github.com/trustbloc/kms-go@v1.1.2/wrapper/localsuite/wrapper.go

github.com/trustbloc/kms-go@v1.1.2/wrapper/localsuite/wrapper.go (about)

     1  /*
     2  Copyright Gen Digital Inc. All Rights Reserved.
     3  SPDX-License-Identifier: Apache-2.0
     4  */
     5  
     6  package localsuite
     7  
     8  import (
     9  	"github.com/trustbloc/kms-go/doc/jose/jwk"
    10  	"github.com/trustbloc/kms-go/spi/kms"
    11  	"github.com/trustbloc/kms-go/wrapper/api"
    12  )
    13  
    14  // newKMSCrypto creates a KMSCrypto instance.
    15  func newKMSCrypto(kms keyManager, crypto signerVerifier) api.KMSCrypto {
    16  	return &kmsCryptoImpl{
    17  		kms: kms,
    18  		cr:  crypto,
    19  	}
    20  }
    21  
    22  type kmsCryptoImpl struct {
    23  	kms keyManager
    24  	cr  signerVerifier
    25  }
    26  
    27  func (k *kmsCryptoImpl) Create(keyType kms.KeyType) (*jwk.JWK, error) {
    28  	return createKey(k.kms, keyType)
    29  }
    30  
    31  func (k *kmsCryptoImpl) Sign(msg []byte, pub *jwk.JWK) ([]byte, error) {
    32  	kh, err := k.kms.Get(pub.KeyID)
    33  	if err != nil {
    34  		return nil, err
    35  	}
    36  
    37  	return k.cr.Sign(msg, kh)
    38  }
    39  
    40  func getKeyHandle(pub *jwk.JWK, keyManager keyHandleFetcher) (interface{}, error) {
    41  	var (
    42  		pkb []byte
    43  		kt  kms.KeyType
    44  		err error
    45  	)
    46  
    47  	pkb, kt, err = keyManager.ExportPubKeyBytes(pub.KeyID)
    48  	if err != nil {
    49  		pkb, err = pub.PublicKeyBytes()
    50  		if err != nil {
    51  			return nil, err
    52  		}
    53  
    54  		kt, err = pub.KeyType()
    55  		if err != nil {
    56  			return nil, err
    57  		}
    58  	}
    59  
    60  	kh, err := keyManager.PubKeyBytesToHandle(pkb, kt)
    61  	if err != nil {
    62  		return nil, err
    63  	}
    64  
    65  	return kh, nil
    66  }
    67  
    68  func (k *kmsCryptoImpl) Verify(sig, msg []byte, pub *jwk.JWK) error {
    69  	kh, err := getKeyHandle(pub, k.kms)
    70  	if err != nil {
    71  		return err
    72  	}
    73  
    74  	return k.cr.Verify(sig, msg, kh)
    75  }
    76  
    77  func (k *kmsCryptoImpl) FixedKeyCrypto(pub *jwk.JWK) (api.FixedKeyCrypto, error) {
    78  	return makeFixedKeyCrypto(k.kms, k.cr, pub)
    79  }
    80  
    81  func makeFixedKeyCrypto(kms keyManager, crypto signerVerifier, pub *jwk.JWK) (api.FixedKeyCrypto, error) {
    82  	sigKH, err := kms.Get(pub.KeyID)
    83  	if err != nil {
    84  		return nil, err
    85  	}
    86  
    87  	verKH, err := getKeyHandle(pub, kms)
    88  	if err != nil {
    89  		return nil, err
    90  	}
    91  
    92  	return &fixedKeyImpl{
    93  		cr:    crypto,
    94  		sigKH: sigKH,
    95  		verKH: verKH,
    96  	}, nil
    97  }
    98  
    99  func (k *kmsCryptoImpl) FixedKeySigner(pub *jwk.JWK) (api.FixedKeySigner, error) {
   100  	return makeFixedKeySigner(k.kms, k.cr, pub.KeyID)
   101  }
   102  
   103  func makeFixedKeySigner(kms keyGetter, crypto signer, kid string) (api.FixedKeySigner, error) {
   104  	kh, err := kms.Get(kid)
   105  	if err != nil {
   106  		return nil, err
   107  	}
   108  
   109  	return &fixedKeySignerImpl{
   110  		cr: crypto,
   111  		kh: kh,
   112  	}, nil
   113  }
   114  
   115  type fixedKeyImpl struct {
   116  	cr    signerVerifier
   117  	sigKH interface{}
   118  	verKH interface{}
   119  }
   120  
   121  func (f *fixedKeyImpl) Sign(msg []byte) ([]byte, error) {
   122  	return f.cr.Sign(msg, f.sigKH)
   123  }
   124  
   125  func (f *fixedKeyImpl) Verify(sig, msg []byte) error {
   126  	return f.cr.Verify(sig, msg, f.verKH)
   127  }