domin8

import os from pathlib import Path import uuid import pytest from domin8 import crypto def test_generate_and_verify_signature(): data = {'approver_id': 'alice', 'approved_at': '2026-01-12T00:00:00+00:00', 'decision': 'approved', 'comments': 'Looks good'} key = 'secret-key' sig = crypto.generate_signature(data, key) assert isinstance(sig, str) and len(sig) > 0 assert crypto.verify_signature(data, sig, key) assert not crypto.verify_signature(data, 'deadbeef', key) def test_create_and_get_signing_key(tmp_path, monkeypatch): # Point HOME to tmp_path to avoid touching real home monkeypatch.setenv('HOME', str(tmp_path)) key = crypto.create_signing_key('bob') assert isinstance(key, str) and len(key) > 0 # The key file should exist key_file = Path(tmp_path) / '.domin8' / 'keys' / 'bob.key' assert key_file.exists() assert key_file.read_text().strip() == key # get_signing_key should return the key assert crypto.get_signing_key('bob') == key # Creating again should raise with pytest.raises(ValueError): crypto.create_signing_key('bob') def test_sign_and_verify_approval(tmp_path, monkeypatch): monkeypatch.setenv('HOME', str(tmp_path)) # No key -> sign_approval should raise with pytest.raises(ValueError): crypto.sign_approval({'approver_id': 'carol'}, 'carol') # Create key and sign key = crypto.create_signing_key('carol') approval = {'approver_id': 'carol', 'approved_at': '2026-01-12T00:00:00+00:00', 'decision': 'approved', 'comments': ''} signed = crypto.sign_approval(approval.copy(), 'carol') assert 'signature' in signed assert crypto.verify_approval_signature(signed) # Missing signature -> verify should be False assert not crypto.verify_approval_signature({'approver_id': 'carol'}) # Missing approver_id -> False assert not crypto.verify_approval_signature({'signature': 'abc'}) # Wrong key -> False other = signed.copy() other['approver_id'] = 'dave' assert not crypto.verify_approval_signature(other)