symmetric-encryption 4.1.1 → 4.1.2

data/test/reader_test.rb

@@ -1,334 +0,0 @@
-require_relative 'test_helper'
-require 'stringio'
-
-# Unit Test for SymmetricEncrypted::ReaderStream
-#
-class ReaderTest < Minitest::Test
-  describe SymmetricEncryption::Reader do
-    before do
-      @data = [
-        "Hello World\n",
-        "Keep this secret\n",
-        'And keep going even further and further...'
-      ]
-      @data_str = @data.inject('') { |sum, str| sum << str }
-      @data_len = @data_str.length
-      # Use Cipher 0 since it does not always include a header
-      @cipher                        = SymmetricEncryption.cipher(0)
-      @data_encrypted_without_header = @cipher.binary_encrypt(@data_str, header: false)
-
-      header = SymmetricEncryption::Header.new(
-        version:     @cipher.version,
-        iv:          @cipher.iv,
-        key:         @cipher.send(:key),
-        cipher_name: @cipher.cipher_name
-      )
-      @data_encrypted_with_header = @cipher.binary_encrypt(@data_str, header: header)
-
-      # Verify regular decrypt can decrypt this string
-      @cipher.binary_decrypt(@data_encrypted_without_header)
-      @cipher.binary_decrypt(@data_encrypted_with_header)
-      assert @data_encrypted_without_header != @data_encrypted_with_header
-    end
-
-    [true, false].each do |header|
-      describe header do
-        before do
-          @data_encrypted = header ? @data_encrypted_with_header : @data_encrypted_without_header
-        end
-
-        it '#read()' do
-          stream = StringIO.new(@data_encrypted)
-          # Version 0 supplied if the file/stream does not have a header
-          decrypted = SymmetricEncryption::Reader.open(stream, version: 0, &:read)
-          assert_equal @data_str, decrypted
-        end
-
-        it '#read(size) followed by #read()' do
-          stream = StringIO.new(@data_encrypted)
-          # Version 0 supplied if the file/stream does not have a header
-          decrypted = SymmetricEncryption::Reader.open(stream, version: 0) do |file|
-            file.read(10)
-            file.read
-          end
-          assert_equal @data_str[10..-1], decrypted
-        end
-
-        it '#each_line' do
-          stream = StringIO.new(@data_encrypted)
-          i      = 0
-          # Version 0 supplied if the file/stream does not have a header
-          SymmetricEncryption::Reader.open(stream, version: 0) do |file|
-            file.each_line do |line|
-              assert_equal @data[i], line
-              i += 1
-            end
-          end
-        end
-
-        it '#read(size)' do
-          stream = StringIO.new(@data_encrypted)
-          # Version 0 supplied if the file/stream does not have a header
-          SymmetricEncryption::Reader.open(stream, version: 0) do |file|
-            index = 0
-            [0, 10, 5, 5000].each do |size|
-              buf = file.read(size)
-              if size.zero?
