NIFI-8465 Handle bcrypt legacy decrypt failures in testing

This closes #5029 Signed-off-by: David Handermann <exceptionfactory@apache.org>
2021-04-26 11:05:02 -04:00 · 2021-04-26 11:05:02 -04:00 · 835f50c83a
parent 9f45b48866
commit 835f50c83a
1 changed files with 12 additions and 1 deletions
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/security/util/crypto/PasswordBasedEncryptorGroovyTest.groovy
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/security/util/crypto/PasswordBasedEncryptorGroovyTest.groovy
@ -442,7 +442,18 @@ class PasswordBasedEncryptorGroovyTest {
        String recovered = new String(recoveredBytes, StandardCharsets.UTF_8)
        logger.info("Plaintext (${recoveredBytes.size()}): ${recovered}")

-        assert recovered == PLAINTEXT
+        // handle reader logic error (PKCS7 padding false positive) by explicitly testing legacy key derivation
+        if (PLAINTEXT != recovered) {
+            logger.warn("Explicit test of legacy key derivation logic.")
+            InputStream inputStreamLegacy = new ByteArrayInputStream(cipherBytes)
+            OutputStream outputStreamLegacy = new ByteArrayOutputStream()
+            byte[] salt = bcryptCipherProvider.readSalt(inputStreamLegacy)
+            byte[] iv = bcryptCipherProvider.readIV(inputStreamLegacy)
+            Cipher cipherLegacy = bcryptCipherProvider.getLegacyDecryptCipher(encryptionMethod, PASSWORD, salt, iv, keyLength)
+            CipherUtility.processStreams(cipherLegacy, inputStreamLegacy, outputStreamLegacy)
+            String recoveredLegacy = new String(outputStreamLegacy.toByteArray(), StandardCharsets.UTF_8)
+            assert recoveredLegacy == PLAINTEXT
+        }
    }

    /**