symmetric-encryption 4.1.1 → 4.1.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (36) hide show
  1. checksums.yaml +4 -4
  2. data/lib/symmetric_encryption/cli.rb +2 -2
  3. data/lib/symmetric_encryption/encoder.rb +2 -2
  4. data/lib/symmetric_encryption/generator.rb +4 -4
  5. data/lib/symmetric_encryption/keystore/aws.rb +2 -1
  6. data/lib/symmetric_encryption/keystore/environment.rb +1 -1
  7. data/lib/symmetric_encryption/keystore/file.rb +1 -1
  8. data/lib/symmetric_encryption/keystore/memory.rb +1 -1
  9. data/lib/symmetric_encryption/version.rb +1 -1
  10. metadata +4 -56
  11. data/test/active_record_test.rb +0 -605
  12. data/test/cipher_test.rb +0 -216
  13. data/test/config/database.yml +0 -5
  14. data/test/config/empty.csv +0 -0
  15. data/test/config/mongo_mapper.yml +0 -7
  16. data/test/config/mongoid.yml +0 -9
  17. data/test/config/symmetric-encryption.yml +0 -144
  18. data/test/config/test_new.iv +0 -4
  19. data/test/config/test_new.key +0 -2
  20. data/test/config/test_secondary_1.iv +0 -1
  21. data/test/config/test_secondary_1.key +0 -2
  22. data/test/encoder_test.rb +0 -59
  23. data/test/header_test.rb +0 -214
  24. data/test/key_test.rb +0 -81
  25. data/test/keystore/aws_test.rb +0 -133
  26. data/test/keystore/environment_test.rb +0 -70
  27. data/test/keystore/file_test.rb +0 -85
  28. data/test/keystore/heroku_test.rb +0 -70
  29. data/test/keystore_test.rb +0 -254
  30. data/test/mongoid_test.rb +0 -595
  31. data/test/reader_test.rb +0 -334
  32. data/test/symmetric_encryption_test.rb +0 -239
  33. data/test/test_db.sqlite3 +0 -0
  34. data/test/test_helper.rb +0 -12
  35. data/test/utils/aws_test.rb +0 -74
  36. data/test/writer_test.rb +0 -79
data/test/mongoid_test.rb DELETED
@@ -1,595 +0,0 @@
1
- begin
2
- require 'mongoid'
3
- require_relative 'test_helper'
4
- require_relative '../lib/symmetric_encryption/extensions/mongoid/encrypted'
5
- ENV['RACK_ENV'] = 'test'
6
-
7
- Mongoid.load!('test/config/mongoid.yml')
8
-
9
- # @formatter:off
10
- class MongoidUser
11
- include Mongoid::Document
12
-
13
- field :name, type: String
14
- field :encrypted_bank_account_number, type: String, encrypted: true
15
- field :encrypted_social_security_number, type: String, encrypted: true
16
- field :encrypted_string, type: String, encrypted: {random_iv: true}
17
- field :encrypted_long_string, type: String, encrypted: {random_iv: true, compress: true}
18
-
19
- field :encrypted_integer_value, type: String, encrypted: {type: :integer}
20
- field :aiv, type: String, encrypted: {type: :integer, decrypt_as: :aliased_integer_value}
21
- field :encrypted_float_value, type: String, encrypted: {type: :float}
22
- field :encrypted_decimal_value, type: String, encrypted: {type: :decimal}
23
- field :encrypted_datetime_value, type: String, encrypted: {type: :datetime}
24
- field :encrypted_time_value, type: String, encrypted: {type: :time}
25
- field :encrypted_date_value, type: String, encrypted: {type: :date}
26
- field :encrypted_true_value, type: String, encrypted: {type: :boolean}
27
- field :encrypted_false_value, type: String, encrypted: {type: :boolean}
28
- field :encrypted_data_yaml, type: String, encrypted: {random_iv: true, compress: true, type: :yaml}
29
- field :encrypted_data_json, type: String, encrypted: {random_iv: true, compress: true, type: :json}
30
-
31
- validates :encrypted_bank_account_number, symmetric_encryption: true
32
- validates :encrypted_social_security_number, symmetric_encryption: true
33
- end
34
-
35
- class MongoidUniqueUser
36
- include Mongoid::Document
37
-
38
- field :encrypted_email, type: String, encrypted: true
39
- field :encrypted_username, type: String, encrypted: true
40
-
41
- validates_uniqueness_of :encrypted_email, allow_blank: true, if: :encrypted_email_changed?
