(ctx context.Context)
| 72 | } |
| 73 | |
| 74 | func (db *dbCrypt) GetDBCryptKeys(ctx context.Context) ([]database.DBCryptKey, error) { |
| 75 | ks, err := db.Store.GetDBCryptKeys(ctx) |
| 76 | if err != nil { |
| 77 | return nil, err |
| 78 | } |
| 79 | // Decrypt the test field to ensure that the key is valid. |
| 80 | for i := range ks { |
| 81 | if !ks[i].ActiveKeyDigest.Valid { |
| 82 | // Key has been revoked. We can't decrypt the test field, but |
| 83 | // we need to return it so that the caller knows that the key |
| 84 | // has been revoked. |
| 85 | continue |
| 86 | } |
| 87 | if err := db.decryptField(&ks[i].Test, ks[i].ActiveKeyDigest); err != nil { |
| 88 | return nil, err |
| 89 | } |
| 90 | } |
| 91 | return ks, nil |
| 92 | } |
| 93 | |
| 94 | // This does not need any special handling as it does not touch any encrypted fields. |
| 95 | // Explicitly defining this here to avoid confusion. |
no test coverage detected