Merge pull request #413 from nblumhardt/encryptor-test

nblumhardt · web-flow · commit f31bcb81ef23 · 2025-07-23T14:18:46.000+10:00
Basic tests for `SeqCliEncryptionProviderConfig` and `ExternalDataProtector`
diff --git a/src/SeqCli/Config/SeqCliEncryptionProviderConfig.cs b/src/SeqCli/Config/SeqCliEncryptionProviderConfig.cs
@@ -12,6 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+using System;
 using SeqCli.Encryptor;
 
 namespace SeqCli.Config;
@@ -26,14 +27,20 @@ class SeqCliEncryptionProviderConfig
 
     public IDataProtector DataProtector()
     {
-#if WINDOWS
-        return new WindowsNativeDataProtector();
-#else
-        if (!string.IsNullOrWhiteSpace(Encryptor) && !string.IsNullOrWhiteSpace(Decryptor))
+        if (!string.IsNullOrWhiteSpace(Encryptor) || !string.IsNullOrWhiteSpace(Decryptor))
         {
-            return new ExternalDataProtector(this);
+            if (string.IsNullOrWhiteSpace(Encryptor) || string.IsNullOrWhiteSpace(Decryptor))
+            {
+                throw new ArgumentException(
+                    "If either of `encryption.encryptor` or `encryption.decryptor` is specified, both must be specified.");
+            }
+            
+            return new ExternalDataProtector(Encryptor, EncryptorArgs, Decryptor, DecryptorArgs);
         }
 
+#if WINDOWS
+        return new WindowsNativeDataProtector();
+#else
         return new PlaintextDataProtector();
 #endif
     }
diff --git a/src/SeqCli/Encryptor/ExternalDataProtector.cs b/src/SeqCli/Encryptor/ExternalDataProtector.cs
@@ -9,13 +9,12 @@ namespace SeqCli.Encryptor;
 
 class ExternalDataProtector : IDataProtector
 {
-    public ExternalDataProtector(SeqCliEncryptionProviderConfig providerConfig)
+    public ExternalDataProtector(string encryptor, string? encryptorArgs, string decryptor, string? decryptorArgs)
     {
-        _encryptor = providerConfig.Encryptor!;
-        _encryptorArgs = providerConfig.EncryptorArgs;
-        
-        _decryptor = providerConfig.Decryptor!;
-        _decryptorArgs = providerConfig.DecryptorArgs;
+        _encryptor = encryptor ?? throw new ArgumentNullException(nameof(encryptor));
+        _encryptorArgs = encryptorArgs;
+        _decryptor = decryptor ?? throw new ArgumentNullException(nameof(decryptor));
+        _decryptorArgs = decryptorArgs;
     }
 
     readonly string _encryptor;
@@ -28,7 +27,7 @@ public byte[] Encrypt(byte[] unencrypted)
         var exit = Invoke(_encryptor, _encryptorArgs, unencrypted, out var encrypted, out var err);
         if (exit != 0)
         {
-            throw new Exception($"Encryptor failed with exit code {exit} and produced: {err}");
+            throw new Exception($"Encryptor failed with exit code {exit} and produced: {err}.");
         }
 
         return encrypted;
@@ -39,7 +38,7 @@ public byte[] Decrypt(byte[] encrypted)
         var exit = Invoke(_decryptor, _decryptorArgs, encrypted, out var decrypted, out var err);
         if (exit != 0)
         {
-            throw new Exception($"Decryptor failed with exit code {exit} and produced: {err}");
+            throw new Exception($"Decryptor failed with exit code {exit} and produced: {err}.");
         }
 
