scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-01 11:08:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add rekey nonce/backup.

Browse Source
This commit is contained in:
Jeff Mitchell
2015-12-16 16:56:15 -05:00
parent ad1c30f681
commit 027c84c62a
14 changed files with 791 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
command/pgp_test.go
View File

@@ -5,6 +5,7 @@ import (
"encoding/base64"
"encoding/hex"
"io/ioutil"
"reflect"
"regexp"
"testing"
@@ -54,7 +55,11 @@ func getPubKeyFiles(t *testing.T) (string, []string, error) {
return tempDir, pubFiles, nil
}
func parseDecryptAndTestUnsealKeys(t *testing.T, input, rootToken string, core *vault.Core) {
func parseDecryptAndTestUnsealKeys(t *testing.T,
input, rootToken string,
fingerprints bool,
backupKeys map[string]string,
core *vault.Core) {
decoder := base64.StdEncoding
priv1Bytes, err := decoder.DecodeString(privKey1)
if err != nil {
@@ -75,7 +80,12 @@ func parseDecryptAndTestUnsealKeys(t *testing.T, input, rootToken string, core *
priv3Bytes,
}
re, err := regexp.Compile("\\s*Key\\s+\\d+:\\s+(.*)")
var re *regexp.Regexp
if fingerprints {
re, err = regexp.Compile("\\s*Key\\s+\\d+\\s+fingerprint:\\s+([0-9a-fA-F]+);\\s+value:\\s+(.*)")
} else {
re, err = regexp.Compile("\\s*Key\\s+\\d+:\\s+(.*)")
}
if err != nil {
t.Fatalf("Error compiling regex: %s", err)
}
@@ -85,11 +95,30 @@ func parseDecryptAndTestUnsealKeys(t *testing.T, input, rootToken string, core *
}
encodedKeys := []string{}
for _, pair := range matches {
if len(pair) != 2 {
t.Fatalf("Key not found: %#v", pair)
matchedFingerprints := []string{}
for _, tuple := range matches {
if fingerprints {
if len(tuple) != 3 {
t.Fatalf("Key not found: %#v", tuple)
}
matchedFingerprints = append(matchedFingerprints, tuple[1])
encodedKeys = append(encodedKeys, tuple[2])
} else {
if len(tuple) != 2 {
t.Fatalf("Key not found: %#v", tuple)
}
encodedKeys = append(encodedKeys, tuple[1])
}
}
if backupKeys != nil && len(matchedFingerprints) != 0 {
testMap := map[string]string{}
for i, v := range matchedFingerprints {
testMap[v] = encodedKeys[i]
}
if !reflect.DeepEqual(testMap, backupKeys) {
t.Fatalf("test map and backup map do not match, test map is\n%#v\nbackup map is\n%#v", testMap, backupKeys)
}
encodedKeys = append(encodedKeys, pair[1])
}
unsealKeys := []string{}