ocdp v1

2025-11-13 02:54:06 +00:00
commit c5e51ed069
254 changed files with 54901 additions and 0 deletions
--- a/backend/internal/pkg/crypto/crypto_test.go
+++ b/backend/internal/pkg/crypto/crypto_test.go
@ -0,0 +1,124 @@
+package crypto
+
+import (
+	"testing"
+)
+
+func TestAESEncryptor(t *testing.T) {
+	encryptor := NewAESEncryptor("test-secret-key")
+
+	tests := []struct {
+		name      string
+		plaintext string
+	}{
+		{"simple password", "password123"},
+		{"harbor password", "BWGDIP@ssw0rd1401#"},
+		{"empty string", ""},
+		{"long certificate", "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pP"},
+		{"unicode", "密码123!@#"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// 测试加密
+			encrypted, err := encryptor.Encrypt(tt.plaintext)
+			if err != nil {
+				t.Fatalf("Encrypt failed: %v", err)
+			}
+
+			// 空字符串应该返回空
+			if tt.plaintext == "" {
+				if encrypted != "" {
+					t.Errorf("Expected empty encrypted string, got %s", encrypted)
+				}
+				return
+			}
+
+			// 加密后应该不同
+			if encrypted == tt.plaintext {
+				t.Errorf("Encrypted text should differ from plaintext")
+			}
+
+			// 测试解密
+			decrypted, err := encryptor.Decrypt(encrypted)
+			if err != nil {
+				t.Fatalf("Decrypt failed: %v", err)
+			}
+
+			// 解密后应该相同
+			if decrypted != tt.plaintext {
+				t.Errorf("Decrypted text mismatch: got %s, want %s", decrypted, tt.plaintext)
+			}
+		})
+	}
+}
+
+func TestMaskSensitiveData(t *testing.T) {
+	tests := []struct {
+		name     string
+		input    string
+		expected string
+	}{
+		{"normal password", "password123", "••••••••"},
+		{"empty string", "", ""},
+		{"long string", "very-long-password-with-many-characters", "••••••••"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := MaskSensitiveData(tt.input)
+			if result != tt.expected {
+				t.Errorf("MaskSensitiveData(%s) = %s, want %s", tt.input, result, tt.expected)
+			}
+		})
+	}
+}
+
+func TestIsEncrypted(t *testing.T) {
+	encryptor := NewAESEncryptor("test-key")
+
+	plaintext := "password123"
+	encrypted, _ := encryptor.Encrypt(plaintext)
+
+	tests := []struct {
+		name     string
+		input    string
+		expected bool
+	}{
+		{"encrypted data", encrypted, true},
+		{"plaintext", "password123", false},
+		{"empty string", "", false},
+		{"short string", "abc", false},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := IsEncrypted(tt.input)
+			if result != tt.expected {
+				t.Errorf("IsEncrypted(%s) = %v, want %v", tt.input, result, tt.expected)
+			}
+		})
+	}
+}
+
+func TestEncryptionConsistency(t *testing.T) {
+	encryptor := NewAESEncryptor("consistent-key")
+	plaintext := "test-password"
+
+	// 多次加密同一内容，结果应该不同（因为使用随机 nonce）
+	encrypted1, _ := encryptor.Encrypt(plaintext)
+	encrypted2, _ := encryptor.Encrypt(plaintext)
+
+	if encrypted1 == encrypted2 {
+		t.Error("Multiple encryptions of same plaintext should produce different ciphertexts")
+	}
+
+	// 但解密结果应该相同
+	decrypted1, _ := encryptor.Decrypt(encrypted1)
+	decrypted2, _ := encryptor.Decrypt(encrypted2)
+
+	if decrypted1 != plaintext || decrypted2 != plaintext {
+		t.Error("Decryption should produce original plaintext")
+	}
+}
+