From 29e29eb5a292ea02bf257a548b2ba2d85a314942 Mon Sep 17 00:00:00 2001
From: Thai Duong <thaidn@google.com>
Date: Fri, 18 Aug 2017 15:55:04 -0700
Subject: [PATCH] Fix Lint and compatibility issues.
Change-Id: I62a4a98c2ebf5651576a42c065e9ea3582b1f041
ORIGINAL_AUTHOR=Thai Duong <thaidn@google.com>
GitOrigin-RevId: d7860b81c481959dfd6fac540026ba3c9747fa4a
---
WORKSPACE | 6 ++++++
apps/googlepayments/BUILD | 2 +-
.../PaymentMethodTokenHybridDecrypt.java | 8 ++++---
.../PaymentMethodTokenHybridEncrypt.java | 21 ++++++++++++-------
.../payments/PaymentMethodTokenRecipient.java | 5 +++--
.../payments/PaymentMethodTokenSender.java | 19 ++++++++++-------
.../PaymentMethodTokenRecipientTest.java | 6 +++---
doc/JAVA-HOWTO.md | 4 ++--
java/BUILD | 14 ++++++++-----
.../java/com/google/crypto/tink/config/BUILD | 2 +-
.../com/google/crypto/tink/integration/BUILD | 3 ++-
.../java/com/google/crypto/tink/subtle/BUILD | 1 -
.../google/crypto/tink/config/ConfigTest.java | 8 +++----
proto/config.proto | 2 +-
tools/testing/BUILD | 8 +++----
.../crypto/tink/tinkey/AddCommandTest.java | 2 ++
.../crypto/tink/tinkey/RotateCommandTest.java | 2 ++
17 files changed, 70 insertions(+), 43 deletions(-)
diff --git a/WORKSPACE b/WORKSPACE
index a3158d2a8..86dc7eeca 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -183,6 +183,12 @@ maven_jar(
sha1 = "949abe1460757b8dc9902c562f83e49675444572",
)
+maven_jar(
+ name = "joda_time",
+ artifact = "joda-time:joda-time:2.9.9",
+ sha1 = "f7b520c458572890807d143670c9b24f4de90897",
+)
+
maven_jar(
name = "junit_junit_4",
artifact = "junit:junit:jar:4.12",
diff --git a/apps/googlepayments/BUILD b/apps/googlepayments/BUILD
index bd5dcff95..5f3356f2f 100644
--- a/apps/googlepayments/BUILD
+++ b/apps/googlepayments/BUILD
@@ -1,4 +1,4 @@
-package(default_visibility = ["//visibility:public"])
+package(default_visibility = ["//visibility:private"])
licenses(["notice"]) # Apache 2.0
diff --git a/apps/googlepayments/src/main/java/com/google/payments/PaymentMethodTokenHybridDecrypt.java b/apps/googlepayments/src/main/java/com/google/payments/PaymentMethodTokenHybridDecrypt.java
index 86191af69..ea97e56bd 100644
--- a/apps/googlepayments/src/main/java/com/google/payments/PaymentMethodTokenHybridDecrypt.java
+++ b/apps/googlepayments/src/main/java/com/google/payments/PaymentMethodTokenHybridDecrypt.java
@@ -44,7 +44,8 @@ class PaymentMethodTokenHybridDecrypt implements HybridDecrypt {
try {
JSONObject json = new JSONObject(new String(ciphertext, StandardCharsets.UTF_8));
validate(json);
- byte[] kem = PaymentMethodTokenUtil.BASE64.decode(json.getString(PaymentMethodTokenConstants.JSON_EPHEMERAL_PUBLIC_KEY));
+ byte[] kem = PaymentMethodTokenUtil.BASE64.decode(json.getString(
+ PaymentMethodTokenConstants.JSON_EPHEMERAL_PUBLIC_KEY));
int symmetricKeySize = PaymentMethodTokenConstants.AES_CTR_KEY_SIZE
+ PaymentMethodTokenConstants.HMAC_SHA256_KEY_SIZE;