42
- validates_uniqueness_of :encrypted_username, allow_blank: true, if: :encrypted_username_changed?
43
-
44
- validates :username,
45
- length: {in: 3..20},
46
- format: {with: /\A[\w\-]+\z/},
47
- allow_blank: true
48
- end
49
- # @formatter:on
50
-
51
- #
52
- # Unit Tests for field encrypted and validation aspects of SymmetricEncryption
53
- #
54
- class MongoidTest < Minitest::Test
55
- describe 'Mongoid' do
56
- before do
57
- @bank_account_number = '1234567890'
58
- @bank_account_number_encrypted = 'QEVuQwIAL94ArJeFlJrZp6SYsvoOGA=='
59
-
60
- @social_security_number = '987654321'
61
- @social_security_number_encrypted = 'QEVuQwIAS+8X1NRrqdfEIQyFHVPuVA=='
62
-
63
- @integer = 32_768
64
- @integer_encrypted = 'FA3smFQEKqB/ITv+A0xACg=='
65
-
66
- @float = 0.9867
67
- @float_encrypted = 'z7Pwt2JDp74d+u0IXFAdrQ=='
68
-
69
- @date = Date.parse('20120320')
70
- @date_encrypted = 'WTkSPHo5ApSSHBJMxxWt2A=='
71
-
72
- @string = 'A string containing some data to be encrypted with a random initialization vector'
73
- @long_string = 'A string containing some data to be encrypted with a random initialization vector and compressed since it takes up so much space in plain text form'
74
-
75
- @integer_value = 12
76
- @float_value = 88.12345
77
- @decimal_value = BigDecimal('22.51')
78
- @datetime_value = DateTime.new(2001, 11, 26, 20, 55, 54, '-5')
79
- @time_value = Time.new(2013, 0o1, 0o1, 22, 30, 0o0, '-04:00')
80
- @date_value = Date.new(1927, 0o4, 0o2)
81
- @h = {a: 'A', b: 'B'}
82
-
83
- @user = MongoidUser.new(
84
- encrypted_bank_account_number: @bank_account_number_encrypted,
85
- encrypted_social_security_number: @social_security_number_encrypted,
86
- name: 'Joe Bloggs',
87
- # data type specific fields
88
- integer_value: @integer_value,
89
- aliased_integer_value: @integer_value,
90
- float_value: @float_value,
91
- decimal_value: @decimal_value,
92
- datetime_value: @datetime_value,
93
- time_value: @time_value,
94
- date_value: @date_value,
95
- true_value: true,
96
- false_value: false,
97
- data_yaml: @h.dup,
98
- data_json: @h.dup
99
- )
100
- end
101
-
102
- it 'have encrypted methods' do
103
- assert_equal true, @user.respond_to?(:encrypted_bank_account_number)
104
- assert_equal true, @user.respond_to?(:encrypted_social_security_number)
105
- assert_equal true, @user.respond_to?(:encrypted_string)
106
- assert_equal true, @user.respond_to?(:encrypted_long_string)
107
- assert_equal false, @user.respond_to?(:encrypted_name)
108
-
109
- assert_equal true, @user.respond_to?(:encrypted_bank_account_number=)
110
- assert_equal true, @user.respond_to?(:encrypted_social_security_number=)
111
- assert_equal true, @user.respond_to?(:encrypted_string=)
112
- assert_equal true, @user.respond_to?(:encrypted_long_string=)
113
- assert_equal false, @user.respond_to?(:encrypted_name=)
114
- end
115
-
116
- it 'have unencrypted methods' do
117
- assert_equal true, @user.respond_to?(:bank_account_number)
118
- assert_equal true, @user.respond_to?(:social_security_number)
119
- assert_equal true, @user.respond_to?(:string)
120
- assert_equal true, @user.respond_to?(:long_string)
121
- assert_equal true, @user.respond_to?(:name)
122
-
123
- assert_equal true, @user.respond_to?(:bank_account_number=)
124
- assert_equal true, @user.respond_to?(:social_security_number=)
125
- assert_equal true, @user.respond_to?(:string=)
126
- assert_equal true, @user.respond_to?(:long_string=)
127
- assert_equal true, @user.respond_to?(:name=)
128
- end
129
-
130
- it 'support aliased fields' do
131
- assert_equal true, @user.respond_to?(:aliased_integer_value=)
132
- assert_equal true, @user.respond_to?(:aliased_integer_value)
133
- end
134
-
135
- it 'have unencrypted values' do
