Skip to content

Commit

Permalink
enhancement: Make private key optional
Browse files Browse the repository at this point in the history 
Signed-off-by: Andrew Haines <[email protected]>
  • Loading branch information
@haines
haines committed Jun 5, 2024
1 parent 5543890 commit 7344939
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 14 deletions.
17 changes: 16 additions & 1 deletion credentials/credentials.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,17 @@ type Credentials struct {
}

func New(clientID, clientSecret, privateKey string) (*Credentials, error) {
if clientID == "" || clientSecret == "" || privateKey == "" {
if clientID == "" || clientSecret == "" {
return nil, ErrInvalidCredentials
}

if privateKey == "" {
return &Credentials{
ClientID: clientID,
ClientSecret: clientSecret,
}, nil
}

workspaceID, ageKey, ok := strings.Cut(strings.TrimPrefix(privateKey, cerbosKeyPrefix), "-")
if !ok {
return nil, ErrInvalidPrivateKey
Expand All @@ -57,10 +64,18 @@ func New(clientID, clientSecret, privateKey string) (*Credentials, error) {
}

func (c *Credentials) Encrypt(dst io.Writer) (io.WriteCloser, error) {
if c.identity == nil {
return nil, ErrInvalidPrivateKey
}

return age.Encrypt(dst, c.identity.Recipient())
}

func (c *Credentials) Decrypt(input io.Reader) (io.Reader, error) {
if c.identity == nil {
return nil, ErrInvalidPrivateKey
}

out, err := age.Decrypt(input, c.identity)
if err != nil {
return nil, fmt.Errorf("failed to decrypt: %w", err)
Expand Down
45 changes: 32 additions & 13 deletions credentials/credentials_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,21 +20,40 @@ var encrypted []byte
func TestCredentials(t *testing.T) {
clientID := "clientid"
clientSecret := "clientsecret"
privateKey := "CERBOS-1MKYX97DHPT3B-L05ALANNYUXY7HEMFXUNQRLS47D8G8D9ZYUMEDPE4X2382Q2WMSSXY2G2A"

c, err := credentials.New(clientID, clientSecret, privateKey)
require.NoError(t, err, "Failed to create credentials")
require.Equal(t, clientID, c.ClientID, "Client ID mismatch")
require.Equal(t, clientSecret, c.ClientSecret, "Client secret mismatch")
require.Equal(t, "MKYX97DHPT3B", c.WorkspaceID, "Workspace ID mismatch")
t.Run("with private key", func(t *testing.T) {
privateKey := "CERBOS-1MKYX97DHPT3B-L05ALANNYUXY7HEMFXUNQRLS47D8G8D9ZYUMEDPE4X2382Q2WMSSXY2G2A"

have, err := c.Decrypt(bytes.NewReader(encrypted))
require.NoError(t, err, "Failed to decrypt")
c, err := credentials.New(clientID, clientSecret, privateKey)
require.NoError(t, err, "Failed to create credentials")
require.Equal(t, clientID, c.ClientID, "Client ID mismatch")
require.Equal(t, clientSecret, c.ClientSecret, "Client secret mismatch")
require.Equal(t, "MKYX97DHPT3B", c.WorkspaceID, "Workspace ID mismatch")

haveDecrypted := new(bytes.Buffer)
_, err = haveDecrypted.ReadFrom(have)
require.NoError(t, err)
require.Equal(t, "cerbos", haveDecrypted.String())
have, err := c.Decrypt(bytes.NewReader(encrypted))
require.NoError(t, err, "Failed to decrypt")

require.Equal(t, "d27f6dfbae5e84c7557e7e013e0bab6e81ada2b4a817689684652548448b6267", c.HashString("cerbos"))
haveDecrypted := new(bytes.Buffer)
_, err = haveDecrypted.ReadFrom(have)
require.NoError(t, err)
require.Equal(t, "cerbos", haveDecrypted.String())

require.Equal(t, "d27f6dfbae5e84c7557e7e013e0bab6e81ada2b4a817689684652548448b6267", c.HashString("cerbos"))
})

t.Run("without private key", func(t *testing.T) {
c, err := credentials.New(clientID, clientSecret, "")
require.NoError(t, err, "Failed to create credentials")
require.Equal(t, clientID, c.ClientID, "Client ID mismatch")
require.Equal(t, clientSecret, c.ClientSecret, "Client secret mismatch")
require.Empty(t, c.WorkspaceID, "Workspace ID mismatch")

_, err = c.Decrypt(bytes.NewReader(encrypted))
require.ErrorIs(t, err, credentials.ErrInvalidPrivateKey)

_, err = c.Encrypt(new(bytes.Buffer))
require.ErrorIs(t, err, credentials.ErrInvalidPrivateKey)

require.Equal(t, "eaf69a17369b5b65a4bc95b0b5803afb64818cb9ad6d98dac67118d691b06bd4", c.HashString("cerbos"))
})
}

0 comments on commit 7344939

Please sign in to comment.