getKeyId()).thenReturn(KEY_ID);
when(mockDecryptResult.getPlaintext()).thenReturn(ByteBuffer.wrap(message));
when(mockEncryptResult.getCiphertextBlob()).thenReturn(ByteBuffer.wrap(message));
byte[] ciphertext = aead.encrypt(message, aad);
byte[] decrypted = aead.decrypt(ciphertext, aad);
assertArrayEquals(message, decrypted);
}
}
Also used :
DecryptResult(com.amazonaws.services.kms.model.DecryptResult)
Aead(com.google.crypto.tink.Aead)
EncryptResult(com.amazonaws.services.kms.model.EncryptResult)
DecryptRequest(com.amazonaws.services.kms.model.DecryptRequest)
EncryptRequest(com.amazonaws.services.kms.model.EncryptRequest)
Test(org.junit.Test)
Example 4 with EncryptResult
use of com.amazonaws.services.kms.model.EncryptResult in project tink by google.
the class AwsKmsAeadTest method testDecryptShouldThrowExceptionIfRequestFailed.
@Test
public void testDecryptShouldThrowExceptionIfRequestFailed() throws Exception {
EncryptResult mockEncryptResult = mock(EncryptResult.class);
when(mockKms.encrypt(isA(EncryptRequest.class))).thenReturn(mockEncryptResult);
AmazonServiceException exception = mock(AmazonServiceException.class);
when(mockKms.decrypt(isA(DecryptRequest.class))).thenThrow(exception);
Aead aead = new AwsKmsAead(mockKms, KEY_ID);
byte[] aad = Random.randBytes(20);
byte[] message = Random.randBytes(20);
when(mockEncryptResult.getCiphertextBlob()).thenReturn(ByteBuffer.wrap(message));
byte[] ciphertext = aead.encrypt(message, aad);
try {
aead.decrypt(ciphertext, aad);
fail("Expected GeneralSecurityException");
} catch (GeneralSecurityException e) {
// expected.
}
}
Also used :
GeneralSecurityException(java.security.GeneralSecurityException)
AmazonServiceException(com.amazonaws.AmazonServiceException)
Aead(com.google.crypto.tink.Aead)
EncryptResult(com.amazonaws.services.kms.model.EncryptResult)
DecryptRequest(com.amazonaws.services.kms.model.DecryptRequest)
EncryptRequest(com.amazonaws.services.kms.model.EncryptRequest)
Test(org.junit.Test)
Aggregations
DecryptRequest (com.amazonaws.services.kms.model.DecryptRequest)4
EncryptRequest (com.amazonaws.services.kms.model.EncryptRequest)4
EncryptResult (com.amazonaws.services.kms.model.EncryptResult)4
DecryptResult (com.amazonaws.services.kms.model.DecryptResult)3
Aead (com.google.crypto.tink.Aead)3
Test (org.junit.Test)3
GeneralSecurityException (java.security.GeneralSecurityException)2
AmazonServiceException (com.amazonaws.AmazonServiceException)1
AWSKMS (com.amazonaws.services.kms.AWSKMS)1
Before (org.junit.Before)1