136
- assert_equal @bank_account_number, @user.bank_account_number
137
- assert_equal @social_security_number, @user.social_security_number
138
- end
139
-
140
- it 'have encrypted values' do
141
- assert_equal @bank_account_number_encrypted, @user.encrypted_bank_account_number
142
- assert_equal @social_security_number_encrypted, @user.encrypted_social_security_number
143
- end
144
-
145
- it 'support same iv' do
146
- @user.social_security_number = @social_security_number
147
- assert first_value = @user.social_security_number
148
- # Assign the same value
149
- @user.social_security_number = @social_security_number
150
- assert_equal first_value, @user.social_security_number
151
- end
152
-
153
- it 'support a random iv' do
154
- @user.string = @string
155
- assert first_value = @user.encrypted_string
156
- @user.string = 'blah'
157
- @user.string = @string.dup
158
- refute_equal first_value, @user.encrypted_string
159
- end
160
-
161
- it 'support a random iv and compress' do
162
- @user.string = @long_string
163
- @user.long_string = @long_string
164
-
165
- assert_equal true, (@user.encrypted_long_string.length.to_f / @user.encrypted_string.length) < 0.8
166
- end
167
-
168
- it 'encrypt' do
169
- user = MongoidUser.new
170
- user.bank_account_number = @bank_account_number
171
- assert_equal @bank_account_number, user.bank_account_number
172
- assert_equal @bank_account_number_encrypted, user.encrypted_bank_account_number
173
- end
174
-
175
- it 'all paths it lead to the same result' do
176
- assert_equal @bank_account_number_encrypted, (@user.encrypted_social_security_number = @bank_account_number_encrypted)
177
- assert_equal @bank_account_number, @user.social_security_number
178
- end
179
-
180
- it 'all paths it lead to the same result 2' do
181
- assert_equal @bank_account_number, (@user.social_security_number = @bank_account_number)
182
- assert_equal @bank_account_number_encrypted, @user.encrypted_social_security_number
183
- end
184
-
185
- it 'all paths it lead to the same result, check uninitialized' do
186
- user = MongoidUser.new
187
- assert_nil user.social_security_number
188
- assert_equal @bank_account_number, (user.social_security_number = @bank_account_number)
189
- assert_equal @bank_account_number, user.social_security_number
190
- assert_equal @bank_account_number_encrypted, user.encrypted_social_security_number
191
-
192
- user.social_security_number = nil
193
- assert_nil user.social_security_number
194
- assert_nil user.encrypted_social_security_number
195
- end
196
-
197
- it 'allow unencrypted values to be passed to the constructor' do
198
- user = MongoidUser.new(bank_account_number: @bank_account_number, social_security_number: @social_security_number)
199
- assert_equal @bank_account_number, user.bank_account_number
200
- assert_equal @social_security_number, user.social_security_number
201
- assert_equal @bank_account_number_encrypted, user.encrypted_bank_account_number
202
- assert_equal @social_security_number_encrypted, user.encrypted_social_security_number
203
- end
204
-
205
- it 'allow both encrypted and unencrypted values to be passed to the constructor' do
206
- user = MongoidUser.new(encrypted_bank_account_number: @bank_account_number_encrypted, social_security_number: @social_security_number)
207
- assert_equal @bank_account_number, user.bank_account_number
208
- assert_equal @social_security_number, user.social_security_number
209
- assert_equal @bank_account_number_encrypted, user.encrypted_bank_account_number
210
- assert_equal @social_security_number_encrypted, user.encrypted_social_security_number
211
- end
212
-
213
- describe 'changed?' do
214
- before do
215
- @user.save!
