From a9af5d34651318f938a12461cb5524bca17cb750 Mon Sep 17 00:00:00 2001 From: exceptionfactory Date: Mon, 25 Oct 2021 22:12:15 -0500 Subject: [PATCH] NIFI-9332 Corrected SecureHasher conditional test methods - Removed GroovyTestCase super class - Replaced shouldFail() with assertThrows() Signed-off-by: Pierre Villard This closes #5481. --- .../util/crypto/Argon2SecureHasherTest.groovy | 34 ++++----------- .../util/crypto/BcryptSecureHasherTest.groovy | 30 +++---------- .../NiFiLegacyCipherProviderGroovyTest.groovy | 5 +-- .../util/crypto/PBKDF2SecureHasherTest.groovy | 43 +++---------------- .../util/crypto/ScryptSecureHasherTest.groovy | 43 +++---------------- 5 files changed, 28 insertions(+), 127 deletions(-) diff --git a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/Argon2SecureHasherTest.groovy b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/Argon2SecureHasherTest.groovy index 05ee9fb016..81d5cca024 100644 --- a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/Argon2SecureHasherTest.groovy +++ b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/Argon2SecureHasherTest.groovy @@ -19,7 +19,6 @@ package org.apache.nifi.security.util.crypto import org.bouncycastle.jce.provider.BouncyCastleProvider import org.bouncycastle.util.encoders.Hex import org.junit.jupiter.api.BeforeAll -import org.junit.jupiter.api.Disabled import org.junit.jupiter.api.Test import org.junit.jupiter.api.condition.EnabledIfSystemProperty import org.slf4j.Logger @@ -28,7 +27,9 @@ import org.slf4j.LoggerFactory import java.nio.charset.StandardCharsets import java.security.Security -class Argon2SecureHasherTest extends GroovyTestCase { +import static org.junit.jupiter.api.Assertions.assertThrows + +class Argon2SecureHasherTest { private static final Logger logger = LoggerFactory.getLogger(Argon2SecureHasherTest.class) @BeforeAll @@ -40,10 +41,6 @@ class Argon2SecureHasherTest extends GroovyTestCase { } } - private static byte[] decodeHex(String hex) { - Hex.decode(hex?.replaceAll("[^0-9a-fA-F]", "")) - } - @Test void testShouldBeDeterministicWithStaticSalt() { // Arrange @@ -179,27 +176,12 @@ class Argon2SecureHasherTest extends GroovyTestCase { final byte[] STATIC_SALT = "bad_sal".bytes // Act - def initializeMsg = shouldFail(IllegalArgumentException) { - Argon2SecureHasher invalidSaltLengthHasher = new Argon2SecureHasher(hashLength, memory, parallelism, iterations, 7) - } - logger.expected(initializeMsg) + assertThrows(IllegalArgumentException.class, { -> + new Argon2SecureHasher(hashLength, memory, parallelism, iterations, 7) }) - def arbitrarySaltRawMsg = shouldFail { - byte[] arbitrarySaltRaw = secureHasher.hashRaw(inputBytes, STATIC_SALT) - } - - def arbitrarySaltHexMsg = shouldFail { - byte[] arbitrarySaltHex = secureHasher.hashHex(input, new String(STATIC_SALT, StandardCharsets.UTF_8)) - } - - def arbitrarySaltBase64Msg = shouldFail { - byte[] arbitraySaltBase64 = secureHasher.hashBase64(input, new String(STATIC_SALT, StandardCharsets.UTF_8)) - } - - def results = [arbitrarySaltRawMsg, arbitrarySaltHexMsg, arbitrarySaltBase64Msg] - - // Assert - assert results.every { it =~ /The salt length \(7 bytes\) is invalid/ } + assertThrows(RuntimeException.class, { -> secureHasher.hashRaw(inputBytes, STATIC_SALT) }) + assertThrows(RuntimeException.class, { -> secureHasher.hashHex(input, new String(STATIC_SALT, StandardCharsets.UTF_8)) }) + assertThrows(RuntimeException.class, { -> secureHasher.hashBase64(input, new String(STATIC_SALT, StandardCharsets.UTF_8)) }) } @Test diff --git a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/BcryptSecureHasherTest.groovy b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/BcryptSecureHasherTest.groovy index 30dbb7257c..bd7dbd6d1a 100644 --- a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/BcryptSecureHasherTest.groovy +++ b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/BcryptSecureHasherTest.groovy @@ -19,7 +19,6 @@ package org.apache.nifi.security.util.crypto import at.favre.lib.crypto.bcrypt.Radix64Encoder import org.bouncycastle.util.encoders.Hex import org.junit.jupiter.api.BeforeAll -import org.junit.jupiter.api.Disabled import org.junit.jupiter.api.Test import