1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44 package org.eclipse.jgit.transport;
45
46 import static java.nio.charset.StandardCharsets.UTF_8;
47 import static org.eclipse.jgit.transport.WalkEncryptionTest.Util.cryptoCipherListPBE;
48 import static org.eclipse.jgit.transport.WalkEncryptionTest.Util.cryptoCipherListTrans;
49 import static org.eclipse.jgit.transport.WalkEncryptionTest.Util.folderDelete;
50 import static org.eclipse.jgit.transport.WalkEncryptionTest.Util.permitLongTests;
51 import static org.eclipse.jgit.transport.WalkEncryptionTest.Util.policySetup;
52 import static org.eclipse.jgit.transport.WalkEncryptionTest.Util.product;
53 import static org.eclipse.jgit.transport.WalkEncryptionTest.Util.proxySetup;
54 import static org.eclipse.jgit.transport.WalkEncryptionTest.Util.publicAddress;
55 import static org.eclipse.jgit.transport.WalkEncryptionTest.Util.reportPolicy;
56 import static org.eclipse.jgit.transport.WalkEncryptionTest.Util.securityProviderName;
57 import static org.eclipse.jgit.transport.WalkEncryptionTest.Util.textWrite;
58 import static org.eclipse.jgit.transport.WalkEncryptionTest.Util.transferStream;
59 import static org.eclipse.jgit.transport.WalkEncryptionTest.Util.verifyFileContent;
60 import static org.junit.Assert.assertEquals;
61 import static org.junit.Assert.assertFalse;
62 import static org.junit.Assert.assertNotNull;
63 import static org.junit.Assert.assertTrue;
64 import static org.junit.Assume.assumeTrue;
65
66 import java.io.BufferedReader;
67 import java.io.ByteArrayInputStream;
68 import java.io.ByteArrayOutputStream;
69 import java.io.File;
70 import java.io.FileInputStream;
71 import java.io.IOException;
72 import java.io.InputStream;
73 import java.io.InputStreamReader;
74 import java.io.OutputStream;
75 import java.io.PrintWriter;
76 import java.net.SocketTimeoutException;
77 import java.net.URL;
78 import java.net.URLConnection;
79 import java.net.UnknownHostException;
80 import java.nio.file.Files;
81 import java.security.GeneralSecurityException;
82 import java.security.Provider;
83 import java.security.Security;
84 import java.util.ArrayList;
85 import java.util.Collection;
86 import java.util.List;
87 import java.util.Locale;
88 import java.util.Properties;
89 import java.util.Set;
90 import java.util.TreeSet;
91 import java.util.UUID;
92
93 import javax.crypto.SecretKeyFactory;
94
95 import org.eclipse.jgit.api.Git;
96 import org.eclipse.jgit.lib.StoredConfig;
97 import org.eclipse.jgit.test.resources.SampleDataRepositoryTestCase;
98 import org.eclipse.jgit.util.FileUtils;
99 import org.junit.After;
100 import org.junit.AfterClass;
101 import org.junit.Before;
102 import org.junit.BeforeClass;
103 import org.junit.FixMethodOrder;
104 import org.junit.Test;
105 import org.junit.runner.RunWith;
106 import org.junit.runners.MethodSorters;
107 import org.junit.runners.Parameterized;
108 import org.junit.runners.Parameterized.Parameters;
109 import org.junit.runners.Suite;
110 import org.slf4j.Logger;
111 import org.slf4j.LoggerFactory;
112
113
114
115
116
117
118
119
120
121
122
123
124
125 @RunWith(Suite.class)
126 @Suite.SuiteClasses({
127 WalkEncryptionTest.Required.class,
128 WalkEncryptionTest.MinimalSet.class,
129 WalkEncryptionTest.TestablePBE.class,
130 WalkEncryptionTest.TestableTransformation.class,
131 })
132 public class WalkEncryptionTest {
133
134
135
136
137 static final Logger logger = LoggerFactory.getLogger(WalkEncryptionTest.class);
138
139
140
141
142 interface Names {
143
144
145
146 String TEST_BUCKET = "test.bucket";
147
148
149
150 String ENV_ACCESS_KEY = "JGIT_S3_ACCESS_KEY";
151
152 String ENV_SECRET_KEY = "JGIT_S3_SECRET_KEY";
153
154 String ENV_BUCKET_NAME = "JGIT_S3_BUCKET_NAME";
155
156
157
158 String ENV_CONFIG_FILE = "JGIT_S3_CONFIG_FILE";
159
160
161
162 String SYS_ACCESS_KEY = "jgit.s3.access.key";
163
164 String SYS_SECRET_KEY = "jgit.s3.secret.key";
165
166 String SYS_BUCKET_NAME = "jgit.s3.bucket.name";
167
168
169 String SYS_CONFIG_FILE = "jgit.s3.config.file";