-                assert_equal '', buf
-              else
-                assert_equal @data_str[index..index + size - 1], buf
-              end
-              index += size
-            end
-          end
-        end
-      end
-    end
-
-    [
-      # No Header
-      {header: false, random_key: false, random_iv: false, compress: false},
-      # Default Header with random key and iv
-      {},
-      # Header with no compression ( default anyway )
-      {compress: false},
-      # Compress and use Random key, iv
-      {compress: true},
-      # Header but not random key or iv
-      {random_key: false},
-      # Random iv only
-      {random_key: false, random_iv: true},
-      # Random iv only with compression
-      {random_iv: true, compress: true}
-    ].each do |options|
-
-      %i[data empty blank].each do |usecase|
-        describe "read from #{usecase} file with options: #{options.inspect}" do
-          before do
-            case usecase
-            when :data
-              # Create encrypted file
-              @eof       = false
-              @file_name = '_test'
-              @header    = (options[:header] != false)
-              SymmetricEncryption::Writer.open(@file_name, options) do |file|
-                @data.inject(0) { |sum, str| sum + file.write(str) }
-              end
-            when :empty
-              @data_str  = ''
-              @eof       = true
-              @file_name = '_test_empty'
-              @header    = (options[:header] != false)
-              SymmetricEncryption::Writer.open(@file_name, options) do |file|
-                # Leave data portion empty
-              end
-            when :blank
-              @data_str  = ''
-              @eof       = true
-              @file_name = File.join(File.dirname(__FILE__), 'config/empty.csv')
-              @header    = false
-              assert_equal 0, File.size(@file_name)
-            else
-              raise "Unhandled usecase: #{usecase}"
-            end
-            @data_size = @data_str.length
-          end
-
-          after do
-            File.delete(@file_name) if File.exist?(@file_name) && !@file_name.end_with?('empty.csv')
-          end
-
-          it '.empty?' do
-            assert_equal @data_size.zero?, SymmetricEncryption::Reader.empty?(@file_name)
-            assert_raises Errno::ENOENT do
-              SymmetricEncryption::Reader.empty?('missing_file')
-            end
-          end
-
-          it '.header_present?' do
-            assert_equal @header, SymmetricEncryption::Reader.header_present?(@file_name)
-            assert_raises Errno::ENOENT do
-              SymmetricEncryption::Reader.header_present?('missing_file')
-            end
-          end
-
-          it '.open return Zlib::GzipReader when compressed' do
-            file = SymmetricEncryption::Reader.open(@file_name)
-            # assert_equal (@header && (options[:compress]||false)), file.is_a?(Zlib::GzipReader)
-            file.close
-          end
-
-          it '#read' do
-            data   = nil
-            eof    = nil
-            result = SymmetricEncryption::Reader.open(@file_name) do |file|
-              eof  = file.eof?
-              data = file.read
-            end
-            assert_equal @eof, eof
-            assert_equal @data_str, data
-            assert_equal @data_str, result
-          end
-
-          it '#read(size)' do
-            file = SymmetricEncryption::Reader.open(@file_name)
-            eof  = file.eof?
-            data = file.read(4096)
-            file.close
-
-            assert_equal @eof, eof
-            if @data_size.positive?
-              assert_equal @data_str, data
-            else
-              assert_nil data
-            end
-          end
-
-          it '#read(size, outbuf)' do
-            file = SymmetricEncryption::Reader.open(@file_name)
-            # Not supported with compressed files
-            if file.is_a?(SymmetricEncryption::Reader)
-              eof           = file.eof?
-              output_buffer = 'buffer'
-              data          = file.read(4096, output_buffer)
-              file.close
-
-              assert_equal @eof, eof
-              if @data_size.positive?
-                assert_equal @data_str, data
-                assert_equal data.object_id, output_buffer.object_id
-              else
-                assert_nil data
-                assert_empty output_buffer
-              end
-            end
-          end
-
-          it '#each_line' do
-            SymmetricEncryption::Reader.open(@file_name) do |file|
-              i = 0
-              file.each_line do |line|
-                assert_equal @data[i], line
-                i += 1
-              end
-            end
-          end
-
-          it '#rewind' do
-            decrypted = SymmetricEncryption::Reader.open(@file_name) do |file|
-              file.read
-              file.rewind
-              file.read
-            end
-            assert_equal @data_str, decrypted
-          end
-
-          it '#gets(nil,size)' do
-            file = SymmetricEncryption::Reader.open(@file_name)
-            eof  = file.eof?
-            data = file.gets(nil, 4096)
-            file.close
-
-            assert_equal @eof, eof
-            if @data_size.positive?
-              assert_equal @data_str, data
-            elsif defined?(JRuby)
-              # On JRuby Zlib::GzipReader.new(file) returns '' instead of nil on an empty file
-              assert data.blank?
