1*e7b1675dSTing-Kang Chang // Copyright 2020 Google LLC
2*e7b1675dSTing-Kang Chang //
3*e7b1675dSTing-Kang Chang // Licensed under the Apache License, Version 2.0 (the "License");
4*e7b1675dSTing-Kang Chang // you may not use this file except in compliance with the License.
5*e7b1675dSTing-Kang Chang // You may obtain a copy of the License at
6*e7b1675dSTing-Kang Chang //
7*e7b1675dSTing-Kang Chang // http://www.apache.org/licenses/LICENSE-2.0
8*e7b1675dSTing-Kang Chang //
9*e7b1675dSTing-Kang Chang // Unless required by applicable law or agreed to in writing, software
10*e7b1675dSTing-Kang Chang // distributed under the License is distributed on an "AS IS" BASIS,
11*e7b1675dSTing-Kang Chang // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*e7b1675dSTing-Kang Chang // See the License for the specific language governing permissions and
13*e7b1675dSTing-Kang Chang // limitations under the License.
14*e7b1675dSTing-Kang Chang //
15*e7b1675dSTing-Kang Chang ///////////////////////////////////////////////////////////////////////////////
16*e7b1675dSTing-Kang Chang
17*e7b1675dSTing-Kang Chang #include <grpcpp/grpcpp.h>
18*e7b1675dSTing-Kang Chang
19*e7b1675dSTing-Kang Chang #include <iostream>
20*e7b1675dSTing-Kang Chang #include <memory>
21*e7b1675dSTing-Kang Chang #include <ostream>
22*e7b1675dSTing-Kang Chang #include <string>
23*e7b1675dSTing-Kang Chang
24*e7b1675dSTing-Kang Chang #include "absl/flags/flag.h"
25*e7b1675dSTing-Kang Chang #include "absl/flags/parse.h"
26*e7b1675dSTing-Kang Chang #include "absl/strings/str_cat.h"
27*e7b1675dSTing-Kang Chang #include "tink/config/tink_config.h"
28*e7b1675dSTing-Kang Chang #include "tink/hybrid/hpke_config.h"
29*e7b1675dSTing-Kang Chang #ifdef TINK_CROSS_LANG_TESTS_AWSKMS
30*e7b1675dSTing-Kang Chang #include "tink/integration/awskms/aws_kms_client.h"
31*e7b1675dSTing-Kang Chang #endif // TINK_CROSS_LANG_TESTS_AWSKMS
32*e7b1675dSTing-Kang Chang #include "tink/integration/gcpkms/gcp_kms_client.h"
33*e7b1675dSTing-Kang Chang #include "tink/jwt/jwt_mac_config.h"
34*e7b1675dSTing-Kang Chang #include "tink/jwt/jwt_signature_config.h"
35*e7b1675dSTing-Kang Chang #include "tink/util/fake_kms_client.h"
36*e7b1675dSTing-Kang Chang #include "tink/util/status.h"
37*e7b1675dSTing-Kang Chang #include "aead_impl.h"
38*e7b1675dSTing-Kang Chang #include "deterministic_aead_impl.h"
39*e7b1675dSTing-Kang Chang #include "hybrid_impl.h"
40*e7b1675dSTing-Kang Chang #include "jwt_impl.h"
41*e7b1675dSTing-Kang Chang #include "keyset_impl.h"
42*e7b1675dSTing-Kang Chang #include "mac_impl.h"
43*e7b1675dSTing-Kang Chang #include "metadata_impl.h"
44*e7b1675dSTing-Kang Chang #include "prf_set_impl.h"
45*e7b1675dSTing-Kang Chang #include "signature_impl.h"
46*e7b1675dSTing-Kang Chang #include "streaming_aead_impl.h"
47*e7b1675dSTing-Kang Chang #include "proto/testing_api.grpc.pb.h"
48*e7b1675dSTing-Kang Chang
49*e7b1675dSTing-Kang Chang ABSL_FLAG(int, port, 23456, "the port");
50*e7b1675dSTing-Kang Chang ABSL_FLAG(std::string, gcp_credentials_path, "",
51*e7b1675dSTing-Kang Chang "Google Cloud KMS credentials path");
52*e7b1675dSTing-Kang Chang ABSL_FLAG(
53*e7b1675dSTing-Kang Chang std::string, gcp_key_uri, "",
54*e7b1675dSTing-Kang Chang absl::StrCat("Google Cloud KMS key URL of the form: ",
