Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
LinuxSuRen
jenkins
提交
5b0cca77
J
jenkins
项目概览
LinuxSuRen
/
jenkins
与 Fork 源项目一致
从无法访问的项目Fork
通知
2
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
J
jenkins
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
5b0cca77
编写于
12月 08, 2017
作者:
J
Jesse Glick
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
SecretTest
上级
dbdcaaf3
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
48 addition
and
46 deletion
+48
-46
core/src/test/java/hudson/util/SecretTest.java
core/src/test/java/hudson/util/SecretTest.java
+48
-46
未找到文件。
core/src/test/
groovy/hudson/util/SecretTest.groovy
→
core/src/test/
java/hudson/util/SecretTest.java
浏览文件 @
5b0cca77
...
...
@@ -21,51 +21,51 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
package
hudson.util
import
com.trilead.ssh2.crypto.Base64
;
import
jenkins.model.Jenkins
import
jenkins.security.ConfidentialStoreRule
;
import
org.apache.commons.lang.RandomStringUtils
;
import
org.junit.Rule
import
org.junit.Test
package
hudson.util
;
import
com.trilead.ssh2.crypto.Base64
;
import
java.util.Random
;
import
javax.crypto.Cipher
import
java.util.regex.Pattern
;
import
javax.crypto.Cipher
;
import
javax.crypto.SecretKey
;
import
jenkins.model.Jenkins
;
import
jenkins.security.ConfidentialStoreRule
;
import
org.apache.commons.lang.RandomStringUtils
;
import
static
org
.
hamcrest
.
CoreMatchers
.*;
import
static
org
.
junit
.
Assert
.*;
import
org.junit.Rule
;
import
org.junit.Test
;
/**
* @author Kohsuke Kawaguchi
*/
public
class
SecretTest
{
@Rule
public
ConfidentialStoreRule
confidentialStore
=
new
ConfidentialStoreRule
()
public
ConfidentialStoreRule
confidentialStore
=
new
ConfidentialStoreRule
()
;
@Rule
public
MockSecretRule
mockSecretRule
=
new
MockSecretRule
()
public
MockSecretRule
mockSecretRule
=
new
MockSecretRule
()
;
static
final
Pattern
ENCRYPTED_VALUE_PATTERN
=
Pattern
.
compile
(
"\\{?[A-Za-z0-9+/]+={0,2}}?"
);
private
static
final
Pattern
ENCRYPTED_VALUE_PATTERN
=
Pattern
.
compile
(
"\\{?[A-Za-z0-9+/]+={0,2}}?"
);
@Test
void
testE
ncrypt
()
{
def
secret
=
Secret
.
fromString
(
"abc"
);
assert
"abc"
==
secret
.
plainText
;
public
void
e
ncrypt
()
{
Secret
secret
=
Secret
.
fromString
(
"abc"
);
assert
Equals
(
"abc"
,
secret
.
getPlainText
())
;
// make sure we got some encryption going
println
secret
.
encryptedValue
;
assert
!
"abc"
.
equals
(
secret
.
encryptedValue
);
assertNotEquals
(
"abc"
,
secret
.
getEncryptedValue
());
// can we round trip?
assert
secret
==
Secret
.
fromString
(
secret
.
encryptedValue
);
assert
Equals
(
secret
,
Secret
.
fromString
(
secret
.
getEncryptedValue
())
);
//Two consecutive encryption requests of the same object should result in the same encrypted value - SECURITY-304
assert
secret
.
encryptedValue
==
secret
.
encryptedValue
assert
Equals
(
secret
.
getEncryptedValue
(),
secret
.
getEncryptedValue
());
//Two consecutive encryption requests of different objects with the same value should not result in the same encrypted value - SECURITY-304
assert
secret
.
encryptedValue
!=
Secret
.
fromString
(
secret
.
plainText
).
encryptedValue
assert
NotEquals
(
secret
.
getEncryptedValue
(),
Secret
.
fromString
(
secret
.
getPlainText
()).
getEncryptedValue
());
}
@Test
void
testE
ncryptedValuePattern
()
{
public
void
e
ncryptedValuePattern
()
{
for
(
int
i
=
1
;
i
<
100
;
i
++)
{
String
plaintext
=
RandomStringUtils
.
random
(
new
Random
().
nextInt
(
i
));
String
ciphertext
=
Secret
.
fromString
(
plaintext
).
getEncryptedValue
();
...
...
