284 lines
9.3 KiB
PHP
284 lines
9.3 KiB
PHP
<?php
|
||
/**
|
||
* Phase 4.1 单元测试:Feistel-8 + QR签名 + 短码编解码
|
||
*
|
||
* 运行方式:php tests/phase4_1_feistel_test.php
|
||
*
|
||
* 测试覆盖:
|
||
* 1. Feistel-8 往返测试(encode → decode = 原值)
|
||
* 2. 短码编解码往返测试
|
||
* 3. QR签名/验签测试
|
||
* 4. 边界条件测试
|
||
*/
|
||
|
||
// 模拟 getVrSecret 和 getGoodsKey(不依赖 ShopXO)
|
||
function getVrSecret(): string
|
||
{
|
||
return 'vrt-test-secret-for-unit-test';
|
||
}
|
||
|
||
function getGoodsKey(int $goods_id): string
|
||
{
|
||
static $cache = [];
|
||
if (!isset($cache[$goods_id])) {
|
||
$secret = getVrSecret();
|
||
$cache[$goods_id] = substr(hash_hmac('sha256', (string)$goods_id, $secret), 0, 16);
|
||
}
|
||
return $cache[$goods_id];
|
||
}
|
||
|
||
function feistelRound(int $R, int $round, string $key): int
|
||
{
|
||
$hmac = hash_hmac('sha256', $R . '.' . $round, $key, true);
|
||
$val = (ord($hmac[0]) << 16) | (ord($hmac[1]) << 8) | ord($hmac[2]);
|
||
return $val & 0x7FFFF; // 19bit mask
|
||
}
|
||
|
||
function feistelEncode(int $packed, string $key): string
|
||
{
|
||
$L = ($packed >> 17) & 0x7FFFF;
|
||
$R = $packed & 0x1FFFF;
|
||
|
||
for ($i = 0; $i < 8; $i++) {
|
||
$F = feistelRound($R, $i, $key);
|
||
$L_new = $R;
|
||
$R_new = $L ^ $F;
|
||
$L = $L_new;
|
||
$R = $R_new;
|
||
}
|
||
|
||
$result = ($L & 0x7FFFF) | (($R & 0x1FFFF) << 17);
|
||
return base_convert($result, 10, 36);
|
||
}
|
||
|
||
function feistelDecode(string $code, string $key): int
|
||
{
|
||
$packed = intval(base_convert(strtolower($code), 36, 10));
|
||
$L = ($packed >> 17) & 0x7FFFF;
|
||
$R = $packed & 0x1FFFF;
|
||
|
||
for ($i = 7; $i >= 0; $i--) {
|
||
$F = feistelRound($L, $i, $key);
|
||
$R_new = $L;
|
||
$L_new = $R ^ $F;
|
||
$R = $R_new;
|
||
$L = $L_new;
|
||
}
|
||
|
||
return ($L & 0x7FFFF) | (($R & 0x1FFFF) << 17);
|
||
}
|
||
|
||
function shortCodeEncode(int $goods_id, int $ticket_id): string
|
||
{
|
||
if ($ticket_id > 0x1FFFF) {
|
||
throw new Exception("ticket_id 超出17bit范围 (max=131071), given={$ticket_id}");
|
||
}
|
||
$packed = ($goods_id << 17) | $ticket_id;
|
||
$key = getGoodsKey($goods_id);
|
||
return strtolower(feistelEncode($packed, $key));
|
||
}
|
||
|
||
function shortCodeDecode(string $code, ?int $goods_id_hint = null): array
|
||
{
|
||
$code = strtolower($code);
|
||
$candidates = [];
|
||
if ($goods_id_hint !== null) {
|
||
$candidates[] = $goods_id_hint;
|
||
}
|
||
$max_goods = 100000;
|
||
for ($gid = 1; $gid <= $max_goods; $gid++) {
|
||
if ($goods_id_hint !== null && $gid !== $goods_id_hint) {
|
||
continue;
|
||
}
|
||
$candidates[] = $gid;
|
||
}
|
||
|
||
foreach ($candidates as $gid) {
|
||
$key = getGoodsKey($gid);
|
||
$packed = feistelDecode($code, $key);
|
||
$decoded_goods_id = ($packed >> 17) & 0xFFFF;
|
||
$decoded_ticket_id = $packed & 0x1FFFF;
|
||
if ($decoded_goods_id === $gid) {
|
||
return ['goods_id' => $gid, 'ticket_id' => $decoded_ticket_id];
|
||
}
|
||
}
|
||
throw new Exception("短码解码失败:无法找到匹配的 goods_id (code={$code})");
|
||
}
|
||
|
||
function signQrPayload(array $payload): string
|
||
{
|
||
$secret = getVrSecret();
|
||
$sign_str = $payload['id'] . '.' . $payload['g'] . '.' . $payload['iat'] . '.' . $payload['exp'];