216
- end
217
-
218
- after do
219
- @user&.destroy
220
- end
221
-
222
- it 'return false if it was not changed' do
223
- assert_equal false, @user.encrypted_bank_account_number_changed?
224
- assert_equal false, @user.bank_account_number_changed?
225
- end
226
-
227
- it 'return true if it was changed' do
228
- @user.bank_account_number = '15424623'
229
- assert_equal true, @user.encrypted_bank_account_number_changed?
230
- assert_equal true, @user.bank_account_number_changed?
231
- end
232
- end
233
-
234
- describe 'data types' do
235
- before do
236
- @user.save!
237
- @user_clone = MongoidUser.find(@user.id)
238
- end
239
-
240
- after do
241
- @user&.destroy
242
- end
243
-
244
- describe 'aliased fields' do
245
- it 'return correct data type' do
246
- @user_clone.aliased_integer_value = '5'
247
- assert_equal 5, @user_clone.aliased_integer_value
248
- end
249
- end
250
-
251
- describe 'integer values' do
252
- it 'return correct data type' do
253
- assert_equal @integer_value, @user_clone.integer_value
254
- assert @user.clone.integer_value.is_a?(Integer)
255
- end
256
-
257
- it 'coerce data type before save' do
258
- u = MongoidUser.new(integer_value: '5')
259
- assert_equal 5, u.integer_value
260
- assert u.integer_value.is_a?(Integer)
261
- end
262
-
263
- it 'permit replacing value with nil' do
264
- @user_clone.integer_value = nil
265
- @user_clone.save!
266
-
267
- @user.reload
268
- assert_nil @user.integer_value
269
- assert_nil @user.encrypted_integer_value
270
- end
271
-
272
- it 'permit replacing value' do
273
- new_integer_value = 98
274
- @user_clone.integer_value = new_integer_value
275
- @user_clone.save!
276
-
277
- @user.reload
278
- assert_equal new_integer_value, @user.integer_value
279
- end
280
- end
281
-
282
- describe 'float values' do
283
- it 'return correct data type' do
284
- assert_equal @float_value, @user_clone.float_value
285
- assert @user.clone.float_value.is_a?(Float)
286
- end
287
-
288
- it 'coerce data type before save' do
289
- u = MongoidUser.new(float_value: '5.6')
290
- assert_equal 5.6, u.float_value
291
- assert u.float_value.is_a?(Float)
292
- end
293
-
294
- it 'permit replacing value with nil' do
295
- @user_clone.float_value = nil
296
- @user_clone.save!
297
-
298
- @user.reload
299
- assert_nil @user.float_value
300
- assert_nil @user.encrypted_float_value
301
- end
302
-
303
- it 'permit replacing value' do
304
- new_float_value = 45.4321
305
- @user_clone.float_value = new_float_value
306
- @user_clone.save!
307
-
308
- @user.reload
309
- assert_equal new_float_value, @user.float_value
310
- end
311
- end
312
-
313
- describe 'decimal values' do
314
- it 'return correct data type' do
315
- assert_equal @decimal_value, @user_clone.decimal_value
316
- assert @user.clone.decimal_value.is_a?(BigDecimal)
317
- end
318
-
319
- it 'coerce data type before save' do
320
- u = MongoidUser.new(decimal_value: '99.95')
321
- assert_equal BigDecimal('99.95'), u.decimal_value
322
- assert u.decimal_value.is_a?(BigDecimal)
323
- end
324
-
325
- it 'permit replacing value with nil' do
326
- @user_clone.decimal_value = nil
327
- @user_clone.save!
328
-
329
- @user.reload
330
- assert_nil @user.decimal_value
331
- assert_nil @user.encrypted_decimal_value
332
- end
333
-
334
- it 'permit replacing value' do
335
- new_decimal_value = BigDecimal('99.95')
336
- @user_clone.decimal_value = new_decimal_value
337
- @user_clone.save!
