alts: _Actually_ use Conscrypt when available (#6700)

Previously the check for Conscrypt would always fail because CONSCRYPT was guaranteed to be null.
grpc · Feb 12, 2020 · 2a83637 · 2a83637
1 parent 7727098
commit 2a83637
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 2 deletions.
diff --git a/alts/src/main/java/io/grpc/alts/internal/AesGcmAeadCrypter.java b/alts/src/main/java/io/grpc/alts/internal/AesGcmAeadCrypter.java
@@ -18,6 +18,7 @@
 
 import static com.google.common.base.Preconditions.checkArgument;
 
+import com.google.common.annotations.VisibleForTesting;
 import io.grpc.internal.ConscryptLoader;
 import java.nio.ByteBuffer;
 import java.security.GeneralSecurityException;
@@ -110,7 +111,8 @@ static int getKeyLength() {
     return KEY_LENGTH;
   }
 
-  private static Provider getConscrypt() {
+  @VisibleForTesting
+  static Provider getConscrypt() {
     if (!ConscryptLoader.isPresent()) {
       return null;
     }
@@ -129,7 +131,7 @@ private static Provider getConscrypt() {
       return null;
     }
     try {
-      Cipher.getInstance(AES_GCM, CONSCRYPT);
+      Cipher.getInstance(AES_GCM, provider);
     } catch (SecurityException t) {
       // Pre-Java 7u121/Java 8u111 fails with SecurityException:
       //   JCE cannot authenticate the provider Conscrypt

diff --git a/alts/src/test/java/io/grpc/alts/internal/AesGcmAeadCrypterTest.java b/alts/src/test/java/io/grpc/alts/internal/AesGcmAeadCrypterTest.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2020 The gRPC Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.grpc.alts.internal;
+
+import static com.google.common.truth.Truth.assertThat;
+import static com.google.common.truth.TruthJUnit.assume;
+
+import org.conscrypt.Conscrypt;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public final class AesGcmAeadCrypterTest {
+  @Test
+  public void getConscrypt_worksWhenConscryptIsAvailable() {
+    assume().that(Conscrypt.isAvailable()).isTrue();
+    assertThat(AesGcmAeadCrypter.getConscrypt()).isNotNull();
+  }
+}