dapr
diff --git a/‎crypto/schemes/enc/v1/algorithms.go‎
Lines changed: 99 additions & 0 deletions b/‎crypto/schemes/enc/v1/algorithms.go‎
Lines changed: 99 additions & 0 deletions
diff --git a/‎crypto/schemes/enc/v1/algorithms_test.go‎
Lines changed: 108 additions & 0 deletions b/‎crypto/schemes/enc/v1/algorithms_test.go‎
Lines changed: 108 additions & 0 deletions
diff --git a/‎crypto/schemes/enc/v1/ciphers.go‎
Lines changed: 88 additions & 0 deletions b/‎crypto/schemes/enc/v1/ciphers.go‎
Lines changed: 88 additions & 0 deletions
@@ -0,0 +1,99 @@
+/*
+Copyright 2023 The Dapr Authors
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+	"errors"
+	"strconv"
+)
+
+// Algorithm used to wrap the file key.
+type KeyAlgorithm string
+
+const (
+	KeyAlgorithmAESKW      KeyAlgorithm = "AES-KW"
+	KeyAlgorithmRSAOAEP256 KeyAlgorithm = "RSA-OAEP-256"
+
+	KeyAlgorithmAES KeyAlgorithm = "AES" // Alias for AES-KW
+	KeyAlgorithmRSA KeyAlgorithm = "RSA" // Alias for RSA-OAEP-256
+)
+
+// Validate the passed algorithm and resolves aliases.
+func (a KeyAlgorithm) Validate() (KeyAlgorithm, error) {
+	switch a {
+	// Valid algorithms, not aliased
+	case KeyAlgorithmAESKW, KeyAlgorithmRSAOAEP256:
+		return a, nil
+
+	// Alias for AES-KW
+	case KeyAlgorithmAES:
+		return KeyAlgorithmAESKW, nil
+
+	// Alias for RSA-OAEP-256
+	case KeyAlgorithmRSA:
+		return KeyAlgorithmRSAOAEP256, nil
+
+	default:
+		return a, errors.New("algorithm " + string(a) + " is not supported")
+	}
+}
+
+// ID returns the numeric ID for the algorithm.
+func (a KeyAlgorithm) ID() int {
+	switch a {
+	case KeyAlgorithmAESKW, KeyAlgorithmAES:
+		return 1
+	case KeyAlgorithmRSAOAEP256, KeyAlgorithmRSA:
+		return 2
+	default:
+		return 0
+	}
+}
+
+// NewKeyAlgorithmFromID returns a KeyAlgorithm from its ID.
+func NewKeyAlgorithmFromID(id int) (KeyAlgorithm, error) {
+	switch id {
+	case 1:
+		return KeyAlgorithmAESKW, nil
+	case 2:
+		return KeyAlgorithmRSAOAEP256, nil
+	default:
+		return "", errors.New("algorithm ID " + strconv.Itoa(id) + " is not supported")
+	}
+}
+
+// MarhsalJSON implements json.Marshaler.
+func (a KeyAlgorithm) MarshalJSON() ([]byte, error) {
+	return []byte(strconv.Itoa(a.ID())), nil
+}
+
+// UnmarshalJSON implements json.Unmarshaler.
+func (a *KeyAlgorithm) UnmarshalJSON(dataB []byte) error {
+	data := string(dataB)
+	if data == "" || data == "null" {
+		return errors.New("value is empty")
+	}
+
+	id, err := strconv.Atoi(data)
+	if err != nil {
+		return errors.New("failed to parse value as number")
+	}
+
+	newA, err := NewKeyAlgorithmFromID(id)
+	if err != nil {
+		return err
+	}
+	*a = newA
+	return nil
+}
@@ -0,0 +1,108 @@
+/*
+Copyright 2023 The Dapr Authors
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+	"encoding/json"
+	"testing"
+)
+
+func TestKeyAlgorithmValidate(t *testing.T) {
+	tests := []struct {
+		name    string
+		a       KeyAlgorithm
+		want    KeyAlgorithm
+		wantErr bool
+	}{
+		{name: string(KeyAlgorithmAESKW), a: KeyAlgorithmAESKW, want: KeyAlgorithmAESKW},
+		{name: string(KeyAlgorithmAES) + " alias", a: KeyAlgorithmAES, want: KeyAlgorithmAESKW},
+		{name: string(KeyAlgorithmRSAOAEP256), a: KeyAlgorithmRSAOAEP256, want: KeyAlgorithmRSAOAEP256},
+		{name: string(KeyAlgorithmRSA) + " alias", a: KeyAlgorithmRSA, want: KeyAlgorithmRSAOAEP256},
+		{name: "invalid algorithm", a: "foo", wantErr: true},
+		{name: "empty algorithm", a: "", wantErr: true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := tt.a.Validate()
+			if tt.wantErr {
+				if err == nil {
+					t.Errorf("KeyAlgorithm.Validate() error = %v, wantErr %v", err, tt.wantErr)
+				}
+				return
+			} else if err != nil {
