diff options
author | Xabier de Zuazo <xabier@onddo.com> | 2014-06-05 21:06:22 +0200 |
---|---|---|
committer | Xabier de Zuazo <xabier@onddo.com> | 2014-07-01 10:59:26 +0200 |
commit | 72a53edfca3b992aa51946ed471f7cc15627b187 (patch) | |
tree | 843e6ec6571e764100fcd1bd4d8cde02a7eec621 /spec/unit/encrypted_data_bag_item_spec.rb | |
parent | 4a3141d4f1e6799faf332854cdb41e387747a1ca (diff) | |
download | chef-72a53edfca3b992aa51946ed471f7cc15627b187.tar.gz |
[CHEF-5356-gcm] Some small improvements to the EncryptedDataBag unit tests
Conflicts:
spec/unit/encrypted_data_bag_item_spec.rb
Diffstat (limited to 'spec/unit/encrypted_data_bag_item_spec.rb')
-rw-r--r-- | spec/unit/encrypted_data_bag_item_spec.rb | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/spec/unit/encrypted_data_bag_item_spec.rb b/spec/unit/encrypted_data_bag_item_spec.rb index 0c8e991535..68447fd6fb 100644 --- a/spec/unit/encrypted_data_bag_item_spec.rb +++ b/spec/unit/encrypted_data_bag_item_spec.rb @@ -39,14 +39,14 @@ describe Chef::EncryptedDataBagItem::Encryptor do let(:key) { "passwd" } it "encrypts to format version 1 by default" do - encryptor.should be_a_kind_of(Chef::EncryptedDataBagItem::Encryptor::Version1Encryptor) + encryptor.should be_a_instance_of(Chef::EncryptedDataBagItem::Encryptor::Version1Encryptor) end describe "generating a random IV" do it "generates a new IV for each encryption pass" do encryptor2 = Chef::EncryptedDataBagItem::Encryptor.new(plaintext_data, key) - # No API in ruby OpenSSL to get the iv it used for the encryption back + # No API in ruby OpenSSL to get the iv is used for the encryption back # out. Instead we test if the encrypted data is the same. If it *is* the # same, we assume the IV was the same each time. encryptor.encrypted_data.should_not eq encryptor2.encrypted_data @@ -56,7 +56,7 @@ describe Chef::EncryptedDataBagItem::Encryptor do describe "when encrypting a non-hash non-array value" do let(:plaintext_data) { 5 } it "serializes the value in a de-serializable way" do - Chef::JSONCompat.from_json(subject.serialized_data)["json_wrapper"].should eq 5 + Chef::JSONCompat.from_json(encryptor.serialized_data)["json_wrapper"].should eq 5 end end @@ -78,10 +78,10 @@ describe Chef::EncryptedDataBagItem::Encryptor do end it "creates a version 2 encryptor" do - encryptor.should be_a_kind_of(Chef::EncryptedDataBagItem::Encryptor::Version2Encryptor) + encryptor.should be_a_instance_of(Chef::EncryptedDataBagItem::Encryptor::Version2Encryptor) end - it "generates an hmac based on ciphertext including iv" do + it "generates an hmac based on ciphertext with different iv" do encryptor2 = Chef::EncryptedDataBagItem::Encryptor.new(plaintext_data, key) encryptor.hmac.should_not eq(encryptor2.hmac) end @@ -167,6 +167,14 @@ describe Chef::EncryptedDataBagItem::Decryptor do Base64.encode64(raw_hmac) end + it "decrypts the encrypted value" do + decryptor.decrypted_data.should eq({"json_wrapper" => plaintext_data}.to_json) + end + + it "unwraps the encrypted data and returns it" do + decryptor.for_decrypted_item.should eq plaintext_data + end + it "rejects the data if the hmac is wrong" do encrypted_value["hmac"] = bogus_hmac lambda { decryptor.for_decrypted_item }.should raise_error(Chef::EncryptedDataBagItem::DecryptionFailure) @@ -186,7 +194,7 @@ describe Chef::EncryptedDataBagItem::Decryptor do end it "selects the correct strategy for version 1" do - decryptor.should be_a_kind_of Chef::EncryptedDataBagItem::Decryptor::Version1Decryptor + decryptor.should be_a_instance_of Chef::EncryptedDataBagItem::Decryptor::Version1Decryptor end it "decrypts the encrypted value" do @@ -246,7 +254,7 @@ describe Chef::EncryptedDataBagItem::Decryptor do end it "selects the correct strategy for version 0" do - decryptor.should be_a_kind_of(Chef::EncryptedDataBagItem::Decryptor::Version0Decryptor) + decryptor.should be_a_instance_of(Chef::EncryptedDataBagItem::Decryptor::Version0Decryptor) end it "decrypts the encrypted value" do |