├── .travis.yml ├── gradle └── wrapper │ ├── gradle-wrapper.jar │ └── gradle-wrapper.properties ├── src ├── main │ ├── java │ │ └── com │ │ │ └── example │ │ │ └── spring │ │ │ └── data │ │ │ └── jpa │ │ │ └── encryption │ │ │ ├── domain │ │ │ ├── UserRepository.java │ │ │ └── User.java │ │ │ ├── SpringDataJpaEncryptionExampleApplication.java │ │ │ └── converters │ │ │ ├── KeyProperty.java │ │ │ ├── StringCryptoConverter.java │ │ │ ├── LocalDateCryptoConverter.java │ │ │ ├── LocalDateTimeCryptoConverter.java │ │ │ ├── CipherInitializer.java │ │ │ └── AbstractCryptoConverter.java │ └── resources │ │ └── application.yml └── test │ └── java │ └── com │ └── example │ └── spring │ └── data │ └── jpa │ └── encryption │ ├── domain │ ├── EncryptionHelper.java │ └── UserRepositoryTest.java │ └── converters │ ├── CipherInitializerTest.java │ ├── StringCryptoConverterTest.java │ ├── LocalDateCryptoConverterTest.java │ └── LocalDateTimeCryptoConverterTest.java ├── .gitignore ├── README.md ├── gradlew.bat └── gradlew /.travis.yml: -------------------------------------------------------------------------------- 1 | language: java 2 | 3 | jdk: 4 | - openjdk11 5 | 6 | script: 7 | - chmod +x gradlew 8 | - ./gradlew clean check 9 | -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/damienbeaufils/spring-data-jpa-encryption-example/HEAD/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | distributionBase=GRADLE_USER_HOME 2 | distributionPath=wrapper/dists 3 | distributionUrl=https\://services.gradle.org/distributions/gradle-4.10.2-all.zip 4 | zipStoreBase=GRADLE_USER_HOME 5 | zipStorePath=wrapper/dists 6 | -------------------------------------------------------------------------------- /src/main/java/com/example/spring/data/jpa/encryption/domain/UserRepository.java: -------------------------------------------------------------------------------- 1 | package com.example.spring.data.jpa.encryption.domain; 2 | 3 | import org.springframework.data.jpa.repository.JpaRepository; 4 | 5 | public interface UserRepository extends JpaRepository { 6 | } 7 | -------------------------------------------------------------------------------- /src/main/resources/application.yml: -------------------------------------------------------------------------------- 1 | example: 2 | database: 3 | encryption: 4 | key: null 5 | 6 | server: 7 | port: ${PORT:8080} 8 | 9 | spring: 10 | datasource: 11 | url: jdbc:h2:mem:test;AUTO_SERVER=TRUE;FILE_LOCK=FILE 12 | username: sa 13 | password: 14 | driver-class-name: org.h2.Driver 15 | jpa: 16 | hibernate: 17 | ddl-auto: update 18 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .gradle 2 | /build/ 3 | !gradle/wrapper/gradle-wrapper.jar 4 | 5 | ### STS ### 6 | .apt_generated 7 | .classpath 8 | .factorypath 9 | .project 10 | .settings 11 | .springBeans 12 | .sts4-cache 13 | 14 | ### IntelliJ IDEA ### 15 | .idea 16 | *.iws 17 | *.iml 18 | *.ipr 19 | /out/ 20 | 21 | ### NetBeans ### 22 | /nbproject/private/ 23 | /nbbuild/ 24 | /dist/ 25 | /nbdist/ 26 | /.nb-gradle/ 27 | -------------------------------------------------------------------------------- /src/main/java/com/example/spring/data/jpa/encryption/SpringDataJpaEncryptionExampleApplication.java: -------------------------------------------------------------------------------- 1 | package com.example.spring.data.jpa.encryption; 2 | 3 | import org.springframework.boot.SpringApplication; 4 | import org.springframework.boot.autoconfigure.SpringBootApplication; 5 | 6 | @SpringBootApplication 7 | public class SpringDataJpaEncryptionExampleApplication { 8 | 9 | public static void main(String[] args) { 10 | SpringApplication.run(SpringDataJpaEncryptionExampleApplication.class, args); 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /src/main/java/com/example/spring/data/jpa/encryption/converters/KeyProperty.java: -------------------------------------------------------------------------------- 1 | package com.example.spring.data.jpa.encryption.converters; 2 | 3 | import org.springframework.beans.factory.annotation.Value; 4 | import org.springframework.stereotype.Component; 5 | 6 | @Component 7 | public class KeyProperty { 8 | 9 | public static String DATABASE_ENCRYPTION_KEY; 10 | 11 | @Value("${example.database.encryption.key}") 12 | public void setDatabase(String databaseEncryptionKey) { 13 | DATABASE_ENCRYPTION_KEY = databaseEncryptionKey; 14 | } 15 | 16 | } 17 | -------------------------------------------------------------------------------- /src/test/java/com/example/spring/data/jpa/encryption/domain/EncryptionHelper.java: -------------------------------------------------------------------------------- 1 | package com.example.spring.data.jpa.encryption.domain; 2 | 3 | import com.example.spring.data.jpa.encryption.converters.KeyProperty; 4 | import org.springframework.boot.test.autoconfigure.orm.jpa.TestEntityManager; 5 | 6 | final class EncryptionHelper { 7 | 8 | private EncryptionHelper() { 9 | } 10 | 11 | static void enableDatabaseEncryption(TestEntityManager testEntityManager) { 12 | KeyProperty.DATABASE_ENCRYPTION_KEY = "MySuperSecretKey"; 13 | testEntityManager.clear(); 14 | } 15 | 16 | static void disableDatabaseEncryption(TestEntityManager testEntityManager) { 17 | KeyProperty.DATABASE_ENCRYPTION_KEY = null; 18 | testEntityManager.clear(); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /src/main/java/com/example/spring/data/jpa/encryption/converters/StringCryptoConverter.java: -------------------------------------------------------------------------------- 1 | package com.example.spring.data.jpa.encryption.converters; 2 | 3 | import javax.persistence.Converter; 4 | 5 | import static org.apache.commons.lang3.StringUtils.isNotEmpty; 6 | 7 | @Converter 8 | public class StringCryptoConverter extends AbstractCryptoConverter { 9 | 10 | public StringCryptoConverter() { 11 | this(new CipherInitializer()); 12 | } 13 | 14 | public StringCryptoConverter(CipherInitializer cipherInitializer) { 15 | super(cipherInitializer); 16 | } 17 | 18 | @Override 19 | boolean isNotNullOrEmpty(String attribute) { 20 | return isNotEmpty(attribute); 21 | } 22 | 23 | @Override 24 | String stringToEntityAttribute(String dbData) { 25 | return dbData; 26 | } 27 | 28 | @Override 29 | String entityAttributeToString(String attribute) { 30 | return attribute; 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /src/main/java/com/example/spring/data/jpa/encryption/converters/LocalDateCryptoConverter.java: -------------------------------------------------------------------------------- 1 | package com.example.spring.data.jpa.encryption.converters; 2 | 3 | import javax.persistence.Converter; 4 | import java.time.LocalDate; 5 | 6 | import static java.time.format.DateTimeFormatter.ISO_DATE; 7 | import static org.apache.commons.lang3.StringUtils.isEmpty; 8 | 9 | @Converter 10 | public class LocalDateCryptoConverter extends AbstractCryptoConverter { 11 | 12 | public LocalDateCryptoConverter() { 13 | this(new CipherInitializer()); 14 | } 15 | 16 | public LocalDateCryptoConverter(CipherInitializer cipherInitializer) { 17 | super(cipherInitializer); 18 | } 19 | 20 | @Override 21 | boolean isNotNullOrEmpty(LocalDate attribute) { 22 | return attribute != null; 23 | } 24 | 25 | @Override 26 | LocalDate stringToEntityAttribute(String dbData) { 27 | return isEmpty(dbData) ? null : LocalDate.parse(dbData, ISO_DATE); 28 | } 29 | 30 | @Override 31 | String entityAttributeToString(LocalDate attribute) { 32 | return attribute == null ? null : attribute.format(ISO_DATE); 33 | } 34 | 35 | } 36 | -------------------------------------------------------------------------------- /src/main/java/com/example/spring/data/jpa/encryption/converters/LocalDateTimeCryptoConverter.java: -------------------------------------------------------------------------------- 1 | package com.example.spring.data.jpa.encryption.converters; 2 | 3 | import javax.persistence.Converter; 4 | import java.time.LocalDateTime; 5 | 6 | import static java.time.format.DateTimeFormatter.ISO_DATE_TIME; 7 | import static org.apache.commons.lang3.StringUtils.isEmpty; 8 | 9 | @Converter 10 | public class LocalDateTimeCryptoConverter extends AbstractCryptoConverter { 11 | 12 | public LocalDateTimeCryptoConverter() { 13 | this(new CipherInitializer()); 14 | } 15 | 16 | public LocalDateTimeCryptoConverter(CipherInitializer cipherInitializer) { 17 | super(cipherInitializer); 18 | } 19 | 20 | @Override 21 | boolean isNotNullOrEmpty(LocalDateTime attribute) { 22 | return attribute != null; 23 | } 24 | 25 | @Override 26 | LocalDateTime stringToEntityAttribute(String dbData) { 27 | return isEmpty(dbData) ? null : LocalDateTime.parse(dbData, ISO_DATE_TIME); 28 | } 29 | 30 | @Override 31 | String entityAttributeToString(LocalDateTime attribute) { 32 | return attribute == null ? null : attribute.format(ISO_DATE_TIME); 33 | } 34 | 35 | } 36 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # spring-data-jpa-encryption-example 2 | 3 | [![Build Status](https://travis-ci.org/damienbeaufils/spring-data-jpa-encryption-example.svg?branch=master)](https://travis-ci.org/damienbeaufils/spring-data-jpa-encryption-example) 4 | 5 | An example of how to encrypt and decrypt entity fields with JPA converters and Spring Data JPA. 6 | See [blog post](https://damienbeaufils.dev/blog/how-to-properly-encrypt-data-using-jpa-converters-and-spring-data-jpa/). 