Skip tests when AesBytesEncryptor can't be created in CBC or GCM mode. (#3816)

Tests would fail in cases where JCE unlimited strength was available but GCM wasn't, like on JDK7.
2016-04-14 16:21:20 -04:00 · 2016-04-14 16:21:20 -04:00 · 40208127e8
parent 59db9413aa
commit 40208127e8
1 changed files with 23 additions and 8 deletions
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTest.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTest.java
@ -15,12 +15,17 @@
 */
 package org.springframework.security.crypto.encrypt;

+import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Random;
 import java.util.UUID;

+import javax.crypto.Cipher;
+import javax.crypto.NoSuchPaddingException;
+
 import org.junit.Assert;
 import org.junit.Assume;
+import org.junit.AssumptionViolatedException;
 import org.junit.Before;
 import org.junit.Test;
 import org.springframework.security.crypto.codec.Hex;
@ -36,10 +41,6 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTest {

 	@Before
 	public void setup() {
-		Assume.assumeTrue(
-				"couldn't create AesBytesEncryptor, is JCE unlimited strength enabled?",
-				isAes256Available());
-
 		// generate random password, salt, and test data
 		SecureRandom secureRandom = new SecureRandom();
 		password = UUID.randomUUID().toString();
@ -52,6 +53,7 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTest {

 	@Test
 	public void bouncyCastleAesCbcWithPredictableIvEquvalent() throws Exception {
+		assumeAes256Available(CipherAlgorithm.CBC);
 		BytesEncryptor bcEncryptor = new BouncyCastleAesCbcBytesEncryptor(password, salt,
 				new PredictableRandomBytesKeyGenerator(16));
 		BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt,
@ -61,6 +63,7 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTest {

 	@Test
 	public void bouncyCastleAesCbcWithSecureIvCompatible() throws Exception {
+		assumeAes256Available(CipherAlgorithm.CBC);
 		BytesEncryptor bcEncryptor = new BouncyCastleAesCbcBytesEncryptor(password, salt,
 				KeyGenerators.secureRandom(16));
 		BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt,
@ -70,6 +73,7 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTest {

 	@Test
 	public void bouncyCastleAesGcmWithPredictableIvEquvalent() throws Exception {
+		assumeAes256Available(CipherAlgorithm.GCM);
 		BytesEncryptor bcEncryptor = new BouncyCastleAesGcmBytesEncryptor(password, salt,
 				new PredictableRandomBytesKeyGenerator(16));
 		BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt,
@ -79,6 +83,7 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTest {

 	@Test
 	public void bouncyCastleAesGcmWithSecureIvCompatible() throws Exception {
+		assumeAes256Available(CipherAlgorithm.GCM);
 		BytesEncryptor bcEncryptor = new BouncyCastleAesGcmBytesEncryptor(password, salt,
 				KeyGenerators.secureRandom(16));
 		BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt,
@ -111,13 +116,23 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTest {
 		Assert.assertArrayEquals(testData, rightDecrypted);
 	}

-	private boolean isAes256Available() {
+	private void assumeAes256Available(CipherAlgorithm cipherAlgorithm) {
+		boolean aes256Available = false;
 		try {
-			return javax.crypto.Cipher.getMaxAllowedKeyLength("AES") >= 256;
+			Cipher.getInstance(cipherAlgorithm.toString());
+			aes256Available = Cipher.getMaxAllowedKeyLength("AES") >= 256;
 		}
-		catch (Exception e) {
-			return false;
+		catch (NoSuchAlgorithmException e) {
+			throw new AssumptionViolatedException(
+					cipherAlgorithm + " not available, skipping test", e);
 		}
+		catch (NoSuchPaddingException e) {
+			throw new AssumptionViolatedException(
+					cipherAlgorithm + " padding not available, skipping test", e);
+		}
+		Assume.assumeTrue(
+				"AES key length of 256 not allowed, skipping test",
+				aes256Available);

 	}