e15b908983
* EE-319: backup endpoint (#193) * feat(backup): * add an orbiter to block writes while backup * add backup handler * add an ability to tar.gz a dir * add aes encryption support * EE-320: restore endpoint (#196) * feat(backup): * add restore handler * re-init system state after restore * feat(backup): Update server to respect readonly lock (#199) * feat(backup): EE-322 Add backup and restore screen (#198) Co-authored-by: Simon Meng <simon.meng@portainer.io> * name archive as portainer-backup_yyyy-mm-dd_hh-mm-ss * backup custom templates and edge jobs * restart http and proxy servers after restore to re-init internal state * feat(backup): EE-322 hide password field if password protect toggle is off * feat(backup): EE-322 add tooltip for password field of restore backup * feat(backup): EE-322 wait for backend restart after restoring * Shutdown background go-routines * changed restore err message when cannot extract * fix: symlinks are ignored from backups * replace single admin check with a restartable monitor (#238) * clean log Co-authored-by: Maxime Bajeux <max.bajeux@gmail.com> Co-authored-by: cong meng <mcpacino@gmail.com> Co-authored-by: Simon Meng <simon.meng@portainer.io>
132 lines
4.2 KiB
Go
132 lines
4.2 KiB
Go
package crypto
|
|
|
|
import (
|
|
"io"
|
|
"io/ioutil"
|
|
"os"
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func Test_encryptAndDecrypt_withTheSamePassword(t *testing.T) {
|
|
tmpdir, _ := os.MkdirTemp("", "encrypt")
|
|
defer os.RemoveAll(tmpdir)
|
|
|
|
var (
|
|
originFilePath = filepath.Join(tmpdir, "origin")
|
|
encryptedFilePath = filepath.Join(tmpdir, "encrypted")
|
|
decryptedFilePath = filepath.Join(tmpdir, "decrypted")
|
|
)
|
|
|
|
content := []byte("content")
|
|
ioutil.WriteFile(originFilePath, content, 0600)
|
|
|
|
originFile, _ := os.Open(originFilePath)
|
|
defer originFile.Close()
|
|
|
|
encryptedFileWriter, _ := os.Create(encryptedFilePath)
|
|
defer encryptedFileWriter.Close()
|
|
|
|
err := AesEncrypt(originFile, encryptedFileWriter, []byte("passphrase"))
|
|
assert.Nil(t, err, "Failed to encrypt a file")
|
|
encryptedContent, err := ioutil.ReadFile(encryptedFilePath)
|
|
assert.Nil(t, err, "Couldn't read encrypted file")
|
|
assert.NotEqual(t, encryptedContent, content, "Content wasn't encrypted")
|
|
|
|
encryptedFileReader, _ := os.Open(encryptedFilePath)
|
|
defer encryptedFileReader.Close()
|
|
|
|
decryptedFileWriter, _ := os.Create(decryptedFilePath)
|
|
defer decryptedFileWriter.Close()
|
|
|
|
decryptedReader, err := AesDecrypt(encryptedFileReader, []byte("passphrase"))
|
|
assert.Nil(t, err, "Failed to decrypt file")
|
|
|
|
io.Copy(decryptedFileWriter, decryptedReader)
|
|
|
|
decryptedContent, _ := ioutil.ReadFile(decryptedFilePath)
|
|
assert.Equal(t, content, decryptedContent, "Original and decrypted content should match")
|
|
}
|
|
|
|
func Test_encryptAndDecrypt_withEmptyPassword(t *testing.T) {
|
|
tmpdir, _ := os.MkdirTemp("", "encrypt")
|
|
defer os.RemoveAll(tmpdir)
|
|
|
|
var (
|
|
originFilePath = filepath.Join(tmpdir, "origin")
|
|
encryptedFilePath = filepath.Join(tmpdir, "encrypted")
|
|
decryptedFilePath = filepath.Join(tmpdir, "decrypted")
|
|
)
|
|
|
|
content := []byte("content")
|
|
ioutil.WriteFile(originFilePath, content, 0600)
|
|
|
|
originFile, _ := os.Open(originFilePath)
|
|
defer originFile.Close()
|
|
|
|
encryptedFileWriter, _ := os.Create(encryptedFilePath)
|
|
defer encryptedFileWriter.Close()
|
|
|
|
err := AesEncrypt(originFile, encryptedFileWriter, []byte(""))
|
|
assert.Nil(t, err, "Failed to encrypt a file")
|
|
encryptedContent, err := ioutil.ReadFile(encryptedFilePath)
|
|
assert.Nil(t, err, "Couldn't read encrypted file")
|
|
assert.NotEqual(t, encryptedContent, content, "Content wasn't encrypted")
|
|
|
|
encryptedFileReader, _ := os.Open(encryptedFilePath)
|
|
defer encryptedFileReader.Close()
|
|
|
|
decryptedFileWriter, _ := os.Create(decryptedFilePath)
|
|
defer decryptedFileWriter.Close()
|
|
|
|
decryptedReader, err := AesDecrypt(encryptedFileReader, []byte(""))
|
|
assert.Nil(t, err, "Failed to decrypt file")
|
|
|
|
io.Copy(decryptedFileWriter, decryptedReader)
|
|
|
|
decryptedContent, _ := ioutil.ReadFile(decryptedFilePath)
|
|
assert.Equal(t, content, decryptedContent, "Original and decrypted content should match")
|
|
}
|
|
|
|
func Test_decryptWithDifferentPassphrase_shouldProduceWrongResult(t *testing.T) {
|
|
tmpdir, _ := os.MkdirTemp("", "encrypt")
|
|
defer os.RemoveAll(tmpdir)
|
|
|
|
var (
|
|
originFilePath = filepath.Join(tmpdir, "origin")
|
|
encryptedFilePath = filepath.Join(tmpdir, "encrypted")
|
|
decryptedFilePath = filepath.Join(tmpdir, "decrypted")
|
|
)
|
|
|
|
content := []byte("content")
|
|
ioutil.WriteFile(originFilePath, content, 0600)
|
|
|
|
originFile, _ := os.Open(originFilePath)
|
|
defer originFile.Close()
|
|
|
|
encryptedFileWriter, _ := os.Create(encryptedFilePath)
|
|
defer encryptedFileWriter.Close()
|
|
|
|
err := AesEncrypt(originFile, encryptedFileWriter, []byte("passphrase"))
|
|
assert.Nil(t, err, "Failed to encrypt a file")
|
|
encryptedContent, err := ioutil.ReadFile(encryptedFilePath)
|
|
assert.Nil(t, err, "Couldn't read encrypted file")
|
|
assert.NotEqual(t, encryptedContent, content, "Content wasn't encrypted")
|
|
|
|
encryptedFileReader, _ := os.Open(encryptedFilePath)
|
|
defer encryptedFileReader.Close()
|
|
|
|
decryptedFileWriter, _ := os.Create(decryptedFilePath)
|
|
defer decryptedFileWriter.Close()
|
|
|
|
decryptedReader, err := AesDecrypt(encryptedFileReader, []byte("garbage"))
|
|
assert.Nil(t, err, "Should allow to decrypt with wrong passphrase")
|
|
|
|
io.Copy(decryptedFileWriter, decryptedReader)
|
|
|
|
decryptedContent, _ := ioutil.ReadFile(decryptedFilePath)
|
|
assert.NotEqual(t, content, decryptedContent, "Original and decrypted content should NOT match")
|
|
}
|