4b72a37120
主要更新: 1. 数据库持久化功能 - 支持三种策略:仅落库、既落库又存证、仅存证 - 实现 Cursor Worker 异步扫描和存证机制 - 实现 Retry Worker 失败重试机制 - 支持 PostgreSQL、MySQL、SQLite 等多种数据库 - 添加 ClientIP 和 ServerIP 字段(可空,仅落库) 2. 集群并发安全 - 使用 SELECT FOR UPDATE SKIP LOCKED 防止重复处理 - 实现 CAS (Compare-And-Set) 原子状态更新 - 添加 updated_at 字段支持并发控制 3. Cursor 初始化优化 - 自动基于历史数据初始化 cursor - 确保不遗漏任何历史记录 - 修复 UPSERT 逻辑 4. 测试完善 - 添加 E2E 集成测试(含 Pulsar 消费者验证) - 添加 PostgreSQL 集成测试 - 添加 Pulsar 集成测试 - 添加集群并发安全测试 - 添加 Cursor 初始化验证测试 - 补充大量单元测试,提升覆盖率 5. 工具脚本 - 添加数据库迁移脚本 - 添加 Cursor 状态检查工具 - 添加 Cursor 初始化工具 - 添加 Pulsar 消息验证工具 6. 文档清理 - 删除冗余文档,只保留根目录 README 测试结果: - 所有 E2E 测试通过(100%) - 数据库持久化与异步存证流程验证通过 - 集群环境下的并发安全性验证通过 - Cursor 自动初始化和历史数据处理验证通过
254 lines
6.3 KiB
Go
254 lines
6.3 KiB
Go
package model_test
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"go.yandata.net/iod/iod/go-trustlog/api/model"
|
|
)
|
|
|
|
func TestComputeSignature_EmptyPrivateKey(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
_, err := model.ComputeSignature([]byte("data"), nil)
|
|
require.Error(t, err)
|
|
assert.Contains(t, err.Error(), "private key cannot be empty")
|
|
}
|
|
|
|
func TestComputeSignature_EmptyData(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
privateKey := []byte("invalid-key")
|
|
_, err := model.ComputeSignature(nil, privateKey)
|
|
require.Error(t, err)
|
|
assert.Contains(t, err.Error(), "data to sign cannot be empty")
|
|
}
|
|
|
|
func TestComputeSignature_InvalidKey(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
_, err := model.ComputeSignature([]byte("data"), []byte("invalid-key"))
|
|
require.Error(t, err)
|
|
assert.Contains(t, err.Error(), "failed to parse SM2 private key")
|
|
}
|
|
|
|
func TestVerifySignature_EmptyPublicKey(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
_, err := model.VerifySignature([]byte("data"), nil, []byte("signature"))
|
|
require.Error(t, err)
|
|
assert.Contains(t, err.Error(), "public key cannot be empty")
|
|
}
|
|
|
|
func TestVerifySignature_EmptyData(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
publicKey := []byte("invalid-key")
|
|
_, err := model.VerifySignature(nil, publicKey, []byte("signature"))
|
|
require.Error(t, err)
|
|
assert.Contains(t, err.Error(), "data to verify cannot be empty")
|
|
}
|
|
|
|
func TestVerifySignature_InvalidKey(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
publicKey := []byte("invalid-key")
|
|
valid, err := model.VerifySignature([]byte("data"), publicKey, []byte("signature"))
|
|
require.Error(t, err)
|
|
assert.False(t, valid)
|
|
assert.Contains(t, err.Error(), "failed to parse SM2 public key")
|
|
}
|
|
|
|
func TestGenerateSM2KeyPair(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
keyPair, err := model.GenerateSM2KeyPair()
|
|
require.NoError(t, err)
|
|
assert.NotNil(t, keyPair)
|
|
assert.NotNil(t, keyPair.Public)
|
|
assert.NotNil(t, keyPair.Private)
|
|
}
|
|
|
|
func TestMarshalSM2PrivateDER_Nil(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
_, err := model.MarshalSM2PrivateDER(nil)
|
|
require.Error(t, err)
|
|
assert.Contains(t, err.Error(), "private key is nil")
|
|
}
|
|
|
|
func TestMarshalSM2PrivateDER(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
keyPair, err := model.GenerateSM2KeyPair()
|
|
require.NoError(t, err)
|
|
|
|
der, err := model.MarshalSM2PrivateDER(keyPair.Private)
|
|
require.NoError(t, err)
|
|
assert.NotNil(t, der)
|
|
assert.NotEmpty(t, der)
|
|
}
|
|
|
|
func TestParseSM2PrivateDER_Empty(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
_, err := model.ParseSM2PrivateDER(nil)
|
|
require.Error(t, err)
|
|
assert.Contains(t, err.Error(), "DER encoded private key cannot be empty")
|
|
}
|
|
|
|
func TestParseSM2PrivateDER_Invalid(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
_, err := model.ParseSM2PrivateDER([]byte("invalid-der"))
|
|
require.Error(t, err)
|
|
assert.Contains(t, err.Error(), "failed to parse SM2 private key from DER")
|
|
}
|
|
|
|
func TestParseSM2PrivateDER_RoundTrip(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
keyPair, err := model.GenerateSM2KeyPair()
|
|
require.NoError(t, err)
|
|
