huangye-parking/server/tests/HuangyanParking.Tests/TldCryptoPropertyTests.cs

using FsCheck;
using FsCheck.Xunit;
using HuangyanParking.Infrastructure.Services;

namespace HuangyanParking.Tests;

/// <summary>
/// 特来电加解密和签名的属性测试
/// </summary>
public class TldCryptoPropertyTests
{
    private readonly TldCrypto _crypto = new();

    // 固定16位密钥和IV用于测试
    private const string TestDataSecret = "1234567890abcdef";
    private const string TestDataSecretIV = "abcdef1234567890";
    private const string TestSigSecret = "1234567890abcdef";
    private const string TestOperatorId = "123456789";

    /// <summary>
    /// Feature: huangyan-parking-points, Property 4: 特来电数据加解密 Round-Trip
    /// 对于任意有效JSON数据，AES-128-CBC加密后解密应得到原始数据
    /// Validates: Requirements 14.2, 14.4
    /// </summary>
    [Property(MaxTest = 100)]
    public bool TldEncryptDecrypt_RoundTrip_ShouldReturnOriginalData(NonEmptyString input)
    {
        var plainText = input.Get;

        var encrypted = _crypto.Encrypt(plainText, TestDataSecret, TestDataSecretIV);
        var decrypted = _crypto.Decrypt(encrypted, TestDataSecret, TestDataSecretIV);

        return decrypted == plainText;
    }

    /// <summary>
    /// Feature: huangyan-parking-points, Property 5: 特来电签名验签一致性
    /// 对于任意消息数据，HMAC-MD5签名后验签应通过；篡改数据后验签应失败
    /// Validates: Requirements 14.5
    /// </summary>
    [Property(MaxTest = 100)]
    public bool TldSign_ShouldVerifySuccessfully(NonEmptyString data)
    {
        var timestamp = "20240101120000";
        var seq = "0001";

        var sig = _crypto.Sign(TestOperatorId, data.Get, timestamp, seq, TestSigSecret);
        return _crypto.Verify(TestOperatorId, data.Get, timestamp, seq, sig, TestSigSecret);
    }

    /// <summary>
    /// Feature: huangyan-parking-points, Property 5（补充）: 篡改数据后验签应失败
    /// Validates: Requirements 14.5
    /// </summary>
    [Property(MaxTest = 100)]
    public bool TldSign_TamperedData_ShouldFailVerification(NonEmptyString data)
    {
        var timestamp = "20240101120000";
        var seq = "0001";

        var sig = _crypto.Sign(TestOperatorId, data.Get, timestamp, seq, TestSigSecret);
        // 篡改数据
        var tampered = data.Get + "_tampered";
        return !_crypto.Verify(TestOperatorId, tampered, timestamp, seq, sig, TestSigSecret);
    }
}