-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: SDK Encrypt (with mocked rewrap) (#45)
Co-authored-by: sujan kota <sujankota@gmail.com> Co-authored-by: Morgan Kleene <mkleene@virtru.com>
- Loading branch information
1 parent
af51404
commit d67daa2
Showing
14 changed files
with
997 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
package io.opentdf.platform.sdk; | ||
|
||
import java.util.ArrayList; | ||
import java.util.Collections; | ||
import java.util.List; | ||
import java.util.function.Consumer; | ||
|
||
public class Config { | ||
|
||
public static final int TDF3_KEY_SIZE = 2048; | ||
public static final int DEFAULT_SEGMENT_SIZE = 2 * 1024 * 1024; // 2mb | ||
public static final String KAS_PUBLIC_KEY_PATH = "/kas_public_key"; | ||
|
||
public enum TDFFormat { | ||
JSONFormat, | ||
XMLFormat | ||
} | ||
|
||
public enum IntegrityAlgorithm { | ||
HS256, | ||
GMAC | ||
} | ||
|
||
public static final int K_HTTP_OK = 200; | ||
|
||
public static class KASInfo { | ||
public String URL; | ||
public String PublicKey; | ||
} | ||
|
||
public static class TDFConfig { | ||
public int defaultSegmentSize; | ||
public boolean enableEncryption; | ||
public TDFFormat tdfFormat; | ||
public String tdfPublicKey; | ||
public String tdfPrivateKey; | ||
public String metaData; | ||
public IntegrityAlgorithm integrityAlgorithm; | ||
public IntegrityAlgorithm segmentIntegrityAlgorithm; | ||
public List<String> attributes; | ||
public List<KASInfo> kasInfoList; | ||
|
||
public TDFConfig() { | ||
this.defaultSegmentSize = DEFAULT_SEGMENT_SIZE; | ||
this.enableEncryption = true; | ||
this.tdfFormat = TDFFormat.JSONFormat; | ||
this.integrityAlgorithm = IntegrityAlgorithm.HS256; | ||
this.segmentIntegrityAlgorithm = IntegrityAlgorithm.GMAC; | ||
this.attributes = new ArrayList<>(); | ||
this.kasInfoList = new ArrayList<>(); | ||
} | ||
} | ||
|
||
@SafeVarargs | ||
public static TDFConfig newTDFConfig(Consumer<TDFConfig>... options) { | ||
TDFConfig config = new TDFConfig(); | ||
for (Consumer<TDFConfig> option : options) { | ||
option.accept(config); | ||
} | ||
return config; | ||
} | ||
|
||
public static Consumer<TDFConfig> withDataAttributes(String... attributes) { | ||
return (TDFConfig config) -> { | ||
Collections.addAll(config.attributes, attributes); | ||
}; | ||
} | ||
|
||
public static Consumer<TDFConfig> withKasInformation(KASInfo... kasInfoList) { | ||
return (TDFConfig config) -> { | ||
Collections.addAll(config.kasInfoList, kasInfoList); | ||
}; | ||
} | ||
|
||
public static Consumer<TDFConfig> withMetaData(String metaData) { | ||
return (TDFConfig config) -> config.metaData = metaData; | ||
} | ||
|
||
public static Consumer<TDFConfig> withSegmentSize(int size) { | ||
return (TDFConfig config) -> config.defaultSegmentSize = size; | ||
} | ||
} |
18 changes: 18 additions & 0 deletions
18
sdk/src/main/java/io/opentdf/platform/sdk/CryptoUtils.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
package io.opentdf.platform.sdk; | ||
|
||
import javax.crypto.Mac; | ||
import javax.crypto.spec.SecretKeySpec; | ||
import java.io.UnsupportedEncodingException; | ||
import java.security.InvalidKeyException; | ||
import java.security.NoSuchAlgorithmException; | ||
|
||
public class CryptoUtils { | ||
public static byte[] CalculateSHA256Hmac(byte[] key, byte[] data) throws NoSuchAlgorithmException, | ||
InvalidKeyException { | ||
Mac sha256_HMAC = Mac.getInstance("HmacSHA256"); | ||
SecretKeySpec secret_key = new SecretKeySpec(key, "HmacSHA256"); | ||
sha256_HMAC.init(secret_key); | ||
|
||
return sha256_HMAC.doFinal(data); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
package io.opentdf.platform.sdk; | ||
|
||
import com.google.gson.annotations.SerializedName; | ||
|
||
import java.util.List; | ||
|
||
public class Manifest { | ||
static public class Segment { | ||
public String hash; | ||
public long segmentSize; | ||
public long encryptedSegmentSize; | ||
} | ||
|
||
static public class RootSignature { | ||
@SerializedName(value = "alg") | ||
public String algorithm; | ||
@SerializedName(value = "sig") | ||
public String signature; | ||
} | ||
|
||
static public class IntegrityInformation { | ||
public RootSignature rootSignature; | ||
public String segmentHashAlg; | ||
public int segmentSizeDefault; | ||
public int encryptedSegmentSizeDefault; | ||
public List<Segment> segments; | ||
} | ||
|
||
static public class KeyAccess { | ||
@SerializedName(value = "type") | ||
public String keyType; | ||
public String url; | ||
public String protocol; | ||
public String wrappedKey; | ||
public String policyBinding; | ||
public String encryptedMetadata; | ||
} | ||
|
||
static public class Method { | ||
public String algorithm; | ||
public String iv; | ||
public Boolean IsStreamable; | ||
} | ||
|
||
static public class EncryptionInformation { | ||
@SerializedName(value = "type") | ||
public String keyAccessType; | ||
public String policy; | ||
|
||
@SerializedName(value = "keyAccess") | ||
public List<KeyAccess> keyAccessObj; | ||
public Method method; | ||
public IntegrityInformation integrityInformation; | ||
} | ||
|
||
static public class Payload { | ||
public String type; | ||
public String url; | ||
public String protocol; | ||
public String mimeType; | ||
public Boolean isEncrypted; | ||
} | ||
public EncryptionInformation encryptionInformation; | ||
public Payload payload; | ||
} |
22 changes: 22 additions & 0 deletions
22
sdk/src/main/java/io/opentdf/platform/sdk/PolicyObject.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
package io.opentdf.platform.sdk; | ||
|
||
import java.util.List; | ||
import java.util.UUID; | ||
|
||
public class PolicyObject { | ||
static public class AttributeObject { | ||
public String attribute; | ||
public String displayName; | ||
public boolean isDefault; | ||
public String pubKey; | ||
public String kasURL; | ||
} | ||
|
||
static public class Body { | ||
public List<AttributeObject> dataAttributes; | ||
public List<String> dissem; | ||
} | ||
|
||
public String uuid; | ||
public Body body; | ||
} |
Oops, something went wrong.