// The snapshot data (but not metadata or anything else) is encryptd before being
// passed to the wrapped Snapshotter.
func TestSnapshotterSavesSnapshotWithEncryption(t *testing.T) {
tempdir, err := ioutil.TempDir("", "snapwrap")
require.NoError(t, err)
defer os.RemoveAll(tempdir)
c := NewSnapFactory(meowCrypter{}, encryption.NoopCrypter)
wrapped := c.New(tempdir)
require.NoError(t, wrapped.SaveSnap(fakeSnapshotData))
ogSnap := OriginalSnap.New(tempdir)
readSnap, err := ogSnap.Load()
require.NoError(t, err)
r := api.MaybeEncryptedRecord{}
require.NoError(t, r.Unmarshal(readSnap.Data))
require.NotEqual(t, fakeSnapshotData.Data, r.Data)
require.Equal(t, fakeSnapshotData.Metadata, readSnap.Metadata)
}
// The entry data and metadata are encryptd with the given encrypter, and a regular
// WAL will see them as such.
func TestSave(t *testing.T) {
metadata, entries, snapshot := makeWALData(1, 1)
crypter := &meowCrypter{}
c := NewWALFactory(crypter, encryption.NoopCrypter)
tempdir := createWithWAL(t, c, metadata, snapshot, entries)
defer os.RemoveAll(tempdir)
ogWAL, err := OriginalWAL.Open(tempdir, snapshot)
require.NoError(t, err)
defer ogWAL.Close()
meta, state, ents, err := ogWAL.ReadAll()
require.NoError(t, err)
require.Equal(t, metadata, meta)
require.Equal(t, state, state)
for _, ent := range ents {
var encrypted api.MaybeEncryptedRecord
require.NoError(t, encrypted.Unmarshal(ent.Data))
require.Equal(t, crypter.Algorithm(), encrypted.Algorithm)
require.True(t, bytes.HasSuffix(encrypted.Data, []byte("🐱")))
}
}
