(ctx context.Context)
| 1005 | } |
| 1006 | |
| 1007 | func (db *dbCrypt) ensureEncrypted(ctx context.Context) error { |
| 1008 | return db.InTx(func(s database.Store) error { |
| 1009 | // Attempt to read the encrypted test fields of the currently active keys. |
| 1010 | ks, err := s.GetDBCryptKeys(ctx) |
| 1011 | if err != nil && !xerrors.Is(err, sql.ErrNoRows) { |
| 1012 | return err |
| 1013 | } |
| 1014 | |
| 1015 | var highestNumber int32 |
| 1016 | var activeCipherFound bool |
| 1017 | for _, k := range ks { |
| 1018 | // If our primary key has been revoked, then we can't do anything. |
| 1019 | if k.RevokedKeyDigest.Valid && k.RevokedKeyDigest.String == db.primaryCipherDigest { |
| 1020 | return xerrors.Errorf("primary encryption key %q has been revoked", db.primaryCipherDigest) |
| 1021 | } |
| 1022 | |
| 1023 | if k.ActiveKeyDigest.Valid && k.ActiveKeyDigest.String == db.primaryCipherDigest { |
| 1024 | activeCipherFound = true |
| 1025 | } |
| 1026 | |
| 1027 | if k.Number > highestNumber { |
| 1028 | highestNumber = k.Number |
| 1029 | } |
| 1030 | } |
| 1031 | |
| 1032 | if activeCipherFound || len(db.ciphers) == 0 { |
| 1033 | return nil |
| 1034 | } |
| 1035 | |
| 1036 | // If we get here, then we have a new key that we need to insert. |
| 1037 | return s.InsertDBCryptKey(ctx, database.InsertDBCryptKeyParams{ |
| 1038 | Number: highestNumber + 1, |
| 1039 | ActiveKeyDigest: db.primaryCipherDigest, |
| 1040 | Test: testValue, |
| 1041 | }) |
| 1042 | }, &database.TxOptions{Isolation: sql.LevelRepeatableRead}) |
| 1043 | } |
no test coverage detected