use rand::RngCore;
use sled;
use tempfile::tempdir;
use crate::error::{EnigmaStorageError, Result};
use crate::key_provider::ForeignKeyProvider;
use crate::storage::EncryptedStore;
#[test]
fn tampering_detected() -> Result<()> {
let mut key_bytes = [0u8; 32];
rand::thread_rng().fill_bytes(&mut key_bytes);
let provider = ForeignKeyProvider::new(key_bytes);
let dir = tempdir().map_err(|e| EnigmaStorageError::BackendError(e.to_string()))?;
let path = dir.path().join("db");
let path_str = path
.to_str()
.ok_or_else(|| EnigmaStorageError::BackendError("invalid path".into()))?;
let store = EncryptedStore::open(path_str, "tamper", &provider)?;
store.put("secret", b"value")?;
store.flush()?;
drop(store);
let db = sled::open(path_str)?;
let tree = db.open_tree("kv")?;
if let Some(value) = tree.get("secret")? {
let mut vec = value.to_vec();
if !vec.is_empty() {
vec[0] ^= 0xFF;
}
tree.insert("secret", vec)?;
db.flush()?;
}
drop(tree);
drop(db);
let reopened = EncryptedStore::open(path_str, "tamper", &provider)?;
let result = reopened.get("secret");
assert!(result.is_err());
Ok(())
}