vendor/github.com/aliyun/aliyun-oss-go-sdk/oss/crypto/master_alikms_cipher_test.go

   1 package osscrypto
   2
   3 import (
   4         crypto_rand "crypto/rand"
   5         "encoding/base64"
   6         "io"
   7         "math/rand"
   8         "time"
   9
  10         kms "github.com/aliyun/alibaba-cloud-sdk-go/services/kms"
  11         . "gopkg.in/check.v1"
  12 )
  13
  14 func (s *OssCryptoBucketSuite) TestKmsClient(c *C) {
  15         rand.Seed(time.Now().UnixNano())
  16         kmsClient, err := kms.NewClientWithAccessKey(kmsRegion, kmsAccessID, kmsAccessKey)
  17         c.Assert(err, IsNil)
  18
  19         // encrypte
  20         enReq := kms.CreateEncryptRequest()
  21         enReq.RpcRequest.Scheme = "https"
  22         enReq.RpcRequest.Method = "POST"
  23         enReq.RpcRequest.AcceptFormat = "json"
  24
  25         enReq.KeyId = kmsID
  26
  27         buff := make([]byte, 10)
  28         _, err = io.ReadFull(crypto_rand.Reader, buff)
  29         c.Assert(err, IsNil)
  30         enReq.Plaintext = base64.StdEncoding.EncodeToString(buff)
  31
  32         enResponse, err := kmsClient.Encrypt(enReq)
  33         c.Assert(err, IsNil)
  34
  35         // decrypte
  36         deReq := kms.CreateDecryptRequest()
  37         deReq.RpcRequest.Scheme = "https"
  38         deReq.RpcRequest.Method = "POST"
  39         deReq.RpcRequest.AcceptFormat = "json"
  40         deReq.CiphertextBlob = enResponse.CiphertextBlob
  41         deResponse, err := kmsClient.Decrypt(deReq)
  42         c.Assert(err, IsNil)
  43         c.Assert(deResponse.Plaintext, Equals, enReq.Plaintext)
  44 }
  45
  46 func (s *OssCryptoBucketSuite) TestMasterAliKmsCipherSuccess(c *C) {
  47
  48         kmsClient, err := kms.NewClientWithAccessKey(kmsRegion, kmsAccessID, kmsAccessKey)
  49         c.Assert(err, IsNil)
  50
  51         masterCipher, _ := CreateMasterAliKms(matDesc, kmsID, kmsClient)
  52
  53         var cd CipherData
  54         err = cd.RandomKeyIv(aesKeySize, ivSize)
  55         c.Assert(err, IsNil)
  56
  57         cd.WrapAlgorithm = masterCipher.GetWrapAlgorithm()
  58         cd.CEKAlgorithm = KmsAliCryptoWrap
  59         cd.MatDesc = masterCipher.GetMatDesc()
  60
  61         // EncryptedKey
  62         cd.EncryptedKey, err = masterCipher.Encrypt(cd.Key)
  63
  64         // EncryptedIV
  65         cd.EncryptedIV, err = masterCipher.Encrypt(cd.IV)
  66
  67         cloneData := cd.Clone()
  68
  69         cloneData.Key, _ = masterCipher.Decrypt(cloneData.EncryptedKey)
  70         cloneData.IV, _ = masterCipher.Decrypt(cloneData.EncryptedIV)
  71
  72         c.Assert(string(cd.Key), Equals, string(cloneData.Key))
  73         c.Assert(string(cd.IV), Equals, string(cloneData.IV))
  74
  75 }
  76
  77 func (s *OssCryptoBucketSuite) TestMasterAliKmsCipherError(c *C) {
  78         kmsClient, err := kms.NewClientWithAccessKey(kmsRegion, kmsAccessID, kmsAccessKey)
  79         c.Assert(err, IsNil)
  80
  81         masterCipher, _ := CreateMasterAliKms(matDesc, kmsID, kmsClient)
  82         v := masterCipher.(MasterAliKmsCipher)
  83         v.KmsID = ""
  84         _, err = v.Encrypt([]byte("hellow"))
  85         c.Assert(err, NotNil)
  86
  87         _, err = v.Decrypt([]byte("hellow"))
  88         c.Assert(err, NotNil)
  89 }