grafana/pkg/services/encryption/service/service_test.go

96 lines
3.2 KiB
Go
Raw Normal View History

package service
import (
"context"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/grafana/grafana/pkg/infra/usagestats"
"github.com/grafana/grafana/pkg/services/encryption"
"github.com/grafana/grafana/pkg/services/encryption/provider"
"github.com/grafana/grafana/pkg/setting"
)
func Test_Service(t *testing.T) {
ctx := context.Background()
encProvider := provider.Provider{}
usageStats := &usagestats.UsageStatsMock{}
settings := &setting.OSSImpl{Cfg: setting.NewCfg()}
svc, err := ProvideEncryptionService(encProvider, usageStats, settings)
require.NoError(t, err)
t.Run("decrypt empty payload should return error", func(t *testing.T) {
_, err := svc.Decrypt(context.Background(), []byte(""), "1234")
require.Error(t, err)
assert.Equal(t, "unable to derive encryption algorithm", err.Error())
})
t.Run("encrypt and decrypt with aes-cfb should work", func(t *testing.T) {
settings.Cfg.Raw.Section(securitySection).Key(encryptionAlgorithmKey).SetValue(encryption.AesCfb)
encrypted, err := svc.Encrypt(ctx, []byte("grafana"), "1234")
require.NoError(t, err)
decrypted, err := svc.Decrypt(ctx, encrypted, "1234")
require.NoError(t, err)
assert.Equal(t, []byte("grafana"), decrypted)
})
t.Run("decrypt with aes-gcm should work", func(t *testing.T) {
// Raw slice of bytes that corresponds to the following ciphertext:
// - 'grafana' as payload
// - '1234' as secret
// - 'aes-gcm' as encryption algorithm
ciphertext := []byte{42, 89, 87, 86, 122, 76, 87, 100, 106, 98, 81, 42, 48, 99, 55, 50, 51, 48, 83, 66, 20, 99, 47, 238, 61, 44, 129, 125, 14, 37, 162, 230, 47, 31, 104, 70, 144, 223, 26, 51, 180, 17, 76, 52, 36, 93, 17, 203, 99, 158, 219, 102, 74, 173, 74}
decrypted, err := svc.Decrypt(context.Background(), ciphertext, "1234")
require.NoError(t, err)
assert.Equal(t, []byte("grafana"), decrypted)
})
t.Run("encrypt with aes-gcm should fail", func(t *testing.T) {
settings.Cfg.Raw.Section(securitySection).Key(encryptionAlgorithmKey).SetValue(encryption.AesGcm)
_, err := svc.Encrypt(ctx, []byte("grafana"), "1234")
require.Error(t, err)
})
t.Run("decrypting legacy ciphertext should work", func(t *testing.T) {
// Raw slice of bytes that corresponds to the following ciphertext:
// - 'grafana' as payload
// - '1234' as secret
// - no encryption algorithm metadata
ciphertext := []byte{73, 71, 50, 57, 121, 110, 90, 109, 115, 23, 237, 13, 130, 188, 151, 118, 98, 103, 80, 209, 79, 143, 22, 122, 44, 40, 102, 41, 136, 16, 27}
decrypted, err := svc.Decrypt(context.Background(), ciphertext, "1234")
require.NoError(t, err)
assert.Equal(t, []byte("grafana"), decrypted)
})
}
func Test_Service_MissingProvider(t *testing.T) {
encProvider := fakeProvider{}
usageStats := &usagestats.UsageStatsMock{}
settings := &setting.OSSImpl{Cfg: setting.NewCfg()}
service, err := ProvideEncryptionService(encProvider, usageStats, settings)
assert.Nil(t, service)
assert.Error(t, err)
}
type fakeProvider struct{}
func (p fakeProvider) ProvideCiphers() map[string]encryption.Cipher {
return nil
}
func (p fakeProvider) ProvideDeciphers() map[string]encryption.Decipher {
return nil
}