-
Notifications
You must be signed in to change notification settings - Fork 18
/
encrypt.go
59 lines (49 loc) · 1.2 KB
/
encrypt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
package signing
import (
"github.com/mandelsoft/goutils/errors"
"github.com/open-component-model/ocm/pkg/encrypt"
)
const DECRYPTION_PREFIX = "decrypt:"
const KIND_DECRYPTION_KEY = "decryption key"
func DecryptionKeyName(name string) string {
return DECRYPTION_PREFIX + name
}
func ResolvePrivateKey(reg KeyRegistryFuncs, name string) (interface{}, error) {
key := reg.GetPrivateKey(name)
if key == nil {
return nil, nil
}
data, ok := key.([]byte)
if !ok {
if str, ok := key.(string); ok {
data = []byte(str)
}
}
if data == nil {
return key, nil
}
data, algo := encrypt.GetEncyptedData(data)
if data == nil {
return key, nil
}
encryptionKey, err := ResolvePrivateKey(reg, DecryptionKeyName(name))
if err != nil {
return nil, err
}
if encryptionKey == nil {
return nil, errors.ErrNotFound(KIND_DECRYPTION_KEY, DecryptionKeyName(name))
}
var keyData []byte
if raw, ok := encryptionKey.([]byte); ok {
keyData, err = encrypt.KeyFromPem(raw)
if err != nil {
keyData = raw
}
} else {
return nil, errors.ErrInvalid(KIND_DECRYPTION_KEY, DecryptionKeyName(name))
}
if err := algo.CheckKey(keyData); err != nil {
return nil, err
}
return encrypt.Decrypt(keyData, data)
}