github.com/cornelk/go-cloud@v0.17.1/secrets/localsecrets/localsecrets_test.go

github.com/cornelk/go-cloud@v0.17.1/secrets/localsecrets/localsecrets_test.go (about)

     1  // Copyright 2018 The Go Cloud Development Kit Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     https://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package localsecrets
    16  
    17  import (
    18  	"context"
    19  	"errors"
    20  	"log"
    21  	"strings"
    22  	"testing"
    23  
    24  	"github.com/cornelk/go-cloud/secrets"
    25  	"github.com/cornelk/go-cloud/secrets/driver"
    26  	"github.com/cornelk/go-cloud/secrets/drivertest"
    27  )
    28  
    29  type harness struct{}
    30  
    31  func (h *harness) MakeDriver(ctx context.Context) (driver.Keeper, driver.Keeper, error) {
    32  	secret1, err := NewRandomKey()
    33  	if err != nil {
    34  		log.Fatal(err)
    35  	}
    36  	secret2, err := NewRandomKey()
    37  	if err != nil {
    38  		log.Fatal(err)
    39  	}
    40  	return &keeper{secretKey: secret1}, &keeper{secretKey: secret2}, nil
    41  }
    42  
    43  func (h *harness) Close() {}
    44  
    45  func newHarness(ctx context.Context, t *testing.T) (drivertest.Harness, error) {
    46  	return &harness{}, nil
    47  }
    48  
    49  func TestConformance(t *testing.T) {
    50  	drivertest.RunConformanceTests(t, newHarness, []drivertest.AsTest{verifyAs{}})
    51  }
    52  
    53  type verifyAs struct{}
    54  
    55  func (v verifyAs) Name() string {
    56  	return "verify As function"
    57  }
    58  
    59  func (v verifyAs) ErrorCheck(k *secrets.Keeper, err error) error {
    60  	var s string
    61  	if k.ErrorAs(err, &s) {
    62  		return errors.New("Keeper.ErrorAs expected to fail")
    63  	}
    64  	return nil
    65  }
    66  
    67  func TestSmallData(t *testing.T) {
    68  	key, err := NewRandomKey()
    69  	if err != nil {
    70  		t.Fatal(err)
    71  	}
    72  	keeper := NewKeeper(key)
    73  	defer keeper.Close()
    74  
    75  	ctx := context.Background()
    76  	const plaintext = "hello world"
    77  	ciphertext, err := keeper.Encrypt(ctx, []byte(plaintext))
    78  	if err != nil {
    79  		t.Fatal(err)
    80  	}
    81  
    82  	tests := []struct {
    83  		Ciphertext           []byte
    84  		Want                 string
    85  		WantErr              bool
    86  		WantInvalidLengthErr bool // true if we want the error to be that the ciphertext length is invalid
    87  	}{
    88  		{nil, "", true, true},
    89  		{[]byte{}, "", true, true},
    90  		{[]byte{0}, "", true, true},
    91  		{ciphertext[:1], "", true, true},
    92  		{ciphertext[:nonceSize-1], "", true, true},
    93  		{ciphertext[:nonceSize], "", true, false}, // not invalid, but Decrypt will fail
    94  		{ciphertext, plaintext, false, false},     // works
    95  	}
    96  
    97  	for _, test := range tests {
    98  		got, err := keeper.Decrypt(ctx, test.Ciphertext)
    99  		if (err != nil) != test.WantErr {
   100  			t.Errorf("got err %v from Decrypt, want error? %v", err, test.WantErr)
   101  		}
   102  		if err == nil {
   103  			if gotStr := string(got); gotStr != test.Want {
   104  				t.Errorf("got %s want %s", gotStr, test.Want)
   105  			}
   106  		} else {
   107  			if gotInvalid := strings.Contains(err.Error(), "invalid message length"); gotInvalid != test.WantInvalidLengthErr {
   108  				t.Errorf("got invalid message length error? %v want %v", gotInvalid, test.WantInvalidLengthErr)
   109  			}
   110  		}
   111  		// Encrypt should always work.
   112  		if _, err := keeper.Encrypt(ctx, test.Ciphertext); err != nil {
   113  			t.Errorf("got error %v from Encrypt, want nil", err)
   114  		}
   115  	}
   116  }
   117  
   118  func TestOpenKeeper(t *testing.T) {
   119  	tests := []struct {
   120  		URL     string
   121  		WantErr bool
   122  	}{
   123  		// OK.
   124  		{"base64key://", false},
   125  		// OK.
   126  		{"base64key://smGbjm71Nxd1Ig5FS0wj9SlbzAIrnolCz9bQQ6uAhl4=", false},
   127  		// Valid base64, but < 32 bytes.
   128  		{"base64key://c2VjcmV0", true},
   129  		// Valid base64, but > 32 bytes.
   130  		{"base64key://c2VjcmV0c2VjcmV0c2VjcmV0c2VjcmV0c2VjcmV0c3NlY3JldHNlY3JldHNlY3JldHNlY3JldHNlY3JldHM=", true},
   131  		// Invalid base64 key.
   132  		{"base64key://not-valid-base64", true},
   133  		// Invalid parameter.
   134  		{"base64key://?param=value", true},
   135  	}
   136  
   137  	ctx := context.Background()
   138  	for _, test := range tests {
   139  		keeper, err := secrets.OpenKeeper(ctx, test.URL)
   140  		if (err != nil) != test.WantErr {
   141  			t.Errorf("%s: got error %v, want error %v", test.URL, err, test.WantErr)
   142  		}
   143  		if err == nil {
   144  			if err = keeper.Close(); err != nil {
   145  				t.Errorf("%s: got error during close: %v", test.URL, err)
   146  			}
   147  		}
   148  	}
   149  }