1 // Copyright 2022 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // 15 /////////////////////////////////////////////////////////////////////////////// 16 17 #include "tink/proto_keyset_format.h" 18 19 #include <ios> 20 #include <iostream> 21 #include <memory> 22 #include <ostream> 23 #include <sstream> 24 #include <string> 25 #include <utility> 26 27 #include "tink/binary_keyset_reader.h" 28 #include "tink/binary_keyset_writer.h" 29 #include "tink/cleartext_keyset_handle.h" 30 #include "tink/util/secret_data.h" 31 32 namespace crypto { 33 namespace tink { 34 ParseKeysetFromProtoKeysetFormat(absl::string_view serialized_keyset,SecretKeyAccessToken token)35crypto::tink::util::StatusOr<KeysetHandle> ParseKeysetFromProtoKeysetFormat( 36 absl::string_view serialized_keyset, SecretKeyAccessToken token) { 37 crypto::tink::util::StatusOr<std::unique_ptr<crypto::tink::KeysetReader>> 38 keyset_reader = BinaryKeysetReader::New(serialized_keyset); 39 if (!keyset_reader.ok()) { 40 return keyset_reader.status(); 41 } 42 crypto::tink::util::StatusOr<std::unique_ptr<KeysetHandle>> result = 43 CleartextKeysetHandle::Read(std::move(*keyset_reader)); 44 if (!result.ok()) { 45 return result.status(); 46 } 47 return std::move(**result); 48 } 49 50 crypto::tink::util::StatusOr<util::SecretData> SerializeKeysetToProtoKeysetFormat(const KeysetHandle & keyset_handle,SecretKeyAccessToken token)51SerializeKeysetToProtoKeysetFormat(const KeysetHandle& keyset_handle, 52 SecretKeyAccessToken token) { 53 std::stringbuf string_buf(std::ios_base::out); 54 crypto::tink::util::StatusOr<std::unique_ptr<BinaryKeysetWriter>> 55 keyset_writer = BinaryKeysetWriter::New( 56 std::make_unique<std::ostream>(&string_buf)); 57 if (!keyset_writer.ok()) { 58 return keyset_writer.status(); 59 } 60 crypto::tink::util::Status status = 61 CleartextKeysetHandle::Write(keyset_writer->get(), keyset_handle); 62 if (!status.ok()) { 63 return status; 64 } 65 // TODO(tholenst): directly write into a secret data. 66 return util::SecretDataFromStringView(string_buf.str()); 67 } 68 69 crypto::tink::util::StatusOr<KeysetHandle> ParseKeysetWithoutSecretFromProtoKeysetFormat(absl::string_view serialized_keyset)70ParseKeysetWithoutSecretFromProtoKeysetFormat( 71 absl::string_view serialized_keyset) { 72 std::string keyset_copy = std::string(serialized_keyset); 73 crypto::tink::util::StatusOr<std::unique_ptr<KeysetHandle>> result = 74 KeysetHandle::ReadNoSecret(keyset_copy); 75 if (!result.ok()) { 76 return result.status(); 77 } 78 return std::move(**result); 79 } 80 81 crypto::tink::util::StatusOr<std::string> SerializeKeysetWithoutSecretToProtoKeysetFormat(const KeysetHandle & keyset_handle)82SerializeKeysetWithoutSecretToProtoKeysetFormat( 83 const KeysetHandle& keyset_handle) { 84 std::stringbuf string_buf(std::ios_base::out); 85 crypto::tink::util::StatusOr<std::unique_ptr<BinaryKeysetWriter>> 86 keyset_writer = BinaryKeysetWriter::New( 87 std::make_unique<std::ostream>(&string_buf)); 88 if (!keyset_writer.ok()) { 89 return keyset_writer.status(); 90 } 91 crypto::tink::util::Status status = 92 keyset_handle.WriteNoSecret(keyset_writer->get()); 93 if (!status.ok()) { 94 return status; 95 } 96 return string_buf.str(); 97 } 98 99 } // namespace tink 100 } // namespace crypto 101 102