338
-
339
- @user.reload
340
- assert_equal new_decimal_value, @user.decimal_value
341
- end
342
- end
343
-
344
- describe 'datetime values' do
345
- it 'return correct data type' do
346
- assert_equal @datetime_value, @user_clone.datetime_value
347
- assert @user.clone.datetime_value.is_a?(DateTime)
348
- end
349
-
350
- it 'coerce data type before save' do
351
- now = Time.now
352
- u = MongoidUser.new(datetime_value: now)
353
- assert_equal now, u.datetime_value
354
- assert u.datetime_value.is_a?(DateTime)
355
- end
356
-
357
- it 'permit replacing value with nil' do
358
- @user_clone.datetime_value = nil
359
- @user_clone.save!
360
-
361
- @user.reload
362
- assert_nil @user.datetime_value
363
- assert_nil @user.encrypted_datetime_value
364
- end
365
-
366
- it 'permit replacing value' do
367
- new_datetime_value = DateTime.new(1998, 10, 21, 8, 33, 28, '+5')
368
- @user_clone.datetime_value = new_datetime_value
369
- @user_clone.save!
370
-
371
- @user.reload
372
- assert_equal new_datetime_value, @user.datetime_value
373
- end
374
- end
375
-
376
- describe 'time values' do
377
- it 'return correct data type' do
378
- assert_equal @time_value, @user_clone.time_value.dup
379
- assert @user.clone.time_value.is_a?(Time)
380
- end
381
-
382
- it 'coerce data type before save' do
383
- now = Time.now
384
- u = MongoidUser.new(time_value: now)
385
- assert_equal now, u.time_value.dup
386
- assert u.time_value.is_a?(Time)
387
- end
388
-
389
- it 'permit replacing value with nil' do
390
- @user_clone.time_value = nil
391
- @user_clone.save!
392
-
393
- @user.reload
394
- assert_nil @user.time_value
395
- assert_nil @user.encrypted_time_value
396
- end
397
-
398
- it 'permit replacing value' do
399
- new_time_value = Time.new(1998, 10, 21, 8, 33, 28, '+04:00')
400
- @user_clone.time_value = new_time_value
401
- @user_clone.save!
402
-
403
- @user.reload
404
- assert_equal new_time_value, @user.time_value.dup
405
- end
406
- end
407
-
408
- describe 'date values' do
409
- it 'return correct data type' do
410
- assert_equal @date_value, @user_clone.date_value
411
- assert @user.clone.date_value.is_a?(Date)
412
- end
413
-
414
- it 'coerce data type before save' do
415
- now = Time.now
416
- u = MongoidUser.new(date_value: now)
417
- assert_equal now.to_date, u.date_value
418
- assert u.date_value.is_a?(Date)
419
- end
420
-
421
- it 'permit replacing value with nil' do
422
- @user_clone.date_value = nil
423
- @user_clone.save!
424
-
425
- @user.reload
426
- assert_nil @user.date_value
427
- assert_nil @user.encrypted_date_value
428
- end
429
-
430
- it 'permit replacing value' do
431
- new_date_value = Date.new(1998, 10, 21)
432
- @user_clone.date_value = new_date_value
433
- @user_clone.save!
434
-
435
- @user.reload
436
- assert_equal new_date_value, @user.date_value
437
- end
438
- end
439
-
440
- describe 'true values' do
441
- it 'return correct data type' do
442
- assert_equal true, @user_clone.true_value
443
- assert @user.clone.true_value.is_a?(TrueClass)
444
- end
445
-
446
- it 'coerce data type before save' do
447
- u = MongoidUser.new(true_value: '1')
448
- assert_equal true, u.true_value
449
- assert u.true_value.is_a?(TrueClass)
450
- end
451
-
452
- it 'permit replacing value with nil' do
453
- @user_clone.true_value = nil
454
- @user_clone.save!
455
-
456
- @user.reload
457
- assert_nil @user.true_value
458
- assert_nil @user.encrypted_true_value
459
- end
460
-
461
- it 'permit replacing value' do
462
- new_value = false
463
- @user_clone.true_value = new_value
464
- @user_clone.save!