@@ -83,19 +83,20 @@ public class SecretTest {
}
@Test
void
testD
ecrypt
()
{
assert
"abc"
==
Secret
.
toString
(
Secret
.
fromString
(
"abc"
))
public
void
d
ecrypt
()
{
assert
Equals
(
"abc"
,
Secret
.
toString
(
Secret
.
fromString
(
"abc"
)));
}
@Test
void
testSerialization
()
{
def
s
=
Secret
.
fromString
(
"Mr.Jenkins"
);
def
xml
=
Jenkins
.
XSTREAM
.
toXML
(
s
);
assert
!
xml
.
contains
(
s
.
plainText
)
assert
xml
==~
/<hudson\.util\.Secret>\{[A-Za-z0-9+\/]+={0,2}}<\/hudson\.util\.Secret>/
def
o
=
Jenkins
.
XSTREAM
.
fromXML
(
xml
);
assert
o
==
s
:
xml
;
public
void
serialization
()
{
Secret
s
=
Secret
.
fromString
(
"Mr.Jenkins"
);
String
xml
=
Jenkins
.
XSTREAM
.
toXML
(
s
);
assertThat
(
xml
,
not
(
containsString
(
s
.
getPlainText
())));
// TODO MatchesPattern not available until Hamcrest 2.0
assertTrue
(
xml
,
xml
.
matches
(
"<hudson[.]util[.]Secret>[{][A-Za-z0-9+/]+={0,2}[}]</hudson[.]util[.]Secret>"
));
Object
o
=
Jenkins
.
XSTREAM
.
fromXML
(
xml
);
assertEquals
(
xml
,
s
,
o
);
}
public
static
class
Foo
{
...
...
@@ -106,27 +107,28 @@ public class SecretTest {
* Makes sure the serialization form is backward compatible with String.
*/
@Test
void
testCompatibilityFromString
()
{
def
tagName
=
Foo
.
class
.
name
.
replace
(
"\$"
,
"_-"
);
def
xml
=
"<$tagName><password>secret</password></$tagName
>"
;
def
foo
=
new
Foo
();
public
void
testCompatibilityFromString
()
{
String
tagName
=
Foo
.
class
.
getName
().
replace
(
"$"
,
"_-"
);
String
xml
=
"<"
+
tagName
+
"><password>secret</password></"
+
tagName
+
"
>"
;
Foo
foo
=
new
Foo
();
Jenkins
.
XSTREAM
.
fromXML
(
xml
,
foo
);
assert
"secret"
==
Secret
.
toString
(
foo
.
password
)
assert
Equals
(
"secret"
,
Secret
.
toString
(
foo
.
password
));
}
/**
* Secret persisted with Jenkins.getSecretKey() should still decrypt OK.
*/
@Test
void
migrationFromLegacyKeyToConfidentialStore
()
{
def
legacy
=
HistoricalSecrets
.
legacyKey
[
"Hello world"
,
""
,
"\u0000unprintable"
].
each
{
str
->
def
cipher
=
Secret
.
getCipher
(
"AES"
);
public
void
migrationFromLegacyKeyToConfidentialStore
()
throws
Exception
{
SecretKey
legacy
=
HistoricalSecrets
.
getLegacyKey
();
for
(
String
str
:
new
String
[]
{
"Hello world"
,
""
,
"\u0000unprintable"
})
{
Cipher
cipher
=
Secret
.
getCipher
(
"AES"
);
cipher
.
init
(
Cipher
.
ENCRYPT_MODE
,
legacy
);
def
old
=
new
String
(
Base64
.
encode
(
cipher
.
doFinal
((
str
+
HistoricalSecrets
.
MAGIC
).
getBytes
(
"UTF-8"
))))
def
s
=
Secret
.
fromString
(
old
)
assert
s
.
plainText
==
str
:
"secret by the old key should decrypt"
assert
s
.
encryptedValue
!=
old
:
"but when encrypting, ConfidentialKey should be in use"
String
old
=
new
String
(
Base64
.
encode
(
cipher
.
doFinal
((
str
+
HistoricalSecrets
.
MAGIC
).
getBytes
(
"UTF-8"
))));
Secret
s
=
Secret
.
fromString
(
old
);
assert
Equals
(
"secret by the old key should decrypt"
,
str
,
s
.
getPlainText
());
assert
NotEquals
(
"but when encrypting, ConfidentialKey should be in use"
,
old
,
s
.
getEncryptedValue
());
}
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录