(t *testing.T)
| 556 | } |
| 557 | |
| 558 | func TestNew(t *testing.T) { |
| 559 | t.Parallel() |
| 560 | |
| 561 | t.Run("OK", func(t *testing.T) { |
| 562 | t.Parallel() |
| 563 | // Given: a cipher is loaded |
| 564 | cipher := initCipher(t) |
| 565 | ctx, cancel := context.WithCancel(context.Background()) |
| 566 | t.Cleanup(cancel) |
| 567 | rawDB, _ := dbtestutil.NewDB(t) |
| 568 | |
| 569 | // Before: no keys should be present |
| 570 | keys, err := rawDB.GetDBCryptKeys(ctx) |
| 571 | require.NoError(t, err, "no error should be returned") |
| 572 | require.Empty(t, keys, "no keys should be present") |
| 573 | |
| 574 | // When: we init the crypt db |
| 575 | _, err = New(ctx, rawDB, cipher) |
| 576 | require.NoError(t, err) |
| 577 | |
| 578 | // Then: a new key is inserted |
| 579 | keys, err = rawDB.GetDBCryptKeys(ctx) |
| 580 | require.NoError(t, err) |
| 581 | require.Len(t, keys, 1, "one key should be present") |
| 582 | require.Equal(t, cipher.HexDigest(), keys[0].ActiveKeyDigest.String, "key digest mismatch") |
| 583 | require.Empty(t, keys[0].RevokedKeyDigest.String, "key should not be revoked") |
| 584 | requireEncryptedEquals(t, cipher, keys[0].Test, "coder") |
| 585 | }) |
| 586 | |
| 587 | t.Run("MissingKey", func(t *testing.T) { |
| 588 | t.Parallel() |
| 589 | |
| 590 | // Given: there exist two valid encryption keys |
| 591 | cipher1 := initCipher(t) |
| 592 | cipher2 := initCipher(t) |
| 593 | ctx, cancel := context.WithCancel(context.Background()) |
| 594 | t.Cleanup(cancel) |
| 595 | rawDB, _ := dbtestutil.NewDB(t) |
| 596 | |
| 597 | // Given: key 1 is already present in the database |
| 598 | err := rawDB.InsertDBCryptKey(ctx, database.InsertDBCryptKeyParams{ |
| 599 | Number: 1, |
| 600 | ActiveKeyDigest: cipher1.HexDigest(), |
| 601 | Test: fakeBase64RandomData(t, 32), |
| 602 | }) |
| 603 | require.NoError(t, err, "no error should be returned") |
| 604 | keys, err := rawDB.GetDBCryptKeys(ctx) |
| 605 | require.NoError(t, err, "no error should be returned") |
| 606 | require.Len(t, keys, 1, "one key should be present") |
| 607 | |
| 608 | // When: we init the crypt db with no keys |
| 609 | _, err = New(ctx, rawDB) |
| 610 | // Then: we error because we don't know how to decrypt the existing key |
| 611 | require.Error(t, err, "expected an error") |
| 612 | var derr *DecryptFailedError |
| 613 | require.ErrorAs(t, err, &derr, "expected a decrypt error") |
| 614 | |
| 615 | // When: we init the crypt db with key 2 |
nothing calls this directly
no test coverage detected