diff options
| author | Tor Brede Vekterli <vekterli@yahooinc.com> | 2022-11-01 13:44:42 +0100 |
|---|---|---|
| committer | Tor Brede Vekterli <vekterli@yahooinc.com> | 2022-11-01 14:43:54 +0100 |
| commit | f59b56ae4b8fafc67ec1828f03ce3178afaf037d (patch) | |
| tree | 37be6e743672efbd4816ad39cb05ab46cad66e0a /vespaclient-java/src/test/java/com/yahoo | |
| parent | 43803ae25a68b4708f5846b7021e1dc3b68a82c6 (diff) | |
Let token key IDs be UTF-8 byte strings instead of just an integer
This makes key IDs vastly more expressive. Max size is 255 bytes,
and UTF-8 form is enforced by checking that the byte sequence can be
identity-transformed to and from a string with UTF-8 encoding.
In addition, we now protect the integrity of the key ID by supplying
it as the AAD parameter to the key sealing and opening operations.
Reduce v1 token max length of `enc` part to 255, since this is always
an X25519 public key, which is never bigger than 32 bytes (but may
be _less_ if the random `BigInteger` is small enough, so we still have
to encode the length).
Diffstat (limited to 'vespaclient-java/src/test/java/com/yahoo')
| -rw-r--r-- | vespaclient-java/src/test/java/com/yahoo/vespa/security/tool/CryptoToolsTest.java | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/vespaclient-java/src/test/java/com/yahoo/vespa/security/tool/CryptoToolsTest.java b/vespaclient-java/src/test/java/com/yahoo/vespa/security/tool/CryptoToolsTest.java index 55d0a10e660..a3651888441 100644 --- a/vespaclient-java/src/test/java/com/yahoo/vespa/security/tool/CryptoToolsTest.java +++ b/vespaclient-java/src/test/java/com/yahoo/vespa/security/tool/CryptoToolsTest.java @@ -144,10 +144,10 @@ public class CryptoToolsTest { private static final String TEST_PRIV_KEY = "4qGcntygFn_a3uqeBa1PbDlygQ-cpOuNznTPIz9ftWE"; private static final String TEST_PUB_KEY = "ROAH_S862tNMpbJ49lu1dPXFCPHFIXZK30pSrMZEmEg"; - // Token created for the above public key (matching the above private key), using key id 1 - private static final String TEST_TOKEN = "AQAAAQAgwyxd7bFNQB_2LdL3bw-xFlvrxXhs7WWNVCKZ4" + - "EFeNVtu42JMwM74bMN4E46v6mYcfQNPzcMGaP22Wl2cTnji0A"; - private static final int TEST_TOKEN_KEY_ID = 1; + // Token created for the above public key (matching the above private key), using key id "my key ID" + private static final String TEST_TOKEN = "AQlteSBrZXkgSUQgAtTxJJdmv3eUoW5Z3NJSdZ3poKPEkW0SJOG" + + "QXP6CaC5XfyAVoUlK_NyYIMsJKyNYKU6WmagZpVG2zQGFJoqiFA"; + private static final String TEST_TOKEN_KEY_ID = "my key ID"; @Test void encrypt_fails_with_error_message_if_no_input_file_is_given() throws IOException { @@ -177,7 +177,7 @@ public class CryptoToolsTest { "--output-file", "foo", "--recipient-private-key-file", absPathOf(privKeyFile), "--token", TEST_TOKEN, - "--key-id", Integer.toString(TEST_TOKEN_KEY_ID)), + "--key-id", TEST_TOKEN_KEY_ID), "Invalid command line arguments: Expected exactly 1 file argument to decrypt\n"); } @@ -191,7 +191,7 @@ public class CryptoToolsTest { "--output-file", "foo", "--recipient-private-key-file", absPathOf(privKeyFile), "--token", TEST_TOKEN, - "--key-id", Integer.toString(TEST_TOKEN_KEY_ID)), + "--key-id", TEST_TOKEN_KEY_ID), "Invalid command line arguments: Input file 'no-such-file' does not exist\n"); } @@ -208,9 +208,9 @@ public class CryptoToolsTest { "--output-file", "foo", "--recipient-private-key-file", absPathOf(privKeyFile), "--token", TEST_TOKEN, - "--key-id", Integer.toString(TEST_TOKEN_KEY_ID + 1)), - "Invalid command line arguments: Key ID specified with --key-id (2) does not match " + - "key ID used when generating the supplied token (1)\n"); + "--key-id", TEST_TOKEN_KEY_ID + "-wrong"), + "Invalid command line arguments: Key ID specified with --key-id does not " + + "match key ID used when generating the supplied token\n"); } @Test |