Fix tests

Author: jsed-nhs

src/api/Nhs.Appointments.Core/ReferenceNumber/Options.cs

@@ -1,6 +1,6 @@
 namespace Nhs.Appointments.Core.ReferenceNumber;
 
-public abstract class ReferenceNumberOptions
+public class ReferenceNumberOptions
 {
     public int HmacKeyVersion { get; set; }
     public byte[] HmacKey { get; set; }

src/api/Nhs.Appointments.Core/ReferenceNumber/Provider.cs

@@ -14,7 +14,7 @@ public interface IProvider
 
     bool IsValidBookingReference(string bookingReference);
 
-    int DeriveSequenceStride(string partitionKey);
+    int DeriveSequenceMultiplier(string partitionKey);
 }
 
 public interface IBookingReferenceDocumentStore
@@ -71,7 +71,7 @@ private string Generate(int sequenceNumber, DateTimeOffset utcNow)
     {
         var overflowedSequenceNumber = sequenceNumber % SequenceMax;
         var partitionKey = PartitionKey(utcNow);
-        var sequenceBijection = GenerateSequenceBijection(overflowedSequenceNumber, partitionKey)
+        var sequenceBijection = GenerateSequenceValue(overflowedSequenceNumber, partitionKey)
             .ToString("D8");
         var partitionAndSequenceBijection = partitionKey + sequenceBijection;
 
@@ -84,72 +84,75 @@ private string Generate(int sequenceNumber, DateTimeOffset utcNow)
     }
 
     /// <summary>
-    ///     A bijection is a 1-1 mapping between two sets of numbers.
     ///     This generation adds an element of seeming randomness to the sequence numbers generated, while still being
-    ///     deterministic and avoiding collisions.
+    ///     deterministic and avoiding collisions within 100 million sequence numbers (mod 100 million).
     ///     This method means all 100 million sequence numbers will each generate a different and distinct number in that range. (0-99999999)
-    ///     Using a dynamically generated stride/increment means this cannot be guessed, as it is generated using a secret key and will change with each partition change.
+    ///     Uses a dynamically generated sequence increment multiplier which means this cannot be inferred, as it is generated using a secret key and will change with each partition change.
     ///     This is needed to protect against sequential attacks visible in the reference numbers (i.e people guessing the next booking is
     ///     exactly 1 reference number higher)
     /// </summary>
-    private int GenerateSequenceBijection(int sequence, string partitionKey)
+    private int GenerateSequenceValue(int sequence, string partitionKey)
     {
-        var sequenceStride = GetSequenceStride(partitionKey);
+        var sequenceMultiplier = GetSequenceMultiplier(partitionKey);
 
-        // f(i) = ( S * i + O ) mod N : is a bijection on (0, ..., N-1)
-        // when the stride (S) is coprime with N (i.e gcd(S,N) = 1), and O is a constant offset (set to zero for us as no benefit)
-        return (int)((long)sequenceStride * sequence % SequenceMax);
+        // A bijection is a 1-1 mapping between two sets of numbers.
+        // f(i) = ( S * i ) mod N : is a bijection on (0, ..., N-1) when the multiplier (S) is coprime with N (i.e gcd(S,N) = 1)
+        
+        return (int)((long)sequenceMultiplier * sequence % SequenceMax);
     }
 
-    private int GetSequenceStride(string partitionKey)
+    private int GetSequenceMultiplier(string partitionKey)
     {
         var cacheKey = $"{Options.Value.HmacKeyVersion}:{partitionKey}";
-        if (memoryCache.TryGetValue(cacheKey, out int sequenceStride))
+        if (memoryCache.TryGetValue(cacheKey, out int sequenceMultiplier))
         {
-            return sequenceStride;
+            return sequenceMultiplier;
         }
 
-        sequenceStride = DeriveSequenceStride(partitionKey);
-        memoryCache.Set(cacheKey, sequenceStride, TimeSpan.FromDays(PartitionBucketLengthInDays + 4)); // easily spans the partition length
-        return sequenceStride;
+        sequenceMultiplier = DeriveSequenceMultiplier(partitionKey);
+        memoryCache.Set(cacheKey, sequenceMultiplier, TimeSpan.FromDays(PartitionBucketLengthInDays + 4)); // easily spans the partition length
+        return sequenceMultiplier;
     }
 
