74 lines
1.7 KiB
Go
74 lines
1.7 KiB
Go
package secretcrypto
|
|
|
|
import "strings"
|
|
import "testing"
|
|
|
|
func TestEncryptDecryptRoundTrip(t *testing.T) {
|
|
var box *Box
|
|
var enc string
|
|
var dec string
|
|
var err error
|
|
|
|
box = New(t.TempDir())
|
|
enc, err = box.Encrypt(`{"password":"hunter2","token":"abc"}`)
|
|
if err != nil {
|
|
t.Fatalf("encrypt: %v", err)
|
|
}
|
|
if !strings.HasPrefix(enc, Prefix) {
|
|
t.Fatalf("ciphertext missing prefix: %q", enc)
|
|
}
|
|
if strings.Contains(enc, "hunter2") {
|
|
t.Fatalf("plaintext leaked into ciphertext: %q", enc)
|
|
}
|
|
dec, err = box.Decrypt(enc)
|
|
if err != nil {
|
|
t.Fatalf("decrypt: %v", err)
|
|
}
|
|
if dec != `{"password":"hunter2","token":"abc"}` {
|
|
t.Fatalf("round-trip mismatch: %q", dec)
|
|
}
|
|
}
|
|
|
|
func TestEncryptEmptyIsEmpty(t *testing.T) {
|
|
var box *Box
|
|
var enc string
|
|
var err error
|
|
box = New(t.TempDir())
|
|
enc, err = box.Encrypt("")
|
|
if err != nil || enc != "" {
|
|
t.Fatalf("empty payload should encrypt to empty, got %q err=%v", enc, err)
|
|
}
|
|
}
|
|
|
|
func TestDecryptPassthroughForPlaintext(t *testing.T) {
|
|
var box *Box
|
|
var out string
|
|
var err error
|
|
box = New(t.TempDir())
|
|
// A value without the prefix (legacy/plaintext) is returned as-is.
|
|
out, err = box.Decrypt("not-encrypted")
|
|
if err != nil || out != "not-encrypted" {
|
|
t.Fatalf("passthrough failed: %q err=%v", out, err)
|
|
}
|
|
}
|
|
|
|
func TestKeyPersistsAcrossBoxes(t *testing.T) {
|
|
var dir string
|
|
var enc string
|
|
var dec string
|
|
var err error
|
|
dir = t.TempDir()
|
|
enc, err = New(dir).Encrypt("secret-value")
|
|
if err != nil {
|
|
t.Fatalf("encrypt: %v", err)
|
|
}
|
|
// A fresh Box over the same data dir must reuse the persisted key.
|
|
dec, err = New(dir).Decrypt(enc)
|
|
if err != nil {
|
|
t.Fatalf("decrypt with new box: %v", err)
|
|
}
|
|
if dec != "secret-value" {
|
|
t.Fatalf("expected secret-value, got %q", dec)
|
|
}
|
|
}
|