1*e7b1675dSTing-Kang Chang // Copyright 2020 Google LLC 2*e7b1675dSTing-Kang Chang // 3*e7b1675dSTing-Kang Chang // Licensed under the Apache License, Version 2.0 (the "License"); 4*e7b1675dSTing-Kang Chang // you may not use this file except in compliance with the License. 5*e7b1675dSTing-Kang Chang // You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang // 7*e7b1675dSTing-Kang Chang // http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang // 9*e7b1675dSTing-Kang Chang // Unless required by applicable law or agreed to in writing, software 10*e7b1675dSTing-Kang Chang // distributed under the License is distributed on an "AS IS" BASIS, 11*e7b1675dSTing-Kang Chang // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e7b1675dSTing-Kang Chang // See the License for the specific language governing permissions and 13*e7b1675dSTing-Kang Chang // limitations under the License. 14*e7b1675dSTing-Kang Chang // 15*e7b1675dSTing-Kang Chang /////////////////////////////////////////////////////////////////////////////// 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Chang #ifndef TINK_UTIL_FAKE_KMS_CLIENT_H_ 18*e7b1675dSTing-Kang Chang #define TINK_UTIL_FAKE_KMS_CLIENT_H_ 19*e7b1675dSTing-Kang Chang 20*e7b1675dSTing-Kang Chang #include <memory> 21*e7b1675dSTing-Kang Chang #include <string> 22*e7b1675dSTing-Kang Chang 23*e7b1675dSTing-Kang Chang #include "absl/strings/string_view.h" 24*e7b1675dSTing-Kang Chang #include "tink/aead.h" 25*e7b1675dSTing-Kang Chang #include "tink/keyset_handle.h" 26*e7b1675dSTing-Kang Chang #include "tink/kms_client.h" 27*e7b1675dSTing-Kang Chang #include "tink/kms_clients.h" 28*e7b1675dSTing-Kang Chang #include "tink/util/status.h" 29*e7b1675dSTing-Kang Chang #include "tink/util/statusor.h" 30*e7b1675dSTing-Kang Chang 31*e7b1675dSTing-Kang Chang namespace crypto { 32*e7b1675dSTing-Kang Chang namespace tink { 33*e7b1675dSTing-Kang Chang namespace test { 34*e7b1675dSTing-Kang Chang 35*e7b1675dSTing-Kang Chang // FakeKmsClient is a fake implementation of KmsClient. 36*e7b1675dSTing-Kang Chang // 37*e7b1675dSTing-Kang Chang // Normally, the 'key_uri' identifies a key that is stored remotely by the KMS, 38*e7b1675dSTing-Kang Chang // and every operation is executed remotely using a RPC call to the KMS, since 39*e7b1675dSTing-Kang Chang // the key should not be sent to the client. 40*e7b1675dSTing-Kang Chang // In this fake implementation we want to avoid these RPC calls. We achieve this 41*e7b1675dSTing-Kang Chang // by encoding the key in the 'key_uri'. So the client simply needs to decode 42*e7b1675dSTing-Kang Chang // the key and generate an AEAD out of it. This is of course insecure and should 43*e7b1675dSTing-Kang Chang // only be used in testing. 44*e7b1675dSTing-Kang Chang class FakeKmsClient : public crypto::tink::KmsClient { 45*e7b1675dSTing-Kang Chang public: 46*e7b1675dSTing-Kang Chang // Creates a new FakeKmsClient that is bound to the key specified in 47*e7b1675dSTing-Kang Chang // 'key_uri'. 48*e7b1675dSTing-Kang Chang // 49*e7b1675dSTing-Kang Chang // Either of arguments can be empty. 50*e7b1675dSTing-Kang Chang // If 'key_uri' is empty, then the client is not bound to any particular key. 51*e7b1675dSTing-Kang Chang // credentials_path is ignored at the moment. 52*e7b1675dSTing-Kang Chang static crypto::tink::util::StatusOr<std::unique_ptr<FakeKmsClient>> New( 53*e7b1675dSTing-Kang Chang absl::string_view key_uri, absl::string_view credentials_path); 54*e7b1675dSTing-Kang Chang 55*e7b1675dSTing-Kang Chang // Creates a new client and registers it in KMSClients. 56*e7b1675dSTing-Kang Chang static crypto::tink::util::Status RegisterNewClient( 57*e7b1675dSTing-Kang Chang absl::string_view key_uri, absl::string_view credentials_path); 58*e7b1675dSTing-Kang Chang 59*e7b1675dSTing-Kang Chang // Returns a new, random fake key_uri. 60*e7b1675dSTing-Kang Chang static crypto::tink::util::StatusOr<std::string> CreateFakeKeyUri(); 61*e7b1675dSTing-Kang Chang 62*e7b1675dSTing-Kang Chang // Returns true iff this client does support KMS key specified by 'key_uri'. 63*e7b1675dSTing-Kang Chang bool DoesSupport(absl::string_view key_uri) const override; 64*e7b1675dSTing-Kang Chang 65*e7b1675dSTing-Kang Chang // Returns an Aead-primitive backed by KMS key specified by 'key_uri', 66*e7b1675dSTing-Kang Chang // provided that this KmsClient does support 'key_uri'. 67*e7b1675dSTing-Kang Chang crypto::tink::util::StatusOr<std::unique_ptr<Aead>> 68*e7b1675dSTing-Kang Chang GetAead(absl::string_view key_uri) const override; 69*e7b1675dSTing-Kang Chang 70*e7b1675dSTing-Kang Chang private: FakeKmsClient()71*e7b1675dSTing-Kang Chang FakeKmsClient() {} 72*e7b1675dSTing-Kang Chang std::string encoded_keyset_; 73*e7b1675dSTing-Kang Chang }; 74*e7b1675dSTing-Kang Chang 75*e7b1675dSTing-Kang Chang } // namespace test 76*e7b1675dSTing-Kang Chang } // namespace tink 77*e7b1675dSTing-Kang Chang } // namespace crypto 78*e7b1675dSTing-Kang Chang 79*e7b1675dSTing-Kang Chang #endif // TINK_UTIL_FAKE_KMS_CLIENT_H_ 80