| 123456789101112131415161718192021222324252627282930 |
- import pytest
- from core_shared.secrets import EncryptedSecret, SecretCipher
- def test_secret_cipher_round_trips_json_payload() -> None:
- cipher = SecretCipher(key="test-key")
- payload = {"api_key": "secret-value", "nested": {"token": "abc"}}
- encrypted = cipher.encrypt_json(payload)
- decrypted = cipher.decrypt_json(encrypted)
- assert encrypted.ciphertext
- assert encrypted.ciphertext != "secret-value"
- assert encrypted.fingerprint
- assert decrypted == payload
- def test_secret_cipher_rejects_tampered_payload() -> None:
- cipher = SecretCipher(key="test-key")
- encrypted = cipher.encrypt_json({"api_key": "secret-value"})
- tampered = EncryptedSecret(
- ciphertext=encrypted.ciphertext[:-2] + "AA",
- fingerprint=encrypted.fingerprint,
- algorithm=encrypted.algorithm,
- )
- with pytest.raises(ValueError):
- cipher.decrypt_json(tampered)
|
