From 8729b8470bbfd0b95208d45d36c16326c36c815e Mon Sep 17 00:00:00 2001
From: Admin MPCZ <admin@mpcz.fr>
Date: Tue, 14 Apr 2026 23:46:23 +0200
Subject: [PATCH] test_psmp: derivation Fernet exacte identique a
 secrets_service

---
 tools/test_psmp.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/tools/test_psmp.py b/tools/test_psmp.py
index 8c61c81..c9324a2 100644
--- a/tools/test_psmp.py
+++ b/tools/test_psmp.py
@@ -21,15 +21,19 @@ DATABASE_URL = os.getenv("DATABASE_URL_DEMO") or os.getenv("DATABASE_URL") \
 
 
 def get_secret(conn, key):
-    """Lit + dechiffre via le service officiel (Fernet)."""
-    from app.services.secrets_service import decrypt
+    """Lit + dechiffre Fernet (meme derivation que app/services/secrets_service.py)."""
+    import base64
+    from cryptography.fernet import Fernet
+    secret_key = os.getenv("SECRET_KEY",
+                           "slpm-patchcenter-secret-key-2026-change-in-production")
+    raw = secret_key.encode()[:32].ljust(32, b'\0')
+    fernet = Fernet(base64.urlsafe_b64encode(raw))
     row = conn.execute(text("SELECT value FROM app_secrets WHERE key=:k"), {"k": key}).fetchone()
     if not row or not row.value:
         return None
     try:
-        return decrypt(row.value)
+        return fernet.decrypt(row.value.encode()).decode()
     except Exception:
-        # Fallback si stocke en clair
         return row.value