Files
fm_be/internal/service/secret_protector_test.go
2026-07-16 22:16:45 +07:00

95 lines
2.4 KiB
Go

package service
import (
"bytes"
"encoding/base64"
"testing"
)
func TestNewAESGCMProtectorFromBase64(t *testing.T) {
if _, err := NewAESGCMProtectorFromBase64(""); err == nil {
t.Fatalf("expected error for empty key")
}
if _, err := NewAESGCMProtectorFromBase64("not-base64"); err == nil {
t.Fatalf("expected error for invalid base64")
}
shortKey := make([]byte, 16)
if _, err := NewAESGCMProtectorFromBase64(base64.StdEncoding.EncodeToString(shortKey)); err == nil {
t.Fatalf("expected error for non-32-byte key")
}
}
func TestAESGCMProtector_EncryptDecrypt_RoundTrip(t *testing.T) {
key := make([]byte, 32)
for i := range key {
key[i] = byte(i + 1)
}
p, err := NewAESGCMProtectorFromBase64(base64.StdEncoding.EncodeToString(key))
if err != nil {
t.Fatalf("new protector: %v", err)
}
plain := []byte("hello-secret")
ciphertext, err := p.Encrypt(plain)
if err != nil {
t.Fatalf("encrypt: %v", err)
}
if bytes.Equal(ciphertext, plain) {
t.Fatalf("ciphertext should differ from plain")
}
decrypted, err := p.Decrypt(ciphertext)
if err != nil {
t.Fatalf("decrypt: %v", err)
}
if !bytes.Equal(decrypted, plain) {
t.Fatalf("decrypted plaintext mismatch")
}
}
func TestAESGCMProtector_Decrypt_CiphertextTooShort(t *testing.T) {
key := make([]byte, 32)
for i := range key {
key[i] = byte(i + 1)
}
p, err := NewAESGCMProtectorFromBase64(base64.StdEncoding.EncodeToString(key))
if err != nil {
t.Fatalf("new protector: %v", err)
}
if _, err := p.Decrypt([]byte("short")); err == nil {
t.Fatalf("expected ciphertext too short error")
}
}
func TestAESGCMProtector_Decrypt_TamperedCiphertext(t *testing.T) {
key := make([]byte, 32)
for i := range key {
key[i] = byte(i + 1)
}
p, err := NewAESGCMProtectorFromBase64(base64.StdEncoding.EncodeToString(key))
if err != nil {
t.Fatalf("new protector: %v", err)
}
ciphertext, err := p.Encrypt([]byte("hello-secret"))
if err != nil {
t.Fatalf("encrypt: %v", err)
}
ciphertext[len(ciphertext)-1] ^= 0x01
if _, err := p.Decrypt(ciphertext); err == nil {
t.Fatalf("expected auth failure for tampered ciphertext")
}
}
func TestAESGCMProtector_EncryptDecrypt_InvalidKey(t *testing.T) {
p := &AESGCMProtector{key: []byte("short")}
if _, err := p.Encrypt([]byte("hello")); err == nil {
t.Fatalf("expected encrypt error for invalid key")
}
if _, err := p.Decrypt([]byte("cipher")); err == nil {
t.Fatalf("expected decrypt error for invalid key")
}
}