chore(ci): Add unit tests for crypto provider

[elizabethhealy]

Proposed Changes

• increase coverage of service/internal/security from 19.4% to 81.6%

Checklist

• I have added or updated unit tests
• I have added or updated integration tests (if appropriate)
• I have added or updated documentation

Testing Instructions

[gemini-code-assist]

Summary of Changes

Hello @elizabethhealy, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the robustness of the cryptographic provider services by introducing a comprehensive suite of unit tests. These new tests validate various functionalities, including key management, decryption processes, and provider initialization, ensuring the reliability and correctness of critical security operations and substantially increasing test coverage for the service/internal/security package.

Highlights

• Comprehensive Unit Test Coverage: Added extensive unit tests for the in_process_provider within the security package, validating key details adaptation, provider metadata, key lookup mechanisms, decryption processes, key derivation, session key generation, and key type determination.
• Standard Crypto Functionality Tests: Introduced unit tests for the standard_crypto implementation, covering key identifier lookups, public key export formats (PEM and JWK), decryption logic for both RSA and EC keys, error handling during configuration loading, and the management of deprecated keys.
• Crypto Provider Factory Tests: Included tests for the NewCryptoProvider factory function, specifically verifying its behavior when an HSM provider is requested (expecting an error as it's removed) and ensuring it correctly falls back to the standard provider for unknown types.
• New Test Helper Utilities: Created a dedicated test helper file (test_helpers_test.go) to provide utility functions like writeTempFile for temporary file creation and newStandardCryptoForTest for setting up consistent cryptographic test environments, improving test readability and maintainability.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

New tests now stand tall, Code's secrets they now unveil, Stronger, safe, and sound.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request adds a comprehensive suite of unit tests for the crypto provider, significantly increasing test coverage as intended. The tests are well-structured and cover a good range of success and error scenarios for both RSA and EC keys. I've identified one critical issue that will prevent the code from compiling and one suggestion to improve test readability and maintainability.

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	186.069712ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	106.624768ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	379.208904ms
Throughput	263.71 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	39.766298045s
Average Latency	396.107027ms
Throughput	125.73 requests/second

[github-actions]

X-Test Failure Report

opentdfplatform4LMPJP.dockerbuild
cukes-report
✅ js-v0.9.0
✅ js-pull-3032
✅ java-v0.9.0
bats-test-results

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	201.024437ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	110.264ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	378.627239ms
Throughput	264.11 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	42.393910428s
Average Latency	422.091569ms
Throughput	117.94 requests/second

[github-actions]

X-Test Results

opentdfplatformRKPEZT.dockerbuild
cukes-report
✅ js-v0.9.0
bats-test-results
✅ js-pull-3032
test-cases-mapping-report
✅ java-v0.9.0
✅ java-pull-3032
✅ go-v0.9.0
✅ go-pull-3032

[github-actions]

Benchmark results, click to expand

Benchmark authorization.GetDecisions Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	195.244685ms

Benchmark authorization.v2.GetMultiResourceDecision Results:

Metric	Value
Approved Decision Requests	1000
Denied Decision Requests	0
Total Time	103.459933ms

Benchmark Statistics

Name	№ Requests	Avg Duration	Min Duration	Max Duration

Bulk Benchmark Results

Metric	Value
Total Decrypts	100
Successful Decrypts	100
Failed Decrypts	0
Total Time	391.976538ms
Throughput	255.12 requests/second

TDF3 Benchmark Results:

Metric	Value
Total Requests	5000
Successful Requests	5000
Failed Requests	0
Concurrent Requests	50
Total Time	39.913948291s
Average Latency	397.547143ms
Throughput	125.27 requests/second

[github-actions]

X-Test Results

opentdfplatformTMXPP5.dockerbuild
cukes-report
✅ js-pull-3032
✅ js-v0.9.0
bats-test-results
✅ java-v0.9.0
test-cases-mapping-report
✅ java-pull-3032
✅ go-v0.9.0
✅ go-pull-3032

[dmihalcik-virtru]

See #3037