170
171
172
173
174
175
176
177
178
179 String CONFIG_FILE = "jgit-s3-config.properties";
180
181
182 String HOME_CONFIG_FILE = System.getProperty("user.home")
183 + File.separator + CONFIG_FILE;
184
185
186 String WORK_CONFIG_FILE = System.getProperty("user.dir")
187 + File.separator + CONFIG_FILE;
188
189
190 String TEST_CONFIG_FILE = System.getProperty("user.dir")
191 + File.separator + "tst-rsrc" + File.separator + CONFIG_FILE;
192
193 }
194
195
196
197
198 static class Props implements WalkEncryptionTest.Names, AmazonS3.Keys {
199
200 static boolean haveEnvVar(String name) {
201 return System.getenv(name) != null;
202 }
203
204 static boolean haveEnvVarFile(String name) {
205 return haveEnvVar(name) && new File(name).exists();
206 }
207
208 static boolean haveSysProp(String name) {
209 return System.getProperty(name) != null;
210 }
211
212 static boolean haveSysPropFile(String name) {
213 return haveSysProp(name) && new File(name).exists();
214 }
215
216 static void loadEnvVar(String source, String target, Properties props) {
217 props.put(target, System.getenv(source));
218 }
219
220 static void loadSysProp(String source, String target,
221 Properties props) {
222 props.put(target, System.getProperty(source));
223 }
224
225 static boolean haveProp(String name, Properties props) {
226 return props.containsKey(name);
227 }
228
229 static boolean checkTestProps(Properties props) {
230 return haveProp(ACCESS_KEY, props) && haveProp(SECRET_KEY, props)
231 && haveProp(TEST_BUCKET, props);
232 }
233
234 static Properties fromEnvVars() {
235 if (haveEnvVar(ENV_ACCESS_KEY) && haveEnvVar(ENV_SECRET_KEY)
236 && haveEnvVar(ENV_BUCKET_NAME)) {
237 Properties props = new Properties();
238 loadEnvVar(ENV_ACCESS_KEY, ACCESS_KEY, props);
239 loadEnvVar(ENV_SECRET_KEY, SECRET_KEY, props);
240 loadEnvVar(ENV_BUCKET_NAME, TEST_BUCKET, props);
241 return props;
242 } else {
243 return null;
244 }
245 }
246
247 static Properties fromEnvFile() throws Exception {
248 if (haveEnvVarFile(ENV_CONFIG_FILE)) {
249 Properties props = new Properties();
250 props.load(new FileInputStream(ENV_CONFIG_FILE));
251 if (checkTestProps(props)) {
252 return props;
253 } else {
254 throw new Error("Environment config file is incomplete.");
255 }
256 } else {
257 return null;
258 }
259 }
260
261 static Properties fromSysProps() {
262 if (haveSysProp(SYS_ACCESS_KEY) && haveSysProp(SYS_SECRET_KEY)
263 && haveSysProp(SYS_BUCKET_NAME)) {
264 Properties props = new Properties();
265 loadSysProp(SYS_ACCESS_KEY, ACCESS_KEY, props);
266 loadSysProp(SYS_SECRET_KEY, SECRET_KEY, props);
267 loadSysProp(SYS_BUCKET_NAME, TEST_BUCKET, props);
268 return props;
269 } else {
270 return null;
271 }
272 }
273
274 static Properties fromSysFile() throws Exception {
275 if (haveSysPropFile(SYS_CONFIG_FILE)) {
276 Properties props = new Properties();
277 props.load(new FileInputStream(SYS_CONFIG_FILE));
278 if (checkTestProps(props)) {
279 return props;
280 } else {
281 throw new Error("System props config file is incomplete.");
282 }
283 } else {
284 return null;
285 }
286 }
287
288 static Properties fromConfigFile(String path) throws Exception {
289 File file = new File(path);
290 if (file.exists()) {
291 Properties props = new Properties();
292 props.load(new FileInputStream(file));
293 if (checkTestProps(props)) {
294 return props;
295 } else {
296 throw new Error("Props config file is incomplete: " + path);
297 }
298 } else {
299 return null;
300 }
301 }
302
303
304
305
306
307
308
309 static Properties discover() throws Exception {
310 Properties props;
311 if ((props = fromEnvVars()) != null) {
312 logger.debug(
313 "Using test properties from environment variables.");
314 return props;
315 }
316 if ((props = fromEnvFile()) != null) {
317 logger.debug(
318 "Using test properties from environment variable config file.");
319 return props;
320 }
321 if ((props = fromSysProps()) != null) {
322 logger.debug("Using test properties from system properties.");
323 return props;
