dataforge/unibus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
450ca01baff3afd5ededf1c57f46971e09cc32e4
unibus/pkg/membership/require_e2e_test.go
T
egutierrez fb6c796059 test: regression for H4 data-plane content confidentiality 
pkg/membership TestRequireEncryptedRoomsRejectsCleartext: cleartext create ->
403, encrypted -> 201, flag off -> cleartext allowed again.

pkg/client TestAudit_NoSubjectACL: under the public posture a ModeNATS room is
refused; bob (member) decrypts the secret; eve raw-subscribes to the subject off
the data plane and receives only ciphertext (non-empty AEAD nonce, no plaintext
substring) — closing the auditor's 'eve reads internal: salary numbers'.
2026-06-07 14:26:45 +02:00

47 lines
1.6 KiB
Go
Raw Blame History

package membership
import (
"bytes"
"encoding/json"
"net/http"
"net/http/httptest"
"testing"
)
// TestRequireEncryptedRoomsRejectsCleartext is the control-plane half of the
// audit H4 minimum defense: with RequireEncryptedRooms on (the public posture),
// creating a cleartext (ModeNATS) room is refused 403, while an encrypted room is
// created normally. This is what guarantees no message ever rides the un-ACL'd
// NATS subject in the clear on a public deployment.
func TestRequireEncryptedRoomsRejectsCleartext(t *testing.T) {
srv := dosServer(t, AuthOff)
srv.RequireEncryptedRooms = true
create := func(encrypt bool) int {
body, _ := json.Marshal(createRoomReq{
Subject: "payroll.subject",
Policy: policyJSON{Encrypt: encrypt, Persist: encrypt, SignMsgs: encrypt},
Owner: endpointJSON{Endpoint: "owner-ep", SignPub: []byte("sp"), KexPub: []byte("kp")},
SealedKeySelf: []byte("sealed"),
})
rec := httptest.NewRecorder()
srv.ServeHTTP(rec, httptest.NewRequest(http.MethodPost, "/rooms", bytes.NewReader(body)))
return rec.Code
}
// Error path: a cleartext room is refused.
if code := create(false); code != http.StatusForbidden {
t.Fatalf("cleartext room under RequireEncryptedRooms should be 403, got %d", code)
}
// Golden: an encrypted room is created.
if code := create(true); code != http.StatusCreated {
t.Fatalf("encrypted room should be 201, got %d", code)
}
// Edge: with the flag OFF (loopback/dev), cleartext rooms are allowed again.
srv.RequireEncryptedRooms = false
if code := create(false); code != http.StatusCreated {
t.Fatalf("cleartext room with the flag off should be 201, got %d", code)
}
}
Reference in New Issue View Git Blame Copy Permalink