github.com/trustbloc/kms-go@v1.1.2/mock/kms/mock_kms.go (about) 1 /* 2 Copyright SecureKey Technologies Inc. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package kms 8 9 import ( 10 "fmt" 11 12 "github.com/golang/protobuf/proto" 13 "github.com/google/tink/go/keyset" 14 tinkpb "github.com/google/tink/go/proto/tink_go_proto" 15 "github.com/google/tink/go/testkeyset" 16 "github.com/google/tink/go/testutil" 17 18 kmsservice "github.com/trustbloc/kms-go/kms" 19 20 "github.com/trustbloc/kms-go/spi/kms" 21 "github.com/trustbloc/kms-go/spi/secretlock" 22 "github.com/trustbloc/kms-go/spi/storage" 23 ) 24 25 // KeyManager mocks a local Key Management Service + ExportableKeyManager. 26 type KeyManager struct { 27 CreateKeyID string 28 CreateKeyValue *keyset.Handle 29 CreateKeyErr error 30 CreateKeyFn func(kt kms.KeyType) (string, interface{}, error) 31 GetKeyValue *keyset.Handle 32 GetKeyErr error 33 RotateKeyID string 34 RotateKeyValue *keyset.Handle 35 RotateKeyErr error 36 ExportPubKeyBytesErr error 37 ExportPubKeyBytesValue []byte 38 ExportPubKeyTypeValue kms.KeyType 39 CrAndExportPubKeyValue []byte 40 CrAndExportPubKeyID string 41 CrAndExportPubKeyErr error 42 PubKeyBytesToHandleErr error 43 PubKeyBytesToHandleValue *keyset.Handle 44 ImportPrivateKeyErr error 45 ImportPrivateKeyID string 46 ImportPrivateKeyValue *keyset.Handle 47 } 48 49 // Create a new mock ey/keyset/key handle for the type kt. 50 func (k *KeyManager) Create(kt kms.KeyType, opts ...kms.KeyOpts) (string, interface{}, error) { 51 if k.CreateKeyErr != nil { 52 return "", nil, k.CreateKeyErr 53 } 54 55 if k.CreateKeyFn != nil { 56 return k.CreateKeyFn(kt) 57 } 58 59 return k.CreateKeyID, k.CreateKeyValue, nil 60 } 61 62 // Get a mock key handle for the given keyID. 63 func (k *KeyManager) Get(keyID string) (interface{}, error) { 64 if k.GetKeyErr != nil { 65 return nil, k.GetKeyErr 66 } 67 68 return k.GetKeyValue, nil 69 } 70 71 // Rotate returns a mocked rotated keyset handle and its ID. 72 func (k *KeyManager) Rotate(kt kms.KeyType, keyID string, 73 opts ...kms.KeyOpts) (string, interface{}, error) { 74 if k.RotateKeyErr != nil { 75 return "", nil, k.RotateKeyErr 76 } 77 78 return k.RotateKeyID, k.RotateKeyValue, nil 79 } 80 81 // ExportPubKeyBytes will return a mocked []bytes public key. 82 func (k *KeyManager) ExportPubKeyBytes(keyID string) ([]byte, kms.KeyType, error) { 83 if k.ExportPubKeyBytesErr != nil { 84 return nil, "", k.ExportPubKeyBytesErr 85 } 86 87 return k.ExportPubKeyBytesValue, k.ExportPubKeyTypeValue, nil 88 } 89 90 // CreateAndExportPubKeyBytes return a mocked kid and []byte public key. 91 func (k *KeyManager) CreateAndExportPubKeyBytes(kt kms.KeyType, 92 opts ...kms.KeyOpts) (string, []byte, error) { 93 if k.CrAndExportPubKeyErr != nil { 94 return "", nil, k.CrAndExportPubKeyErr 95 } 96 97 return k.CrAndExportPubKeyID, k.CrAndExportPubKeyValue, nil 98 } 99 100 // PubKeyBytesToHandle will return a mocked keyset.Handle representing a public key handle. 101 func (k *KeyManager) PubKeyBytesToHandle(pubKey []byte, keyType kms.KeyType, 102 opts ...kms.KeyOpts) (interface{}, error) { 103 if k.PubKeyBytesToHandleErr != nil { 104 return nil, k.PubKeyBytesToHandleErr 105 } 106 107 return k.PubKeyBytesToHandleValue, nil 108 } 109 110 // ImportPrivateKey will emulate importing a private key and returns a mocked keyID, private key handle. 111 func (k *KeyManager) ImportPrivateKey(privKey interface{}, keyType kms.KeyType, 112 opts ...kms.PrivateKeyOpts) (string, interface{}, error) { 113 if k.ImportPrivateKeyErr != nil { 114 return "", nil, k.ImportPrivateKeyErr 115 } 116 117 return k.ImportPrivateKeyID, k.ImportPrivateKeyValue, nil 118 } 119 120 func createMockKeyHandle(ks *tinkpb.Keyset) (*keyset.Handle, error) { 121 primaryKey := ks.Key[0] 122 123 if primaryKey.OutputPrefixType == tinkpb.OutputPrefixType_RAW { 124 return nil, fmt.Errorf("expect a non-raw key") 125 } 126 127 return testkeyset.NewHandle(ks) 128 } 129 130 // CreateMockAESGCMKeyHandle is a utility function that returns a mock key (for tests only, not registered in Tink). 131 func CreateMockAESGCMKeyHandle() (*keyset.Handle, error) { 132 ks := testutil.NewTestAESGCMKeyset(tinkpb.OutputPrefixType_TINK) 133 134 return createMockKeyHandle(ks) 135 } 136 137 // CreateMockED25519KeyHandle is a utility function that returns a mock key (for tests only, not registered in Tink). 138 func CreateMockED25519KeyHandle() (*keyset.Handle, error) { 139 serializedKey, err := proto.Marshal(testutil.NewED25519PrivateKey()) 140 if err != nil { 141 return nil, err 142 } 143 144 ks := testutil.NewTestKeyset(testutil.NewKeyData(testutil.ED25519SignerTypeURL, serializedKey, 145 tinkpb.KeyData_ASYMMETRIC_PRIVATE), tinkpb.OutputPrefixType_TINK) 146 147 return createMockKeyHandle(ks) 148 } 149 150 // Provider provides mock Provider implementation. 151 type Provider struct { 152 storeProvider kms.Store 153 secretLock secretlock.Service 154 } 155 156 // StorageProvider return a storage provider. 157 func (p *Provider) StorageProvider() kms.Store { 158 return p.storeProvider 159 } 160 161 // SecretLock returns a secret lock service. 162 func (p *Provider) SecretLock() secretlock.Service { 163 return p.secretLock 164 } 165 166 // NewProviderForKMS creates a new mock Provider to create a KMS. 167 func NewProviderForKMS(storeProvider storage.Provider, secretLock secretlock.Service) (*Provider, error) { 168 kmsStore, err := kmsservice.NewAriesProviderWrapper(storeProvider) 169 if err != nil { 170 return nil, err 171 } 172 173 return &Provider{ 174 storeProvider: kmsStore, 175 secretLock: secretLock, 176 }, nil 177 }