From b60b9e9849e1c3551ae70b4903df98979eb4b71a Mon Sep 17 00:00:00 2001
From: dan mcweeney <mcweeney@adobe.com>
Date: Mon, 3 Feb 2020 14:33:52 -0500
Subject: [PATCH] Add test to prove migration between encrypters

---
 .../openwhisk/core/entity/Parameter.scala     |  2 +-
 .../test/ParameterEncryptionTests.scala       | 28 +++++++++++++++++++
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/common/scala/src/main/scala/org/apache/openwhisk/core/entity/Parameter.scala b/common/scala/src/main/scala/org/apache/openwhisk/core/entity/Parameter.scala
index 59bb59e8ec7..89494fd7351 100644
--- a/common/scala/src/main/scala/org/apache/openwhisk/core/entity/Parameter.scala
+++ b/common/scala/src/main/scala/org/apache/openwhisk/core/entity/Parameter.scala
@@ -299,7 +299,7 @@ protected[core] object Parameters extends ArgNormalizer[Parameters] {
             i._2.asJsObject.getFields("value", "init", "encryption") match {
               case Seq(v: JsValue, JsBoolean(init), e: JsValue) if e != JsNull =>
                 val key = new ParameterName(i._1)
-                val value = ParameterValue(v, init, Some(JsString(e.toString())))
+                val value = ParameterValue(v, init, Some(JsString(e.convertTo[String])))
                 converted = converted + (key -> value)
               case Seq(v: JsValue, JsBoolean(init), e: JsValue) =>
                 val key = new ParameterName(i._1)
diff --git a/tests/src/test/scala/org/apache/openwhisk/core/entity/test/ParameterEncryptionTests.scala b/tests/src/test/scala/org/apache/openwhisk/core/entity/test/ParameterEncryptionTests.scala
index ec256061948..1044cba2f00 100644
--- a/tests/src/test/scala/org/apache/openwhisk/core/entity/test/ParameterEncryptionTests.scala
+++ b/tests/src/test/scala/org/apache/openwhisk/core/entity/test/ParameterEncryptionTests.scala
@@ -172,6 +172,34 @@ class ParameterEncryptionTests extends FlatSpec with Matchers with BeforeAndAfte
         cancel(e.toString)
     }
   }
+  it should "support reverting back to Noop encryption" in {
+    ParameterEncryption.storageConfig = new ParameterStorageConfig("aes-128", "ra1V6AfOYAv0jCzEdufIFA==", "")
+    try {
+      val locked = ParameterEncryption.lock(parameters)
+      locked.getMap.map(({
+        case (_, paramValue) =>
+          paramValue.encryption.convertTo[String] shouldBe "aes-128"
+          paramValue.value.convertTo[String] should not be "secret"
+      }))
+
+      val lockedJson = locked.toJsObject
+
+      ParameterEncryption.storageConfig = new ParameterStorageConfig("", "ra1V6AfOYAv0jCzEdufIFA==", "")
+
+      val toDecrypt = Parameters.serdes.read(lockedJson)
+
+      val unlocked = ParameterEncryption.unlock(toDecrypt)
+      unlocked.getMap.map(({
+        case (_, paramValue) =>
+          paramValue.encryption shouldBe JsNull
+          paramValue.value.convertTo[String] shouldBe "secret"
+      }))
+      unlocked.toJsObject should not be JsNull
+    } catch {
+      case e: InvalidAlgorithmParameterException =>
+        cancel(e.toString)
+    }
+  }
 
   behavior of "NoopEncryption"
   it should "not mark parameters as encrypted" in {