         return decrypted;
@@ -50,6 +49,7 @@ static int Invoke(string fullExePath, string? args, byte[] stdin, out byte[] std
         var startInfo = new ProcessStartInfo
         {
             UseShellExecute = false,
+            RedirectStandardInput = true,
             RedirectStandardError = true,
             RedirectStandardOutput = true,
             WindowStyle = ProcessWindowStyle.Hidden,
diff --git a/src/SeqCli/SeqCli.csproj b/src/SeqCli/SeqCli.csproj
@@ -22,16 +22,16 @@
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
   </PropertyGroup>
   <PropertyGroup Condition="'$(IsWindows)'=='true'">
-    <DefineConstants>WINDOWS</DefineConstants>
+    <DefineConstants>$(DefineConstants);WINDOWS</DefineConstants>
   </PropertyGroup>
   <PropertyGroup Condition="'$(IsOSX)'=='true'">
-    <DefineConstants>OSX</DefineConstants>
+    <DefineConstants>$(DefineConstants);OSX</DefineConstants>
   </PropertyGroup>
   <PropertyGroup Condition="'$(IsLinux)'=='true'">
-    <DefineConstants>LINUX</DefineConstants>
+    <DefineConstants>$(DefineConstants);LINUX</DefineConstants>
   </PropertyGroup>
   <PropertyGroup Condition="'$(IsWindows)'!='true'">
-    <DefineConstants>UNIX</DefineConstants>
+    <DefineConstants>$(DefineConstants);UNIX</DefineConstants>
   </PropertyGroup>
   <ItemGroup>
     <Content Include="..\..\asset\SeqCli.ico" Link="SeqCli.ico" />
diff --git a/test/SeqCli.EndToEnd/Support/TestDataFolder.cs b/test/SeqCli.EndToEnd/Support/TestDataFolder.cs
@@ -11,7 +11,7 @@ public TestDataFolder()
     {
         _basePath = System.IO.Path.Combine(
             System.IO.Path.GetTempPath(),
-            "SeqCli Test",
+            "SeqCli.Tests.EndToEnd",
             Guid.NewGuid().ToString("n"));
 
