用Java测试加密和解密的单元 [英] Unit testing encryption and decryption in Java
问题描述
免责声明,我是一名iOS开发人员,一直在玩Android上的加密。目前我已经设法在Android中实现加密,但我问自己一个单元如何测试加密和解密数据?
Disclaimer, I am an iOS developer that has been playing around with encryption on Android. As it stands I've managed to achieve encryption in Android but I'm asking myself how would one unit test for encryption and decryption of data?
现在第一个想法是我想到的是:
Now the first idea that comes to mind would be something like:
String encryptedInputData = encryptedInputData("Hello");
String decryptedData = decryptData(encryptedInputData);
Assert.assertEquals(decryptedData,"Hello");
这个测试会造成一个缺陷......如果中的某些内容发生了变化encryptedInputData 和 decryptData 方法,这个测试不会告诉它改变了什么以及为什么它现在正在破坏。所以我想编写更细粒度的测试。例如,给定此代码:
This test however poses one flaw... If something did change in the encryptedInputData and decryptData methods, this test would not tells what changed and why it is now breaking. So I would like to write far more granular tests. So for example given this code:
Cipher cipher = Cipher.getInstance("RSA/ECB/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] data = cipher.doFinal(message);
我想确保密码变量在ECB模式下使用RSA算法,没有填充。我想测试 .doFinal(消息)中的消息是否遵循特定格式等。
I'd like to make sure that the cipher variable is using the RSA algorithm in ECB mode with no padding. I'd like to test that the message in the .doFinal(message) follows a particular format etc.
现在我想我能够模拟 Cipher 类,这里的问题是加密和解密写的,只作为一个Util类,并能够单元测试这个,我必须将模拟 Cipher 传递给代码,这是一个实用程序class似乎会变得混乱,即我必须创建一个init方法只是用于单元测试目的或创建setter方法只是为了对它进行单元测试。这将允许我对代码进行单元测试,但然后Util类使用我实际上不需要用于生产目的的代码变得笨拙。
Now I would imagine I would be able to mock the Cipher class, the problem here is that the encryption and decryption that was written, serves only as a Util class and to be able to unit test this, I would have to pass the mock Cipher into the code, which given that this is a Util class seems like it would get messy i.e. I would have to either create an init method just for unit testing purposes or create setter methods just to unit test this. Which would allow me to unit test the code but then the Util class gets clunky with code that I actually don't need for production purposes.
有没有优雅的方法可以像这样单元测试方案? ie encryptedInputData 和 decryptData 是公共方法,但这些方法使用各种私有方法,坦率地需要进行单元测试,问题那么怎么样?
Are there any elegant ways of being able to unit test scenarios like this? i.e. encryptedInputData and decryptData are public methods but these methods use various private methods which frankly need to be unit tested, the issue then is how?
推荐答案
真正的答案是你不应该这样做。您永远不应该实现自己的加密例程。您不仅非常容易弄错,还需要执行极其复杂的操作以确保实际上由于实现问题而无法进行攻击(例如,如果if语句的一个分支比另一个分支运行时间更长,你可以弄清楚支票的价值是多少)。你应该总是使用一个开源的,经过良好评估的库。
The real answer is you shouldn't have to. You should never implement your own encryption routines. Not only are you very likely to get it wrong, there are extremely complex things you need to do to make sure it actually isn't hackable due to implementation issues (for example, if one branch of an if statement takes longer to run than another, you can figure out what the value of the check is). You should always use an open source, well reviewed library.
由于你没有自己实现它,你不需要对它进行单元测试。图书馆作家应该是。如果您愿意,可以将他们的测试套件作为您自己的一部分运行,但我认为这是浪费时间 - 他们在发布之前就已经完成了,而且您最多只需要运行一次。
Since you aren't implementing it yourself, you don't need to unit test it. The library writers should be. If you feel like it, run their test suite as part of your own, but I'd consider that a waste of time- they did it before release, and you really only need to run it once at most.
这篇关于用Java测试加密和解密的单元的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