byte[] demKey = recipientKem.generateKey(
@@ -60,7 +61,8 @@ class PaymentMethodTokenHybridDecrypt implements HybridDecrypt {
json.getString(PaymentMethodTokenConstants.JSON_ENCRYPTED_MESSAGE_KEY));
byte[] computedTag = PaymentMethodTokenUtil.hmacSha256(hmacSha256Key,
encryptedMessage);
- byte[] expectedTag = PaymentMethodTokenUtil.BASE64.decode(json.getString(PaymentMethodTokenConstants.JSON_TAG_KEY));
+ byte[] expectedTag = PaymentMethodTokenUtil.BASE64.decode(json.getString(
+ PaymentMethodTokenConstants.JSON_TAG_KEY));
if (!SubtleUtil.arrayEquals(expectedTag, computedTag)) {
throw new GeneralSecurityException("cannot decrypt; invalid MAC");
}
@@ -68,7 +70,7 @@ class PaymentMethodTokenHybridDecrypt implements HybridDecrypt {
PaymentMethodTokenConstants.AES_CTR_KEY_SIZE);
return PaymentMethodTokenUtil.aesCtr(aesCtrKey, encryptedMessage);
} catch (JSONException e) {
- throw new GeneralSecurityException("cannot decrypt; failed to parse JSON", e);
+ throw new GeneralSecurityException("cannot decrypt; failed to parse JSON");
}
}
diff --git a/apps/googlepayments/src/main/java/com/google/payments/PaymentMethodTokenHybridEncrypt.java b/apps/googlepayments/src/main/java/com/google/payments/PaymentMethodTokenHybridEncrypt.java
index 0e8108cc9..7aedfe4ff 100644
--- a/apps/googlepayments/src/main/java/com/google/payments/PaymentMethodTokenHybridEncrypt.java
+++ b/apps/googlepayments/src/main/java/com/google/payments/PaymentMethodTokenHybridEncrypt.java
@@ -23,6 +23,7 @@ import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.interfaces.ECPublicKey;
import java.util.Arrays;
+import org.json.JSONException;
import org.json.JSONObject;
/**
@@ -56,13 +57,17 @@ class PaymentMethodTokenHybridEncrypt implements HybridEncrypt {
kemKey.getSymmetricKey(), PaymentMethodTokenConstants.AES_CTR_KEY_SIZE, symmetricKeySize);
byte[] tag = PaymentMethodTokenUtil.hmacSha256(hmacSha256Key, ciphertext);
byte[] ephemeralPublicKey = kemKey.getKemBytes();
- return new JSONObject()
- .put(PaymentMethodTokenConstants.JSON_ENCRYPTED_MESSAGE_KEY,
- PaymentMethodTokenUtil.BASE64.encode(ciphertext))
- .put(PaymentMethodTokenConstants.JSON_TAG_KEY, PaymentMethodTokenUtil.BASE64.encode(tag))
- .put(PaymentMethodTokenConstants.JSON_EPHEMERAL_PUBLIC_KEY,
- PaymentMethodTokenUtil.BASE64.encode(ephemeralPublicKey))
- .toString()
- .getBytes(StandardCharsets.UTF_8);
+ try {
+ return new JSONObject()
+ .put(PaymentMethodTokenConstants.JSON_ENCRYPTED_MESSAGE_KEY,
+ PaymentMethodTokenUtil.BASE64.encode(ciphertext))
+ .put(PaymentMethodTokenConstants.JSON_TAG_KEY, PaymentMethodTokenUtil.BASE64.encode(tag))
+ .put(PaymentMethodTokenConstants.JSON_EPHEMERAL_PUBLIC_KEY,
+ PaymentMethodTokenUtil.BASE64.encode(ephemeralPublicKey))
+ .toString()
+ .getBytes(StandardCharsets.UTF_8);
+ } catch (JSONException e) {
+ throw new GeneralSecurityException("cannot encrypt; JSON error");
