lumjjb/Interfaces_example.go

## Interfaces_example.go
// GetPrivateKeyFromBroker will obtain the Wrapped(privatekey) at keyUrl via the
// workload service at wlsUrl, authenticated with wlsCertificate.
//
// It will then communicate with the local TPM to unwrap the private key.
func GetPrivateKeyFromBroker(wlsUrl string, wlsCertificate []byte, keyUrl string) (privateKey []byte, err error) {
        privateKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAnYarY9vO4oiCgMqIWNStjUdg+1x0NKKxVBLXhkUsY6JiTSUl
j8I3NThHIpML2A9T0GNSCXFpWob3ORxd0LlPrqSNhXl0PrJlJoT4f1ExV44Rjzww
IeqvK3d/KktCQlSbvo4111I4TRHMG1ywtz38NxE2ID/yyoH5rlUZtKY4pOBV+ktP
1V3hCfwPJJAyf/xuGgzpijUCjJYVtmsmGshxbo3JwGKTAXHD7CmCRXv3eqjHVqPV
qWjvfj4KuL0TkncjUmYL7LL/fk7Loxdlhs7QfbpN2n9Uj9epE6EFPPPWMbwcd/FE
TKOJGZCgslfARZisEmvG+5HVEuPKV7uG4Qmb1wIDAQABAoIBAHjyAvmCtM99XCWi
WxlJAY9tdGrJy3b2SwxwAwZWagR9ktgEY1iDF3xHH2bOW9OhwQpIl54kc21MHti8
jNNK1IEUWoxWeggBVGREx76JCkddDuJYpeQEmkXXU82XRuJCr+mYqoIN4Khbt8hy
XEP01Yc6McKFFtahAKD3OetXjDoZx8sWMG5hAVUssA/QTfxt5a6enZl0W/sW95t1
MFQusNh2B2NGvogj/l/NQ9WxQlG611wQjgnaPHM6qlDJEJwlUQ6fskqyyN/AdoyH
eTPtFcFIRgT4VlU5qeR3bJcDsriCqA1Q9En48RUMRgV8ErguXn5dwd7dbze/TLF2
sFMTZWECgYEAyUHOMYYV/UdkgbyRi+S9zmOBTbnZ42FHWwNJXV3yPv0sTW51Kt92
a5KspesKkmjDjbHsE+13KeA7bSpchpk7NZ1eDdYSDNKJSgtn6UfJrB15QUi94W67
pVxB/unRW8eNFUjKHk8SkNcOwTsQUbVbgxELW+JLuDnisiG1z+YOylkCgYEAyF+6
1X4R1HIGJCkj334iO/joM998nyWDUmFrnflf3QkucnlQsrvCG0SzkzqUHOGjZ+fl
PWHUqK5yozIxNUl3cqXGTnDL7jYjbsiWedE8ytd/hMtQwHa20MxqyslzkP4gFn+F
usygiFeFxlgpm2owH0jD4WyIFryKl0lJi1b8ca8CgYB8R2yi3GA71ZhVHTLrpkcn
af7xFnFcnjfIFhF53Ie5KfHvpuQno3KnHx4KH0iZ/KO1nkdgTuWlMFjCIsScQYd0
pkbsWGMxE9m/pad3QONiq5izHc5TpWOuy3fdiFnGSUXv/NEDQmT+mC7+WBDNxCZM
m3veM7H6g5Rf171EMpazkQKBgQCSeMAXvi+Eb9Gjb1tkzUxzMJF1EeKEZ6SmfMZx
VVDJQCPu1FW0QeIzkrX+YuzQa/TKSM7fXvtYTyVHvLIR9OFXMm1S+8tnF7YxDnpJ
FDXvRTZXOVSPTHh5C2TpVfefvtRv/cog8eJLqEcG5X2MuUPyKnvd9jtI+4wH6S/U
psKkywKBgG/puad5nURLWwMGnWXqgs/ZvYP40wZ1ukkiTJf2037clwH41c/OuikM
3gQRxRtYAAuOsugcQRxcTqqxK0wwCd6cJbVOYS2u1YrWlq+rIKsj+Dpfl9QvL5iG
Tsm/LQaJgmcu66cHvJrMNRbusIUiAy+041X08dD+GkDeJoGsJIc+
-----END RSA PRIVATE KEY-----`)
        return privateKey, nil
}

// GetPublicKeyFromBroker will connect to a KBS at kbsUrl with certificate
// kbsCert. It will use uid for authentication with AAS.