324 }
325 if ((props = fromSysFile()) != null) {
326 logger.debug(
327 "Using test properties from system property config file.");
328 return props;
329 }
330 if ((props = fromConfigFile(HOME_CONFIG_FILE)) != null) {
331 logger.debug(
332 "Using test properties from hard coded ${user.home} file.");
333 return props;
334 }
335 if ((props = fromConfigFile(WORK_CONFIG_FILE)) != null) {
336 logger.debug(
337 "Using test properties from hard coded ${user.dir} file.");
338 return props;
339 }
340 if ((props = fromConfigFile(TEST_CONFIG_FILE)) != null) {
341 logger.debug(
342 "Using test properties from hard coded ${project.source} file.");
343 return props;
344 }
345 throw new Error("Can not load test properties form any source.");
346 }
347
348 }
349
350
351
352
353 static class Util {
354
355
356
357
358
359
360
361
362 static String textRead(File file) throws Exception {
363 return new String(Files.readAllBytes(file.toPath()), UTF_8);
364 }
365
366
367
368
369
370
371
372
373 static void textWrite(File file, String text) throws Exception {
374 Files.write(file.toPath(), text.getBytes(UTF_8));
375 }
376
377 static void verifyFileContent(File fileOne, File fileTwo)
378 throws Exception {
379 assertTrue(fileOne.length() > 0);
380 assertTrue(fileTwo.length() > 0);
381 String textOne = textRead(fileOne);
382 String textTwo = textRead(fileTwo);
383 assertEquals(textOne, textTwo);
384 }
385
386
387
388
389
390
391
392 static void folderCreate(String folder) throws Exception {
393 File path = new File(folder);
394 assertTrue(path.mkdirs());
395 }
396
397
398
399
400
401
402
403 static void folderDelete(String folder) throws Exception {
404 File path = new File(folder);
405 FileUtils.delete(path,
406 FileUtils.RECURSIVE | FileUtils.SKIP_MISSING);
407 }
408
409
410
411
412
413
414
415 static String publicAddress() throws Exception {
416 try {
417 String service = "http://checkip.amazonaws.com";
418 URL url = new URL(service);
419 URLConnection c = url.openConnection();
420 c.setConnectTimeout(500);
421 c.setReadTimeout(500);
422 try (BufferedReader reader = new BufferedReader(
423 new InputStreamReader(c.getInputStream(), UTF_8))) {
424 return reader.readLine();
425 }
426 } catch (UnknownHostException | SocketTimeoutException e) {
427 return "Can't reach http://checkip.amazonaws.com to"
428 + " determine public address";
429 }
430 }
431
432
433
434
435
436
437
438
439
440 static List<String> cryptoCipherListPBE() {
441 return cryptoCipherList(WalkEncryption.Vals.REGEX_PBE);
442 }
443
444
445 static List<String> cryptoCipherListTrans() {
446 return cryptoCipherList(WalkEncryption.Vals.REGEX_TRANS);
447 }
448
449 static String securityProviderName(String algorithm) throws Exception {
450 return SecretKeyFactory.getInstance(algorithm).getProvider()
451 .getName();
452 }
453
454 static List<String> cryptoCipherList(String regex) {
455 Set<String> source = Security.getAlgorithms("Cipher");
456 Set<String> target = new TreeSet<>();
457 for (String algo : source) {
458 algo = algo.toUpperCase(Locale.ROOT);
459 if (algo.matches(regex)) {
460 target.add(algo);
461 }
462 }
463 return new ArrayList<>(target);
464 }
465
466
467
468
469
470
471
472
473
474 static long transferStream(InputStream from, OutputStream into)
475 throws IOException {
476 byte[] array = new byte[1 * 1024];
477 long total = 0;
478 while (true) {
479 int count = from.read(array);
480 if (count == -1) {
481 break;
482 }
483 into.write(array, 0, count);
484 total += count;
485 }
486 return total;
487 }
488
489
490
491
492
493
494
495
496 static void proxySetup() throws Exception {
497 String keyNoProxy = "no_proxy";
498 String keyHttpProxy = "http_proxy";
499 String keyHttpsProxy = "https_proxy";
500
501 String no_proxy = System.getProperty(keyNoProxy,
502 System.getenv(keyNoProxy));
503 if (no_proxy != null) {
504 System.setProperty("http.nonProxyHosts", no_proxy);
505 logger.info("Proxy NOT: " + no_proxy);
506 }
507
508 String http_proxy = System.getProperty(keyHttpProxy,
509 System.getenv(keyHttpProxy));