+ }
}
}
diff --git a/apps/googlepayments/src/main/java/com/google/payments/PaymentMethodTokenRecipient.java b/apps/googlepayments/src/main/java/com/google/payments/PaymentMethodTokenRecipient.java
index 477adaf53..f436e13ad 100644
--- a/apps/googlepayments/src/main/java/com/google/payments/PaymentMethodTokenRecipient.java
+++ b/apps/googlepayments/src/main/java/com/google/payments/PaymentMethodTokenRecipient.java
@@ -213,7 +213,7 @@ public final class PaymentMethodTokenRecipient {
}
throw new IllegalArgumentException("unsupported version: " + protocolVersion);
} catch (JSONException e) {
- throw new GeneralSecurityException("cannot unseal; invalid JSON message", e);
+ throw new GeneralSecurityException("cannot unseal; invalid JSON message");
}
}
@@ -266,7 +266,8 @@ public final class PaymentMethodTokenRecipient {
throw new GeneralSecurityException("cannot decrypt");
}
- private void validateV1(final JSONObject jsonMsg) throws GeneralSecurityException {
+ private void validateV1(final JSONObject jsonMsg)
+ throws GeneralSecurityException, JSONException {
if (!jsonMsg.has(PaymentMethodTokenConstants.JSON_PROTOCOL_VERSION_KEY)
|| !jsonMsg.has(PaymentMethodTokenConstants.JSON_SIGNATURE_KEY)
|| !jsonMsg.has(PaymentMethodTokenConstants.JSON_SIGNED_MESSAGE_KEY)
diff --git a/apps/googlepayments/src/main/java/com/google/payments/PaymentMethodTokenSender.java b/apps/googlepayments/src/main/java/com/google/payments/PaymentMethodTokenSender.java
index 09aa242bc..4360931d3 100644
--- a/apps/googlepayments/src/main/java/com/google/payments/PaymentMethodTokenSender.java
+++ b/apps/googlepayments/src/main/java/com/google/payments/PaymentMethodTokenSender.java
@@ -23,6 +23,7 @@ import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
+import org.json.JSONException;
import org.json.JSONObject;
/**
@@ -184,12 +185,16 @@ public final class PaymentMethodTokenSender {
PaymentMethodTokenConstants.PROTOCOL_VERSION_EC_V1,
signedMessage);
byte[] signature = signer.sign(toSignBytes);
- return new JSONObject()
- .put(PaymentMethodTokenConstants.JSON_SIGNED_MESSAGE_KEY, signedMessage)
- .put(PaymentMethodTokenConstants.JSON_PROTOCOL_VERSION_KEY,
- PaymentMethodTokenConstants.PROTOCOL_VERSION_EC_V1)
- .put(PaymentMethodTokenConstants.JSON_SIGNATURE_KEY,
- PaymentMethodTokenUtil.BASE64.encode(signature))
- .toString();
+ try {
+ return new JSONObject()
+ .put(PaymentMethodTokenConstants.JSON_SIGNED_MESSAGE_KEY, signedMessage)
+ .put(PaymentMethodTokenConstants.JSON_PROTOCOL_VERSION_KEY,
+ PaymentMethodTokenConstants.PROTOCOL_VERSION_EC_V1)
+ .put(PaymentMethodTokenConstants.JSON_SIGNATURE_KEY,
+ PaymentMethodTokenUtil.BASE64.encode(signature))
+ .toString();
+ } catch (JSONException e) {
+ throw new GeneralSecurityException("cannot seal; JSON error");
+ }
}
}
