symmetric-encryption 4.1.1 → 4.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (36) hide show
  1. checksums.yaml +4 -4
  2. data/lib/symmetric_encryption/cli.rb +2 -2
  3. data/lib/symmetric_encryption/encoder.rb +2 -2
  4. data/lib/symmetric_encryption/generator.rb +4 -4
  5. data/lib/symmetric_encryption/keystore/aws.rb +2 -1
  6. data/lib/symmetric_encryption/keystore/environment.rb +1 -1
  7. data/lib/symmetric_encryption/keystore/file.rb +1 -1
  8. data/lib/symmetric_encryption/keystore/memory.rb +1 -1
  9. data/lib/symmetric_encryption/version.rb +1 -1
  10. metadata +4 -56
  11. data/test/active_record_test.rb +0 -605
  12. data/test/cipher_test.rb +0 -216
  13. data/test/config/database.yml +0 -5
  14. data/test/config/empty.csv +0 -0
  15. data/test/config/mongo_mapper.yml +0 -7
  16. data/test/config/mongoid.yml +0 -9
  17. data/test/config/symmetric-encryption.yml +0 -144
  18. data/test/config/test_new.iv +0 -4
  19. data/test/config/test_new.key +0 -2
  20. data/test/config/test_secondary_1.iv +0 -1
  21. data/test/config/test_secondary_1.key +0 -2
  22. data/test/encoder_test.rb +0 -59
  23. data/test/header_test.rb +0 -214
  24. data/test/key_test.rb +0 -81
  25. data/test/keystore/aws_test.rb +0 -133
  26. data/test/keystore/environment_test.rb +0 -70
  27. data/test/keystore/file_test.rb +0 -85
  28. data/test/keystore/heroku_test.rb +0 -70
  29. data/test/keystore_test.rb +0 -254
  30. data/test/mongoid_test.rb +0 -595
  31. data/test/reader_test.rb +0 -334
  32. data/test/symmetric_encryption_test.rb +0 -239
  33. data/test/test_db.sqlite3 +0 -0
  34. data/test/test_helper.rb +0 -12
  35. data/test/utils/aws_test.rb +0 -74
  36. data/test/writer_test.rb +0 -79
data/test/mongoid_test.rb DELETED
@@ -1,595 +0,0 @@
1
- begin
2
- require 'mongoid'
3
- require_relative 'test_helper'
4
- require_relative '../lib/symmetric_encryption/extensions/mongoid/encrypted'
5
- ENV['RACK_ENV'] = 'test'
6
-
7
- Mongoid.load!('test/config/mongoid.yml')
8
-
9
- # @formatter:off
10
- class MongoidUser
11
- include Mongoid::Document
12
-
13
- field :name, type: String
14
- field :encrypted_bank_account_number, type: String, encrypted: true
15
- field :encrypted_social_security_number, type: String, encrypted: true
16
- field :encrypted_string, type: String, encrypted: {random_iv: true}
17
- field :encrypted_long_string, type: String, encrypted: {random_iv: true, compress: true}
18
-
19
- field :encrypted_integer_value, type: String, encrypted: {type: :integer}
20
- field :aiv, type: String, encrypted: {type: :integer, decrypt_as: :aliased_integer_value}
21
- field :encrypted_float_value, type: String, encrypted: {type: :float}
22
- field :encrypted_decimal_value, type: String, encrypted: {type: :decimal}
23
- field :encrypted_datetime_value, type: String, encrypted: {type: :datetime}
24
- field :encrypted_time_value, type: String, encrypted: {type: :time}
25
- field :encrypted_date_value, type: String, encrypted: {type: :date}
26
- field :encrypted_true_value, type: String, encrypted: {type: :boolean}
27
- field :encrypted_false_value, type: String, encrypted: {type: :boolean}
28
- field :encrypted_data_yaml, type: String, encrypted: {random_iv: true, compress: true, type: :yaml}
29
- field :encrypted_data_json, type: String, encrypted: {random_iv: true, compress: true, type: :json}
30
-
31
- validates :encrypted_bank_account_number, symmetric_encryption: true
32
- validates :encrypted_social_security_number, symmetric_encryption: true
33
- end
34
-
35
- class MongoidUniqueUser
36
- include Mongoid::Document
37
-
38
- field :encrypted_email, type: String, encrypted: true
39
- field :encrypted_username, type: String, encrypted: true
40
-
41
- validates_uniqueness_of :encrypted_email, allow_blank: true, if: :encrypted_email_changed?
