diff --git a/spring-vault-core/src/main/java/org/springframework/vault/support/VaultTransitContext.java b/spring-vault-core/src/main/java/org/springframework/vault/support/VaultTransitContext.java index 450f1876..8173c257 100644 --- a/spring-vault-core/src/main/java/org/springframework/vault/support/VaultTransitContext.java +++ b/spring-vault-core/src/main/java/org/springframework/vault/support/VaultTransitContext.java @@ -1,5 +1,5 @@ /* - * Copyright 2016 the original author or authors. + * Copyright 2016-2017 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,6 +22,12 @@ package org.springframework.vault.support; */ public class VaultTransitContext { + /** + * Empty (default) {@link VaultTransitContext} without a {@literal context} and + * {@literal nonce}. + */ + private static final VaultTransitContext EMPTY = new VaultTransitContext(null, null); + private final byte[] context; private final byte[] nonce; @@ -38,6 +44,13 @@ public class VaultTransitContext { return new VaultTransitRequestBuilder(); } + /** + * @return an empty {@link VaultTransitContext}. + */ + public static VaultTransitContext empty() { + return EMPTY; + } + /** * @return the key derivation context. */ @@ -66,7 +79,7 @@ public class VaultTransitContext { /** * Configure a key derivation context for the {@code transit} operation. - * + * * @param context key derivation context, provided as a binary data. Must be * provided if derivation is enabled. * @return {@code this} {@link VaultTransitRequestBuilder}. @@ -80,7 +93,7 @@ public class VaultTransitContext { * Configure the nonce value for a {@code transit} operation. Must be provided if * convergent encryption is enabled for this key and the key was generated with * Vault 0.6.1. Not required for keys created in 0.6.2+. - * + * * @param nonce value must be exactly 96 bits (12 bytes) long and the user must * ensure that for any given context (and thus, any given encryption key) this * nonce value is never reused diff --git a/spring-vault-core/src/test/java/org/springframework/vault/core/VaultTransitTemplateIntegrationTests.java b/spring-vault-core/src/test/java/org/springframework/vault/core/VaultTransitTemplateIntegrationTests.java index ede2da40..9be9b911 100644 --- a/spring-vault-core/src/test/java/org/springframework/vault/core/VaultTransitTemplateIntegrationTests.java +++ b/spring-vault-core/src/test/java/org/springframework/vault/core/VaultTransitTemplateIntegrationTests.java @@ -48,7 +48,7 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport private VaultTransitOperations transitOperations; @Before - public void before() throws Exception { + public void before() { transitOperations = vaultOperations.opsForTransit(); if (!vaultOperations.opsForSys().getMounts().containsKey("transit/")) { @@ -70,7 +70,7 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport } @Test - public void createKeyShouldCreateKey() throws Exception { + public void createKeyShouldCreateKey() { transitOperations.createKey("mykey"); @@ -86,7 +86,7 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport } @Test - public void createKeyShouldCreateKeyWithOptions() throws Exception { + public void createKeyShouldCreateKeyWithOptions() { VaultTransitKeyCreationRequest request = VaultTransitKeyCreationRequest.builder() // .convergentEncryption(true) // @@ -105,14 +105,14 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport } @Test - public void getKeyShouldReturnNullIfKeyNotExists() throws Exception { + public void getKeyShouldReturnNullIfKeyNotExists() { VaultTransitKey key = transitOperations.getKey("hello-world"); assertThat(key).isNull(); } @Test - public void deleteKeyShouldFailIfKeyNotExists() throws Exception { + public void deleteKeyShouldFailIfKeyNotExists() { try { transitOperations.deleteKey("hello-world"); @@ -124,7 +124,7 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport } @Test - public void deleteKeyShouldDeleteKey() throws Exception { + public void deleteKeyShouldDeleteKey() { transitOperations.createKey("mykey"); transitOperations.configureKey("mykey", VaultTransitKeyConfiguration.builder() @@ -135,7 +135,7 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport } @Test - public void encryptShouldCreateCiphertext() throws Exception { + public void encryptShouldCreateCiphertext() { transitOperations.createKey("mykey"); @@ -144,7 +144,7 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport } @Test - public void encryptShouldCreateCiphertextWithNonceAndContext() throws Exception { + public void encryptShouldCreateCiphertextWithNonceAndContext() { transitOperations.createKey("mykey", VaultTransitKeyCreationRequest.builder() .convergentEncryption(true).derived(true).build()); @@ -160,7 +160,7 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport } @Test - public void decryptShouldCreatePlaintext() throws Exception { + public void decryptShouldCreatePlaintext() { transitOperations.createKey("mykey"); @@ -171,7 +171,7 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport } @Test - public void decryptShouldCreatePlaintextWithNonceAndContext() throws Exception { + public void decryptShouldCreatePlaintextWithNonceAndContext() { transitOperations.createKey("mykey", VaultTransitKeyCreationRequest.builder() .convergentEncryption(true).derived(true).build()); @@ -189,7 +189,7 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport } @Test - public void encryptAndRewrapShouldCreateCiphertext() throws Exception { + public void encryptAndRewrapShouldCreateCiphertext() { transitOperations.createKey("mykey"); @@ -202,8 +202,23 @@ public class VaultTransitTemplateIntegrationTests extends IntegrationTestSupport } @Test - public void encryptAndRewrapShouldCreateCiphertextWithNonceAndContext() - throws Exception { + public void shouldEncryptBinaryPlaintext() { + + transitOperations.createKey("mykey"); + + byte[] plaintext = new byte[] { 1, 2, 3, 4, 5 }; + + String ciphertext = transitOperations.encrypt("mykey", plaintext, + VaultTransitContext.empty()); + + byte[] decrypted = transitOperations.decrypt("mykey", ciphertext, + VaultTransitContext.empty()); + + assertThat(decrypted).isEqualTo(plaintext); + } + + @Test + public void encryptAndRewrapShouldCreateCiphertextWithNonceAndContext() { transitOperations.createKey("mykey", VaultTransitKeyCreationRequest.builder() .convergentEncryption(true).derived(true).build());