-
Notifications
You must be signed in to change notification settings - Fork 24
feat(sdk): Enable base key support. #2425
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 5 commits
Commits
Show all changes
34 commits
Select commit
Hold shift + click to select a range
15e7968
feat(sdk): Enable base key support.
c-r33d 1e3acd3
changes.
c-r33d 3e8b84b
check,
c-r33d 914a069
change public_key.
c-r33d 4cad58f
feat(sdk): Base key support.
c-r33d d7c56a8
Merge branch 'main' into feat/DSPX-1132-base-keys-sdk
c-r33d 01f474a
upgrade go.
c-r33d 85b398e
upgrade go.
c-r33d 1d38d46
linting.
c-r33d 98096a0
linting.
c-r33d e790de5
remove file.
c-r33d 13ecb7e
linting
c-r33d b22e072
fix tests.
c-r33d ef61431
tidy
c-r33d af54977
test.
c-r33d 594e68a
Merge branch 'main' into feat/DSPX-1132-base-keys-sdk
c-r33d ad667fb
Merge branch 'main' into feat/DSPX-1132-base-keys-sdk
c-r33d f8fea08
fix small keys bug.
c-r33d b7d9a28
linting.
c-r33d d35e9d6
fix underflow?
c-r33d e9bfc93
fix tests.
c-r33d d6d63cb
fix linting./
c-r33d 4711f7c
fix conditional.
c-r33d d072160
fix conditional.
c-r33d e84d98d
fix conditional.
c-r33d 9cf2de7
fix test.
c-r33d eb5dad7
refactor.
c-r33d c00a90f
refactor.
c-r33d 5ed7eb6
refactor.
c-r33d c5922f3
update.
c-r33d c3c5d17
update to enum.
c-r33d 8d76873
linting
c-r33d 347caa8
fix issues with nano.
c-r33d 9359071
Merge branch 'main' into feat/DSPX-1132-base-keys-sdk
c-r33d File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,137 @@ | ||
| package sdk | ||
|
|
||
| import ( | ||
| "context" | ||
| "encoding/json" | ||
| "errors" | ||
| "fmt" | ||
|
|
||
| "github.com/opentdf/platform/lib/ocrypto" | ||
| "github.com/opentdf/platform/protocol/go/policy" | ||
| "github.com/opentdf/platform/protocol/go/wellknownconfiguration" | ||
| "google.golang.org/protobuf/encoding/protojson" | ||
| ) | ||
|
|
||
| // Should match: | ||
| // https://github.com/opentdf/platform/blob/main/service/wellknownconfiguration/wellknown_configuration.go#L25 | ||
| const ( | ||
| baseKeyWellKnown = "base_key" | ||
| baseKeyAlg = "algorithm" | ||
| baseKeyPublicKey = "public_key" | ||
| wellKnownConfigKey = "configuration" | ||
| ) | ||
|
|
||
| var ( | ||
| errWellKnownConfigFormat = errors.New("well-known configuration has invalid format") | ||
| errBaseKeyNotFound = errors.New("base key not found in well-known configuration") | ||
| errBaseKeyInvalidFormat = errors.New("base key has invalid format") | ||
| errBaseKeyEmpty = errors.New("base key is empty or not provided") | ||
| errMarshalBaseKeyFailed = errors.New("failed to marshal base key configuration") | ||
| errUnmarshalBaseKeyFailed = errors.New("failed to unmarshal base key configuration") | ||
| ) | ||
|
|
||
| // TODO: Move this function to ocrypto? | ||
| func getKasKeyAlg(alg string) policy.Algorithm { | ||
| switch alg { | ||
| case string(ocrypto.RSA2048Key): | ||
| return policy.Algorithm_ALGORITHM_RSA_2048 | ||
| case "rsa:4096": | ||
| return policy.Algorithm_ALGORITHM_RSA_4096 | ||
| case string(ocrypto.EC256Key): | ||
| return policy.Algorithm_ALGORITHM_EC_P256 | ||
| case string(ocrypto.EC384Key): | ||
| return policy.Algorithm_ALGORITHM_EC_P384 | ||