//
// If keyUrl == "", it will generate a new key pair and return the public
// key and the associated keyUrl = kbsUrl/keyId
// Else, it will obtain the public key of the given keyUrl
func GetPublicKeyFromBroker(kbsUrl string, kbsCert []byte, uid string, keyUrl string) (publicKey []byte, retKeyUrl string, err error) {
        publicKey = []byte(`-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYarY9vO4oiCgMqIWNSt
jUdg+1x0NKKxVBLXhkUsY6JiTSUlj8I3NThHIpML2A9T0GNSCXFpWob3ORxd0LlP
rqSNhXl0PrJlJoT4f1ExV44RjzwwIeqvK3d/KktCQlSbvo4111I4TRHMG1ywtz38
NxE2ID/yyoH5rlUZtKY4pOBV+ktP1V3hCfwPJJAyf/xuGgzpijUCjJYVtmsmGshx
bo3JwGKTAXHD7CmCRXv3eqjHVqPVqWjvfj4KuL0TkncjUmYL7LL/fk7Loxdlhs7Q
fbpN2n9Uj9epE6EFPPPWMbwcd/FETKOJGZCgslfARZisEmvG+5HVEuPKV7uG4Qmb
1wIDAQAB
-----END PUBLIC KEY-----`)
        return publicKey, kbsUrl + "/" + "some-key-id-xxx", nil
}
	// GetPrivateKeyFromBroker will obtain the Wrapped(privatekey) at keyUrl via the
	// workload service at wlsUrl, authenticated with wlsCertificate.
	//
	// It will then communicate with the local TPM to unwrap the private key.
	func GetPrivateKeyFromBroker(wlsUrl string, wlsCertificate []byte, keyUrl string) (privateKey []byte, err error) {
	privateKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
	MIIEowIBAAKCAQEAnYarY9vO4oiCgMqIWNStjUdg+1x0NKKxVBLXhkUsY6JiTSUl
	j8I3NThHIpML2A9T0GNSCXFpWob3ORxd0LlPrqSNhXl0PrJlJoT4f1ExV44Rjzww
	IeqvK3d/KktCQlSbvo4111I4TRHMG1ywtz38NxE2ID/yyoH5rlUZtKY4pOBV+ktP
	1V3hCfwPJJAyf/xuGgzpijUCjJYVtmsmGshxbo3JwGKTAXHD7CmCRXv3eqjHVqPV
	qWjvfj4KuL0TkncjUmYL7LL/fk7Loxdlhs7QfbpN2n9Uj9epE6EFPPPWMbwcd/FE
	TKOJGZCgslfARZisEmvG+5HVEuPKV7uG4Qmb1wIDAQABAoIBAHjyAvmCtM99XCWi
	WxlJAY9tdGrJy3b2SwxwAwZWagR9ktgEY1iDF3xHH2bOW9OhwQpIl54kc21MHti8
	jNNK1IEUWoxWeggBVGREx76JCkddDuJYpeQEmkXXU82XRuJCr+mYqoIN4Khbt8hy
	XEP01Yc6McKFFtahAKD3OetXjDoZx8sWMG5hAVUssA/QTfxt5a6enZl0W/sW95t1
	MFQusNh2B2NGvogj/l/NQ9WxQlG611wQjgnaPHM6qlDJEJwlUQ6fskqyyN/AdoyH
	eTPtFcFIRgT4VlU5qeR3bJcDsriCqA1Q9En48RUMRgV8ErguXn5dwd7dbze/TLF2
