Skip to content

Commit fdd1a32

Browse files
committed
update tests to include the new parameterrequireUnlockedDevice where necessary.
1 parent bc46ebc commit fdd1a32

10 files changed

Lines changed: 41 additions & 22 deletions

.github/workflows/ci.yml

Lines changed: 28 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,10 @@ jobs:
3333
- uses: actions/setup-java@v4
3434
with:
3535
distribution: temurin
36-
java-version: '17'
36+
java-version: |
37+
17
38+
21
39+
24
3740
- uses: gradle/actions/setup-gradle@v4
3841
- name: Compile all :ksafe targets
3942
run: ./gradlew :ksafe:compileKotlinJvm :ksafe:compileKotlinJs :ksafe:compileKotlinWasmJs :ksafe:compileKotlinMetadata --stacktrace
@@ -60,15 +63,19 @@ jobs:
6063
# drainable; full intensity remains the local default.
6164
# ---------------------------------------------------------------------------
6265
jvm-full-suite:
63-
name: Full JVM suite
66+
name: Full JVM suite (Java ${{ matrix.java }})
6467
runs-on: ubuntu-latest
6568
timeout-minutes: 20
69+
strategy:
70+
fail-fast: false
71+
matrix:
72+
java: [ '17', '21', '24' ]
6673
steps:
6774
- uses: actions/checkout@v4
6875
- uses: actions/setup-java@v4
6976
with:
7077
distribution: temurin
71-
java-version: '17'
78+
java-version: ${{ matrix.java }}
7279
- uses: gradle/actions/setup-gradle@v4
7380
# -PksafeTestLog kept ON: scaling the stress magnitude alone did NOT
7481
# stop the 2-vCPU hang, so a specific test deadlocks (not a throughput
@@ -158,17 +165,21 @@ jobs:
158165
# Linux Secret Service (libsecret) — real gnome-keyring under a dbus session.
159166
# ---------------------------------------------------------------------------
160167
keyvault-linux:
161-
name: Key vault IT — Linux Secret Service
168+
name: Key vault IT — Linux Secret Service (Java ${{ matrix.java }})
162169
runs-on: ubuntu-latest
163170
timeout-minutes: 30
171+
strategy:
172+
fail-fast: false
173+
matrix:
174+
java: [ '17', '21', '24' ]
164175
env:
165176
KSAFE_KEYVAULT_IT: "1"
166177
steps:
167178
- uses: actions/checkout@v4
168179
- uses: actions/setup-java@v4
169180
with:
170181
distribution: temurin
171-
java-version: '17'
182+
java-version: ${{ matrix.java }}
172183
- uses: gradle/actions/setup-gradle@v4
173184
- name: Install gnome-keyring + libsecret
174185
run: |
@@ -203,9 +214,13 @@ jobs:
203214
# Windows DPAPI — available for the runner user out of the box.
204215
# ---------------------------------------------------------------------------
205216
keyvault-windows:
206-
name: Key vault IT — Windows DPAPI
217+
name: Key vault IT — Windows DPAPI (Java ${{ matrix.java }})
207218
runs-on: windows-latest
208219
timeout-minutes: 30
220+
strategy:
221+
fail-fast: false
222+
matrix:
223+
java: [ '17', '21', '24' ]
209224
defaults:
210225
run:
211226
shell: bash
@@ -216,7 +231,7 @@ jobs:
216231
- uses: actions/setup-java@v4
217232
with:
218233
distribution: temurin
219-
java-version: '17'
234+
java-version: ${{ matrix.java }}
220235
- uses: gradle/actions/setup-gradle@v4
221236
- name: Key vault integration test (DPAPI)
222237
run: ./gradlew :ksafe:jvmTest --tests 'eu.anifantakis.lib.ksafe.JvmKeyVaultIntegrationTest' --tests 'eu.anifantakis.lib.ksafe.Jvm200To210FixtureTest' --tests 'eu.anifantakis.lib.ksafe.JvmKeyVaultMigrationTest' --no-daemon --no-configuration-cache --stacktrace
@@ -233,17 +248,21 @@ jobs:
233248
# there are no GUI access prompts and no developer-keychain pollution.
234249
# ---------------------------------------------------------------------------
235250
keyvault-macos:
236-
name: Key vault IT — macOS Keychain
251+
name: Key vault IT — macOS Keychain (Java ${{ matrix.java }})
237252
runs-on: macos-latest
238253
timeout-minutes: 30
254+
strategy:
255+
fail-fast: false
256+
matrix:
257+
java: [ '17', '21', '24' ]
239258
env:
240259
KSAFE_KEYVAULT_IT: "1"
241260
steps:
242261
- uses: actions/checkout@v4
243262
- uses: actions/setup-java@v4
244263
with:
245264
distribution: temurin
246-
java-version: '17'
265+
java-version: ${{ matrix.java }}
247266
- uses: gradle/actions/setup-gradle@v4
248267
- name: Create + unlock a dedicated keychain
249268
run: |

ksafe/src/jvmTest/kotlin/eu/anifantakis/lib/ksafe/JvmBatchFailureIsolationTest.kt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ class JvmBatchFailureIsolationTest {
4444
return xor.encrypt(identifier, data, hardwareIsolated, requireUnlockedDevice)
4545
}
4646

