303c2aee7c
* Update tooling * Run gofumpt * go mod vendor
114 lines
2.5 KiB
Go
114 lines
2.5 KiB
Go
package configutil
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"encoding/base64"
|
|
"testing"
|
|
|
|
wrapping "github.com/hashicorp/go-kms-wrapping"
|
|
"google.golang.org/protobuf/proto"
|
|
)
|
|
|
|
func getAEADTestKMS(t *testing.T) {
|
|
}
|
|
|
|
func TestEncryptParams(t *testing.T) {
|
|
rawStr := `
|
|
storage "consul" {
|
|
api_key = "{{encrypt(foobar)}}"
|
|
}
|
|
|
|
telemetry {
|
|
some_param = "something"
|
|
circonus_api_key = "{{encrypt(barfoo)}}"
|
|
}
|
|
`
|
|
|
|
finalStr := `
|
|
storage "consul" {
|
|
api_key = "foobar"
|
|
}
|
|
|
|
telemetry {
|
|
some_param = "something"
|
|
circonus_api_key = "barfoo"
|
|
}
|
|
`
|
|
|
|
reverser := new(reversingWrapper)
|
|
out, err := EncryptDecrypt(rawStr, false, false, reverser)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
first := true
|
|
locs := decryptRegex.FindAllIndex([]byte(out), -1)
|
|
for _, match := range locs {
|
|
matchBytes := []byte(out)[match[0]:match[1]]
|
|
matchBytes = bytes.TrimSuffix(bytes.TrimPrefix(matchBytes, []byte("{{decrypt(")), []byte(")}}"))
|
|
inMsg, err := base64.RawURLEncoding.DecodeString(string(matchBytes))
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
inBlob := new(wrapping.EncryptedBlobInfo)
|
|
if err := proto.Unmarshal(inMsg, inBlob); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
ct := string(inBlob.Ciphertext)
|
|
if first {
|
|
if ct != "raboof" {
|
|
t.Fatal(ct)
|
|
}
|
|
first = false
|
|
} else {
|
|
if ct != "oofrab" {
|
|
t.Fatal(ct)
|
|
}
|
|
}
|
|
}
|
|
|
|
decOut, err := EncryptDecrypt(out, true, false, reverser)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
if decOut != rawStr {
|
|
t.Fatal(decOut)
|
|
}
|
|
|
|
decOut, err = EncryptDecrypt(out, true, true, reverser)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
if decOut != finalStr {
|
|
t.Fatal(decOut)
|
|
}
|
|
}
|
|
|
|
type reversingWrapper struct{}
|
|
|
|
func (r *reversingWrapper) Type() string { return "reversing" }
|
|
func (r *reversingWrapper) KeyID() string { return "reverser" }
|
|
func (r *reversingWrapper) HMACKeyID() string { return "" }
|
|
func (r *reversingWrapper) Init(_ context.Context) error { return nil }
|
|
func (r *reversingWrapper) Finalize(_ context.Context) error { return nil }
|
|
func (r *reversingWrapper) Encrypt(_ context.Context, input []byte, _ []byte) (*wrapping.EncryptedBlobInfo, error) {
|
|
return &wrapping.EncryptedBlobInfo{
|
|
Ciphertext: r.reverse(input),
|
|
}, nil
|
|
}
|
|
|
|
func (r *reversingWrapper) Decrypt(_ context.Context, input *wrapping.EncryptedBlobInfo, _ []byte) ([]byte, error) {
|
|
return r.reverse(input.Ciphertext), nil
|
|
}
|
|
|
|
func (r *reversingWrapper) reverse(input []byte) []byte {
|
|
output := make([]byte, len(input))
|
|
for i, j := 0, len(input)-1; i < j; i, j = i+1, j-1 {
|
|
output[i], output[j] = input[j], input[i]
|
|
}
|
|
return output
|
|
}
|