@Test public void testShouldDetermineMaxKeySizeForAlgorithms() throws IOException { // Arrange final String AES_ALGORITHM = EncryptionMethod.MD5_256AES.getAlgorithm(); final String DES_ALGORITHM = EncryptionMethod.MD5_DES.getAlgorithm(); final int AES_MAX_LENGTH = PasswordBasedEncryptor.supportsUnlimitedStrength() ? Integer.MAX_VALUE : 128; final int DES_MAX_LENGTH = PasswordBasedEncryptor.supportsUnlimitedStrength() ? Integer.MAX_VALUE : 64; // Act int determinedAESMaxLength = PasswordBasedEncryptor.getMaxAllowedKeyLength(AES_ALGORITHM); int determinedTDESMaxLength = PasswordBasedEncryptor.getMaxAllowedKeyLength(DES_ALGORITHM); // Assert assert determinedAESMaxLength == AES_MAX_LENGTH; assert determinedTDESMaxLength == DES_MAX_LENGTH; }
private List<ValidationResult> validatePBE(EncryptionMethod encryptionMethod, KeyDerivationFunction kdf, String password, boolean allowWeakCrypto) { List<ValidationResult> validationResults = new ArrayList<>(); boolean limitedStrengthCrypto = !PasswordBasedEncryptor.supportsUnlimitedStrength(); final int minimumSafePasswordLength = PasswordBasedEncryptor.getMinimumSafePasswordLength(); if (passwordBytesLength < minimumSafePasswordLength) { validationResults.add(new ValidationResult.Builder().subject(PASSWORD.getName())
@Test public void testShouldDecryptOpenSSLRawUnsalted() throws IOException { // Arrange Assume.assumeTrue("Test is being skipped due to this JVM lacking JCE Unlimited Strength Jurisdiction Policy file.", PasswordBasedEncryptor.supportsUnlimitedStrength()); final TestRunner testRunner = TestRunners.newTestRunner(new EncryptContent()); final String password = "thisIsABadPassword"; final EncryptionMethod method = EncryptionMethod.MD5_256AES; final KeyDerivationFunction kdf = KeyDerivationFunction.OPENSSL_EVP_BYTES_TO_KEY; testRunner.setProperty(EncryptContent.PASSWORD, password); testRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, kdf.name()); testRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, method.name()); testRunner.setProperty(EncryptContent.MODE, EncryptContent.DECRYPT_MODE); // Act testRunner.enqueue(Paths.get("src/test/resources/TestEncryptContent/unsalted_raw.enc")); testRunner.clearTransferState(); testRunner.run(); // Assert testRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1); testRunner.assertQueueEmpty(); MockFlowFile flowFile = testRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0); logger.info("Decrypted contents (hex): {}", Hex.encodeHexString(flowFile.toByteArray())); logger.info("Decrypted contents: {}", new String(flowFile.toByteArray(), "UTF-8")); // Assert flowFile.assertContentEquals(new File("src/test/resources/TestEncryptContent/plain.txt")); }
} else { // PBE final char[] passphrase = Normalizer.normalize(password, Normalizer.Form.NFC).toCharArray(); encryptor = new PasswordBasedEncryptor(encryptionMethod, passphrase, kdf);
@Test public void testShouldDecryptOpenSSLRawSalted() throws IOException { // Arrange Assume.assumeTrue("Test is being skipped due to this JVM lacking JCE Unlimited Strength Jurisdiction Policy file.", PasswordBasedEncryptor.supportsUnlimitedStrength()); final TestRunner testRunner = TestRunners.newTestRunner(new EncryptContent()); final String password = "thisIsABadPassword"; final EncryptionMethod method = EncryptionMethod.MD5_256AES; final KeyDerivationFunction kdf = KeyDerivationFunction.OPENSSL_EVP_BYTES_TO_KEY; testRunner.setProperty(EncryptContent.PASSWORD, password); testRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, kdf.name()); testRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, method.name()); testRunner.setProperty(EncryptContent.MODE, EncryptContent.DECRYPT_MODE); // Act testRunner.enqueue(Paths.get("src/test/resources/TestEncryptContent/salted_raw.enc")); testRunner.clearTransferState(); testRunner.run(); // Assert testRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1); testRunner.assertQueueEmpty(); MockFlowFile flowFile = testRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0); logger.info("Decrypted contents (hex): {}", Hex.encodeHexString(flowFile.toByteArray())); logger.info("Decrypted contents: {}", new String(flowFile.toByteArray(), "UTF-8")); // Assert flowFile.assertContentEquals(new File("src/test/resources/TestEncryptContent/plain.txt")); }
} else { // PBE final char[] passphrase = Normalizer.normalize(password, Normalizer.Form.NFC).toCharArray(); encryptor = new PasswordBasedEncryptor(encryptionMethod, passphrase, kdf);
private List<ValidationResult> validateKeyed(EncryptionMethod encryptionMethod, KeyDerivationFunction kdf, String keyHex) { List<ValidationResult> validationResults = new ArrayList<>(); boolean limitedStrengthCrypto = !PasswordBasedEncryptor.supportsUnlimitedStrength(); int allowedKeyLength = PasswordBasedEncryptor.getMaxAllowedKeyLength(ENCRYPTION_ALGORITHM.getName());
private List<ValidationResult> validatePBE(EncryptionMethod encryptionMethod, KeyDerivationFunction kdf, String password, boolean allowWeakCrypto) { List<ValidationResult> validationResults = new ArrayList<>(); boolean limitedStrengthCrypto = !PasswordBasedEncryptor.supportsUnlimitedStrength(); final int minimumSafePasswordLength = PasswordBasedEncryptor.getMinimumSafePasswordLength(); if (passwordBytesLength < minimumSafePasswordLength) { validationResults.add(new ValidationResult.Builder().subject(PASSWORD.getName())
pc = (MockProcessContext) runner.getProcessContext(); results = pc.validate(); if (!PasswordBasedEncryptor.supportsUnlimitedStrength()) { logger.info(results.toString()); Assert.assertEquals(1, results.size());
private List<ValidationResult> validateKeyed(EncryptionMethod encryptionMethod, KeyDerivationFunction kdf, String keyHex) { List<ValidationResult> validationResults = new ArrayList<>(); boolean limitedStrengthCrypto = !PasswordBasedEncryptor.supportsUnlimitedStrength(); int allowedKeyLength = PasswordBasedEncryptor.getMaxAllowedKeyLength(ENCRYPTION_ALGORITHM.getName());