2008-11-25 14:27:54 -05:00
|
|
|
require 'abstract_unit'
|
2010-05-01 08:40:02 -04:00
|
|
|
|
|
|
|
begin
|
|
|
|
require 'openssl'
|
|
|
|
OpenSSL::Digest::SHA1
|
|
|
|
rescue LoadError, NameError
|
|
|
|
$stderr.puts "Skipping MessageEncryptor test: broken OpenSSL install"
|
|
|
|
else
|
|
|
|
|
2009-11-14 14:37:06 -05:00
|
|
|
require 'active_support/time'
|
2011-09-15 08:28:53 -04:00
|
|
|
require 'active_support/json'
|
2008-11-25 14:27:54 -05:00
|
|
|
|
2011-09-15 15:51:30 -04:00
|
|
|
class MessageEncryptorTest < ActiveSupport::TestCase
|
2011-09-15 13:15:21 -04:00
|
|
|
class JSONSerializer
|
|
|
|
def dump(value)
|
|
|
|
ActiveSupport::JSON.encode(value)
|
|
|
|
end
|
2011-11-09 16:48:56 -05:00
|
|
|
|
2011-09-15 13:15:21 -04:00
|
|
|
def load(value)
|
|
|
|
ActiveSupport::JSON.decode(value)
|
|
|
|
end
|
|
|
|
end
|
2011-11-09 16:48:56 -05:00
|
|
|
|
2008-11-25 14:27:54 -05:00
|
|
|
def setup
|
2011-11-09 16:48:56 -05:00
|
|
|
@secret = SecureRandom.hex(64)
|
2011-11-09 17:11:46 -05:00
|
|
|
@verifier = ActiveSupport::MessageVerifier.new(@secret, :serializer => ActiveSupport::MessageEncryptor::NullSerializer)
|
2011-11-09 16:48:56 -05:00
|
|
|
@encryptor = ActiveSupport::MessageEncryptor.new(@secret)
|
2010-03-29 01:51:48 -04:00
|
|
|
@data = { :some => "data", :now => Time.local(2010) }
|
2008-11-25 14:27:54 -05:00
|
|
|
end
|
2010-08-14 01:13:00 -04:00
|
|
|
|
2008-11-25 14:27:54 -05:00
|
|
|
def test_encrypting_twice_yields_differing_cipher_text
|
2013-01-09 16:32:35 -05:00
|
|
|
first_message = @encryptor.encrypt_and_sign(@data).split("--").first
|
2011-11-09 16:48:56 -05:00
|
|
|
second_message = @encryptor.encrypt_and_sign(@data).split("--").first
|
2013-01-09 16:32:35 -05:00
|
|
|
assert_not_equal first_message, second_message
|
2008-11-25 14:27:54 -05:00
|
|
|
end
|
2010-08-14 01:13:00 -04:00
|
|
|
|
2011-11-09 16:48:56 -05:00
|
|
|
def test_messing_with_either_encrypted_values_causes_failure
|
|
|
|
text, iv = @verifier.verify(@encryptor.encrypt_and_sign(@data)).split("--")
|
2008-11-25 14:27:54 -05:00
|
|
|
assert_not_decrypted([iv, text] * "--")
|
|
|
|
assert_not_decrypted([text, munge(iv)] * "--")
|
|
|
|
assert_not_decrypted([munge(text), iv] * "--")
|
|
|
|
assert_not_decrypted([munge(text), munge(iv)] * "--")
|
|
|
|
end
|
2010-08-14 01:13:00 -04:00
|
|
|
|
2011-11-09 16:48:56 -05:00
|
|
|
def test_messing_with_verified_values_causes_failures
|
|
|
|
text, iv = @encryptor.encrypt_and_sign(@data).split("--")
|
|
|
|
assert_not_verified([iv, text] * "--")
|
|
|
|
assert_not_verified([text, munge(iv)] * "--")
|
|
|
|
assert_not_verified([munge(text), iv] * "--")
|
|
|
|
assert_not_verified([munge(text), munge(iv)] * "--")
|
|
|
|
end
|
|
|
|
|