| case string(ocrypto.EC521Key): | ||
| return policy.Algorithm_ALGORITHM_EC_P521 | ||
| default: | ||
| return policy.Algorithm_ALGORITHM_UNSPECIFIED | ||
| } | ||
| } | ||
|
|
||
| // TODO: Move this function to ocrypto? | ||
| func formatAlg(alg policy.Algorithm) (string, error) { | ||
| switch alg { | ||
| case policy.Algorithm_ALGORITHM_RSA_2048: | ||
| return string(ocrypto.RSA2048Key), nil | ||
| case policy.Algorithm_ALGORITHM_RSA_4096: | ||
| return "rsa:4096", nil | ||
| case policy.Algorithm_ALGORITHM_EC_P256: | ||
| return string(ocrypto.EC256Key), nil | ||
| case policy.Algorithm_ALGORITHM_EC_P384: | ||
| return string(ocrypto.EC384Key), nil | ||
| case policy.Algorithm_ALGORITHM_EC_P521: | ||
| return string(ocrypto.EC521Key), nil | ||
| case policy.Algorithm_ALGORITHM_UNSPECIFIED: | ||
| fallthrough | ||
| default: | ||
| return "", fmt.Errorf("unsupported algorithm: %s", alg) | ||
| } | ||
| } | ||
|
|
||
| func getBaseKey(ctx context.Context, s SDK) (*policy.SimpleKasKey, error) { | ||
| simpleKasKey := &policy.SimpleKasKey{} | ||
|
|
||
| req := &wellknownconfiguration.GetWellKnownConfigurationRequest{} | ||
| response, err := s.wellknownConfiguration.GetWellKnownConfiguration(ctx, req) | ||
| if err != nil { | ||
| return nil, errors.Join(errors.New("unable to retrieve config information, and none was provided"), err) | ||
| } | ||
| configuration := response.GetConfiguration() | ||
| if configuration == nil { | ||
| return nil, ErrWellKnowConfigEmpty | ||
| } | ||
| configStructure, ok := configuration.AsMap()[wellKnownConfigKey] | ||
| if !ok { | ||
| return nil, err | ||
| } | ||
|
|
||
| configMap, ok := configStructure.(map[string]interface{}) | ||
| if !ok { | ||
| return nil, errWellKnownConfigFormat | ||
| } | ||
|
|
||
| simpleKasKey, err = parseSimpleKasKey(configMap) | ||
| if err != nil { | ||
| return nil, err | ||
| } | ||
|
|
||
| return simpleKasKey, nil | ||
| } | ||
|
|
||
| func parseSimpleKasKey(configMap map[string]interface{}) (*policy.SimpleKasKey, error) { | ||
| simpleKasKey := &policy.SimpleKasKey{} | ||
| baseKey, ok := configMap[baseKeyWellKnown] | ||
| if !ok { | ||
| return nil, errBaseKeyNotFound | ||
| } | ||
|
|
||
| baseKeyMap, ok := baseKey.(map[string]interface{}) | ||
| if !ok { | ||
| return nil, errBaseKeyInvalidFormat | ||
| } | ||
| if len(baseKeyMap) == 0 { | ||
| return nil, errBaseKeyEmpty | ||
| } | ||
|
|
||
| publicKey, ok := baseKeyMap[baseKeyPublicKey].(map[string]interface{}) | ||
| if !ok { | ||
| return nil, errBaseKeyInvalidFormat | ||
| } | ||
|
|
||
| alg, ok := publicKey[baseKeyAlg].(string) | ||
| if !ok { | ||
| return nil, errBaseKeyInvalidFormat | ||
| } | ||
| publicKey[baseKeyAlg] = getKasKeyAlg(alg) | ||
| baseKeyMap[baseKeyPublicKey] = publicKey | ||
| configJSON, err := json.Marshal(baseKey) | ||
| if err != nil { | ||
| return nil, errors.Join(errMarshalBaseKeyFailed, err) | ||
| } | ||
|
|
||
| err = protojson.Unmarshal(configJSON, simpleKasKey) | ||
| if err != nil { | ||
| return nil, errors.Join(errUnmarshalBaseKeyFailed, err) | ||
| } | ||
| return simpleKasKey, nil | ||
| } | ||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.