42
- validates_uniqueness_of :encrypted_username, allow_blank: true, if: :encrypted_username_changed?
43
-
44
- validates :username,
45
- length: {in: 3..20},
46
- format: {with: /\A[\w\-]+\z/},
47
- allow_blank: true
48
- end
49
- # @formatter:on
50
-
51
- #
52
- # Unit Tests for field encrypted and validation aspects of SymmetricEncryption
53
- #
54
- class MongoidTest < Minitest::Test
55
- describe 'Mongoid' do
56
- before do
57
- @bank_account_number = '1234567890'
58
- @bank_account_number_encrypted = 'QEVuQwIAL94ArJeFlJrZp6SYsvoOGA=='
59
-
60
- @social_security_number = '987654321'
61
- @social_security_number_encrypted = 'QEVuQwIAS+8X1NRrqdfEIQyFHVPuVA=='
62
-
63
- @integer = 32_768
64
- @integer_encrypted = 'FA3smFQEKqB/ITv+A0xACg=='
65
-
66
- @float = 0.9867
67
- @float_encrypted = 'z7Pwt2JDp74d+u0IXFAdrQ=='
68
-
69
- @date = Date.parse('20120320')
70
- @date_encrypted = 'WTkSPHo5ApSSHBJMxxWt2A=='
71
-
72
- @string = 'A string containing some data to be encrypted with a random initialization vector'
73
- @long_string = 'A string containing some data to be encrypted with a random initialization vector and compressed since it takes up so much space in plain text form'
74
-
75
- @integer_value = 12
76
- @float_value = 88.12345
77
- @decimal_value = BigDecimal('22.51')
78
- @datetime_value = DateTime.new(2001, 11, 26, 20, 55, 54, '-5')
79
- @time_value = Time.new(2013, 0o1, 0o1, 22, 30, 0o0, '-04:00')
80
- @date_value = Date.new(1927, 0o4, 0o2)
81
- @h = {a: 'A', b: 'B'}
82
-
83
- @user = MongoidUser.new(
84
- encrypted_bank_account_number: @bank_account_number_encrypted,
85
- encrypted_social_security_number: @social_security_number_encrypted,
86
- name: 'Joe Bloggs',
87
- # data type specific fields
88
- integer_value: @integer_value,
89
- aliased_integer_value: @integer_value,
90
- float_value: @float_value,
91
- decimal_value: @decimal_value,
92
- datetime_value: @datetime_value,
93
- time_value: @time_value,
94
- date_value: @date_value,
95
- true_value: true,
96
- false_value: false,
97
- data_yaml: @h.dup,
98
- data_json: @h.dup
99
- )
100
- end
101
-
102
- it 'have encrypted methods' do
103
- assert_equal true, @user.respond_to?(:encrypted_bank_account_number)
104
- assert_equal true, @user.respond_to?(:encrypted_social_security_number)
105
- assert_equal true, @user.respond_to?(:encrypted_string)
106
- assert_equal true, @user.respond_to?(:encrypted_long_string)
107
- assert_equal false, @user.respond_to?(:encrypted_name)
108
-
109
- assert_equal true, @user.respond_to?(:encrypted_bank_account_number=)
110
- assert_equal true, @user.respond_to?(:encrypted_social_security_number=)
111
- assert_equal true, @user.respond_to?(:encrypted_string=)
112
- assert_equal true, @user.respond_to?(:encrypted_long_string=)
113
- assert_equal false, @user.respond_to?(:encrypted_name=)
114
- end
115
-
116
- it 'have unencrypted methods' do
117
- assert_equal true, @user.respond_to?(:bank_account_number)
118
- assert_equal true, @user.respond_to?(:social_security_number)
119
- assert_equal true, @user.respond_to?(:string)
120
- assert_equal true, @user.respond_to?(:long_string)
121
- assert_equal true, @user.respond_to?(:name)
122
-
123
- assert_equal true, @user.respond_to?(:bank_account_number=)
124
- assert_equal true, @user.respond_to?(:social_security_number=)
125
- assert_equal true, @user.respond_to?(:string=)
126
- assert_equal true, @user.respond_to?(:long_string=)
127
- assert_equal true, @user.respond_to?(:name=)
128
- end
129
-
130
- it 'support aliased fields' do
131
- assert_equal true, @user.respond_to?(:aliased_integer_value=)
132
- assert_equal true, @user.respond_to?(:aliased_integer_value)
133
- end
134
-
135
- it 'have unencrypted values' do