	sFMTZWECgYEAyUHOMYYV/UdkgbyRi+S9zmOBTbnZ42FHWwNJXV3yPv0sTW51Kt92
	a5KspesKkmjDjbHsE+13KeA7bSpchpk7NZ1eDdYSDNKJSgtn6UfJrB15QUi94W67
	pVxB/unRW8eNFUjKHk8SkNcOwTsQUbVbgxELW+JLuDnisiG1z+YOylkCgYEAyF+6
	1X4R1HIGJCkj334iO/joM998nyWDUmFrnflf3QkucnlQsrvCG0SzkzqUHOGjZ+fl
	PWHUqK5yozIxNUl3cqXGTnDL7jYjbsiWedE8ytd/hMtQwHa20MxqyslzkP4gFn+F
	usygiFeFxlgpm2owH0jD4WyIFryKl0lJi1b8ca8CgYB8R2yi3GA71ZhVHTLrpkcn
	af7xFnFcnjfIFhF53Ie5KfHvpuQno3KnHx4KH0iZ/KO1nkdgTuWlMFjCIsScQYd0
	pkbsWGMxE9m/pad3QONiq5izHc5TpWOuy3fdiFnGSUXv/NEDQmT+mC7+WBDNxCZM
	m3veM7H6g5Rf171EMpazkQKBgQCSeMAXvi+Eb9Gjb1tkzUxzMJF1EeKEZ6SmfMZx
	VVDJQCPu1FW0QeIzkrX+YuzQa/TKSM7fXvtYTyVHvLIR9OFXMm1S+8tnF7YxDnpJ
	FDXvRTZXOVSPTHh5C2TpVfefvtRv/cog8eJLqEcG5X2MuUPyKnvd9jtI+4wH6S/U
	psKkywKBgG/puad5nURLWwMGnWXqgs/ZvYP40wZ1ukkiTJf2037clwH41c/OuikM
	3gQRxRtYAAuOsugcQRxcTqqxK0wwCd6cJbVOYS2u1YrWlq+rIKsj+Dpfl9QvL5iG
	Tsm/LQaJgmcu66cHvJrMNRbusIUiAy+041X08dD+GkDeJoGsJIc+
	-----END RSA PRIVATE KEY-----`)
	return privateKey, nil
	}

	// GetPublicKeyFromBroker will connect to a KBS at kbsUrl with certificate
	// kbsCert. It will use uid for authentication with AAS.
	//
	// If keyUrl == "", it will generate a new key pair and return the public
	// key and the associated keyUrl = kbsUrl/keyId
	// Else, it will obtain the public key of the given keyUrl
	func GetPublicKeyFromBroker(kbsUrl string, kbsCert []byte, uid string, keyUrl string) (publicKey []byte, retKeyUrl string, err error) {
	publicKey = []byte(`-----BEGIN PUBLIC KEY-----
	MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYarY9vO4oiCgMqIWNSt
	jUdg+1x0NKKxVBLXhkUsY6JiTSUlj8I3NThHIpML2A9T0GNSCXFpWob3ORxd0LlP
	rqSNhXl0PrJlJoT4f1ExV44RjzwwIeqvK3d/KktCQlSbvo4111I4TRHMG1ywtz38
	NxE2ID/yyoH5rlUZtKY4pOBV+ktP1V3hCfwPJJAyf/xuGgzpijUCjJYVtmsmGshx
	bo3JwGKTAXHD7CmCRXv3eqjHVqPVqWjvfj4KuL0TkncjUmYL7LL/fk7Loxdlhs7Q
	fbpN2n9Uj9epE6EFPPPWMbwcd/FETKOJGZCgslfARZisEmvG+5HVEuPKV7uG4Qmb
	1wIDAQAB
	-----END PUBLIC KEY-----`)
	return publicKey, kbsUrl + "/" + "some-key-id-xxx", nil
	}