465
-
466
- @user.reload
467
- assert_equal new_value, @user.true_value
468
- end
469
- end
470
-
471
- describe 'false values' do
472
- it 'return correct data type' do
473
- assert_equal false, @user_clone.false_value
474
- assert @user.clone.false_value.is_a?(FalseClass)
475
- end
476
-
477
- it 'coerce data type before save' do
478
- u = MongoidUser.new(false_value: '0')
479
- assert_equal false, u.false_value
480
- assert u.false_value.is_a?(FalseClass)
481
- end
482
-
483
- it 'permit replacing value with nil' do
484
- @user_clone.false_value = nil
485
- @user_clone.save!
486
-
487
- @user.reload
488
- assert_nil @user.false_value
489
- assert_nil @user.encrypted_false_value
490
- end
491
-
492
- it 'permit replacing value' do
493
- new_value = true
494
- @user_clone.false_value = new_value
495
- @user_clone.save!
496
-
497
- @user.reload
498
- assert_equal new_value, @user.false_value
499
- end
500
- end
501
-
502
- describe 'JSON Serialization' do
503
- before do
504
- # JSON Does not support symbols, so they will come back as strings
505
- # Convert symbols to string in the test
506
- @h.keys.each do |k|
507
- @h[k.to_s] = @h[k]
508
- @h.delete(k)
509
- end
510
- end
511
-
512
- it 'return correct data type' do
513
- assert_equal @h, @user_clone.data_json
514
- assert @user.clone.data_json.is_a?(Hash)
515
- end
516
-
517
- it 'not coerce data type (leaves as hash) before save' do
518
- u = MongoidUser.new(data_json: @h)
519
- assert_equal @h, u.data_json
520
- assert u.data_json.is_a?(Hash)
521
- end
522
-
523
- it 'permit replacing value with nil' do
524
- @user_clone.data_json = nil
525
- @user_clone.save!
526
-
527
- @user.reload
528
- assert_nil @user.data_json
529
- assert_nil @user.encrypted_data_json
530
- end
531
-
532
- it 'permit replacing value' do
533
- new_value = @h.clone
534
- new_value['c'] = 'C'
535
- @user_clone.data_json = new_value
536
- @user_clone.save!
537
-
538
- @user.reload
539
- assert_equal new_value, @user.data_json
540
- end
541
- end
542
-
543
- describe 'YAML Serialization' do
544
- it 'return correct data type' do
545
- assert_equal @h, @user_clone.data_yaml
546
- assert @user.clone.data_yaml.is_a?(Hash)
547
- end
548
-
549
- it 'not coerce data type (leaves as hash) before save' do
550
- u = MongoidUser.new(data_yaml: @h)
551
- assert_equal @h, u.data_yaml
552
- assert u.data_yaml.is_a?(Hash)
553
- end
554
-
555
- it 'permit replacing value with nil' do
556
- @user_clone.data_yaml = nil
557
- @user_clone.save!
558
-
559
- @user.reload
560
- assert_nil @user.data_yaml
561
- assert_nil @user.encrypted_data_yaml
562
- end
563
-
564
- it 'permit replacing value' do
565
- new_value = @h.clone
566
- new_value[:c] = 'C'
567
- @user_clone.data_yaml = new_value
568
- @user_clone.save!
569
-
570
- @user.reload
571
- assert_equal new_value, @user.data_yaml
572
- end
573
- end
574
- end
575
-
576
- describe 'uniqueness' do
577
- before do
578
- MongoidUniqueUser.destroy_all
579
- @email = 'whatever@not-unique.com'
580
- @username = 'gibby007'
581
- @user = MongoidUniqueUser.create!(email: @email)
582
- @email_user = MongoidUniqueUser.create!(username: @username)
583
- end
584
-
585
- it 'does not allow duplicate values' do
586
- duplicate = MongoidUniqueUser.new(email: @email)
587
- assert_equal false, duplicate.valid?
588
- assert_equal 'is already taken', duplicate.errors.messages[:encrypted_email].first
589
- end
590
- end
591
- end
592
- end
593
- rescue LoadError
594
- puts 'Not running Mongoid tests because mongoid gem is not installed!!!'
595
- end