47 lines
1.5 KiB
TypeScript
47 lines
1.5 KiB
TypeScript
import { EncryptionService } from '../src/vault/encryption.service';
|
|
|
|
describe('EncryptionService', () => {
|
|
let service: EncryptionService;
|
|
|
|
beforeEach(() => {
|
|
// 32-byte key as 64-char hex string
|
|
process.env.ENCRYPTION_KEY = 'a'.repeat(64);
|
|
service = new EncryptionService();
|
|
});
|
|
|
|
it('encrypts and decrypts a string', () => {
|
|
const plaintext = 'my-secret-password';
|
|
const encrypted = service.encrypt(plaintext);
|
|
expect(encrypted).not.toEqual(plaintext);
|
|
expect(encrypted.startsWith('v1:')).toBe(true);
|
|
expect(service.decrypt(encrypted)).toEqual(plaintext);
|
|
});
|
|
|
|
it('produces different ciphertext for same plaintext (random IV)', () => {
|
|
const plaintext = 'same-input';
|
|
const a = service.encrypt(plaintext);
|
|
const b = service.encrypt(plaintext);
|
|
expect(a).not.toEqual(b);
|
|
expect(service.decrypt(a)).toEqual(plaintext);
|
|
expect(service.decrypt(b)).toEqual(plaintext);
|
|
});
|
|
|
|
it('throws on tampered ciphertext', () => {
|
|
const encrypted = service.encrypt('test');
|
|
const parts = encrypted.split(':');
|
|
parts[3] = 'ff' + parts[3].slice(2); // tamper ciphertext
|
|
expect(() => service.decrypt(parts.join(':'))).toThrow();
|
|
});
|
|
|
|
it('handles empty string', () => {
|
|
const encrypted = service.encrypt('');
|
|
expect(service.decrypt(encrypted)).toEqual('');
|
|
});
|
|
|
|
it('handles unicode', () => {
|
|
const plaintext = 'p@$$w0rd-日本語-🔑';
|
|
const encrypted = service.encrypt(plaintext);
|
|
expect(service.decrypt(encrypted)).toEqual(plaintext);
|
|
});
|
|
});
|