First of all I shall mention that I have seen Unit testing of encrypt/decrypt, and Unit testing encryption and decryption in Java.
I want to protect a library by validating its license. The license contains information such as maximum users and expiration time and so on.
The problems I encounter are:
- The encryptor and decryptor are in two different code bases. The decryptor is packaged with the library, but encryptor is not, so it is hard to have them both in the same test suite!
- A random salt is used within encryptor, so even with same input the encryptor produces a different output each time, again I can not do assertion on the result.
- For the sake of its purpose the decryptor (to make it harder to inject another class for it) is a final class, and all of its methods are private, except a few package accessible entry points.
I don't want to test JCE, but I want to test my code which does:
- Extracting the salt from the encrypted license,
- Deciphers the encrypted license,
- Deserializes the output to some data structure containing license data,
Shall I create a clone of the the code, with some softer access constraints and test that? Then the problem is I am not testing the real code which is run on client systems.
Are there any better solutions to do this?
