[GitHub] [nifi] exceptionfactory opened a new pull request #5913: NIFI-9844 Refactor Encryptor tests using JUnit 5

[GitBox <gi...@apache.org>]

exceptionfactory opened a new pull request #5913:
URL: https://github.com/apache/nifi/pull/5913


   #### Description of PR
   
   NIFI-9844 Refactors unit tests for `KeyedEncryptor` and `PasswordBasedEncryptor` using JUnit 5 with new Java implementations replacing existing Groovy test classes. The new test classes retain the majority of the functionality while reducing unnecessary repetition in test methods and eliminating unnecessary logging. Additional changes include streamlining the related OpenPGP Encryptor tests to remove unnecessary logging and unused methods.
   
   In order to streamline the review of the contribution we ask you
   to ensure the following steps have been taken:
   
   ### For all changes:
   - [X] Is there a JIRA ticket associated with this PR? Is it referenced 
        in the commit message?
   
   - [X] Does your PR title start with **NIFI-XXXX** where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
   
   - [X] Has your PR been rebased against the latest commit within the target branch (typically `main`)?
   
   - [X] Is your initial contribution a single, squashed commit? _Additional commits in response to PR reviewer feedback should be made on this branch and pushed to allow change tracking. Do not `squash` or use `--force` when pushing to allow for clean monitoring of changes._
   
   ### For code changes:
   - [ ] Have you ensured that the full suite of tests is executed via `mvn -Pcontrib-check clean install` at the root `nifi` folder?
   - [X] Have you written or updated unit tests to verify your changes?
   - [ ] Have you verified that the full build is successful on JDK 8?
   - [ ] Have you verified that the full build is successful on JDK 11?
   - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)?
   - [ ] If applicable, have you updated the `LICENSE` file, including the main `LICENSE` file under `nifi-assembly`?
   - [ ] If applicable, have you updated the `NOTICE` file, including the main `NOTICE` file found under `nifi-assembly`?
   - [ ] If adding new Properties, have you added `.displayName` in addition to .name (programmatic access) for each of the new properties?
   
   ### For documentation related changes:
   - [ ] Have you ensured that format looks appropriate for the output in which it is rendered?
   
   ### Note:
   Please ensure that once the PR is submitted, you check GitHub Actions CI for build issues and submit an update to your PR as soon as possible.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [nifi] thenatog commented on pull request #5913: NIFI-9844 Refactor Encryptor tests using JUnit 5

[GitBox <gi...@apache.org>]

thenatog commented on pull request #5913:
URL: https://github.com/apache/nifi/pull/5913#issuecomment-1082142578


   Will review


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [nifi] thenatog commented on pull request #5913: NIFI-9844 Refactor Encryptor tests using JUnit 5

[GitBox <gi...@apache.org>]

thenatog commented on pull request #5913:
URL: https://github.com/apache/nifi/pull/5913#issuecomment-1082403234


   +1 looks good to me, will merge.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [nifi] exceptionfactory commented on a change in pull request #5913: NIFI-9844 Refactor Encryptor tests using JUnit 5

[GitBox <gi...@apache.org>]

exceptionfactory commented on a change in pull request #5913:
URL: https://github.com/apache/nifi/pull/5913#discussion_r837817315



