package vault import ( "bytes" "fmt" "testing" ) var ( TestCoreUnsealedWithConfigs = testCoreUnsealedWithConfigs TestSealDefConfigs = testSealDefConfigs ) type TestSeal struct { defseal *DefaultSeal barrierKeys [][]byte recoveryKey []byte recoveryConfig *SealConfig storedKeysDisabled bool recoveryKeysDisabled bool } func newTestSeal(t *testing.T) Seal { return &TestSeal{} } func (d *TestSeal) checkCore() error { if d.defseal.core == nil { return fmt.Errorf("seal does not have a core set") } return nil } func (d *TestSeal) SetCore(core *Core) { d.defseal = &DefaultSeal{} d.defseal.core = core } func (d *TestSeal) Init() error { d.barrierKeys = [][]byte{} return d.defseal.Init() } func (d *TestSeal) Finalize() error { return d.defseal.Finalize() } func (d *TestSeal) BarrierType() string { return "shamir" } func (d *TestSeal) StoredKeysSupported() bool { return !d.storedKeysDisabled } func (d *TestSeal) RecoveryKeySupported() bool { return !d.recoveryKeysDisabled } func (d *TestSeal) SetStoredKeys(keys [][]byte) error { d.barrierKeys = keys return nil } func (d *TestSeal) GetStoredKeys() ([][]byte, error) { return d.barrierKeys, nil } func (d *TestSeal) BarrierConfig() (*SealConfig, error) { return d.defseal.BarrierConfig() } func (d *TestSeal) SetBarrierConfig(config *SealConfig) error { return d.defseal.SetBarrierConfig(config) } func (d *TestSeal) RecoveryType() string { return "shamir" } func (d *TestSeal) RecoveryConfig() (*SealConfig, error) { return d.recoveryConfig, nil } func (d *TestSeal) SetRecoveryConfig(config *SealConfig) error { if config == nil { return nil } d.recoveryConfig = config return nil } func (d *TestSeal) VerifyRecoveryKey(key []byte) error { if bytes.Equal(d.recoveryKey, key) { return nil } return fmt.Errorf("not equivalent") } func (d *TestSeal) SetRecoveryKey(key []byte) error { newbuf := bytes.NewBuffer(nil) newbuf.Write(key) d.recoveryKey = newbuf.Bytes() return nil } func testCoreUnsealedWithConfigs(t *testing.T, barrierConf, recoveryConf *SealConfig) (*Core, [][]byte, [][]byte, string) { seal := &TestSeal{} core := TestCoreWithSeal(t, seal, false) result, err := core.Initialize(&InitParams{ BarrierConfig: barrierConf, RecoveryConfig: recoveryConf, }) if err != nil { t.Fatalf("err: %s", err) } err = core.UnsealWithStoredKeys() if err != nil { t.Fatalf("err: %s", err) } if sealed, _ := core.Sealed(); sealed { for _, key := range result.SecretShares { if _, err := core.Unseal(TestKeyCopy(key)); err != nil { t.Fatalf("unseal err: %s", err) } } sealed, err = core.Sealed() if err != nil { t.Fatalf("err checking seal status: %s", err) } if sealed { t.Fatal("should not be sealed") } } return core, result.SecretShares, result.RecoveryShares, result.RootToken } func testSealDefConfigs() (*SealConfig, *SealConfig) { return &SealConfig{ SecretShares: 5, SecretThreshold: 3, StoredShares: 2, }, &SealConfig{ SecretShares: 5, SecretThreshold: 3, } }