From 7755ca7385eeb5f54b213cd09631a60840ce93e2 Mon Sep 17 00:00:00 2001
From: gak <gak@gak0.com>
Date: Tue, 20 Aug 2024 16:35:16 +1000
Subject: [PATCH] tests!

---
 backend/controller/dal/dal_test.go | 58 ++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)

diff --git a/backend/controller/dal/dal_test.go b/backend/controller/dal/dal_test.go
index 10def9f50b..d786fc3888 100644
--- a/backend/controller/dal/dal_test.go
+++ b/backend/controller/dal/dal_test.go
@@ -542,3 +542,61 @@ func TestDeleteOldEvents(t *testing.T) {
 		assert.Equal(t, int64(0), count)
 	})
 }
+
+func TestVerifyEncryption(t *testing.T) {
+	ctx := log.ContextWithNewDefaultLogger(context.Background())
+	conn := sqltest.OpenForTesting(ctx, t)
+	uri := "fake-kms://CK6YwYkBElQKSAowdHlwZS5nb29nbGVhcGlzLmNvbS9nb29nbGUuY3J5cHRvLnRpbmsuQWVzR2NtS2V5EhIaEJy4TIQgfCuwxA3ZZgChp_wYARABGK6YwYkBIAE"
+
+	t.Run("DeleteVerificationColumns", func(t *testing.T) {
+		dal, err := New(ctx, conn, encryption.NewBuilder().WithKMSURI(optional.Some(uri)))
+		assert.NoError(t, err)
+
+		// check that there are columns set in encryption_keys
+		row, err := dal.db.GetOnlyEncryptionKey(ctx)
+		assert.NoError(t, err)
+		assert.NotZero(t, row.VerifyTimeline.Ok())
+		assert.NotZero(t, row.VerifyAsync.Ok())
+
+		// delete the columns to see if they are recreated
+		err = dal.db.UpdateEncryptionVerification(ctx, optional.None[encryption.EncryptedTimelineColumn](), optional.None[encryption.EncryptedAsyncColumn]())
+		assert.NoError(t, err)
+
+		dal, err = New(ctx, conn, encryption.NewBuilder().WithKMSURI(optional.Some(uri)))
+		assert.NoError(t, err)
+
+		row, err = dal.db.GetOnlyEncryptionKey(ctx)
+		assert.NoError(t, err)
+		assert.NotZero(t, row.VerifyTimeline.Ok())
+		assert.NotZero(t, row.VerifyAsync.Ok())
+	})
+
+	t.Run("DifferentKey", func(t *testing.T) {
+		_, err := New(ctx, conn, encryption.NewBuilder().WithKMSURI(optional.Some(uri)))
+		assert.NoError(t, err)
+
+		differentKey := "fake-kms://CJP7ksIKElQKSAowdHlwZS5nb29nbGVhcGlzLmNvbS9nb29nbGUuY3J5cHRvLnRpbmsuQWVzR2NtS2V5EhIaEJWT3z-xdW23HO7hc9vF3YoYARABGJP7ksIKIAE"
+		_, err = New(ctx, conn, encryption.NewBuilder().WithKMSURI(optional.Some(differentKey)))
+		assert.Error(t, err)
+		assert.Contains(t, err.Error(), "decryption failed")
+	})
+
+	t.Run("SameKeyButWrongTimelineVerification", func(t *testing.T) {
+		dal, err := New(ctx, conn, encryption.NewBuilder().WithKMSURI(optional.Some(uri)))
+		assert.NoError(t, err)
+
+		err = dal.db.UpdateEncryptionVerification(ctx, optional.Some[encryption.EncryptedTimelineColumn]([]byte("123")), optional.None[encryption.EncryptedAsyncColumn]())
+		assert.NoError(t, err)
+		_, err = New(ctx, conn, encryption.NewBuilder().WithKMSURI(optional.Some(uri)))
+		assert.Error(t, err)
+		assert.Contains(t, err.Error(), "verification sanity")
+		assert.Contains(t, err.Error(), "verify timeline")
+
+		err = dal.db.UpdateEncryptionVerification(ctx, optional.None[encryption.EncryptedTimelineColumn](), optional.Some[encryption.EncryptedAsyncColumn]([]byte("123")))
+		assert.NoError(t, err)
+		_, err = New(ctx, conn, encryption.NewBuilder().WithKMSURI(optional.Some(uri)))
+		assert.Error(t, err)
+		assert.Contains(t, err.Error(), "verification sanity")
+		assert.Contains(t, err.Error(), "verify async")
+	})
+}