From 5b0cca77050d91dbe8d117aeffe8426e3bef858a Mon Sep 17 00:00:00 2001 From: Jesse Glick Date: Fri, 8 Dec 2017 13:19:33 -0500 Subject: [PATCH] SecretTest --- .../hudson/util/SecretTest.java} | 94 ++++++++++--------- 1 file changed, 48 insertions(+), 46 deletions(-) rename core/src/test/{groovy/hudson/util/SecretTest.groovy => java/hudson/util/SecretTest.java} (55%) diff --git a/core/src/test/groovy/hudson/util/SecretTest.groovy b/core/src/test/java/hudson/util/SecretTest.java similarity index 55% rename from core/src/test/groovy/hudson/util/SecretTest.groovy rename to core/src/test/java/hudson/util/SecretTest.java index 8f39ae7ec0..0b9c13b9b6 100644 --- a/core/src/test/groovy/hudson/util/SecretTest.groovy +++ b/core/src/test/java/hudson/util/SecretTest.java @@ -21,51 +21,51 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. */ -package hudson.util -import com.trilead.ssh2.crypto.Base64; -import jenkins.model.Jenkins -import jenkins.security.ConfidentialStoreRule; -import org.apache.commons.lang.RandomStringUtils; -import org.junit.Rule -import org.junit.Test +package hudson.util; +import com.trilead.ssh2.crypto.Base64; import java.util.Random; -import javax.crypto.Cipher import java.util.regex.Pattern; +import javax.crypto.Cipher; +import javax.crypto.SecretKey; +import jenkins.model.Jenkins; +import jenkins.security.ConfidentialStoreRule; +import org.apache.commons.lang.RandomStringUtils; +import static org.hamcrest.CoreMatchers.*; +import static org.junit.Assert.*; +import org.junit.Rule; +import org.junit.Test; -/** - * @author Kohsuke Kawaguchi - */ public class SecretTest { + @Rule - public ConfidentialStoreRule confidentialStore = new ConfidentialStoreRule() + public ConfidentialStoreRule confidentialStore = new ConfidentialStoreRule(); @Rule - public MockSecretRule mockSecretRule = new MockSecretRule() + public MockSecretRule mockSecretRule = new MockSecretRule(); - static final Pattern ENCRYPTED_VALUE_PATTERN = Pattern.compile("\\{?[A-Za-z0-9+/]+={0,2}}?"); + private static final Pattern ENCRYPTED_VALUE_PATTERN = Pattern.compile("\\{?[A-Za-z0-9+/]+={0,2}}?"); @Test - void testEncrypt() { - def secret = Secret.fromString("abc"); - assert "abc"==secret.plainText; + public void encrypt() { + Secret secret = Secret.fromString("abc"); + assertEquals("abc", secret.getPlainText()); // make sure we got some encryption going - println secret.encryptedValue; - assert !"abc".equals(secret.encryptedValue); + assertNotEquals("abc", secret.getEncryptedValue()); // can we round trip? - assert secret==Secret.fromString(secret.encryptedValue); + assertEquals(secret, Secret.fromString(secret.getEncryptedValue())); //Two consecutive encryption requests of the same object should result in the same encrypted value - SECURITY-304 - assert secret.encryptedValue == secret.encryptedValue + assertEquals(secret.getEncryptedValue(), secret.getEncryptedValue()); //Two consecutive encryption requests of different objects with the same value should not result in the same encrypted value - SECURITY-304 - assert secret.encryptedValue != Secret.fromString(secret.plainText).encryptedValue + assertNotEquals(secret.getEncryptedValue(), Secret.fromString(secret.getPlainText()).getEncryptedValue()); } @Test - void testEncryptedValuePattern() { + public void encryptedValuePattern() { for (int i = 1; i < 100; i++) { String plaintext = RandomStringUtils.random(new Random().nextInt(i)); String ciphertext = Secret.fromString(plaintext).getEncryptedValue(); @@ -83,19 +83,20 @@ public class SecretTest { } @Test - void testDecrypt() { - assert "abc"==Secret.toString(Secret.fromString("abc")) + public void decrypt() { + assertEquals("abc", Secret.toString(Secret.fromString("abc"))); } @Test - void testSerialization() { - def s = Secret.fromString("Mr.Jenkins"); - def xml = Jenkins.XSTREAM.toXML(s); - assert !xml.contains(s.plainText) - assert xml ==~ /\{[A-Za-z0-9+\/]+={0,2}}<\/hudson\.util\.Secret>/ - - def o = Jenkins.XSTREAM.fromXML(xml); - assert o==s : xml; + public void serialization() { + Secret s = Secret.fromString("Mr.Jenkins"); + String xml = Jenkins.XSTREAM.toXML(s); + assertThat(xml, not(containsString(s.getPlainText()))); + // TODO MatchesPattern not available until Hamcrest 2.0 + assertTrue(xml, xml.matches("[{][A-Za-z0-9+/]+={0,2}[}]")); + + Object o = Jenkins.XSTREAM.fromXML(xml); + assertEquals(xml, s, o); } public static class Foo { @@ -106,27 +107,28 @@ public class SecretTest { * Makes sure the serialization form is backward compatible with String. */ @Test - void testCompatibilityFromString() { - def tagName = Foo.class.name.replace("\$","_-"); - def xml = "<$tagName>secret"; - def foo = new Foo(); + public void testCompatibilityFromString() { + String tagName = Foo.class.getName().replace("$", "_-"); + String xml = "<" + tagName + ">secret"; + Foo foo = new Foo(); Jenkins.XSTREAM.fromXML(xml, foo); - assert "secret"==Secret.toString(foo.password) + assertEquals("secret", Secret.toString(foo.password)); } /** * Secret persisted with Jenkins.getSecretKey() should still decrypt OK. */ @Test - void migrationFromLegacyKeyToConfidentialStore() { - def legacy = HistoricalSecrets.legacyKey - ["Hello world","","\u0000unprintable"].each { str -> - def cipher = Secret.getCipher("AES"); + public void migrationFromLegacyKeyToConfidentialStore() throws Exception { + SecretKey legacy = HistoricalSecrets.getLegacyKey(); + for (String str : new String[] {"Hello world", "", "\u0000unprintable"}) { + Cipher cipher = Secret.getCipher("AES"); cipher.init(Cipher.ENCRYPT_MODE, legacy); - def old = new String(Base64.encode(cipher.doFinal((str + HistoricalSecrets.MAGIC).getBytes("UTF-8")))) - def s = Secret.fromString(old) - assert s.plainText==str : "secret by the old key should decrypt" - assert s.encryptedValue!=old : "but when encrypting, ConfidentialKey should be in use" + String old = new String(Base64.encode(cipher.doFinal((str + HistoricalSecrets.MAGIC).getBytes("UTF-8")))); + Secret s = Secret.fromString(old); + assertEquals("secret by the old key should decrypt", str, s.getPlainText()); + assertNotEquals("but when encrypting, ConfidentialKey should be in use", old, s.getEncryptedValue()); } } + } -- GitLab