Alan-Jowett / sonde / 26619330596 / 1
82%
main: 82%

DEFAULT BRANCH: main
Ran
Files 124
Run time 3s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 82.082% (-0.07%) from 82.154%
26619330596.1

push

github

web-flow 
fix: persist rotated master key to KeyProvider backend (GW-2014) (#1095)

* fix: persist rotated master key to KeyProvider backend (GW-2014)

After master key rotation the new key was only swapped in memory and
committed to the database, but never written back to the KeyProvider
backend (file, DPAPI blob, or keyring).  On restart the old key was
loaded from the provider and PSK decryption failed fatally.

Changes:

KeyProvider trait (key_provider.rs):
- Add \write_master_key(&self, key)\ and \is_writable(&self) -> bool\
  with default implementations (not-writable) so existing backends
  compile without changes.
- FileKeyProvider: atomic write-to-tmp + rename.
- DpapiKeyProvider: DPAPI encrypt + atomic file write.
- SecretServiceKeyProvider: delegates to \store_in_secret_service()\.
- EnvKeyProvider: returns \NotWritable\ (environment variables are
  read-only at runtime).
- Add unit tests for write round-trip and not-writable rejection.

Storage (sqlite_storage.rs):
- \commit_rotation()\ no longer deletes \pending_rotation\ — the
  record is retained as a crash-recovery marker until the key is
  persisted to the provider.
- Add \delete_pending_rotation()\ for explicit cleanup after
  \write_master_key()\ succeeds.
- Add \get_master_key_epoch()\ to support three-way epoch comparison
  during startup recovery.
- \load_pending_rotation_key()\ now tolerates the post-write/pre-delete
  state: when decryption fails but DB epoch == pending epoch, the record
  is a stale marker and \open()\ proceeds instead of failing fatally.

Rotation engine (rotation_engine.rs):
- Accept \Arc<dyn KeyProvider>\ in constructor; gate
  \handle_rotation_payload()\ on \is_writable()\.
- Post-commit persistence sequence in \xecute_rotation()\:
    1. DB commit (retains \pending_rotation\)
    2. \write_master_key()\ to provider
    3. \delete_pending_rotation()\
    4. Swap in-memory key
- Rewrite \esume_pending_rotation()\ with three-way epoch comparison:
    - epoch < pendi... (continued)

38251 of 46601 relevant lines covered (82.08%)

248.87 hits per line

Source Files on job 26619330596.1