112 lines
3.3 KiB
Python
112 lines
3.3 KiB
Python
"""Tests for encryption module."""
|
|
|
|
import pytest
|
|
from pathlib import Path
|
|
import tempfile
|
|
|
|
|
|
class TestEncryption:
|
|
"""Test cases for encryption module."""
|
|
|
|
def test_derive_key(self):
|
|
"""Test key derivation from passphrase."""
|
|
from env_pro.core.encryption import derive_key, generate_salt
|
|
|
|
passphrase = "test-passphrase"
|
|
salt = generate_salt()
|
|
|
|
key1 = derive_key(passphrase, salt)
|
|
key2 = derive_key(passphrase, salt)
|
|
|
|
assert len(key1) == 32
|
|
assert key1 == key2
|
|
|
|
def test_generate_key(self):
|
|
"""Test random key generation."""
|
|
from env_pro.core.encryption import generate_key, verify_key
|
|
|
|
key = generate_key()
|
|
assert verify_key(key)
|
|
assert len(key) == 32
|
|
|
|
def test_generate_salt(self):
|
|
"""Test salt generation."""
|
|
from env_pro.core.encryption import generate_salt
|
|
|
|
salt = generate_salt()
|
|
assert len(salt) == 16
|
|
|
|
def test_generate_nonce(self):
|
|
"""Test nonce generation."""
|
|
from env_pro.core.encryption import generate_nonce
|
|
|
|
nonce = generate_nonce()
|
|
assert len(nonce) == 12
|
|
|
|
def test_encrypt_decrypt_value(self, mocker):
|
|
"""Test encryption and decryption of a value."""
|
|
from env_pro.core.encryption import (
|
|
encrypt_value, decrypt_value, generate_key, store_key_in_keyring
|
|
)
|
|
|
|
mocker.patch('keyring.set_password', return_value=None)
|
|
mocker.patch('keyring.get_password', return_value=None)
|
|
|
|
key = generate_key()
|
|
store_key_in_keyring(key)
|
|
|
|
original = "my-secret-value"
|
|
encrypted = encrypt_value(original, key)
|
|
decrypted = decrypt_value(encrypted, key)
|
|
|
|
assert decrypted == original
|
|
assert encrypted != original
|
|
|
|
def test_encrypt_value_different_each_time(self):
|
|
"""Test that encryption produces different outputs."""
|
|
from env_pro.core.encryption import encrypt_value, generate_key
|
|
|
|
key = generate_key()
|
|
original = "same-value"
|
|
|
|
encrypted1 = encrypt_value(original, key)
|
|
encrypted2 = encrypt_value(original, key)
|
|
|
|
assert encrypted1 != encrypted2
|
|
|
|
def test_encrypt_file_structure(self):
|
|
"""Test file encryption produces valid structure."""
|
|
from env_pro.core.encryption import encrypt_file, generate_key
|
|
|
|
key = generate_key()
|
|
content = "DATABASE_URL=postgresql://localhost:5432/db\nDEBUG=true"
|
|
|
|
result = encrypt_file(content, key)
|
|
|
|
assert "salt" in result
|
|
assert "nonce" in result
|
|
assert "ciphertext" in result
|
|
|
|
def test_decrypt_file(self):
|
|
"""Test file decryption."""
|
|
from env_pro.core.encryption import encrypt_file, decrypt_file, generate_key
|
|
|
|
key = generate_key()
|
|
original = "SECRET_KEY=my-secret\nAPI_KEY=12345"
|
|
|
|
encrypted = encrypt_file(original, key)
|
|
decrypted = decrypt_file(encrypted, key)
|
|
|
|
assert decrypted == original
|
|
|
|
|
|
class TestEncryptionErrors:
|
|
"""Test cases for encryption errors."""
|
|
|
|
def test_invalid_encrypted_value(self):
|
|
"""Test decryption of invalid data."""
|
|
from env_pro.core.encryption import decrypt_value, EncryptionError
|
|
|
|
with pytest.raises(EncryptionError):
|
|
decrypt_value("invalid-base64-data!!!")
|