7 | 8 | ## Requirements 9 | 10 | Java 11 11 | 12 | 13 | ## How is encryption enabled 14 | 15 | ### Entity 16 | 17 | There is a `User` entity which have different fields: `id`, `firstName`, `lastName`, `email`, `birthDate` and `creationDate`. 18 | 19 | All fields except `id` are encrypted in database using AES algorithm. 20 | 21 | ### Repository 22 | 23 | There is a simple `UserRepository` which extends Spring Data `JpaRepository`. 24 | 25 | ### Converters 26 | 27 | Encryption is enabled on fields using different JPA converters: `StringCryptoConverter`, `LocalDateCryptoConverter` and `LocalDateTimeCryptoConverter`. 28 | This is verified with `UserRepositoryTest` integration test. 29 | 30 | All converters are unit tested. 31 | 32 | ### Encryption key 33 | 34 | Encryption key is empty by default (see `example.database.encryption.key` configuration key in `application.yml`). 35 | 36 | You have to provide an encryption key in configuration or specify it in options when running application. 37 | 38 | 39 | ## Run tests 40 | 41 | ``` 42 | ./gradlew check 43 | ``` 44 | -------------------------------------------------------------------------------- /src/main/java/com/example/spring/data/jpa/encryption/converters/CipherInitializer.java: -------------------------------------------------------------------------------- 1 | package com.example.spring.data.jpa.encryption.converters; 2 | 3 | import javax.crypto.Cipher; 4 | import javax.crypto.NoSuchPaddingException; 5 | import javax.crypto.spec.IvParameterSpec; 6 | import javax.crypto.spec.SecretKeySpec; 7 | import java.security.InvalidAlgorithmParameterException; 8 | import java.security.InvalidKeyException; 9 | import java.security.Key; 10 | import java.security.NoSuchAlgorithmException; 11 | import java.security.spec.AlgorithmParameterSpec; 12 | 13 | public class CipherInitializer { 14 | 15 | private static final String CIPHER_INSTANCE_NAME = "AES/CBC/PKCS5Padding"; 16 | private static final String SECRET_KEY_ALGORITHM = "AES"; 17 | 18 | public Cipher prepareAndInitCipher(int encryptionMode, String key) throws InvalidKeyException, NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException { 19 | Cipher cipher = Cipher.getInstance(CIPHER_INSTANCE_NAME); 20 | Key secretKey = new SecretKeySpec(key.getBytes(), SECRET_KEY_ALGORITHM); 21 | AlgorithmParameterSpec algorithmParameters = getAlgorithmParameterSpec(cipher); 22 | 23 | callCipherInit(cipher, encryptionMode, secretKey, algorithmParameters); 24 | return cipher; 25 | } 26 | 27 | void callCipherInit(Cipher cipher, int encryptionMode, Key secretKey, AlgorithmParameterSpec algorithmParameters) throws InvalidKeyException, InvalidAlgorithmParameterException { 28 | cipher.init(encryptionMode, secretKey, algorithmParameters); 29 | } 30 | 31 | int getCipherBlockSize(Cipher cipher) { 32 | return cipher.getBlockSize(); 33 | } 34 | 35 | private AlgorithmParameterSpec getAlgorithmParameterSpec(Cipher cipher) { 36 | byte[] iv = new byte[getCipherBlockSize(cipher)]; 37 | return new IvParameterSpec(iv); 38 | } 39 | 40 | } 41 | -------------------------------------------------------------------------------- /gradlew.bat: -------------------------------------------------------------------------------- 1 | @if "%DEBUG%" == "" @echo off 2 | @rem ########################################################################## 3 | @rem 4 | @rem Gradle startup script for Windows 5 | @rem 6 | @rem ########################################################################## 7 | 8 | @rem Set local scope for the variables with windows NT shell 9 | if "%OS%"=="Windows_NT" setlocal 10 | 11 | set DIRNAME=%~dp0 12 | if "%DIRNAME%" == "" set DIRNAME=. 13 | set APP_BASE_NAME=%~n0 14 | set APP_HOME=%DIRNAME% 15 | 16 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 17 | set DEFAULT_JVM_OPTS= 18 | 19 | @rem Find java.exe 20 | if defined JAVA_HOME goto findJavaFromJavaHome 21 | 22 | set JAVA_EXE=java.exe 23 | %JAVA_EXE% -version >NUL 2>&1 24 | if "%ERRORLEVEL%" == "0" goto init 25 | 26 | echo. 27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 28 | echo. 29 | echo Please set the JAVA_HOME variable in your environment to match the 30 | echo location of your Java installation. 31 | 32 | goto fail 33 | 34 | :findJavaFromJavaHome 35 | set JAVA_HOME=%JAVA_HOME:"=% 36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 37 | 38 | if exist "%JAVA_EXE%" goto init 39 | 40 | echo. 41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 42 | echo. 43 | echo Please set the JAVA_HOME variable in your environment to match the 44 | echo location of your Java installation. 45 | 46 | goto fail 47 | 48 | :init 49 | @rem Get command-line arguments, handling Windows variants 50 | 51 | if not "%OS%" == "Windows_NT" goto win9xME_args 52 | 53 | :win9xME_args 54 | @rem Slurp the command line arguments. 55 | set CMD_LINE_ARGS= 56 | set _SKIP=2 57 | 58 | :win9xME_args_slurp 59 | if "x%~1" == "x" goto execute 60 | 61 | set CMD_LINE_ARGS=%* 62 | 63 | :execute 64 | @rem Setup the command line 65 | 66 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 67 | 68 | @rem Execute Gradle 69 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% 70 | 71 | :end 72 | @rem End local scope for the variables with windows NT shell 73 | if "%ERRORLEVEL%"=="0" goto mainEnd 74 | 75 | :fail 76 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 77 | rem the _cmd.exe /c_ return code! 78 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 79 | exit /b 1 80 | 81 | :mainEnd 82 | if "%OS%"=="Windows_NT" endlocal 83 | 84 | :omega 85 | -------------------------------------------------------------------------------- /src/main/java/com/example/spring/data/jpa/encryption/domain/User.java: -------------------------------------------------------------------------------- 1 | package com.example.spring.data.jpa.encryption.domain; 2 | 3 | import com.example.spring.data.jpa.encryption.converters.LocalDateCryptoConverter; 4 | import com.example.spring.data.jpa.encryption.converters.LocalDateTimeCryptoConverter; 5 | import com.example.spring.data.jpa.encryption.converters.StringCryptoConverter; 6 | 7 | import javax.persistence.*; 8 | import java.time.LocalDate; 9 | import java.time.LocalDateTime; 10 | 11 | import static javax.persistence.GenerationType.IDENTITY; 12 | 13 | @Entity 14 | @Table(name = "user") 15 | public class User { 16 | 17 | @Id 18 | @GeneratedValue(strategy = IDENTITY) 19 | @Column(name = "id") 20 | private Long id; 21 | 22 | @Column(name = "first_name") 23 | @Convert(converter = StringCryptoConverter.class) 24 | private String firstName; 25 | 26 | @Column(name = "last_name") 27 | @Convert(converter = StringCryptoConverter.class) 28 | private String lastName; 29 | 30 | @Column(name = "email") 31 | @Convert(converter = StringCryptoConverter.class) 32 | private String email; 33 | 34 | @Column(name = "birth_date") 35 | @Convert(converter = LocalDateCryptoConverter.class) 36 | private LocalDate birthDate; 37 | 38 | @Column(name = "creation_date") 39 | @Convert(converter = LocalDateTimeCryptoConverter.class) 40 | private LocalDateTime creationDate; 41 | 42 | public Long getId() { 43 | return id; 44 | } 45 | 46 | public void setId(Long id) { 47 | this.id = id; 48 | } 49 | 50 | public String getFirstName() { 51 | return firstName; 52 | } 53 | 54 | public void setFirstName(String firstName) { 55 | this.firstName = firstName; 56 | } 57 | 58 | public String getLastName() { 59 | return lastName; 60 | } 61 | 62 | public void setLastName(String lastName) { 63 | this.lastName = lastName; 64 | } 65 | 66 | public String getEmail() { 67 | return email; 68 | } 69 | 70 | public void setEmail(String email) { 71 | this.email = email; 72 | } 73 | 74 | public LocalDate getBirthDate() { 75 | return birthDate; 76 | } 77 | 78 | public void setBirthDate(LocalDate birthDate) { 79 | this.birthDate = birthDate; 80 | } 81 | 82 | public LocalDateTime getCreationDate() { 83 | return creationDate; 84 | } 85 | 86 | public void setCreationDate(LocalDateTime creationDate) { 87 | this.creationDate = creationDate; 88 | } 89 | } 90 | -------------------------------------------------------------------------------- /src/main/java/com/example/spring/data/jpa/encryption/converters/AbstractCryptoConverter.java: -------------------------------------------------------------------------------- 1 | package com.example.spring.data.jpa.encryption.converters; 2 | 3 | import javax.crypto.BadPaddingException; 4 | import javax.crypto.Cipher; 5 | import javax.crypto.IllegalBlockSizeException; 6 | import javax.crypto.NoSuchPaddingException; 7 | import javax.persistence.AttributeConverter; 8 | import java.security.InvalidAlgorithmParameterException; 9 | import java.security.InvalidKeyException; 10 | import java.security.NoSuchAlgorithmException; 11 | import java.util.Base64; 12 | 13 | import static com.example.spring.data.jpa.encryption.converters.KeyProperty.DATABASE_ENCRYPTION_KEY; 14 | import static org.apache.commons.lang3.StringUtils.isNotEmpty; 15 | 16 | abstract class AbstractCryptoConverter implements AttributeConverter { 17 | 18 | private CipherInitializer cipherInitializer; 19 | 20 | public AbstractCryptoConverter() { 21 | this(new CipherInitializer()); 22 | } 23 | 24 | public AbstractCryptoConverter(CipherInitializer cipherInitializer) { 25 | this.cipherInitializer = cipherInitializer; 26 | } 27 | 28 | @Override 29 | public String convertToDatabaseColumn(T attribute) { 30 | if (isNotEmpty(DATABASE_ENCRYPTION_KEY) && isNotNullOrEmpty(attribute)) { 31 | try { 32 | Cipher cipher = cipherInitializer.prepareAndInitCipher(Cipher.ENCRYPT_MODE, DATABASE_ENCRYPTION_KEY); 33 | return encrypt(cipher, attribute); 34 | } catch (NoSuchAlgorithmException | InvalidKeyException | InvalidAlgorithmParameterException | BadPaddingException | NoSuchPaddingException | IllegalBlockSizeException e) { 35 | throw new RuntimeException(e); 36 | } 37 | } 38 | return entityAttributeToString(attribute); 39 | } 40 | 41 | @Override 42 | public T convertToEntityAttribute(String dbData) { 43 | if (isNotEmpty(DATABASE_ENCRYPTION_KEY) && isNotEmpty(dbData)) { 44 | try { 45 | Cipher cipher = cipherInitializer.prepareAndInitCipher(Cipher.DECRYPT_MODE, DATABASE_ENCRYPTION_KEY); 46 | return decrypt(cipher, dbData); 47 | } catch (NoSuchAlgorithmException | InvalidKeyException | InvalidAlgorithmParameterException | BadPaddingException | NoSuchPaddingException | IllegalBlockSizeException e) { 48 | throw new RuntimeException(e); 49 | } 50 | } 51 | return stringToEntityAttribute(dbData); 52 | } 53 | 54 | abstract boolean isNotNullOrEmpty(T attribute); 55 | 56 | abstract T stringToEntityAttribute(String dbData); 57 | 58 | abstract String entityAttributeToString(T attribute); 59 | 60 | byte[] callCipherDoFinal(Cipher cipher, byte[] bytes) throws IllegalBlockSizeException, BadPaddingException { 61 | return cipher.doFinal(bytes); 62 | } 63 | 64 | private String encrypt(Cipher cipher, T attribute) throws IllegalBlockSizeException, BadPaddingException { 65 | byte[] bytesToEncrypt = entityAttributeToString(attribute).getBytes(); 66 | byte[] encryptedBytes = callCipherDoFinal(cipher, bytesToEncrypt); 67 | return Base64.getEncoder().encodeToString(encryptedBytes); 68 | } 69 | 70 | private T decrypt(Cipher cipher, String dbData) throws IllegalBlockSizeException, BadPaddingException { 71 | byte[] encryptedBytes = Base64.getDecoder().decode(dbData); 72 | byte[] decryptedBytes = callCipherDoFinal(cipher, encryptedBytes); 73 | return stringToEntityAttribute(new String(decryptedBytes)); 74 | } 75 | } 76 | -------------------------------------------------------------------------------- /src/test/java/com/example/spring/data/jpa/encryption/converters/CipherInitializerTest.java: -------------------------------------------------------------------------------- 1 | package com.example.spring.data.jpa.encryption.converters; 2 | 3 | import org.junit.jupiter.api.BeforeEach; 4 | import org.junit.jupiter.api.Nested; 5 | import org.junit.jupiter.api.Test; 6 | import org.mockito.ArgumentCaptor; 7 | 8 | import javax.crypto.Cipher; 9 | import javax.crypto.spec.IvParameterSpec; 10 | import java.security.Key; 11 | import java.security.spec.AlgorithmParameterSpec; 12 | 13 | import static org.assertj.core.api.Assertions.assertThat; 14 | import static org.mockito.Mockito.*; 15 | 16 | class CipherInitializerTest { 17 | 18 | private static final int CIPHER_BLOCK_SIZE = 16; 19 | 20 | private CipherInitializer spiedCipherInitializer; 21 | 22 | private String key; 23 | private int encryptionMode; 24 | 25 | @BeforeEach 26 | void setUp() throws Exception { 27 | spiedCipherInitializer = spy(new CipherInitializer()); 28 | doNothing().when(spiedCipherInitializer).callCipherInit(any(Cipher.class), anyInt(), any(Key.class), any(AlgorithmParameterSpec.class)); 29 | doReturn(CIPHER_BLOCK_SIZE).when(spiedCipherInitializer).getCipherBlockSize(any(Cipher.class)); 30 | 31 | key = "MySuperSecretKey"; 32 | encryptionMode = Cipher.ENCRYPT_MODE; 33 | } 34 | 35 | @Nested 36 | class PrepareAndInitCipherShould { 37 | 38 | @Test 39 | void configure_cipher_with_AES_algorithm_and_CBC_mode() throws Exception { 40 | // When 41 | Cipher cipher = spiedCipherInitializer.prepareAndInitCipher(encryptionMode, key); 42 | 43 | // Then 44 | assertThat(cipher.getAlgorithm()).isEqualTo("AES/CBC/PKCS5Padding"); 45 | } 46 | 47 | @Test 48 | void init_cipher_with_given_encryption_mode() throws Exception { 49 | // When 50 | spiedCipherInitializer.prepareAndInitCipher(encryptionMode, key); 51 | 52 | // Then 53 | verify(spiedCipherInitializer).callCipherInit(any(Cipher.class), eq(encryptionMode), any(Key.class), any(AlgorithmParameterSpec.class)); 54 | } 55 | 56 | @Test 57 | void init_cipher_with_given_key_as_bytes_array_and_AES_algorithm() throws Exception { 58 | // When 59 | spiedCipherInitializer.prepareAndInitCipher(encryptionMode, key); 60 | 61 | // Then 62 | ArgumentCaptor keyArgumentCaptor = ArgumentCaptor.forClass(Key.class); 63 | verify(spiedCipherInitializer).callCipherInit(any(Cipher.class), anyInt(), keyArgumentCaptor.capture(), any(AlgorithmParameterSpec.class)); 64 | Key value = keyArgumentCaptor.getValue(); 65 | assertThat(value.getAlgorithm()).isEqualTo("AES"); 66 | assertThat(new String(value.getEncoded())).isEqualTo(key); 67 | } 68 | 69 | @Test 70 | void init_cipher_with_algorithm_parameter_spec_using_cipher_block_size() throws Exception { 71 | // When 72 | spiedCipherInitializer.prepareAndInitCipher(encryptionMode, key); 73 | 74 | // Then 75 | ArgumentCaptor algorithmParameterSpecArgumentCaptor = ArgumentCaptor.forClass(AlgorithmParameterSpec.class); 76 | verify(spiedCipherInitializer).callCipherInit(any(Cipher.class), anyInt(), any(Key.class), algorithmParameterSpecArgumentCaptor.capture()); 77 | AlgorithmParameterSpec value = algorithmParameterSpecArgumentCaptor.getValue(); 78 | IvParameterSpec ivParameterSpec = (IvParameterSpec) value; 79 | assertThat(ivParameterSpec.getIV()).hasSize(CIPHER_BLOCK_SIZE); 80 | } 81 | } 82 | } 83 | -------------------------------------------------------------------------------- /src/test/java/com/example/spring/data/jpa/encryption/domain/UserRepositoryTest.java: -------------------------------------------------------------------------------- 1 | package com.example.spring.data.jpa.encryption.domain; 2 | 3 | import org.junit.jupiter.api.BeforeEach; 4 | import org.junit.jupiter.api.Test; 5 | import org.junit.jupiter.api.extension.ExtendWith; 6 | import org.springframework.beans.factory.annotation.Autowired; 7 | import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest; 8 | import org.springframework.boot.test.autoconfigure.orm.jpa.TestEntityManager; 9 | import org.springframework.test.context.junit.jupiter.SpringExtension; 10 | 11 | import java.time.LocalDate; 12 | import java.time.LocalDateTime; 13 | import java.time.format.DateTimeParseException; 14 | 15 | import static com.example.spring.data.jpa.encryption.domain.EncryptionHelper.disableDatabaseEncryption; 16 | import static com.example.spring.data.jpa.encryption.domain.EncryptionHelper.enableDatabaseEncryption; 17 | import static org.assertj.core.api.Assertions.assertThat; 18 | import static org.assertj.core.api.Assertions.catchThrowable; 19 | 20 | @ExtendWith(SpringExtension.class) 21 | @DataJpaTest 22 | class UserRepositoryTest { 23 | 24 | @Autowired 25 | private UserRepository userRepository; 26 | 27 | @Autowired 28 | private TestEntityManager testEntityManager; 29 | 30 | private User user; 31 | 32 | @BeforeEach 33 | void setUp() { 34 | enableDatabaseEncryption(testEntityManager); 35 | user = new User(); 36 | } 37 | 38 | @Test 39 | void save_should_persist_user_with_auto_incremented_id() { 40 | // Given 41 | User firstPersist = userRepository.save(user); 42 | User secondUser = new User(); 43 | 44 | // When 45 | User secondPersist = userRepository.save(secondUser); 46 | 47 | // Then 48 | assertThat(secondPersist.getId()).isEqualTo(firstPersist.getId() + 1); 49 | } 50 | 51 | @Test 52 | void save_should_verify_that_encryption_is_enabled_on_first_name_field() { 53 | // Given 54 | String plainFirstName = "plain first name"; 55 | user.setFirstName(plainFirstName); 56 | User savedUserWithEncryptionEnabled = userRepository.save(user); 57 | disableDatabaseEncryption(testEntityManager); 58 | 59 | // When 60 | User userRetrievedWithoutEncryptionEnabled = testEntityManager.find(User.class, savedUserWithEncryptionEnabled.getId()); 61 | 62 | // Then 63 | assertThat(userRetrievedWithoutEncryptionEnabled.getFirstName()) 64 | .isNotEqualTo(plainFirstName) 65 | .isEqualTo("S4vRPBO8X2f2YF+YFEWWrzK5eHtRGSpYzrA7j9TI1gI="); 66 | } 67 | 68 | @Test 69 | void save_should_verify_that_encryption_is_enabled_on_last_name_field() { 70 | // Given 71 | String plainLastName = "plain last name"; 72 | user.setLastName(plainLastName); 73 | User savedUserWithEncryptionEnabled = userRepository.save(user); 74 | disableDatabaseEncryption(testEntityManager); 75 | 76 | // When 77 | User userRetrievedWithoutEncryptionEnabled = testEntityManager.find(User.class, savedUserWithEncryptionEnabled.getId()); 78 | 79 | // Then 80 | assertThat(userRetrievedWithoutEncryptionEnabled.getLastName()) 81 | .isNotEqualTo(plainLastName) 82 | .isEqualTo("QSsxt5JpKdKnyAGYl2HLbA=="); 83 | } 84 | 85 | @Test 86 | void save_should_verify_that_encryption_is_enabled_on_email_field() { 87 | // Given 88 | String plainEmail = "email@example.org"; 89 | user.setEmail(plainEmail); 90 | User savedUserWithEncryptionEnabled = userRepository.save(user); 91 | disableDatabaseEncryption(testEntityManager); 92 | 93 | // When 94 | User userRetrievedWithoutEncryptionEnabled = testEntityManager.find(User.class, savedUserWithEncryptionEnabled.getId()); 