510 if (http_proxy != null) {
511 URL url = new URL(http_proxy);
512 System.setProperty("http.proxyHost", url.getHost());
513 System.setProperty("http.proxyPort", "" + url.getPort());
514 logger.info("Proxy HTTP: " + http_proxy);
515 }
516
517 String https_proxy = System.getProperty(keyHttpsProxy,
518 System.getenv(keyHttpsProxy));
519 if (https_proxy != null) {
520 URL url = new URL(https_proxy);
521 System.setProperty("https.proxyHost", url.getHost());
522 System.setProperty("https.proxyPort", "" + url.getPort());
523 logger.info("Proxy HTTPS: " + https_proxy);
524 }
525
526 if (no_proxy == null && http_proxy == null && https_proxy == null) {
527 logger.info("Proxy not used.");
528 }
529
530 }
531
532
533
534
535
536
537 static boolean permitLongTests() {
538 return isBuildCI() || isProfileActive();
539 }
540
541
542
543
544
545
546 static boolean isProfileActive() {
547 return Boolean.parseBoolean(System.getProperty("jgit.test.long"));
548 }
549
550
551
552
553
554
555 static boolean isBuildCI() {
556 return System.getenv("HUDSON_HOME") != null;
557 }
558
559
560
561
562
563
564
565
566
567 static void policySetup(boolean restrictedOn) {
568 try {
569 java.lang.reflect.Field isRestricted = Class
570 .forName("javax.crypto.JceSecurity")
571 .getDeclaredField("isRestricted");
572 isRestricted.setAccessible(true);
573 isRestricted.set(null, Boolean.valueOf(restrictedOn));
574 } catch (Throwable e) {
575 logger.info(
576 "Could not setup JCE security policy restrictions.");
577 }
578 }
579
580 static void reportPolicy() {
581 try {
582 java.lang.reflect.Field isRestricted = Class
583 .forName("javax.crypto.JceSecurity")
584 .getDeclaredField("isRestricted");
585 isRestricted.setAccessible(true);
586 logger.info("JCE security policy restricted="
587 + isRestricted.get(null));
588 } catch (Throwable e) {
589 logger.info(
590 "Could not report JCE security policy restrictions.");
591 }
592 }
593
594 static List<Object[]> product(List<String> one, List<String> two) {
595 List<Object[]> result = new ArrayList<>();
596 for (String s1 : one) {
597 for (String s2 : two) {
598 result.add(new Object[] { s1, s2 });
599 }
600 }
601 return result;
602 }
603
604 }
605
606
607
608
609 @FixMethodOrder(MethodSorters.NAME_ASCENDING)
610 public abstract static class Base extends SampleDataRepositoryTestCase {
611
612
613
614
615 static final String JGIT_USER = "tester-" + System.currentTimeMillis();
616
617
618
619
620 static final String JGIT_PASS = "secret-" + System.currentTimeMillis();
621
622
623
624
625 static final String JGIT_CONF_FILE = System.getProperty("user.home")
626 + "/" + JGIT_USER;
627
628
629
630
631 static final String JGIT_REPO_DIR = JGIT_USER + ".jgit";
632
633
634
635
636 static final String JGIT_LOCAL_DIR = System.getProperty("user.dir")
637 + "/target/" + JGIT_REPO_DIR;
638
639
640
641
642 static final String JGIT_REMOTE_DIR = JGIT_REPO_DIR;
643
644
645
646
647
648
649
650 static void configCreate(String algorithm) throws Exception {
651 Properties props = Props.discover();
652 props.put(AmazonS3.Keys.PASSWORD, JGIT_PASS);
653 props.put(AmazonS3.Keys.CRYPTO_ALG, algorithm);
654 try (PrintWriter writer = new PrintWriter(JGIT_CONF_FILE,
655 UTF_8.name())) {
656 props.store(writer, "JGIT S3 connection configuration file.");
657 }
658 }
659
660
661
662
663
664
665
666 static void configCreate(Properties source) throws Exception {
667 Properties target = Props.discover();
668 target.putAll(source);
669 try (PrintWriter writer = new PrintWriter(JGIT_CONF_FILE,
670 UTF_8.name())) {
671 target.store(writer, "JGIT S3 connection configuration file.");
672 }
673 }
674
675
676
677
678
679
680 static void configDelete() throws Exception {
681 File path = new File(JGIT_CONF_FILE);
682 FileUtils.delete(path, FileUtils.SKIP_MISSING);
683 }
684
685
686
687
688
689
690
691 static String amazonURI() throws Exception {
692 Properties props = Props.discover();
693 String bucket = props.getProperty(Names.TEST_BUCKET);
694 assertNotNull(bucket);