55*e7b1675dSTing-Kang Chang "gcp-kms://projects/*/locations/*/keyRings/*/cryptoKeys/*."));
56*e7b1675dSTing-Kang Chang ABSL_FLAG(std::string, aws_credentials_path, "", "AWS KMS credentials path");
57*e7b1675dSTing-Kang Chang ABSL_FLAG(
58*e7b1675dSTing-Kang Chang std::string, aws_key_uri, "",
59*e7b1675dSTing-Kang Chang absl::StrCat("AWS KMS key URL of the form: ",
60*e7b1675dSTing-Kang Chang "aws-kms://arn:aws:kms:<region>:<account-id>:key/<key-id>."));
61*e7b1675dSTing-Kang Chang
62*e7b1675dSTing-Kang Chang namespace tink_testing_api {
63*e7b1675dSTing-Kang Chang
RunServer()64*e7b1675dSTing-Kang Chang void RunServer() {
65*e7b1675dSTing-Kang Chang auto status = crypto::tink::TinkConfig::Register();
66*e7b1675dSTing-Kang Chang if (!status.ok()) {
67*e7b1675dSTing-Kang Chang std::cerr << "TinkConfig::Register() failed: " << status.message()
68*e7b1675dSTing-Kang Chang << std::endl;
69*e7b1675dSTing-Kang Chang return;
70*e7b1675dSTing-Kang Chang }
71*e7b1675dSTing-Kang Chang auto hpke_status = crypto::tink::RegisterHpke();
72*e7b1675dSTing-Kang Chang if (!hpke_status.ok()) {
73*e7b1675dSTing-Kang Chang std::cerr << "RegisterHpke() failed: " << hpke_status.message()
74*e7b1675dSTing-Kang Chang << std::endl;
75*e7b1675dSTing-Kang Chang return;
76*e7b1675dSTing-Kang Chang }
77*e7b1675dSTing-Kang Chang auto jwt_mac_status = crypto::tink::JwtMacRegister();
78*e7b1675dSTing-Kang Chang if (!jwt_mac_status.ok()) {
79*e7b1675dSTing-Kang Chang std::cerr << "JwtMacRegister() failed: " << jwt_mac_status.message()
80*e7b1675dSTing-Kang Chang << std::endl;
81*e7b1675dSTing-Kang Chang return;
82*e7b1675dSTing-Kang Chang }
83*e7b1675dSTing-Kang Chang auto jwt_signature_status = crypto::tink::JwtSignatureRegister();
84*e7b1675dSTing-Kang Chang if (!jwt_signature_status.ok()) {
85*e7b1675dSTing-Kang Chang std::cerr << "JwtSignatureRegister() failed: "
86*e7b1675dSTing-Kang Chang << jwt_signature_status.message() << std::endl;
87*e7b1675dSTing-Kang Chang return;
88*e7b1675dSTing-Kang Chang }
89*e7b1675dSTing-Kang Chang auto register_fake_kms_client_status =
90*e7b1675dSTing-Kang Chang crypto::tink::test::FakeKmsClient::RegisterNewClient("", "");
91*e7b1675dSTing-Kang Chang if (!register_fake_kms_client_status.ok()) {
92*e7b1675dSTing-Kang Chang std::cerr << "FakeKmsClient::RegisterNewClient(\"\", \"\") failed: "
93*e7b1675dSTing-Kang Chang << register_fake_kms_client_status.message() << std::endl;
94*e7b1675dSTing-Kang Chang return;
95*e7b1675dSTing-Kang Chang }
96*e7b1675dSTing-Kang Chang std::string gcp_credentials_path = absl::GetFlag(FLAGS_gcp_credentials_path);
97*e7b1675dSTing-Kang Chang std::string gcp_key_uri = absl::GetFlag(FLAGS_gcp_key_uri);
98*e7b1675dSTing-Kang Chang crypto::tink::util::Status register_gcpkms_client_status =
99*e7b1675dSTing-Kang Chang crypto::tink::integration::gcpkms::GcpKmsClient::RegisterNewClient(
100*e7b1675dSTing-Kang Chang gcp_key_uri, gcp_credentials_path);
101*e7b1675dSTing-Kang Chang if (!register_gcpkms_client_status.ok()) {
102*e7b1675dSTing-Kang Chang std::cerr << "GcpKmsClient::RegisterNewClient(\"\", \""
103*e7b1675dSTing-Kang Chang << gcp_credentials_path
104*e7b1675dSTing-Kang Chang << "\") failed: " << register_gcpkms_client_status.message()
105*e7b1675dSTing-Kang Chang << std::endl;
106*e7b1675dSTing-Kang Chang return;
107*e7b1675dSTing-Kang Chang }
