tests!

TBD54566975 · Aug 20, 2024 · 7755ca7 · 7755ca7
1 parent 0f81c58
commit 7755ca7
Showing 1 changed file with 58 additions and 0 deletions.
diff --git a/backend/controller/dal/dal_test.go b/backend/controller/dal/dal_test.go
@@ -542,3 +542,61 @@ func TestDeleteOldEvents(t *testing.T) {
 		assert.Equal(t, int64(0), count)
 	})
 }
+
+func TestVerifyEncryption(t *testing.T) {
+	ctx := log.ContextWithNewDefaultLogger(context.Background())
+	conn := sqltest.OpenForTesting(ctx, t)
+	uri := "fake-kms://CK6YwYkBElQKSAowdHlwZS5nb29nbGVhcGlzLmNvbS9nb29nbGUuY3J5cHRvLnRpbmsuQWVzR2NtS2V5EhIaEJy4TIQgfCuwxA3ZZgChp_wYARABGK6YwYkBIAE"
+
+	t.Run("DeleteVerificationColumns", func(t *testing.T) {
+		dal, err := New(ctx, conn, encryption.NewBuilder().WithKMSURI(optional.Some(uri)))
+		assert.NoError(t, err)
+
+		// check that there are columns set in encryption_keys
+		row, err := dal.db.GetOnlyEncryptionKey(ctx)
+		assert.NoError(t, err)
+		assert.NotZero(t, row.VerifyTimeline.Ok())
+		assert.NotZero(t, row.VerifyAsync.Ok())
+
+		// delete the columns to see if they are recreated
+		err = dal.db.UpdateEncryptionVerification(ctx, optional.None[encryption.EncryptedTimelineColumn](), optional.None[encryption.EncryptedAsyncColumn]())
+		assert.NoError(t, err)
+
+		dal, err = New(ctx, conn, encryption.NewBuilder().WithKMSURI(optional.Some(uri)))
+		assert.NoError(t, err)
+
+		row, err = dal.db.GetOnlyEncryptionKey(ctx)
+		assert.NoError(t, err)
+		assert.NotZero(t, row.VerifyTimeline.Ok())
+		assert.NotZero(t, row.VerifyAsync.Ok())
+	})
+
+	t.Run("DifferentKey", func(t *testing.T) {
+		_, err := New(ctx, conn, encryption.NewBuilder().WithKMSURI(optional.Some(uri)))
+		assert.NoError(t, err)
+
+		differentKey := "fake-kms://CJP7ksIKElQKSAowdHlwZS5nb29nbGVhcGlzLmNvbS9nb29nbGUuY3J5cHRvLnRpbmsuQWVzR2NtS2V5EhIaEJWT3z-xdW23HO7hc9vF3YoYARABGJP7ksIKIAE"
+		_, err = New(ctx, conn, encryption.NewBuilder().WithKMSURI(optional.Some(differentKey)))
+		assert.Error(t, err)
+		assert.Contains(t, err.Error(), "decryption failed")
+	})
+
+	t.Run("SameKeyButWrongTimelineVerification", func(t *testing.T) {
+		dal, err := New(ctx, conn, encryption.NewBuilder().WithKMSURI(optional.Some(uri)))
+		assert.NoError(t, err)
+
+		err = dal.db.UpdateEncryptionVerification(ctx, optional.Some[encryption.EncryptedTimelineColumn]([]byte("123")), optional.None[encryption.EncryptedAsyncColumn]())
+		assert.NoError(t, err)
+		_, err = New(ctx, conn, encryption.NewBuilder().WithKMSURI(optional.Some(uri)))
+		assert.Error(t, err)
+		assert.Contains(t, err.Error(), "verification sanity")
+		assert.Contains(t, err.Error(), "verify timeline")
+
+		err = dal.db.UpdateEncryptionVerification(ctx, optional.None[encryption.EncryptedTimelineColumn](), optional.Some[encryption.EncryptedAsyncColumn]([]byte("123")))
+		assert.NoError(t, err)
+		_, err = New(ctx, conn, encryption.NewBuilder().WithKMSURI(optional.Some(uri)))
+		assert.Error(t, err)
+		assert.Contains(t, err.Error(), "verification sanity")
+		assert.Contains(t, err.Error(), "verify async")
+	})
+}