-            else
-              assert_nil data
-            end
-          end
-
-          it '#gets(delim)' do
-            SymmetricEncryption::Reader.open(@file_name) do |file|
-              i           = 0
-              while (line = file.gets("\n"))
-                assert_equal @data[i], line
-                i += 1
-              end
-              assert_equal (@data_size.positive? ? 3 : 0), i
-            end
-          end
-
-          it '#gets(delim,size)' do
-            SymmetricEncryption::Reader.open(@file_name) do |file|
-              i  = 0
-              i += 1 while file.gets("\n", 128)
-              assert_equal (@data_size.positive? ? 3 : 0), i
-            end
-          end
-        end
-      end
-    end
-
-    describe 'reading from files with previous keys' do
-      before do
-        @file_name = '_test'
-        # Create encrypted file with old encryption key
-        SymmetricEncryption::Writer.open(@file_name, version: 0) do |file|
-          @data.inject(0) { |sum, str| sum + file.write(str) }
-        end
-      end
-
-      after do
-        File.delete(@file_name) if File.exist?(@file_name)
-      end
-
-      it 'decrypt from file in a single read' do
-        decrypted = SymmetricEncryption::Reader.open(@file_name, &:read)
-        assert_equal @data_str, decrypted
-      end
-
-      it 'decrypt from file a line at a time' do
-        SymmetricEncryption::Reader.open(@file_name) do |file|
-          i = 0
-          file.each_line do |line|
-            assert_equal @data[i], line
-            i += 1
-          end
-        end
-      end
-
-      it 'support rewind' do
-        decrypted = SymmetricEncryption::Reader.open(@file_name) do |file|
-          file.read
-          file.rewind
-          file.read
-        end
-        assert_equal @data_str, decrypted
-      end
-    end
-
-    describe 'reading from files with previous keys without a header' do
-      before do
-        @file_name = '_test'
-        # Create encrypted file with old encryption key
-        SymmetricEncryption::Writer.open(@file_name, version: 0, header: false, random_key: false, random_iv: false, compress: false) do |file|
-          @data.inject(0) { |sum, str| sum + file.write(str) }
-        end
-      end
-
-      after do
-        begin
-          File.delete(@file_name) if File.exist?(@file_name)
-        rescue Errno::EACCES
-          # Required for Windows
-          nil
-        end
-      end
-
-      it 'decrypt from file in a single read' do
-        decrypted = SymmetricEncryption::Reader.open(@file_name, version: 0, &:read)
-        assert_equal @data_str, decrypted
-      end
-
-      it 'decrypt from file in a single read with different version' do
-        # Should fail since file was encrypted using version 0 key
-        assert_raises OpenSSL::Cipher::CipherError do
-          SymmetricEncryption::Reader.read(@file_name, version: 1)
-        end
-      end
-    end
-  end
-end

data/test/symmetric_encryption_test.rb

@@ -1,239 +0,0 @@
-require_relative 'test_helper'
-
-# Unit Test for SymmetricEncryption
-#
-class SymmetricEncryptionTest < Minitest::Test
-  describe 'SymmetricEncryption' do
-    describe 'configuration' do
-      before do
-        config = SymmetricEncryption::Config.new(
