crossmate

PushPayloadCipherTests.swift (5581B)

---

 import CoreData
 import CryptoKit
 import Foundation
 import Testing
 
 @testable import Crossmate
 
 @Suite("Push payload encryption")
 struct PushPayloadCipherTests {
 
     private func makeKey(_ seed: UInt8 = 1) -> SymmetricKey {
         let base64 = Data(repeating: seed, count: 32).base64EncodedString()
         return PushPayloadCipher.key(fromBase64: base64)!
     }
 
     // MARK: - Cipher round trip
 
     @Test("seal/open round-trips a payload with personal fields")
     func roundTrip() throws {
         let key = makeKey()
         let payload = PushPayload(
             event: .pause(fills: 3, clears: 1, checks: 2, reveals: 0),
             puzzleTitle: "The Saturday Stumper",
             playerName: "Alexandra",
             diagnostics: PushPayload.Diagnostics(gridWidth: 15, gridHeight: 15)
         )
         let sealed = try #require(PushPayloadCipher.seal(payload, key: key))
         // The sealed blob must not leak the cleartext personal fields.
         let decoded = try #require(Data(base64Encoded: sealed))
         let asText = String(decoding: decoded, as: UTF8.self)
         #expect(!asText.contains("Alexandra"))
         #expect(!asText.contains("Saturday"))
         #expect(PushPayloadCipher.open(sealed, key: key) == payload)
     }
 
     @Test("open with the wrong key fails")
     func wrongKeyFails() throws {
         let sealed = try #require(
             PushPayloadCipher.seal(PushPayload(event: .win, puzzleTitle: "X", playerName: "Y"), key: makeKey(1))
         )
         #expect(PushPayloadCipher.open(sealed, key: makeKey(2)) == nil)
     }
 
     @Test("open tolerates absent and corrupt input")
     func tolerantOpen() {
         let key = makeKey()
         #expect(PushPayloadCipher.open(nil, key: key) == nil)
         #expect(PushPayloadCipher.open("not base64 !!!", key: key) == nil)
         #expect(PushPayloadCipher.open("YWJjZA==", key: key) == nil) // valid base64, not a box
     }
 
     @Test("key rejects material shorter than 32 bytes")
     func keyLength() {
         #expect(PushPayloadCipher.key(fromBase64: Data(repeating: 0, count: 16).base64EncodedString()) == nil)
         #expect(PushPayloadCipher.key(fromBase64: "") == nil)
         #expect(PushPayloadCipher.key(fromBase64: Data(repeating: 0, count: 32).base64EncodedString()) != nil)
     }
 
     // MARK: - App Group directory
 
     private func withTemporaryDirectoryFile(
         _ body: @Sendable () async throws -> Void
     ) async throws {
         let url = FileManager.default.temporaryDirectory
             .appendingPathComponent("content-key-directory-\(UUID().uuidString).json")
         defer { try? FileManager.default.removeItem(at: url) }
         try await ContentKeyDirectory.$testingFileURL.withValue(url) {
             try await body()
         }
     }
 
     @Test("directory save/load/key round-trips and resolves a usable key")
     func directoryRoundTrip() async throws {
         try await withTemporaryDirectoryFile {
             #expect(ContentKeyDirectory.load().isEmpty)
             let gameID = UUID()
             let keyBase64 = Data(repeating: 7, count: 32).base64EncodedString()
             ContentKeyDirectory.save([gameID.uuidString: keyBase64])
             #expect(ContentKeyDirectory.load() == [gameID.uuidString: keyBase64])
 
             // The resolved key must actually open a payload sealed under it.
             let resolved = try #require(ContentKeyDirectory.key(for: gameID))
             let payload = PushPayload(event: .win, puzzleTitle: "X", playerName: "Y")
             let sealed = try #require(PushPayloadCipher.seal(payload, key: resolved))
             #expect(PushPayloadCipher.open(sealed, key: resolved) == payload)
             #expect(ContentKeyDirectory.key(for: UUID()) == nil)
         }
     }
 
     @Test("saving an empty directory removes the file")
     func emptySaveRemoves() async throws {
         try await withTemporaryDirectoryFile {
             ContentKeyDirectory.save([UUID().uuidString: Data(repeating: 1, count: 32).base64EncodedString()])
             #expect(!ContentKeyDirectory.load().isEmpty)
             ContentKeyDirectory.save([:])
             #expect(ContentKeyDirectory.load().isEmpty)
         }
     }
 
     // MARK: - Rebuild from Core Data
 
     @Test("rebuildContentKeyDirectory mirrors games whose credential carries a key")
     func rebuildFromCoreData() async throws {
         try await withTemporaryDirectoryFile {
             try await MainActor.run {
                 let persistence = makeTestPersistence()
                 let ctx = persistence.viewContext
 
                 func addGame(notification: String?) -> UUID {
                     let id = UUID()
                     let game = GameEntity(context: ctx)
                     game.id = id
                     game.title = "Puzzle"
                     game.puzzleSource = ""
                     game.createdAt = Date()
                     game.updatedAt = Date()
                     game.notification = notification
                     return id
                 }
                 let withKey = addGame(notification: try GamePushCredentials.fresh().encoded())
                 // A legacy credential with no content key is skipped.
                 _ = addGame(notification: try GamePushCredentials(secret: "s").encoded())
                 _ = addGame(notification: nil)
                 try ctx.save()
 
                 GameEntity.rebuildContentKeyDirectory(in: ctx)
 
                 let directory = ContentKeyDirectory.load()
                 #expect(directory.count == 1)
                 #expect(directory[withKey.uuidString] != nil)
             }
         }
     }
 }