Skip to content

Decrypt test #236

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Mar 26, 2020
Merged

Decrypt test #236

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a336ab7
Exclude crypt/nacl package from Javadoc
marekoid Mar 24, 2020
d851213
Add Base64 decoding and test for decryption
marekoid Mar 25, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,12 @@ repositories {
dependencies {
compile "com.google.code.gson:gson:2.2.2"
compile "org.java-websocket:Java-WebSocket:1.4.0"

testCompile "org.mockito:mockito-all:1.8.5"
testCompile "org.powermock:powermock-module-junit4:1.4.11"
testCompile "org.powermock:powermock-api-mockito:1.4.11"

testImplementation "com.google.truth:truth:1.0.1"
}


Expand All @@ -66,6 +69,7 @@ javadoc {
exclude "**/com/pusher/client/channel/impl/*"
exclude "**/com/pusher/client/connection/impl/*"
exclude "**/com/pusher/client/connection/websocket/*"
exclude "**/com/pusher/client/crypto/nacl/*"
exclude "**/org/java_websocket/*"
exclude "**/com/pusher/client/example/*"
options.linkSource = true
Expand Down
39 changes: 39 additions & 0 deletions src/main/java/com/pusher/client/util/Base64.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
package com.pusher.client.util;

// copied from: https://stackoverflow.com/a/4265472/501940
public class Base64 {

private final static char[] ALPHABET =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".toCharArray();

private static int[] toInt = new int[128];

static {
for (int i = 0; i < ALPHABET.length; i++) {
toInt[ALPHABET[i]] = i;
}
}

public static byte[] decode(String base64String) {
Copy link
Contributor

@mdpye mdpye Mar 25, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:sigh: It's a real shame there's no base64 support in java 6...

If this lives in the main tree, can we ensure that it tests validity nicely (no chars outside the alphabet, and padding is correctly applied)? Otherwise, if it's just as a helper in the test, we might move it to the test tree, or just embedding the decoded key in the test...

Copy link
Contributor Author

@marekoid marekoid Mar 25, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why would we be interested in checking validity?

It has to be prod code as it will be needed in prod too (those pieces of data are sent to us base64-encoded).

I also considered bringing code from Apache Commons Codec or Guava but those implementations were much bigger and much more complicated in relation to what we need. It seemed also tricky to cut out just the relevant part for us (simple decoding). I haven't looked thoroughly and particularly looking for that but after an earlier quick scan I haven't noticed any validation code there.

Copy link
Contributor Author

@marekoid marekoid Mar 25, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Writing code to check base64 validity here feels a bit like testing server libs' code, indeed not its code but their platform or 3rd party lib code for base64 encoding... moreover on each client. Fail-fast is nice but when it's not coming at a cost. Indeed when it saves cost of writting some additional code that might result in bugs sneaking through. Here in our case we're not even able to do proper validation. Also even if in nearly impossible case there is any issue with base64 we get from the server libs then ultimately decrypting will fail.

Copy link
Contributor

@mdpye mdpye Mar 26, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, fair enough. Lack of validation in some stdlibs has been frustrating in the server side changes, because I'm accepting base64 as user input, and if it's not valid, I want to tell them that, not tell them that the result is too short (because the invalid bits were just discarded).

But given how many other paces don't seem to validate base64 input, I won't make it a requirement here for machine generated input.

Copy link
Contributor Author

@marekoid marekoid Mar 26, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I took the lack of a reply in the morning as my points not being fully convincing and considered what could be worth to do around validation. I added a valid char check as it can make sense to catch issues clearly if any server lib uses by mistake url base64 encoding #237. Please let me know if you would like to see that merged too.

When it comes to padding size validation that didn't seem worth doing as it only matters when decoding input of concatenated base64 strings which is not the case here:

The padding character is not essential for decoding, since the number of missing bytes can be inferred from the length of the encoded text. In some implementations, the padding character is mandatory, while for others it is not used. An exception where padding characters are required is when multiple Base64 encoded files have been concatenated.

ref: https://en.wikipedia.org/wiki/Base64#Output_padding
Sorry but we live in the times when only strickly essential things are allowed 😉

int delta = base64String.endsWith("==") ? 2 : base64String.endsWith("=") ? 1 : 0;
byte[] buffer = new byte[base64String.length() * 3 / 4 - delta];
int mask = 0xFF;
int index = 0;
for (int i = 0; i < base64String.length(); i += 4) {
int c0 = toInt[base64String.charAt(i)];
int c1 = toInt[base64String.charAt(i + 1)];
buffer[index++] = (byte) (((c0 << 2) | (c1 >> 4)) & mask);
if (index >= buffer.length) {
return buffer;
}
int c2 = toInt[base64String.charAt(i + 2)];
buffer[index++] = (byte) (((c1 << 4) | (c2 >> 2)) & mask);
if (index >= buffer.length) {
return buffer;
}
int c3 = toInt[base64String.charAt(i + 3)];
buffer[index++] = (byte) (((c2 << 6) | c3) & mask);
}
return buffer;
}
}
28 changes: 28 additions & 0 deletions src/test/java/com/pusher/client/crypto/nacl/SecretBoxOpenerTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
package com.pusher.client.crypto.nacl;

import static com.google.common.truth.Truth.assertThat;

import com.pusher.client.util.Base64;
import org.junit.Before;
import org.junit.Test;

public class SecretBoxOpenerTest {

byte[] key = Base64.decode("6071zp2l/GPnDPDXNWTJDHyIZ8pZMvQrYsa4xuTKK2c=");
SecretBoxOpener subject;

@Before
public void setUp() {
subject = new SecretBoxOpener(key);
}

@Test
public void open() {
byte[] cipher = Base64.decode("tvttPE2PRQp0bWDmaPyiEU8YJGztmTvTN77OoPwftTNTdDgJXwxHQPE=");
byte[] nonce = Base64.decode("xsbOS0KylAV2ziTDHrP/7rSFqpCOah3p");

byte[] clearText = subject.open(cipher, nonce);

assertThat(new String(clearText)).isEqualTo("{\"message\":\"hello world\"}");
}
}