+				t.Errorf("KeyAlgorithm.Validate() error = %v, wantErr %v", err, tt.wantErr)
+			}
+			if got != tt.want {
+				t.Errorf("KeyAlgorithm.Validate() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestKeyAlgorithmMarshalJSON(t *testing.T) {
+	tests := []struct {
+		name    string
+		a       KeyAlgorithm
+		want    string
+		wantErr bool
+	}{
+		{name: string(KeyAlgorithmAESKW), a: KeyAlgorithmAESKW, want: "1"},
+		{name: string(KeyAlgorithmAES) + " alias", a: KeyAlgorithmAES, want: "1"},
+		{name: string(KeyAlgorithmRSAOAEP256), a: KeyAlgorithmRSAOAEP256, want: "2"},
+		{name: string(KeyAlgorithmRSA) + " alias", a: KeyAlgorithmRSA, want: "2"},
+		{name: "invalid algorithm", a: "foo", want: "0"},
+		{name: "empty algorithm", a: "", want: "0"},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := json.Marshal(tt.a)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("KeyAlgorithm.MarshalJSON() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if string(got) != tt.want {
+				t.Errorf("KeyAlgorithm.MarshalJSON() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestKeyAlgorithmUnmarshalJSON(t *testing.T) {
+	tests := []struct {
+		name    string
+		message string
+		want    KeyAlgorithm
+		wantErr bool
+	}{
+		{name: string(KeyAlgorithmAESKW), message: "1", want: KeyAlgorithmAESKW},
+		{name: string(KeyAlgorithmRSAOAEP256), message: "2", want: KeyAlgorithmRSAOAEP256},
+		{name: "invalid ID", message: "99", wantErr: true},
+		{name: "empty", message: "", wantErr: true},
+		{name: "JSON null", message: "null", wantErr: true},
+		{name: "JSON string", message: `"AES"`, wantErr: true},
+		{name: "JSON object", message: `{"foo":1}`, wantErr: true},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var a KeyAlgorithm
+			err := json.Unmarshal([]byte(tt.message), &a)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("KeyAlgorithm.UnmarshalJSON() error = %v, wantErr %v", err, tt.wantErr)
+			}
+			if a != tt.want {
+				t.Errorf("KeyAlgorithm.UnmarshalJSON() = %v, want %v", a, tt.want)
+			}
+		})
+	}
+}
@@ -0,0 +1,88 @@
+/*
+Copyright 2023 The Dapr Authors
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+	"errors"
+	"strconv"
+)
+
+// Cipher used to encrypt the file.
+type Cipher string
+
+const (
+	CipherAESGCM           Cipher = "AES-GCM"
+	CipherChaCha20Poly1305 Cipher = "ChaCha20-Poly1305"
+)
+
+// Validate the passed cipher and resolves aliases.
+func (a Cipher) Validate() (Cipher, error) {
+	switch a {
+	// Valid ciphers, not aliased
+	case CipherAESGCM, CipherChaCha20Poly1305:
+		return a, nil
+
+	default:
+		return a, errors.New("cipher " + string(a) + " is not supported")
+	}
+}
+
+// ID returns the numeric ID for the cipher.
+func (a Cipher) ID() int {
+	switch a {
+	case CipherAESGCM:
+		return 1
+	case CipherChaCha20Poly1305:
+		return 2
+	default:
+		return 0
+	}
+}
+
+// NewCipherFromID returns a Cipher from its ID.
+func NewCipherFromID(id int) (Cipher, error) {
+	switch id {
+	case 1:
+		return CipherAESGCM, nil
+	case 2:
+		return CipherChaCha20Poly1305, nil
+	default:
+		return "", errors.New("cipher ID " + strconv.Itoa(id) + " is not supported")
+	}
+}
+
+// MarhsalJSON implements json.Marshaler.
+func (a Cipher) MarshalJSON() ([]byte, error) {
+	return []byte(strconv.Itoa(a.ID())), nil
+}
+
+// UnmarshalJSON implements json.Unmarshaler.
+func (a *Cipher) UnmarshalJSON(dataB []byte) error {
+	data := string(dataB)
+	if data == "" || data == "null" {
+		return errors.New("value is empty")
+	}
+
+	id, err := strconv.Atoi(data)
+	if err != nil {
+		return errors.New("failed to parse value as number")
+	}
+
+	newA, err := NewCipherFromID(id)
+	if err != nil {
+		return err
+	}
+	*a = newA
+	return nil
+}