7f238a3168
- Add Workspace domain (entity, repository, service, handler, DTO) - Add multi-tenant K8s client with tenant binding and quota management - Add K8s diagnostics client (instance diagnostics) - Add authorization middleware (authz package) - Restructure frontend to feature-based architecture (features/) - Add User Management page in configuration - Add AccessDenied page and route guards - Refactor shared components (form inputs, layout, UI) - Update Tailwind config for new design system - Add comprehensive documentation (docs/, tasks/, plans) - Improve cluster service with better kubeconfig handling - Add tests for crypto, config, helm client, tenant binding
124 lines
3.0 KiB
Go
124 lines
3.0 KiB
Go
package crypto
|
||
|
||
import (
|
||
"testing"
|
||
)
|
||
|
||
func TestAESEncryptor(t *testing.T) {
|
||
encryptor := NewAESEncryptor("test-secret-key")
|
||
|
||
tests := []struct {
|
||
name string
|
||
plaintext string
|
||
}{
|
||
{"simple password", "password123"},
|
||
{"registry password", "registry-password-example"},
|
||
{"empty string", ""},
|
||
{"long certificate", "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pP"},
|
||
{"unicode", "密码123!@#"},
|
||
}
|
||
|
||
for _, tt := range tests {
|
||
t.Run(tt.name, func(t *testing.T) {
|
||
// 测试加密
|
||
encrypted, err := encryptor.Encrypt(tt.plaintext)
|
||
if err != nil {
|
||
t.Fatalf("Encrypt failed: %v", err)
|
||
}
|
||
|
||
// 空字符串应该返回空
|
||
if tt.plaintext == "" {
|
||
if encrypted != "" {
|
||
t.Errorf("Expected empty encrypted string, got %s", encrypted)
|
||
}
|
||
return
|
||
}
|
||
|
||
// 加密后应该不同
|
||
if encrypted == tt.plaintext {
|
||
t.Errorf("Encrypted text should differ from plaintext")
|
||
}
|
||
|
||
// 测试解密
|
||
decrypted, err := encryptor.Decrypt(encrypted)
|
||
if err != nil {
|
||
t.Fatalf("Decrypt failed: %v", err)
|
||
}
|
||
|
||
// 解密后应该相同
|
||
if decrypted != tt.plaintext {
|
||
t.Errorf("Decrypted text mismatch: got %s, want %s", decrypted, tt.plaintext)
|
||
}
|
||
})
|
||
}
|
||
}
|
||
|
||
func TestMaskSensitiveData(t *testing.T) {
|
||
tests := []struct {
|
||
name string
|
||
input string
|
||
expected string
|
||
}{
|
||
{"normal password", "password123", "••••••••"},
|
||
{"empty string", "", ""},
|
||
{"long string", "very-long-password-with-many-characters", "••••••••"},
|
||
}
|
||
|
||
for _, tt := range tests {
|
||
t.Run(tt.name, func(t *testing.T) {
|
||
result := MaskSensitiveData(tt.input)
|
||
if result != tt.expected {
|
||
t.Errorf("MaskSensitiveData(%s) = %s, want %s", tt.input, result, tt.expected)
|
||
}
|
||
})
|
||
}
|
||
}
|
||
|
||
func TestIsEncrypted(t *testing.T) {
|
||
encryptor := NewAESEncryptor("test-key")
|
||
|
||
plaintext := "password123"
|
||
encrypted, _ := encryptor.Encrypt(plaintext)
|
||
|
||
tests := []struct {
|
||
name string
|
||
input string
|
||
expected bool
|
||
}{
|
||
{"encrypted data", encrypted, true},
|
||
{"plaintext", "password123", false},
|
||
{"empty string", "", false},
|
||
{"short string", "abc", false},
|
||
}
|
||
|
||
for _, tt := range tests {
|
||
t.Run(tt.name, func(t *testing.T) {
|
||
result := IsEncrypted(tt.input)
|
||
if result != tt.expected {
|
||
t.Errorf("IsEncrypted(%s) = %v, want %v", tt.input, result, tt.expected)
|
||
}
|
||
})
|
||
}
|
||
}
|
||
|
||
func TestEncryptionConsistency(t *testing.T) {
|
||
encryptor := NewAESEncryptor("consistent-key")
|
||
plaintext := "test-password"
|
||
|
||
// 多次加密同一内容,结果应该不同(因为使用随机 nonce)
|
||
encrypted1, _ := encryptor.Encrypt(plaintext)
|
||
encrypted2, _ := encryptor.Encrypt(plaintext)
|
||
|
||
if encrypted1 == encrypted2 {
|
||
t.Error("Multiple encryptions of same plaintext should produce different ciphertexts")
|
||
}
|
||
|
||
// 但解密结果应该相同
|
||
decrypted1, _ := encryptor.Decrypt(encrypted1)
|
||
decrypted2, _ := encryptor.Decrypt(encrypted2)
|
||
|
||
if decrypted1 != plaintext || decrypted2 != plaintext {
|
||
t.Error("Decryption should produce original plaintext")
|
||
}
|
||
}
|