-          file_name: File.join(File.dirname(__FILE__), 'config', 'symmetric-encryption.yml'),
-          env:       'test'
-        )
-        @ciphers = config.ciphers
-
-        @cipher_v2, @cipher_v6, @cipher_v1, @cipher_v0 = @ciphers
-      end
-
-      it 'matches config file for first cipher' do
-        cipher = SymmetricEncryption.cipher
-        assert @cipher_v2.send(:key)
-        assert @cipher_v2.send(:iv)
-        assert @cipher_v2.version
-        assert_equal @cipher_v2.cipher_name, cipher.cipher_name
-        assert_equal @cipher_v2.version, cipher.version
-        assert_equal false, SymmetricEncryption.secondary_ciphers.include?(cipher)
-      end
-
-      it 'match config file for v1 cipher' do
-        cipher = SymmetricEncryption.cipher(2)
-        assert @cipher_v2.cipher_name
-        assert @cipher_v2.version
-        assert_equal @cipher_v2.cipher_name, cipher.cipher_name
-        assert_equal @cipher_v2.version, cipher.version
-        assert_equal false, SymmetricEncryption.secondary_ciphers.include?(cipher)
-      end
-
-      it 'match config file for v0 cipher' do
-        cipher = SymmetricEncryption.cipher(0)
-        assert @cipher_v0.cipher_name
-        assert @cipher_v0.version
-        assert_equal @cipher_v0.cipher_name, cipher.cipher_name
-        assert_equal @cipher_v0.version, cipher.version
-        assert_equal true, SymmetricEncryption.secondary_ciphers.include?(cipher)
-      end
-    end
-
-    %i[none base64 base64strict base16].each do |encoding|
-      describe "encoding: #{encoding}" do
-        before do
-          @social_security_number             = '987654321'
-          @social_security_number_encrypted   =
-            case encoding
-            when :base64
-              "QEVuQwIAS+8X1NRrqdfEIQyFHVPuVA==\n"
-            when :base64strict
-              'QEVuQwIAS+8X1NRrqdfEIQyFHVPuVA=='
-            when :base16
-              '40456e4302004bef17d4d46ba9d7c4210c851d53ee54'
-            when :none
-              "@EnC\x02\x00K\xEF\x17\xD4\xD4k\xA9\xD7\xC4!\f\x85\x1DS\xEET".force_encoding(Encoding.find('binary'))
-            else
-              raise "Add test for encoding: #{encoding}"
-            end
-          @non_utf8                           = "\xc2".force_encoding('binary')
-          @encoding                           = SymmetricEncryption.cipher.encoding
-          SymmetricEncryption.cipher.encoding = encoding
-        end
-
-        after do
-          SymmetricEncryption.cipher.encoding = @encoding
-        end
-
-        it 'encrypt simple string' do
-          assert_equal @social_security_number_encrypted, SymmetricEncryption.encrypt(@social_security_number)
-        end
-
-        it 'decrypt string' do
-          assert decrypted = SymmetricEncryption.decrypt(@social_security_number_encrypted)
-          assert_equal @social_security_number, decrypted
-          assert_equal Encoding.find('utf-8'), decrypted.encoding, decrypted
-        end
-
-        it 'return BINARY encoding for non-UTF-8 encrypted data' do
-          assert_equal Encoding.find('binary'), @non_utf8.encoding
-          assert_equal true, @non_utf8.valid_encoding?
-          assert encrypted = SymmetricEncryption.encrypt(@non_utf8)
-          assert decrypted = SymmetricEncryption.decrypt(encrypted)
-          assert_equal true, decrypted.valid_encoding?