136
- assert_equal @bank_account_number, @user.bank_account_number
137
- assert_equal @social_security_number, @user.social_security_number
138
- end
139
-
140
- it 'have encrypted values' do
141
- assert_equal @bank_account_number_encrypted, @user.encrypted_bank_account_number
142
- assert_equal @social_security_number_encrypted, @user.encrypted_social_security_number
143
- end
144
-
145
- it 'support same iv' do
146
- @user.social_security_number = @social_security_number
147
- assert first_value = @user.social_security_number
148
- # Assign the same value
149
- @user.social_security_number = @social_security_number
150
- assert_equal first_value, @user.social_security_number
151
- end
152
-
153
- it 'support a random iv' do
154
- @user.string = @string
155
- assert first_value = @user.encrypted_string
156
- @user.string = 'blah'
157
- @user.string = @string.dup
158
- refute_equal first_value, @user.encrypted_string
159
- end
160
-
161
- it 'support a random iv and compress' do
162
- @user.string = @long_string
163
- @user.long_string = @long_string
164
-
165
- assert_equal true, (@user.encrypted_long_string.length.to_f / @user.encrypted_string.length) < 0.8
166
- end
167
-
168
- it 'encrypt' do
169
- user = MongoidUser.new
170
- user.bank_account_number = @bank_account_number
171
- assert_equal @bank_account_number, user.bank_account_number
172
- assert_equal @bank_account_number_encrypted, user.encrypted_bank_account_number
173
- end
174
-
175
- it 'all paths it lead to the same result' do
176
- assert_equal @bank_account_number_encrypted, (@user.encrypted_social_security_number = @bank_account_number_encrypted)
177
- assert_equal @bank_account_number, @user.social_security_number
178
- end
179
-
180
- it 'all paths it lead to the same result 2' do
181
- assert_equal @bank_account_number, (@user.social_security_number = @bank_account_number)
182
- assert_equal @bank_account_number_encrypted, @user.encrypted_social_security_number
183
- end
184
-
185
- it 'all paths it lead to the same result, check uninitialized' do
186
- user = MongoidUser.new
187
- assert_nil user.social_security_number
188
- assert_equal @bank_account_number, (user.social_security_number = @bank_account_number)
189
- assert_equal @bank_account_number, user.social_security_number
190
- assert_equal @bank_account_number_encrypted, user.encrypted_social_security_number
191
-
192
- user.social_security_number = nil
193
- assert_nil user.social_security_number
194
- assert_nil user.encrypted_social_security_number
195
- end
196
-
197
- it 'allow unencrypted values to be passed to the constructor' do
198
- user = MongoidUser.new(bank_account_number: @bank_account_number, social_security_number: @social_security_number)
199
- assert_equal @bank_account_number, user.bank_account_number
200
- assert_equal @social_security_number, user.social_security_number
201
- assert_equal @bank_account_number_encrypted, user.encrypted_bank_account_number
202
- assert_equal @social_security_number_encrypted, user.encrypted_social_security_number
203
- end
204
-
205
- it 'allow both encrypted and unencrypted values to be passed to the constructor' do
206
- user = MongoidUser.new(encrypted_bank_account_number: @bank_account_number_encrypted, social_security_number: @social_security_number)
207
- assert_equal @bank_account_number, user.bank_account_number
208
- assert_equal @social_security_number, user.social_security_number
209
- assert_equal @bank_account_number_encrypted, user.encrypted_bank_account_number
210
- assert_equal @social_security_number_encrypted, user.encrypted_social_security_number
211
- end
212
-
213
- describe 'changed?' do
214
- before do
215
- @user.save!
