More work on recovery test

2025-11-28 22:21:30 +01:00 · 2018-05-20 18:42:14 -04:00 · 2018-05-20 18:42:14 -04:00 · d9535101c3
commit d9535101c3
parent a63a0dcf05
3 changed files with 78 additions and 39 deletions
--- a/api/sys_rekey_ext_test.go
+++ b/api/sys_rekey_ext_test.go
@ -1,18 +1,18 @@
 package api_test

 import (
-	"context"
 	"encoding/base64"
 	"strings"
 	"testing"

 	"github.com/hashicorp/vault/api"
 	vaulthttp "github.com/hashicorp/vault/http"
+	"github.com/hashicorp/vault/shamir"
 	"github.com/hashicorp/vault/vault"
 )

 func TestSysRekey_Verification(t *testing.T) {
-	testSysRekey_Verification(t, false)
+	//testSysRekey_Verification(t, false)
 	testSysRekey_Verification(t, true)
 }

@ -40,17 +40,19 @@ func testSysRekey_Verification(t *testing.T, recovery bool) {
 		verificationCancelFunc = client.Sys().RekeyRecoveryKeyVerificationCancel
 	}

-	seal, err := cluster.Cores[0].Core.SealAccess().BarrierConfig(context.Background())
-	if err != nil {
-		t.Fatal(err)
-	}
+	sealAccess := cluster.Cores[0].Core.SealAccess()
+	sealTestingParams := &vault.SealAccessTestingParams{}

 	// This first block verifies that if we are using recovery keys to force a
 	// rekey of a stored-shares barrier that verification is not allowed since
 	// the keys aren't returned
 	if !recovery {
-		seal.PretendToAllowStoredShares = true
-		seal.PretendToAllowRecoveryKeys = true
+		sealTestingParams.PretendToAllowRecoveryKeys = true
+		sealTestingParams.PretendToAllowStoredShares = true
+		if err := sealAccess.SetTestingParams(sealTestingParams); err != nil {
+			t.Fatal(err)
+		}
+
 		_, err := initFunc(&api.RekeyInitRequest{
 			StoredShares:        1,
 			RequireVerification: true,
@ -62,10 +64,21 @@ func testSysRekey_Verification(t *testing.T, recovery bool) {
 			t.Fatalf("unexpected error: %v", err)
 		}
 		// Now we set things back and start a normal rekey with the verification process
-		seal.PretendToAllowStoredShares = false
-		seal.PretendToAllowRecoveryKeys = false
+		sealTestingParams.PretendToAllowRecoveryKeys = false
+		sealTestingParams.PretendToAllowStoredShares = false
+		if err := sealAccess.SetTestingParams(sealTestingParams); err != nil {
+			t.Fatal(err)
+		}
 	} else {
-		seal.PretendToAllowRecoveryKeys = true
+		sealTestingParams.PretendToAllowRecoveryKeys = true
+		recoveryKey, err := shamir.Combine(cluster.BarrierKeys)
+		if err != nil {
+			t.Fatal(err)
+		}
+		sealTestingParams.PretendRecoveryKey = recoveryKey
+		if err := sealAccess.SetTestingParams(sealTestingParams); err != nil {
+			t.Fatal(err)
+		}
 	}

 	var verificationNonce string
@ -191,6 +204,7 @@ func testSysRekey_Verification(t *testing.T, recovery bool) {
 	verificationNonce = vStatus.Nonce
 	doStartVerify()

+	if !recovery {
 		// Sealing should clear state, but we never actually finished, so it should
 		// still be the old keys (which are still currently set)
 		cluster.EnsureCoresSealed(t)
@ -199,6 +213,7 @@ func testSysRekey_Verification(t *testing.T, recovery bool) {
 		// Should be able to init again and get back to where we were
 		doRekeyInitialSteps()
 		doStartVerify()
+	}

 	// Provide the final new key
 	vuStatus, err := verificationUpdateFunc(newKeys[2], verificationNonce)
@ -212,6 +227,7 @@ func testSysRekey_Verification(t *testing.T, recovery bool) {
 		t.Fatal("expected completion")
 	}

+	if !recovery {
 		// Seal and unseal -- it should fail to unseal because the key has now been
 		// rotated
 		cluster.EnsureCoresSealed(t)
@ -232,4 +248,5 @@ func testSysRekey_Verification(t *testing.T, recovery bool) {
 		if err := cluster.UnsealCoresWithError(); err != nil {
 			t.Fatal("expected error")
 		}
+	}
 }
--- a/http/sys_rekey.go
+++ b/http/sys_rekey.go
@ -205,7 +205,7 @@ func handleSysRekeyUpdate(core *vault.Core, recovery bool) http.Handler {
 		// Use the key to make progress on rekey
 		result, rekeyErr := core.RekeyUpdate(ctx, key, req.Nonce, recovery)
 		if rekeyErr != nil {
-			respondError(w, rekeyErr.Code(), err)
+			respondError(w, rekeyErr.Code(), rekeyErr)
 			return
 		}

@ -356,7 +356,7 @@ func handleSysRekeyVerifyPut(ctx context.Context, core *vault.Core, recovery boo
 	// Use the key to make progress on rekey
 	result, rekeyErr := core.RekeyVerify(ctx, key, req.Nonce, recovery)
 	if rekeyErr != nil {
-		respondError(w, rekeyErr.Code(), err)
+		respondError(w, rekeyErr.Code(), rekeyErr)
 		return
 	}

--- a/vault/seal_access.go
+++ b/vault/seal_access.go
@ -1,6 +1,9 @@
 package vault

-import "context"
+import (
+	"context"
+	"fmt"
+)

 // SealAccess is a wrapper around Seal that exposes accessor methods
 // through Core.SealAccess() while restricting the ability to modify
@ -39,3 +42,22 @@ func (s *SealAccess) ClearCaches(ctx context.Context) {
 		s.seal.SetRecoveryConfig(ctx, nil)
 	}
 }
+
+type SealAccessTestingParams struct {
+	PretendToAllowStoredShares bool
+	PretendToAllowRecoveryKeys bool
+	PretendRecoveryKey         []byte
+}
+
+func (s *SealAccess) SetTestingParams(params *SealAccessTestingParams) error {
+	d, ok := s.seal.(*defaultSeal)
+	if !ok {
+		return fmt.Errorf("not a defaultseal")
+	}
+	d.PretendToAllowRecoveryKeys = params.PretendToAllowRecoveryKeys
+	d.PretendToAllowStoredShares = params.PretendToAllowStoredShares
+	if params.PretendRecoveryKey != nil {
+		d.PretendRecoveryKey = params.PretendRecoveryKey
+	}
+	return nil
+}