nifi-toolkit/nifi-toolkit-encrypt-config/src/test/groovy/org/apache/nifi/toolkit/encryptconfig/NiFiRegistryDecryptModeSpec.groovy - nifi - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.nifi.toolkit.encryptconfig

 import org.bouncycastle.jce.provider.BouncyCastleProvider
 import org.junit.Assume
 import org.slf4j.Logger
 import org.slf4j.LoggerFactory
 import spock.lang.Specification

 import java.security.Security

 import static org.apache.nifi.toolkit.encryptconfig.TestUtil.*

 class NiFiRegistryDecryptModeSpec extends Specification {
     private static final Logger logger = LoggerFactory.getLogger(NiFiRegistryDecryptModeSpec.class)

     ByteArrayOutputStream toolStdOutContent
     PrintStream origSystemOut

     // runs before every feature method
     def setup() {
         origSystemOut = System.out
         toolStdOutContent = new ByteArrayOutputStream();
         System.setOut(new PrintStream(toolStdOutContent));
     }

     // runs after every feature method
     def cleanup() {
         toolStdOutContent.flush()
         System.setOut(origSystemOut);
         toolStdOutContent.close()
     }

     // runs before the first feature method
     def setupSpec() {
         Security.addProvider(new BouncyCastleProvider())
         setupTmpDir()
     }

     // runs after the last feature method
     def cleanupSpec() {
         cleanupTmpDir()
     }

     def "decrypt protected nifi-registry.properties file using -k"() {

         setup:
         NiFiRegistryDecryptMode tool = new NiFiRegistryDecryptMode()
         def inRegistryProperties1 = copyFileToTempFile(RESOURCE_REGISTRY_PROPERTIES_POPULATED_PROTECTED_KEY_128, "nifi-registry.properties")
         File outRegistryProperties1 = generateTmpFile()

         when: "run with args: -k <key> -r <file>"
         tool.run("-k ${KEY_HEX_128} -r ${inRegistryProperties1}".split(" "))
         toolStdOutContent.flush()
         outRegistryProperties1.text = toolStdOutContent.toString()
         then: "decrypted properties file was printed to std out"
         assertPropertiesFilesAreEqual(RESOURCE_REGISTRY_PROPERTIES_POPULATED_UNPROTECTED, outRegistryProperties1.getAbsolutePath(), true)
         and: "input properties file is still encrypted"
         assertPropertiesFilesAreEqual(RESOURCE_REGISTRY_PROPERTIES_POPULATED_PROTECTED_KEY_128, inRegistryProperties1, true)

     }

     def "decrypt protected nifi-registry.properties file using -p [256-bit]"() {

         Assume.assumeTrue("Test only runs when unlimited strength crypto is available", isUnlimitedStrengthCryptoAvailable())

         setup:
         NiFiRegistryDecryptMode tool = new NiFiRegistryDecryptMode()
         def inRegistryProperties1 = copyFileToTempFile(RESOURCE_REGISTRY_PROPERTIES_POPULATED_PROTECTED_PASSWORD_256, "nifi-registry.properties")
         File outRegistryProperties1 = generateTmpFile()

         when: "run with args: -p <password> -r <file>"
         tool.run("-p ${PASSWORD} -r ${inRegistryProperties1}".split(" "))
         toolStdOutContent.flush()
         outRegistryProperties1.text = toolStdOutContent.toString()
         then: "decrypted properties file was printed to std out"
         assertPropertiesFilesAreEqual(RESOURCE_REGISTRY_PROPERTIES_POPULATED_UNPROTECTED, outRegistryProperties1.getAbsolutePath(), true)
         and: "input properties file is still encrypted"
         assertPropertiesFilesAreEqual(RESOURCE_REGISTRY_PROPERTIES_POPULATED_PROTECTED_PASSWORD_256, inRegistryProperties1, true)

     }

     def "decrypt protected nifi-registry.properties file using -b"() {

         setup:
         NiFiRegistryDecryptMode tool = new NiFiRegistryDecryptMode()
         def inRegistryProperties = copyFileToTempFile(RESOURCE_REGISTRY_PROPERTIES_POPULATED_PROTECTED_KEY_128, "nifi-registry.properties")
         def inBootstrap = copyFileToTempFile(RESOURCE_REGISTRY_BOOTSTRAP_KEY_128)
         File outRegistryProperties = generateTmpFile()

         when: "run with args: -b <file> -r <file>"
         tool.run("-b ${inBootstrap} -r ${inRegistryProperties}".split(" "))
         toolStdOutContent.flush()
         outRegistryProperties.text = toolStdOutContent.toString()
         then: "decrypted properties file was printed to std out"
         assertPropertiesFilesAreEqual(RESOURCE_REGISTRY_PROPERTIES_POPULATED_UNPROTECTED, outRegistryProperties.getAbsolutePath(), true)
         and: "input properties file is still encrypted"
         assertPropertiesFilesAreEqual(RESOURCE_REGISTRY_PROPERTIES_POPULATED_PROTECTED_KEY_128, inRegistryProperties, true)