     /// <summary>
-    ///     Derives the sequence stride used for the bijection.
-    ///     Generates a sequence stride that is COPRIME with SequenceMax, using the partitionKey and a secret key, and some manual manipulation to guarantee the value is coprime.
+    ///     Derives the sequence multiplier used for the bijection.
+    ///     Generates a sequence multiplier that is COPRIME with SequenceMax, using the partitionKey and a secret key, and some manual manipulation to guarantee the value is coprime.
     ///     This doesn't have to generate unique results, two different partition keys and secrets can generate the same result.
     ///     This just needs to be deterministic and non-guessable and guarded by a secret.
     ///     It is used for obfuscation of the sequencing, not for security.
     /// </summary>
-    public int DeriveSequenceStride(string partitionKey)
+    public int DeriveSequenceMultiplier(string partitionKey)
     {
+        //generate a hmacMultiplier that uses both the partition key and the hmac secret key
+        //this can be any 64-bit integer
         using var h = new HMACSHA256(Options.Value.HmacKey);
         var mac = h.ComputeHash(Encoding.ASCII.GetBytes(partitionKey));
-        var hmacStride = BitConverter.ToUInt64(mac, 0);
+        var hmacMultiplier = BitConverter.ToUInt64(mac, 0);
 
-        // Base stride is (0,...,N-1)/10 - so multiplying by 10 still stays < N
-        var baseStride = (int)(hmacStride % (SequenceMax / 10)); // 0,..., N-1
+        //next make the hmacMultiplier be a value between 0 - 10 million (we're going to generate the final digit manually to make a number that is coprime with 100 million)
+        var baseMultiplier = (int)(hmacMultiplier % (SequenceMax / 10));
 
         //the following logic is dependent on SequenceMax being a number of format 10^x
 
         // Pick a last digit from {1,3,7,9} deterministically (since any number ending in any of these are coprime to 100 million (sequence max))
-        int[] tail = [1, 3, 7, 9];
+        int[] lastDigitOptions = [1, 3, 7, 9];
 
-        //takes the last two bits of v (so a value 0–3) to pick the last digit deterministically
-        var lastDigit = tail[(int)(hmacStride & 3)];
+        //takes the last two bits of hmacMultiplier (so a value 0–3) to pick the last digit deterministically
+        var lastDigit = lastDigitOptions[(int)(hmacMultiplier & 3)];
 
-        var stride = (baseStride * 10) + lastDigit; // 0,...,N-1 with last digit ending in either {1,3,7,9}
+        // 0,...,999,999,999 with the last digit guaranteed to end in either 1,3,7,9. (i.e 672,509,093 where 67250909 was the hmacMultiplier)
+        var multiplier = (baseMultiplier * 10) + lastDigit; 
 
-        //confirmation of GCD(S,N) == 1, without this, the entire bijection pattern fails!!
-        if ((int)BigInteger.GreatestCommonDivisor(stride, SequenceMax) != 1)
+        //confirmation of GCD(multiplier,SequenceMax) == 1, without this, the entire bijection pattern fails!!
+        if ((int)BigInteger.GreatestCommonDivisor(multiplier, SequenceMax) != 1)
         {
-            //fail fast - logically this should NEVER happen
-            throw new InvalidOperationException($"CRITICAL ERROR - Derived sequence stride does not pass logical requirement of GCD(stride,SequenceMax) == 1. " +
-                                                $"Failure for stride: '{stride}' and sequenceMax: '{SequenceMax}'");
+            //fail fast - logically this should NEVER happen and something has gone VERY WRONG!
+            throw new InvalidOperationException($"CRITICAL ERROR - Derived sequence multiplier does not pass logical requirement of GCD(multiplier,SequenceMax) == 1. " +
+                                                $"Failure for multiplier: '{multiplier}' and sequenceMax: '{SequenceMax}'");
         }
 
-        //GCD(S,N) == 1 guaranteed
-        return stride; 
+        //GCD(multiplier,SequenceMax) == 1 guaranteed
+        return multiplier; 
     }
 
     /// <summary>

tests/Nhs.Appointments.Core.UnitTests/ReferenceNumber/ProviderTests.cs

@@ -22,11 +22,8 @@ public class ProviderTests
 
     public ProviderTests()
     {
-        _options.Setup(x => x.Value.HmacKey).Returns(HmacTestSecretKey);
-        _options.Setup(x => x.Value.HmacKeyVersion).Returns(1);
-        
-        using var cache = new MemoryCache(new MemoryCacheOptions());
-        _sut = new Provider(_options.Object, _bookingReferenceDocumentStore.Object, cache, _timeProvider.Object);
+        _options.Setup(x => x.Value).Returns(new ReferenceNumberOptions { HmacKeyVersion = 1, HmacKey = HmacTestSecretKey});
+        _sut = new Provider(_options.Object, _bookingReferenceDocumentStore.Object, new MemoryCache(new MemoryCacheOptions()), _timeProvider.Object);
     }
 