|
||
$sig = substr(hash_hmac('sha256', $sign_str, $secret), 0, 8);
|
||
$payload['sig'] = $sig;
|
||
return base64_encode(json_encode($payload, JSON_UNESCAPED_UNICODE));
|
||
}
|
||
|
||
function verifyQrPayload(string $encoded)
|
||
{
|
||
$json = base64_decode($encoded);
|
||
if ($json === false) return null;
|
||
$payload = json_decode($json, true);
|
||
if (!is_array($payload)) return null;
|
||
if (!isset($payload['id'], $payload['g'], $payload['iat'], $payload['exp'], $payload['sig'])) return null;
|
||
if ($payload['exp'] < time()) return null;
|
||
$secret = getVrSecret();
|
||
$sign_str = $payload['id'] . '.' . $payload['g'] . '.' . $payload['iat'] . '.' . $payload['exp'];
|
||
$expected_sig = substr(hash_hmac('sha256', $sign_str, $secret), 0, 8);
|
||
if (!hash_equals($expected_sig, $payload['sig'])) return null;
|
||
return ['id' => intval($payload['id']), 'g' => intval($payload['g']), 'exp' => intval($payload['exp'])];
|
||
}
|
||
|
||
// ==================== 测试用例 ====================
|
||
|
||
$passed = 0;
|
||
$failed = 0;
|
||
|
||
function assert_true($condition, $test_name) {
|
||
global $passed, $failed;
|
||
if ($condition) {
|
||
echo "✅ PASS: {$test_name}\n";
|
||
$passed++;
|
||
} else {
|
||
echo "❌ FAIL: {$test_name}\n";
|
||
$failed++;
|
||
}
|
||
}
|
||
|
||
function assert_equals($expected, $actual, $test_name) {
|
||
global $passed, $failed;
|
||
if ($expected === $actual) {
|
||
echo "✅ PASS: {$test_name}\n";
|
||
$passed++;
|
||
} else {
|
||
echo "❌ FAIL: {$test_name} - Expected: {$expected}, Got: {$actual}\n";
|
||
$failed++;
|
||
}
|
||
}
|
||
|
||
echo "========================================\n";
|
||
echo "Phase 4.1 单元测试:Feistel-8 + QR签名\n";
|
||
echo "========================================\n\n";
|
||
|
||
// Test 1: Feistel-8 往返测试
|
||
echo "--- Feistel-8 编解码往返测试 ---\n";
|
||
$key = 'test-key-12345678';
|
||
$test_cases = [
|
||
['input' => 0, 'desc' => '全0'],
|
||
['input' => 1, 'desc' => '最小值'],
|
||
['input' => 0xFFFFFFFF, 'desc' => '最大值(32bit)'],
|
||
['input' => 118 << 17, 'desc' => 'goods_id=118'],
|
||
['input' => (118 << 17) | 482815, 'desc' => 'goods_id=118, ticket_id=482815'],
|
||
['input' => 100000 << 17, 'desc' => 'goods_id=100000'],
|
||
];
|
||
|
||
foreach ($test_cases as $tc) {
|
||
$encoded = feistelEncode($tc['input'], $key);
|
||
$decoded = feistelDecode($encoded, $key);
|
||
assert_equals($tc['input'], $decoded, "Feistel-8 {$tc['desc']}: {$tc['input']} → {$encoded} → {$decoded}");
|
||
}
|
||
|
||
// Test 2: 短码编解码往返测试(不带hint)
|
||
echo "\n--- 短码编解码往返测试 ---\n";
|
||
$short_code_cases = [
|
||
['goods_id' => 118, 'ticket_id' => 1, 'desc' => '商品118, 第1张票'],
|
||
['goods_id' => 118, 'ticket_id' => 100, 'desc' => '商品118, 第100张票'],
|
||
['goods_id' => 118, 'ticket_id' => 482815, 'desc' => '商品118, 第482815张票'],
|
||
['goods_id' => 100, 'ticket_id' => 50000, 'desc' => '商品100, 第50000张票'],
|
||
['goods_id' => 9999, 'ticket_id' => 65535, 'desc' => '商品9999, ticket_id=65535(16bit)'],
|
||
];
|
||
|
||
foreach ($short_code_cases as $tc) {
|
||
$code = shortCodeEncode($tc['goods_id'], $tc['ticket_id']);
|
||
$decoded = shortCodeDecode($code);
|
||
