Repository encryption support.

Contributed by Cynthia Shang.
2025-11-29 22:28:02 +02:00 · 2017-11-06 12:51:12 -05:00
parent f07d2a3d0d
commit b03c26968a
83 changed files with 3754 additions and 1868 deletions
--- a/test/lib/pgBackRestTest/Module/Common/CommonIniTest.pm
+++ b/test/lib/pgBackRestTest/Module/Common/CommonIniTest.pm
@@ -15,6 +15,8 @@ use English '-no_match_vars';
 use pgBackRest::Common::Exception;
 use pgBackRest::Common::Ini;
 use pgBackRest::Common::Log;
+use pgBackRest::Config::Config;
+use pgBackRest::Storage::Base;
 use pgBackRest::Version;

 use pgBackRestTest::Common::ExecuteTest;
@@ -280,6 +282,57 @@ sub run
        storageTest()->put($strTestFile, iniRender($hIni));

        $self->testResult(sub {new pgBackRest::Common::Ini($strTestFile)}, '[object]', 'invalid main header - load copy');
+
+        #---------------------------------------------------------------------------------------------------------------------------
+        # Prepend encryption Magic signature to copy (main invalid) to simulate encryption
+        executeTest('echo "' . CIPHER_MAGIC . '$(cat ' . $strTestFileCopy . ')" > ' . $strTestFileCopy);
+
+        $self->testException(sub {new pgBackRest::Common::Ini($strTestFile)}, ERROR_CIPHER,
+            "unable to parse '$strTestFileCopy'" .
+            "\nHINT: Is or was the repo encrypted?");
+
+        # Prepend encryption Magic signature to main to simulate encryption
+        executeTest('echo "' . CIPHER_MAGIC . '$(cat ' . $strTestFile . ')" > ' . $strTestFile);
+
+        $self->testException(sub {new pgBackRest::Common::Ini($strTestFile)}, ERROR_CIPHER,
+            "unable to parse '$strTestFile'" .
+            "\nHINT: Is or was the repo encrypted?");
+
+        # Encryption
+        #---------------------------------------------------------------------------------------------------------------------------
+        executeTest("rm -rf ${strTestFile}*");
+
+        my $strCipherPass = 'x';
+        my $strCipherPassSub = 'y';
+
+        # Unencrypted storage but a passphrase passed
+        $self->testException(sub {new pgBackRest::Common::Ini($strTestFile, {bLoad => false,
+            strCipherPass => $strCipherPass})}, ERROR_ASSERT,
+            "a user passphrase and sub passphrase are both required when encrypting");
+
+        # Unencrypted storage but a sub passphrase passed
+        $self->testException(sub {new pgBackRest::Common::Ini($strTestFile, {bLoad => false,
+            strCipherPassSub => $strCipherPassSub})}, ERROR_ASSERT,
+            "a user passphrase and sub passphrase are both required when encrypting");
+
+        # Create Encrypted storage
+        my $oStorage = new pgBackRest::Storage::Local($self->testPath(), new pgBackRest::Storage::Posix::Driver(),
+            {strCipherType => CFGOPTVAL_REPO_CIPHER_TYPE_AES_256_CBC, strCipherPassUser => $strCipherPass});
+
+        $self->testException(sub {new pgBackRest::Common::Ini($strTestFile, {oStorage => $oStorage})}, ERROR_CIPHER,
+            "passphrase is required when storage is encrypted");
+
+        $self->testException(sub {new pgBackRest::Common::Ini($strTestFile, {bLoad => false, oStorage => $oStorage,
+            strCipherPass => $strCipherPass})}, ERROR_ASSERT,
+            "a user passphrase and sub passphrase are both required when encrypting");
+
+        $oIni = $self->testResult(sub {
+            new pgBackRest::Common::Ini(
+                $strTestFile,
+                {bLoad => false, oStorage => $oStorage, strCipherPass => $strCipherPass, strCipherPassSub => $strCipherPassSub})},
+            '[object]', 'create new ini with encryption passphrases');
+        $self->testResult(sub {($oIni->cipherPassSub() eq $strCipherPassSub) &&
+            ($oIni->cipherPass() eq $strCipherPass)}, true, '    new ini has encryption passphrases');
    }

    ################################################################################################################################