95 | 96 | // Then 97 | assertThat(userRetrievedWithoutEncryptionEnabled.getEmail()) 98 | .isNotEqualTo(plainEmail) 99 | .isEqualTo("13DhN2Ak/USTo1UrzjNgOmowXgQ5+HdcEFtaojE5zfI="); 100 | } 101 | 102 | @Test 103 | void save_should_verify_that_encryption_is_enabled_on_birth_date_field() { 104 | // Given 105 | LocalDate birthDate = LocalDate.of(1988, 3, 28); 106 | user.setBirthDate(birthDate); 107 | User savedUserWithEncryptionEnabled = userRepository.save(user); 108 | disableDatabaseEncryption(testEntityManager); 109 | 110 | // When 111 | Throwable throwable = catchThrowable(() -> testEntityManager.find(User.class, savedUserWithEncryptionEnabled.getId())); 112 | 113 | // Then 114 | assertThat(throwable).hasCauseInstanceOf(DateTimeParseException.class) 115 | .hasStackTraceContaining("u/JbG4KguO6q0Eh7PjGfYw=="); 116 | } 117 | 118 | @Test 119 | void save_should_verify_that_encryption_is_enabled_on_creation_date_field() { 120 | // Given 121 | LocalDateTime creationDate = LocalDateTime.of(2017, 7, 10, 9, 58, 17); 122 | user.setCreationDate(creationDate); 123 | User savedUserWithEncryptionEnabled = userRepository.save(user); 124 | disableDatabaseEncryption(testEntityManager); 125 | 126 | // When 127 | Throwable throwable = catchThrowable(() -> testEntityManager.find(User.class, savedUserWithEncryptionEnabled.getId())); 128 | 129 | // Then 130 | assertThat(throwable).hasCauseInstanceOf(DateTimeParseException.class) 131 | .hasStackTraceContaining("70mKrO09DnCkDbrzFf3IGXWMAMTgLwHGdLsPPqq7ZR4="); 132 | } 133 | 134 | } -------------------------------------------------------------------------------- /gradlew: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | ############################################################################## 4 | ## 5 | ## Gradle start up script for UN*X 6 | ## 7 | ############################################################################## 8 | 9 | # Attempt to set APP_HOME 10 | # Resolve links: $0 may be a link 11 | PRG="$0" 12 | # Need this for relative symlinks. 13 | while [ -h "$PRG" ] ; do 14 | ls=`ls -ld "$PRG"` 15 | link=`expr "$ls" : '.*-> \(.*\)$'` 16 | if expr "$link" : '/.*' > /dev/null; then 17 | PRG="$link" 18 | else 19 | PRG=`dirname "$PRG"`"/$link" 20 | fi 21 | done 22 | SAVED="`pwd`" 23 | cd "`dirname \"$PRG\"`/" >/dev/null 24 | APP_HOME="`pwd -P`" 25 | cd "$SAVED" >/dev/null 26 | 27 | APP_NAME="Gradle" 28 | APP_BASE_NAME=`basename "$0"` 29 | 30 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 31 | DEFAULT_JVM_OPTS="" 32 | 33 | # Use the maximum available, or set MAX_FD != -1 to use that value. 34 | MAX_FD="maximum" 35 | 36 | warn () { 37 | echo "$*" 38 | } 39 | 40 | die () { 41 | echo 42 | echo "$*" 43 | echo 44 | exit 1 45 | } 46 | 47 | # OS specific support (must be 'true' or 'false'). 48 | cygwin=false 49 | msys=false 50 | darwin=false 51 | nonstop=false 52 | case "`uname`" in 53 | CYGWIN* ) 54 | cygwin=true 55 | ;; 56 | Darwin* ) 57 | darwin=true 58 | ;; 59 | MINGW* ) 60 | msys=true 61 | ;; 62 | NONSTOP* ) 63 | nonstop=true 64 | ;; 65 | esac 66 | 67 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar 68 | 69 | # Determine the Java command to use to start the JVM. 70 | if [ -n "$JAVA_HOME" ] ; then 71 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 72 | # IBM's JDK on AIX uses strange locations for the executables 73 | JAVACMD="$JAVA_HOME/jre/sh/java" 74 | else 75 | JAVACMD="$JAVA_HOME/bin/java" 76 | fi 77 | if [ ! -x "$JAVACMD" ] ; then 78 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 79 | 80 | Please set the JAVA_HOME variable in your environment to match the 81 | location of your Java installation." 82 | fi 83 | else 84 | JAVACMD="java" 85 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 86 | 87 | Please set the JAVA_HOME variable in your environment to match the 88 | location of your Java installation." 89 | fi 90 | 91 | # Increase the maximum file descriptors if we can. 92 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then 93 | MAX_FD_LIMIT=`ulimit -H -n` 94 | if [ $? -eq 0 ] ; then 95 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 96 | MAX_FD="$MAX_FD_LIMIT" 97 | fi 98 | ulimit -n $MAX_FD 99 | if [ $? -ne 0 ] ; then 100 | warn "Could not set maximum file descriptor limit: $MAX_FD" 101 | fi 102 | else 103 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 104 | fi 105 | fi 106 | 107 | # For Darwin, add options to specify how the application appears in the dock 108 | if $darwin; then 109 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 110 | fi 111 | 112 | # For Cygwin, switch paths to Windows format before running java 113 | if $cygwin ; then 114 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 115 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 116 | JAVACMD=`cygpath --unix "$JAVACMD"` 117 | 118 | # We build the pattern for arguments to be converted via cygpath 119 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 120 | SEP="" 121 | for dir in $ROOTDIRSRAW ; do 122 | ROOTDIRS="$ROOTDIRS$SEP$dir" 123 | SEP="|" 124 | done 125 | OURCYGPATTERN="(^($ROOTDIRS))" 126 | # Add a user-defined pattern to the cygpath arguments 127 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 128 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 129 | fi 130 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 131 | i=0 132 | for arg in "$@" ; do 133 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 134 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 135 | 136 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 137 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 138 | else 139 | eval `echo args$i`="\"$arg\"" 140 | fi 141 | i=$((i+1)) 142 | done 143 | case $i in 144 | (0) set -- ;; 145 | (1) set -- "$args0" ;; 146 | (2) set -- "$args0" "$args1" ;; 147 | (3) set -- "$args0" "$args1" "$args2" ;; 148 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;; 149 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 150 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 151 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 152 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 153 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 154 | esac 155 | fi 156 | 157 | # Escape application args 158 | save () { 159 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done 160 | echo " " 161 | } 162 | APP_ARGS=$(save "$@") 163 | 164 | # Collect all arguments for the java command, following the shell quoting and substitution rules 165 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" 166 | 167 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong 168 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then 169 | cd "$(dirname "$0")" 170 | fi 171 | 172 | exec "$JAVACMD" "$@" 173 | -------------------------------------------------------------------------------- /src/test/java/com/example/spring/data/jpa/encryption/converters/StringCryptoConverterTest.java: -------------------------------------------------------------------------------- 1 | package com.example.spring.data.jpa.encryption.converters; 2 | 3 | import org.junit.jupiter.api.BeforeEach; 4 | import org.junit.jupiter.api.Nested; 5 | import org.junit.jupiter.api.Test; 6 | import org.junit.jupiter.api.extension.ExtendWith; 7 | import org.mockito.Mock; 8 | import org.mockito.junit.jupiter.MockitoExtension; 9 | import org.mockito.junit.jupiter.MockitoSettings; 10 | import org.mockito.quality.Strictness; 11 | 12 | import javax.crypto.BadPaddingException; 13 | import javax.crypto.Cipher; 14 | import javax.crypto.IllegalBlockSizeException; 15 | import javax.crypto.NoSuchPaddingException; 16 | import java.security.InvalidAlgorithmParameterException; 17 | import java.security.InvalidKeyException; 18 | import java.security.NoSuchAlgorithmException; 19 | 20 | import static org.assertj.core.api.Assertions.assertThat; 21 | import static org.assertj.core.api.ThrowableAssert.catchThrowable; 22 | import static org.mockito.AdditionalAnswers.returnsSecondArg; 23 | import static org.mockito.Mockito.