         Directory.CreateDirectory(_basePath);
diff --git a/test/SeqCli.Tests/Config/ExternalDataProtectorTests.cs b/test/SeqCli.Tests/Config/ExternalDataProtectorTests.cs
@@ -0,0 +1,58 @@
+using System;
+using System.ComponentModel;
+using System.IO;
+using System.Text;
+using SeqCli.Encryptor;
+using SeqCli.Tests.Support;
+using Xunit;
+
+namespace SeqCli.Tests.Config;
+
+public class ExternalDataProtectorTests
+{
+    [Fact]
+    public void IfEncryptorDoesNotExistEncryptThrows()
+    {
+        var protector = new ExternalDataProtector(Some.String(), null, Some.String(), null);
+        Assert.Throws<Win32Exception>(() => protector.Encrypt(Some.Bytes(200)));
+    }
+
+#if UNIX
+    [Fact]
+    public void IfEncryptorFailsEncryptThrows()
+    {
+        var protector = new ExternalDataProtector("bash", "-c \"exit 1\"", Some.String(), null);
+        // May be `Exception` or `IOException`.
+        Assert.ThrowsAny<Exception>(() => protector.Encrypt(Some.Bytes(200)));
+    }
+
+    [Fact]
+    public void EncryptCallsEncryptor()
+    {
+        const string prefix = "123";
+        
+        var encoding = new UTF8Encoding(false);
+        using var temp = TempFolder.ForCaller();
+        var filename = temp.AllocateFilename();
+        File.WriteAllBytes(filename, encoding.GetBytes(prefix));
+        
+        const string input = "Hello, world!";
+        
+        var protector = new ExternalDataProtector("bash", $"-c \"cat '{filename}' -\"", Some.String(), null);
+        var actual = encoding.GetString(protector.Encrypt(encoding.GetBytes(input)));
+        
+        Assert.Equal($"{prefix}{input}", actual);
+    }
+    
+    [Fact]
+    public void EncryptionRoundTrips()
+    {
+        const string echo = "bash";
+        const string echoArgs = "-c \"cat -\"";
+        var protector = new ExternalDataProtector(echo, echoArgs, echo, echoArgs);
+        var expected = Some.Bytes(200);
+        var actual = protector.Decrypt(protector.Encrypt(expected));
+        Assert.Equal(expected, actual);
+    }
+#endif
+}
diff --git a/test/SeqCli.Tests/Config/SeqCliEncryptionProviderConfigTests.cs b/test/SeqCli.Tests/Config/SeqCliEncryptionProviderConfigTests.cs
@@ -0,0 +1,66 @@
+using System;
+using System.Runtime.InteropServices;
+using SeqCli.Config;
+using SeqCli.Encryptor;
+using Xunit;
+
+namespace SeqCli.Tests.Config;
+
+public class SeqCliEncryptionProviderConfigTests
+{
+#if WINDOWS
+    [Fact]
+    public void DefaultDataProtectorOnWindowsIsDpapi()
+    {
+        Assert.True(RuntimeInformation.IsOSPlatform(OSPlatform.Windows));
+        
+        var config = new SeqCliEncryptionProviderConfig();
+        var provider = config.DataProtector();
+        Assert.IsType<WindowsNativeDataProtector>(provider);
+    }
+#else
+    [Fact]
+    public void DefaultDataProtectorOnUnixIsPlaintext()
+    {
+        Assert.False(RuntimeInformation.IsOSPlatform(OSPlatform.Windows));
+        
+        var config = new SeqCliEncryptionProviderConfig();
+        var provider = config.DataProtector();
+        Assert.IsType<PlaintextDataProtector>(provider);
+    }
+#endif
+
+    [Fact]
+    public void SpecifyingEncryptorRequiresDecryptor()
+    {
+        var config = new SeqCliEncryptionProviderConfig
+        {
+            Encryptor = "test"
+        };
+        
+        Assert.Throws<ArgumentException>(() => config.DataProtector());
+    }
+
+    [Fact]
+    public void SpecifyingDecryptorRequiresEncryptor()
+    {
+        var config = new SeqCliEncryptionProviderConfig
+        {
+            Decryptor = "test"
+        };
+        
+        Assert.Throws<ArgumentException>(() => config.DataProtector());
+    }
+
+    [Fact]
+    public void SpecifyingEncryptorAndDecryptorActivatesExternalDataProtector()
+    {
+        var config = new SeqCliEncryptionProviderConfig
+        {
+            Encryptor = "test",
+            Decryptor = "test"
+        };
+        
+        Assert.IsType<ExternalDataProtector>(config.DataProtector());
+    }
+}
diff --git a/test/SeqCli.Tests/SeqCli.Tests.csproj b/test/SeqCli.Tests/SeqCli.Tests.csproj
@@ -2,6 +2,21 @@
   <PropertyGroup>
     <TargetFrameworks>net9.0</TargetFrameworks>
     <TargetFrameworks Condition="'$([System.Runtime.InteropServices.RuntimeInformation]::IsOSPlatform($([System.Runtime.InteropServices.OSPlatform]::Windows)))' == 'true'">$(TargetFrameworks);net9.0-windows</TargetFrameworks>
+    <IsWindows Condition="'$([System.Runtime.InteropServices.RuntimeInformation]::IsOSPlatform($([System.Runtime.InteropServices.OSPlatform]::Windows)))' == 'true'">true</IsWindows>
+    <IsLinux Condition="'$([System.Runtime.InteropServices.RuntimeInformation]::IsOSPlatform($([System.Runtime.InteropServices.OSPlatform]::Linux)))' == 'true'">true</IsLinux>
+    <IsOSX Condition="'$([System.Runtime.InteropServices.RuntimeInformation]::IsOSPlatform($([System.Runtime.InteropServices.OSPlatform]::OSX)))' == 'true'">true</IsOSX>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(IsWindows)'=='true'">
+    <DefineConstants>$(DefineConstants);WINDOWS</DefineConstants>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(IsOSX)'=='true'">
+    <DefineConstants>$(DefineConstants);OSX</DefineConstants>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(IsLinux)'=='true'">
+    <DefineConstants>$(DefineConstants);LINUX</DefineConstants>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(IsWindows)'!='true'">
+    <DefineConstants>$(DefineConstants);UNIX</DefineConstants>
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.14.1" />
diff --git a/test/SeqCli.Tests/Support/TempFolder.cs b/test/SeqCli.Tests/Support/TempFolder.cs
@@ -15,7 +15,7 @@ public TempFolder(string name)
     {
         Path = System.IO.Path.Combine(
             Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData),
-            "SeqCli.Forwarder.Tests",
+            "SeqCli.Tests",
             Session.ToString("n"),
             name);
 

