fixup! Config: Add -edit and encryption upgrade to cmd/config

gbjk · Nov 15, 2024 · 2b8ca24 · 2b8ca24
1 parent f447b18
commit 2b8ca24
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 34 deletions.
diff --git a/config/config_encryption.go b/config/config_encryption.go
@@ -25,6 +25,7 @@ const (
 var (
 	errAESBlockSize = errors.New("config file data is too small for the AES required block size")
 	errNoPrefix     = errors.New("data does not start with Encryption Prefix")
+	errKeyIsEmpty   = errors.New("key is empty")
 
 	// encryptionPrefix is a prefix to tell us the file is encrypted
 	encryptionPrefix = []byte("THORS-HAMMER")
@@ -79,8 +80,7 @@ func PromptForConfigKey(confirmKey bool) ([]byte, error) {
 	return nil, errors.New("No key entered")
 }
 
-// EncryptConfigFile encrypts configuration data that is parsed in with a key
-// and returns it as a byte array with an error
+// EncryptConfigFile encrypts json config data with a key
 func EncryptConfigFile(configData, key []byte) ([]byte, error) {
 	sessionDK, salt, err := makeNewSessionDK(key)
 	if err != nil {
@@ -93,10 +93,10 @@ func EncryptConfigFile(configData, key []byte) ([]byte, error) {
 	return c.encryptConfigFile(configData)
 }
 
-// encryptConfigFile encrypts configuration data that is passed in with a key
+// encryptConfigFile encrypts json config data with a key
 // The EncryptConfig field is set to config enabled (1)
 func (c *Config) encryptConfigFile(configData []byte) ([]byte, error) {
-	configData, err := jsonparser.Set(configData, []byte("1"), "EncryptConfig")
+	configData, err := jsonparser.Set(configData, []byte("1"), "encryptConfig")
 	if err != nil {
 		return nil, fmt.Errorf("error setting EncryptConfig true during encrypt config file: %w", err)
 	}
@@ -120,14 +120,12 @@ func (c *Config) encryptConfigFile(configData []byte) ([]byte, error) {
 	return appendedFile, nil
 }
 
-// DecryptConfigFile decrypts configuration data with the supplied key and
-// returns the un-encrypted data as a byte array with an error
+// DecryptConfigFile decrypts config data with a key
 func DecryptConfigFile(d, key []byte) ([]byte, error) {
 	return (&Config{}).decryptConfigData(d, key)
 }
 
-// decryptConfigData decrypts configuration data with the supplied key and
-// returns the un-encrypted data as a byte array with an error
+// decryptConfigData decrypts config data with a key
 func (c *Config) decryptConfigData(d, key []byte) ([]byte, error) {
 	if !bytes.HasPrefix(d, encryptionPrefix) {
 		return d, errNoPrefix
@@ -193,7 +191,7 @@ func IsFileEncrypted(f string) bool {
 
 func getScryptDK(key, salt []byte) ([]byte, error) {
 	if len(key) == 0 {
-		return nil, errors.New("key is empty")
+		return nil, errKeyIsEmpty
 	}
 	return scrypt.Key(key, salt, 32768, 8, 1, 32)
 }

diff --git a/config/config_encryption_test.go b/config/config_encryption_test.go
@@ -71,35 +71,21 @@ func TestEncryptConfigFile(t *testing.T) {
 
 func TestDecryptConfigFile(t *testing.T) {
 	t.Parallel()
-	result, err := EncryptConfigFile([]byte("test"), []byte("key"))
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	_, err = DecryptConfigFile(result, nil)
-	if err == nil {
-		t.Fatal("Expected error")
-	}
+	e, err := EncryptConfigFile([]byte(`{"test":1}`), []byte("key"))
+	require.NoError(t, err)
 
-	_, err = DecryptConfigFile([]byte("test"), nil)
-	if err == nil {
-		t.Fatal("Expected error")
-	}
+	d, err := DecryptConfigFile(e, []byte("key"))
+	require.NoError(t, err)
+	assert.Equal(t, `{"test":1,"encryptConfig":1}`, string(d), "encryptConfig should be set to 1 after first encryption")
 
-	_, err = DecryptConfigFile([]byte("test"), []byte("AAAAAAAAAAAAAAAA"))
-	if err == nil {
-		t.Fatalf("Expected %s", errAESBlockSize)
-	}
+	_, err = DecryptConfigFile(e, nil)
+	require.ErrorIs(t, err, errKeyIsEmpty)
 
-	result, err = EncryptConfigFile([]byte("test"), []byte("key"))
-	if err != nil {
-		t.Fatal(err)
-	}
+	_, err = DecryptConfigFile([]byte("test"), nil)
+	require.ErrorIs(t, err, errNoPrefix)
 
-	_, err = DecryptConfigFile(result, []byte("key"))
-	if err != nil {
-		t.Fatal(err)
-	}
+	_, err = DecryptConfigFile(encryptionPrefix, []byte("AAAAAAAAAAAAAAAA"))
+	require.ErrorIs(t, err, errAESBlockSize)
 }
 
 func TestIsEncrypted(t *testing.T) {