1package vault 2 3import ( 4 "context" 5 "fmt" 6) 7 8// SealAccess is a wrapper around Seal that exposes accessor methods 9// through Core.SealAccess() while restricting the ability to modify 10// Core.seal itself. 11type SealAccess struct { 12 seal Seal 13} 14 15func NewSealAccess(seal Seal) *SealAccess { 16 return &SealAccess{seal: seal} 17} 18 19func (s *SealAccess) StoredKeysSupported() bool { 20 return s.seal.StoredKeysSupported() 21} 22 23func (s *SealAccess) BarrierType() string { 24 return s.seal.BarrierType() 25} 26 27func (s *SealAccess) BarrierConfig(ctx context.Context) (*SealConfig, error) { 28 return s.seal.BarrierConfig(ctx) 29} 30 31func (s *SealAccess) RecoveryKeySupported() bool { 32 return s.seal.RecoveryKeySupported() 33} 34 35func (s *SealAccess) RecoveryConfig(ctx context.Context) (*SealConfig, error) { 36 return s.seal.RecoveryConfig(ctx) 37} 38 39func (s *SealAccess) VerifyRecoveryKey(ctx context.Context, key []byte) error { 40 return s.seal.VerifyRecoveryKey(ctx, key) 41} 42 43func (s *SealAccess) ClearCaches(ctx context.Context) { 44 s.seal.SetBarrierConfig(ctx, nil) 45 if s.RecoveryKeySupported() { 46 s.seal.SetRecoveryConfig(ctx, nil) 47 } 48} 49 50type SealAccessTestingParams struct { 51 PretendToAllowStoredShares bool 52 PretendToAllowRecoveryKeys bool 53 PretendRecoveryKey []byte 54} 55 56func (s *SealAccess) SetTestingParams(params *SealAccessTestingParams) error { 57 d, ok := s.seal.(*defaultSeal) 58 if !ok { 59 return fmt.Errorf("not a defaultseal") 60 } 61 d.PretendToAllowRecoveryKeys = params.PretendToAllowRecoveryKeys 62 d.PretendToAllowStoredShares = params.PretendToAllowStoredShares 63 if params.PretendRecoveryKey != nil { 64 d.PretendRecoveryKey = params.PretendRecoveryKey 65 } 66 return nil 67} 68