108*e7b1675dSTing-Kang Chang #ifdef TINK_CROSS_LANG_TESTS_AWSKMS
109*e7b1675dSTing-Kang Chang std::string aws_credentials_path = absl::GetFlag(FLAGS_aws_credentials_path);
110*e7b1675dSTing-Kang Chang std::string aws_key_uri = absl::GetFlag(FLAGS_aws_key_uri);
111*e7b1675dSTing-Kang Chang crypto::tink::util::Status register_awskms_client_status =
112*e7b1675dSTing-Kang Chang crypto::tink::integration::awskms::AwsKmsClient::RegisterNewClient(
113*e7b1675dSTing-Kang Chang aws_key_uri, aws_credentials_path);
114*e7b1675dSTing-Kang Chang if (!register_awskms_client_status.ok()) {
115*e7b1675dSTing-Kang Chang std::cerr << "AwsKmsClient::RegisterNewClient(\"\", \""
116*e7b1675dSTing-Kang Chang << aws_credentials_path
117*e7b1675dSTing-Kang Chang << "\") failed: " << register_awskms_client_status.message()
118*e7b1675dSTing-Kang Chang << std::endl;
119*e7b1675dSTing-Kang Chang return;
120*e7b1675dSTing-Kang Chang }
121*e7b1675dSTing-Kang Chang #endif // TINK_CROSS_LANG_TESTS_AWSKMS
122*e7b1675dSTing-Kang Chang
123*e7b1675dSTing-Kang Chang const int port = absl::GetFlag(FLAGS_port);
124*e7b1675dSTing-Kang Chang std::string server_address = absl::StrCat("[::]:", port);
125*e7b1675dSTing-Kang Chang
126*e7b1675dSTing-Kang Chang MetadataImpl metadata;
127*e7b1675dSTing-Kang Chang KeysetImpl keyset;
128*e7b1675dSTing-Kang Chang AeadImpl aead;
129*e7b1675dSTing-Kang Chang DeterministicAeadImpl deterministic_aead;
130*e7b1675dSTing-Kang Chang HybridImpl hybrid;
131*e7b1675dSTing-Kang Chang MacImpl mac;
132*e7b1675dSTing-Kang Chang SignatureImpl signature;
133*e7b1675dSTing-Kang Chang StreamingAeadImpl streaming_aead;
134*e7b1675dSTing-Kang Chang PrfSetImpl prf_set;
135*e7b1675dSTing-Kang Chang JwtImpl jwt;
136*e7b1675dSTing-Kang Chang
137*e7b1675dSTing-Kang Chang grpc::ServerBuilder builder;
138*e7b1675dSTing-Kang Chang builder.AddListeningPort(
139*e7b1675dSTing-Kang Chang server_address, ::grpc::experimental::LocalServerCredentials(LOCAL_TCP));
140*e7b1675dSTing-Kang Chang
141*e7b1675dSTing-Kang Chang builder.RegisterService(&metadata);
142*e7b1675dSTing-Kang Chang builder.RegisterService(&keyset);
143*e7b1675dSTing-Kang Chang builder.RegisterService(&aead);
144*e7b1675dSTing-Kang Chang builder.RegisterService(&deterministic_aead);
145*e7b1675dSTing-Kang Chang builder.RegisterService(&hybrid);
146*e7b1675dSTing-Kang Chang builder.RegisterService(&mac);
147*e7b1675dSTing-Kang Chang builder.RegisterService(&signature);
148*e7b1675dSTing-Kang Chang builder.RegisterService(&prf_set);
149*e7b1675dSTing-Kang Chang builder.RegisterService(&streaming_aead);
150*e7b1675dSTing-Kang Chang builder.RegisterService(&jwt);
151*e7b1675dSTing-Kang Chang
152*e7b1675dSTing-Kang Chang std::unique_ptr<grpc::Server> server(builder.BuildAndStart());
153*e7b1675dSTing-Kang Chang std::cout << "Server listening on " << server_address << std::endl;
154*e7b1675dSTing-Kang Chang server->Wait();
155*e7b1675dSTing-Kang Chang }
156*e7b1675dSTing-Kang Chang
157*e7b1675dSTing-Kang Chang } // namespace tink_testing_api
158*e7b1675dSTing-Kang Chang
main(int argc,char ** argv)159*e7b1675dSTing-Kang Chang int main(int argc, char** argv) {
160*e7b1675dSTing-Kang Chang absl::ParseCommandLine(argc, argv);
161*e7b1675dSTing-Kang Chang tink_testing_api::RunServer();
162*e7b1675dSTing-Kang Chang return 0;
163*e7b1675dSTing-Kang Chang }
164