chore: add ranged get tests#84
Conversation
…ichow/java-test-server-v3
This reverts commit 1c63c14.
imabhichow
force-pushed
the
imabhichow/ranged-get
branch
from
f4f0fcc to
a58ef9a
Compare
# Conflicts: # test-server/java-tests/src/it/java/software/amazon/encryption/s3/TestUtils.java # test-server/java-v3-transition-server/s3ec-staging # test-server/java-v3-transition-server/src/main/java/software/amazon/encryption/s3/CreateClientOperationImpl.java # test-server/java-v3-transition-server/src/main/java/software/amazon/encryption/s3/GetObjectOperationImpl.java # test-server/java-v4-server/s3ec-staging # test-server/java-v4-server/src/main/java/software/amazon/encryption/s3/CreateClientOperationImpl.java # test-server/java-v4-server/src/main/java/software/amazon/encryption/s3/GetObjectOperationImpl.java
| .enableLegacyUnauthenticatedModes(true) | ||
| .enableLegacyWrappingAlgorithms(true) | ||
| .build()) | ||
| .build()); |
There was a problem hiding this comment.
nit: we could had formatted it better.
| .build()); | ||
| String S3ECId = clientOutput.getClientId(); | ||
|
|
||
| TestUtils.DecryptWithRangedGet(client, S3ECId, crossLanguageObjects, EncryptionAlgorithm.ALG_AES_256_GCM_IV12_TAG16_NO_KDF); |
There was a problem hiding this comment.
How do this work on languages that don't support RangeGets? I don't see any logic here to skip this test. I might be also missing something
There was a problem hiding this comment.
I found it in testutils, its with @MethodSource("software.amazon.encryption.s3.TestUtils#rangedGetTransitionClientsForTest") right?
There was a problem hiding this comment.
I found it in testutils, its with @MethodSource("software.amazon.encryption.s3.TestUtils#rangedGetTransitionClientsForTest") right?
Yes
| CreateClientOutput clientOutput = client.createClient(CreateClientInput.builder() | ||
| .config(S3ECConfig.builder() | ||
| .keyMaterial(kmsKeyArn) | ||
| .commitmentPolicy(CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT) |
There was a problem hiding this comment.
I know its decryption but for these sets of test I want it to fail if its not object with committing alg.
| .commitmentPolicy(CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT) | |
| .commitmentPolicy(CommitmentPolicy.REQUIRE_ENCRYPT_REQUIRE_DECRYPT) |
There was a problem hiding this comment.
This and other similar places is imo blocking.
There was a problem hiding this comment.
This test case is trying to successfully decrypt the object using the transition client. For transition, Changing to non-defaults of transition client is invalid configuration, we only allow FORBID_ENCRYPT_ALLOW_DECRYPT and ALG_AES_256_GCM_IV12_TAG16_NO_KDF during client creation (atleast for java)
I think this test server should've already covered this test case of configuring transition clients with incompatible encryption algorithm and commitment policy.
There was a problem hiding this comment.
I've also added test case for improved_configured_with_require_encrypt_require_decrypt_should_fail_to_ranged_get_gcm non-committing objects in GCMTests.java
| .config(S3ECConfig.builder() | ||
| .keyMaterial(kmsKeyArn) | ||
| .commitmentPolicy(CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT) | ||
| .encryptionAlgorithm(EncryptionAlgorithm.ALG_AES_256_GCM_IV12_TAG16_NO_KDF) |
There was a problem hiding this comment.
| .encryptionAlgorithm(EncryptionAlgorithm.ALG_AES_256_GCM_IV12_TAG16_NO_KDF) | |
| .encryptionAlgorithm(EncryptionAlgorithm.ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY) |
…-get # Conflicts: # test-server/java-tests/src/it/java/software/amazon/encryption/s3/KC_GCMTests.java
…hichow/ranged-get
|
Merged Changes in #103. |
2 participants
Issue #, if available:
Description of changes:
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.