216
- end
217
-
218
- after do
219
- @user&.destroy
220
- end
221
-
222
- it 'return false if it was not changed' do
223
- assert_equal false, @user.encrypted_bank_account_number_changed?
224
- assert_equal false, @user.bank_account_number_changed?
225
- end
226
-
227
- it 'return true if it was changed' do
228
- @user.bank_account_number = '15424623'
229
- assert_equal true, @user.encrypted_bank_account_number_changed?
230
- assert_equal true, @user.bank_account_number_changed?
231
- end
232
- end
233
-
234
- describe 'data types' do
235
- before do
236
- @user.save!
237
- @user_clone = MongoidUser.find(@user.id)
238
- end
239
-
240
- after do
241
- @user&.destroy
242
- end
243
-
244
- describe 'aliased fields' do
245
- it 'return correct data type' do
246
- @user_clone.aliased_integer_value = '5'
247
- assert_equal 5, @user_clone.aliased_integer_value
248
- end
249
- end
250
-
251
- describe 'integer values' do
252
- it 'return correct data type' do
253
- assert_equal @integer_value, @user_clone.integer_value
254
- assert @user.clone.integer_value.is_a?(Integer)
255
- end
256
-
257
- it 'coerce data type before save' do
258
- u = MongoidUser.new(integer_value: '5')
259
- assert_equal 5, u.integer_value
260
- assert u.integer_value.is_a?(Integer)
261
- end
262
-
263
- it 'permit replacing value with nil' do
264
- @user_clone.integer_value = nil
265
- @user_clone.save!
266
-
267
- @user.reload
268
- assert_nil @user.integer_value
269
- assert_nil @user.encrypted_integer_value
270
- end
271
-
272
- it 'permit replacing value' do
273
- new_integer_value = 98
274
- @user_clone.integer_value = new_integer_value
275
- @user_clone.save!
276
-
277
- @user.reload
278
- assert_equal new_integer_value, @user.integer_value
279
- end
280
- end
281
-
282
- describe 'float values' do
283
- it 'return correct data type' do
284
- assert_equal @float_value, @user_clone.float_value
285
- assert @user.clone.float_value.is_a?(Float)
286
- end
287
-
288
- it 'coerce data type before save' do
289
- u = MongoidUser.new(float_value: '5.6')
290
- assert_equal 5.6, u.float_value
291
- assert u.float_value.is_a?(Float)
292
- end
293
-
294
- it 'permit replacing value with nil' do
295
- @user_clone.float_value = nil
296
- @user_clone.save!
297
-
298
- @user.reload
299
- assert_nil @user.float_value
300
- assert_nil @user.encrypted_float_value
301
- end
302
-
303
- it 'permit replacing value' do
304
- new_float_value = 45.4321
305
- @user_clone.float_value = new_float_value
306
- @user_clone.save!
307
-
308
- @user.reload
309
- assert_equal new_float_value, @user.float_value
310
- end
311
- end
312
-
313
- describe 'decimal values' do
314
- it 'return correct data type' do
315
- assert_equal @decimal_value, @user_clone.decimal_value
316
- assert @user.clone.decimal_value.is_a?(BigDecimal)
317
- end
318
-
319
- it 'coerce data type before save' do
320
- u = MongoidUser.new(decimal_value: '99.95')
321
- assert_equal BigDecimal('99.95'), u.decimal_value
322
- assert u.decimal_value.is_a?(BigDecimal)
323
- end
324
-
325
- it 'permit replacing value with nil' do
326
- @user_clone.decimal_value = nil
327
- @user_clone.save!
328
-
329
- @user.reload
330
- assert_nil @user.decimal_value
331
- assert_nil @user.encrypted_decimal_value
332
- end
333
-
334
- it 'permit replacing value' do
335
- new_decimal_value = BigDecimal('99.95')
336
- @user_clone.decimal_value = new_decimal_value
337
- @user_clone.save!