695 return TransportAmazonS3.S3_SCHEME + "://" + JGIT_USER + "@"
696 + bucket + "/" + JGIT_REPO_DIR;
697 }
698
699
700
701
702
703
704 static void remoteCreate() throws Exception {
705 Properties props = Props.discover();
706 props.remove(AmazonS3.Keys.PASSWORD);
707 String bucket = props.getProperty(Names.TEST_BUCKET);
708 AmazonS3 s3 = new AmazonS3(props);
709 String path = JGIT_REMOTE_DIR + "/";
710 s3.put(bucket, path, new byte[0]);
711 logger.debug("remote create: " + JGIT_REMOTE_DIR);
712 }
713
714
715
716
717
718
719 static void remoteDelete() throws Exception {
720 Properties props = Props.discover();
721 props.remove(AmazonS3.Keys.PASSWORD);
722 String bucket = props.getProperty(Names.TEST_BUCKET);
723 AmazonS3 s3 = new AmazonS3(props);
724 List<String> list = s3.list(bucket, JGIT_REMOTE_DIR);
725 for (String path : list) {
726 path = JGIT_REMOTE_DIR + "/" + path;
727 s3.delete(bucket, path);
728 }
729 logger.debug("remote delete: " + JGIT_REMOTE_DIR);
730 }
731
732
733
734
735
736
737 static void remoteVerify() throws Exception {
738 Properties props = Props.discover();
739 String bucket = props.getProperty(Names.TEST_BUCKET);
740 AmazonS3 s3 = new AmazonS3(props);
741 String file = JGIT_USER + "-" + UUID.randomUUID().toString();
742 String path = JGIT_REMOTE_DIR + "/" + file;
743 s3.put(bucket, path, file.getBytes(UTF_8));
744 s3.delete(bucket, path);
745 }
746
747
748
749
750
751
752
753 static boolean isAlgorithmPresent(String algorithm) {
754 Set<String> cipherSet = Security.getAlgorithms("Cipher");
755 for (String source : cipherSet) {
756
757
758 String target = algorithm.toUpperCase(Locale.ROOT);
759 if (source.equalsIgnoreCase(target)) {
760 return true;
761 }
762 }
763 return false;
764 }
765
766 static boolean isAlgorithmPresent(Properties props) {
767 String profile = props.getProperty(AmazonS3.Keys.CRYPTO_ALG);
768 String version = props.getProperty(AmazonS3.Keys.CRYPTO_VER,
769 WalkEncryption.Vals.DEFAULT_VERS);
770 String cryptoAlgo;
771 String keyAlgo;
772 switch (version) {
773 case WalkEncryption.Vals.DEFAULT_VERS:
774 case WalkEncryption.JGitV1.VERSION:
775 cryptoAlgo = profile;
776 keyAlgo = profile;
777 break;
778 case WalkEncryption.JGitV2.VERSION:
779 cryptoAlgo = props
780 .getProperty(profile + WalkEncryption.Keys.X_ALGO);
781 keyAlgo = props
782 .getProperty(profile + WalkEncryption.Keys.X_KEY_ALGO);
783 break;
784 default:
785 return false;
786 }
787 try {
788 InsecureCipherFactory.create(cryptoAlgo);
789 SecretKeyFactory.getInstance(keyAlgo);
790 return true;
791 } catch (Throwable e) {
792 return false;
793 }
794 }
795
796
797
798
799
800
801
802 static boolean isAlgorithmAllowed(String algorithm) {
803 try {
804 WalkEncryption crypto = new WalkEncryption.JetS3tV2(
805 algorithm, JGIT_PASS);
806 verifyCrypto(crypto);
807 return true;
808 } catch (IOException e) {
809 return false;
810 } catch (GeneralSecurityException e) {
811 throw new Error(e);
812 }
813 }
814
815 static boolean isAlgorithmAllowed(Properties props) {
816 try {
817 WalkEncryption.instance(props);
818 return true;
819 } catch (GeneralSecurityException e) {
820 return false;
821 }
822 }
823
824
825
826
827
828
829
830 static void verifyCrypto(WalkEncryption crypto) throws IOException {
831 String charset = "UTF-8";
832 String sourceText = "secret-message Свобода 老子";
833 String targetText;
834 byte[] cipherText;
835 {
836 byte[] origin = sourceText.getBytes(charset);
837 ByteArrayOutputStream target = new ByteArrayOutputStream();
838 try (OutputStream source = crypto.encrypt(target)) {
839 source.write(origin);
840 source.flush();
841 }
842 cipherText = target.toByteArray();
843 }
844 {
845 InputStream source = new ByteArrayInputStream(cipherText);
846 InputStream target = crypto.decrypt(source);
847 ByteArrayOutputStream result = new ByteArrayOutputStream();
848 transferStream(target, result);
849 targetText = result.toString(charset);
850 }
851 assertEquals(sourceText, targetText);
852 }
853
854
855
856
857
858
859