assert_equals($tc['goods_id'], $decoded['goods_id'], "短码-{$tc['desc']}: goods_id");
|
||
assert_equals($tc['ticket_id'], $decoded['ticket_id'], "短码-{$tc['desc']}: ticket_id");
|
||
}
|
||
|
||
// Test 3: 短码带 hint 解码(性能优化验证)
|
||
echo "\n--- 短码带 hint 解码测试 ---\n";
|
||
$code = shortCodeEncode(118, 12345);
|
||
$decoded = shortCodeDecode($code, 118);
|
||
assert_equals(118, $decoded['goods_id'], "带hint解码: goods_id");
|
||
assert_equals(12345, $decoded['ticket_id'], "带hint解码: ticket_id");
|
||
|
||
// Test 4: QR签名/验签测试
|
||
echo "\n--- QR签名/验签测试 ---\n";
|
||
$now = time();
|
||
$payload = [
|
||
'id' => 482815,
|
||
'g' => 118,
|
||
'iat' => $now,
|
||
'exp' => $now + 1800, // 30分钟
|
||
];
|
||
$signed = signQrPayload($payload);
|
||
$verified = verifyQrPayload($signed);
|
||
assert_true($verified !== null, "QR签名验证: 签名有效");
|
||
if ($verified) {
|
||
assert_equals(482815, $verified['id'], "QR签名验证: id匹配");
|
||
assert_equals(118, $verified['g'], "QR签名验证: goods_id匹配");
|
||
}
|
||
|
||
// Test 5: QR签名防篡改测试
|
||
echo "\n--- QR签名防篡改测试 ---\n";
|
||
$json = base64_decode($signed);
|
||
$malicious_data = json_decode($json, true);
|
||
$malicious_data['id'] = 999999; // 篡改
|
||
$malicious_signed = base64_encode(json_encode($malicious_data, JSON_UNESCAPED_UNICODE));
|
||
$verified = verifyQrPayload($malicious_signed);
|
||
assert_true($verified === null, "QR防篡改: 篡改后应返回null");
|
||
|
||
// Test 6: QR过期测试
|
||
echo "\n--- QR过期测试 ---\n";
|
||
$expired_payload = [
|
||
'id' => 1,
|
||
'g' => 118,
|
||
'iat' => $now - 3600,
|
||
'exp' => $now - 1800, // 已过期
|
||
];
|
||
$expired_signed = signQrPayload($expired_payload);
|
||
$verified = verifyQrPayload($expired_signed);
|
||
assert_true($verified === null, "QR过期测试: 已过期应返回null");
|
||
|
||
// Test 7: 边界条件 - ticket_id 超出17bit
|
||
echo "\n--- 边界条件测试 ---\n";
|
||
try {
|
||
shortCodeEncode(118, 131072); // 超出17bit
|
||
echo "❌ FAIL: ticket_id超出17bit应抛出异常\n";
|
||
$failed++;
|
||
} catch (Exception $e) {
|
||
echo "✅ PASS: ticket_id超出17bit正确抛出异常\n";
|
||
$passed++;
|
||
}
|
||
|
||
// Test 8: ticket_id 最大17bit值
|
||
$max_ticket = 131071; // 0x1FFFF
|
||
$code = shortCodeEncode(118, $max_ticket);
|
||
$decoded = shortCodeDecode($code);
|
||
assert_equals(118, $decoded['goods_id'], "最大ticket_id: goods_id");
|
||
assert_equals($max_ticket, $decoded['ticket_id'], "最大ticket_id: ticket_id = 131071");
|
||
|
||
// Test 9: 不同商品 key 不同
|
||
echo "\n--- Per-goods key 隔离测试 ---\n";
|
||
$code1 = shortCodeEncode(118, 1000);
|
||
$code2 = shortCodeEncode(119, 1000);
|
||
assert_true($code1 !== $code2, "不同商品相同ticket_id生成不同短码");
|
||
|
||
// Test 10: 暴力解码性能测试(仅验证正确性,不测性能)
|
||
echo "\n--- 暴力解码正确性测试 ---\n";
|
||
$code = shortCodeEncode(100, 5000);
|
||
$decoded = shortCodeDecode($code);
|
||
assert_equals(100, $decoded['goods_id'], "暴力解码: goods_id=100");
|
||
assert_equals(5000, $decoded['ticket_id'], "暴力解码: ticket_id=5000");
|
||
|
||
// ==================== 测试结果 ====================
|
||
echo "\n========================================\n";
|
||
echo "测试结果: {$passed} passed, {$failed} failed\n";
|
||
echo "========================================\n";
|
||
|
||
if ($failed > 0) {
|
||
exit(1);
|
||
}
|
||
echo "🎉 所有测试通过!\n";
|
||
exit(0);
|