338
-
339
- @user.reload
340
- assert_equal new_decimal_value, @user.decimal_value
341
- end
342
- end
343
-
344
- describe 'datetime values' do
345
- it 'return correct data type' do
346
- assert_equal @datetime_value, @user_clone.datetime_value
347
- assert @user.clone.datetime_value.is_a?(DateTime)
348
- end
349
-
350
- it 'coerce data type before save' do
351
- now = Time.now
352
- u = MongoidUser.new(datetime_value: now)
353
- assert_equal now, u.datetime_value
354
- assert u.datetime_value.is_a?(DateTime)
355
- end
356
-
357
- it 'permit replacing value with nil' do
358
- @user_clone.datetime_value = nil
359
- @user_clone.save!
360
-
361
- @user.reload
362
- assert_nil @user.datetime_value
363
- assert_nil @user.encrypted_datetime_value
364
- end
365
-
366
- it 'permit replacing value' do
367
- new_datetime_value = DateTime.new(1998, 10, 21, 8, 33, 28, '+5')
368
- @user_clone.datetime_value = new_datetime_value
369
- @user_clone.save!
370
-
371
- @user.reload
372
- assert_equal new_datetime_value, @user.datetime_value
373
- end
374
- end
375
-
376
- describe 'time values' do
377
- it 'return correct data type' do
378
- assert_equal @time_value, @user_clone.time_value.dup
379
- assert @user.clone.time_value.is_a?(Time)
380
- end
381
-
382
- it 'coerce data type before save' do
383
- now = Time.now
384
- u = MongoidUser.new(time_value: now)
385
- assert_equal now, u.time_value.dup
386
- assert u.time_value.is_a?(Time)
387
- end
388
-
389
- it 'permit replacing value with nil' do
390
- @user_clone.time_value = nil
391
- @user_clone.save!
392
-
393
- @user.reload
394
- assert_nil @user.time_value
395
- assert_nil @user.encrypted_time_value
396
- end
397
-
398
- it 'permit replacing value' do
399
- new_time_value = Time.new(1998, 10, 21, 8, 33, 28, '+04:00')
400
- @user_clone.time_value = new_time_value
401
- @user_clone.save!
402
-
403
- @user.reload
404
- assert_equal new_time_value, @user.time_value.dup
405
- end
406
- end
407
-
408
- describe 'date values' do
409
- it 'return correct data type' do
410
- assert_equal @date_value, @user_clone.date_value
411
- assert @user.clone.date_value.is_a?(Date)
412
- end
413
-
414
- it 'coerce data type before save' do
415
- now = Time.now
416
- u = MongoidUser.new(date_value: now)
417
- assert_equal now.to_date, u.date_value
418
- assert u.date_value.is_a?(Date)
419
- end
420
-
421
- it 'permit replacing value with nil' do
422
- @user_clone.date_value = nil
423
- @user_clone.save!
424
-
425
- @user.reload
426
- assert_nil @user.date_value
427
- assert_nil @user.encrypted_date_value
428
- end
429
-
430
- it 'permit replacing value' do
431
- new_date_value = Date.new(1998, 10, 21)
432
- @user_clone.date_value = new_date_value
433
- @user_clone.save!
434
-
435
- @user.reload
436
- assert_equal new_date_value, @user.date_value
437
- end
438
- end
439
-
440
- describe 'true values' do
441
- it 'return correct data type' do
442
- assert_equal true, @user_clone.true_value
443
- assert @user.clone.true_value.is_a?(TrueClass)
444
- end
445
-
446
- it 'coerce data type before save' do
447
- u = MongoidUser.new(true_value: '1')
448
- assert_equal true, u.true_value
449
- assert u.true_value.is_a?(TrueClass)
450
- end
451
-
452
- it 'permit replacing value with nil' do
453
- @user_clone.true_value = nil
454
- @user_clone.save!
455
-
456
- @user.reload
457
- assert_nil @user.true_value
458
- assert_nil @user.encrypted_true_value
459
- end
460
-
461
- it 'permit replacing value' do
462
- new_value = false
463
- @user_clone.true_value = new_value
464
- @user_clone.save!
