2016-01-14 22:01:04 +00:00
|
|
|
package vault
|
|
|
|
|
|
|
|
import (
|
|
|
|
"reflect"
|
|
|
|
"testing"
|
2016-04-04 14:44:22 +00:00
|
|
|
|
|
|
|
"github.com/hashicorp/vault/physical"
|
2016-01-14 22:01:04 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestCore_Rekey_Lifecycle(t *testing.T) {
|
|
|
|
c, master, _ := TestCoreUnsealed(t)
|
|
|
|
|
|
|
|
// Verify update not allowed
|
2016-04-04 14:44:22 +00:00
|
|
|
if _, err := c.RekeyUpdate(master, "", false); err == nil {
|
2016-01-14 22:01:04 +00:00
|
|
|
t.Fatalf("no rekey in progress")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Should be no progress
|
2016-04-04 14:44:22 +00:00
|
|
|
num, err := c.RekeyProgress(false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if num != 0 {
|
|
|
|
t.Fatalf("bad: %d", num)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Should be no config
|
2016-04-04 14:44:22 +00:00
|
|
|
conf, err := c.RekeyConfig(false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if conf != nil {
|
|
|
|
t.Fatalf("bad: %v", conf)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Cancel should be idempotent
|
2016-04-04 14:44:22 +00:00
|
|
|
err = c.RekeyCancel(false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Start a rekey
|
|
|
|
newConf := &SealConfig{
|
|
|
|
SecretThreshold: 3,
|
|
|
|
SecretShares: 5,
|
|
|
|
}
|
2016-04-04 14:44:22 +00:00
|
|
|
err = c.RekeyInit(newConf, false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Should get config
|
2016-04-04 14:44:22 +00:00
|
|
|
conf, err = c.RekeyConfig(false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
newConf.Nonce = conf.Nonce
|
|
|
|
if !reflect.DeepEqual(conf, newConf) {
|
|
|
|
t.Fatalf("bad: %v", conf)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Cancel should be clear
|
2016-04-04 14:44:22 +00:00
|
|
|
err = c.RekeyCancel(false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Should be no config
|
2016-04-04 14:44:22 +00:00
|
|
|
conf, err = c.RekeyConfig(false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if conf != nil {
|
|
|
|
t.Fatalf("bad: %v", conf)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestCore_Rekey_Init(t *testing.T) {
|
|
|
|
c, _, _ := TestCoreUnsealed(t)
|
|
|
|
|
|
|
|
// Try an invalid config
|
|
|
|
badConf := &SealConfig{
|
|
|
|
SecretThreshold: 5,
|
|
|
|
SecretShares: 1,
|
|
|
|
}
|
2016-04-04 14:44:22 +00:00
|
|
|
err := c.RekeyInit(badConf, false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err == nil {
|
|
|
|
t.Fatalf("should fail")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Start a rekey
|
|
|
|
newConf := &SealConfig{
|
|
|
|
SecretThreshold: 3,
|
|
|
|
SecretShares: 5,
|
|
|
|
}
|
2016-04-04 14:44:22 +00:00
|
|
|
err = c.RekeyInit(newConf, false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Second should fail
|
2016-04-04 14:44:22 +00:00
|
|
|
err = c.RekeyInit(newConf, false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err == nil {
|
|
|
|
t.Fatalf("should fail")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestCore_Rekey_Update(t *testing.T) {
|
|
|
|
c, master, root := TestCoreUnsealed(t)
|
|
|
|
|
|
|
|
// Start a rekey
|
|
|
|
newConf := &SealConfig{
|
|
|
|
SecretThreshold: 3,
|
|
|
|
SecretShares: 5,
|
|
|
|
}
|
2016-04-04 14:44:22 +00:00
|
|
|
err := c.RekeyInit(newConf, false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Fetch new config with generated nonce
|
2016-04-04 14:44:22 +00:00
|
|
|
rkconf, err := c.RekeyConfig(false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if rkconf == nil {
|
|
|
|
t.Fatalf("bad: no rekey config received")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Provide the master
|
2016-04-04 14:44:22 +00:00
|
|
|
result, err := c.RekeyUpdate(master, rkconf.Nonce, false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if result == nil || len(result.SecretShares) != 5 {
