From 07abc5efe1bc71902b0c517ef97dcb36564f2336 Mon Sep 17 00:00:00 2001
From: Michael Koziarski <michael@koziarski.com>
Date: Tue, 25 Nov 2008 20:27:54 +0100
Subject: Add a MessageEncryptor, just like MessageVerifier but using symmetric
 key encryption.

The use of encryption prevents people from seeing any potentially secret values you've used.  It also supports and encrypt_and_sign model to prevent people from tampering with the bits and creating random junk that gets fed to

A motivated coder could use this to add an :encrypt=>true option to the cookie store.
---
 activesupport/test/message_encryptor_test.rb | 46 ++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 activesupport/test/message_encryptor_test.rb

(limited to 'activesupport/test/message_encryptor_test.rb')

diff --git a/activesupport/test/message_encryptor_test.rb b/activesupport/test/message_encryptor_test.rb
new file mode 100644
index 0000000000..c0b4a4658c
--- /dev/null
+++ b/activesupport/test/message_encryptor_test.rb
@@ -0,0 +1,46 @@
+require 'abstract_unit'
+
+class MessageEncryptorTest < Test::Unit::TestCase
+  def setup
+    @encryptor = ActiveSupport::MessageEncryptor.new(ActiveSupport::SecureRandom.hex(64))
+    @data = {:some=>"data", :now=>Time.now}
+  end
+  
+  def test_simple_round_tripping
+    message = @encryptor.encrypt(@data)
+    assert_equal @data, @encryptor.decrypt(message)
+  end
+  
+  def test_encrypting_twice_yields_differing_cipher_text
+    first_messqage = @encryptor.encrypt(@data)
+    second_message = @encryptor.encrypt(@data)
+    assert_not_equal first_messqage, second_message
+  end
+  
+  def test_messing_with_either_value_causes_failure
+    text, iv = @encryptor.encrypt(@data).split("--")
+    assert_not_decrypted([iv, text] * "--")
+    assert_not_decrypted([text, munge(iv)] * "--")
+    assert_not_decrypted([munge(text), iv] * "--")
+    assert_not_decrypted([munge(text), munge(iv)] * "--")
+  end
+  
+  def test_signed_round_tripping
+    message = @encryptor.encrypt_and_sign(@data)
+    assert_equal @data, @encryptor.decrypt_and_verify(message)
+  end
+  
+  
+  private
+    def assert_not_decrypted(value)
+      assert_raises(ActiveSupport::MessageEncryptor::InvalidMessage) do
+        @encryptor.decrypt(value)
+      end
+    end
+    
+    def munge(base64_string)
+      bits = ActiveSupport::Base64.decode64(base64_string)
+      bits.reverse!
+      ActiveSupport::Base64.encode64s(bits)
+    end
+end
-- 
cgit v1.2.3