You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

88 lines
2.3 KiB

package coscrypto
import (
"encoding/base64"
"encoding/json"
"fmt"
"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
kms "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/kms/v20190118"
"github.com/tencentyun/cos-go-sdk-v5"
)
const (
KMSEndPoint = "kms.tencentcloudapi.com"
)
type MasterKMSCipher struct {
Client *kms.Client
KmsId string
MatDesc string
}
func NewKMSClient(cred *cos.Credential, region string) (*kms.Client, error) {
if cred == nil {
fmt.Errorf("credential is nil")
}
credential := common.NewTokenCredential(
cred.SecretID,
cred.SecretKey,
cred.SessionToken,
)
cpf := profile.NewClientProfile()
cpf.HttpProfile.Endpoint = KMSEndPoint
client, err := kms.NewClient(credential, region, cpf)
return client, err
}
func CreateMasterKMS(client *kms.Client, kmsId string, desc map[string]string) (MasterCipher, error) {
if kmsId == "" || client == nil {
return nil, fmt.Errorf("KMS ID is empty or kms client is nil")
}
var kmsCipher MasterKMSCipher
var jdesc string
if len(desc) > 0 {
bs, err := json.Marshal(desc)
if err != nil {
return nil, err
}
jdesc = string(bs)
}
kmsCipher.Client = client
kmsCipher.KmsId = kmsId
kmsCipher.MatDesc = jdesc
return &kmsCipher, nil
}
func (kc *MasterKMSCipher) Encrypt(plaintext []byte) ([]byte, error) {
request := kms.NewEncryptRequest()
request.KeyId = common.StringPtr(kc.KmsId)
request.EncryptionContext = common.StringPtr(kc.MatDesc)
request.Plaintext = common.StringPtr(base64.StdEncoding.EncodeToString(plaintext))
resp, err := kc.Client.Encrypt(request)
if err != nil {
return nil, err
}
// https://cloud.tencent.com/document/product/573/34420 文档有误,返回的结果并没有base64编码
return []byte(*resp.Response.CiphertextBlob), nil
}
func (kc *MasterKMSCipher) Decrypt(ciphertext []byte) ([]byte, error) {
request := kms.NewDecryptRequest()
request.CiphertextBlob = common.StringPtr(string(ciphertext))
request.EncryptionContext = common.StringPtr(kc.MatDesc)
resp, err := kc.Client.Decrypt(request)
if err != nil {
return nil, err
}
return base64.StdEncoding.DecodeString(*resp.Response.Plaintext)
}
func (kc *MasterKMSCipher) GetWrapAlgorithm() string {
return CosKmsCryptoWrap
}
func (kc *MasterKMSCipher) GetMatDesc() string {
return kc.MatDesc
}