|
|
|
|
t.Fatalf("Bad: %#v", result)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Should be no progress
|
2016-04-04 14:44:22 +00:00
|
|
|
num, err := c.RekeyProgress(false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if num != 0 {
|
|
|
|
t.Fatalf("bad: %d", num)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Should be no config
|
2016-04-04 14:44:22 +00:00
|
|
|
conf, err := c.RekeyConfig(false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if conf != nil {
|
|
|
|
t.Fatalf("bad: %v", conf)
|
|
|
|
}
|
|
|
|
|
|
|
|
// SealConfig should update
|
2016-04-04 14:44:22 +00:00
|
|
|
sealConf, err := c.seal.BarrierConfig()
|
2016-01-14 22:01:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
2016-04-04 14:44:22 +00:00
|
|
|
if sealConf == nil {
|
|
|
|
t.Fatal("seal configuration is nil")
|
|
|
|
}
|
2016-01-14 22:01:04 +00:00
|
|
|
|
|
|
|
newConf.Nonce = rkconf.Nonce
|
2016-04-04 14:44:22 +00:00
|
|
|
if !reflect.DeepEqual(sealConf, newConf) {
|
|
|
|
t.Fatalf("\nexpected: %#v\nactual: %#v\n", sealConf, newConf)
|
2016-01-14 22:01:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Attempt unseal
|
|
|
|
err = c.Seal(root)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
for i := 0; i < 3; i++ {
|
|
|
|
_, err = c.Unseal(result.SecretShares[i])
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if sealed, _ := c.Sealed(); sealed {
|
|
|
|
t.Fatalf("should be unsealed")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Start another rekey, this time we require a quorum!
|
|
|
|
newConf = &SealConfig{
|
|
|
|
SecretThreshold: 1,
|
|
|
|
SecretShares: 1,
|
|
|
|
}
|
2016-04-04 14:44:22 +00:00
|
|
|
err = c.RekeyInit(newConf, false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Fetch new config with generated nonce
|
2016-04-04 14:44:22 +00:00
|
|
|
rkconf, err = c.RekeyConfig(false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if rkconf == nil {
|
|
|
|
t.Fatalf("bad: no rekey config received")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Provide the parts master
|
|
|
|
oldResult := result
|
|
|
|
for i := 0; i < 3; i++ {
|
2016-04-04 14:44:22 +00:00
|
|
|
result, err = c.RekeyUpdate(oldResult.SecretShares[i], rkconf.Nonce, false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Should be progress
|
2016-04-04 14:44:22 +00:00
|
|
|
num, err := c.RekeyProgress(false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if (i == 2 && num != 0) || (i != 2 && num != i+1) {
|
|
|
|
t.Fatalf("bad: %d", num)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if result == nil || len(result.SecretShares) != 1 {
|
|
|
|
t.Fatalf("Bad: %#v", result)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Attempt unseal
|
|
|
|
err = c.Seal(root)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
unseal, err := c.Unseal(result.SecretShares[0])
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if !unseal {
|
|
|
|
t.Fatalf("should be unsealed")
|
|
|
|
}
|
|
|
|
|
|
|
|
// SealConfig should update
|
2016-04-04 14:44:22 +00:00
|
|
|
sealConf, err = c.seal.BarrierConfig()
|
2016-01-14 22:01:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
2016-04-04 14:44:22 +00:00
|
|
|
|
2016-01-14 22:01:04 +00:00
|
|
|
newConf.Nonce = rkconf.Nonce
|
2016-04-04 14:44:22 +00:00
|
|
|
if !reflect.DeepEqual(sealConf, newConf) {
|
|
|
|
t.Fatalf("bad: %#v", sealConf)
|
2016-01-14 22:01:04 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestCore_Rekey_InvalidMaster(t *testing.T) {
|
|
|
|
c, master, _ := TestCoreUnsealed(t)
|
|
|
|
|
|
|
|
// Start a rekey
|
|
|
|
newConf := &SealConfig{
|
|
|
|
SecretThreshold: 3,
|
|
|
|
SecretShares: 5,
|
|
|
|
}
|
2016-04-04 14:44:22 +00:00
|
|
|
err := c.RekeyInit(newConf, false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Fetch new config with generated nonce