     [Fact]
@@ -45,10 +42,7 @@ public async Task GetReferenceNumber_GeneratesCorrectlyFormattedNumber_MinDate()
         _timeProvider.Setup(x => x.GetUtcNow()).Returns(new DateTime(1970, 1, 1, 00, 00, 00));
         _bookingReferenceDocumentStore.Setup(x => x.GetNextSequenceNumber()).ReturnsAsync(1);
 
-        using var cache = new MemoryCache(new MemoryCacheOptions());
-        var sut = new Provider(_options.Object, _bookingReferenceDocumentStore.Object, cache, _timeProvider.Object);
-
-        var result = await sut.GetReferenceNumber();
+        var result = await _sut.GetReferenceNumber();
         result.Should().Be("0170-73123-6791");
     }
 
@@ -70,10 +64,7 @@ public async Task GetReferenceNumber_GeneratesCorrectlyFormattedNumber_FirstTwoD
             initialDate = initialDate.AddDays(1);
             _timeProvider.Setup(x => x.GetUtcNow()).Returns(initialDate);
 
-            using var cache = new MemoryCache(new MemoryCacheOptions());
-            var sut = new Provider(_options.Object, _bookingReferenceDocumentStore.Object, cache, _timeProvider.Object);
-
-            var result = await sut.GetReferenceNumber();
+            var result = await _sut.GetReferenceNumber();
 
             Assert.True(_sut.IsValidBookingReference(result));
             result.Should().StartWith($"{dayStep:00}25");
@@ -85,11 +76,8 @@ public async Task GetReferenceNumber_GeneratesCorrectlyFormattedNumber_MaxDate_L
     {
         _timeProvider.Setup(x => x.GetUtcNow()).Returns(new DateTime(2024, 12, 31, 23, 59, 59));
         _bookingReferenceDocumentStore.Setup(x => x.GetNextSequenceNumber()).ReturnsAsync(99999999);
-
-        using var cache = new MemoryCache(new MemoryCacheOptions());
-        var sut = new Provider(_options.Object, _bookingReferenceDocumentStore.Object, cache, _timeProvider.Object);
-
-        var result = await sut.GetReferenceNumber();
+        
+        var result = await _sut.GetReferenceNumber();
 
         Assert.True(_sut.IsValidBookingReference(result));
         result.Should().Be("9224-44976-9071");
@@ -100,11 +88,8 @@ public async Task GetReferenceNumber_GeneratesCorrectlyFormattedNumber_MinSequen
     {
         _timeProvider.Setup(x => x.GetUtcNow()).Returns(new DateTime(2077, 1, 01, 17, 23, 00));
         _bookingReferenceDocumentStore.Setup(x => x.GetNextSequenceNumber()).ReturnsAsync(0);
-
-        using var cache = new MemoryCache(new MemoryCacheOptions());
-        var sut = new Provider(_options.Object, _bookingReferenceDocumentStore.Object, cache, _timeProvider.Object);
-
-        var result = await sut.GetReferenceNumber();
+        
+        var result = await _sut.GetReferenceNumber();
         result.Should().Be("0177-00000-0006");
     }
 
@@ -114,10 +99,7 @@ public async Task GetReferenceNumber_ChecksumDigitExists_MeansOnlyOneReferenceIs
         _timeProvider.Setup(x => x.GetUtcNow()).Returns(new DateTime(2016, 6, 06, 17, 23, 00));
         _bookingReferenceDocumentStore.Setup(x => x.GetNextSequenceNumber()).ReturnsAsync(76543789);
 
-        using var cache = new MemoryCache(new MemoryCacheOptions());
-        var sut = new Provider(_options.Object, _bookingReferenceDocumentStore.Object, cache, _timeProvider.Object);
-
-        var result = await sut.GetReferenceNumber();
+        var result = await _sut.GetReferenceNumber();
         result.Should().Be("4016-90927-6174");
         Assert.True(_sut.IsValidBookingReference(result));
 
