package no.naiv.meddetsamme.backup import javax.crypto.AEADBadTagException import org.junit.Assert.assertArrayEquals import org.junit.Assert.assertEquals import org.junit.Assert.assertFalse import org.junit.Assert.assertThrows import org.junit.Assert.assertTrue import org.junit.Test class JceBackupCryptoTest { private val plaintext = """{"version":1,"medications":[]}""".toByteArray() private val passphrase = "korrekt hest batteri stift".toCharArray() @Test fun `round trip with correct passphrase`() { val ct = JceBackupCrypto.encrypt(plaintext, passphrase) assertArrayEquals(plaintext, JceBackupCrypto.decrypt(ct, passphrase)) } @Test fun `wrong passphrase fails authentication, not garbage output`() { val ct = JceBackupCrypto.encrypt(plaintext, passphrase) assertThrows(AEADBadTagException::class.java) { JceBackupCrypto.decrypt(ct, "feil passord".toCharArray()) } } @Test fun `tampered ciphertext fails authentication`() { val ct = JceBackupCrypto.encrypt(plaintext, passphrase) ct[ct.size - 5] = (ct[ct.size - 5].toInt() xor 1).toByte() assertThrows(AEADBadTagException::class.java) { JceBackupCrypto.decrypt(ct, passphrase) } } @Test fun `format detection by magic`() { val ct = JceBackupCrypto.encrypt(plaintext, passphrase) assertTrue(JceBackupCrypto.matches(ct)) assertFalse(JceBackupCrypto.matches(plaintext)) assertEquals(JceBackupCrypto, BackupCrypto.detect(ct)) assertEquals(null, BackupCrypto.detect(plaintext)) } @Test fun `fresh salt and IV every time`() { val a = JceBackupCrypto.encrypt(plaintext, passphrase) val b = JceBackupCrypto.encrypt(plaintext, passphrase) assertFalse(a.contentEquals(b)) // deterministic encryption would leak equality } }