func TestUnseal(t *testing.T) {

	master, err := secrets.Initialise()
	assert.Nil(t, err, "Should not return error")

	testDb := new(mocks.DB)

	r := new(http.Request)

	authSetup(testDb, r, master.Key.Display())

	testDb.On("GetRootSecret", &secrets.Secret{Name: "master"}).Run(func(args mock.Arguments) {
		args.Get(0).(*secrets.Secret).Name = "master"
		args.Get(0).(*secrets.Secret).Nonce = master.Nonce
		args.Get(0).(*secrets.Secret).Message = master.Message
	}).Return(nil)

	database = testDb

	w := httptest.NewRecorder()

	assert.Nil(t, err, "Should not return error")

	Unseal(w, r)

	res := getResp(w.Body.Bytes())
	assert.Contains(t, res, "response", "Result should contain response")
	assert.Equal(t, "OK", res["response"], "Should unseal vault")
}
Beispiel #2
0
// Initialise should be run on first use of a new vault.
func Initialise(w http.ResponseWriter, r *http.Request) {

	api := newAPI(w, r)
	defer api.req.Body.Close()

	// Check for an existing master secret
	master := new(secrets.Secret)
	master.Name = secrets.MasterKeyName

	err := database.GetRootSecret(master)
	switch err {

	case gorm.ErrRecordNotFound:
		break

	case nil:
		api.error("Vault already initialised", 409)
		return

	default:
		api.error("Database error", 500)
		return

	}

	key, err := secrets.Initialise()
	if err != nil {
		api.error("Error intialising master secret", 500)
		return
	}

	err = database.AddSecret(key)
	if err != nil {
		api.error("Database error", 500)
		return
	}

	log.Info("Vault initialised")

	api.reply(secrets.Key{
		Name: key.Name,
		Key:  key.Key.Display()},
		201)
}