generated from PenaSide/GolangTemplate
183 lines
4.9 KiB
Go
183 lines
4.9 KiB
Go
|
package encrypt_test
|
|||
|
|
|
|||
|
|
import (
|
|||
|
|
"errors"
|
|||
|
|
"strings"
|
|||
|
|
"testing"
|
|||
|
|
|
|||
|
|
"github.com/stretchr/testify/assert"
|
|||
|
|
"penahub.gitlab.yandexcloud.net/pena-services/pena-social-auth/internal/models"
|
|||
|
|
"penahub.gitlab.yandexcloud.net/pena-services/pena-social-auth/internal/service/encrypt"
|
|||
|
|
"penahub.gitlab.yandexcloud.net/pena-services/pena-social-auth/internal/service/encrypt/mocks"
|
|||
|
|
)
|
|||
|
|
|
|||
|
|
var (
|
|||
|
|
privateKeyCurve25519 = strings.Replace(
|
|||
|
|
`-----BEGIN PRIVATE KEY-----
|
|||
|
|
MC4CAQAwBQYDK2VwBCIEIKn0BKwF3vZvODgWAnUIwQhd8de5oZhY48gc23EWfrfs
|
|||
|
|
-----END PRIVATE KEY-----`,
|
|||
|
|
"\t",
|
|||
|
|
"",
|
|||
|
|
-1,
|
|||
|
|
)
|
|||
|
|
|
|||
|
|
privateKeyCurve25519Invalid = strings.Replace(
|
|||
|
|
`-----BEGIN PRIVATE KEY-----
|
|||
|
|
MC4CAQAwBQYDK2VwBCIE3vZvODgWAnUIhd8de5oZhY48gc23EWfrfs
|
|||
|
|
-----END PRIVATE KEY-----`,
|
|||
|
|
"\t",
|
|||
|
|
"",
|
|||
|
|
-1,
|
|||
|
|
)
|
|||
|
|
|
|||
|
|
publicKeyCurve25519 = strings.Replace(
|
|||
|
|
`-----BEGIN PUBLIC KEY-----
|
|||
|
|
MCowBQYDK2VwAyEAEbnIvjIMle4rqVol6K2XUqOxHy1KJoNoZdKJrRUPKL4=
|
|||
|
|
-----END PUBLIC KEY-----`,
|
|||
|
|
"\t",
|
|||
|
|
"",
|
|||
|
|
-1,
|
|||
|
|
)
|
|||
|
|
|
|||
|
|
publicKeyCurve25519InvalidLength = strings.Replace(
|
|||
|
|
`-----BEGIN PUBLIC KEY-----
|
|||
|
|
MowBQYDK2VwA9yEAEbnIvjIMle4rqVol6K2XUqOxHy1KJoNoZdKJrRUPKL4=
|
|||
|
|
-----END PUBLIC KEY-----`,
|
|||
|
|
"\t",
|
|||
|
|
"",
|
|||
|
|
-1,
|
|||
|
|
)
|
|||
|
|
)
|
|||
|
|
|
|||
|
|
func TestSignCommonSecret(t *testing.T) {
|
|||
|
|
t.Run("Успешная подпись общего секрета", func(t *testing.T) {
|
|||
|
|
encryptService := encrypt.New(&encrypt.ServiceDeps{
|
|||
|
|
PrivateCurveKey: privateKeyCurve25519,
|
|||
|
|
SignSecret: "secret",
|
|||
|
|
})
|
|||
|
|
|
|||
|
|
assert.NotPanics(t, func() {
|
|||
|
|
encryptedText, err := encryptService.SignCommonSecret()
|
|||
|
|
|
|||
|
|
assert.NoError(t, err)
|
|||
|
|
assert.NotEmpty(t, encryptedText)
|
|||
|
|
assert.NotZero(t, encryptedText)
|
|||
|
|
})
|
|||
|
|
})
|
|||
|
|
|
|||
|
|
t.Run("Ошибка подписи из-за кривого ключа (заголовок имеется)", func(t *testing.T) {
|
|||
|
|
encryptService := encrypt.New(&encrypt.ServiceDeps{
|
|||
|
|
PrivateCurveKey: privateKeyCurve25519Invalid,
|
|||
|
|
SignSecret: "secret",
|
|||
|
|
})
|
|||
|
|
|
|||
|
|
assert.NotPanics(t, func() {
|
|||
|
|
encryptedText, err := encryptService.SignCommonSecret()
|
|||
|
|
|
|||
|
|
assert.Error(t, err)
|
|||
|
|
assert.Empty(t, encryptedText)
|
|||
|
|
assert.Zero(t, encryptedText)
|
|||
|
|
})
|
|||
|
|
})
|
|||
|
|
|
|||
|
|
t.Run("Ошибка подписи из-за рандомного кривого ключа", func(t *testing.T) {
|
|||
|
|
encryptService := encrypt.New(&encrypt.ServiceDeps{
|
|||
|
|
PrivateCurveKey: "testtesttesttest",
|
|||
|
|
SignSecret: "secret",
|
|||
|
|
})
|
|||
|
|
|
|||
|
|
assert.NotPanics(t, func() {
|
|||
|
|
encryptedText, err := encryptService.SignCommonSecret()
|
|||
|
|
|
|||
|
|
assert.Error(t, err)
|
|||
|
|
