package at.gv.egiz.eaaf.modules.pvp2.test; import java.security.cert.X509Certificate; import java.util.List; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfigMap; import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; import org.apache.commons.lang3.RandomStringUtils; import org.apache.xml.security.algorithms.JCEMapper; import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.BeansException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/spring/test_eaaf_core_map_config.beans.xml", "/spring/SpringTest-context_lazy.xml", "/spring/eaaf_utils.beans.xml" }) public class CredentialProviderTest { private static final String HSM_FACASE_HOST = "eid.a-sit.at"; private static final String HSM_FACASE_PORT = "9050"; private static final String HSM_FACASE_SSL_TRUST = "src/test/resources/data/hsm_facade_trust_root.crt"; private static final String HSM_FACASE_USERNAME = "authhandler-junit"; private static final String HSM_FACASE_PASSWORD = "supersecret123"; private static final String PATH_JKS_WITH_TRUST_CERTS = "src/test/resources/data/junit.jks"; private static final String PATH_JKS_WITHOUT_TRUST_CERTS = "src/test/resources/data/junit_without_trustcerts.jks"; private static final String HSM_FACASE_KEYSTORE_NAME = "authhandler"; private static final String ALIAS_METADATA = "meta"; private static final String ALIAS_SIGN = "sig"; private static final String ALIAS_ENC = "meta"; private static final String PASSWORD = "password"; private static final String HSM_FACADE_KEY_ALIAS = "authhandler-sign"; @Autowired private ApplicationContext context; @Autowired private DummyAuthConfigMap config; /** * jUnit test initializer. */ @Before public void initialize() { config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, HSM_FACASE_HOST); config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, HSM_FACASE_PORT); config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, HSM_FACASE_SSL_TRUST); config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, HSM_FACASE_USERNAME); config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, HSM_FACASE_PASSWORD); config.putConfigValue(DummyCredentialProvider.KEYSTORE_NAME, HSM_FACASE_KEYSTORE_NAME); config.putConfigValue(DummyCredentialProvider.KEYSTORE_PATH, PATH_JKS_WITH_TRUST_CERTS); config.putConfigValue(DummyCredentialProvider.KEYSTORE_PASSWORD, PASSWORD); config.removeConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS); config.removeConfigValue(DummyCredentialProvider.KEY_METADATA_PASSWORD); config.removeConfigValue(DummyCredentialProvider.KEY_SIGNING_ALIAS); config.removeConfigValue(DummyCredentialProvider.KEY_SIGNING_PASSWORD); config.removeConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_ALIAS); config.removeConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_PASSWORD); JCEMapper.setProviderId(null); } @Test @DirtiesContext public void noKeyStoreUrl() { config.removeConfigValue(DummyCredentialProvider.KEYSTORE_PATH); try { context.getBean(DummyCredentialProvider.class); Assert.fail("No KeyStore not detected"); } catch (final BeansException e) { org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e.getCause(), "Wrong exception"); } } @Test @DirtiesContext public void noKeyStore() { config.putConfigValue(DummyCredentialProvider.KEYSTORE_PATH, "src/test/resources/config/notExist.p12"); try { context.getBean(DummyCredentialProvider.class); Assert.fail("No KeyStore not detected"); } catch (final BeansException e) { org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e.getCause(), "Wrong exception"); } } @Test @DirtiesContext public void noWrongKeyStorePassword() { config.putConfigValue(DummyCredentialProvider.KEYSTORE_PASSWORD, "test"); try { context.getBean(DummyCredentialProvider.class); Assert.fail("No KeyStore not detected"); } catch (final BeansException e) { org.springframework.util.Assert.isInstanceOf(EaafFactoryException.class, e.getCause(), "Wrong exception"); } } @Test @DirtiesContext public void notKeyConfigurationWrongAlias() { final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class); Assert.assertNotNull("Credetialprovider", credential); Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); try { config.putConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS, RandomStringUtils.randomAlphabetic(5)); credential.getMetaDataSigningCredential(); Assert.fail("No Metadata signing credentials not detected"); } catch (final CredentialsNotAvailableException e) { Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); } try { config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_ALIAS, RandomStringUtils.randomAlphabetic(5)); credential.getMessageSigningCredential(); Assert.fail("No Metadata signing credentials not detected"); } catch (final CredentialsNotAvailableException e) { Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); } try { config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_ALIAS, RandomStringUtils.randomAlphabetic(5)); credential.getMessageEncryptionCredential(); Assert.fail("No Metadata signing credentials not detected"); } catch (final CredentialsNotAvailableException e) { Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); } } @Test @DirtiesContext public void notKeyConfigurationWrongPassword() { final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class); Assert.assertNotNull("Credetialprovider", credential); Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); try { config.putConfigValue(DummyCredentialProvider.KEY_METADATA_PASSWORD, RandomStringUtils.randomAlphabetic(5)); credential.getMetaDataSigningCredential(); Assert.fail("No Metadata signing credentials not detected"); } catch (final CredentialsNotAvailableException e) { Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); } try { config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_PASSWORD, RandomStringUtils.randomAlphabetic(5)); credential.getMessageSigningCredential(); Assert.fail("No message signing credentials not detected"); } catch (final CredentialsNotAvailableException e) { Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); } try { config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_PASSWORD, RandomStringUtils.randomAlphabetic(5)); final EaafX509Credential encCred = credential.getMessageEncryptionCredential(); Assert.assertNull("No encryption credentials not detected", encCred); } catch (final CredentialsNotAvailableException e) { Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); } } @Test @DirtiesContext public void notKeyConfigurationValidAliasWrongPassword() { final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class); Assert.assertNotNull("Credetialprovider", credential); Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); try { config.putConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS, ALIAS_METADATA); config.putConfigValue(DummyCredentialProvider.KEY_METADATA_PASSWORD, RandomStringUtils.randomAlphabetic(5)); credential.getMetaDataSigningCredential(); Assert.fail("No Metadata signing credentials not detected"); } catch (final CredentialsNotAvailableException e) { Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); } try { config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_ALIAS, ALIAS_SIGN); config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_PASSWORD, RandomStringUtils.randomAlphabetic(5)); credential.getMessageSigningCredential(); Assert.fail("No Metadata signing credentials not detected"); } catch (final CredentialsNotAvailableException e) { Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); } try { config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_ALIAS, ALIAS_ENC); config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_PASSWORD, RandomStringUtils.randomAlphabetic(5)); credential.getMessageEncryptionCredential(); Assert.fail("No Metadata signing credentials not detected"); } catch (final CredentialsNotAvailableException e) { Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); } } @Test @DirtiesContext public void notKeyConfigurationWrongAliasValidPassword() { final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class); Assert.assertNotNull("Credetialprovider", credential); Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); try { config.putConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS, RandomStringUtils.randomAlphabetic(5)); config.putConfigValue(DummyCredentialProvider.KEY_METADATA_PASSWORD, PASSWORD); credential.getMetaDataSigningCredential(); Assert.fail("No Metadata signing credentials not detected"); } catch (final CredentialsNotAvailableException e) { Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); } try { config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_ALIAS, RandomStringUtils.randomAlphabetic(5)); config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_PASSWORD, PASSWORD); credential.getMessageSigningCredential(); Assert.fail("No Metadata signing credentials not detected"); } catch (final CredentialsNotAvailableException e) { Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); } try { config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_ALIAS, RandomStringUtils.randomAlphabetic(5)); config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_PASSWORD, PASSWORD); credential.getMessageEncryptionCredential(); Assert.fail("No Metadata signing credentials not detected"); } catch (final CredentialsNotAvailableException e) { Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); } } @Test @DirtiesContext public void validonfiguration() throws CredentialsNotAvailableException { final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class); Assert.assertNotNull("Credetialprovider", credential); Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); config.putConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS, ALIAS_METADATA); config.putConfigValue(DummyCredentialProvider.KEY_METADATA_PASSWORD, PASSWORD); checkCredential(credential.getMetaDataSigningCredential(), PvpConstants.DEFAULT_SIGNING_METHODE_RSA, PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA); config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_ALIAS, ALIAS_SIGN); config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_PASSWORD, PASSWORD); checkCredential(credential.getMessageSigningCredential(), PvpConstants.DEFAULT_SIGNING_METHODE_EC, PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC); config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_ALIAS, ALIAS_ENC); config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_PASSWORD, PASSWORD); checkCredential(credential.getMessageEncryptionCredential(), PvpConstants.DEFAULT_SIGNING_METHODE_RSA, PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA); final List trustCerts = credential.getTrustedCertificates(); Assert.assertNotNull("TrustCerts are null", trustCerts); Assert.assertFalse("TrustCerts not empty", trustCerts.isEmpty()); Assert.assertEquals("# of Trustcerts", 2, trustCerts.size()); } @Test @DirtiesContext public void validonfigurationWithOutTrustCerts() throws CredentialsNotAvailableException { config.putConfigValue(DummyCredentialProvider.KEYSTORE_PATH, PATH_JKS_WITHOUT_TRUST_CERTS); config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG, "RSA-SIG_" + RandomStringUtils.randomAlphabetic(10)); config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_SIGNING_EC_ALG, "EC-SIG_" + RandomStringUtils.randomAlphabetic(10)); config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG, "RSA_ENC_" + RandomStringUtils.randomAlphabetic(10)); config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG, "EC-ENC_" + RandomStringUtils.randomAlphabetic(10)); final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class); Assert.assertNotNull("Credetialprovider", credential); Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); config.putConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS, ALIAS_METADATA); config.putConfigValue(DummyCredentialProvider.KEY_METADATA_PASSWORD, PASSWORD); checkCredential(credential.getMetaDataSigningCredential(), config.getBasicConfiguration(PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG), config.getBasicConfiguration(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG)); config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_ALIAS, ALIAS_SIGN); config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_PASSWORD, PASSWORD); checkCredential(credential.getMessageSigningCredential(), config.getBasicConfiguration(PvpConstants.CONFIG_PROP_SEC_SIGNING_EC_ALG), config.getBasicConfiguration(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG)); config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_ALIAS, ALIAS_ENC); config.putConfigValue(DummyCredentialProvider.KEY_ENCRYPTION_PASSWORD, PASSWORD); checkCredential(credential.getMessageEncryptionCredential(), config.getBasicConfiguration(PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG), config.getBasicConfiguration(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG)); final List trustCerts = credential.getTrustedCertificates(); Assert.assertNotNull("TrustCerts are null", trustCerts); Assert.assertTrue("TrustCerts not empty", trustCerts.isEmpty()); } @Test @DirtiesContext public void otherKeyStoreTypeAlreadyLoaded() throws CredentialsNotAvailableException { config.putConfigValue(DummyCredentialProvider.KEYSTORE_PATH, PATH_JKS_WITHOUT_TRUST_CERTS); config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_SIGNING_RSA_ALG, "RSA-SIG_" + RandomStringUtils.randomAlphabetic(10)); config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_SIGNING_EC_ALG, "EC-SIG_" + RandomStringUtils.randomAlphabetic(10)); config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG, "RSA_ENC_" + RandomStringUtils.randomAlphabetic(10)); config.putConfigValue(PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG, "EC-ENC_" + RandomStringUtils.randomAlphabetic(10)); try { JCEMapper.setProviderId(RandomStringUtils.randomAlphabetic(5)); context.getBean(DummyCredentialProvider.class); } catch (final BeansException e) { org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e.getCause(), "Wrong exception"); } } @Test @DirtiesContext public void notKeyConfiguration() { final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class); Assert.assertNotNull("Credetialprovider", credential); Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); try { credential.getMetaDataSigningCredential(); Assert.fail("No Metadata signing credentials not detected"); } catch (final CredentialsNotAvailableException e) { Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); } try { credential.getMessageSigningCredential(); Assert.fail("No Metadata signing credentials not detected"); } catch (final CredentialsNotAvailableException e) { Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); } try { final EaafX509Credential encCred = credential.getMessageEncryptionCredential(); Assert.assertNull("No encryption signing credentials not detected", encCred); } catch (final CredentialsNotAvailableException e) { Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); } } @Test @DirtiesContext public void notKeyConfigurationPkcs12() { config.putConfigValue(DummyCredentialProvider.KEYSTORE_PATH, "src/test/resources/data/junit_without_trustcerts.p12"); final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class); Assert.assertNotNull("Credetialprovider", credential); Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); try { credential.getMetaDataSigningCredential(); Assert.fail("No Metadata signing credentials not detected"); } catch (final CredentialsNotAvailableException e) { Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); } try { credential.getMessageSigningCredential(); Assert.fail("No message signing credentials not detected"); } catch (final CredentialsNotAvailableException e) { Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); } try { final EaafX509Credential encCred = credential.getMessageEncryptionCredential(); Assert.assertNull("No encryption signing credentials not detected", encCred); } catch (final CredentialsNotAvailableException e) { Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); } } @Test @DirtiesContext public void hasFacadeMissingKeyStoreName() { config.putConfigValue(DummyCredentialProvider.KEYSTORE_TYPE, KeyStoreConfiguration.KeyStoreType.HSMFACADE.getKeyStoreType()); config.removeConfigValue(DummyCredentialProvider.KEYSTORE_NAME); try { context.getBean(DummyCredentialProvider.class); Assert.fail("No KeyStore not detected"); } catch (final BeansException e) { org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e.getCause(), "Wrong exception"); } } @Test @DirtiesContext public void hasFacadeWrongAlias() { config.putConfigValue(DummyCredentialProvider.KEYSTORE_TYPE, KeyStoreConfiguration.KeyStoreType.HSMFACADE.getKeyStoreType()); config.putConfigValue(DummyCredentialProvider.KEYSTORE_NAME, HSM_FACASE_KEYSTORE_NAME); final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class); Assert.assertNotNull("Credetialprovider", credential); Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); config.putConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS, RandomStringUtils.randomAlphabetic(5)); try { checkCredential(credential.getMetaDataSigningCredential(), PvpConstants.DEFAULT_SIGNING_METHODE_RSA, PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA); Assert.fail("Wrong 'alias' not detected"); } catch (final CredentialsNotAvailableException e) { Assert.assertEquals("Wrong errorCode", "internal.pvp.01", e.getErrorId()); } } @Test @DirtiesContext public void validConfigurationHsmFacade() throws CredentialsNotAvailableException { config.putConfigValue(DummyCredentialProvider.KEYSTORE_TYPE, KeyStoreConfiguration.KeyStoreType.HSMFACADE.getKeyStoreType()); config.putConfigValue(DummyCredentialProvider.KEYSTORE_NAME, HSM_FACASE_KEYSTORE_NAME); final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class); Assert.assertNotNull("Credetialprovider", credential); Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); config.putConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS, HSM_FACADE_KEY_ALIAS); config.putConfigValue(DummyCredentialProvider.KEY_METADATA_PASSWORD, PASSWORD); checkCredential(credential.getMetaDataSigningCredential(), PvpConstants.DEFAULT_SIGNING_METHODE_RSA, PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA); config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_ALIAS, HSM_FACADE_KEY_ALIAS); checkCredential(credential.getMessageSigningCredential(), PvpConstants.DEFAULT_SIGNING_METHODE_RSA, PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA); final List trustCerts = credential.getTrustedCertificates(); Assert.assertNotNull("TrustCerts are null", trustCerts); Assert.assertTrue("TrustCerts not empty", trustCerts.isEmpty()); } private void checkCredential(EaafX509Credential metaDataSigningCredential, String sigAlg, String keyEncAlg) { Assert.assertNotNull("No metadata signing credentials", metaDataSigningCredential); Assert.assertNotNull("SigAlg is null", metaDataSigningCredential.getSignatureAlgorithmForSigning()); Assert.assertNotNull("KeyEncAlg is null", metaDataSigningCredential.getKeyEncryptionAlgorithmForDataEncryption()); Assert.assertFalse("SigAlg is empty", metaDataSigningCredential.getSignatureAlgorithmForSigning().isEmpty()); Assert.assertFalse("KeyEncAlg is empty", metaDataSigningCredential.getKeyEncryptionAlgorithmForDataEncryption().isEmpty()); Assert.assertEquals("Wrong SigAlg", sigAlg, metaDataSigningCredential.getSignatureAlgorithmForSigning()); Assert.assertEquals("Wrong KeyEncAlg", keyEncAlg, metaDataSigningCredential.getKeyEncryptionAlgorithmForDataEncryption()); } }