Improve test coverage

2026-02-27 18:50:28 +01:00 · 2026-02-27 18:50:28 +01:00 · 1cd7fb659a
commit 1cd7fb659a
parent ccc00d8e80
5 changed files with 130 additions and 26 deletions
--- a/IdentityShroud.Core.Tests/Services/DataEncryptionServiceTests.cs
+++ b/IdentityShroud.Core.Tests/Services/DataEncryptionServiceTests.cs
@ -0,0 +1,64 @@
+using System.Security.Cryptography;
+using IdentityShroud.Core.Contracts;
+using IdentityShroud.Core.Model;
+using IdentityShroud.Core.Security;
+using IdentityShroud.Core.Services;
+using IdentityShroud.TestUtils.Substitutes;
+
+namespace IdentityShroud.Core.Tests.Services;
+
+public class DataEncryptionServiceTests
+{
+    private readonly IRealmContext _realmContext = Substitute.For<IRealmContext>();
+    private readonly IDekEncryptionService _dekCryptor = new NullDekEncryptionService();// Substitute.For<IDekEncryptionService>();
+
+    private readonly DekId _activeDekId = DekId.NewId();
+    private readonly DekId _secondDekId = DekId.NewId();
+    private DataEncryptionService CreateSut()
+        => new(_realmContext, _dekCryptor);
+
+    [Fact]
+    public void Encrypt_UsesActiveKey()
+    {
+        _realmContext.GetDeks(Arg.Any<CancellationToken>()).Returns([
+            CreateRealmDek(_secondDekId, false),
+            CreateRealmDek(_activeDekId, true),
+        ]);
+
+        var cipher = CreateSut().Encrypt("Hello"u8);
+        
+        Assert.Equal(_activeDekId, cipher.DekId);
+    }
+
+    [Fact]
+    public void Decrypt_UsesCorrectKey()
+    {
+        var first = CreateRealmDek(_activeDekId, true);
+        _realmContext.GetDeks(Arg.Any<CancellationToken>()).Returns([ first ]);
+
+        var sut = CreateSut();
+        var cipher = sut.Encrypt("Hello"u8);
+
+        // Deactivate original key
+        first.Active = false;
+        // Make new active
+        var second = CreateRealmDek(_secondDekId, true);
+        // Return both
+        _realmContext.GetDeks(Arg.Any<CancellationToken>()).Returns([ first, second ]);
+
+
+        var decoded = sut.Decrypt(cipher);
+
+        Assert.Equal("Hello"u8, decoded);
+    }
+    
+    private RealmDek CreateRealmDek(DekId id, bool active)
+        => new()
+        {
+            Id = id,
+            Active = active,
+            Algorithm = "AES",
+            KeyData = new(KekId.NewId(), RandomNumberGenerator.GetBytes(32)),
+            RealmId = default,
+        };
+}