diff options
author | przydatek <przydatek@google.com> | 2019-04-09 07:14:22 -0700 |
---|---|---|
committer | Charles Lee <ckl@google.com> | 2019-05-02 00:34:14 -0700 |
commit | 530fc92147f0d3fd9ae8bad19aa926dd955e273c (patch) | |
tree | 5249b47ed0939cef143669e4eab79150c303ff4d /cc/kms_clients.h | |
parent | b339b5f5fb5cde764cda060f1fa9f4f93a642bc0 (diff) | |
download | tink-530fc92147f0d3fd9ae8bad19aa926dd955e273c.tar.gz |
Adding C++ KmsClients and KmsAeadKeyManager
PiperOrigin-RevId: 242661064
GitOrigin-RevId: f9367173bea3b5832068a9eebfc19e85244ae98e
Diffstat (limited to 'cc/kms_clients.h')
-rw-r--r-- | cc/kms_clients.h | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/cc/kms_clients.h b/cc/kms_clients.h new file mode 100644 index 000000000..c28012acd --- /dev/null +++ b/cc/kms_clients.h @@ -0,0 +1,69 @@ +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +/////////////////////////////////////////////////////////////////////////////// + +#ifndef TINK_KMS_CLIENTS_H_ +#define TINK_KMS_CLIENTS_H_ + +#include <vector> + +#include "absl/base/thread_annotations.h" +#include "absl/strings/string_view.h" +#include "absl/synchronization/mutex.h" +#include "tink/kms_client.h" +#include "tink/util/status.h" +#include "tink/util/statusor.h" + +namespace crypto { +namespace tink { + +// A container for KmsClient-objects that are needed by KeyManager-objects for +// primitives that use KMS-managed keys. +// +// This class consists exclusively of static methods that register and load +// KmsClient-objects. +class KmsClients { + public: + // Adds 'kms_client', which must be non-null, to the list + // of the list of known clients. + static crypto::tink::util::Status Add(std::unique_ptr<KmsClient> kms_client) { + return GlobalInstance().LocalAdd(std::move(kms_client)); + } + + // Returns the first KmsClient that was added previously via Add(), + // and that does support 'key_uri', which must be non-empty. + // Retains the ownership of the returned KmsClient. + static crypto::tink::util::StatusOr<const KmsClient*> + Get(absl::string_view key_uri) { + return GlobalInstance().LocalGet(key_uri); + } + + private: + KmsClients() {} + + // Per-instance API, to be used by GlobalInstance(); + crypto::tink::util::Status + LocalAdd(std::unique_ptr<KmsClient> kms_client); + crypto::tink::util::StatusOr<const KmsClient*> + LocalGet(absl::string_view key_uri); + absl::Mutex clients_mutex_; + std::vector<std::unique_ptr<KmsClient>> clients_ + GUARDED_BY(clients_mutex_); + + static KmsClients& GlobalInstance(); +}; + +} // namespace tink +} // namespace crypto + +#endif // TINK_KMS_CLIENTS_H_ |