tests, cleanup

Author: lucasmcdonald3

pom.xml

@@ -149,8 +149,8 @@
                 <artifactId>maven-compiler-plugin</artifactId>
                 <version>3.10.1</version>
                 <configuration>
-                    <source>8</source>
-                    <target>8</target>
+                    <source>1.8</source>
+                    <target>1.8</target>
                 </configuration>
             </plugin>
 

src/main/java/com/amazonaws/encryptionsdk/CMMHandler.java

@@ -84,10 +84,10 @@ public DecryptionMaterialsHandler decryptMaterials(
         // But custom CMMs' behavior was not updated.
         // However, there is no custom CMM before version 3.0 that could set an encryptionContext attribute.
         // The encryptionContext attribute was only introduced to decryptMaterials objects
-        // in ESDK 3.0, so no CMM could have set this attribute before 3.0.
-        // As a result, the ESDK assumes that any legacy native CMM
+        // in ESDK 3.0, so no CMM could have configured this attribute before 3.0.
+        // As a result, the ESDK assumes that any native CMM
         // that does not add encryptionContext to its decryptMaterials
-        // SHOULD add encryptionContext to its decryptMaterials.
+        // SHOULD add encryptionContext to its decryptMaterials,
         //
         // If a custom CMM implementation conflicts with this assumption.
         // that CMM implementation MUST move to the MPL.

src/test/java/com/amazonaws/encryptionsdk/AllTestsSuite.java

@@ -13,6 +13,7 @@
 import com.amazonaws.crypto.examples.keyrings.SetEncryptionAlgorithmKeyringExampleTest;
 import com.amazonaws.crypto.examples.v2.BasicEncryptionExampleTest;
 import com.amazonaws.crypto.examples.v2.BasicMultiRegionKeyEncryptionExampleTest;
+import com.amazonaws.crypto.examples.v2.CustomCMMExampleTest;
 import com.amazonaws.crypto.examples.v2.DiscoveryDecryptionExampleTest;
 import com.amazonaws.crypto.examples.v2.DiscoveryMultiRegionDecryptionExampleTest;
 import com.amazonaws.crypto.examples.v2.MultipleCmkEncryptExampleTest;
@@ -80,8 +81,6 @@
   AwsCryptoTest.class,
   CryptoInputStreamTest.class,
   CryptoOutputStreamTest.class,
-  TestVectorRunner.class,
-  TestVectorGenerator.class,
   XCompatDecryptTest.class,
   DefaultCryptoMaterialsManagerTest.class,
   NullCryptoMaterialsCacheTest.class,
@@ -102,6 +101,7 @@
   CommitmentKATRunner.class,
   BasicEncryptionExampleTest.class,
   BasicMultiRegionKeyEncryptionExampleTest.class,
+  CustomCMMExampleTest.class,
   DiscoveryDecryptionExampleTest.class,
   DiscoveryMultiRegionDecryptionExampleTest.class,
   MultipleCmkEncryptExampleTest.class,