860 static boolean isAlgorithmTestable(String algorithm) {
861 return isAlgorithmPresent(algorithm)
862 && isAlgorithmAllowed(algorithm);
863 }
864
865 static boolean isAlgorithmTestable(Properties props) {
866 return isAlgorithmPresent(props) && isAlgorithmAllowed(props);
867 }
868
869
870
871
872
873
874
875 static void reportAlgorithmStatus(String algorithm) throws Exception {
876 final boolean present = isAlgorithmPresent(algorithm);
877 final boolean allowed = present && isAlgorithmAllowed(algorithm);
878 final String provider = present ? securityProviderName(algorithm)
879 : "N/A";
880 String status = "Algorithm: " + algorithm + " @ " + provider + "; "
881 + "present/allowed : " + present + "/" + allowed;
882 if (allowed) {
883 logger.info("Testing " + status);
884 } else {
885 logger.warn("Missing " + status);
886 }
887 }
888
889 static void reportAlgorithmStatus(Properties props) throws Exception {
890 final boolean present = isAlgorithmPresent(props);
891 final boolean allowed = present && isAlgorithmAllowed(props);
892
893 String profile = props.getProperty(AmazonS3.Keys.CRYPTO_ALG);
894 String version = props.getProperty(AmazonS3.Keys.CRYPTO_VER);
895
896 StringBuilder status = new StringBuilder();
897 status.append(" Version: " + version);
898 status.append(" Profile: " + profile);
899 status.append(" Present: " + present);
900 status.append(" Allowed: " + allowed);
901
902 if (allowed) {
903 logger.info("Testing " + status);
904 } else {
905 logger.warn("Missing " + status);
906 }
907 }
908
909
910
911
912
913
914 static boolean isTestConfigPresent() {
915 try {
916 Props.discover();
917 return true;
918 } catch (Throwable e) {
919 return false;
920 }
921 }
922
923 static void reportTestConfigPresent() {
924 if (isTestConfigPresent()) {
925 logger.info("Amazon S3 test configuration is present.");
926 } else {
927 logger.error(
928 "Amazon S3 test configuration is missing, tests will not run.");
929 }
930 }
931
932
933
934
935
936
937 static void reportPublicAddress() throws Exception {
938 logger.info("Public address: " + publicAddress());
939 }
940
941
942
943
944
945
946
947 static final String PROVIDER_BC = "org.bouncycastle.jce.provider.BouncyCastleProvider";
948
949
950
951
952 static void loadBouncyCastle() {
953 try {
954 Class<?> provider = Class.forName(PROVIDER_BC);
955 Provider instance = (Provider) provider
956 .getConstructor(new Class[] {})
957 .newInstance(new Object[] {});
958 Security.addProvider(instance);
959 logger.info("Loaded " + PROVIDER_BC);
960 } catch (Throwable e) {
961 logger.warn("Failed to load " + PROVIDER_BC);
962 }
963 }
964
965 static void reportLongTests() {
966 if (permitLongTests()) {
967 logger.info("Long running tests are enabled.");
968 } else {
969 logger.warn("Long running tests are disabled.");
970 }
971 }
972
973
974
975
976 static final String ALGO_ERROR = "PBKDF2WithHmacSHA1";
977
978
979
980
981 static final String ALGO_JETS3T = "PBEWithMD5AndDES";
982
983
984
985
986 static final String ALGO_MINIMAL_AES = "PBEWithHmacSHA1AndAES_128";
987
988
989
990
991 static final String ALGO_BOUNCY_CASTLE_CBC = "PBEWithSHAAndTwofish-CBC";
992
993
994
995 @BeforeClass
996 public static void initialize() throws Exception {
997 Transport.register(TransportAmazonS3.PROTO_S3);
998 proxySetup();
999 reportPolicy();
1000 reportLongTests();
1001 reportPublicAddress();
1002 reportTestConfigPresent();
1003 loadBouncyCastle();
1004 if (isTestConfigPresent()) {
1005 remoteCreate();
1006 }
1007 }
1008
1009 @AfterClass
1010 public static void terminate() throws Exception {
1011 configDelete();
1012 folderDelete(JGIT_LOCAL_DIR);
1013 if (isTestConfigPresent()) {
1014 remoteDelete();
1015 }
1016 }
1017
1018 @Before
1019 @Override
1020 public void setUp() throws Exception {
1021 super.setUp();
1022 }
1023
1024 @After
1025 @Override
1026 public void tearDown() throws Exception {
1027 super.tearDown();
1028 }
1029
1030
1031
1032
1033
1034
1035
1036 void cryptoTestIfCan(Properties props) throws Exception {
1037 reportAlgorithmStatus(props);
