From ee019569782482d3a00034a54b361e3be3be6f63 Mon Sep 17 00:00:00 2001 From: Elle Mouton Date: Wed, 17 May 2023 14:02:57 +0200 Subject: [PATCH] macaroons: demo GenerateNewRootKey bug This commit adds to the existing TestStoreGenerateNewRootKey to show that the method only successfully regenerates the root key in the default root key ID location. This will be fixed in an upcoming commit. --- macaroons/store_test.go | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/macaroons/store_test.go b/macaroons/store_test.go index a9a49edda..83692b627 100644 --- a/macaroons/store_test.go +++ b/macaroons/store_test.go @@ -16,6 +16,10 @@ var ( defaultRootKeyIDContext = macaroons.ContextWithRootKeyID( context.Background(), macaroons.DefaultRootKeyID, ) + + nonDefaultRootKeyIDContext = macaroons.ContextWithRootKeyID( + context.Background(), []byte{1}, + ) ) // newTestStore creates a new bolt DB in a temporary directory and then @@ -132,7 +136,9 @@ func TestStore(t *testing.T) { } // TestStoreGenerateNewRootKey tests that a root key can be replaced with a new -// one in the store without changing the password. +// one in the store without changing the password. Also demonstrate that at the +// moment, only the default root key will be replaced. This is a bug that will +// be fixed in an upcoming commit. func TestStoreGenerateNewRootKey(t *testing.T) { _, store := newTestStore(t) @@ -140,23 +146,35 @@ func TestStoreGenerateNewRootKey(t *testing.T) { err := store.GenerateNewRootKey() require.Equal(t, macaroons.ErrStoreLocked, err) - // Unlock the store and read the current key. + // Unlock the store. pw := []byte("weks") err = store.CreateUnlock(&pw) require.NoError(t, err) - oldRootKey, _, err := store.RootKey(defaultRootKeyIDContext) + + // Read the default root key. + oldRootKey1, _, err := store.RootKey(defaultRootKeyIDContext) require.NoError(t, err) - // Replace the root key with a new random key. + // Read the non-default root-key. + oldRootKey2, _, err := store.RootKey(nonDefaultRootKeyIDContext) + require.NoError(t, err) + + // Attempt to replace the root keys with new random keys. err = store.GenerateNewRootKey() require.NoError(t, err) - // Finally, read the root key from the DB and compare it to the one + // Finally, read both root keys from the DB and compare them to the ones // we got returned earlier. This makes sure that the encryption/ // decryption of the key in the DB worked as expected too. - newRootKey, _, err := store.RootKey(defaultRootKeyIDContext) + // Currently, this is only successful for the default root key and not + // for non-default key. This will be fixed in an upcoming commit. + newRootKey1, _, err := store.RootKey(defaultRootKeyIDContext) require.NoError(t, err) - require.NotEqual(t, oldRootKey, newRootKey) + require.NotEqual(t, oldRootKey1, newRootKey1) + + newRootKey2, _, err := store.RootKey(nonDefaultRootKeyIDContext) + require.NoError(t, err) + require.Equal(t, oldRootKey2, newRootKey2) } // TestStoreSetRootKey tests that a root key can be set to a specified value.