*; 24 | 25 | @ExtendWith(MockitoExtension.class) 26 | @MockitoSettings(strictness = Strictness.WARN) 27 | class StringCryptoConverterTest { 28 | 29 | private static final String STRING_TO_CIPHER = "ma_chaine_a_chiffrer"; 30 | private static final String STRING_TO_DECIPHER = "bWFfY2hhaW5lX2FfY2hpZmZyZXI="; 31 | 32 | private StringCryptoConverter stringCryptoConverter; 33 | 34 | private StringCryptoConverter spiedStringCryptoConverter; 35 | 36 | @Mock 37 | private CipherInitializer cipherInitializer; 38 | 39 | @BeforeEach 40 | void setUp() throws Exception { 41 | stringCryptoConverter = new StringCryptoConverter(cipherInitializer); 42 | 43 | spiedStringCryptoConverter = spy(stringCryptoConverter); 44 | doAnswer(returnsSecondArg()).when(spiedStringCryptoConverter).callCipherDoFinal(any(), any()); 45 | 46 | KeyProperty.DATABASE_ENCRYPTION_KEY = "MySuperSecretKey"; 47 | } 48 | 49 | @Nested 50 | class ConvertToDatabaseColumnShould { 51 | 52 | @Test 53 | void return_null_string_when_string_to_encrypt_is_null() { 54 | // Given 55 | String attribute = null; 56 | 57 | // When 58 | String result = stringCryptoConverter.convertToDatabaseColumn(attribute); 59 | 60 | // Then 61 | assertThat(result).isNull(); 62 | } 63 | 64 | @Test 65 | void return_empty_string_when_string_to_encrypt_is_empty() { 66 | // Given 67 | String attribute = ""; 68 | 69 | // When 70 | String result = stringCryptoConverter.convertToDatabaseColumn(attribute); 71 | 72 | // Then 73 | assertThat(result).isEqualTo(attribute); 74 | } 75 | 76 | @Test 77 | void return_encrypted_string_as_base_64() throws Exception { 78 | // Given 79 | Cipher cipher = mock(Cipher.class); 80 | when(cipherInitializer.prepareAndInitCipher(Cipher.ENCRYPT_MODE, KeyProperty.DATABASE_ENCRYPTION_KEY)).thenReturn(cipher); 81 | 82 | // When 83 | String result = spiedStringCryptoConverter.convertToDatabaseColumn(STRING_TO_CIPHER); 84 | 85 | // Then 86 | verify(spiedStringCryptoConverter).callCipherDoFinal(cipher, STRING_TO_CIPHER.getBytes()); 87 | assertThat(result).isEqualTo(STRING_TO_DECIPHER); 88 | } 89 | 90 | @Test 91 | void return_unchanged_string_when_database_encryption_key_is_null() { 92 | // Given 93 | KeyProperty.DATABASE_ENCRYPTION_KEY = null; 94 | 95 | // When 96 | String result = spiedStringCryptoConverter.convertToDatabaseColumn(STRING_TO_CIPHER); 97 | 98 | // Then 99 | assertThat(result).isEqualTo(STRING_TO_CIPHER); 100 | } 101 | 102 | @Test 103 | void return_unchanged_string_when_database_encryption_key_is_empty() { 104 | // Given 105 | KeyProperty.DATABASE_ENCRYPTION_KEY = ""; 106 | 107 | // When 108 | String result = spiedStringCryptoConverter.convertToDatabaseColumn(STRING_TO_CIPHER); 109 | 110 | // Then 111 | assertThat(result).isEqualTo(STRING_TO_CIPHER); 112 | } 113 | 114 | @Test 115 | void rethrow_exception_when_cipher_initialization_fails_with_InvalidKeyException() throws Exception { 116 | // Given 117 | InvalidKeyException invalidKeyException = new InvalidKeyException(); 118 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(invalidKeyException); 119 | 120 | // When 121 | Throwable throwable = catchThrowable(() -> spiedStringCryptoConverter.convertToDatabaseColumn(STRING_TO_CIPHER)); 122 | 123 | // Then 124 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(invalidKeyException); 125 | } 126 | 127 | @Test 128 | void rethrow_exception_when_cipher_initialization_fails_with_NoSuchAlgorithmException() throws Exception { 129 | // Given 130 | NoSuchAlgorithmException noSuchAlgorithmException = new NoSuchAlgorithmException(); 131 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(noSuchAlgorithmException); 132 | 133 | // When 134 | Throwable throwable = catchThrowable(() -> spiedStringCryptoConverter.convertToDatabaseColumn(STRING_TO_CIPHER)); 135 | 136 | // Then 137 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(noSuchAlgorithmException); 138 | } 139 | 140 | @Test 141 | void rethrow_exception_when_cipher_initialization_fails_with_NoSuchPaddingException() throws Exception { 142 | // Given 143 | NoSuchPaddingException noSuchPaddingException = new NoSuchPaddingException(); 144 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(noSuchPaddingException); 145 | 146 | // When 147 | Throwable throwable = catchThrowable(() -> spiedStringCryptoConverter.convertToDatabaseColumn(STRING_TO_CIPHER)); 148 | 149 | // Then 150 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(noSuchPaddingException); 151 | } 152 | 153 | @Test 154 | void rethrow_exception_when_cipher_initialization_fails_with_InvalidAlgorithmParameterException() throws Exception { 155 | // Given 156 | InvalidAlgorithmParameterException invalidAlgorithmParameterException = new InvalidAlgorithmParameterException(); 157 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(invalidAlgorithmParameterException); 158 | 159 | // When 160 | Throwable throwable = catchThrowable(() -> spiedStringCryptoConverter.convertToDatabaseColumn(STRING_TO_CIPHER)); 161 | 162 | // Then 163 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(invalidAlgorithmParameterException); 164 | } 165 | 166 | @Test 167 | void rethrow_exception_when_encryption_fails_with_BadPaddingException() throws Exception { 168 | // Given 169 | BadPaddingException badPaddingException = new BadPaddingException(); 170 | when(spiedStringCryptoConverter.callCipherDoFinal(any(), any())).thenThrow(badPaddingException); 171 | 172 | // When 173 | Throwable throwable = catchThrowable(() -> spiedStringCryptoConverter.convertToDatabaseColumn(STRING_TO_CIPHER)); 174 | 175 | // Then 176 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(badPaddingException); 177 | } 178 | 179 | @Test 180 | void rethrow_exception_when_encryption_fails_with_IllegalBlockSizeException() throws Exception { 181 | // Given 182 | IllegalBlockSizeException illegalBlockSizeException = new IllegalBlockSizeException(); 183 | when(spiedStringCryptoConverter.callCipherDoFinal(any(), any())).thenThrow(illegalBlockSizeException); 184 | 185 | // When 186 | Throwable throwable = catchThrowable(() -> spiedStringCryptoConverter.convertToDatabaseColumn(STRING_TO_CIPHER)); 187 | 188 | // Then 189 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(illegalBlockSizeException); 190 | } 191 | } 192 | 193 | @Nested 194 | class ConvertToEntityAttributeShould { 195 | 196 | @Test 197 | void return_null_string_when_string_to_decrypt_is_null() { 198 | // Given 199 | String dbData = null; 200 | 201 | // When 202 | String result = stringCryptoConverter.convertToEntityAttribute(dbData); 203 | 204 | // Then 205 | assertThat(result).isNull(); 206 | } 207 | 208 | @Test 209 | void return_empty_string_when_string_to_decrypt_is_empty() { 210 | // Given 211 | String dbData = ""; 212 | 213 | // When 214 | String result = stringCryptoConverter.convertToEntityAttribute(dbData); 215 | 216 | // Then 217 | assertThat(result).isEqualTo(dbData); 218 | } 219 | 220 | @Test 221 | void return_decrypted_string() throws Exception { 222 | // Given 223 | Cipher cipher = mock(Cipher.class); 224 | when(cipherInitializer.prepareAndInitCipher(Cipher.DECRYPT_MODE, KeyProperty.DATABASE_ENCRYPTION_KEY)).thenReturn(cipher); 225 | 226 | // When 227 | String result = spiedStringCryptoConverter.convertToEntityAttribute(STRING_TO_DECIPHER); 228 | 229 | // Then 230 | verify(spiedStringCryptoConverter).callCipherDoFinal(cipher, STRING_TO_CIPHER.getBytes()); 231 | assertThat(result).isEqualTo(STRING_TO_CIPHER); 232 | } 233 | 234 | @Test 235 | void return_unchanged_string_when_database_encryption_key_is_null() { 236 | // Given 237 | KeyProperty.DATABASE_ENCRYPTION_KEY = null; 238 | 239 | // When 240 | String result = spiedStringCryptoConverter.convertToEntityAttribute(STRING_TO_DECIPHER); 241 | 242 | // Then 243 | assertThat(result).isEqualTo(STRING_TO_DECIPHER); 244 | } 245 | 246 | @Test 247 | void return_unchanged_string_when_database_encryption_key_is_empty() { 248 | // Given 249 | KeyProperty.DATABASE_ENCRYPTION_KEY = ""; 250 | 251 | // When 252 | String result = spiedStringCryptoConverter.convertToEntityAttribute(STRING_TO_DECIPHER); 253 | 254 | // Then 255 | assertThat(result).isEqualTo(STRING_TO_DECIPHER); 256 | } 257 | 258 | @Test 259 | void rethrow_exception_when_cipher_initialization_fails_with_InvalidKeyException() throws Exception { 260 | // Given 261 | InvalidKeyException invalidKeyException = new InvalidKeyException(); 262 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(invalidKeyException); 263 | 264 | // When 265 | Throwable throwable = catchThrowable(() -> spiedStringCryptoConverter.convertToEntityAttribute(STRING_TO_DECIPHER)); 266 | 267 | // Then 268 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(invalidKeyException); 269 | } 270 | 271 | @Test 272 | void rethrow_exception_when_cipher_initialization_fails_with_NoSuchAlgorithmException() throws Exception { 273 | // Given 274 | NoSuchAlgorithmException noSuchAlgorithmException = new NoSuchAlgorithmException(); 275 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(noSuchAlgorithmException); 276 | 277 | // When 278 | Throwable throwable = catchThrowable(() -> spiedStringCryptoConverter.convertToEntityAttribute(STRING_TO_DECIPHER)); 279 | 280 | // Then 281 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(noSuchAlgorithmException); 282 | } 283 | 284 | @Test 285 | void rethrow_exception_when_cipher_initialization_fails_with_NoSuchPaddingException() throws Exception { 286 | // Given 287 | NoSuchPaddingException noSuchPaddingException = new NoSuchPaddingException(); 288 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(noSuchPaddingException); 289 | 290 | // When 291 | Throwable throwable = catchThrowable(() -> spiedStringCryptoConverter.convertToEntityAttribute(STRING_TO_DECIPHER)); 292 | 293 | // Then 294 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(noSuchPaddingException); 295 | } 296 | 297 | @Test 298 | void rethrow_exception_when_cipher_initialization_fails_with_InvalidAlgorithmParameterException() throws Exception { 299 | // Given 300 | InvalidAlgorithmParameterException invalidAlgorithmParameterException = new InvalidAlgorithmParameterException(); 301 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(invalidAlgorithmParameterException); 302 | 303 | // When 304 | Throwable throwable = catchThrowable(() -> spiedStringCryptoConverter.convertToEntityAttribute(STRING_TO_DECIPHER)); 305 | 306 | // Then 307 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(invalidAlgorithmParameterException); 308 | } 309 | 310 | @Test 311 | void rethrow_exception_when_decryption_fails_with_BadPaddingException() throws Exception { 312 | // Given 313 | BadPaddingException badPaddingException = new