github.com/aavshr/aws-sdk-go@v1.41.3/service/s3/s3crypto/crypto_registry.go (about)

     1  package s3crypto
     2  
     3  import (
     4  	"fmt"
     5  )
     6  
     7  // CryptoRegistry is a collection of registries for configuring a decryption client with different key wrapping algorithms,
     8  // content encryption algorithms, and padders.
     9  type CryptoRegistry struct {
    10  	wrap   map[string]WrapEntry
    11  	cek    map[string]CEKEntry
    12  	padder map[string]Padder
    13  }
    14  
    15  // NewCryptoRegistry creates a new CryptoRegistry to which wrapping algorithms, content encryption ciphers, and
    16  // padders can be registered for use with the DecryptionClientV2.
    17  func NewCryptoRegistry() *CryptoRegistry {
    18  	return &CryptoRegistry{
    19  		wrap:   map[string]WrapEntry{},
    20  		cek:    map[string]CEKEntry{},
    21  		padder: map[string]Padder{},
    22  	}
    23  }
    24  
    25  // initCryptoRegistryFrom creates a CryptoRegistry from prepopulated values, this is used for the V1 client
    26  func initCryptoRegistryFrom(wrapRegistry map[string]WrapEntry, cekRegistry map[string]CEKEntry, padderRegistry map[string]Padder) *CryptoRegistry {
    27  	cr := &CryptoRegistry{
    28  		wrap:   wrapRegistry,
    29  		cek:    cekRegistry,
    30  		padder: padderRegistry,
    31  	}
    32  	return cr
    33  }
    34  
    35  // GetWrap returns the WrapEntry identified by the given name. Returns false if the entry is not registered.
    36  func (c CryptoRegistry) GetWrap(name string) (WrapEntry, bool) {
    37  	if c.wrap == nil {
    38  		return nil, false
    39  	}
    40  	entry, ok := c.wrap[name]
    41  	return entry, ok
    42  }
    43  
    44  // AddWrap registers the provided WrapEntry under the given name, returns an error if a WrapEntry is already present
    45  // for the given name.
    46  //
    47  // This method should only be used if you need to register custom wrapping algorithms. Please see the following methods
    48  // for helpers to register AWS provided algorithms:
    49  //	RegisterKMSContextWrapWithAnyCMK (kms+context)
    50  //	RegisterKMSContextWrapWithCMK (kms+context)
    51  //	RegisterKMSWrapWithAnyCMK (kms)
    52  //	RegisterKMSWrapWithCMK (kms)
    53  func (c *CryptoRegistry) AddWrap(name string, entry WrapEntry) error {
    54  	if entry == nil {
    55  		return errNilWrapEntry
    56  	}
    57  
    58  	if _, ok := c.wrap[name]; ok {
    59  		return newErrDuplicateWrapEntry(name)
    60  	}
    61  	c.wrap[name] = entry
    62  	return nil
    63  }
    64  
    65  // RemoveWrap removes the WrapEntry identified by name. If the WrapEntry is not present returns false.
    66  func (c *CryptoRegistry) RemoveWrap(name string) (WrapEntry, bool) {
    67  	if c.wrap == nil {
    68  		return nil, false
    69  	}
    70  	entry, ok := c.wrap[name]
    71  	if ok {
    72  		delete(c.wrap, name)
    73  	}
    74  	return entry, ok
    75  }
    76  
    77  // GetCEK returns the CEKEntry identified by the given name. Returns false if the entry is not registered.
    78  func (c CryptoRegistry) GetCEK(name string) (CEKEntry, bool) {
    79  	if c.cek == nil {
    80  		return nil, false
    81  	}
    82  	entry, ok := c.cek[name]
    83  	return entry, ok
    84  }
    85  
    86  // AddCEK registers CEKEntry under the given name, returns an error if a CEKEntry is already present for the given name.
    87  //
    88  // This method should only be used if you need to register custom content encryption algorithms. Please see the following methods
    89  // for helpers to register AWS provided algorithms:
    90  //	RegisterAESGCMContentCipher (AES/GCM)
    91  //	RegisterAESCBCContentCipher (AES/CBC)
    92  func (c *CryptoRegistry) AddCEK(name string, entry CEKEntry) error {
    93  	if entry == nil {
    94  		return errNilCEKEntry
    95  	}
    96  	if _, ok := c.cek[name]; ok {
    97  		return newErrDuplicateCEKEntry(name)
    98  	}
    99  	c.cek[name] = entry
   100  	return nil
   101  }
   102  
   103  // RemoveCEK removes the CEKEntry identified by name. If the entry is not present returns false.
   104  func (c *CryptoRegistry) RemoveCEK(name string) (CEKEntry, bool) {
   105  	if c.cek == nil {
   106  		return nil, false
   107  	}
   108  	entry, ok := c.cek[name]
   109  	if ok {
   110  		delete(c.cek, name)
   111  	}
   112  	return entry, ok
   113  }
   114  
   115  // GetPadder returns the Padder identified by name. If the Padder is not present, returns false.
   116  func (c *CryptoRegistry) GetPadder(name string) (Padder, bool) {
   117  	if c.padder == nil {
   118  		return nil, false
   119  	}
   120  	entry, ok := c.padder[name]
   121  	return entry, ok
   122  }
   123  
   124  // AddPadder registers Padder under the given name, returns an error if a Padder is already present for the given name.
   125  //
   126  // This method should only be used to register custom padder implementations not provided by AWS.
   127  func (c *CryptoRegistry) AddPadder(name string, padder Padder) error {
   128  	if padder == nil {
   129  		return errNilPadder
   130  	}
   131  	if _, ok := c.padder[name]; ok {
   132  		return newErrDuplicatePadderEntry(name)
   133  	}
   134  	c.padder[name] = padder
   135  	return nil
   136  }
   137  
   138  // RemovePadder removes the Padder identified by name. If the entry is not present returns false.
   139  func (c *CryptoRegistry) RemovePadder(name string) (Padder, bool) {
   140  	if c.padder == nil {
   141  		return nil, false
   142  	}
   143  	padder, ok := c.padder[name]
   144  	if ok {
   145  		delete(c.padder, name)
   146  	}
   147  	return padder, ok
   148  }
   149  
   150  func (c CryptoRegistry) valid() error {
   151  	if len(c.wrap) == 0 {
   152  		return fmt.Errorf("at least one key wrapping algorithms must be provided")
   153  	}
   154  	if len(c.cek) == 0 {
   155  		return fmt.Errorf("at least one content decryption algorithms must be provided")
   156  	}
   157  	return nil
   158  }