##########
File path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/security/util/crypto/KeyedEncryptorGroovyTest.groovy
##########
@@ -1,254 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License") you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.security.util.crypto
-
-import org.apache.commons.codec.binary.Hex
-import org.apache.nifi.processor.exception.ProcessException
-import org.apache.nifi.processor.io.StreamCallback
-import org.apache.nifi.security.util.EncryptionMethod
-import org.apache.nifi.security.util.KeyDerivationFunction
-import org.apache.nifi.stream.io.exception.BytePatternNotFoundException
-import org.bouncycastle.jce.provider.BouncyCastleProvider
-import org.junit.BeforeClass
-import org.junit.Test
-import org.junit.Assert
-import org.slf4j.Logger
-import org.slf4j.LoggerFactory
-
-import javax.crypto.SecretKey
-import javax.crypto.spec.SecretKeySpec
-import java.nio.charset.StandardCharsets
-import java.security.Security
-
-class KeyedEncryptorGroovyTest {
-    private static final Logger logger = LoggerFactory.getLogger(KeyedEncryptorGroovyTest.class)
-
-    private static final String TEST_RESOURCES_PREFIX = "src/test/resources/TestEncryptContent/"
-
-    private static final String KEY_HEX = "0123456789ABCDEFFEDCBA9876543210"
-    private static final SecretKey KEY = new SecretKeySpec(Hex.decodeHex(KEY_HEX as char[]), "AES")
-
-    @BeforeClass
-    static void setUpOnce() throws Exception {
-        Security.addProvider(new BouncyCastleProvider())
-
-        logger.metaClass.methodMissing = { String name, args ->
-            logger.info("[${name?.toUpperCase()}] ${(args as List).join(" ")}")
-        }
-    }
-
-    @Test
-    void testShouldEncryptAndDecrypt() throws Exception {
-        // Arrange
-        final String PLAINTEXT = "This is a plaintext message."
-        logger.info("Plaintext: {}", PLAINTEXT)
-        InputStream plainStream = new ByteArrayInputStream(PLAINTEXT.getBytes("UTF-8"))
-
-        OutputStream cipherStream = new ByteArrayOutputStream()
-        OutputStream recoveredStream = new ByteArrayOutputStream()
-
-        EncryptionMethod encryptionMethod = EncryptionMethod.AES_CBC
-        logger.info("Using ${encryptionMethod.name()}")
-
-        // Act
-        KeyedEncryptor encryptor = new KeyedEncryptor(encryptionMethod, KEY)
-
-        StreamCallback encryptionCallback = encryptor.getEncryptionCallback()
-        StreamCallback decryptionCallback = encryptor.getDecryptionCallback()
-
-        encryptionCallback.process(plainStream, cipherStream)
-
-        final byte[] cipherBytes = ((ByteArrayOutputStream) cipherStream).toByteArray()
-        logger.info("Encrypted: {}", Hex.encodeHexString(cipherBytes))
-        InputStream cipherInputStream = new ByteArrayInputStream(cipherBytes)
-        decryptionCallback.process(cipherInputStream, recoveredStream)
-
-        // Assert
-        byte[] recoveredBytes = ((ByteArrayOutputStream) recoveredStream).toByteArray()
-        String recovered = new String(recoveredBytes, "UTF-8")
-        logger.info("Recovered: {}\n\n", recovered)
-        assert PLAINTEXT.equals(recovered)
-    }
-
-    @Test
-    void testShouldDecryptOpenSSLUnsaltedCipherTextWithKnownIV() throws Exception {
-        // Arrange
-        final String PLAINTEXT = new File("${TEST_RESOURCES_PREFIX}/plain.txt").text
-        logger.info("Plaintext: {}", PLAINTEXT)
-        byte[] cipherBytes = new File("${TEST_RESOURCES_PREFIX}/unsalted_128_raw.enc").bytes
-
-        final String keyHex = "711E85689CE7AFF6F410AEA43ABC5446"
-        final String ivHex = "842F685B84879B2E00F977C22B9E9A7D"
-
-        InputStream cipherStream = new ByteArrayInputStream(cipherBytes)
-        OutputStream recoveredStream = new ByteArrayOutputStream()
-
-        final EncryptionMethod encryptionMethod = EncryptionMethod.AES_CBC
-        KeyedEncryptor encryptor = new KeyedEncryptor(encryptionMethod, new SecretKeySpec(Hex.decodeHex(keyHex as char[]), "AES"), Hex.decodeHex(ivHex as char[]))
-
-        StreamCallback decryptionCallback = encryptor.getDecryptionCallback()
-        logger.info("Cipher bytes: ${Hex.encodeHexString(cipherBytes)}")
-
-        // Act
-        decryptionCallback.process(cipherStream, recoveredStream)
-
-        // Assert
-        byte[] recoveredBytes = ((ByteArrayOutputStream) recoveredStream).toByteArray()
-        String recovered = new String(recoveredBytes, "UTF-8")
-        logger.info("Recovered: {}", recovered)
-        assert PLAINTEXT.equals(recovered)
-    }
-
-    /**
-     * This test demonstrates that if incoming cipher text was generated by a cipher using PBE with
-     * KDF, the salt can be skipped and the cipher bytes can still be decrypted using keyed encryption.
-     * @throws Exception
-     */
-    @Test
-    void testShouldSkipSaltOnDecrypt() throws Exception {

Review comment:
       Thanks for the feedback @thenatog!
   
   The new `testEncryptDecrypt` method handles encryption and decryption without a salt specified, so maintaining this particular test seems unnecessary. The `PasswordBasedEncryptorTest` includes several methods for different algorithms, some of which use a salt, so this concept seems covered. This particular method also seems unnecessary since the lower-level Cipher Provider tests already exercise a number of different scenarios.
   
   The `testShouldParseCostParams()` was directly related to this test method, and only exercised another method in this test class, so it is also unnecessary after refactoring.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [nifi] thenatog closed pull request #5913: NIFI-9844 Refactor Encryptor tests using JUnit 5

[GitBox <gi...@apache.org>]

thenatog closed pull request #5913:
URL: https://github.com/apache/nifi/pull/5913


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [nifi] thenatog commented on a change in pull request #5913: NIFI-9844 Refactor Encryptor tests using JUnit 5

[GitBox <gi...@apache.org>]

thenatog commented on a change in pull request #5913:
URL: https://github.com/apache/nifi/pull/5913#discussion_r837802944



