Add DirectKmsMaterialProviderTest and MetaStoreTests

Add the internal tests for ExtraDataSupplier in MetaStore

Author: johnwalker

src/test/java/com/amazonaws/services/dynamodbv2/datamodeling/encryption/providers/DirectKmsMaterialProviderTest.java

@@ -20,6 +20,8 @@
 import com.amazonaws.services.dynamodbv2.model.AttributeValue;
 import com.amazonaws.services.dynamodbv2.testing.FakeKMS;
 import com.amazonaws.services.kms.AWSKMS;
+import com.amazonaws.services.kms.model.DecryptRequest;
+import com.amazonaws.services.kms.model.DecryptResult;
 import com.amazonaws.services.kms.model.GenerateDataKeyRequest;
 import com.amazonaws.services.kms.model.GenerateDataKeyResult;
 import com.amazonaws.util.Base64;
@@ -50,7 +52,7 @@ public class DirectKmsMaterialProviderTest {
 
     @BeforeMethod
     public void setUp() {
-        description = new HashMap<String, String>();
+        description = new HashMap<>();
         description.put("TestKey", "test value");
         description = Collections.unmodifiableMap(description);
         ctx = new EncryptionContext.Builder().build();
@@ -87,7 +89,7 @@ public void simple() throws GeneralSecurityException {
     public void simpleWithKmsEc() throws GeneralSecurityException {
         DirectKmsMaterialProvider prov = new DirectKmsMaterialProvider(kms, keyId);
 
-        Map<String, AttributeValue> attrVals = new HashMap<String, AttributeValue>();
+        Map<String, AttributeValue> attrVals = new HashMap<>();
         attrVals.put("hk", new AttributeValue("HashKeyValue"));
         attrVals.put("rk", new AttributeValue("RangeKeyValue"));
 
@@ -116,7 +118,7 @@ public void simpleWithKmsEc() throws GeneralSecurityException {
     public void simpleWithKmsEc2() throws GeneralSecurityException {
         DirectKmsMaterialProvider prov = new DirectKmsMaterialProvider(kms, keyId);
 
-        Map<String, AttributeValue> attrVals = new HashMap<String, AttributeValue>();
+        Map<String, AttributeValue> attrVals = new HashMap<>();
         attrVals.put("hk", new AttributeValue().withN("10"));
         attrVals.put("rk", new AttributeValue().withN("20"));
 
@@ -145,7 +147,7 @@ public void simpleWithKmsEc2() throws GeneralSecurityException {
     public void simpleWithKmsEc3() throws GeneralSecurityException {
         DirectKmsMaterialProvider prov = new DirectKmsMaterialProvider(kms, keyId);
 
-        Map<String, AttributeValue> attrVals = new HashMap<String, AttributeValue>();
+        Map<String, AttributeValue> attrVals = new HashMap<>();
         attrVals.put("hk",
                 new AttributeValue().withB(ByteBuffer.wrap("Foo".getBytes(StandardCharsets.UTF_8))));
         attrVals.put("rk",
@@ -198,7 +200,7 @@ public void testRefresh() {
 
     @Test
     public void explicitContentKeyAlgorithm() throws GeneralSecurityException {
-        Map<String, String> desc = new HashMap<String, String>();
+        Map<String, String> desc = new HashMap<>();
         desc.put(WrappedRawMaterials.CONTENT_KEY_ALGORITHM, "AES");
 
         DirectKmsMaterialProvider prov = new DirectKmsMaterialProvider(kms, keyId, desc);
@@ -215,7 +217,7 @@ public void explicitContentKeyAlgorithm() throws GeneralSecurityException {
 
     @Test
     public void explicitContentKeyLength128() throws GeneralSecurityException {
-        Map<String, String> desc = new HashMap<String, String>();
+        Map<String, String> desc = new HashMap<>();
         desc.put(WrappedRawMaterials.CONTENT_KEY_ALGORITHM, "AES/128");
 
         DirectKmsMaterialProvider prov = new DirectKmsMaterialProvider(kms, keyId, desc);
@@ -234,7 +236,7 @@ public void explicitContentKeyLength128() throws GeneralSecurityException {
 
     @Test
     public void explicitContentKeyLength256() throws GeneralSecurityException {
-        Map<String, String> desc = new HashMap<String, String>();
+        Map<String, String> desc = new HashMap<>();
         desc.put(WrappedRawMaterials.CONTENT_KEY_ALGORITHM, "AES/256");
 
         DirectKmsMaterialProvider prov = new DirectKmsMaterialProvider(kms, keyId, desc);
@@ -336,7 +338,7 @@ public GenerateDataKeyResult generateDataKey(GenerateDataKeyRequest r) {
     }
 
     private static class ExtendedKmsMaterialProvider extends DirectKmsMaterialProvider {
-        protected final String encryptionKeyIdAttributeName;
+        private final String encryptionKeyIdAttributeName;
 
         public ExtendedKmsMaterialProvider(AWSKMS kms, String encryptionKeyId, String encryptionKeyIdAttributeName) {
             super(kms, encryptionKeyId);
@@ -365,6 +367,16 @@ protected void validateEncryptionKeyId(String encryptionKeyId, EncryptionContext
                 throw new DynamoDBMappingException("encryption key ids do not match.");
             }
         }
+
+        @Override
+        protected DecryptResult decrypt(DecryptRequest request, EncryptionContext context) {
+            return super.decrypt(request, context);
+        }
+
+        @Override
+        protected GenerateDataKeyResult generateDataKey(GenerateDataKeyRequest request, EncryptionContext context) {
+            return super.generateDataKey(request, context);
+        }
     }
 
     private static EncryptionContext ctx(EncryptionMaterials mat) {

src/test/java/com/amazonaws/services/dynamodbv2/datamodeling/encryption/providers/store/MetaStoreTests.java