diff --git a/apps/googlepayments/src/test/java/com/google/payments/PaymentMethodTokenRecipientTest.java b/apps/googlepayments/src/test/java/com/google/payments/PaymentMethodTokenRecipientTest.java
index 5b4771bca..c8b6dc962 100644
--- a/apps/googlepayments/src/test/java/com/google/payments/PaymentMethodTokenRecipientTest.java
+++ b/apps/googlepayments/src/test/java/com/google/payments/PaymentMethodTokenRecipientTest.java
@@ -211,7 +211,7 @@ public class PaymentMethodTokenRecipientTest {
trustedKeysJson.put("keys", new JSONArray().put(key1).put(key2));
try {
- PaymentMethodTokenRecipient recipient = new PaymentMethodTokenRecipient.Builder()
+ PaymentMethodTokenRecipient unused = new PaymentMethodTokenRecipient.Builder()
.senderVerifyingKeys(trustedKeysJson.toString())
.recipientId(RECIPIENT_ID)
.addRecipientPrivateKey(MERCHANT_PRIVATE_KEY_PKCS8_BASE64)
@@ -287,7 +287,7 @@ public class PaymentMethodTokenRecipientTest {
recipient.unseal(payload.toString());
fail("Expected GeneralSecurityException");
} catch (GeneralSecurityException e) {
- assertEquals("cannot unseal; invalid JSON message", e.getMessage());
+ // expected
}
}
@@ -305,7 +305,7 @@ public class PaymentMethodTokenRecipientTest {
recipient.unseal(payload.toString());
fail("Expected GeneralSecurityException");
} catch (GeneralSecurityException e) {
- assertEquals("cannot unseal; invalid JSON message", e.getMessage());
+ // expected
}
}
}
diff --git a/doc/JAVA-HOWTO.md b/doc/JAVA-HOWTO.md
index 66932f93b..c4a528ca0 100644
--- a/doc/JAVA-HOWTO.md
+++ b/doc/JAVA-HOWTO.md
@@ -42,7 +42,7 @@ For custom initialization the registration can proceed directly via `Registry`-c
```
For more complex use cases, with multiple primitives and custom implementations,
-one can use Tink configuration tools from [`com.google.crypto.tink.config`](https://github.com/google/tink/blob/master/java/src/main/java/com/google/crypto/tink/config)-package,
+one can use Tink configuration tools from [`com.google.crypto.tink.config`](https://github.com/google/tink/blob/master/java/src/main/java/com/google/crypto/tink/config)-package,
which provides a configuration language for specifying key types and their key
managers to be used by Tink at runtime, and utilities for handling the
configurations. This allows for customizable configuration without need of
@@ -208,7 +208,7 @@ To create a custom implementation of a primitive proceed as follows:
2. Define protocol buffers that hold key material and parameters for the custom
cryptographic scheme; the name of the key protocol buffer (a.k.a. type URL)
determines the _key type_ for the custom implementation.
-3. Implement [`KeyManager`](https://github.com/google/tink/blob/master/java/src/main/java/com/google/crypto/tink/KeyManager.java)
+3. Implement [`KeyManager`](https://github.com/google/tink/blob/master/java/src/main/java/com/google/crypto/tink/KeyManager.java)
interface for the _primitive_ from step #1 and the _key type_ from step #2.