465
-
466
- @user.reload
467
- assert_equal new_value, @user.true_value
468
- end
469
- end
470
-
471
- describe 'false values' do
472
- it 'return correct data type' do
473
- assert_equal false, @user_clone.false_value
474
- assert @user.clone.false_value.is_a?(FalseClass)
475
- end
476
-
477
- it 'coerce data type before save' do
478
- u = MongoidUser.new(false_value: '0')
479
- assert_equal false, u.false_value
480
- assert u.false_value.is_a?(FalseClass)
481
- end
482
-
483
- it 'permit replacing value with nil' do
484
- @user_clone.false_value = nil
485
- @user_clone.save!
486
-
487
- @user.reload
488
- assert_nil @user.false_value
489
- assert_nil @user.encrypted_false_value
490
- end
491
-
492
- it 'permit replacing value' do
493
- new_value = true
494
- @user_clone.false_value = new_value
495
- @user_clone.save!
496
-
497
- @user.reload
498
- assert_equal new_value, @user.false_value
499
- end
500
- end
501
-
502
- describe 'JSON Serialization' do
503
- before do
504
- # JSON Does not support symbols, so they will come back as strings
505
- # Convert symbols to string in the test
506
- @h.keys.each do |k|
507
- @h[k.to_s] = @h[k]
508
- @h.delete(k)
509
- end
510
- end
511
-
512
- it 'return correct data type' do
513
- assert_equal @h, @user_clone.data_json
514
- assert @user.clone.data_json.is_a?(Hash)
515
- end
516
-
517
- it 'not coerce data type (leaves as hash) before save' do
518
- u = MongoidUser.new(data_json: @h)
519
- assert_equal @h, u.data_json
520
- assert u.data_json.is_a?(Hash)
521
- end
522
-
523
- it 'permit replacing value with nil' do
524
- @user_clone.data_json = nil
525
- @user_clone.save!
526
-
527
- @user.reload
528
- assert_nil @user.data_json
529
- assert_nil @user.encrypted_data_json
530
- end
531
-
532
- it 'permit replacing value' do
533
- new_value = @h.clone
534
- new_value['c'] = 'C'
535
- @user_clone.data_json = new_value
536
- @user_clone.save!
537
-
538
- @user.reload
539
- assert_equal new_value, @user.data_json
540
- end
541
- end
542
-
543
- describe 'YAML Serialization' do
544
- it 'return correct data type' do
545
- assert_equal @h, @user_clone.data_yaml
546
- assert @user.clone.data_yaml.is_a?(Hash)
547
- end
548
-
549
- it 'not coerce data type (leaves as hash) before save' do
550
- u = MongoidUser.new(data_yaml: @h)
551
- assert_equal @h, u.data_yaml
552
- assert u.data_yaml.is_a?(Hash)
553
- end
554
-
555
- it 'permit replacing value with nil' do
556
- @user_clone.data_yaml = nil
557
- @user_clone.save!
558
-
559
- @user.reload
560
- assert_nil @user.data_yaml
561
- assert_nil @user.encrypted_data_yaml
562
- end
563
-
564
- it 'permit replacing value' do
565
- new_value = @h.clone
566
- new_value[:c] = 'C'
567
- @user_clone.data_yaml = new_value
568
- @user_clone.save!
569
-
570
- @user.reload
571
- assert_equal new_value, @user.data_yaml
572
- end
573
- end
574
- end
575
-
576
- describe 'uniqueness' do
577
- before do
578
- MongoidUniqueUser.destroy_all
579
- @email = 'whatever@not-unique.com'
580
- @username = 'gibby007'
581
- @user = MongoidUniqueUser.create!(email: @email)
582
- @email_user = MongoidUniqueUser.create!(username: @username)
583
- end
584
-
585
- it 'does not allow duplicate values' do
586
- duplicate = MongoidUniqueUser.new(email: @email)
587
- assert_equal false, duplicate.valid?
588
- assert_equal 'is already taken', duplicate.errors.messages[:encrypted_email].first
589
- end
590
- end
591
- end
592
- end
593
- rescue LoadError
594
- puts 'Not running Mongoid tests because mongoid gem is not installed!!!'
595
- end