Inicio Explorar Axuda
Rexistro Iniciar sesión
publics
/
aliyun-oss-go-sdk
0
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Rama: preview_v2.1.0
Ramas Etiquetas
aliyun-oss-g...
/
oss
/
crypto
/
master_alikms_cipher_test.go

master_alikms_cipher_test.go 2.4 KB
Permalink Histórico Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889 
  1. package osscrypto
    2. 

  2. 

  3. import (
    4. 

  4. 	crypto_rand "crypto/rand"
    5. 

  5. 	"encoding/base64"
    6. 

  6. 	"io"
    7. 

  7. 	"math/rand"
    8. 

  8. 	"time"
    9. 

  9. 

  10. 	kms "github.com/aliyun/alibaba-cloud-sdk-go/services/kms"
    11. 

  11. 	. "gopkg.in/check.v1"
    12. 

  12. )
    13. 

  13. 

  14. func (s *OssCryptoBucketSuite) TestKmsClient(c *C) {
    15. 

  15. 	rand.Seed(time.Now().UnixNano())
    16. 

  16. 	kmsClient, err := kms.NewClientWithAccessKey(kmsRegion, kmsAccessID, kmsAccessKey)
    17. 

  17. 	c.Assert(err, IsNil)
    18. 

  18. 

  19. 	// encrypte
    20. 

  20. 	enReq := kms.CreateEncryptRequest()
    21. 

  21. 	enReq.RpcRequest.Scheme = "https"
    22. 

  22. 	enReq.RpcRequest.Method = "POST"
    23. 

  23. 	enReq.RpcRequest.AcceptFormat = "json"
    24. 

  24. 

  25. 	enReq.KeyId = kmsID
    26. 

  26. 

  27. 	buff := make([]byte, 10)
    28. 

  28. 	_, err = io.ReadFull(crypto_rand.Reader, buff)
    29. 

  29. 	c.Assert(err, IsNil)
    30. 

  30. 	enReq.Plaintext = base64.StdEncoding.EncodeToString(buff)
    31. 

  31. 

  32. 	enResponse, err := kmsClient.Encrypt(enReq)
    33. 

  33. 	c.Assert(err, IsNil)
    34. 

  34. 

  35. 	// decrypte
    36. 

  36. 	deReq := kms.CreateDecryptRequest()
    37. 

  37. 	deReq.RpcRequest.Scheme = "https"
    38. 

  38. 	deReq.RpcRequest.Method = "POST"
    39. 

  39. 	deReq.RpcRequest.AcceptFormat = "json"
    40. 

  40. 	deReq.CiphertextBlob = enResponse.CiphertextBlob
    41. 

  41. 	deResponse, err := kmsClient.Decrypt(deReq)
    42. 

  42. 	c.Assert(err, IsNil)
    43. 

  43. 	c.Assert(deResponse.Plaintext, Equals, enReq.Plaintext)
    44. 

  44. }
    45. 

  45. 

  46. func (s *OssCryptoBucketSuite) TestMasterAliKmsCipherSuccess(c *C) {
    47. 

  47. 

  48. 	kmsClient, err := kms.NewClientWithAccessKey(kmsRegion, kmsAccessID, kmsAccessKey)
    49. 

  49. 	c.Assert(err, IsNil)
    50. 

  50. 

  51. 	masterCipher, _ := CreateMasterAliKms(matDesc, kmsID, kmsClient)
    52. 

  52. 

  53. 	var cd CipherData
    54. 

  54. 	err = cd.RandomKeyIv(aesKeySize, ivSize)
    55. 

  55. 	c.Assert(err, IsNil)
    56. 

  56. 

  57. 	cd.WrapAlgorithm = masterCipher.GetWrapAlgorithm()
    58. 

  58. 	cd.CEKAlgorithm = KmsAliCryptoWrap
    59. 

  59. 	cd.MatDesc = masterCipher.GetMatDesc()
    60. 

  60. 

  61. 	// EncryptedKey
    62. 

  62. 	cd.EncryptedKey, err = masterCipher.Encrypt(cd.Key)
    63. 

  63. 

  64. 	// EncryptedIV
    65. 

  65. 	cd.EncryptedIV, err = masterCipher.Encrypt(cd.IV)
    66. 

  66. 

  67. 	cloneData := cd.Clone()
    68. 

  68. 

  69. 	cloneData.Key, _ = masterCipher.Decrypt(cloneData.EncryptedKey)
    70. 

  70. 	cloneData.IV, _ = masterCipher.Decrypt(cloneData.EncryptedIV)
    71. 

  71. 

  72. 	c.Assert(string(cd.Key), Equals, string(cloneData.Key))
    73. 

  73. 	c.Assert(string(cd.IV), Equals, string(cloneData.IV))
    74. 

  74. 

  75. }
    76. 

  76. 

  77. func (s *OssCryptoBucketSuite) TestMasterAliKmsCipherError(c *C) {
    78. 

  78. 	kmsClient, err := kms.NewClientWithAccessKey(kmsRegion, kmsAccessID, kmsAccessKey)
    79. 

  79. 	c.Assert(err, IsNil)
    80. 

  80. 

  81. 	masterCipher, _ := CreateMasterAliKms(matDesc, kmsID, kmsClient)
    82. 

  82. 	v := masterCipher.(MasterAliKmsCipher)
    83. 

  83. 	v.KmsID = ""
    84. 

  84. 	_, err = v.Encrypt([]byte("hellow"))
    85. 

  85. 	c.Assert(err, NotNil)
    86. 

  86. 

  87. 	_, err = v.Decrypt([]byte("hellow"))
    88. 

  88. 	c.Assert(err, NotNil)
    89. 

  89. }
    90.