1038 assumeTrue(isTestConfigPresent());
1039 assumeTrue(isAlgorithmTestable(props));
1040 cryptoTest(props);
1041 }
1042
1043
1044
1045
1046
1047
1048
1049 void cryptoTest(Properties props) throws Exception {
1050
1051 remoteDelete();
1052 configCreate(props);
1053 folderDelete(JGIT_LOCAL_DIR);
1054
1055 String uri = amazonURI();
1056
1057
1058 File dirOne = db.getWorkTree();
1059 File dirTwo = new File(JGIT_LOCAL_DIR);
1060
1061
1062 String nameStatic = "master.txt";
1063 String nameDynamic = JGIT_USER + "-" + UUID.randomUUID().toString();
1064
1065 String remote = "remote";
1066 RefSpec specs = new RefSpec("refs/heads/master:refs/heads/master");
1067
1068 {
1069
1070 StoredConfig config = db.getConfig();
1071 RemoteConfig remoteConfig = new RemoteConfig(config, remote);
1072 remoteConfig.addURI(new URIish(uri));
1073 remoteConfig.update(config);
1074 config.save();
1075
1076 try (Git git = Git.open(dirOne)) {
1077 git.checkout().setName("master").call();
1078 git.push().setRemote(remote).setRefSpecs(specs).call();
1079 }
1080
1081 File fileStatic = new File(dirOne, nameStatic);
1082 assertTrue("Provided by setup", fileStatic.exists());
1083
1084 }
1085
1086 {
1087
1088 File fileStatic = new File(dirTwo, nameStatic);
1089 assertFalse("Not Provided by setup", fileStatic.exists());
1090
1091 try (Git git = Git.cloneRepository().setURI(uri)
1092 .setDirectory(dirTwo).call()) {
1093 assertTrue("Provided by clone", fileStatic.exists());
1094 }
1095
1096 }
1097
1098 {
1099 File fileOne = new File(dirOne, nameStatic);
1100 File fileTwo = new File(dirTwo, nameStatic);
1101 verifyFileContent(fileOne, fileTwo);
1102 }
1103
1104 {
1105
1106 File fileDynamic = new File(dirOne, nameDynamic);
1107 assertFalse("Not Provided by setup", fileDynamic.exists());
1108 FileUtils.createNewFile(fileDynamic);
1109 textWrite(fileDynamic, nameDynamic);
1110 assertTrue("Provided by create", fileDynamic.exists());
1111 assertTrue("Need content to encrypt", fileDynamic.length() > 0);
1112
1113 try (Git git = Git.open(dirOne)) {
1114 git.add().addFilepattern(nameDynamic).call();
1115 git.commit().setMessage(nameDynamic).call();
1116 git.push().setRemote(remote).setRefSpecs(specs).call();
1117 }
1118
1119 }
1120
1121 {
1122
1123 File fileDynamic = new File(dirTwo, nameDynamic);
1124 assertFalse("Not Provided by setup", fileDynamic.exists());
1125
1126 try (Git git = Git.open(dirTwo)) {
1127 git.pull().call();
1128 }
1129
1130 assertTrue("Provided by pull", fileDynamic.exists());
1131 }
1132
1133 {
1134 File fileOne = new File(dirOne, nameDynamic);
1135 File fileTwo = new File(dirTwo, nameDynamic);
1136 verifyFileContent(fileOne, fileTwo);
1137 }
1138
1139 }
1140
1141 }
1142
1143
1144
1145
1146 @FixMethodOrder(MethodSorters.NAME_ASCENDING)
1147 public static class Required extends Base {
1148
1149 @Test
1150 public void test_A1_ValidURI() throws Exception {
1151 assumeTrue(isTestConfigPresent());
1152 URIish uri = new URIish(amazonURI());
1153 assertTrue("uri=" + uri, TransportAmazonS3.PROTO_S3.canHandle(uri));
1154 }
1155
1156 @Test(expected = Exception.class)
1157 public void test_A2_CryptoError() throws Exception {
1158 assumeTrue(isTestConfigPresent());
1159 Properties props = new Properties();
1160 props.put(AmazonS3.Keys.CRYPTO_ALG, ALGO_ERROR);
1161 props.put(AmazonS3.Keys.PASSWORD, JGIT_PASS);
1162 cryptoTest(props);
1163 }
1164
1165 }
1166
1167
1168
1169
1170 @FixMethodOrder(MethodSorters.NAME_ASCENDING)
1171 public static class MinimalSet extends Base {
1172
1173 @Test
1174 public void test_V0_Java7_JET() throws Exception {
1175 assumeTrue(isTestConfigPresent());
1176 Properties props = new Properties();
1177 props.put(AmazonS3.Keys.CRYPTO_ALG, ALGO_JETS3T);
1178
1179 props.put(AmazonS3.Keys.PASSWORD, JGIT_PASS);
1180 cryptoTestIfCan(props);
1181 }
1182
1183 @Test
1184 public void test_V1_Java7_GIT() throws Exception {
1185 assumeTrue(isTestConfigPresent());
1186 Properties props = new Properties();
1187 props.put(AmazonS3.Keys.CRYPTO_ALG, ALGO_JETS3T);
