2023-03-15 16:00:52 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2018-10-19 21:43:57 +00:00
|
|
|
package seal
|
|
|
|
|
|
|
|
import (
|
2021-09-07 15:16:37 +00:00
|
|
|
"context"
|
2021-11-12 21:58:46 +00:00
|
|
|
"sync"
|
2021-09-07 15:16:37 +00:00
|
|
|
|
2020-01-11 01:39:52 +00:00
|
|
|
"github.com/hashicorp/go-hclog"
|
2022-08-23 19:37:16 +00:00
|
|
|
wrapping "github.com/hashicorp/go-kms-wrapping/v2"
|
2018-10-19 21:43:57 +00:00
|
|
|
)
|
|
|
|
|
2020-01-11 01:39:52 +00:00
|
|
|
type TestSealOpts struct {
|
|
|
|
Logger hclog.Logger
|
|
|
|
StoredKeys StoredKeysSupport
|
|
|
|
Secret []byte
|
2022-08-23 19:37:16 +00:00
|
|
|
Name wrapping.WrapperType
|
2018-10-19 21:43:57 +00:00
|
|
|
}
|
|
|
|
|
2023-05-04 18:22:30 +00:00
|
|
|
func NewTestSeal(opts *TestSealOpts) (Access, *ToggleableWrapper) {
|
2020-01-11 01:39:52 +00:00
|
|
|
if opts == nil {
|
|
|
|
opts = new(TestSealOpts)
|
2019-02-01 19:29:55 +00:00
|
|
|
}
|
|
|
|
|
2023-05-04 18:22:30 +00:00
|
|
|
w := &ToggleableWrapper{Wrapper: wrapping.NewTestWrapper(opts.Secret)}
|
|
|
|
if opts.Name != "" {
|
|
|
|
w.wrapperType = &opts.Name
|
2018-10-19 21:43:57 +00:00
|
|
|
}
|
2023-05-04 18:22:30 +00:00
|
|
|
return NewAccess(w), w
|
2018-10-19 21:43:57 +00:00
|
|
|
}
|
2021-09-07 15:16:37 +00:00
|
|
|
|
2023-05-04 18:22:30 +00:00
|
|
|
func NewToggleableTestSeal(opts *TestSealOpts) (Access, func(error)) {
|
2021-09-07 15:16:37 +00:00
|
|
|
if opts == nil {
|
|
|
|
opts = new(TestSealOpts)
|
|
|
|
}
|
|
|
|
|
|
|
|
w := &ToggleableWrapper{Wrapper: wrapping.NewTestWrapper(opts.Secret)}
|
2023-05-04 18:22:30 +00:00
|
|
|
return NewAccess(w), w.SetError
|
2021-09-07 15:16:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type ToggleableWrapper struct {
|
|
|
|
wrapping.Wrapper
|
2023-05-04 18:22:30 +00:00
|
|
|
wrapperType *wrapping.WrapperType
|
|
|
|
error error
|
|
|
|
l sync.RWMutex
|
2021-09-07 15:16:37 +00:00
|
|
|
}
|
|
|
|
|
2022-08-23 19:37:16 +00:00
|
|
|
func (t *ToggleableWrapper) Encrypt(ctx context.Context, bytes []byte, opts ...wrapping.Option) (*wrapping.BlobInfo, error) {
|
2021-11-12 21:58:46 +00:00
|
|
|
t.l.RLock()
|
|
|
|
defer t.l.RUnlock()
|
|
|
|
if t.error != nil {
|
|
|
|
return nil, t.error
|
2021-09-07 15:16:37 +00:00
|
|
|
}
|
2022-08-23 19:37:16 +00:00
|
|
|
return t.Wrapper.Encrypt(ctx, bytes, opts...)
|
2021-09-07 15:16:37 +00:00
|
|
|
}
|
|
|
|
|
2022-08-23 19:37:16 +00:00
|
|
|
func (t ToggleableWrapper) Decrypt(ctx context.Context, info *wrapping.BlobInfo, opts ...wrapping.Option) ([]byte, error) {
|
2021-11-12 21:58:46 +00:00
|
|
|
t.l.RLock()
|
|
|
|
defer t.l.RUnlock()
|
|
|
|
if t.error != nil {
|
|
|
|
return nil, t.error
|
2021-09-07 15:16:37 +00:00
|
|
|
}
|
2022-08-23 19:37:16 +00:00
|
|
|
return t.Wrapper.Decrypt(ctx, info, opts...)
|
2021-09-07 15:16:37 +00:00
|
|
|
}
|
|
|
|
|
2021-11-12 21:58:46 +00:00
|
|
|
func (t *ToggleableWrapper) SetError(err error) {
|
|
|
|
t.l.Lock()
|
|
|
|
defer t.l.Unlock()
|
|
|
|
t.error = err
|
|
|
|
}
|
|
|
|
|
2023-05-04 18:22:30 +00:00
|
|
|
func (t *ToggleableWrapper) Type(ctx context.Context) (wrapping.WrapperType, error) {
|
|
|
|
if t.wrapperType != nil {
|
|
|
|
return *t.wrapperType, nil
|
|
|
|
}
|
|
|
|
return t.Wrapper.Type(ctx)
|
|
|
|
}
|
|
|
|
|
2021-09-07 15:16:37 +00:00
|
|
|
var _ wrapping.Wrapper = &ToggleableWrapper{}
|