ietf-wimse-ect/refimpl/python/tests/test_validate.py

"""Tests for validate module."""

import json
import pytest

from ect.validate import (
    EXT_MAX_DEPTH,
    EXT_MAX_SIZE,
    validate_ext,
    validate_hash_format,
    valid_uuid,
)


def test_valid_uuid():
    assert valid_uuid("550e8400-e29b-41d4-a716-446655440000") is True
    assert valid_uuid("00000000-0000-0000-0000-000000000000") is True
    assert valid_uuid("") is False
    assert valid_uuid("not-a-uuid") is False
    assert valid_uuid("550e8400e29b41d4a716446655440000") is False  # no dashes


def test_validate_ext_none():
    validate_ext(None)
    validate_ext({})


def test_validate_ext_size():
    # Serialized JSON must exceed EXT_MAX_SIZE (4096) bytes
    big = {"x": "y" * (EXT_MAX_SIZE - 2)}  # "{\"x\":\"...\"}" + payload
    raw = json.dumps(big)
    assert len(raw.encode("utf-8")) > EXT_MAX_SIZE
    with pytest.raises(ValueError, match="max size"):
        validate_ext(big)


def test_validate_ext_depth():
    deep = {"a": 1}
    for _ in range(EXT_MAX_DEPTH):
        deep = {"n": deep}
    with pytest.raises(ValueError, match="depth"):
        validate_ext(deep)


def test_validate_hash_format_empty():
    validate_hash_format("")


def test_validate_hash_format_ok():
    # Plain base64url per RFC 9449 / ECT spec (no algorithm prefix)
    validate_hash_format("YQ")
    validate_hash_format("dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk")
    validate_hash_format("abc123-_XYZ")


def test_validate_hash_format_bad():
    # Colon is not valid base64url — rejects old prefixed format
    with pytest.raises(ValueError, match="plain base64url"):
        validate_hash_format("sha-256:YQ")
    with pytest.raises(ValueError, match="plain base64url"):
        validate_hash_format("not valid!!")
    # Null byte in payload
    with pytest.raises(ValueError, match="plain base64url"):
        validate_hash_format("YQ\x00")