1f87ec75d1
Adds new tests to the `pkg/crypt/openpgp` package to cover error handling and edge cases in the `EncryptPGP` and `DecryptPGP` functions.
71 lines
3.2 KiB
Go
71 lines
3.2 KiB
Go
package openpgp
|
|
|
|
import (
|
|
"bytes"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
// TestDecryptWithWrongPassphrase checks that DecryptPGP returns an error when the wrong passphrase is used.
|
|
func TestDecryptWithWrongPassphrase(t *testing.T) {
|
|
recipientPub, _, cleanup := generateTestKeys(t, "recipient", "") // Unencrypted key for encryption
|
|
defer cleanup()
|
|
|
|
// Use the pre-generated encrypted key for decryption test
|
|
encryptedPrivKeyPath, cleanup2 := createEncryptedKeyFile(t)
|
|
defer cleanup2()
|
|
|
|
originalMessage := "This message should fail to decrypt."
|
|
|
|
var encryptedBuf bytes.Buffer
|
|
err := EncryptPGP(&encryptedBuf, recipientPub, originalMessage, nil, nil)
|
|
assert.NoError(t, err, "Encryption failed unexpectedly")
|
|
encryptedMessage := encryptedBuf.String()
|
|
|
|
_, err = DecryptPGP(encryptedPrivKeyPath, encryptedMessage, "wrong-passphrase", nil)
|
|
assert.Error(t, err, "Decryption was expected to fail with wrong passphrase, but it succeeded.")
|
|
assert.Contains(t, err.Error(), "failed to read PGP message", "Expected error message about failing to read PGP message")
|
|
}
|
|
|
|
// TestDecryptMalformedMessage checks that DecryptPGP handles non-PGP or malformed input gracefully.
|
|
func TestDecryptMalformedMessage(t *testing.T) {
|
|
// Generate an unencrypted key for this test, as we expect failure before key usage.
|
|
_, recipientPriv, cleanup := generateTestKeys(t, "recipient", "")
|
|
defer cleanup()
|
|
|
|
malformedMessage := "This is not a PGP message."
|
|
|
|
// The passphrase here is irrelevant as the key is not encrypted, but we pass one
|
|
// to satisfy the function signature.
|
|
_, err := DecryptPGP(recipientPriv, malformedMessage, "any-pass", nil)
|
|
assert.Error(t, err, "Decryption should fail for a malformed message, but it did not.")
|
|
assert.Contains(t, err.Error(), "failed to decode armored message", "Expected error about decoding armored message")
|
|
}
|
|
|
|
// TestEncryptWithNonexistentRecipient checks that EncryptPGP fails when the recipient's public key file does not exist.
|
|
func TestEncryptWithNonexistentRecipient(t *testing.T) {
|
|
var encryptedBuf bytes.Buffer
|
|
err := EncryptPGP(&encryptedBuf, "/path/to/nonexistent/key.pub", "message", nil, nil)
|
|
assert.Error(t, err, "Encryption should fail if recipient key does not exist, but it succeeded.")
|
|
assert.Contains(t, err.Error(), "failed to open recipient public key file", "Expected file open error for recipient key")
|
|
}
|
|
|
|
// TestEncryptAndSignWithWrongPassphrase checks that signing during encryption fails with an incorrect passphrase.
|
|
func TestEncryptAndSignWithWrongPassphrase(t *testing.T) {
|
|
recipientPub, _, rCleanup := generateTestKeys(t, "recipient", "")
|
|
defer rCleanup()
|
|
|
|
// Use the pre-generated encrypted key for the signer
|
|
signerPriv, sCleanup := createEncryptedKeyFile(t)
|
|
defer sCleanup()
|
|
|
|
originalMessage := "This message should fail to sign."
|
|
wrongPassphrase := "wrong-signer-pass"
|
|
|
|
var encryptedBuf bytes.Buffer
|
|
err := EncryptPGP(&encryptedBuf, recipientPub, originalMessage, &signerPriv, &wrongPassphrase)
|
|
|
|
assert.Error(t, err, "Encryption with signing was expected to fail with a wrong passphrase, but it succeeded.")
|
|
assert.Contains(t, err.Error(), "failed to decrypt private key", "Expected error about private key decryption failure")
|
|
}
|