To use a custom implementation of a primitive in an application, register with
diff --git a/java/BUILD b/java/BUILD
index 70039d44a..ad470d6ac 100644
--- a/java/BUILD
+++ b/java/BUILD
@@ -57,6 +57,15 @@ java_library(
],
)
+java_library(
+ name = "config_android",
+ visibility = ["//visibility:public"],
+ exports = [
+ "//java/src/main/java/com/google/crypto/tink/config:android",
+ "//java/src/main/java/com/google/crypto/tink/config:tink_catalogue_android",
+ ],
+)
+
# RESTRICTED
FULL_PROTOS = [
@@ -113,7 +122,6 @@ java_library(
java_library(
name = "cleartext_keyset_handle",
visibility = [
- "//tools/testing:__subpackages__",
"//tools/tinkey:__pkg__",
],
exports = [
@@ -123,10 +131,6 @@ java_library(
java_library(
name = "cleartext_keyset_handle_android",
- visibility = [
- "//tools/testing:__subpackages__",
- "//tools/tinkey:__pkg__",
- ],
exports = [
"//java/src/main/java/com/google/crypto/tink:cleartext_keyset_handle_android",
],
diff --git a/java/src/main/java/com/google/crypto/tink/config/BUILD b/java/src/main/java/com/google/crypto/tink/config/BUILD
index a8b07639f..6709d53e6 100644
--- a/java/src/main/java/com/google/crypto/tink/config/BUILD
+++ b/java/src/main/java/com/google/crypto/tink/config/BUILD
@@ -29,7 +29,7 @@ java_library(
javacopts = JAVACOPTS,
deps = [
"tink_catalogue_android",
- "//java/src/main/java/com/google/crypto/tink",
+ "//java/src/main/java/com/google/crypto/tink:android",
"//proto:config_java_proto_lite",
],
)
diff --git a/java/src/main/java/com/google/crypto/tink/integration/BUILD b/java/src/main/java/com/google/crypto/tink/integration/BUILD
index 2afda1987..092d6bd28 100644
--- a/java/src/main/java/com/google/crypto/tink/integration/BUILD
+++ b/java/src/main/java/com/google/crypto/tink/integration/BUILD
@@ -26,13 +26,14 @@ java_library(
runtime_deps = [
"@com_fasterxml_jackson_annotations//jar",
"@com_fasterxml_jackson_databind//jar",
+ "@com_google_code_gson_gson//jar",
+ "@joda_time//jar",
"@org_apache_commons_logging//jar",
"@org_apache_httpcomponents_httpclient//jar",
"@org_apache_httpcomponents_httpcore//jar",
],
deps = [
"//java/src/main/java/com/google/crypto/tink",
- "//java/src/main/java/com/google/crypto/tink/subtle:aead",
"@com_amazonaws_sdk_core//jar",
"@com_amazonaws_sdk_kms//jar",
"@com_google_api_client//jar",
diff --git a/java/src/main/java/com/google/crypto/tink/subtle/BUILD b/java/src/main/java/com/google/crypto/tink/subtle/BUILD
index cc98c4168..dc9db938d 100644
--- a/java/src/main/java/com/google/crypto/tink/subtle/BUILD
+++ b/java/src/main/java/com/google/crypto/tink/subtle/BUILD
@@ -22,7 +22,6 @@ java_library(
],
javacopts = JAVACOPTS,
deps = [
- "//java/src/main/java/com/google/crypto/tink:primitives",
"@com_google_errorprone_error_prone_annotations//jar",
],
)
diff --git a/java/src/test/java/com/google/crypto/tink/config/ConfigTest.java b/java/src/test/java/com/google/crypto/tink/config/ConfigTest.java
index 4ae7612aa..459803bad 100644
--- a/java/src/test/java/com/google/crypto/tink/config/ConfigTest.java
+++ b/java/src/test/java/com/google/crypto/tink/config/ConfigTest.java
@@ -47,14 +47,14 @@ public class ConfigTest {
.setNewKeyAllowed(true)
.build();
try {
- KeyManager<Aead> keyManager = Registry.getKeyManager(typeUrl);
+ KeyManager<Aead> unused = Registry.getKeyManager(typeUrl);
fail();
} catch (GeneralSecurityException e) {
// expected
}
Config.registerKeyType(entry);
- KeyManager<Aead> keyManager = Registry.getKeyManager(typeUrl);
+ KeyManager<Aead> unused = Registry.getKeyManager(typeUrl);
}
@Test
@@ -74,7 +74,7 @@ public class ConfigTest {
// Initially, there should be no key manager in the registry.
for (KeyTypeEntry entry : tinkConfig.getEntryList()) {
try {
- KeyManager<?> keyManager = Registry.getKeyManager(entry.getTypeUrl());
+ KeyManager<?> unused = Registry.getKeyManager(entry.getTypeUrl());
fail("Registry should contain no manager for " + entry.getTypeUrl());
} catch (GeneralSecurityException e) {
// expected
@@ -83,7 +83,7 @@ public class ConfigTest {
// After registering the config the registry should contain the key managers.
