package edgeencrypt import ( "context" "crypto/rand" "crypto/rsa" "crypto/sha256" _ "embed" "testing" "github.com/google/uuid" ) var ( //go:embed testdata/tlog.json tlog []byte ) func TestEncryptDecryptData(t *testing.T) { // Generate RSA key pair // we will be using gcp kms for this privateKey, err := rsa.GenerateKey(rand.Reader, RSA2048) if err != nil { t.Fatalf("failed to generate private key: %v", err) } publicKey := &privateKey.PublicKey pemPublicKey, err := ConvertRSAPublicKeyToPEM(publicKey) if err != nil { t.Fatalf("failed to convert public key to pem: %v", err) } // Encrypt data data, err := EncryptData(pemPublicKey, tlog) if err != nil { t.Fatalf("failed to encrypt data: %v", err) } e := &EncryptedData{ BannerEdgeID: uuid.NewString(), Channel: "my-channel", ChannelID: uuid.NewString(), KeyVersion: "1", Data: data, } err = e.Valid() if err != nil { t.Fatalf("invalid encrypted data: %v", err) } ec := &EncryptionClaims{ ChannelID: e.ChannelID, Channel: DecryptionJWTSecret, Role: Decryption, } err = ec.Valid() if err != nil { t.Fatalf("invalid encryption claims data: %v", err) } // Decrypt data decryptedData, err := DecryptData(context.Background(), e, ec, func(_ context.Context, _, _, _ string, aesKey []byte) ([]byte, error) { return rsa.DecryptOAEP(sha256.New(), rand.Reader, privateKey, aesKey, nil) }) if err != nil { t.Fatalf("failed to decrypt data: %v", err) } if string(tlog) != string(decryptedData) { t.Fatalf("decrypted data is not equal to original data") } }