assert.Empty(t, encryptedText)
|
|||
|
|
assert.Zero(t, encryptedText)
|
|||
|
|
})
|
|||
|
|
})
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
func TestVerifySignature(t *testing.T) {
|
|||
|
|
t.Run("Успешное подтвеждение подписи", func(t *testing.T) {
|
|||
|
|
encryptService := encrypt.New(&encrypt.ServiceDeps{
|
|||
|
|
PublicCurveKey: publicKeyCurve25519,
|
|||
|
|
PrivateCurveKey: privateKeyCurve25519,
|
|||
|
|
SignSecret: "secret",
|
|||
|
|
})
|
|||
|
|
|
|||
|
|
assert.NotPanics(t, func() {
|
|||
|
|
signature, _ := encryptService.SignCommonSecret()
|
|||
|
|
isValid, err := encryptService.VerifySignature(signature)
|
|||
|
|
|
|||
|
|
assert.NoError(t, err)
|
|||
|
|
assert.Equal(t, true, isValid)
|
|||
|
|
})
|
|||
|
|
})
|
|||
|
|
|
|||
|
|
t.Run("Неудачное подтверждение подписи из-за невалидности ключа", func(t *testing.T) {
|
|||
|
|
encryptService := encrypt.New(&encrypt.ServiceDeps{
|
|||
|
|
PublicCurveKey: "teettaegarehah",
|
|||
|
|
PrivateCurveKey: privateKeyCurve25519,
|
|||
|
|
SignSecret: "secret",
|
|||
|
|
})
|
|||
|
|
|
|||
|
|
assert.NotPanics(t, func() {
|
|||
|
|
signature, _ := encryptService.SignCommonSecret()
|
|||
|
|
isValid, err := encryptService.VerifySignature(signature)
|
|||
|
|
|
|||
|
|
assert.Error(t, err)
|
|||
|
|
assert.Equal(t, false, isValid)
|
|||
|
|
})
|
|||
|
|
})
|
|||
|
|
|
|||
|
|
t.Run("Неудачное подтверждение подписи при использовании ключа у которого невалидный размер (слишком большой)", func(t *testing.T) {
|
|||
|
|
encryptService := encrypt.New(&encrypt.ServiceDeps{
|
|||
|
|
PublicCurveKey: publicKeyCurve25519InvalidLength,
|
|||
|
|
PrivateCurveKey: privateKeyCurve25519,
|
|||
|
|
SignSecret: "secret",
|
|||
|
|
})
|
|||
|
|
|
|||
|
|
assert.NotPanics(t, func() {
|
|||
|
|
signature, _ := encryptService.SignCommonSecret()
|
|||
|
|
isValid, err := encryptService.VerifySignature(signature)
|
|||
|
|
|
|||
|
|
assert.Error(t, err)
|
|||
|
|
assert.Equal(t, false, isValid)
|
|||
|
|
})
|
|||
|
|
})
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
func TestVerifyJWT(t *testing.T) {
|
|||
|
|
jwtToken := "token-token"
|
|||
|
|
jwtUser := models.JWTAuthUser{
|
|||
|
|
ID: "id1",
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
t.Run("Успешное подтверждение токена", func(t *testing.T) {
|
|||
|
|
jwtUtil := mocks.NewJwtUtil(t)
|
|||
|
|
encryptService := encrypt.New(&encrypt.ServiceDeps{
|
|||
|
|
JWT: jwtUtil,
|
|||
|
|
})
|
|||
|
|
|
|||
|
|
jwtUtil.EXPECT().Validate(jwtToken).Return(&jwtUser, nil).Once()
|
|||
|
|
|
|||
|
|
id, err := encryptService.VerifyJWT(jwtToken)
|
|||
|
|
|
|||
|
|
assert.NoError(t, err)
|
|||
|
|
assert.Equal(t, jwtUser.ID, id)
|
|||
|
|
})
|
|||
|
|
|
|||
|
|
t.Run("Ошибка подтверждения токена", func(t *testing.T) {
|
|||
|
|
jwtUtil := mocks.NewJwtUtil(t)
|
|||
|
|
encryptService := encrypt.New(&encrypt.ServiceDeps{
|
|||
|
|
JWT: jwtUtil,
|
|||
|
|
})
|
|||
|
|
|
|||
|
|
jwtUtil.EXPECT().Validate(jwtToken).Return(nil, errors.New("validate jwt error")).Once()
|
|||
|
|
|
|||
|
|
id, err := encryptService.VerifyJWT(jwtToken)
|
|||
|
|
|
|||
|
|
assert.Error(t, err)
|
|||
|
|
assert.Empty(t, id)
|
|||
|
|
})
|
|||
|
|
}
|