open-vault/vault/seal_access.go

64 lines
1.5 KiB
Go
Raw Normal View History

2017-10-23 21:15:56 +00:00
package vault
2018-05-20 22:42:14 +00:00
import (
"context"
"fmt"
)
2017-10-23 21:15:56 +00:00
// SealAccess is a wrapper around Seal that exposes accessor methods
// through Core.SealAccess() while restricting the ability to modify
// Core.seal itself.
type SealAccess struct {
seal Seal
}
func NewSealAccess(seal Seal) *SealAccess {
return &SealAccess{seal: seal}
}
func (s *SealAccess) StoredKeysSupported() bool {
return s.seal.StoredKeysSupported()
2017-10-23 21:15:56 +00:00
}
func (s *SealAccess) BarrierConfig(ctx context.Context) (*SealConfig, error) {
return s.seal.BarrierConfig(ctx)
2017-10-23 21:15:56 +00:00
}
func (s *SealAccess) RecoveryKeySupported() bool {
return s.seal.RecoveryKeySupported()
2017-10-23 21:15:56 +00:00
}
func (s *SealAccess) RecoveryConfig(ctx context.Context) (*SealConfig, error) {
return s.seal.RecoveryConfig(ctx)
2017-10-23 21:15:56 +00:00
}
func (s *SealAccess) VerifyRecoveryKey(ctx context.Context, key []byte) error {
return s.seal.VerifyRecoveryKey(ctx, key)
2017-10-23 21:15:56 +00:00
}
func (s *SealAccess) ClearCaches(ctx context.Context) {
s.seal.SetBarrierConfig(ctx, nil)
if s.RecoveryKeySupported() {
s.seal.SetRecoveryConfig(ctx, nil)
2017-10-23 21:15:56 +00:00
}
}
2018-05-20 22:42:14 +00:00
type SealAccessTestingParams struct {
PretendToAllowStoredShares bool
PretendToAllowRecoveryKeys bool
PretendRecoveryKey []byte
}
func (s *SealAccess) SetTestingParams(params *SealAccessTestingParams) error {
d, ok := s.seal.(*defaultSeal)
if !ok {
return fmt.Errorf("not a defaultseal")
}
d.PretendToAllowRecoveryKeys = params.PretendToAllowRecoveryKeys
d.PretendToAllowStoredShares = params.PretendToAllowStoredShares
if params.PretendRecoveryKey != nil {
d.PretendRecoveryKey = params.PretendRecoveryKey
}
return nil
}