-          assert_equal Encoding.find('binary'), decrypted.encoding, decrypted
-          assert_equal @non_utf8, decrypted
-        end
-
-        it 'return nil when encrypting nil' do
-          assert_nil SymmetricEncryption.encrypt(nil)
-        end
-
-        it "return '' when encrypting ''" do
-          assert_equal '', SymmetricEncryption.encrypt('')
-        end
-
-        it 'return nil when decrypting nil' do
-          assert_nil SymmetricEncryption.decrypt(nil)
-        end
-
-        it "return '' when decrypting ''" do
-          assert_equal '', SymmetricEncryption.decrypt('')
-        end
-
-        it 'determine if string is encrypted' do
-          if %i[base64strict base64].include?(encoding)
-            assert SymmetricEncryption.encrypted?(@social_security_number_encrypted)
-            refute SymmetricEncryption.encrypted?(@social_security_number)
-
-            # Without a header it can only assume it is not encrypted
-            refute SymmetricEncryption.encrypted?(SymmetricEncryption.encrypt(@social_security_number, header: false))
-          end
-        end
-      end
-    end
-
-    describe 'using select_cipher' do
-      before do
-        @social_security_number = '987654321'
-        # Encrypt data without a header and encode with base64 which has a trailing '\n'
-        no_header        = SymmetricEncryption.cipher(0).binary_encrypt(@social_security_number, header: false)
-        @encrypted_0_ssn = SymmetricEncryption.cipher(0).encode(no_header)
-
-        SymmetricEncryption.select_cipher do |encoded_str, _decoded_str|
-          # Use cipher version 0 if the encoded string ends with "\n" otherwise
-          # use the current default cipher
-          encoded_str.end_with?("\n") ? SymmetricEncryption.cipher(0) : SymmetricEncryption.cipher
-        end
-      end
-
-      after do
-        # Clear out select_cipher
-        SymmetricEncryption.select_cipher
-      end
-
-      it 'decrypt string without a header using an old cipher' do
-        assert_equal @social_security_number, SymmetricEncryption.decrypt(@encrypted_0_ssn)
-      end
-    end
-
-    describe 'without select_cipher' do
-      before do
-        @social_security_number = '987654321'
-        # Encrypt data without a header and encode with base64 which has a trailing '\n'
-        no_header               = SymmetricEncryption.cipher(0).binary_encrypt(@social_security_number, header: false)
-        assert @encrypted_0_ssn = SymmetricEncryption.cipher(0).encode(no_header)
-      end
-
-      it 'decrypt string without a header using an old cipher' do
-        assert_raises OpenSSL::Cipher::CipherError do
-          SymmetricEncryption.decrypt(@encrypted_0_ssn)
-        end
-      end
-    end
-
-    describe 'random iv' do
-      before do
-        @social_security_number = '987654321'
-      end
-
-      it 'encrypt and then decrypt using random iv' do
-        # Encrypt with random iv
-        assert encrypted = SymmetricEncryption.encrypt(@social_security_number, random_iv: true)
-        assert_equal @social_security_number, SymmetricEncryption.decrypt(encrypted)
-      end
-
-      it 'encrypt and then decrypt using random iv with higher version' do
-        # Encrypt with random iv
-        assert encrypted = SymmetricEncryption.cipher(6).encrypt(@social_security_number, random_iv: true)
-        assert_equal @social_security_number, SymmetricEncryption.decrypt(encrypted)
-      end
-
-      it 'encrypt and then decrypt using random iv with compression' do
-        # Encrypt with random iv and compress
-        assert encrypted = SymmetricEncryption.encrypt(@social_security_number, random_iv: true, compress: true)
-        assert_equal @social_security_number, SymmetricEncryption.decrypt(encrypted)
-      end
-    end
-
-    describe 'data types' do
-      describe 'string' do
-        before do
-          @social_security_number = '987654321'
-        end
-
-        it 'encrypt and decrypt value to and from a string' do
-          assert encrypted = SymmetricEncryption.encrypt(@social_security_number, type: :string)
-          assert_equal @social_security_number, SymmetricEncryption.decrypt(encrypted, type: :string)
-        end
-
-        it 'retains empty' do