@@ -139,11 +121,8 @@ public async Task GetReferenceNumber_GeneratesCorrectlyFormattedNumber_MinSequen
     {
         _timeProvider.Setup(x => x.GetUtcNow()).Returns(new DateTime(2077, 1, 01, 17, 23, 00));
         _bookingReferenceDocumentStore.Setup(x => x.GetNextSequenceNumber()).ReturnsAsync(1);
-
-        using var cache = new MemoryCache(new MemoryCacheOptions());
-        var sut = new Provider(_options.Object, _bookingReferenceDocumentStore.Object, cache, _timeProvider.Object);
-
-        var result = await sut.GetReferenceNumber();
+        
+        var result = await _sut.GetReferenceNumber();
         result.Should().Be("0177-40950-2016");
     }
 
@@ -152,17 +131,14 @@ public async Task GetReferenceNumber_GeneratesCorrectlyFormattedNumber_SameSeque
     {
         _bookingReferenceDocumentStore.Setup(x => x.GetNextSequenceNumber()).ReturnsAsync(356035);
         _timeProvider.Setup(x => x.GetUtcNow()).Returns(new DateTime(2025, 7, 13, 17, 23, 00));
-
-        using var cache = new MemoryCache(new MemoryCacheOptions());
-        var sut = new Provider(_options.Object, _bookingReferenceDocumentStore.Object, cache, _timeProvider.Object);
-
-        var firstResult = await sut.GetReferenceNumber();
+        
+        var firstResult = await _sut.GetReferenceNumber();
         firstResult.Should().Be("4925-52301-3450");
 
         //sequence has passed 100 million and reset
         _bookingReferenceDocumentStore.Setup(x => x.GetNextSequenceNumber()).ReturnsAsync(356035 + 100000000);
         _timeProvider.Setup(x => x.GetUtcNow()).Returns(new DateTime(2025, 7, 17, 17, 23, 00));
-        var secondResult = await sut.GetReferenceNumber();
+        var secondResult = await _sut.GetReferenceNumber();
         secondResult.Should().Be("5025-82949-7652");
     }
 
@@ -177,16 +153,13 @@ public async Task GetReferenceNumber_GeneratesSameReferenceNumber_SameSequenceNu
         _bookingReferenceDocumentStore.Setup(x => x.GetNextSequenceNumber()).ReturnsAsync(356035);
         _timeProvider.Setup(x => x.GetUtcNow()).Returns(new DateTime(2025, 7, 13, 17, 23, 00));
 
-        using var cache = new MemoryCache(new MemoryCacheOptions());
-        var sut = new Provider(_options.Object, _bookingReferenceDocumentStore.Object, cache, _timeProvider.Object);
-
-        var firstResult = await sut.GetReferenceNumber();
+        var firstResult = await _sut.GetReferenceNumber();
         firstResult.Should().Be("4925-52301-3450");
 
         //sequence has passed 100 million and reset
         _bookingReferenceDocumentStore.Setup(x => x.GetNextSequenceNumber()).ReturnsAsync(356035 + 100000000);
         _timeProvider.Setup(x => x.GetUtcNow()).Returns(new DateTime(2025, 7, 13, 17, 23, 00));
-        var secondResult = await sut.GetReferenceNumber();
+        var secondResult = await _sut.GetReferenceNumber();
 
         //NOT DESIRABLE!!
         secondResult.Should().Be(firstResult);
@@ -211,12 +184,12 @@ public void PartitionBucketLengthInDays_Should_Equal_Four()
     }
 
     /// <summary>
-    ///     It is possible, but unlikely, that two different hmac keys produce the same stride value for the same partition key
+    ///     It is possible, but unlikely, that two different hmac keys produce the same multiplier value for the same partition key
     ///     This is known and does not cause any issues with the logic.
     ///     The hard-coded data for this test that proves this scenario was found by trial and error iterations.
     /// </summary>
     [Fact]
-    public void DeriveSequenceStride_DifferentHmacKeys_CanProduce_SameStride_For_SamePartitionKey()
+    public void DeriveSequenceMultiplier_DifferentHmacKeys_CanProduce_SameMultiplier_For_SamePartitionKey()
     {
         const string samePartitionKey = "3125";
 
@@ -292,23 +265,23 @@ public void DeriveSequenceStride_DifferentHmacKeys_CanProduce_SameStride_For_Sam
             49
         ];
 
