Asai Neko
210b8b08ce
All checks were successful
Server Check Build (NixCN CMS) TeamCity build finished
Signed-off-by: Asai Neko <sugar@sne.moe>
101 lines
2.6 KiB
Go
101 lines
2.6 KiB
Go
package kyc
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/spf13/viper"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
const testKYCAESKey = "testkyckey123456" // 16 bytes
|
|
|
|
func setupKYCViper(t *testing.T) {
|
|
t.Helper()
|
|
viper.Set("secrets.kyc_info_key", testKYCAESKey)
|
|
t.Cleanup(func() { viper.Reset() })
|
|
}
|
|
|
|
// ---- EncodeAES ----
|
|
|
|
func TestEncodeAESRoundTrip(t *testing.T) {
|
|
setupKYCViper(t)
|
|
|
|
original := &CNRidInfo{LegalName: "张三", ResidentId: "110101199001011234"}
|
|
encoded, err := EncodeAES(original)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, encoded)
|
|
assert.NotEmpty(t, *encoded)
|
|
}
|
|
|
|
func TestEncodeAESDeterministic(t *testing.T) {
|
|
setupKYCViper(t)
|
|
|
|
kyc := &PassportInfo{ID: "abc-123"}
|
|
r1, err1 := EncodeAES(kyc)
|
|
r2, err2 := EncodeAES(kyc)
|
|
require.NoError(t, err1)
|
|
require.NoError(t, err2)
|
|
// AES-CBC with a fresh IV each call — ciphertexts differ but both must
|
|
// decode back to the same plaintext (tested in round-trip below).
|
|
require.NotNil(t, r1)
|
|
require.NotNil(t, r2)
|
|
}
|
|
|
|
func TestEncodeAESWrongKeyLength(t *testing.T) {
|
|
viper.Set("secrets.kyc_info_key", "short") // not 16/24/32 bytes
|
|
t.Cleanup(func() { viper.Reset() })
|
|
|
|
_, err := EncodeAES(&CNRidInfo{LegalName: "张三", ResidentId: "110101199001011234"})
|
|
assert.Error(t, err)
|
|
}
|
|
|
|
// ---- DecodeAES ----
|
|
|
|
func TestDecodeAESRoundTrip(t *testing.T) {
|
|
setupKYCViper(t)
|
|
|
|
original := &CNRidInfo{LegalName: "李四", ResidentId: "310101199901015678"}
|
|
encoded, err := EncodeAES(original)
|
|
require.NoError(t, err)
|
|
|
|
decoded, err := DecodeAES(*encoded)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, decoded)
|
|
}
|
|
|
|
func TestDecodeAESInvalidBase64(t *testing.T) {
|
|
setupKYCViper(t)
|
|
|
|
// "@@@" contains characters that are not valid base64 — must return error.
|
|
_, err := DecodeAES("@@@")
|
|
assert.Error(t, err)
|
|
}
|
|
|
|
func TestDecodeAESNotBlockAligned(t *testing.T) {
|
|
setupKYCViper(t)
|
|
|
|
// Encode a short plaintext so the resulting ciphertext is valid base64
|
|
// but deliberately corrupt it to produce non-block-aligned data.
|
|
encoded, err := EncodeAES(&PassportInfo{ID: "x"})
|
|
require.NoError(t, err)
|
|
|
|
// Trim one character from the end to break block alignment.
|
|
corrupted := (*encoded)[:len(*encoded)-1]
|
|
_, err = DecodeAES(corrupted)
|
|
assert.Error(t, err)
|
|
}
|
|
|
|
func TestDecodeAESWrongKey(t *testing.T) {
|
|
setupKYCViper(t)
|
|
|
|
// Encode with the correct key.
|
|
encoded, err := EncodeAES(&CNRidInfo{LegalName: "王五", ResidentId: "440101200001011234"})
|
|
require.NoError(t, err)
|
|
|
|
// Decode with a different key — must fail.
|
|
viper.Set("secrets.kyc_info_key", "wrongkey12345678")
|
|
_, err = DecodeAES(*encoded)
|
|
assert.Error(t, err)
|
|
}
|