2008-11-25 14:27:54 -05:00
|
|
|
def test_signed_round_tripping
|
|
|
|
message = @encryptor.encrypt_and_sign(@data)
|
|
|
|
assert_equal @data, @encryptor.decrypt_and_verify(message)
|
|
|
|
end
|
2011-11-09 16:48:56 -05:00
|
|
|
|
2011-09-15 08:28:53 -04:00
|
|
|
def test_alternative_serialization_method
|
2013-05-03 18:37:18 -04:00
|
|
|
prev = ActiveSupport.use_standard_json_time_format
|
|
|
|
ActiveSupport.use_standard_json_time_format = true
|
2012-10-30 14:41:11 -04:00
|
|
|
encryptor = ActiveSupport::MessageEncryptor.new(SecureRandom.hex(64), SecureRandom.hex(64), :serializer => JSONSerializer.new)
|
2011-09-15 14:27:12 -04:00
|
|
|
message = encryptor.encrypt_and_sign({ :foo => 123, 'bar' => Time.utc(2010) })
|
2013-11-07 10:35:49 -05:00
|
|
|
exp = { "foo" => 123, "bar" => "2010-01-01T00:00:00.000Z" }
|
2013-05-03 18:37:18 -04:00
|
|
|
assert_equal exp, encryptor.decrypt_and_verify(message)
|
|
|
|
ensure
|
|
|
|
ActiveSupport.use_standard_json_time_format = prev
|
2011-09-15 08:28:53 -04:00
|
|
|
end
|
2010-08-14 01:13:00 -04:00
|
|
|
|
2013-05-15 10:11:04 -04:00
|
|
|
def test_message_obeys_strict_encoding
|
|
|
|
bad_encoding_characters = "\n!@#"
|
|
|
|
message, iv = @encryptor.encrypt_and_sign("This is a very \n\nhumble string"+bad_encoding_characters)
|
|
|
|
|
|
|
|
assert_not_decrypted("#{::Base64.encode64 message.to_s}--#{::Base64.encode64 iv.to_s}")
|
|
|
|
assert_not_verified("#{::Base64.encode64 message.to_s}--#{::Base64.encode64 iv.to_s}")
|
|
|
|
|
|
|
|
assert_not_decrypted([iv, message] * bad_encoding_characters)
|
|
|
|
assert_not_verified([iv, message] * bad_encoding_characters)
|
|
|
|
end
|
|
|
|
|
2008-11-25 14:27:54 -05:00
|
|
|
private
|
2011-11-09 16:48:56 -05:00
|
|
|
|
|
|
|
def assert_not_decrypted(value)
|
|
|
|
assert_raise(ActiveSupport::MessageEncryptor::InvalidMessage) do
|
|
|
|
@encryptor.decrypt_and_verify(@verifier.generate(value))
|
2008-11-25 14:27:54 -05:00
|
|
|
end
|
2011-11-09 16:48:56 -05:00
|
|
|
end
|
2010-08-14 01:13:00 -04:00
|
|
|
|
2011-11-09 16:48:56 -05:00
|
|
|
def assert_not_verified(value)
|
|
|
|
assert_raise(ActiveSupport::MessageVerifier::InvalidSignature) do
|
|
|
|
@encryptor.decrypt_and_verify(value)
|
2008-11-25 14:27:54 -05:00
|
|
|
end
|
2011-11-09 16:48:56 -05:00
|
|
|
end
|
2010-05-01 08:40:02 -04:00
|
|
|
|
2011-11-09 16:48:56 -05:00
|
|
|
def munge(base64_string)
|
2013-05-15 10:11:04 -04:00
|
|
|
bits = ::Base64.strict_decode64(base64_string)
|
2011-11-09 16:48:56 -05:00
|
|
|
bits.reverse!
|
2012-01-01 12:57:55 -05:00
|
|
|
::Base64.strict_encode64(bits)
|
2011-11-09 16:48:56 -05:00
|
|
|
end
|
2010-05-01 08:40:02 -04:00
|
|
|
end
|
2011-11-09 16:48:56 -05:00
|
|
|
|
2012-01-01 12:57:55 -05:00
|
|
|
end
|