BadPaddingException(); 314 | when(spiedStringCryptoConverter.callCipherDoFinal(any(), any())).thenThrow(badPaddingException); 315 | 316 | // When 317 | Throwable throwable = catchThrowable(() -> spiedStringCryptoConverter.convertToEntityAttribute(STRING_TO_DECIPHER)); 318 | 319 | // Then 320 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(badPaddingException); 321 | } 322 | 323 | @Test 324 | void rethrow_exception_when_decryption_fails_with_IllegalBlockSizeException() throws Exception { 325 | // Given 326 | IllegalBlockSizeException illegalBlockSizeException = new IllegalBlockSizeException(); 327 | when(spiedStringCryptoConverter.callCipherDoFinal(any(), any())).thenThrow(illegalBlockSizeException); 328 | 329 | // When 330 | Throwable throwable = catchThrowable(() -> spiedStringCryptoConverter.convertToEntityAttribute(STRING_TO_DECIPHER)); 331 | 332 | // Then 333 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(illegalBlockSizeException); 334 | } 335 | } 336 | } 337 | -------------------------------------------------------------------------------- /src/test/java/com/example/spring/data/jpa/encryption/converters/LocalDateCryptoConverterTest.java: -------------------------------------------------------------------------------- 1 | package com.example.spring.data.jpa.encryption.converters; 2 | 3 | import org.junit.jupiter.api.BeforeEach; 4 | import org.junit.jupiter.api.Nested; 5 | import org.junit.jupiter.api.Test; 6 | import org.junit.jupiter.api.extension.ExtendWith; 7 | import org.mockito.Mock; 8 | import org.mockito.junit.jupiter.MockitoExtension; 9 | import org.mockito.junit.jupiter.MockitoSettings; 10 | import org.mockito.quality.Strictness; 11 | 12 | import javax.crypto.BadPaddingException; 13 | import javax.crypto.Cipher; 14 | import javax.crypto.IllegalBlockSizeException; 15 | import javax.crypto.NoSuchPaddingException; 16 | import java.security.InvalidAlgorithmParameterException; 17 | import java.security.InvalidKeyException; 18 | import java.security.NoSuchAlgorithmException; 19 | import java.time.LocalDate; 20 | import java.time.format.DateTimeFormatter; 21 | 22 | import static org.assertj.core.api.Assertions.assertThat; 23 | import static org.assertj.core.api.ThrowableAssert.catchThrowable; 24 | import static org.mockito.AdditionalAnswers.returnsSecondArg; 25 | import static org.mockito.Mockito.*; 26 | 27 | @ExtendWith(MockitoExtension.class) 28 | @MockitoSettings(strictness = Strictness.WARN) 29 | class LocalDateCryptoConverterTest { 30 | 31 | private static final LocalDate LOCAL_DATE_TO_CIPHER = LocalDate.of(2017, 3, 28); 32 | private static final String LOCAL_DATE_TO_CIPHER_AS_STRING = LOCAL_DATE_TO_CIPHER.format(DateTimeFormatter.ISO_DATE); 33 | private static final String LOCAL_DATE_TO_DECIPHER_AS_STRING = "MjAxNy0wMy0yOA=="; 34 | 35 | private LocalDateCryptoConverter localDateCryptoConverter; 36 | 37 | private LocalDateCryptoConverter spiedLocalDateCryptoConverter; 38 | 39 | @Mock 40 | private CipherInitializer cipherInitializer; 41 | 42 | @BeforeEach 43 | void setUp() throws Exception { 44 | localDateCryptoConverter = new LocalDateCryptoConverter(cipherInitializer); 45 | 46 | spiedLocalDateCryptoConverter = spy(localDateCryptoConverter); 47 | doAnswer(returnsSecondArg()).when(spiedLocalDateCryptoConverter).callCipherDoFinal(any(), any()); 48 | 49 | KeyProperty.DATABASE_ENCRYPTION_KEY = "MySuperSecretKey"; 50 | } 51 | 52 | @Nested 53 | class ConvertToDatabaseColumnShould { 54 | 55 | @Test 56 | void return_null_string_when_local_date_to_encrypt_is_null() { 57 | // Given 58 | LocalDate attribute = null; 59 | 60 | // When 61 | String result = localDateCryptoConverter.convertToDatabaseColumn(attribute); 62 | 63 | // Then 64 | assertThat(result).isNull(); 65 | } 66 | 67 | @Test 68 | void return_encrypted_string_as_base_64() throws Exception { 69 | // Given 70 | Cipher cipher = mock(Cipher.class); 71 | when(cipherInitializer.prepareAndInitCipher(Cipher.ENCRYPT_MODE, KeyProperty.DATABASE_ENCRYPTION_KEY)).thenReturn(cipher); 72 | 73 | // When 74 | String result = spiedLocalDateCryptoConverter.convertToDatabaseColumn(LOCAL_DATE_TO_CIPHER); 75 | 76 | // Then 77 | verify(spiedLocalDateCryptoConverter).callCipherDoFinal(cipher, LOCAL_DATE_TO_CIPHER_AS_STRING.getBytes()); 78 | assertThat(result).isEqualTo(LOCAL_DATE_TO_DECIPHER_AS_STRING); 79 | } 80 | 81 | @Test 82 | void return_formatted_local_date_but_not_encrypted_when_database_encryption_key_is_null() { 83 | // Given 84 | KeyProperty.DATABASE_ENCRYPTION_KEY = null; 85 | 86 | // When 87 | String result = spiedLocalDateCryptoConverter.convertToDatabaseColumn(LOCAL_DATE_TO_CIPHER); 88 | 89 | // Then 90 | assertThat(result).isEqualTo(LOCAL_DATE_TO_CIPHER_AS_STRING); 91 | } 92 | 93 | @Test 94 | void return_formatted_local_date_but_not_encrypted_when_database_encryption_key_is_empty() { 95 | // Given 96 | KeyProperty.DATABASE_ENCRYPTION_KEY = ""; 97 | 98 | // When 99 | String result = spiedLocalDateCryptoConverter.convertToDatabaseColumn(LOCAL_DATE_TO_CIPHER); 100 | 101 | // Then 102 | assertThat(result).isEqualTo(LOCAL_DATE_TO_CIPHER_AS_STRING); 103 | } 104 | 105 | @Test 106 | void rethrow_exception_when_cipher_initialization_fails_with_InvalidKeyException() throws Exception { 107 | // Given 108 | InvalidKeyException invalidKeyException = new InvalidKeyException(); 109 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(invalidKeyException); 110 | 111 | // When 112 | Throwable throwable = catchThrowable(() -> spiedLocalDateCryptoConverter.convertToDatabaseColumn(LOCAL_DATE_TO_CIPHER)); 113 | 114 | // Then 115 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(invalidKeyException); 116 | } 117 | 118 | @Test 119 | void rethrow_exception_when_cipher_initialization_fails_with_NoSuchAlgorithmException() throws Exception { 120 | // Given 121 | NoSuchAlgorithmException noSuchAlgorithmException = new NoSuchAlgorithmException(); 122 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(noSuchAlgorithmException); 123 | 124 | // When 125 | Throwable throwable = catchThrowable(() -> spiedLocalDateCryptoConverter.convertToDatabaseColumn(LOCAL_DATE_TO_CIPHER)); 126 | 127 | // Then 128 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(noSuchAlgorithmException); 129 | } 130 | 131 | @Test 132 | void rethrow_exception_when_cipher_initialization_fails_with_NoSuchPaddingException() throws Exception { 133 | // Given 134 | NoSuchPaddingException noSuchPaddingException = new NoSuchPaddingException(); 135 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(noSuchPaddingException); 136 | 137 | // When 138 | Throwable throwable = catchThrowable(() -> spiedLocalDateCryptoConverter.convertToDatabaseColumn(LOCAL_DATE_TO_CIPHER)); 139 | 140 | // Then 141 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(noSuchPaddingException); 142 | } 143 | 144 | @Test 145 | void rethrow_exception_when_cipher_initialization_fails_with_InvalidAlgorithmParameterException() throws Exception { 146 | // Given 147 | InvalidAlgorithmParameterException invalidAlgorithmParameterException = new InvalidAlgorithmParameterException(); 148 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(invalidAlgorithmParameterException); 149 | 150 | // When 151 | Throwable throwable = catchThrowable(() -> spiedLocalDateCryptoConverter.convertToDatabaseColumn(LOCAL_DATE_TO_CIPHER)); 152 | 153 | // Then 154 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(invalidAlgorithmParameterException); 155 | } 156 | 157 | @Test 158 | void rethrow_exception_when_encryption_fails_with_BadPaddingException() throws Exception { 159 | // Given 160 | BadPaddingException badPaddingException = new BadPaddingException(); 161 | when(spiedLocalDateCryptoConverter.callCipherDoFinal(any(), any())).thenThrow(badPaddingException); 162 | 163 | // When 164 | Throwable throwable = catchThrowable(() -> spiedLocalDateCryptoConverter.convertToDatabaseColumn(LOCAL_DATE_TO_CIPHER)); 165 | 166 | // Then 167 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(badPaddingException); 168 | } 169 | 170 | @Test 171 | void rethrow_exception_when_encryption_fails_with_IllegalBlockSizeException() throws Exception { 172 | // Given 173 | IllegalBlockSizeException illegalBlockSizeException = new IllegalBlockSizeException(); 174 | when(spiedLocalDateCryptoConverter.callCipherDoFinal(any(), any())).thenThrow(illegalBlockSizeException); 175 | 176 | // When 177 | Throwable throwable = catchThrowable(() -> spiedLocalDateCryptoConverter.convertToDatabaseColumn(LOCAL_DATE_TO_CIPHER)); 178 | 179 | // Then 180 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(illegalBlockSizeException); 181 | } 182 | } 183 | 184 | @Nested 185 | class ConvertToEntityAttributeShould { 186 | 187 | @Test 188 | void return_null_local_date_when_string_to_decrypt_is_null() { 189 | // Given 190 | String dbData = null; 191 | 192 | // When 193 | LocalDate result = localDateCryptoConverter.convertToEntityAttribute(dbData); 194 | 195 | // Then 196 | assertThat(result).isNull(); 197 | } 198 | 199 | @Test 200 | void return_null_local_date_when_string_to_decrypt_is_empty() { 201 | // Given 202 | String dbData = ""; 203 | 204 | // When 205 | LocalDate result = localDateCryptoConverter.convertToEntityAttribute(dbData); 206 | 207 | // Then 208 | assertThat(result).isNull(); 209 | } 210 | 211 | @Test 212 | void return_decrypted_string() throws