112 lines
4.4 KiB
Python
112 lines
4.4 KiB
Python
"""
|
|
Tests for Encryption Service
|
|
"""
|
|
import pytest
|
|
from services.encryption_service import EncryptionService
|
|
|
|
|
|
class TestEncryptionService:
|
|
"""Tests for encryption functionality."""
|
|
|
|
@pytest.fixture
|
|
def service(self):
|
|
"""Create encryption service instance."""
|
|
return EncryptionService()
|
|
|
|
def test_verify_key_hash_valid(self, service):
|
|
"""Test validating a correctly formatted key hash."""
|
|
# SHA-256 produces 32 bytes = 44 chars in base64 (with padding)
|
|
valid_hash = "sha256:eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHg=" # 32 bytes base64
|
|
assert service.verify_key_hash(valid_hash) is True
|
|
|
|
def test_verify_key_hash_invalid_prefix(self, service):
|
|
"""Test rejecting hash with wrong prefix."""
|
|
invalid_hash = "md5:dGVzdGtleWhhc2g="
|
|
assert service.verify_key_hash(invalid_hash) is False
|
|
|
|
def test_verify_key_hash_empty(self, service):
|
|
"""Test rejecting empty hash."""
|
|
assert service.verify_key_hash("") is False
|
|
assert service.verify_key_hash(None) is False
|
|
|
|
def test_verify_key_hash_invalid_base64(self, service):
|
|
"""Test rejecting invalid base64."""
|
|
invalid_hash = "sha256:not-valid-base64!!!"
|
|
assert service.verify_key_hash(invalid_hash) is False
|
|
|
|
def test_encrypt_decrypt_roundtrip(self, service):
|
|
"""Test that encryption and decryption work correctly."""
|
|
plaintext = "Notiz zu Max: heute wiederholt gestoert"
|
|
namespace_id = "test-ns-12345678"
|
|
|
|
# Encrypt
|
|
encrypted = service.encrypt_content(plaintext, namespace_id)
|
|
assert encrypted.startswith("encrypted:")
|
|
assert encrypted != plaintext
|
|
|
|
# Decrypt
|
|
decrypted = service.decrypt_content(encrypted, namespace_id)
|
|
assert decrypted == plaintext
|
|
|
|
def test_encrypt_different_namespaces(self, service):
|
|
"""Test that different namespaces produce different ciphertexts."""
|
|
plaintext = "Same content"
|
|
|
|
encrypted1 = service.encrypt_content(plaintext, "namespace-1")
|
|
encrypted2 = service.encrypt_content(plaintext, "namespace-2")
|
|
|
|
assert encrypted1 != encrypted2
|
|
|
|
def test_decrypt_wrong_namespace_fails(self, service):
|
|
"""Test that decryption with wrong namespace fails."""
|
|
plaintext = "Secret content"
|
|
encrypted = service.encrypt_content(plaintext, "correct-namespace")
|
|
|
|
with pytest.raises(Exception):
|
|
service.decrypt_content(encrypted, "wrong-namespace")
|
|
|
|
def test_decrypt_unencrypted_content(self, service):
|
|
"""Test that unencrypted content is returned as-is."""
|
|
plaintext = "Not encrypted"
|
|
result = service.decrypt_content(plaintext, "any-namespace")
|
|
assert result == plaintext
|
|
|
|
def test_register_namespace_key(self, service):
|
|
"""Test registering a namespace key hash."""
|
|
valid_hash = "sha256:eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHg="
|
|
assert service.register_namespace_key("test-ns", valid_hash) is True
|
|
|
|
def test_register_namespace_key_invalid(self, service):
|
|
"""Test registering invalid key hash."""
|
|
invalid_hash = "invalid"
|
|
assert service.register_namespace_key("test-ns", invalid_hash) is False
|
|
|
|
def test_generate_key_hash(self):
|
|
"""Test key hash generation."""
|
|
key = b"test-key-32-bytes-long-exactly!!" # 32 bytes
|
|
hash_result = EncryptionService.generate_key_hash(key)
|
|
assert hash_result.startswith("sha256:")
|
|
assert len(hash_result) > 10
|
|
|
|
def test_generate_namespace_id(self):
|
|
"""Test namespace ID generation."""
|
|
ns_id = EncryptionService.generate_namespace_id()
|
|
assert ns_id.startswith("ns-")
|
|
assert len(ns_id) == 3 + 32 # "ns-" + 32 hex chars
|
|
|
|
def test_encryption_special_characters(self, service):
|
|
"""Test encryption of content with special characters."""
|
|
plaintext = "Schüler mit Umlauten: äöüß 日本語 🎓"
|
|
namespace_id = "test-ns"
|
|
|
|
encrypted = service.encrypt_content(plaintext, namespace_id)
|
|
decrypted = service.decrypt_content(encrypted, namespace_id)
|
|
|
|
assert decrypted == plaintext
|
|
|
|
def test_encryption_empty_string(self, service):
|
|
"""Test encryption of empty string."""
|
|
encrypted = service.encrypt_content("", "test-ns")
|
|
decrypted = service.decrypt_content(encrypted, "test-ns")
|
|
assert decrypted == ""
|