Created
February 7, 2020 05:09
-
-
Save lumjjb/d68a36ebed38c2030431f6aa4bf47c8b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"fmt" | |
"github.com/containers/ocicrypt/config" | |
"github.com/containers/ocicrypt/keywrap" | |
"github.com/google/uuid" | |
"github.com/pkg/errors" | |
"io/ioutil" | |
"os" | |
"path/filepath" | |
) | |
type testKeyWrapper struct{} | |
func NewKeyWrapper() keywrap.KeyWrapper { | |
return &testKeyWrapper{} | |
} | |
func (kw *testKeyWrapper) WrapKeys(ec *config.EncryptConfig, optsData []byte) ([]byte, error) { | |
if len(ec.Parameters["test-file-path"]) == 0 { | |
return nil, nil | |
} | |
if len(ec.Parameters["test-file-path"]) > 1 { | |
return nil, errors.New("Only support 1 filepath") | |
} | |
filePath := ec.Parameters["test-file-path"][0] | |
id, err := uuid.NewRandom() | |
if err != nil { | |
return nil, err | |
} | |
if err := os.MkdirAll(string(filePath), 0755); err != nil { | |
return nil, err | |
} | |
targetPath := filepath.Join(string(filePath), id.String()) | |
if err := ioutil.WriteFile(targetPath, optsData, 0644); err != nil { | |
return nil, err | |
} | |
return []byte(targetPath), nil | |
} | |
func (kw *testKeyWrapper) UnwrapKey(dc *config.DecryptConfig, annotation []byte) ([]byte, error) { | |
v, err := ioutil.ReadFile(string(annotation)) | |
if err != nil { | |
return nil, err | |
} | |
return v, nil | |
} | |
func (kw *testKeyWrapper) GetAnnotationID() string { | |
return "org.opencontainers.image.enc.keys.testproto" | |
} | |
// GetPrivateKeys (optional) gets the array of private keys. It is an optional | |
// as in some key services, a private key may not be exportable (i.e. HSM) | |
func (kw *testKeyWrapper) GetPrivateKeys(dcparameters map[string][][]byte) [][]byte { | |
return nil | |
} | |
func (kw *testKeyWrapper) NoPossibleKeys(dcparameters map[string][][]byte) bool { | |
return false | |
} | |
// GetKeyIdsFromPacket (optional) gets a list of key IDs. This is optional as some encryption | |
// schemes may not have a notion of key IDs | |
func (kw *testKeyWrapper) GetKeyIdsFromPacket(packet string) ([]uint64, error) { | |
return nil, nil | |
} | |
// GetRecipients (optional) gets a list of recipients. It is optional due to the validity of | |
// recipients in a particular encryptiong scheme | |
func (kw *testKeyWrapper) GetRecipients(packet string) ([]string, error) { | |
return nil, nil | |
} | |
func main() { | |
ec := &config.EncryptConfig{ | |
Parameters: map[string][][]byte{ | |
"test-file-path": [][]byte{[]byte("/tmp/test-enc/")}, | |
}, | |
} | |
kw := NewKeyWrapper() | |
key := []byte("this-is-wrapped-key-opts") | |
annotation, err := kw.WrapKeys(ec, key) | |
if err != nil { | |
fmt.Printf("Error: %v", err) | |
os.Exit(1) | |
} | |
dc := &config.DecryptConfig{ | |
Parameters: map[string][][]byte{}, | |
} | |
out, err := kw.UnwrapKey(dc, annotation) | |
if err != nil { | |
fmt.Printf("Error: %v", err) | |
os.Exit(1) | |
} | |
if string(out) != string(key) { | |
fmt.Printf("BAD!!! Keys don't match!") | |
} else { | |
fmt.Printf("Keys match!") | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment