func TestDelete(t *testing.T) {
w := httptest.NewRecorder()
m := mux.NewRouter()
addRoutes(m)
key := new(secrets.Key)
err := key.New("968cd432-c97a-11e5-9956-625662870761")
priv := key.Display()
assert.Nil(t, err, "Should not return error")
testDb := new(mocks.DB)
r, err := http.NewRequest("DELETE", "/secrets/delete/secrets/test-secret", nil)
assert.Nil(t, err, "Should not return error")
secrets.New("test-secret", []byte("test"))
authSetup(testDb, r, priv)
testDb.On("GetRootSecret", &secrets.Secret{Name: "test-secret"}).Run(func(args mock.Arguments) {
args.Get(0).(*secrets.Secret).Name = "test-secret"
args.Get(0).(*secrets.Secret).ID = 2
}).Return(nil)
testDb.On("DeleteSecret", &secrets.Secret{ID: 2, Name: "test-secret"}).Return(nil)
database = testDb
m.ServeHTTP(w, r)
}
func TestUnseal(t *testing.T) {
master, err := secrets.Initialise()
assert.Nil(t, err, "Should not return error")
testDb := new(mocks.DB)
r := new(http.Request)
authSetup(testDb, r, master.Key.Display())
testDb.On("GetRootSecret", &secrets.Secret{Name: "master"}).Run(func(args mock.Arguments) {
args.Get(0).(*secrets.Secret).Name = "master"
args.Get(0).(*secrets.Secret).Nonce = master.Nonce
args.Get(0).(*secrets.Secret).Message = master.Message
}).Return(nil)
database = testDb
w := httptest.NewRecorder()
assert.Nil(t, err, "Should not return error")
Unseal(w, r)
res := getResp(w.Body.Bytes())
assert.Contains(t, res, "response", "Result should contain response")
assert.Equal(t, "OK", res["response"], "Should unseal vault")
}
func TestUpdate(t *testing.T) {
w := httptest.NewRecorder()
secret, err := secrets.New("testsecret", []byte("testmessage"))
assert.Nil(t, err, "Should not return error")
req := request{Name: "testsecret", Message: "newmessage"}
data, err := json.Marshal(req)
assert.Nil(t, err, "Should not return error")
r, err := http.NewRequest("POST", "/secrets/message", bytes.NewReader(data))
assert.Nil(t, err, "Should not return error")
testDb := new(mocks.DB)
authSetup(testDb, r, nil)
testDb.On("GetRootSecret", &secrets.Secret{Name: "testsecret"}).Run(func(args mock.Arguments) {
args.Get(0).(*secrets.Secret).Name = secret.Name
args.Get(0).(*secrets.Secret).Nonce = secret.Nonce
args.Get(0).(*secrets.Secret).Message = secret.Message
args.Get(0).(*secrets.Secret).Key = secret.Key
}).Return(nil)
testDb.Mock.On("UpdateSecret", mock.AnythingOfType("*secrets.Secret")).Return(nil)
database = testDb
Update(w, r)
res := getResp(w.Body.Bytes())
assert.Contains(t, res, "response", "Result should contain response")
assert.Equal(t, "OK", res["response"])
}
func TestHealth(t *testing.T) {
w := httptest.NewRecorder()
testDb := new(mocks.DB)
testDb.On("Ping").Return(nil)
database = testDb
Health(w, nil)
res := getResp(w.Body.Bytes())
assert.Contains(t, res, "response", "Result should contain response")
assert.Equal(t, "OK", res["response"])
}
func TestListSecret(t *testing.T) {
w := httptest.NewRecorder()
m := mux.NewRouter()
addRoutes(m)
secretList := make([]secrets.Secret, 20)
for i := range secretList {
s, err := secrets.New(fmt.Sprintf("secret-%d", i), []byte("testmessage"))
secretList[i] = *s
assert.Nil(t, err, "Should not return error")
}
testDb := new(mocks.DB)
r, err := http.NewRequest("GET", "/secrets/list/secrets", nil)
assert.Nil(t, err, "Should not return error")
key := new(secrets.Key)
err = key.New("968cd432-c97a-11e5-9956-625662870761")
priv := key.Display()
assert.Nil(t, err, "Should not return error")
authSetup(testDb, r, priv)
pos := 0
testDb.On("ListSecrets", mock.Anything).Return(func(n int) ([]secrets.Secret, error) {
start := pos
end := pos + n
if start >= len(secretList) {
start = len(secretList)
}
if end >= len(secretList) {
end = len(secretList)
}
pos = end
return secretList[start:end], nil
})
database = testDb
m.ServeHTTP(w, r)
expected, err := json.MarshalIndent(secretList[0:10], "", " ")
assert.Nil(t, err, "Should not return error")
buf, err := json.MarshalIndent(secretList[10:], "", " ")
assert.Nil(t, err, "Should not return error")
expected = append(expected, buf...)
assert.Equal(t, expected, w.Body.Bytes())
}
func TestView(t *testing.T) {
w := httptest.NewRecorder()
root, err := secrets.New("testsecret", []byte("testmessage"))
assert.Nil(t, err, "Should not return error")
key := new(secrets.Key)
err = key.New("968cd432-c97a-11e5-9956-625662870761")
priv := key.Display()
assert.Nil(t, err, "Should not return error")
shared, err := root.Share(key)
assert.Nil(t, err, "Should not return error")
req := request{Name: "testsecret"}
data, err := json.Marshal(req)
assert.Nil(t, err, "Should not return error")
r, err := http.NewRequest("POST", "/secrets/view", bytes.NewReader(data))
assert.Nil(t, err, "Should not return error")
testDb := new(mocks.DB)
authSetup(testDb, r, priv)
testDb.On(
"GetSharedSecret",
&secrets.Secret{Name: "testsecret"},
&secrets.Key{Name: "968cd432-c97a-11e5-9956-625662870761"}).Run(
func(args mock.Arguments) {
args.Get(0).(*secrets.Secret).Name = shared.Name
args.Get(0).(*secrets.Secret).Nonce = shared.Nonce
args.Get(0).(*secrets.Secret).Message = shared.Message
args.Get(0).(*secrets.Secret).Pubkey = shared.Pubkey
args.Get(0).(*secrets.Secret).Key = shared.Key
}).Return(nil)
testDb.On("GetRootSecret", mock.AnythingOfType("*secrets.Secret")).Run(func(args mock.Arguments) {
args.Get(0).(*secrets.Secret).Name = root.Name
args.Get(0).(*secrets.Secret).Nonce = root.Nonce
args.Get(0).(*secrets.Secret).Message = root.Message
args.Get(0).(*secrets.Secret).Pubkey = root.Pubkey
args.Get(0).(*secrets.Secret).Key = root.Key
}).Return(nil)
database = testDb
View(w, r)
assert.Equal(t, "testmessage", string(w.Body.Bytes()))
}
func TestInititalise(t *testing.T) {
testDb := new(mocks.DB)
testDb.On("GetRootSecret", &secrets.Secret{Name: "master"}).Return(gorm.ErrRecordNotFound)
testDb.On("AddSecret", mock.AnythingOfType("*secrets.Secret")).Return(nil)
database = testDb
w := httptest.NewRecorder()
Initialise(w, nil)
res := getResp(w.Body.Bytes())
assert.Contains(t, res, "Id", "Result should contain Id")
assert.Contains(t, res, "Key", "Result should contain Key")
assert.Equal(t, "master", res["Id"], "Result name should be master")
testDb = new(mocks.DB)
testDb.On("GetRootSecret", &secrets.Secret{Name: "master"}).Return(nil)
database = testDb
w = httptest.NewRecorder()
Initialise(w, nil)
res = getResp(w.Body.Bytes())
assert.Equal(t, "Vault already initialised", res["error"], "Should return error")
}
func TestShare(t *testing.T) {
w := httptest.NewRecorder()
secret, err := secrets.New("testsecret", []byte("testmessage"))
assert.Nil(t, err, "Should not return error")
pub := new([32]byte)
curve25519.ScalarBaseMult(pub, &authKey)
req := request{Name: "testsecret", KeyID: "1-2-3-4"}
data, err := json.Marshal(req)
assert.Nil(t, err, "Should not return error")
r, err := http.NewRequest("POST", "/secrets/share", bytes.NewReader(data))
assert.Nil(t, err, "Should not return error")
testDb := new(mocks.DB)
authSetup(testDb, r, nil)
testDb.Mock.On("GetKey", mock.AnythingOfType("*secrets.Key")).Run(func(args mock.Arguments) {
args.Get(0).(*secrets.Key).Name = "1-2-3-4"
args.Get(0).(*secrets.Key).Public = pub[:]
}).Return(nil)
testDb.On("GetRootSecret", &secrets.Secret{Name: "testsecret"}).Run(func(args mock.Arguments) {
args.Get(0).(*secrets.Secret).Name = secret.Name
args.Get(0).(*secrets.Secret).Nonce = secret.Nonce
args.Get(0).(*secrets.Secret).Message = secret.Message
args.Get(0).(*secrets.Secret).Key = secret.Key
}).Return(nil)
testDb.On("AddSecret", mock.AnythingOfType("*secrets.Secret")).Return(nil)
database = testDb
Share(w, r)
res := getResp(w.Body.Bytes())
assert.Contains(t, res, "response", "Result should contain response")
assert.Equal(t, "OK", res["response"])
}
func authSetup(testDb *mocks.DB, req *http.Request, key []byte) {
priv := new([32]byte)
if key == nil {
priv = &authKey
} else {
copy(priv[:], key)
}
if req != nil {
req.Header = make(http.Header)
req.Header.Set("X-Secret-ID", "968cd432-c97a-11e5-9956-625662870761")
req.Header.Set("X-Secret-Key", base64.StdEncoding.EncodeToString(priv[:]))
}
pub := new([32]byte)
curve25519.ScalarBaseMult(pub, priv)
testDb.On("GetKey", &secrets.Key{Name: "968cd432-c97a-11e5-9956-625662870761"}).Run(func(args mock.Arguments) {
args.Get(0).(*secrets.Key).Name = "968cd432-c97a-11e5-9956-625662870761"
args.Get(0).(*secrets.Key).Public = pub[:]
}).Return(nil)
}