     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.nifi.toolkit.encryptconfig

	import org.bouncycastle.jce.provider.BouncyCastleProvider
	import org.junit.Assume
	import org.slf4j.Logger
	import org.slf4j.LoggerFactory
	import spock.lang.Specification

	import java.security.Security

	import static org.apache.nifi.toolkit.encryptconfig.TestUtil.*

	class NiFiRegistryDecryptModeSpec extends Specification {
	private static final Logger logger = LoggerFactory.getLogger(NiFiRegistryDecryptModeSpec.class)

	ByteArrayOutputStream toolStdOutContent
	PrintStream origSystemOut

	// runs before every feature method
	def setup() {
	origSystemOut = System.out
	toolStdOutContent = new ByteArrayOutputStream();
	System.setOut(new PrintStream(toolStdOutContent));
	}

	// runs after every feature method
	def cleanup() {
	toolStdOutContent.flush()
	System.setOut(origSystemOut);
	toolStdOutContent.close()
	}

	// runs before the first feature method
	def setupSpec() {
	Security.addProvider(new BouncyCastleProvider())
	setupTmpDir()
	}

	// runs after the last feature method
	def cleanupSpec() {
	cleanupTmpDir()
	}

	def "decrypt protected nifi-registry.properties file using -k"() {

	setup:
	NiFiRegistryDecryptMode tool = new NiFiRegistryDecryptMode()
	def inRegistryProperties1 = copyFileToTempFile(RESOURCE_REGISTRY_PROPERTIES_POPULATED_PROTECTED_KEY_128, "nifi-registry.properties")
	File outRegistryProperties1 = generateTmpFile()

	when: "run with args: -k <key> -r <file>"
	tool.run("-k ${KEY_HEX_128} -r ${inRegistryProperties1}".split(" "))
	toolStdOutContent.flush()
	outRegistryProperties1.text = toolStdOutContent.toString()
	then: "decrypted properties file was printed to std out"
	assertPropertiesFilesAreEqual(RESOURCE_REGISTRY_PROPERTIES_POPULATED_UNPROTECTED, outRegistryProperties1.getAbsolutePath(), true)
	and: "input properties file is still encrypted"
	assertPropertiesFilesAreEqual(RESOURCE_REGISTRY_PROPERTIES_POPULATED_PROTECTED_KEY_128, inRegistryProperties1, true)

	}

	def "decrypt protected nifi-registry.properties file using -p [256-bit]"() {

	Assume.assumeTrue("Test only runs when unlimited strength crypto is available", isUnlimitedStrengthCryptoAvailable())

	setup:
	NiFiRegistryDecryptMode tool = new NiFiRegistryDecryptMode()
	def inRegistryProperties1 = copyFileToTempFile(RESOURCE_REGISTRY_PROPERTIES_POPULATED_PROTECTED_PASSWORD_256, "nifi-registry.properties")
	File outRegistryProperties1 = generateTmpFile()

	when: "run with args: -p <password> -r <file>"
	tool.run("-p ${PASSWORD} -r ${inRegistryProperties1}".split(" "))
	toolStdOutContent.flush()
	outRegistryProperties1.text = toolStdOutContent.toString()
	then: "decrypted properties file was printed to std out"
	assertPropertiesFilesAreEqual(RESOURCE_REGISTRY_PROPERTIES_POPULATED_UNPROTECTED, outRegistryProperties1.getAbsolutePath(), true)
	and: "input properties file is still encrypted"
	assertPropertiesFilesAreEqual(RESOURCE_REGISTRY_PROPERTIES_POPULATED_PROTECTED_PASSWORD_256, inRegistryProperties1, true)

	}

	def "decrypt protected nifi-registry.properties file using -b"() {

	setup:
	NiFiRegistryDecryptMode tool = new NiFiRegistryDecryptMode()
	def inRegistryProperties = copyFileToTempFile(RESOURCE_REGISTRY_PROPERTIES_POPULATED_PROTECTED_KEY_128, "nifi-registry.properties")
	def inBootstrap = copyFileToTempFile(RESOURCE_REGISTRY_BOOTSTRAP_KEY_128)
	File outRegistryProperties = generateTmpFile()

	when: "run with args: -b <file> -r <file>"
	tool.run("-b ${inBootstrap} -r ${inRegistryProperties}".split(" "))
	toolStdOutContent.flush()
	outRegistryProperties.text = toolStdOutContent.toString()
	then: "decrypted properties file was printed to std out"
	assertPropertiesFilesAreEqual(RESOURCE_REGISTRY_PROPERTIES_POPULATED_UNPROTECTED, outRegistryProperties.getAbsolutePath(), true)
	and: "input properties file is still encrypted"
	assertPropertiesFilesAreEqual(RESOURCE_REGISTRY_PROPERTIES_POPULATED_PROTECTED_KEY_128, inRegistryProperties, true)

	}

	}