src/test/java/com/amazonaws/encryptionsdk/CMMHandlerTest.java

@@ -0,0 +1,138 @@
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package com.amazonaws.encryptionsdk;
+
+import com.amazonaws.encryptionsdk.model.DecryptionMaterials;
+import com.amazonaws.encryptionsdk.model.DecryptionMaterialsHandler;
+import com.amazonaws.encryptionsdk.model.DecryptionMaterialsRequest;
+import com.amazonaws.encryptionsdk.model.KeyBlob;
+import org.junit.Test;
+
+import java.security.PublicKey;
+import java.util.*;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class CMMHandlerTest {
+
+  //
+  private static final CryptoAlgorithm SOME_CRYPTO_ALGORITHM = CryptoAlgorithm.ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384;
+  private static final List<KeyBlob> SOME_EDK_LIST = new ArrayList<>(Collections.singletonList(new KeyBlob()));
+  private static final CommitmentPolicy SOME_COMMITMENT_POLICY = CommitmentPolicy.RequireEncryptRequireDecrypt;
+  private static final Map<String, String> SOME_NON_EMPTY_ENCRYPTION_CONTEXT = new HashMap<>();
+
+  static {{
+    SOME_NON_EMPTY_ENCRYPTION_CONTEXT.put("SomeKey", "SomeValue");
+  }}
+
+  private static final DecryptionMaterialsRequest SOME_DECRYPTION_MATERIALS_REQUEST_NON_EMPTY_EC =
+          DecryptionMaterialsRequest.newBuilder()
+                  .setAlgorithm(SOME_CRYPTO_ALGORITHM)
+                  // Given: Request has some non-empty encryption context
+                  .setEncryptionContext(SOME_NON_EMPTY_ENCRYPTION_CONTEXT)
+                  .setReproducedEncryptionContext(new HashMap<>())
+                  .setEncryptedDataKeys(SOME_EDK_LIST)
+                  .build();
+
+  private static final DecryptionMaterialsRequest SOME_DECRYPTION_MATERIALS_REQUEST_EMPTY_EC =
+          DecryptionMaterialsRequest.newBuilder()
+                  .setAlgorithm(SOME_CRYPTO_ALGORITHM)
+                  // Given: Request has empty encryption context
+                  .setEncryptionContext(new HashMap<>())
+                  .setReproducedEncryptionContext(new HashMap<>())
+                  .setEncryptedDataKeys(SOME_EDK_LIST)
+                  .build();
+
+  @Test
+  public void GIVEN_CMM_does_not_add_encryption_context_AND_request_has_nonempty_encryption_context_WHEN_decryptMaterials_THEN_output_has_nonempty_encryption_context() {
+    CryptoMaterialsManager anyNativeCMM = mock(CryptoMaterialsManager.class);
+
+    // Given: native CMM does not set an encryptionContext on returned DecryptionMaterials objects
+    DecryptionMaterials someDecryptionMaterialsWithoutEC = DecryptionMaterials.newBuilder()
+          .setDataKey(mock(DataKey.class))
+          .setTrailingSignatureKey(mock(PublicKey.class))
+          .setEncryptionContext(new HashMap<>()).build();
+    // Given: request with nonempty encryption context
+    when(anyNativeCMM.decryptMaterials(SOME_DECRYPTION_MATERIALS_REQUEST_NON_EMPTY_EC))
+          .thenReturn(someDecryptionMaterialsWithoutEC);
+
+    // When: decryptMaterials
+    CMMHandler handlerUnderTest = new CMMHandler(anyNativeCMM);
+    DecryptionMaterialsHandler output = handlerUnderTest.decryptMaterials(SOME_DECRYPTION_MATERIALS_REQUEST_NON_EMPTY_EC,
+          SOME_COMMITMENT_POLICY);
+
+    // Then: output DecryptionMaterialsHandler has encryption context
+    assertEquals(SOME_NON_EMPTY_ENCRYPTION_CONTEXT, output.getEncryptionContext());
+  }
+
+  @Test
+  public void GIVEN_CMM_does_not_add_encryption_context_AND_request_has_empty_encryption_context_WHEN_decryptMaterials_THEN_output_has_empty_encryption_context() {
+    CryptoMaterialsManager anyNativeCMM = mock(CryptoMaterialsManager.class);
+
+    // Given: native CMM does not set an encryptionContext on returned DecryptionMaterials objects
+    DecryptionMaterials someDecryptionMaterialsWithoutEC = DecryptionMaterials.newBuilder()
+            .setDataKey(mock(DataKey.class))
+            .setTrailingSignatureKey(mock(PublicKey.class))
+            .setEncryptionContext(new HashMap<>()).build();
+    // Given: request with empty encryption context
+    when(anyNativeCMM.decryptMaterials(SOME_DECRYPTION_MATERIALS_REQUEST_EMPTY_EC))
+            .thenReturn(someDecryptionMaterialsWithoutEC);
+
+    // When: decryptMaterials
+    CMMHandler handlerUnderTest = new CMMHandler(anyNativeCMM);
+    DecryptionMaterialsHandler output = handlerUnderTest.decryptMaterials(SOME_DECRYPTION_MATERIALS_REQUEST_EMPTY_EC,
+            SOME_COMMITMENT_POLICY);
+
+    // Then: output DecryptionMaterialsHandler has empty encryption context
+    assertTrue(output.getEncryptionContext().isEmpty());
+  }
+
+  @Test
+  public void GIVEN_CMM_adds_encryption_context_AND_request_has_nonempty_encryption_context_WHEN_decryptMaterials_THEN_output_has_nonempty_encryption_context() {
+    CryptoMaterialsManager anyNativeCMM = mock(CryptoMaterialsManager.class);
+
+    // Given: native CMM sets encryptionContext on returned DecryptionMaterials objects
+    DecryptionMaterials someDecryptionMaterialsWithoutEC = DecryptionMaterials.newBuilder()
+            .setDataKey(mock(DataKey.class))
+            .setTrailingSignatureKey(mock(PublicKey.class))
+            .setEncryptionContext(SOME_NON_EMPTY_ENCRYPTION_CONTEXT).build();
+    // Given: request with nonempty encryption context
+    when(anyNativeCMM.decryptMaterials(SOME_DECRYPTION_MATERIALS_REQUEST_NON_EMPTY_EC))
+            .thenReturn(someDecryptionMaterialsWithoutEC);
+
+    // When: decryptMaterials
+    CMMHandler handlerUnderTest = new CMMHandler(anyNativeCMM);
+    DecryptionMaterialsHandler output = handlerUnderTest.decryptMaterials(SOME_DECRYPTION_MATERIALS_REQUEST_NON_EMPTY_EC,
+            SOME_COMMITMENT_POLICY);
+
+    // Then: output DecryptionMaterialsHandler has nonempty encryption context
+    assertEquals(SOME_NON_EMPTY_ENCRYPTION_CONTEXT, output.getEncryptionContext());
+  }
+
+  @Test
+  public void GIVEN_CMM_adds_encryption_context_AND_request_has_empty_encryption_context_WHEN_decryptMaterials_THEN_output_has_empty_encryption_context() {
+    CryptoMaterialsManager anyNativeCMM = mock(CryptoMaterialsManager.class);
+
+    // Given: native CMM sets encryptionContext on returned DecryptionMaterials objects
+    DecryptionMaterials someDecryptionMaterialsWithoutEC = DecryptionMaterials.newBuilder()
+            .setDataKey(mock(DataKey.class))
+            .setTrailingSignatureKey(mock(PublicKey.class))
+            .setEncryptionContext(new HashMap<>()).build();
+    // Given: request with empty encryption context
+    when(anyNativeCMM.decryptMaterials(SOME_DECRYPTION_MATERIALS_REQUEST_EMPTY_EC))
+            .thenReturn(someDecryptionMaterialsWithoutEC);
+
+    // When: decryptMaterials
+    CMMHandler handlerUnderTest = new CMMHandler(anyNativeCMM);
+    DecryptionMaterialsHandler output = handlerUnderTest.decryptMaterials(SOME_DECRYPTION_MATERIALS_REQUEST_EMPTY_EC,
+            SOME_COMMITMENT_POLICY);
+
+    // Then: output DecryptionMaterialsHandler has empty encryption context
+    assertTrue(output.getEncryptionContext().isEmpty());
+  }
+
+}