parent
cb6bf54f8d
commit
197c7eae5f
|
@ -31,6 +31,8 @@ func TestBackend_basic(t *testing.T) {
|
|||
testAccStepReadPolicy(t, "test", false, false),
|
||||
testAccStepEncrypt(t, "test", testPlaintext, decryptData),
|
||||
testAccStepDecrypt(t, "test", testPlaintext, decryptData),
|
||||
testAccStepEncrypt(t, "test", "", decryptData),
|
||||
testAccStepDecrypt(t, "test", "", decryptData),
|
||||
testAccStepDeleteNotDisabledPolicy(t, "test"),
|
||||
testAccStepEnableDeletion(t, "test"),
|
||||
testAccStepDeletePolicy(t, "test"),
|
||||
|
@ -781,6 +783,48 @@ func testConvergentEncryptionCommon(t *testing.T, ver int) {
|
|||
if ciphertext3 == ciphertext5 {
|
||||
t.Fatalf("expected different ciphertexts")
|
||||
}
|
||||
|
||||
// Finally, check operations on empty values
|
||||
// First, check without setting a plaintext at all
|
||||
req.Data = map[string]interface{}{
|
||||
"nonce": "b25ldHdvdGhyZWVl", // "onetwothreee"
|
||||
"context": "pWZ6t/im3AORd0lVYE0zBdKpX6Bl3/SvFtoVTPWbdkzjG788XmMAnOlxandSdd7S",
|
||||
}
|
||||
resp, err = b.HandleRequest(req)
|
||||
if resp == nil {
|
||||
t.Fatal("expected non-nil response")
|
||||
}
|
||||
if !resp.IsError() {
|
||||
t.Fatalf("expected error response, got: %#v", *resp)
|
||||
}
|
||||
|
||||
// Now set plaintext to empty
|
||||
req.Data = map[string]interface{}{
|
||||
"plaintext": "",
|
||||
"nonce": "b25ldHdvdGhyZWVl", // "onetwothreee"
|
||||
"context": "pWZ6t/im3AORd0lVYE0zBdKpX6Bl3/SvFtoVTPWbdkzjG788XmMAnOlxandSdd7S",
|
||||
}
|
||||
resp, err = b.HandleRequest(req)
|
||||
if resp == nil {
|
||||
t.Fatal("expected non-nil response")
|
||||
}
|
||||
if resp.IsError() {
|
||||
t.Fatalf("got error response: %#v", *resp)
|
||||
}
|
||||
ciphertext7 := resp.Data["ciphertext"].(string)
|
||||
|
||||
resp, err = b.HandleRequest(req)
|
||||
if resp == nil {
|
||||
t.Fatal("expected non-nil response")
|
||||
}
|
||||
if resp.IsError() {
|
||||
t.Fatalf("got error response: %#v", *resp)
|
||||
}
|
||||
ciphertext8 := resp.Data["ciphertext"].(string)
|
||||
|
||||
if ciphertext7 != ciphertext8 {
|
||||
t.Fatalf("expected the same ciphertext but got %s and %s", ciphertext7, ciphertext8)
|
||||
}
|
||||
}
|
||||
|
||||
func TestPolicyFuzzing(t *testing.T) {
|
||||
|
|
|
@ -2,7 +2,6 @@ package transit
|
|||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"fmt"
|
||||
|
||||
"github.com/hashicorp/vault/helper/errutil"
|
||||
"github.com/hashicorp/vault/logical"
|
||||
|
@ -97,10 +96,6 @@ func (b *backend) pathDecryptWrite(
|
|||
}
|
||||
}
|
||||
|
||||
if plaintext == "" {
|
||||
return nil, fmt.Errorf("empty plaintext returned")
|
||||
}
|
||||
|
||||
// Generate the response
|
||||
resp := &logical.Response{
|
||||
Data: map[string]interface{}{
|
||||
|
|
|
@ -63,16 +63,17 @@ func (b *backend) pathEncryptExistenceCheck(
|
|||
func (b *backend) pathEncryptWrite(
|
||||
req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
|
||||
name := d.Get("name").(string)
|
||||
value := d.Get("plaintext").(string)
|
||||
if len(value) == 0 {
|
||||
|
||||
valueRaw, ok := d.GetOk("plaintext")
|
||||
if !ok {
|
||||
return logical.ErrorResponse("missing plaintext to encrypt"), logical.ErrInvalidRequest
|
||||
}
|
||||
|
||||
var err error
|
||||
value := valueRaw.(string)
|
||||
|
||||
// Decode the context if any
|
||||
contextRaw := d.Get("context").(string)
|
||||
var context []byte
|
||||
var err error
|
||||
if len(contextRaw) != 0 {
|
||||
context, err = base64.StdEncoding.DecodeString(contextRaw)
|
||||
if err != nil {
|
||||
|
|
Loading…
Reference in a new issue