-        _options.Setup(x => x.Value.HmacKey).Returns(hmacKey1);
-        var stride1 = _sut.DeriveSequenceStride(samePartitionKey);
+        _options.Setup(x => x.Value).Returns(new ReferenceNumberOptions { HmacKeyVersion = 1, HmacKey = hmacKey1});
+        var multiplier1 = _sut.DeriveSequenceMultiplier(samePartitionKey);
 
-        _options.Setup(x => x.Value.HmacKey).Returns(hmacKey2);
-        var stride2 = _sut.DeriveSequenceStride(samePartitionKey);
+        _options.Setup(x => x.Value).Returns(new ReferenceNumberOptions { HmacKeyVersion = 1, HmacKey = hmacKey2});
+        var multiplier2 = _sut.DeriveSequenceMultiplier(samePartitionKey);
 
         //this is fine
-        Assert.Equal(stride1, stride2);
+        Assert.Equal(multiplier1, multiplier2);
     }
 
     /// <summary>
-    ///     It is possible, but unlikely, that two different hmac keys produce the same stride value for the same partition key
+    ///     It is possible, but unlikely, that two different hmac keys produce the same multiplier value for the same partition key
     ///     This is known and does not cause any issues with the logic.
     ///     The hard-coded data for this test that proves this scenario was found by trial and error iterations.
     /// </summary>
     [Fact]
-    public void DeriveSequenceStride_DifferentHmacKeys_CanProduce_SameStride_For_DifferentPartitionKeys()
+    public void DeriveSequenceMultiplier_DifferentHmacKeys_CanProduce_SameMultiplier_For_DifferentPartitionKeys()
     {
         byte[] hmacKey1 =
         [
@@ -346,9 +319,9 @@ public void DeriveSequenceStride_DifferentHmacKeys_CanProduce_SameStride_For_Dif
             6
         ];
 
-        _options.Setup(x => x.Value.HmacKey).Returns(hmacKey1);
+        _options.Setup(x => x.Value).Returns(new ReferenceNumberOptions { HmacKeyVersion = 1, HmacKey = hmacKey1});
         var partitionKey1 = "5728"; //around about October 15th 2028
-        var stride1 = _sut.DeriveSequenceStride(partitionKey1);
+        var multiplier1 = _sut.DeriveSequenceMultiplier(partitionKey1);
 
         byte[] hmacKey2 =
         [
@@ -386,29 +359,29 @@ public void DeriveSequenceStride_DifferentHmacKeys_CanProduce_SameStride_For_Dif
             107
         ];
 
-        _options.Setup(x => x.Value.HmacKey).Returns(hmacKey2);
+        _options.Setup(x => x.Value).Returns(new ReferenceNumberOptions { HmacKeyVersion = 1, HmacKey = hmacKey2});
         var partitionKey2 = "5837"; //around about August 20th 2037
-        var stride2 = _sut.DeriveSequenceStride(partitionKey2);
+        var multiplier2 = _sut.DeriveSequenceMultiplier(partitionKey2);
 
-        Assert.Equal(stride1, stride2);
+        Assert.Equal(multiplier1, multiplier2);
     }
 
     /// <summary>
-    ///     It is possible, but unlikely, that two different partition keys produce the same stride value for the same hmac key
+    ///     It is possible, but unlikely, that two different partition keys produce the same multiplier value for the same hmac key
     ///     This is known and does not cause any issues with the logic.
     ///     The hard-coded data for this test that proves this scenario was found by trial and error iterations.
     /// </summary>
     [Fact]
-    public void DeriveSequenceStride_SameHmacKey_CanProduce_SameStride_For_DifferentPartitionKeys()
+    public void DeriveSequenceMultiplier_SameHmacKey_CanProduce_SameMultiplier_For_DifferentPartitionKeys()
     {
         var partitionKey1 = "1947"; //around about March 18th 2047
         var partitionKey2 = "2538"; //around about April 10th 2038
 
-        var stride1 = _sut.DeriveSequenceStride(partitionKey1);
-        var stride2 = _sut.DeriveSequenceStride(partitionKey2);
+        var multiplier1 = _sut.DeriveSequenceMultiplier(partitionKey1);
+        var multiplier2 = _sut.DeriveSequenceMultiplier(partitionKey2);
 
         //this is fine
-        Assert.Equal(stride1, stride2);
+        Assert.Equal(multiplier1, multiplier2);
     }
 
     /// <summary>