Exception { 213 | // Given 214 | Cipher cipher = mock(Cipher.class); 215 | when(cipherInitializer.prepareAndInitCipher(Cipher.DECRYPT_MODE, KeyProperty.DATABASE_ENCRYPTION_KEY)).thenReturn(cipher); 216 | 217 | // When 218 | LocalDate result = spiedLocalDateCryptoConverter.convertToEntityAttribute(LOCAL_DATE_TO_DECIPHER_AS_STRING); 219 | 220 | // Then 221 | verify(spiedLocalDateCryptoConverter).callCipherDoFinal(cipher, LOCAL_DATE_TO_CIPHER_AS_STRING.getBytes()); 222 | assertThat(result).isEqualTo(LOCAL_DATE_TO_CIPHER); 223 | } 224 | 225 | @Test 226 | void return_unchanged_local_date_when_database_encryption_key_is_null() { 227 | // Given 228 | KeyProperty.DATABASE_ENCRYPTION_KEY = null; 229 | 230 | // When 231 | LocalDate result = spiedLocalDateCryptoConverter.convertToEntityAttribute(LOCAL_DATE_TO_CIPHER_AS_STRING); 232 | 233 | // Then 234 | assertThat(result).isEqualTo(LOCAL_DATE_TO_CIPHER); 235 | } 236 | 237 | @Test 238 | void return_unchanged_local_date_when_database_encryption_key_is_empty() { 239 | // Given 240 | KeyProperty.DATABASE_ENCRYPTION_KEY = ""; 241 | 242 | // When 243 | LocalDate result = spiedLocalDateCryptoConverter.convertToEntityAttribute(LOCAL_DATE_TO_CIPHER_AS_STRING); 244 | 245 | // Then 246 | assertThat(result).isEqualTo(LOCAL_DATE_TO_CIPHER); 247 | } 248 | 249 | @Test 250 | void rethrow_exception_when_cipher_initialization_fails_with_InvalidKeyException() throws Exception { 251 | // Given 252 | InvalidKeyException invalidKeyException = new InvalidKeyException(); 253 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(invalidKeyException); 254 | 255 | // When 256 | Throwable throwable = catchThrowable(() -> spiedLocalDateCryptoConverter.convertToEntityAttribute(LOCAL_DATE_TO_DECIPHER_AS_STRING)); 257 | 258 | // Then 259 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(invalidKeyException); 260 | } 261 | 262 | @Test 263 | void rethrow_exception_when_cipher_initialization_fails_with_NoSuchAlgorithmException() throws Exception { 264 | // Given 265 | NoSuchAlgorithmException noSuchAlgorithmException = new NoSuchAlgorithmException(); 266 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(noSuchAlgorithmException); 267 | 268 | // When 269 | Throwable throwable = catchThrowable(() -> spiedLocalDateCryptoConverter.convertToEntityAttribute(LOCAL_DATE_TO_DECIPHER_AS_STRING)); 270 | 271 | // Then 272 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(noSuchAlgorithmException); 273 | } 274 | 275 | @Test 276 | void rethrow_exception_when_cipher_initialization_fails_with_NoSuchPaddingException() throws Exception { 277 | // Given 278 | NoSuchPaddingException noSuchPaddingException = new NoSuchPaddingException(); 279 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(noSuchPaddingException); 280 | 281 | // When 282 | Throwable throwable = catchThrowable(() -> spiedLocalDateCryptoConverter.convertToEntityAttribute(LOCAL_DATE_TO_DECIPHER_AS_STRING)); 283 | 284 | // Then 285 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(noSuchPaddingException); 286 | } 287 | 288 | @Test 289 | void rethrow_exception_when_cipher_initialization_fails_with_InvalidAlgorithmParameterException() throws Exception { 290 | // Given 291 | InvalidAlgorithmParameterException invalidAlgorithmParameterException = new InvalidAlgorithmParameterException(); 292 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(invalidAlgorithmParameterException); 293 | 294 | // When 295 | Throwable throwable = catchThrowable(() -> spiedLocalDateCryptoConverter.convertToEntityAttribute(LOCAL_DATE_TO_DECIPHER_AS_STRING)); 296 | 297 | // Then 298 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(invalidAlgorithmParameterException); 299 | } 300 | 301 | @Test 302 | void rethrow_exception_when_decryption_fails_with_BadPaddingException() throws Exception { 303 | // Given 304 | BadPaddingException badPaddingException = new BadPaddingException(); 305 | when(spiedLocalDateCryptoConverter.callCipherDoFinal(any(), any())).thenThrow(badPaddingException); 306 | 307 | // When 308 | Throwable throwable = catchThrowable(() -> spiedLocalDateCryptoConverter.convertToEntityAttribute(LOCAL_DATE_TO_DECIPHER_AS_STRING)); 309 | 310 | // Then 311 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(badPaddingException); 312 | } 313 | 314 | @Test 315 | void rethrow_exception_when_decryption_fails_with_IllegalBlockSizeException() throws Exception { 316 | // Given 317 | IllegalBlockSizeException illegalBlockSizeException = new IllegalBlockSizeException(); 318 | when(spiedLocalDateCryptoConverter.callCipherDoFinal(any(), any())).thenThrow(illegalBlockSizeException); 319 | 320 | // When 321 | Throwable throwable = catchThrowable(() -> spiedLocalDateCryptoConverter.convertToEntityAttribute(LOCAL_DATE_TO_DECIPHER_AS_STRING)); 322 | 323 | // Then 324 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(illegalBlockSizeException); 325 | } 326 | } 327 | } 328 | -------------------------------------------------------------------------------- /src/test/java/com/example/spring/data/jpa/encryption/converters/LocalDateTimeCryptoConverterTest.java: -------------------------------------------------------------------------------- 1 | package com.example.spring.data.jpa.encryption.converters; 2 | 3 | import org.junit.jupiter.api.BeforeEach; 4 | import org.junit.jupiter.api.Nested; 5 | import org.junit.jupiter.api.Test; 6 | import org.junit.jupiter.api.extension.ExtendWith; 7 | import org.mockito.Mock; 8 | import org.mockito.junit.jupiter.MockitoExtension; 9 | import org.mockito.junit.jupiter.MockitoSettings; 10 | import org.mockito.quality.Strictness; 11 | 12 | import javax.crypto.BadPaddingException; 13 | import javax.crypto.Cipher; 14 | import javax.crypto.IllegalBlockSizeException; 15 | import javax.crypto.NoSuchPaddingException; 16 | import java.security.InvalidAlgorithmParameterException; 17 | import java.security.InvalidKeyException; 18 | import java.security.NoSuchAlgorithmException; 19 | import java.time.LocalDateTime; 20 | import java.time.format.DateTimeFormatter; 21 | 22 | import static org.assertj.core.api.Assertions.assertThat; 23 | import static org.assertj.core.api.ThrowableAssert.catchThrowable; 24 | import static org.mockito.AdditionalAnswers.returnsSecondArg; 25 | import static org.mockito.Mockito.*; 26 | 27 | @ExtendWith(MockitoExtension.class) 28 | @MockitoSettings(strictness = Strictness.WARN) 29 | class LocalDateTimeCryptoConverterTest { 30 | 31 | private static final LocalDateTime LOCAL_DATE_TIME_TO_CIPHER = LocalDateTime.of(2017, 3, 28, 16, 25, 46); 32 | private static final String LOCAL_DATE_TIME_TO_CIPHER_AS_STRING = LOCAL_DATE_TIME_TO_CIPHER.format(DateTimeFormatter.ISO_DATE_TIME); 33 | private static final String LOCAL_DATE_TIME_TO_DECIPHER_AS_STRING = "MjAxNy0wMy0yOFQxNjoyNTo0Ng=="; 34 | 35 | private LocalDateTimeCryptoConverter localDateTimeCryptoConverter; 36 | 37 | private LocalDateTimeCryptoConverter spiedLocalDateTimeCryptoConverter; 38 | 39 | @Mock 40 | private CipherInitializer cipherInitializer; 41 | 42 | @BeforeEach 43 | void setUp() throws Exception { 44 | localDateTimeCryptoConverter = new LocalDateTimeCryptoConverter(cipherInitializer); 45 | 46 | spiedLocalDateTimeCryptoConverter = spy(localDateTimeCryptoConverter); 47 | doAnswer(returnsSecondArg()).when(spiedLocalDateTimeCryptoConverter).callCipherDoFinal(any(), any()); 48 | 49 | KeyProperty.DATABASE_ENCRYPTION_KEY = "MySuperSecretKey"; 50 | } 51 | 52 | @Nested 53 | class ConvertToDatabaseColumnShould { 54 | 55 | @Test 56 | void return_null_string_when_local_date_time_to_encrypt_is_null() { 57 | // Given 58 | LocalDateTime attribute = null; 59 | 60 | // When 61 | String result = localDateTimeCryptoConverter.convertToDatabaseColumn(attribute); 62 | 63 | // Then 64 | assertThat(result).isNull(); 65 | } 66 | 67 | @Test 68 | void return_encrypted_string_as_base_64() throws Exception { 69 | // Given 70 | Cipher cipher = mock(Cipher.class); 71 | when(cipherInitializer.prepareAndInitCipher(Cipher.ENCRYPT_MODE, KeyProperty.DATABASE_ENCRYPTION_KEY)).thenReturn(cipher); 72 | 73 | // When 74 | String result = spiedLocalDateTimeCryptoConverter.convertToDatabaseColumn(LOCAL_DATE_TIME_TO_CIPHER); 75 | 76 | // Then 77 | verify(spiedLocalDateTimeCryptoConverter).callCipherDoFinal(cipher, LOCAL_DATE_TIME_TO_CIPHER_AS_STRING.getBytes()); 78 | assertThat(result).isEqualTo(LOCAL_DATE_TIME_TO_DECIPHER_AS_STRING); 79 | } 80 | 81 | @Test 82 | void return_formatted_local_date_time_but_not_encrypted_when_database_encryption_key_is_null() { 83 | // Given 84 | KeyProperty.DATABASE_ENCRYPTION_KEY = null; 85 | 86 | // When 87 | String result = spiedLocalDateTimeCryptoConverter.convertToDatabaseColumn(LOCAL_DATE_TIME_TO_CIPHER); 88 | 89 | // Then 90 | assertThat(result).isEqualTo(LOCAL_DATE_TIME_TO_CIPHER_AS_STRING); 91 | } 92 | 93 | @Test 94 | void return_formatted_local_date_time_but_not_encrypted_when_database_encryption_key_is_empty() { 95 | // Given 96 | KeyProperty.DATABASE_ENCRYPTION_KEY = ""; 97 | 98 | // When 99 | String result = spiedLocalDateTimeCryptoConverter.convertToDatabaseColumn(LOCAL_DATE_TIME_TO_CIPHER); 100 | 101 | // Then 102 | assertThat(result).isEqualTo(LOCAL_DATE_TIME_TO_CIPHER_AS_STRING); 103 | } 104 | 105 | @Test 106 | void rethrow_exception_when_cipher_initialization_fails_with_InvalidKeyException() throws Exception { 107 | // Given 108 | InvalidKeyException invalidKeyException = new InvalidKeyException(); 109 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(invalidKeyException); 110 | 111 | // When 112 | Throwable throwable = catchThrowable(() -> spiedLocalDateTimeCryptoConverter.convertToDatabaseColumn(LOCAL_DATE_TIME_TO_CIPHER)); 113 | 114 | // Then 115 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(invalidKeyException); 116 | } 117 | 118 | @Test 119 | void rethrow_exception_when_cipher_initialization_fails_with_NoSuchAlgorithmException() throws Exception { 120 | // Given 121 | NoSuchAlgorithmException noSuchAlgorithmException = new NoSuchAlgorithmException(); 122 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(noSuchAlgorithmException); 123 | 124 | // When 125 | Throwable throwable = catchThrowable(() -> spiedLocalDateTimeCryptoConverter.convertToDatabaseColumn(LOCAL_DATE_TIME_TO_CIPHER)); 126 | 127 | // Then 128 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(noSuchAlgorithmException); 129 | } 130 | 131 | @Test 132 | void rethrow_exception_when_cipher_initialization_fails_with_NoSuchPaddingException() throws Exception { 133 | // Given 134 | NoSuchPaddingException noSuchPaddingException = new NoSuchPaddingException(); 135 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(noSuchPaddingException); 136 | 137 | // When 138 | Throwable throwable = catchThrowable(() -> spiedLocalDateTimeCryptoConverter.convertToDatabaseColumn(LOCAL_DATE_TIME_TO_CIPHER)); 139 | 140 | // Then 141 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(noSuchPaddingException); 142 | } 143 | 144 | @Test 145 | void rethrow_exception_when_cipher_initialization_fails_with_InvalidAlgorithmParameterException() throws Exception { 146 | // Given 147 | InvalidAlgorithmParameterException invalidAlgorithmParameterException = new InvalidAlgorithmParameterException(); 148 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(invalidAlgorithmParameterException); 149 | 150 | // When 151 | Throwable throwable = catchThrowable(() -> spiedLocalDateTimeCryptoConverter.convertToDatabaseColumn(LOCAL_DATE_TIME_TO_CIPHER)); 152 | 153 | // Then 154 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(invalidAlgorithmParameterException); 155 | } 156 | 157 | @Test 158 | void rethrow_exception_when_encryption_fails_with_BadPaddingException() throws Exception { 159 | // Given 160 | BadPaddingException badPaddingException = new BadPaddingException(); 161 | when(spiedLocalDateTimeCryptoConverter.callCipherDoFinal(any(), any())).thenThrow(badPaddingException); 162 | 163 | // When 164 | Throwable throwable = catchThrowable(() -> spiedLocalDateTimeCryptoConverter.convertToDatabaseColumn(LOCAL_DATE_TIME_TO_CIPHER)); 165 | 166 | // Then 167 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(badPaddingException); 168 | } 169 | 170 | @Test 171 | void rethrow_exception_when_encryption_fails_with_IllegalBlockSizeException() throws Exception { 172 | // Given 173 | IllegalBlockSizeException illegalBlockSizeException = new IllegalBlockSizeException(); 174 | when(spiedLocalDateTimeCryptoConverter.callCipherDoFinal(any(), any())).thenThrow(illegalBlockSizeException); 175 | 176 | // When 177 | Throwable throwable = catchThrowable(() -> spiedLocalDateTimeCryptoConverter.convertToDatabaseColumn(LOCAL_DATE_TIME_TO_CIPHER)); 178 | 179 | // Then 180 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(illegalBlockSizeException); 181 | } 182 | } 183 | 184 | @Nested 185 | class ConvertToEntityAttributeShould { 186 | 187 | @Test 188 | void return_null_local_date_time_when_string_to_decrypt_is_null() { 189 | // Given 190 | String dbData = null; 191 | 192 | // When 193 | LocalDateTime result = localDateTimeCryptoConverter.convertToEntityAttribute(dbData); 194 | 195 | // Then 196 | assertThat(result).isNull(); 197 | } 198 | 199 | @Test 200 | void return_null_local_date_time_when_string_to_decrypt_is_empty() { 201 | // Given 202 | String dbData = ""; 203 | 204 | // When 205 | LocalDateTime result = localDateTimeCryptoConverter.convertToEntityAttribute(dbData); 206 | 207 | // Then 208 | assertThat(result).isNull(); 209 | } 210 | 211 | @Test 212 | void return_decrypted_string() throws Exception { 213 | // Given 214 | Cipher cipher = mock(Cipher.class); 215 | when(cipherInitializer.prepareAndInitCipher(Cipher.DECRYPT_MODE, KeyProperty.DATABASE_ENCRYPTION_KEY)).thenReturn(cipher); 216 | 217 | // When 218 | LocalDateTime result = spiedLocalDateTimeCryptoConverter.convertToEntityAttribute(LOCAL_DATE_TIME_TO_DECIPHER_AS_STRING); 219 | 220 | // Then 221 | verify(spiedLocalDateTimeCryptoConverter).callCipherDoFinal(cipher, LOCAL_DATE_TIME_TO_CIPHER_AS_STRING.getBytes()); 222 | assertThat(result).isEqualTo(LOCAL_DATE_TIME_TO_CIPHER); 223 | } 224 | 225 | @Test 226 | void return_unchanged_local_date_time_when_database_encryption_key_is_null() { 227 | // Given 228 | KeyProperty.DATABASE_ENCRYPTION_KEY = null; 229 | 230 | // When 231 | LocalDateTime result = spiedLocalDateTimeCryptoConverter.convertToEntityAttribute(LOCAL_DATE_TIME_TO_CIPHER_AS_STRING); 232 | 233 | // Then 234 | assertThat(result).isEqualTo(LOCAL_DATE_TIME_TO_CIPHER); 235 | } 236 | 237 | @Test 238 | void return_unchanged_local_date_time_when_database_encryption_key_is_empty() { 239 | // Given 240 | KeyProperty.DATABASE_ENCRYPTION_KEY = ""; 241 | 242 | // When 243 | LocalDateTime result = spiedLocalDateTimeCryptoConverter.convertToEntityAttribute(LOCAL_DATE_TIME_TO_CIPHER_AS_STRING); 244 | 245 | // Then 246 | assertThat(result).isEqualTo(LOCAL_DATE_TIME_TO_CIPHER); 247 | } 248 | 249 | @Test 250 | void rethrow_exception_when_cipher_initialization_fails_with_InvalidKeyException() throws Exception { 251 | // Given 252 | InvalidKeyException invalidKeyException = new InvalidKeyException(); 253 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(invalidKeyException); 254 | 255 | // When 256 | Throwable throwable = catchThrowable(() -> spiedLocalDateTimeCryptoConverter.convertToEntityAttribute(LOCAL_DATE_TIME_TO_DECIPHER_AS_STRING)); 257 | 258 | // Then 259 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(invalidKeyException); 260 | } 261 | 262 | @Test 263 | void rethrow_exception_when_cipher_initialization_fails_with_NoSuchAlgorithmException() throws Exception { 264 | // Given 265 | NoSuchAlgorithmException noSuchAlgorithmException = new NoSuchAlgorithmException(); 266 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(noSuchAlgorithmException); 267 | 268 | // When 269 | Throwable throwable = catchThrowable(() -> spiedLocalDateTimeCryptoConverter.convertToEntityAttribute(LOCAL_DATE_TIME_TO_DECIPHER_AS_STRING)); 270 | 271 | // Then 272 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(noSuchAlgorithmException); 273 | } 274 | 275 | @Test 276 | void rethrow_exception_when_cipher_initialization_fails_with_NoSuchPaddingException() throws Exception { 277 | // Given 278 | NoSuchPaddingException noSuchPaddingException = new NoSuchPaddingException(); 279 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(noSuchPaddingException); 280 | 281 | // When 282 | Throwable throwable = catchThrowable(() -> spiedLocalDateTimeCryptoConverter.convertToEntityAttribute(LOCAL_DATE_TIME_TO_DECIPHER_AS_STRING)); 283 | 284 | // Then 285 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(noSuchPaddingException); 286 | } 287 | 288 | @Test 289 | void rethrow_exception_when_cipher_initialization_fails_with_InvalidAlgorithmParameterException() throws Exception { 290 | // Given 291 | InvalidAlgorithmParameterException invalidAlgorithmParameterException = new InvalidAlgorithmParameterException(); 292 | when(cipherInitializer.prepareAndInitCipher(anyInt(), anyString())).thenThrow(invalidAlgorithmParameterException); 293 | 294 | // When 295 | Throwable throwable = catchThrowable(() -> spiedLocalDateTimeCryptoConverter.convertToEntityAttribute(LOCAL_DATE_TIME_TO_DECIPHER_AS_STRING)); 296 | 297 | // Then 298 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(invalidAlgorithmParameterException); 299 | } 300 | 301 | @Test 302 | void rethrow_exception_when_decryption_fails_with_BadPaddingException() throws Exception { 303 | // Given 304 | BadPaddingException badPaddingException = new BadPaddingException(); 305 | when(spiedLocalDateTimeCryptoConverter.callCipherDoFinal(any(), any())).thenThrow(badPaddingException); 306 | 307 | // When 308 | Throwable throwable = catchThrowable(() -> spiedLocalDateTimeCryptoConverter.convertToEntityAttribute(LOCAL_DATE_TIME_TO_DECIPHER_AS_STRING)); 309 | 310 | // Then 311 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(badPaddingException); 312 | } 313 | 314 | @Test 315 | void rethrow_exception_when_decryption_fails_with_IllegalBlockSizeException() throws Exception { 316 | // Given 317 | IllegalBlockSizeException illegalBlockSizeException = new IllegalBlockSizeException(); 318 | when(spiedLocalDateTimeCryptoConverter.callCipherDoFinal(any(), any())).thenThrow(illegalBlockSizeException); 319 | 320 | // When 321 | Throwable throwable = catchThrowable(() -> spiedLocalDateTimeCryptoConverter.convertToEntityAttribute(LOCAL_DATE_TIME_TO_DECIPHER_AS_STRING)); 322 | 323 | // Then 324 | assertThat(throwable).isInstanceOf(RuntimeException.class).hasCause(illegalBlockSizeException); 325 | } 326 | } 327 | } 328 | --------------------------------------------------------------------------------