import (
"encoding/base64"
"errors"
"io"
"github.com/cloudfoundry-incubator/bbs/encryption"
encryption_fakes "github.com/cloudfoundry-incubator/bbs/encryption/fakes"
"github.com/cloudfoundry-incubator/bbs/format"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
)
var _ = Describe("Encoding", func() {
var encoder format.Encoder
var prng io.Reader
var cryptor encryption.Cryptor
BeforeEach(func() {
key, err := encryption.NewKey("label", "some pass phrase")
Expect(err).NotTo(HaveOccurred())
keyManager, err := encryption.NewKeyManager(key, nil)
Expect(err).NotTo(HaveOccurred())
prng = &zeroReader{}
cryptor = encryption.NewCryptor(keyManager, prng)
})
JustBeforeEach(func() {
Expect(err).NotTo(HaveOccurred())
decryptionKeys = append(decryptionKeys, key)
}
if len(decryptionKeys) == 0 {
decryptionKeys = nil
}
keyManager, err := encryption.NewKeyManager(activeKey, decryptionKeys)
Expect(err).NotTo(HaveOccurred())
return encryption.NewCryptor(keyManager, rand.Reader)
}
Describe("PerformEncryption", func() {
It("recursively re-encrypts all existing records", func() {
var cryptor encryption.Cryptor
var encoder format.Encoder
value1 := []byte("some text")
value2 := []byte("more text")
cryptor = makeCryptor("old")
encoder = format.NewEncoder(cryptor)
encoded1, err := encoder.Encode(format.BASE64_ENCRYPTED, value1)
Expect(err).NotTo(HaveOccurred())
encoded2, err := encoder.Encode(format.LEGACY_UNENCODED, value2)
Expect(err).NotTo(HaveOccurred())
_, err = storeClient.Set(fmt.Sprintf("%s/my/key-1", etcd.V1SchemaRoot), encoded1, etcd.NO_TTL)
Expect(err).NotTo(HaveOccurred())
Expect(err).NotTo(HaveOccurred())
decryptionKeys = append(decryptionKeys, key)
}
if len(decryptionKeys) == 0 {
decryptionKeys = nil
}
keyManager, err := encryption.NewKeyManager(activeKey, decryptionKeys)
Expect(err).NotTo(HaveOccurred())
return encryption.NewCryptor(keyManager, rand.Reader)
}
Describe("PerformEncryption", func() {
It("recursively re-encrypts all existing records", func() {
var cryptor encryption.Cryptor
var encoder format.Encoder
value1 := []byte("some text")
value2 := []byte("another value")
value3 := []byte("more value")
value4 := []byte("actual value")
taskGuid := "uniquetaskguid"
processGuid := "uniqueprocessguid"
cryptor = makeCryptor("old")
encoder = format.NewEncoder(cryptor)
encoded1, err := encoder.Encode(format.BASE64_ENCRYPTED, value1)
Expect(err).NotTo(HaveOccurred())
encoded2, err := encoder.Encode(format.BASE64_ENCRYPTED, value2)