org.junit.jupiter.api.condition.EnabledIfSystemProperty import org.slf4j.Logger @@ -27,7 +26,9 @@ import org.slf4j.LoggerFactory import java.nio.charset.StandardCharsets -class BcryptSecureHasherTest extends GroovyTestCase { +import static org.junit.jupiter.api.Assertions.assertThrows + +class BcryptSecureHasherTest { private static final Logger logger = LoggerFactory.getLogger(BcryptSecureHasher) @BeforeAll @@ -160,28 +161,11 @@ class BcryptSecureHasherTest extends GroovyTestCase { BcryptSecureHasher secureHasher = new BcryptSecureHasher(cost, 16) final byte[] STATIC_SALT = "bad_sal".bytes - // Act - def initializationMsg = shouldFail(IllegalArgumentException) { - BcryptSecureHasher invalidSaltLengthHasher = new BcryptSecureHasher(cost, 7) - } - logger.expected(initializationMsg) + assertThrows(IllegalArgumentException.class, { -> new BcryptSecureHasher(cost, 7) }) - def arbitrarySaltRawMsg = shouldFail { - byte[] arbitrarySaltHash = secureHasher.hashRaw(inputBytes, STATIC_SALT) - } - - def arbitrarySaltHexMsg = shouldFail { - byte[] arbitrarySaltHashHex = secureHasher.hashHex(input, new String(STATIC_SALT, StandardCharsets.UTF_8)) - } - - def arbitrarySaltBase64Msg = shouldFail { - byte[] arbitrarySaltBase64 = secureHasher.hashBase64(input, new String(STATIC_SALT, StandardCharsets.UTF_8)) - } - - def results = [arbitrarySaltRawMsg, arbitrarySaltHexMsg, arbitrarySaltBase64Msg] - - // Assert - assert results.every { it =~ /The salt length \(7 bytes\) is invalid/ } + assertThrows(RuntimeException.class, { -> secureHasher.hashRaw(inputBytes, STATIC_SALT) }) + assertThrows(RuntimeException.class, { -> secureHasher.hashHex(input, new String(STATIC_SALT, StandardCharsets.UTF_8)) }) + assertThrows(RuntimeException.class, { -> secureHasher.hashBase64(input, new String(STATIC_SALT, StandardCharsets.UTF_8)) }) } @Test diff --git a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/NiFiLegacyCipherProviderGroovyTest.groovy b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/NiFiLegacyCipherProviderGroovyTest.groovy index 47d6fa2287..525a4fae15 100644 --- a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/NiFiLegacyCipherProviderGroovyTest.groovy +++ b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/NiFiLegacyCipherProviderGroovyTest.groovy @@ -32,9 +32,6 @@ import javax.crypto.spec.PBEKeySpec import javax.crypto.spec.PBEParameterSpec import java.security.Security -import static org.junit.Assert.fail -import static org.junit.jupiter.api.Assumptions.assumeTrue - class NiFiLegacyCipherProviderGroovyTest { private static final Logger logger = LoggerFactory.getLogger(NiFiLegacyCipherProviderGroovyTest.class) @@ -66,7 +63,7 @@ class NiFiLegacyCipherProviderGroovyTest { return cipher } catch (Exception e) { logger.error("Error generating legacy cipher", e) - fail(e.getMessage()) + throw new RuntimeException(e) } return null diff --git a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/PBKDF2SecureHasherTest.groovy b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/PBKDF2SecureHasherTest.groovy index 8613d8b4e5..937e9bb27f 100644 --- a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/PBKDF2SecureHasherTest.groovy +++ b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/PBKDF2SecureHasherTest.groovy @@ -16,29 +16,15 @@ */ package org.apache.nifi.security.util.crypto -import org.bouncycastle.jce.provider.BouncyCastleProvider import org.bouncycastle.util.encoders.Hex -import org.junit.jupiter.api.BeforeAll -import org.junit.jupiter.api.Disabled import org.junit.jupiter.api.Test import org.junit.jupiter.api.condition.EnabledIfSystemProperty -import org.slf4j.Logger -import org.slf4j.LoggerFactory import java.nio.charset.StandardCharsets -import java.security.Security -class PBKDF2SecureHasherTest extends GroovyTestCase { - private static final Logger logger = LoggerFactory.getLogger(PBKDF2SecureHasherTest) +import static org.junit.jupiter.api.Assertions.assertThrows - @BeforeAll - static void setupOnce() throws Exception { - Security.addProvider(new BouncyCastleProvider()) - - logger.metaClass.methodMissing = { String name, args -> - logger.info("[${name?.toUpperCase()}] ${(args as List).join(" ")}") - } - } +class PBKDF2SecureHasherTest { @Test void testShouldBeDeterministicWithStaticSalt() { @@ -164,27 +150,10 @@ class PBKDF2SecureHasherTest extends GroovyTestCase { PBKDF2SecureHasher secureHasher = new PBKDF2SecureHasher(prf, cost, saltLength, dkLength) byte[] STATIC_SALT = "bad_sal".bytes - // Act - def initializeMsg = shouldFail(IllegalArgumentException) { - PBKDF2SecureHasher invalidSaltLengthHasher = new PBKDF2SecureHasher(prf, cost, 7, dkLength) - } - - def arbitrarySaltRawMsg = shouldFail { - byte[] arbitrarySaltRaw = secureHasher.hashRaw(inputBytes, STATIC_SALT) - } - - def arbitrarySaltHexMsg = shouldFail { - byte[] arbitrarySaltHex = secureHasher.hashHex(input, new String(STATIC_SALT, StandardCharsets.UTF_8)) - } - - def arbitrarySaltBase64Msg = shouldFail { - byte[] arbitrarySaltBase64 = secureHasher.hashBase64(input, new String(STATIC_SALT, StandardCharsets.UTF_8)) - } - - def results = [arbitrarySaltRawMsg, arbitrarySaltHexMsg, arbitrarySaltBase64Msg] - - // Assert - assert results.every { it =~ /The salt length \(7 bytes\) is invalid/ } + assertThrows(IllegalArgumentException.class, { -> new PBKDF2SecureHasher(prf, cost, 7, dkLength) }) + assertThrows(RuntimeException.class, { -> secureHasher.hashRaw(inputBytes, STATIC_SALT) }) + assertThrows(RuntimeException.class, { -> secureHasher.hashHex(input, new String(STATIC_SALT, StandardCharsets.UTF_8)) }) + assertThrows(RuntimeException.class, { -> secureHasher.hashBase64(input, new String(STATIC_SALT, StandardCharsets.UTF_8)) }) } @Test diff --git a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/ScryptSecureHasherTest.groovy b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/ScryptSecureHasherTest.groovy index 963fcae660..2beae0dc80 100644 --- a/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/ScryptSecureHasherTest.groovy +++ b/nifi-commons/nifi-security-utils/src/test/groovy/org/apache/nifi/security/util/crypto/ScryptSecureHasherTest.groovy @@ -16,29 +16,15 @@ */ package org.apache.nifi.security.util.crypto -import org.bouncycastle.jce.provider.BouncyCastleProvider import org.bouncycastle.util.encoders.Hex -import org.junit.jupiter.api.BeforeAll -import org.junit.jupiter.api.Disabled import org.junit.jupiter.api.Test import org.junit.jupiter.api.condition.EnabledIfSystemProperty -import org.slf4j.Logger -import org.slf4j.LoggerFactory import java.nio.charset.StandardCharsets -import java.security.Security -class ScryptSecureHasherTest extends GroovyTestCase { - private static final Logger logger = LoggerFactory.getLogger(ScryptSecureHasherTest) +import static org.junit.jupiter.api.Assertions.assertThrows - @BeforeAll - static void setupOnce() throws Exception { - Security.addProvider(new BouncyCastleProvider()) - - logger.metaClass.methodMissing = { String name, args -> - logger.info("[${name?.toUpperCase()}] ${(args as List).join(" ")}") - } - } +class ScryptSecureHasherTest { @Test void testShouldBeDeterministicWithStaticSalt() { @@ -167,27 +153,10 @@ class ScryptSecureHasherTest extends GroovyTestCase { ScryptSecureHasher secureHasher = new ScryptSecureHasher(n, r, p, dkLength, 16) final byte[] STATIC_SALT = "bad_sal".bytes - // Act - shouldFail(IllegalArgumentException) { - new ScryptSecureHasher(n, r, p, dkLength, 7) - } - - def arbitrarySaltRawMsg = shouldFail { - secureHasher.hashRaw(inputBytes, STATIC_SALT) - } - - def arbitrarySaltHexMsg = shouldFail { - secureHasher.hashHex(input, new String(STATIC_SALT, StandardCharsets.UTF_8)) - } - - def arbitrarySaltB64Msg = shouldFail { - secureHasher.hashBase64(input, new String(STATIC_SALT, StandardCharsets.UTF_8)) - } - - def results = [arbitrarySaltRawMsg, arbitrarySaltHexMsg, arbitrarySaltB64Msg] - - // Assert - assert results.every { it =~ /The salt length \(7 bytes\) is invalid/ } + assertThrows(IllegalArgumentException.class, { -> new ScryptSecureHasher(n, r, p, dkLength, 7) }) + assertThrows(RuntimeException.class, { -> secureHasher.hashRaw(inputBytes, STATIC_SALT) }) + assertThrows(RuntimeException.class, { -> secureHasher.hashHex(input, new String(STATIC_SALT, StandardCharsets.UTF_8)) }) + assertThrows(RuntimeException.class, { -> secureHasher.hashBase64(input, new String(STATIC_SALT, StandardCharsets.UTF_8)) }) } @Test