Original file line number	Diff line number	Diff line change
`@@ -9,13 +9,12 @@ namespace SeqCli.Encryptor;`
`9`	`9`
`10`	`10`	`class ExternalDataProtector : IDataProtector`
`11`	`11`	`{`
`12`		`- public ExternalDataProtector(SeqCliEncryptionProviderConfig providerConfig)`
	`12`	`+ public ExternalDataProtector(string encryptor, string? encryptorArgs, string decryptor, string? decryptorArgs)`
`13`	`13`	`{`
`14`		`- _encryptor = providerConfig.Encryptor!;`
`15`		`- _encryptorArgs = providerConfig.EncryptorArgs;`
`16`		`-`
`17`		`- _decryptor = providerConfig.Decryptor!;`
`18`		`- _decryptorArgs = providerConfig.DecryptorArgs;`
	`14`	`+ _encryptor = encryptor ?? throw new ArgumentNullException(nameof(encryptor));`
	`15`	`+ _encryptorArgs = encryptorArgs;`
	`16`	`+ _decryptor = decryptor ?? throw new ArgumentNullException(nameof(decryptor));`
	`17`	`+ _decryptorArgs = decryptorArgs;`
`19`	`18`	`}`
`20`	`19`
`21`	`20`	`readonly string _encryptor;`
`@@ -28,7 +27,7 @@ public byte[] Encrypt(byte[] unencrypted)`
`28`	`27`	`var exit = Invoke(_encryptor, _encryptorArgs, unencrypted, out var encrypted, out var err);`
`29`	`28`	`if (exit != 0)`
`30`	`29`	`{`
`31`		`- throw new Exception($"Encryptor failed with exit code {exit} and produced: {err}");`
	`30`	`+ throw new Exception($"Encryptor failed with exit code {exit} and produced: {err}.");`
`32`	`31`	`}`
`33`	`32`
`34`	`33`	`return encrypted;`
`@@ -39,7 +38,7 @@ public byte[] Decrypt(byte[] encrypted)`
`39`	`38`	`var exit = Invoke(_decryptor, _decryptorArgs, encrypted, out var decrypted, out var err);`
`40`	`39`	`if (exit != 0)`
`41`	`40`	`{`
`42`		`- throw new Exception($"Decryptor failed with exit code {exit} and produced: {err}");`
	`41`	`+ throw new Exception($"Decryptor failed with exit code {exit} and produced: {err}.");`
`43`	`42`	`}`
`44`	`43`
`45`	`44`	`return decrypted;`
`@@ -50,6 +49,7 @@ static int Invoke(string fullExePath, string? args, byte[] stdin, out byte[] std`
`50`	`49`	`var startInfo = new ProcessStartInfo`
`51`	`50`	`{`
`52`	`51`	`UseShellExecute = false,`
	`52`	`+ RedirectStandardInput = true,`
`53`	`53`	`RedirectStandardError = true,`
`54`	`54`	`RedirectStandardOutput = true,`
`55`	`55`	`WindowStyle = ProcessWindowStyle.Hidden,`
Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ public TestDataFolder()`
`11`	`11`	`{`
`12`	`12`	`_basePath = System.IO.Path.Combine(`
`13`	`13`	`System.IO.Path.GetTempPath(),`
`14`		`- "SeqCli Test",`
	`14`	`+ "SeqCli.Tests.EndToEnd",`
`15`	`15`	`Guid.NewGuid().ToString("n"));`
`16`	`16`
`17`	`17`	`Directory.CreateDirectory(_basePath);`
Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ public TempFolder(string name)`
`15`	`15`	`{`
`16`	`16`	`Path = System.IO.Path.Combine(`
`17`	`17`	`Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData),`
`18`		`- "SeqCli.Forwarder.Tests",`
	`18`	`+ "SeqCli.Tests",`
`19`	`19`	`Session.ToString("n"),`
`20`	`20`	`name);`
`21`	`21`