func (ts *TokenStore) destroyCubbyhole(saltedID string) error { if ts.cubbyholeBackend == nil { // Should only ever happen in testing return nil } return ts.cubbyholeBackend.revoke(salt.SaltID(ts.cubbyholeBackend.saltUUID, saltedID, salt.SHA1Hash)) }
func TestPathMap_Salted(t *testing.T) { storage := new(logical.InmemStorage) salt, err := salt.NewSalt(storage, &salt.Config{ HashFunc: salt.SHA1Hash, }) if err != nil { t.Fatalf("err: %v", err) } p := &PathMap{Name: "foo", Salt: salt} var b logical.Backend = &Backend{Paths: p.Paths()} // Write via HTTP _, err = b.HandleRequest(&logical.Request{ Operation: logical.WriteOperation, Path: "map/foo/a", Data: map[string]interface{}{ "value": "bar", }, Storage: storage, }) if err != nil { t.Fatalf("bad: %#v", err) } // Non-salted version should not be there out, err := storage.Get("struct/map/foo/a") if err != nil { t.Fatalf("err: %v", err) } if out != nil { t.Fatalf("non-salted key found") } // Ensure the path is salted expect := salt.SaltID("a") out, err = storage.Get("struct/map/foo/" + expect) if err != nil { t.Fatalf("err: %v", err) } if out == nil { t.Fatalf("missing salted key") } // Read via HTTP resp, err := b.HandleRequest(&logical.Request{ Operation: logical.ReadOperation, Path: "map/foo/a", Storage: storage, }) if err != nil { t.Fatalf("bad: %#v", err) } if resp.Data["value"] != "bar" { t.Fatalf("bad: %#v", resp) } // Read via API v, err := p.Get(storage, "a") if err != nil { t.Fatalf("bad: %#v", err) } if v["value"] != "bar" { t.Fatalf("bad: %#v", v) } // Read via API with other casing v, err = p.Get(storage, "A") if err != nil { t.Fatalf("bad: %#v", err) } if v["value"] != "bar" { t.Fatalf("bad: %#v", v) } // Verify List keys, err := p.List(storage, "") if err != nil { t.Fatalf("bad: %#v", err) } if len(keys) != 1 || keys[0] != expect { t.Fatalf("bad: %#v", keys) } // Delete via HTTP resp, err = b.HandleRequest(&logical.Request{ Operation: logical.DeleteOperation, Path: "map/foo/a", Storage: storage, }) if err != nil { t.Fatalf("bad: %#v", err) } if resp != nil { t.Fatalf("bad: %#v", resp) } // Re-read via HTTP resp, err = b.HandleRequest(&logical.Request{ Operation: logical.ReadOperation, Path: "map/foo/a", Storage: storage, }) if err != nil { t.Fatalf("bad: %#v", err) } if _, ok := resp.Data["value"]; ok { t.Fatalf("bad: %#v", resp) } // Re-read via API v, err = p.Get(storage, "a") if err != nil { t.Fatalf("bad: %#v", err) } if v != nil { t.Fatalf("bad: %#v", v) } }
// SaltID is used to apply a salt and hash to an ID to make sure its not reversible func (re *routeEntry) SaltID(id string) string { return salt.SaltID(re.mountEntry.UUID, id, salt.SHA1Hash) }
// SaltID is used to apply a salt and hash to an ID to make sure its not reversable func (me *mountEntry) SaltID(id string) string { return salt.SaltID(me.salt, id, salt.SHA1Hash) }