-          encrypted = SymmetricEncryption.encrypt('', type: :string)
-          assert_equal '', encrypted
-          assert_equal '', SymmetricEncryption.decrypt(encrypted, type: :string)
-        end
-
-        it 'retains nil' do
-          assert_nil encrypted = SymmetricEncryption.encrypt(nil, type: :string)
-          assert_nil SymmetricEncryption.decrypt(encrypted, type: :string)
-        end
-      end
-
-      {
-        integer:  21,
-        float:    2.5,
-        decimal:  BigDecimal('12.58'),
-        datetime: DateTime.new(2001, 11, 26, 20, 55, 54, '-5'),
-        time:     Time.new(2013, 1, 1, 22, 30, 0, '-04:00'),
-        date:     Date.new(1927, 4, 1),
-        boolean:  true,
-        yaml:     {a: :b},
-        json:     {'a' => 'b'}
-      }.each_pair do |type, value|
-        describe type.to_s do
-          it 'encrypt and decrypt' do
-            assert encrypted = SymmetricEncryption.encrypt(value, type: type)
-            assert_equal value, SymmetricEncryption.decrypt(encrypted, type: type)
-          end
-
-          it 'retains nil' do
-            assert_nil encrypted = SymmetricEncryption.encrypt(nil, type: type)
-            assert_nil SymmetricEncryption.decrypt(encrypted, type: type)
-          end
-        end
-      end
-
-      describe 'boolean false' do
-        it 'encrypt and decrypt' do
-          assert encrypted = SymmetricEncryption.encrypt(false, type: :boolean)
-          assert_equal false, SymmetricEncryption.decrypt(encrypted, type: :boolean)
-        end
-      end
-    end
-  end
-end

data/test/test_helper.rb

@@ -1,12 +0,0 @@
-$LOAD_PATH.unshift File.dirname(__FILE__) + '/../lib'
-
-require 'yaml'
-require 'minitest/autorun'
-require 'minitest/stub_any_instance'
-require 'awesome_print'
-require 'active_record'
-require 'symmetric-encryption'
-require 'fileutils'
-
-# Load Symmetric Encryption keys
-SymmetricEncryption.load!(File.join(File.dirname(__FILE__), 'config', 'symmetric-encryption.yml'), 'test')

data/test/utils/aws_test.rb

@@ -1,74 +0,0 @@
-require_relative '../test_helper'
-require 'stringio'
-
-module SymmetricEncryption
-  module Utils
-    class AwsTest < Minitest::Test
-      describe SymmetricEncryption::Utils::Aws do
-        before do
-          unless (ENV['AWS_ACCESS_KEY_ID'] && ENV['AWS_SECRET_ACCESS_KEY']) || ENV['AWS_CONFIG_FILE']
-            # For example: export AWS_CONFIG_FILE=~/.aws/credentials
-            skip 'Set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, or AWS_CONFIG_FILE to run AWS KMS tests'
-          end
-        end
-
-        let :region do
-          'us-east-1'
-        end
-
-        let :master_key_alias do
-          'alias/symmetric-encryption/test'
-        end
-
-        let :aws do
-          SymmetricEncryption::Utils::Aws.new(region: region, master_key_alias: master_key_alias)
-        end
-
-        describe '#key_spec' do
-          it 'converts aes-256-cbc' do
-            assert_equal 'AES_256', aws.key_spec('aes-256-cbc')
-          end
-
-          it 'converts aes-128-cbc' do
-            assert_equal 'AES_128', aws.key_spec('aes-128-cbc')
-          end
-        end
-
-        describe '#create_master_key' do
-          it 'creates a new master key' do
-            skip 'Only run if really needed, gets tested once as part of the CMK auto-create'
-            aws.delete_master_key(retention_days: 7)
-            aws.create_master_key
-          end
-        end
-
-        describe '#generate_data_key' do
-          it 'creates a new data key' do
-            assert aws.generate_data_key('aes-128-cbc')
-          end
-        end
-
-        describe '#generate_encrypted_data_key' do
-          it 'creates a new data key' do
-            assert aws.generate_encrypted_data_key('aes-128-cbc')
-          end
-        end
-
-        describe '#encrypt' do
-          it 'encrypts a block of data' do
-            assert aws.encrypt('hello')
-          end
-        end
-
-        describe '#decrypt' do
-          it 'decrypts a previously encrypted block of data' do
-            message   = 'hello world this is a top secret message'
-            encrypted = aws.encrypt(message)
-            decrypted = aws.decrypt(encrypted)
-            assert_equal message, decrypted
-          end
-        end
-      end
-    end
-  end
-end