47-
override fun decrypt(identifier: String, data: ByteArray): ByteArray =
47+
override fun decrypt(identifier: String, data: ByteArray, requireUnlockedDevice: Boolean?): ByteArray =
4848
xor.decrypt(identifier, data)
4949

5050
override fun deleteKey(identifier: String) { /* no-op */ }
@@ -212,7 +212,7 @@ class JvmBatchFailureIsolationTest {
212212
return xor.encrypt(identifier, data, hardwareIsolated, requireUnlockedDevice)
213213
}
214214

215-
override fun decrypt(identifier: String, data: ByteArray): ByteArray =
215+
override fun decrypt(identifier: String, data: ByteArray, requireUnlockedDevice: Boolean?): ByteArray =
216216
xor.decrypt(identifier, data)
217217

218218
override fun deleteKey(identifier: String) { /* no-op */ }

ksafe/src/jvmTest/kotlin/eu/anifantakis/lib/ksafe/JvmClearAllRaceRepairTest.kt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ class JvmClearAllRaceRepairTest {
2424
@Volatile var onDeleteKey: (() -> Unit)? = null
2525
override fun encrypt(identifier: String, data: ByteArray, hardwareIsolated: Boolean, requireUnlockedDevice: Boolean?): ByteArray =
2626
xor.encrypt(identifier, data, hardwareIsolated, requireUnlockedDevice)
27-
override fun decrypt(identifier: String, data: ByteArray): ByteArray =
27+
override fun decrypt(identifier: String, data: ByteArray, requireUnlockedDevice: Boolean?): ByteArray =
2828
xor.decrypt(identifier, data)
2929
override fun deleteKey(identifier: String) {
3030
onDeleteKey?.also { onDeleteKey = null }?.invoke()

ksafe/src/jvmTest/kotlin/eu/anifantakis/lib/ksafe/JvmCollectorWriteRaceTest.kt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ class JvmCollectorWriteRaceTest {
2424
private class RaceEngine : KSafeEncryption {
2525
@Volatile var onDecrypt: (() -> Unit)? = null
2626
override fun encrypt(identifier: String, data: ByteArray, hardwareIsolated: Boolean, requireUnlockedDevice: Boolean?): ByteArray = data
27-
override fun decrypt(identifier: String, data: ByteArray): ByteArray {
27+
override fun decrypt(identifier: String, data: ByteArray, requireUnlockedDevice: Boolean?): ByteArray {
2828
onDecrypt?.invoke()
2929
onDecrypt = null // race only the first (seeded) decrypt
3030
return "\"old\"".encodeToByteArray() // JSON for String "old"

ksafe/src/jvmTest/kotlin/eu/anifantakis/lib/ksafe/JvmDeleteKeyCleanupFailureTest.kt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ class JvmDeleteKeyCleanupFailureTest {
1919
private val xor = FakeEncryption()
2020
override fun encrypt(identifier: String, data: ByteArray, hardwareIsolated: Boolean, requireUnlockedDevice: Boolean?): ByteArray =
2121
xor.encrypt(identifier, data, hardwareIsolated, requireUnlockedDevice)
22-
override fun decrypt(identifier: String, data: ByteArray): ByteArray = xor.decrypt(identifier, data)
22+
override fun decrypt(identifier: String, data: ByteArray, requireUnlockedDevice: Boolean?): ByteArray = xor.decrypt(identifier, data)
2323
override fun deleteKey(identifier: String) { throw RuntimeException("simulated key-delete failure") }
2424
}
2525

ksafe/src/jvmTest/kotlin/eu/anifantakis/lib/ksafe/JvmFallbackMigrationTest.kt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -494,7 +494,7 @@ class JvmFallbackMigrationTest {
494494
private class TransientFailTargetEngine : KSafeEncryption {
495495
override fun encrypt(identifier: String, data: ByteArray, hardwareIsolated: Boolean, requireUnlockedDevice: Boolean?): ByteArray =
496496
throw IllegalStateException("KSafe: OS key vault is unavailable (test transient)")
497-
override fun decrypt(identifier: String, data: ByteArray): ByteArray =
497+
override fun decrypt(identifier: String, data: ByteArray, requireUnlockedDevice: Boolean?): ByteArray =
498498
throw IllegalStateException("unused")
499499
override fun deleteKey(identifier: String) {}
500500
}

ksafe/src/jvmTest/kotlin/eu/anifantakis/lib/ksafe/JvmGetOrCreateSecretTest.kt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ class JvmGetOrCreateSecretTest {
4141
requireUnlockedDevice: Boolean?,
4242
): ByteArray = xor.encrypt(identifier, data, hardwareIsolated, requireUnlockedDevice)
4343

