/
kms_per_client_key_mapper.go
44 lines (37 loc) · 1.3 KB
/
kms_per_client_key_mapper.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
package kms
import (
"errors"
"github.com/cossacklabs/acra/keystore"
)
// KmsEncryptor errors
var (
ErrMissingKeyPurpose = errors.New("key purpose is required for keyID creating")
ErrUnsupportedKeyPurpose = errors.New("unsupported KeyPurpose option provided")
ErrEmptyClientIDProvided = errors.New("empty clientID in key context")
ErrEmptyZoneIDProvided = errors.New("empty zoneID in key context")
)
// KeyMapper Implement KeyMapper interface for `kms_per_client` strategy
type KeyMapper struct{}
// NewKMSPerClientKeyMapper create new KeyMapper
func NewKMSPerClientKeyMapper() *KeyMapper {
return &KeyMapper{}
}
// GetKeyID implementation method of KeyMapper interface
func (k *KeyMapper) GetKeyID(ctx keystore.KeyContext) ([]byte, error) {
if ctx.Purpose == "" {
return nil, ErrMissingKeyPurpose
}
switch ctx.Purpose {
case keystore.PurposeStorageClientSymmetricKey, keystore.PurposeStorageClientPrivateKey, keystore.PurposeSearchHMAC:
if ctx.ClientID == nil {
return nil, ErrEmptyClientIDProvided
}
return []byte("acra_" + string(ctx.ClientID)), nil
case keystore.PurposePoisonRecordSymmetricKey, keystore.PurposePoisonRecordKeyPair:
return []byte("acra_poison"), nil
case keystore.PurposeAuditLog:
return []byte("acra_audit_log"), nil
default:
return nil, ErrUnsupportedKeyPurpose
}
}