Config.register(tinkConfig);
for (KeyTypeEntry entry : tinkConfig.getEntryList()) {
- KeyManager<?> keyManager = Registry.getKeyManager(entry.getTypeUrl());
+ KeyManager<?> unused = Registry.getKeyManager(entry.getTypeUrl());
}
// Another register-attmpt should fail, as key managers already exist.
try {
diff --git a/proto/config.proto b/proto/config.proto
index 92b98f11a..239d1a9d0 100644
--- a/proto/config.proto
+++ b/proto/config.proto
@@ -40,4 +40,4 @@ message KeyTypeEntry {
message TinkConfig {
string config_name = 1;
repeated KeyTypeEntry entry = 2;
-}
\ No newline at end of file
+}
diff --git a/tools/testing/BUILD b/tools/testing/BUILD
index fe9accb92..a9e5d84bb 100644
--- a/tools/testing/BUILD
+++ b/tools/testing/BUILD
@@ -4,6 +4,7 @@ load("//java/build_defs:javac.bzl", "JAVACOPTS")
java_binary(
name = "hybrid_encrypt_cli_java",
+ testonly = 1,
srcs = [
"java/com/google/crypto/tink/testing/HybridEncryptCli.java",
],
@@ -11,14 +12,14 @@ java_binary(
main_class = "com.google.crypto.tink.testing.HybridEncryptCli",
visibility = ["//tools/testing:__subpackages__"],
deps = [
- "//java",
- "//java:cleartext_keyset_handle",
"//java:config",
+ "//java:testonly",
],
)
java_binary(
name = "hybrid_decrypt_cli_java",
+ testonly = 1,
srcs = [
"java/com/google/crypto/tink/testing/HybridDecryptCli.java",
],
@@ -26,8 +27,7 @@ java_binary(
main_class = "com.google.crypto.tink.testing.HybridDecryptCli",
visibility = ["//tools/testing:__subpackages__"],
deps = [
- "//java",
- "//java:cleartext_keyset_handle",
"//java:config",
+ "//java:testonly",
],
)
diff --git a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/AddCommandTest.java b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/AddCommandTest.java
index a96fcbef2..9fdc52d8b 100644
--- a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/AddCommandTest.java
+++ b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/AddCommandTest.java
@@ -17,6 +17,7 @@
package com.google.crypto.tink.tinkey;
import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.fail;
import com.google.crypto.tink.KeysetReader;
import com.google.crypto.tink.TestUtil;
@@ -92,6 +93,7 @@ public class AddCommandTest {
outputStream, OUTPUT_FORMAT,
emptyStream, INPUT_FORMAT,
masterKeyUri, credentialPath, NEW_TEMPLATE);
+ fail("Expected GeneralSecurityException");
} catch (GeneralSecurityException e) {
TestUtil.assertExceptionContains(e, "empty keyset");
}
diff --git a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/RotateCommandTest.java b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/RotateCommandTest.java
index 40752bd0c..77bd87b09 100644
--- a/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/RotateCommandTest.java
+++ b/tools/tinkey/src/test/java/com/google/crypto/tink/tinkey/RotateCommandTest.java
@@ -17,6 +17,7 @@
package com.google.crypto.tink.tinkey;
import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.fail;
import com.google.crypto.tink.KeysetReader;
import com.google.crypto.tink.TestUtil;
@@ -92,6 +93,7 @@ public class RotateCommandTest {
outputStream, OUTPUT_FORMAT,
emptyStream, INPUT_FORMAT,
masterKeyUri, credentialPath, NEW_TEMPLATE);
+ fail("Expected GeneralSecurityException");
} catch (GeneralSecurityException e) {
TestUtil.assertExceptionContains(e, "empty keyset");
}
--
GitLab