First of all I shall mention that I have seen Unit testing of encrypt/decrypt, and Unit testing encryption and decryption in Java.
I want to protect a library by validating its license. The license contains information such as maximum users and expiration time and so on.
The problems I encounter are:
- The encryptor and decryptor are in two different code bases. The decryptor is packaged with the library, but encryptor is not, so it is hard to have them both in the same test suite!
- A random salt is used within encryptor, so even with same input the encryptor produces a different output each time, again I can not do assertion on the result.
- For the sake of its purpose the decryptor (to make it harder to inject another class for it) is a final class, and all of its methods are private, except a few package accessible entry points.
I don't want to test JCE, but I want to test my code which does:
- Extracting the salt from the encrypted license,
- Deciphers the encrypted license,
- Deserializes the output to some data structure containing license data,
Shall I create a clone of the the code, with some softer access constraints and test that? Then the problem is I am not testing the real code which is run on client systems.
Are there any better solutions to do this?
From what you described I don't see a problem in testing them separately.
Not an issue if you test them separately.
You can inject a mock random generator that will produce the same results.
Many ways to test private methods as can be seen here
All you need for that is an encrypted license that you know the salt of.
Similarly, you can use a license that you know what it deciphers to.
Not related and is a separate test of the deserialization code.