|
2016-04-04 14:44:22 +00:00
|
|
|
rkconf, err := c.RekeyConfig(false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if rkconf == nil {
|
|
|
|
t.Fatalf("bad: no rekey config received")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Provide the master (invalid)
|
|
|
|
master[0]++
|
2016-04-04 14:44:22 +00:00
|
|
|
_, err = c.RekeyUpdate(master, rkconf.Nonce, false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err == nil {
|
|
|
|
t.Fatalf("expected error")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestCore_Rekey_InvalidNonce(t *testing.T) {
|
|
|
|
c, master, _ := TestCoreUnsealed(t)
|
|
|
|
|
|
|
|
// Start a rekey
|
|
|
|
newConf := &SealConfig{
|
|
|
|
SecretThreshold: 3,
|
|
|
|
SecretShares: 5,
|
|
|
|
}
|
2016-04-04 14:44:22 +00:00
|
|
|
err := c.RekeyInit(newConf, false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Provide the nonce (invalid)
|
2016-04-04 14:44:22 +00:00
|
|
|
_, err = c.RekeyUpdate(master, "abcd", false)
|
2016-01-14 22:01:04 +00:00
|
|
|
if err == nil {
|
|
|
|
t.Fatalf("expected error")
|
|
|
|
}
|
|
|
|
}
|
2016-04-04 14:44:22 +00:00
|
|
|
|
|
|
|
func TestCore_Standby_Rekey(t *testing.T) {
|
|
|
|
// Create the first core and initialize it
|
|
|
|
inm := physical.NewInmem()
|
|
|
|
inmha := physical.NewInmemHA()
|
|
|
|
advertiseOriginal := "http://127.0.0.1:8200"
|
|
|
|
core, err := NewCore(&CoreConfig{
|
|
|
|
Physical: inm,
|
|
|
|
HAPhysical: inmha,
|
|
|
|
AdvertiseAddr: advertiseOriginal,
|
|
|
|
DisableMlock: true,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
key, root := TestCoreInit(t, core)
|
|
|
|
if _, err := core.Unseal(TestKeyCopy(key)); err != nil {
|
|
|
|
t.Fatalf("unseal err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Wait for core to become active
|
|
|
|
testWaitActive(t, core)
|
|
|
|
|
|
|
|
// Create a second core, attached to same in-memory store
|
|
|
|
advertiseOriginal2 := "http://127.0.0.1:8500"
|
|
|
|
core2, err := NewCore(&CoreConfig{
|
|
|
|
Physical: inm,
|
|
|
|
HAPhysical: inmha,
|
|
|
|
AdvertiseAddr: advertiseOriginal2,
|
|
|
|
DisableMlock: true,
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if _, err := core2.Unseal(TestKeyCopy(key)); err != nil {
|
|
|
|
t.Fatalf("unseal err: %s", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Rekey the master key
|
|
|
|
newConf := &SealConfig{
|
|
|
|
SecretShares: 1,
|
|
|
|
SecretThreshold: 1,
|
|
|
|
}
|
|
|
|
err = core.RekeyInit(newConf, false)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
// Fetch new config with generated nonce
|
|
|
|
rkconf, err := core.RekeyConfig(false)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if rkconf == nil {
|
|
|
|
t.Fatalf("bad: no rekey config received")
|
|
|
|
}
|
|
|
|
result, err := core.RekeyUpdate(key, rkconf.Nonce, false)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if result == nil {
|
|
|
|
t.Fatalf("rekey failed")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Seal the first core, should step down
|
|
|
|
err = core.Seal(root)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Wait for core2 to become active
|
|
|
|
testWaitActive(t, core2)
|
|
|
|
|
|
|
|
// Rekey the master key again
|
|
|
|
err = core2.RekeyInit(newConf, false)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
// Fetch new config with generated nonce
|
|
|
|
rkconf, err = core2.RekeyConfig(false)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if rkconf == nil {
|
|
|
|
t.Fatalf("bad: no rekey config received")
|
|
|
|
}
|
|
|
|
result, err = core2.RekeyUpdate(result.SecretShares[0], rkconf.Nonce, false)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("err: %v", err)
|
|
|
|
}
|
|
|
|
if result == nil {
|
|
|
|
t.Fatalf("rekey failed")
|
|
|
|
}
|
|
|
|
}
|