1188 props.put(AmazonS3.Keys.CRYPTO_VER, "1");
1189 props.put(AmazonS3.Keys.PASSWORD, JGIT_PASS);
1190 cryptoTestIfCan(props);
1191 }
1192
1193 @Test
1194 public void test_V2_Java7_AES() throws Exception {
1195 assumeTrue(isTestConfigPresent());
1196
1197 String profile = "AES/CBC/PKCS5Padding+PBKDF2WithHmacSHA1";
1198 Properties props = new Properties();
1199 props.put(AmazonS3.Keys.CRYPTO_ALG, profile);
1200 props.put(AmazonS3.Keys.CRYPTO_VER, "2");
1201 props.put(AmazonS3.Keys.PASSWORD, JGIT_PASS);
1202 props.put(profile + WalkEncryption.Keys.X_ALGO, "AES/CBC/PKCS5Padding");
1203 props.put(profile + WalkEncryption.Keys.X_KEY_ALGO, "PBKDF2WithHmacSHA1");
1204 props.put(profile + WalkEncryption.Keys.X_KEY_SIZE, "128");
1205 props.put(profile + WalkEncryption.Keys.X_KEY_ITER, "10000");
1206 props.put(profile + WalkEncryption.Keys.X_KEY_SALT, "e2 55 89 67 8e 8d e8 4c");
1207 cryptoTestIfCan(props);
1208 }
1209
1210 @Test
1211 public void test_V2_Java8_PBE_AES() throws Exception {
1212 assumeTrue(isTestConfigPresent());
1213 String profile = "PBEWithHmacSHA512AndAES_256";
1214 Properties props = new Properties();
1215 props.put(AmazonS3.Keys.CRYPTO_ALG, profile);
1216 props.put(AmazonS3.Keys.CRYPTO_VER, "2");
1217 props.put(AmazonS3.Keys.PASSWORD, JGIT_PASS);
1218 props.put(profile + WalkEncryption.Keys.X_ALGO, "PBEWithHmacSHA512AndAES_256");
1219 props.put(profile + WalkEncryption.Keys.X_KEY_ALGO, "PBEWithHmacSHA512AndAES_256");
1220 props.put(profile + WalkEncryption.Keys.X_KEY_SIZE, "256");
1221 props.put(profile + WalkEncryption.Keys.X_KEY_ITER, "10000");
1222 props.put(profile + WalkEncryption.Keys.X_KEY_SALT, "e2 55 89 67 8e 8d e8 4c");
1223 policySetup(false);
1224 cryptoTestIfCan(props);
1225 }
1226
1227 }
1228
1229
1230
1231
1232
1233 @RunWith(Parameterized.class)
1234 @FixMethodOrder(MethodSorters.NAME_ASCENDING)
1235 public static class TestablePBE extends Base {
1236
1237 @Parameters(name = "Profile: {0} Version: {1}")
1238 public static Collection<Object[]> argsList() {
1239 List<String> algorithmList = new ArrayList<>();
1240 algorithmList.addAll(cryptoCipherListPBE());
1241
1242 List<String> versionList = new ArrayList<>();
1243 versionList.add("0");
1244 versionList.add("1");
1245
1246 return product(algorithmList, versionList);
1247 }
1248
1249 final String profile;
1250
1251 final String version;
1252
1253 final String password = JGIT_PASS;
1254
1255 public TestablePBE(String profile, String version) {
1256 this.profile = profile;
1257 this.version = version;
1258 }
1259
1260 @Test
1261 public void testCrypto() throws Exception {
1262 assumeTrue(permitLongTests());
1263 Properties props = new Properties();
1264 props.put(AmazonS3.Keys.CRYPTO_ALG, profile);
1265 props.put(AmazonS3.Keys.CRYPTO_VER, version);
1266 props.put(AmazonS3.Keys.PASSWORD, password);
1267 cryptoTestIfCan(props);
1268 }
1269
1270 }
1271
1272
1273
1274
1275
1276 @RunWith(Parameterized.class)
1277 @FixMethodOrder(MethodSorters.NAME_ASCENDING)
1278 public static class TestableTransformation extends Base {
1279
1280 @Parameters(name = "Profile: {0} Version: {1}")
1281 public static Collection<Object[]> argsList() {
1282 List<String> algorithmList = new ArrayList<>();
1283 algorithmList.addAll(cryptoCipherListTrans());
1284
1285 List<String> versionList = new ArrayList<>();
1286 versionList.add("1");
1287
1288 return product(algorithmList, versionList);
1289 }
1290
1291 final String profile;
1292
1293 final String version;
1294
1295 final String password = JGIT_PASS;
1296
1297 public TestableTransformation(String profile, String version) {
1298 this.profile = profile;
1299 this.version = version;
1300 }
1301
1302 @Test
1303 public void testCrypto() throws Exception {
1304 assumeTrue(permitLongTests());
1305 Properties props = new Properties();
1306 props.put(AmazonS3.Keys.CRYPTO_ALG, profile);
1307 props.put(AmazonS3.Keys.CRYPTO_VER, version);
1308 props.put(AmazonS3.Keys.PASSWORD, password);
1309 cryptoTestIfCan(props);
1310 }
1311
1312 }
1313
1314 }