Revision 1d75969e
Added by Dominic Cleal over 7 years ago
test/unit/encryptable_test.rb | ||
---|---|---|
end
|
||
|
||
def cr_with_encryption_key
|
||
stub_encryption_key(FactoryGirl.build(:ec2_cr, password: 'encrypted-NEN1YVJtdWdaaTdlOHdiUXRHd29nWUZsOHc1UjdMb3p1MFZLenlLekFEbz0tLVA0MGVzUEorUDlJZHVUV2F6azUzUEE9PQ==--9f45d5c88ec582eeb48ebb906ae0a66345ded0fa'))
|
||
stub_encryption_key(FactoryGirl.build(:ec2_cr, password: 'encrypted-aXVpUzdTSTArRlFwR1RKTy90QWFKQVZDOERGQXhteUFaMG1xVnMxWmFuaz0tLTJHcnlIUDV3N0RrcjhkMWRzdWtJNkE9PQ==--e9227b0757885a231036fe9a7e4f959cfdf66f56'))
|
||
end
|
||
|
||
def stub_encryption_key(model)
|
||
model.stubs(:encryption_key).returns('25d224dd383e92a7e0c82b8bf7c985e815f34cf5')
|
||
def cr_with_long_encryption_key
|
||
stub_encryption_key(FactoryGirl.build(:ec2_cr, password: 'encrypted-NEN1YVJtdWdaaTdlOHdiUXRHd29nWUZsOHc1UjdMb3p1MFZLenlLekFEbz0tLVA0MGVzUEorUDlJZHVUV2F6azUzUEE9PQ==--9f45d5c88ec582eeb48ebb906ae0a66345ded0fa'), '25d224dd383e92a7e0c82b8bf7c985e815f34cf5')
|
||
end
|
||
|
||
def stub_encryption_key(model, key = '25d224dd383e92a7e0c82b8bf7c985e8')
|
||
model.stubs(:encryption_key).returns(key)
|
||
model
|
||
end
|
||
|
||
... | ... | |
assert_equal plain_str, decrypted_str
|
||
end
|
||
|
||
test "decrypt successfully with over-sized key" do
|
||
compute_resource = cr_with_long_encryption_key
|
||
plain_str = "secretpassword"
|
||
encrypted_str = compute_resource.encrypt_field(plain_str)
|
||
decrypted_str = compute_resource.decrypt_field(encrypted_str)
|
||
refute_equal encrypted_str, decrypted_str
|
||
assert_equal plain_str, decrypted_str
|
||
end
|
||
|
||
test "encrypt_field returns nil if password is nil" do
|
||
compute_resource = cr_with_encryption_key
|
||
encrypted_str = compute_resource.encrypt_field(nil)
|
Also available in: Unified diff
fixes #18735 - truncate encryption key to match preferred length (#4350)
Ruby 2.4's OpenSSL bindings raise an ArgumentError during encryption if
the key length exceeds the cipher's configured length (32 bytes with the
default cipher), but the verification hash algorithm still uses the full
length key.
The encryption key is now truncated to the cipher's preferred length
while passing the full key (if supplied) for signatures.
The default new key length has been changed from 40 to 32 bytes matching
the cipher default, but there's no reason to deprecate or force existing
installations to change.