##########
File path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/security/util/crypto/KeyedEncryptorGroovyTest.groovy
##########
@@ -1,254 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License") you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.security.util.crypto
-
-import org.apache.commons.codec.binary.Hex
-import org.apache.nifi.processor.exception.ProcessException
-import org.apache.nifi.processor.io.StreamCallback
-import org.apache.nifi.security.util.EncryptionMethod
-import org.apache.nifi.security.util.KeyDerivationFunction
-import org.apache.nifi.stream.io.exception.BytePatternNotFoundException
-import org.bouncycastle.jce.provider.BouncyCastleProvider
-import org.junit.BeforeClass
-import org.junit.Test
-import org.junit.Assert
-import org.slf4j.Logger
-import org.slf4j.LoggerFactory
-
-import javax.crypto.SecretKey
-import javax.crypto.spec.SecretKeySpec
-import java.nio.charset.StandardCharsets
-import java.security.Security
-
-class KeyedEncryptorGroovyTest {
-    private static final Logger logger = LoggerFactory.getLogger(KeyedEncryptorGroovyTest.class)
-
-    private static final String TEST_RESOURCES_PREFIX = "src/test/resources/TestEncryptContent/"
-
-    private static final String KEY_HEX = "0123456789ABCDEFFEDCBA9876543210"
-    private static final SecretKey KEY = new SecretKeySpec(Hex.decodeHex(KEY_HEX as char[]), "AES")
-
-    @BeforeClass
-    static void setUpOnce() throws Exception {
-        Security.addProvider(new BouncyCastleProvider())
-
-        logger.metaClass.methodMissing = { String name, args ->
-            logger.info("[${name?.toUpperCase()}] ${(args as List).join(" ")}")
-        }
-    }
-
-    @Test
-    void testShouldEncryptAndDecrypt() throws Exception {
-        // Arrange
-        final String PLAINTEXT = "This is a plaintext message."
-        logger.info("Plaintext: {}", PLAINTEXT)
-        InputStream plainStream = new ByteArrayInputStream(PLAINTEXT.getBytes("UTF-8"))
-
-        OutputStream cipherStream = new ByteArrayOutputStream()
-        OutputStream recoveredStream = new ByteArrayOutputStream()
-
-        EncryptionMethod encryptionMethod = EncryptionMethod.AES_CBC
-        logger.info("Using ${encryptionMethod.name()}")
-
-        // Act
-        KeyedEncryptor encryptor = new KeyedEncryptor(encryptionMethod, KEY)
-
-        StreamCallback encryptionCallback = encryptor.getEncryptionCallback()
-        StreamCallback decryptionCallback = encryptor.getDecryptionCallback()
-
-        encryptionCallback.process(plainStream, cipherStream)
-
-        final byte[] cipherBytes = ((ByteArrayOutputStream) cipherStream).toByteArray()
-        logger.info("Encrypted: {}", Hex.encodeHexString(cipherBytes))
-        InputStream cipherInputStream = new ByteArrayInputStream(cipherBytes)
-        decryptionCallback.process(cipherInputStream, recoveredStream)
-
-        // Assert
-        byte[] recoveredBytes = ((ByteArrayOutputStream) recoveredStream).toByteArray()
-        String recovered = new String(recoveredBytes, "UTF-8")
-        logger.info("Recovered: {}\n\n", recovered)
-        assert PLAINTEXT.equals(recovered)
-    }
-
-    @Test
-    void testShouldDecryptOpenSSLUnsaltedCipherTextWithKnownIV() throws Exception {
-        // Arrange
-        final String PLAINTEXT = new File("${TEST_RESOURCES_PREFIX}/plain.txt").text
-        logger.info("Plaintext: {}", PLAINTEXT)
-        byte[] cipherBytes = new File("${TEST_RESOURCES_PREFIX}/unsalted_128_raw.enc").bytes
-
-        final String keyHex = "711E85689CE7AFF6F410AEA43ABC5446"
-        final String ivHex = "842F685B84879B2E00F977C22B9E9A7D"
-
-        InputStream cipherStream = new ByteArrayInputStream(cipherBytes)
-        OutputStream recoveredStream = new ByteArrayOutputStream()
-
-        final EncryptionMethod encryptionMethod = EncryptionMethod.AES_CBC
-        KeyedEncryptor encryptor = new KeyedEncryptor(encryptionMethod, new SecretKeySpec(Hex.decodeHex(keyHex as char[]), "AES"), Hex.decodeHex(ivHex as char[]))
-
-        StreamCallback decryptionCallback = encryptor.getDecryptionCallback()
-        logger.info("Cipher bytes: ${Hex.encodeHexString(cipherBytes)}")
-
-        // Act
-        decryptionCallback.process(cipherStream, recoveredStream)
-
-        // Assert
-        byte[] recoveredBytes = ((ByteArrayOutputStream) recoveredStream).toByteArray()
-        String recovered = new String(recoveredBytes, "UTF-8")
-        logger.info("Recovered: {}", recovered)
-        assert PLAINTEXT.equals(recovered)
-    }
-
-    /**
-     * This test demonstrates that if incoming cipher text was generated by a cipher using PBE with
-     * KDF, the salt can be skipped and the cipher bytes can still be decrypted using keyed encryption.
-     * @throws Exception
-     */
-    @Test
-    void testShouldSkipSaltOnDecrypt() throws Exception {

Review comment:
       Do we need an equivalent Java test for this and testShouldParseCostParams()? 




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org