@@ -21,6 +21,7 @@
 import com.amazonaws.services.dynamodbv2.datamodeling.encryption.providers.EncryptionMaterialsProvider;
 import com.amazonaws.services.dynamodbv2.datamodeling.encryption.providers.SymmetricStaticProvider;
 import com.amazonaws.services.dynamodbv2.local.embedded.DynamoDBEmbedded;
+import com.amazonaws.services.dynamodbv2.model.AttributeValue;
 import com.amazonaws.services.dynamodbv2.model.ProvisionedThroughput;
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.Test;
@@ -31,6 +32,10 @@
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.lang.reflect.Proxy;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
 
 import static org.testng.AssertJUnit.assertEquals;
 import static org.testng.AssertJUnit.assertNotNull;
@@ -59,6 +64,28 @@ public class MetaStoreTests {
     private MetaStore targetStore;
     private EncryptionContext ctx;
 
+    private static class TestExtraDataSupplier implements MetaStore.ExtraDataSupplier {
+
+        private final Map<String, AttributeValue> attributeValueMap;
+        private final Set<String> signedOnlyFieldNames;
+
+        public TestExtraDataSupplier(final Map<String, AttributeValue> attributeValueMap,
+                                     final Set<String> signedOnlyFieldNames) {
+            this.attributeValueMap = attributeValueMap;
+            this.signedOnlyFieldNames = signedOnlyFieldNames;
+        }
+
+        @Override
+        public Map<String, AttributeValue> getAttributes(String materialName, long version) {
+            return this.attributeValueMap;
+        }
+
+        @Override
+        public Set<String> getSignedOnlyFieldNames() {
+            return this.signedOnlyFieldNames;
+        }
+    }
+
     @BeforeMethod
     public void setup() {
         client = synchronize(DynamoDBEmbedded.create(), AmazonDynamoDB.class);
@@ -181,6 +208,34 @@ public void getOrCreateCollision() {
         assertEquals(eMat.getSigningKey(), dMat.getVerificationKey());
     }
 
+    @Test
+    public void getOrCreateWithContextSupplier() {
+        final Map<String, AttributeValue> attributeValueMap = new HashMap<>();
+        attributeValueMap.put("CustomKeyId", new AttributeValue().withS("testCustomKeyId"));
+        attributeValueMap.put("KeyToken", new AttributeValue().withS("testKeyToken"));
+
+        final Set<String> signedOnlyAttributes = new HashSet<>();
+        signedOnlyAttributes.add("CustomKeyId");
+
+        final TestExtraDataSupplier extraDataSupplier = new TestExtraDataSupplier(
+                attributeValueMap, signedOnlyAttributes);
+
+        final MetaStore metaStore = new MetaStore(client, SOURCE_TABLE_NAME, ENCRYPTOR, extraDataSupplier);
+
+        assertEquals(-1, metaStore.getMaxVersion(MATERIAL_NAME));
+        final EncryptionMaterialsProvider prov1 = metaStore.getOrCreate(MATERIAL_NAME, 0);
+        assertEquals(0, metaStore.getMaxVersion(MATERIAL_NAME));
+        final EncryptionMaterialsProvider prov2 = metaStore.getOrCreate(MATERIAL_NAME, 0);
+
+        final EncryptionMaterials eMat = prov1.getEncryptionMaterials(ctx);
+        final SecretKey encryptionKey = eMat.getEncryptionKey();
+        assertNotNull(encryptionKey);
+
+        final DecryptionMaterials dMat = prov2.getDecryptionMaterials(ctx(eMat));
+        assertEquals(encryptionKey, dMat.getDecryptionKey());
+        assertEquals(eMat.getSigningKey(), dMat.getVerificationKey());
+    }
+
     @Test
     public void replicateIntermediateKeysTest() {
         assertEquals(-1, store.getMaxVersion(MATERIAL_NAME));
@@ -231,6 +286,20 @@ public void invalidVersion() {
         store.getProvider(MATERIAL_NAME, 1000);
     }
 
+    @Test(expected = IllegalArgumentException.class)
+    public void invalidSignedOnlyField() {
+        final Map<String, AttributeValue> attributeValueMap = new HashMap<>();
+        attributeValueMap.put("enc", new AttributeValue().withS("testEncryptionKey"));
+
+        final Set<String> signedOnlyAttributes = new HashSet<>();
+        signedOnlyAttributes.add("enc");
+
+        final TestExtraDataSupplier extraDataSupplier = new TestExtraDataSupplier(
+                attributeValueMap, signedOnlyAttributes);
+
+        new MetaStore(client, SOURCE_TABLE_NAME, ENCRYPTOR, extraDataSupplier);
+    }
+
     private static EncryptionContext ctx(final EncryptionMaterials mat) {
         return new EncryptionContext.Builder()
                 .withMaterialDescription(mat.getMaterialDescription()).build();