initial prototype based on nat-as-server
Some checks failed
PHPUnit / test (push) Has been cancelled
Some checks failed
PHPUnit / test (push) Has been cancelled
This commit is contained in:
51
tests/Unit/EncryptedPayloadTest.php
Normal file
51
tests/Unit/EncryptedPayloadTest.php
Normal file
@ -0,0 +1,51 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Tests\Unit;
|
||||
|
||||
use InvalidArgumentException;
|
||||
use PHPUnit\Framework\TestCase;
|
||||
|
||||
final class EncryptedPayloadTest extends TestCase
|
||||
{
|
||||
public function testEnvelopeRoundTrip(): void
|
||||
{
|
||||
require_once dirname(__DIR__, 2) . '/lib/encrypted_payload.php';
|
||||
$token = bin2hex(random_bytes(32));
|
||||
$json = '{"clientCode":"X","answers":[]}';
|
||||
$env = qdb_sensitive_envelope($json, $token);
|
||||
$this->assertTrue($env['encrypted']);
|
||||
$this->assertSame('A256GCM', $env['alg']);
|
||||
$plain = qdb_decrypt_sensitive_envelope($env, $token);
|
||||
$this->assertSame($json, $plain);
|
||||
}
|
||||
|
||||
public function testLegacyCbcEnvelopeStillDecrypts(): void
|
||||
{
|
||||
require_once dirname(__DIR__, 2) . '/lib/encrypted_payload.php';
|
||||
$token = bin2hex(random_bytes(32));
|
||||
$json = '{"legacy":true}';
|
||||
$key = hkdf_session_key_from_token($token);
|
||||
$env = [
|
||||
'encrypted' => true,
|
||||
'payload' => base64_encode(aes256_cbc_encrypt_bytes($json, $key)),
|
||||
];
|
||||
$this->assertSame($json, qdb_decrypt_sensitive_envelope($env, $token));
|
||||
}
|
||||
|
||||
public function testWrongTokenFailsDecrypt(): void
|
||||
{
|
||||
require_once dirname(__DIR__, 2) . '/lib/encrypted_payload.php';
|
||||
$env = qdb_sensitive_envelope('{}', bin2hex(random_bytes(32)));
|
||||
$this->expectException(\Exception::class);
|
||||
qdb_decrypt_sensitive_envelope($env, bin2hex(random_bytes(32)));
|
||||
}
|
||||
|
||||
public function testInvalidEnvelopeRejected(): void
|
||||
{
|
||||
require_once dirname(__DIR__, 2) . '/lib/encrypted_payload.php';
|
||||
$this->expectException(InvalidArgumentException::class);
|
||||
qdb_decrypt_sensitive_envelope(['encrypted' => false], bin2hex(random_bytes(8)));
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user