spec/sequel_adapter_spec.rb in slosilo-0.4.1 vs spec/sequel_adapter_spec.rb in slosilo-1.0.0

@@ -1,8 +1,8 @@
 require 'spec_helper'
 require 'sequel'
-require 'io_helper'
+require 'io/grab'
 
 require 'slosilo/adapters/sequel_adapter'
 
 describe Slosilo::Adapters::SequelAdapter do
   include_context "with example key"
@@ -54,67 +54,122 @@
       adapter.each { |id,k| results << { id => k } }
       results.should == [ { one: :onek}, {two: :twok } ]
     end
   end
 
-  context do
+  shared_context "database" do
     let(:db) { Sequel.sqlite }
     before do
-      Slosilo::encryption_key = Slosilo::Symmetric.new.random_key
       subject.unstub :create_model
-      Sequel::Model.cache_anonymous_models = false
+      begin
+        Sequel::Model.cache_anonymous_models = false
+      rescue NoMethodError # sequel 4.0 moved the method
+        Sequel.cache_anonymous_models = false
+      end
       Sequel::Model.db = db
     end
+  end
 
-    context "with old schema" do
-      before do
-        db.create_table :slosilo_keystore do
-          String :id, primary_key: true
-          bytea :key, null: false
-        end
-        subject.put_key 'test', key
-      end
+  shared_context "encryption key" do
+    before do
+      Slosilo.encryption_key = Slosilo::Symmetric.new.random_key
+    end
+  end
 
-      context "after migration" do
-        before { subject.migrate! }
+  context "with old schema" do
+    include_context "encryption key"
+    include_context "database"
 
-        it "supports look up by id" do
-          subject.get_key("test").should == key
-        end
-
-        it "supports look up by fingerprint, without a warning" do
-          STDERR.grab do
-            subject.get_by_fingerprint(key.fingerprint).should == [key, 'test']
-          end.should be_empty
-        end
+    before do
+      db.create_table :slosilo_keystore do
+        String :id, primary_key: true
+        bytea :key, null: false
       end
+      subject.put_key 'test', key
+    end
 
+    context "after migration" do
+      before { subject.migrate! }
+
       it "supports look up by id" do
         subject.get_key("test").should == key
       end
 
-      it "supports look up by fingerprint, but issues a warning" do
-        STDERR.grab do
+      it "supports look up by fingerprint, without a warning" do
+        $stderr.grab do
           subject.get_by_fingerprint(key.fingerprint).should == [key, 'test']
-        end.should_not be_empty
+        end.should be_empty
       end
     end
 
-    context "with current schema" do
-      before do
-        Sequel.extension :migration
-        require 'slosilo/adapters/sequel_adapter/migration.rb'
-        Sequel::Migration::descendants.first.apply db, :up
-        subject.put_key 'test', key
-      end
+    it "supports look up by id" do
+      subject.get_key("test").should == key
+    end
 
+    it "supports look up by fingerprint, but issues a warning" do
+      $stderr.grab do
+        subject.get_by_fingerprint(key.fingerprint).should == [key, 'test']
+      end.should_not be_empty
+    end
+  end
 
-      it "supports look up by id" do
-        subject.get_key("test").should == key
-      end
+  shared_context "current schema" do
+    include_context "database"
+    before do
+      Sequel.extension :migration
+      require 'slosilo/adapters/sequel_adapter/migration.rb'
+      Sequel::Migration.descendants.first.apply db, :up
+    end
+  end
 
-      it "supports look up by fingerprint" do
-        subject.get_by_fingerprint(key.fingerprint).should == [key, 'test']
-      end
+  context "with current schema" do
+    include_context "encryption key"
+    include_context "current schema"
+    before do
+      subject.put_key 'test', key
+    end
+
+    it "supports look up by id" do
+      subject.get_key("test").should == key
+    end
+
+    it "supports look up by fingerprint" do
+      subject.get_by_fingerprint(key.fingerprint).should == [key, 'test']
+    end
+  end
+
+  context "with an encryption key", :wip do
+    include_context "encryption key"
+    include_context "current schema"
+
+    it { should be_secure }
+
+    it "saves the keys in encrypted form" do
+      subject.put_key 'test', key
+
+      expect(db[:slosilo_keystore][id: 'test'][:key]).to_not eq(key.to_der)
+      expect(subject.get_key 'test').to eq(key)
+    end
+  end
+
+  context "without an encryption key", :wip do
+    before do
+      Slosilo.encryption_key = nil
+    end
+
+    include_context "current schema"
+
+    it { should_not be_secure }
+
+    it "refuses to store a private key" do
+      expect { subject.put_key 'test', key }.to raise_error(Slosilo::Error::InsecureKeyStorage)
+    end
+
+    it "saves the keys in plaintext form" do
+      pkey = key.public
+      subject.put_key 'test', pkey
+
+      expect(db[:slosilo_keystore][id: 'test'][:key]).to eq(pkey.to_der)
+      expect(subject.get_key 'test').to eq(pkey)
     end
   end
 end