lumjjb/Test-Key-Wrapper-ocicrypt

## Test-Key-Wrapper-ocicrypt
package main

import (
	"fmt"
	"github.com/containers/ocicrypt/config"
	"github.com/containers/ocicrypt/keywrap"
	"github.com/google/uuid"
	"github.com/pkg/errors"
	"io/ioutil"
	"os"
	"path/filepath"
)

type testKeyWrapper struct{}

func NewKeyWrapper() keywrap.KeyWrapper {
	return &testKeyWrapper{}
}

func (kw *testKeyWrapper) WrapKeys(ec *config.EncryptConfig, optsData []byte) ([]byte, error) {
	if len(ec.Parameters["test-file-path"]) == 0 {
		return nil, nil
	}

	if len(ec.Parameters["test-file-path"]) > 1 {
		return nil, errors.New("Only support 1 filepath")
	}

	filePath := ec.Parameters["test-file-path"][0]
	id, err := uuid.NewRandom()
	if err != nil {
		return nil, err
	}

	if err := os.MkdirAll(string(filePath), 0755); err != nil {
		return nil, err
	}
	targetPath := filepath.Join(string(filePath), id.String())
	if err := ioutil.WriteFile(targetPath, optsData, 0644); err != nil {
		return nil, err
	}

	return []byte(targetPath), nil
}

func (kw *testKeyWrapper) UnwrapKey(dc *config.DecryptConfig, annotation []byte) ([]byte, error) {
	v, err := ioutil.ReadFile(string(annotation))
	if err != nil {
		return nil, err
	}

	return v, nil
}

func (kw *testKeyWrapper) GetAnnotationID() string {
	return "org.opencontainers.image.enc.keys.testproto"
}

// GetPrivateKeys (optional) gets the array of private keys. It is an optional
// as in some key services, a private key may not be exportable (i.e. HSM)
func (kw *testKeyWrapper) GetPrivateKeys(dcparameters map[string][][]byte) [][]byte {
	return nil
}

func (kw *testKeyWrapper) NoPossibleKeys(dcparameters map[string][][]byte) bool {
	return false
}

// GetKeyIdsFromPacket (optional) gets a list of key IDs. This is optional as some encryption
// schemes may not have a notion of key IDs
func (kw *testKeyWrapper) GetKeyIdsFromPacket(packet string) ([]uint64, error) {
	return nil, nil
}

// GetRecipients (optional) gets a list of recipients. It is optional due to the validity of
// recipients in a particular encryptiong scheme
func (kw *testKeyWrapper) GetRecipients(packet string) ([]string, error) {
	return nil, nil
}

func main() {
	ec := &config.EncryptConfig{
		Parameters: map[string][][]byte{
			"test-file-path": [][]byte{[]byte("/tmp/test-enc/")},
		},
	}

	kw := NewKeyWrapper()
	key := []byte("this-is-wrapped-key-opts")
	annotation, err := kw.WrapKeys(ec, key)
	if err != nil {
		fmt.Printf("Error: %v", err)
		os.Exit(1)
	}

	dc := &config.DecryptConfig{
		Parameters: map[string][][]byte{},
	}

	out, err := kw.UnwrapKey(dc, annotation)
	if err != nil {
		fmt.Printf("Error: %v", err)
		os.Exit(1)
	}

	if string(out) != string(key) {
		fmt.Printf("BAD!!! Keys don't match!")
	} else {
		fmt.Printf("Keys match!")
	}

}
	package main

	import (
	"fmt"
	"github.com/containers/ocicrypt/config"
	"github.com/containers/ocicrypt/keywrap"
	"github.com/google/uuid"
	"github.com/pkg/errors"
	"io/ioutil"
	"os"
	"path/filepath"
	)

	type testKeyWrapper struct{}

	func NewKeyWrapper() keywrap.KeyWrapper {
	return &testKeyWrapper{}
	}

	func (kw testKeyWrapper) WrapKeys(ec config.EncryptConfig, optsData []byte) ([]byte, error) {
	if len(ec.Parameters["test-file-path"]) == 0 {
	return nil, nil
	}

	if len(ec.Parameters["test-file-path"]) > 1 {
	return nil, errors.New("Only support 1 filepath")
	}

	filePath := ec.Parameters["test-file-path"][0]
	id, err := uuid.NewRandom()
	if err != nil {
	return nil, err
	}

	if err := os.MkdirAll(string(filePath), 0755); err != nil {
	return nil, err
	}
	targetPath := filepath.Join(string(filePath), id.String())
	if err := ioutil.WriteFile(targetPath, optsData, 0644); err != nil {
	return nil, err
	}

	return []byte(targetPath), nil
	}

	func (kw testKeyWrapper) UnwrapKey(dc config.DecryptConfig, annotation []byte) ([]byte, error) {
	v, err := ioutil.ReadFile(string(annotation))
	if err != nil {
	return nil, err
	}

	return v, nil
	}

	func (kw *testKeyWrapper) GetAnnotationID() string {
	return "org.opencontainers.image.enc.keys.testproto"
	}

	// GetPrivateKeys (optional) gets the array of private keys. It is an optional
	// as in some key services, a private key may not be exportable (i.e. HSM)
	func (kw *testKeyWrapper) GetPrivateKeys(dcparameters map[string][][]byte) [][]byte {
	return nil
	}

	func (kw *testKeyWrapper) NoPossibleKeys(dcparameters map[string][][]byte) bool {
	return false
	}

	// GetKeyIdsFromPacket (optional) gets a list of key IDs. This is optional as some encryption
	// schemes may not have a notion of key IDs
	func (kw *testKeyWrapper) GetKeyIdsFromPacket(packet string) ([]uint64, error) {
	return nil, nil
	}

	// GetRecipients (optional) gets a list of recipients. It is optional due to the validity of
	// recipients in a particular encryptiong scheme
	func (kw *testKeyWrapper) GetRecipients(packet string) ([]string, error) {
	return nil, nil
	}

	func main() {
	ec := &config.EncryptConfig{
	Parameters: map[string][][]byte{
	"test-file-path": [][]byte{[]byte("/tmp/test-enc/")},
	},
	}

	kw := NewKeyWrapper()
	key := []byte("this-is-wrapped-key-opts")
	annotation, err := kw.WrapKeys(ec, key)
	if err != nil {
	fmt.Printf("Error: %v", err)
	os.Exit(1)
	}

	dc := &config.DecryptConfig{
	Parameters: map[string][][]byte{},
	}

	out, err := kw.UnwrapKey(dc, annotation)
	if err != nil {
	fmt.Printf("Error: %v", err)
	os.Exit(1)
	}

	if string(out) != string(key) {
	fmt.Printf("BAD!!! Keys don't match!")
	} else {
	fmt.Printf("Keys match!")
	}

	}