Provide an empty VaultTransitContext.

Provide VaultTransitContext.empty() to create an empty VaultTransitContext for encryption/decryption of binary plaintext without requiring to use VaultTransitContext builder.

Closes gh-54.
This commit is contained in:
Mark Paluch
2017-02-16 15:42:50 +01:00
parent 5078a4c133
commit feb12c517c
2 changed files with 44 additions and 16 deletions

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2016 the original author or authors.
* Copyright 2016-2017 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -22,6 +22,12 @@ package org.springframework.vault.support;
*/
public class VaultTransitContext {
/**
* Empty (default) {@link VaultTransitContext} without a {@literal context} and
* {@literal nonce}.
*/
private static final VaultTransitContext EMPTY = new VaultTransitContext(null, null);
private final byte[] context;
private final byte[] nonce;
@@ -38,6 +44,13 @@ public class VaultTransitContext {
return new VaultTransitRequestBuilder();
}
/**
* @return an empty {@link VaultTransitContext}.
*/
public static VaultTransitContext empty() {
return EMPTY;
}
/**
* @return the key derivation context.
*/
@@ -66,7 +79,7 @@ public class VaultTransitContext {
/**
* Configure a key derivation context for the {@code transit} operation.
*
*
* @param context key derivation context, provided as a binary data. Must be
* provided if derivation is enabled.
* @return {@code this} {@link VaultTransitRequestBuilder}.
@@ -80,7 +93,7 @@ public class VaultTransitContext {
* Configure the nonce value for a {@code transit} operation. Must be provided if
* convergent encryption is enabled for this key and the key was generated with
* Vault 0.6.1. Not required for keys created in 0.6.2+.
*
*
* @param nonce value must be exactly 96 bits (12 bytes) long and the user must
* ensure that for any given context (and thus, any given encryption key) this
* nonce value is never reused

View File

@@ -48,7 +48,7 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport
private VaultTransitOperations transitOperations;
@Before
public void before() throws Exception {
public void before() {
transitOperations = vaultOperations.opsForTransit();
if (!vaultOperations.opsForSys().getMounts().containsKey("transit/")) {
@@ -70,7 +70,7 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport
}
@Test
public void createKeyShouldCreateKey() throws Exception {
public void createKeyShouldCreateKey() {
transitOperations.createKey("mykey");
@@ -86,7 +86,7 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport
}
@Test
public void createKeyShouldCreateKeyWithOptions() throws Exception {
public void createKeyShouldCreateKeyWithOptions() {
VaultTransitKeyCreationRequest request = VaultTransitKeyCreationRequest.builder() //
.convergentEncryption(true) //
@@ -105,14 +105,14 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport
}
@Test
public void getKeyShouldReturnNullIfKeyNotExists() throws Exception {
public void getKeyShouldReturnNullIfKeyNotExists() {
VaultTransitKey key = transitOperations.getKey("hello-world");
assertThat(key).isNull();
}
@Test
public void deleteKeyShouldFailIfKeyNotExists() throws Exception {
public void deleteKeyShouldFailIfKeyNotExists() {
try {
transitOperations.deleteKey("hello-world");
@@ -124,7 +124,7 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport
}
@Test
public void deleteKeyShouldDeleteKey() throws Exception {
public void deleteKeyShouldDeleteKey() {
transitOperations.createKey("mykey");
transitOperations.configureKey("mykey", VaultTransitKeyConfiguration.builder()
@@ -135,7 +135,7 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport
}
@Test
public void encryptShouldCreateCiphertext() throws Exception {
public void encryptShouldCreateCiphertext() {
transitOperations.createKey("mykey");
@@ -144,7 +144,7 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport
}
@Test
public void encryptShouldCreateCiphertextWithNonceAndContext() throws Exception {
public void encryptShouldCreateCiphertextWithNonceAndContext() {
transitOperations.createKey("mykey", VaultTransitKeyCreationRequest.builder()
.convergentEncryption(true).derived(true).build());
@@ -160,7 +160,7 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport
}
@Test
public void decryptShouldCreatePlaintext() throws Exception {
public void decryptShouldCreatePlaintext() {
transitOperations.createKey("mykey");
@@ -171,7 +171,7 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport
}
@Test
public void decryptShouldCreatePlaintextWithNonceAndContext() throws Exception {
public void decryptShouldCreatePlaintextWithNonceAndContext() {
transitOperations.createKey("mykey", VaultTransitKeyCreationRequest.builder()
.convergentEncryption(true).derived(true).build());
@@ -189,7 +189,7 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport
}
@Test
public void encryptAndRewrapShouldCreateCiphertext() throws Exception {
public void encryptAndRewrapShouldCreateCiphertext() {
transitOperations.createKey("mykey");
@@ -202,8 +202,23 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport
}
@Test
public void encryptAndRewrapShouldCreateCiphertextWithNonceAndContext()
throws Exception {
public void shouldEncryptBinaryPlaintext() {
transitOperations.createKey("mykey");
byte[] plaintext = new byte[] { 1, 2, 3, 4, 5 };
String ciphertext = transitOperations.encrypt("mykey", plaintext,
VaultTransitContext.empty());
byte[] decrypted = transitOperations.decrypt("mykey", ciphertext,
VaultTransitContext.empty());
assertThat(decrypted).isEqualTo(plaintext);
}
@Test
public void encryptAndRewrapShouldCreateCiphertextWithNonceAndContext() {
transitOperations.createKey("mykey", VaultTransitKeyCreationRequest.builder()
.convergentEncryption(true).derived(true).build());