mirror of
https://github.com/drakkan/sftpgo.git
synced 2025-12-07 23:00:55 +03:00
85 lines
2.2 KiB
Go
85 lines
2.2 KiB
Go
package kms
|
|
|
|
import (
|
|
"context"
|
|
"time"
|
|
|
|
"github.com/drakkan/sftpgo/v2/sdk/plugin/kms/proto"
|
|
)
|
|
|
|
const (
|
|
rpcTimeout = 20 * time.Second
|
|
)
|
|
|
|
// GRPCClient is an implementation of KMS interface that talks over RPC.
|
|
type GRPCClient struct {
|
|
client proto.KMSClient
|
|
}
|
|
|
|
// Encrypt implements the KMSService interface
|
|
func (c *GRPCClient) Encrypt(payload, additionalData, URL, masterKey string) (string, string, int32, error) {
|
|
ctx, cancel := context.WithTimeout(context.Background(), rpcTimeout)
|
|
defer cancel()
|
|
|
|
resp, err := c.client.Encrypt(ctx, &proto.EncryptRequest{
|
|
Payload: payload,
|
|
AdditionalData: additionalData,
|
|
Url: URL,
|
|
MasterKey: masterKey,
|
|
})
|
|
if err != nil {
|
|
return "", "", 0, err
|
|
}
|
|
return resp.Payload, resp.Key, resp.Mode, nil
|
|
}
|
|
|
|
// Decrypt implements the KMSService interface
|
|
func (c *GRPCClient) Decrypt(payload, key, additionalData string, mode int, URL, masterKey string) (string, error) {
|
|
ctx, cancel := context.WithTimeout(context.Background(), rpcTimeout)
|
|
defer cancel()
|
|
|
|
resp, err := c.client.Decrypt(ctx, &proto.DecryptRequest{
|
|
Payload: payload,
|
|
Key: key,
|
|
AdditionalData: additionalData,
|
|
Mode: int32(mode),
|
|
Url: URL,
|
|
MasterKey: masterKey,
|
|
})
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return resp.Payload, nil
|
|
}
|
|
|
|
// GRPCServer defines the gRPC server that GRPCClient talks to.
|
|
type GRPCServer struct {
|
|
Impl Service
|
|
}
|
|
|
|
// Encrypt implements the serve side encrypt method
|
|
func (s *GRPCServer) Encrypt(ctx context.Context, req *proto.EncryptRequest) (*proto.EncryptResponse, error) {
|
|
payload, key, mode, err := s.Impl.Encrypt(req.Payload, req.AdditionalData, req.Url, req.MasterKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &proto.EncryptResponse{
|
|
Payload: payload,
|
|
Key: key,
|
|
Mode: mode,
|
|
}, nil
|
|
}
|
|
|
|
// Decrypt implements the serve side decrypt method
|
|
func (s *GRPCServer) Decrypt(ctx context.Context, req *proto.DecryptRequest) (*proto.DecryptResponse, error) {
|
|
payload, err := s.Impl.Decrypt(req.Payload, req.Key, req.AdditionalData, int(req.Mode), req.Url, req.MasterKey)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &proto.DecryptResponse{
|
|
Payload: payload,
|
|
}, nil
|
|
}
|