|
|
der, err := model.MarshalSM2PrivateDER(keyPair.Private)
|
|
require.NoError(t, err)
|
|
|
|
parsedKey, err := model.ParseSM2PrivateDER(der)
|
|
require.NoError(t, err)
|
|
assert.NotNil(t, parsedKey)
|
|
}
|
|
|
|
func TestMarshalSM2PublicDER_Nil(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
_, err := model.MarshalSM2PublicDER(nil)
|
|
require.Error(t, err)
|
|
assert.Contains(t, err.Error(), "public key is nil")
|
|
}
|
|
|
|
func TestMarshalSM2PublicDER(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
keyPair, err := model.GenerateSM2KeyPair()
|
|
require.NoError(t, err)
|
|
|
|
der, err := model.MarshalSM2PublicDER(keyPair.Public)
|
|
require.NoError(t, err)
|
|
assert.NotNil(t, der)
|
|
assert.NotEmpty(t, der)
|
|
}
|
|
|
|
func TestParseSM2PublicDER_Empty(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
_, err := model.ParseSM2PublicDER(nil)
|
|
require.Error(t, err)
|
|
assert.Contains(t, err.Error(), "DER encoded public key cannot be empty")
|
|
}
|
|
|
|
func TestParseSM2PublicDER_Invalid(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
_, err := model.ParseSM2PublicDER([]byte("invalid-der"))
|
|
require.Error(t, err)
|
|
assert.Contains(t, err.Error(), "failed to parse SM2 public key")
|
|
}
|
|
|
|
func TestParseSM2PublicDER_RoundTrip(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
keyPair, err := model.GenerateSM2KeyPair()
|
|
require.NoError(t, err)
|
|
|
|
der, err := model.MarshalSM2PublicDER(keyPair.Public)
|
|
require.NoError(t, err)
|
|
|
|
parsedKey, err := model.ParseSM2PublicDER(der)
|
|
require.NoError(t, err)
|
|
assert.NotNil(t, parsedKey)
|
|
}
|
|
|
|
func TestSM2SignAndVerify_RoundTrip(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
// Generate key pair
|
|
keyPair, err := model.GenerateSM2KeyPair()
|
|
require.NoError(t, err)
|
|
|
|
// Marshal keys
|
|
privateKeyDER, err := model.MarshalSM2PrivateDER(keyPair.Private)
|
|
require.NoError(t, err)
|
|
|
|
publicKeyDER, err := model.MarshalSM2PublicDER(keyPair.Public)
|
|
require.NoError(t, err)
|
|
|
|
// Sign data
|
|
data := []byte("test data")
|
|
signature, err := model.ComputeSignature(data, privateKeyDER)
|
|
require.NoError(t, err)
|
|
assert.NotNil(t, signature)
|
|
assert.NotEmpty(t, signature)
|
|
|
|
// Verify signature
|
|
valid, err := model.VerifySignature(data, publicKeyDER, signature)
|
|
require.NoError(t, err)
|
|
assert.True(t, valid)
|
|
}
|
|
|
|
func TestSM2SignAndVerify_WrongData(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
// Generate key pair
|
|
keyPair, err := model.GenerateSM2KeyPair()
|
|
require.NoError(t, err)
|
|
|
|
// Marshal keys
|
|
privateKeyDER, err := model.MarshalSM2PrivateDER(keyPair.Private)
|
|
require.NoError(t, err)
|
|
|
|
publicKeyDER, err := model.MarshalSM2PublicDER(keyPair.Public)
|
|
require.NoError(t, err)
|
|
|
|
// Sign data
|
|
data := []byte("test data")
|
|
signature, err := model.ComputeSignature(data, privateKeyDER)
|
|
require.NoError(t, err)
|
|
|
|
// Verify with wrong data
|
|
wrongData := []byte("wrong data")
|
|
valid, err := model.VerifySignature(wrongData, publicKeyDER, signature)
|
|
// Verification should return error
|
|
require.Error(t, err)
|
|
assert.False(t, valid)
|
|
assert.Contains(t, err.Error(), "signature verification failed")
|
|
}
|
|
|
|
func TestSM2SignAndVerify_WrongSignature(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
// Generate key pair
|
|
keyPair, err := model.GenerateSM2KeyPair()
|
|
require.NoError(t, err)
|
|
|
|
// Marshal keys
|
|
privateKeyDER, err := model.MarshalSM2PrivateDER(keyPair.Private)
|
|
require.NoError(t, err)
|
|
|
|
publicKeyDER, err := model.MarshalSM2PublicDER(keyPair.Public)
|
|
require.NoError(t, err)
|
|
|
|
// Sign data
|
|
data := []byte("test data")
|
|
_, err = model.ComputeSignature(data, privateKeyDER)
|
|
require.NoError(t, err)
|
|
|
|
// Verify with wrong signature
|
|
wrongSignature := []byte("wrong signature")
|
|
valid, err := model.VerifySignature(data, publicKeyDER, wrongSignature)
|
|
require.Error(t, err) // Should fail verification
|
|
assert.False(t, valid)
|
|
}
|