44-
override fun decrypt(identifier: String, data: ByteArray): ByteArray {
44+
override fun decrypt(identifier: String, data: ByteArray, requireUnlockedDevice: Boolean?): ByteArray {
4545
if (failDecrypt) {
4646
throw IllegalStateException("KSafe: simulated ciphertext corruption (AEAD tag mismatch)")
4747
}
@@ -130,7 +130,7 @@ class JvmGetOrCreateSecretTest {
130130
requireUnlockedDevice: Boolean?,
131131
): ByteArray = xor.encrypt(identifier, data, hardwareIsolated, requireUnlockedDevice)
132132

133-
override fun decrypt(identifier: String, data: ByteArray): ByteArray =
133+
override fun decrypt(identifier: String, data: ByteArray, requireUnlockedDevice: Boolean?): ByteArray =
134134
throw IllegalStateException("KSafe: simulated unreadable secret (key invalidated)")
135135

136136
override fun deleteKey(identifier: String) { /* no-op */ }

ksafe/src/jvmTest/kotlin/eu/anifantakis/lib/ksafe/JvmKSafeTest.kt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -338,7 +338,7 @@ class JvmKSafeTest : KSafeTest() {
338338
requireUnlockedDevice: Boolean?
339339
): ByteArray = delegate.encrypt(identifier, data, hardwareIsolated, requireUnlockedDevice)
340340

341-
override fun decrypt(identifier: String, data: ByteArray): ByteArray {
341+
override fun decrypt(identifier: String, data: ByteArray, requireUnlockedDevice: Boolean?): ByteArray {
342342
if (failOnDecrypt) throw IllegalStateException("No encryption key found")
343343
return delegate.decrypt(identifier, data)
344344
}
@@ -398,7 +398,7 @@ class JvmKSafeTest : KSafeTest() {
398398
requireUnlockedDevice: Boolean?
399399
): ByteArray = delegate.encrypt(identifier, data, hardwareIsolated, requireUnlockedDevice)
400400

401-
override fun decrypt(identifier: String, data: ByteArray): ByteArray {
401+
override fun decrypt(identifier: String, data: ByteArray, requireUnlockedDevice: Boolean?): ByteArray {
402402
if (failOnDecrypt) throw IllegalStateException("No encryption key found")
403403
return delegate.decrypt(identifier, data)
404404
}

ksafe/src/jvmTest/kotlin/eu/anifantakis/lib/ksafe/JvmObservableFlowResilienceTest.kt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ class JvmObservableFlowResilienceTest {
2828
private val xor = FakeEncryption()
2929
override fun encrypt(identifier: String, data: ByteArray, hardwareIsolated: Boolean, requireUnlockedDevice: Boolean?): ByteArray =
3030
xor.encrypt(identifier, data, hardwareIsolated, requireUnlockedDevice)
31-
override fun decrypt(identifier: String, data: ByteArray): ByteArray {
31+
override fun decrypt(identifier: String, data: ByteArray, requireUnlockedDevice: Boolean?): ByteArray {
3232
if (failTransient) throw IllegalStateException("KSafe: Cannot access Keystore key - device is locked.")
3333
return xor.decrypt(identifier, data)
3434
}
@@ -65,7 +65,7 @@ class JvmObservableFlowResilienceTest {
6565
private val xor = FakeEncryption()
6666
override fun encrypt(identifier: String, data: ByteArray, hardwareIsolated: Boolean, requireUnlockedDevice: Boolean?): ByteArray =
6767
xor.encrypt(identifier, data, hardwareIsolated, requireUnlockedDevice)
68-
override fun decrypt(identifier: String, data: ByteArray): ByteArray {
68+
override fun decrypt(identifier: String, data: ByteArray, requireUnlockedDevice: Boolean?): ByteArray {
6969
if (fail) throw IllegalStateException("KSafe: Keychain error -25308 for account $identifier")
7070
return xor.decrypt(identifier, data)
7171
}

ksafe/src/jvmTest/kotlin/eu/anifantakis/lib/ksafe/JvmSideCacheWriteBackRaceTest.kt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ class JvmSideCacheWriteBackRaceTest {
2626
private class RaceEngine : KSafeEncryption {
2727
@Volatile var onDecrypt: (() -> Unit)? = null
2828
override fun encrypt(identifier: String, data: ByteArray, hardwareIsolated: Boolean, requireUnlockedDevice: Boolean?): ByteArray = data
29-
override fun decrypt(identifier: String, data: ByteArray): ByteArray {
29+
override fun decrypt(identifier: String, data: ByteArray, requireUnlockedDevice: Boolean?): ByteArray {
3030
onDecrypt?.invoke()
3131
onDecrypt = null // race only the first (seeded) decrypt
3232
return "\"old\"".encodeToByteArray() // JSON for String "old"

0 commit comments

Comments
 (0)