LocalData/Tests/LocalDataTests/RouterSecurityTests.swift

import Foundation
import Testing
import Security
@testable import LocalData

@Suite struct RouterSecurityTests {
    private let router: StorageRouter
    private let mockKeychain = MockKeychainHelper()
    
    init() {
        let testBaseURL = FileManager.default.temporaryDirectory.appending(path: "RouterSecurityTests-\(UUID().uuidString)")
        router = StorageRouter(
            keychain: mockKeychain,
            encryption: EncryptionHelper(keychain: mockKeychain),
            file: FileStorageHelper(configuration: FileStorageConfiguration(baseURL: testBaseURL)),
            defaults: UserDefaultsHelper(defaults: UserDefaults(suiteName: "RouterSecurityTests-\(UUID().uuidString)")!)
        )
    }
    
    private func makeSecurityKey(
        name: String,
        domain: StorageDomain,
        security: SecurityPolicy
    ) -> StorageKey<String> {
        StorageKey(
            name: name,
            domain: domain,
            security: security,
            owner: "SecurityTests",
            description: "Security test key"
        )
    }
    
    @Test func applySecurityNone() async throws {
        let key = makeSecurityKey(name: "none.key", domain: .userDefaults(suite: nil), security: .none)
        let value = "test-value"
        
        try await router.set(value, for: key)
        let retrieved: String = try await router.get(key)
        #expect(retrieved == value)
    }
    
    @Test func applySecurityEncryptedAES() async throws {
        let key = makeSecurityKey(
            name: "aes.key", 
            domain: .userDefaults(suite: nil), 
            security: .encrypted(.aes256(keyDerivation: .hkdf()))
        )
        let value = "aes-secret"
        
        try await router.set(value, for: key)
        let retrieved: String = try await router.get(key)
        #expect(retrieved == value)
    }
    
    @Test func applySecurityEncryptedChaCha() async throws {
        let key = makeSecurityKey(
            name: "chacha.key", 
            domain: .userDefaults(suite: nil), 
            security: .encrypted(.chacha20Poly1305(keyDerivation: .hkdf()))
        )
        let value = "chacha-secret"
        
        try await router.set(value, for: key)
        let retrieved: String = try await router.get(key)
        #expect(retrieved == value)
    }
    
    @Test func applySecurityKeychain() async throws {
        let key = makeSecurityKey(
            name: "keychain.key", 
            domain: .keychain(service: "test-service"), 
            security: .keychain(accessibility: .afterFirstUnlock, accessControl: .none)
        )
        let value = "keychain-secret"
        
        try await router.set(value, for: key)
        let retrieved: String = try await router.get(key)
        #expect(retrieved == value)
    }

    @Test func applySecurityPBKDF2() async throws {
        let key = makeSecurityKey(
            name: "pbkdf2.key", 
            domain: .userDefaults(suite: nil), 
            security: .encrypted(.aes256(keyDerivation: .pbkdf2()))
        )
        let value = "pbkdf2-secret"
        
        try await router.set(value, for: key)
        let retrieved: String = try await router.get(key)
        #expect(retrieved == value)
    }
}