From 39f8ca64cec8667b66628e970211b4d18abbc373 Mon Sep 17 00:00:00 2001
From: Michael Coyne <mikeycgto@gmail.com>
Date: Sat, 23 Sep 2017 17:16:21 -0400
Subject: Add key rotation message Encryptor and Verifier

Both classes now have a rotate method where new instances are added for
each call. When decryption or verification fails the next rotation
instance is tried.
---
 .../test/messages/rotation_configuration_test.rb   | 43 ++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 activesupport/test/messages/rotation_configuration_test.rb

(limited to 'activesupport/test/messages')

diff --git a/activesupport/test/messages/rotation_configuration_test.rb b/activesupport/test/messages/rotation_configuration_test.rb
new file mode 100644
index 0000000000..41d938e119
--- /dev/null
+++ b/activesupport/test/messages/rotation_configuration_test.rb
@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require "abstract_unit"
+require "active_support/messages/rotation_configuration"
+
+class MessagesRotationConfiguration < ActiveSupport::TestCase
+  def setup
+    @config = ActiveSupport::Messages::RotationConfiguration.new
+  end
+
+  def test_signed_configurations
+    @config.rotate :signed, secret: "older secret", salt: "salt", digest: "SHA1"
+    @config.rotate :signed, secret: "old secret", salt: "salt", digest: "SHA256"
+
+    assert_equal [{
+      secret: "older secret", salt: "salt", digest: "SHA1"
+    }, {
+      secret: "old secret", salt: "salt", digest: "SHA256"
+    }], @config.signed
+  end
+
+  def test_encrypted_configurations
+    @config.rotate :encrypted, raw_key: "old raw key", cipher: "aes-256-gcm"
+
+    assert_equal [{
+      raw_key: "old raw key", cipher: "aes-256-gcm"
+    }], @config.encrypted
+  end
+
+  def test_rotate_without_kind
+    @config.rotate secret: "older secret", salt: "salt", digest: "SHA1"
+    @config.rotate raw_key: "old raw key", cipher: "aes-256-gcm"
+
+    expected = [{
+      secret: "older secret", salt: "salt", digest: "SHA1"
+    }, {
+      raw_key: "old raw key", cipher: "aes-256-gcm"
+    }]
+
+    assert_equal expected, @config.encrypted
+    assert_equal expected, @config.signed
+  end
+end
-- 
cgit v1.2.3