2023-03-15 16:00:52 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2017-10-23 21:15:56 +00:00
|
|
|
package vault
|
|
|
|
|
2018-05-20 22:42:14 +00:00
|
|
|
import (
|
|
|
|
"context"
|
2020-01-11 01:39:52 +00:00
|
|
|
|
2022-08-23 19:37:16 +00:00
|
|
|
wrapping "github.com/hashicorp/go-kms-wrapping/v2"
|
|
|
|
|
2020-01-11 01:39:52 +00:00
|
|
|
"github.com/hashicorp/vault/vault/seal"
|
2018-05-20 22:42:14 +00:00
|
|
|
)
|
2018-01-19 06:44:44 +00:00
|
|
|
|
2017-10-23 21:15:56 +00:00
|
|
|
// SealAccess is a wrapper around Seal that exposes accessor methods
|
|
|
|
// through Core.SealAccess() while restricting the ability to modify
|
|
|
|
// Core.seal itself.
|
|
|
|
type SealAccess struct {
|
|
|
|
seal Seal
|
|
|
|
}
|
|
|
|
|
|
|
|
func NewSealAccess(seal Seal) *SealAccess {
|
|
|
|
return &SealAccess{seal: seal}
|
|
|
|
}
|
|
|
|
|
2020-01-11 01:39:52 +00:00
|
|
|
func (s *SealAccess) StoredKeysSupported() seal.StoredKeysSupport {
|
2018-01-19 08:44:06 +00:00
|
|
|
return s.seal.StoredKeysSupported()
|
2017-10-23 21:15:56 +00:00
|
|
|
}
|
|
|
|
|
2022-08-23 19:37:16 +00:00
|
|
|
func (s *SealAccess) BarrierType() wrapping.WrapperType {
|
2018-09-27 21:03:37 +00:00
|
|
|
return s.seal.BarrierType()
|
|
|
|
}
|
|
|
|
|
2018-01-19 06:44:44 +00:00
|
|
|
func (s *SealAccess) BarrierConfig(ctx context.Context) (*SealConfig, error) {
|
|
|
|
return s.seal.BarrierConfig(ctx)
|
2017-10-23 21:15:56 +00:00
|
|
|
}
|
|
|
|
|
2018-01-19 08:44:06 +00:00
|
|
|
func (s *SealAccess) RecoveryKeySupported() bool {
|
|
|
|
return s.seal.RecoveryKeySupported()
|
2017-10-23 21:15:56 +00:00
|
|
|
}
|
|
|
|
|
2018-01-19 06:44:44 +00:00
|
|
|
func (s *SealAccess) RecoveryConfig(ctx context.Context) (*SealConfig, error) {
|
|
|
|
return s.seal.RecoveryConfig(ctx)
|
2017-10-23 21:15:56 +00:00
|
|
|
}
|
|
|
|
|
2018-01-19 06:44:44 +00:00
|
|
|
func (s *SealAccess) VerifyRecoveryKey(ctx context.Context, key []byte) error {
|
|
|
|
return s.seal.VerifyRecoveryKey(ctx, key)
|
2017-10-23 21:15:56 +00:00
|
|
|
}
|
|
|
|
|
2023-05-04 18:22:30 +00:00
|
|
|
// TODO(SEALHA): This looks like it belongs in Seal instead, it only has two callers
|
2018-01-19 06:44:44 +00:00
|
|
|
func (s *SealAccess) ClearCaches(ctx context.Context) {
|
|
|
|
s.seal.SetBarrierConfig(ctx, nil)
|
2018-01-19 08:44:06 +00:00
|
|
|
if s.RecoveryKeySupported() {
|
2018-01-19 06:44:44 +00:00
|
|
|
s.seal.SetRecoveryConfig(ctx, nil)
|
2017-10-23 21:15:56 +00:00
|
|
|
}
|
|
|
|
}
|
2020-01-11 01:39:52 +00:00
|
|
|
|
2023-05-04 18:22:30 +00:00
|
|
|
func (s *SealAccess) GetAccess() seal.Access {
|
2020-01-11 01:39:52 +00:00
|
|
|
return s.seal.GetAccess()
|
|
|
|
}
|