github.com/aliyun/aliyun-oss-go-sdk@v3.0.2+incompatible/oss/crypto/master_alikms_cipher_test.go

github.com/aliyun/aliyun-oss-go-sdk@v3.0.2+incompatible/oss/crypto/master_alikms_cipher_test.go (about)

     1  package osscrypto
     2  
     3  import (
     4  	crypto_rand "crypto/rand"
     5  	"encoding/base64"
     6  	"io"
     7  	"math/rand"
     8  	"time"
     9  
    10  	kms "github.com/aliyun/alibaba-cloud-sdk-go/services/kms"
    11  	. "gopkg.in/check.v1"
    12  )
    13  
    14  func (s *OssCryptoBucketSuite) TestKmsClient(c *C) {
    15  	rand.Seed(time.Now().UnixNano())
    16  	kmsClient, err := kms.NewClientWithAccessKey(kmsRegion, kmsAccessID, kmsAccessKey)
    17  	c.Assert(err, IsNil)
    18  
    19  	// encrypte
    20  	enReq := kms.CreateEncryptRequest()
    21  	enReq.RpcRequest.Scheme = "https"
    22  	enReq.RpcRequest.Method = "POST"
    23  	enReq.RpcRequest.AcceptFormat = "json"
    24  
    25  	enReq.KeyId = kmsID
    26  
    27  	buff := make([]byte, 10)
    28  	_, err = io.ReadFull(crypto_rand.Reader, buff)
    29  	c.Assert(err, IsNil)
    30  	enReq.Plaintext = base64.StdEncoding.EncodeToString(buff)
    31  
    32  	enResponse, err := kmsClient.Encrypt(enReq)
    33  	c.Assert(err, IsNil)
    34  
    35  	// decrypte
    36  	deReq := kms.CreateDecryptRequest()
    37  	deReq.RpcRequest.Scheme = "https"
    38  	deReq.RpcRequest.Method = "POST"
    39  	deReq.RpcRequest.AcceptFormat = "json"
    40  	deReq.CiphertextBlob = enResponse.CiphertextBlob
    41  	deResponse, err := kmsClient.Decrypt(deReq)
    42  	c.Assert(err, IsNil)
    43  	c.Assert(deResponse.Plaintext, Equals, enReq.Plaintext)
    44  }
    45  
    46  func (s *OssCryptoBucketSuite) TestMasterAliKmsCipherSuccess(c *C) {
    47  
    48  	kmsClient, err := kms.NewClientWithAccessKey(kmsRegion, kmsAccessID, kmsAccessKey)
    49  	c.Assert(err, IsNil)
    50  
    51  	masterCipher, _ := CreateMasterAliKms(matDesc, kmsID, kmsClient)
    52  
    53  	var cd CipherData
    54  	err = cd.RandomKeyIv(aesKeySize, ivSize)
    55  	c.Assert(err, IsNil)
    56  
    57  	cd.WrapAlgorithm = masterCipher.GetWrapAlgorithm()
    58  	cd.CEKAlgorithm = KmsAliCryptoWrap
    59  	cd.MatDesc = masterCipher.GetMatDesc()
    60  
    61  	// EncryptedKey
    62  	cd.EncryptedKey, err = masterCipher.Encrypt(cd.Key)
    63  
    64  	// EncryptedIV
    65  	cd.EncryptedIV, err = masterCipher.Encrypt(cd.IV)
    66  
    67  	cloneData := cd.Clone()
    68  
    69  	cloneData.Key, _ = masterCipher.Decrypt(cloneData.EncryptedKey)
    70  	cloneData.IV, _ = masterCipher.Decrypt(cloneData.EncryptedIV)
    71  
    72  	c.Assert(string(cd.Key), Equals, string(cloneData.Key))
    73  	c.Assert(string(cd.IV), Equals, string(cloneData.IV))
    74  
    75  }
    76  
    77  func (s *OssCryptoBucketSuite) TestMasterAliKmsCipherError(c *C) {
    78  	kmsClient, err := kms.NewClientWithAccessKey(kmsRegion, kmsAccessID, kmsAccessKey)
    79  	c.Assert(err, IsNil)
    80  
    81  	masterCipher, _ := CreateMasterAliKms(matDesc, kmsID, kmsClient)
    82  	v := masterCipher.(MasterAliKmsCipher)
    83  	v.KmsID = ""
    84  	_, err = v.Encrypt([]byte("hellow"))
    85  	c.Assert(err, NotNil)
    86  
    87  	_, err = v.Decrypt([]byte("hellow"))
    88  	c.Assert(err, NotNil)
    89  }