From 40208127e82eb90b2651c7112ab8f144d0118e44 Mon Sep 17 00:00:00 2001
From: Will Tran <wtran@pivotal.io>
Date: Thu, 14 Apr 2016 16:21:20 -0400
Subject: [PATCH] Skip tests when AesBytesEncryptor can't be created in CBC or
 GCM mode. (#3816)

Tests would fail in cases where JCE unlimited strength was available but
GCM wasn't, like on JDK7.
---
 ...astleAesBytesEncryptorEquivalencyTest.java | 31 ++++++++++++++-----
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTest.java b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTest.java
index 94c2649b8b..22f2cdd1ad 100644
--- a/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTest.java
+++ b/crypto/src/test/java/org/springframework/security/crypto/encrypt/BouncyCastleAesBytesEncryptorEquivalencyTest.java
@@ -15,12 +15,17 @@
  */
 package org.springframework.security.crypto.encrypt;
 
+import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Random;
 import java.util.UUID;
 
+import javax.crypto.Cipher;
+import javax.crypto.NoSuchPaddingException;
+
 import org.junit.Assert;
 import org.junit.Assume;
+import org.junit.AssumptionViolatedException;
 import org.junit.Before;
 import org.junit.Test;
 import org.springframework.security.crypto.codec.Hex;
@@ -36,10 +41,6 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTest {
 
 	@Before
 	public void setup() {
-		Assume.assumeTrue(
-				"couldn't create AesBytesEncryptor, is JCE unlimited strength enabled?",
-				isAes256Available());
-
 		// generate random password, salt, and test data
 		SecureRandom secureRandom = new SecureRandom();
 		password = UUID.randomUUID().toString();
@@ -52,6 +53,7 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTest {
 
 	@Test
 	public void bouncyCastleAesCbcWithPredictableIvEquvalent() throws Exception {
+		assumeAes256Available(CipherAlgorithm.CBC);
 		BytesEncryptor bcEncryptor = new BouncyCastleAesCbcBytesEncryptor(password, salt,
 				new PredictableRandomBytesKeyGenerator(16));
 		BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt,
@@ -61,6 +63,7 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTest {
 
 	@Test
 	public void bouncyCastleAesCbcWithSecureIvCompatible() throws Exception {
+		assumeAes256Available(CipherAlgorithm.CBC);
 		BytesEncryptor bcEncryptor = new BouncyCastleAesCbcBytesEncryptor(password, salt,
 				KeyGenerators.secureRandom(16));
 		BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt,
@@ -70,6 +73,7 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTest {
 
 	@Test
 	public void bouncyCastleAesGcmWithPredictableIvEquvalent() throws Exception {
+		assumeAes256Available(CipherAlgorithm.GCM);
 		BytesEncryptor bcEncryptor = new BouncyCastleAesGcmBytesEncryptor(password, salt,
 				new PredictableRandomBytesKeyGenerator(16));
 		BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt,
@@ -79,6 +83,7 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTest {
 
 	@Test
 	public void bouncyCastleAesGcmWithSecureIvCompatible() throws Exception {
+		assumeAes256Available(CipherAlgorithm.GCM);
 		BytesEncryptor bcEncryptor = new BouncyCastleAesGcmBytesEncryptor(password, salt,
 				KeyGenerators.secureRandom(16));
 		BytesEncryptor jceEncryptor = new AesBytesEncryptor(password, salt,
@@ -111,13 +116,23 @@ public class BouncyCastleAesBytesEncryptorEquivalencyTest {
 		Assert.assertArrayEquals(testData, rightDecrypted);
 	}
 
-	private boolean isAes256Available() {
+	private void assumeAes256Available(CipherAlgorithm cipherAlgorithm) {
+		boolean aes256Available = false;
 		try {
-			return javax.crypto.Cipher.getMaxAllowedKeyLength("AES") >= 256;
+			Cipher.getInstance(cipherAlgorithm.toString());
+			aes256Available = Cipher.getMaxAllowedKeyLength("AES") >= 256;
 		}
-		catch (Exception e) {
-			return false;
+		catch (NoSuchAlgorithmException e) {
+			throw new AssumptionViolatedException(
+					cipherAlgorithm + " not available, skipping test", e);
 		}
+		catch (NoSuchPaddingException e) {
+			throw new AssumptionViolatedException(
+					cipherAlgorithm + " padding not available, skipping test", e);
+		}
+		Assume.assumeTrue(
+				"AES key length of 256 not allowed, skipping test",
+				aes256Available);
 
 	}