diff options
| author | juerg <juerg@google.com> | 2023-02-02 05:19:58 -0800 |
|---|---|---|
| committer | Copybara-Service <copybara-worker@google.com> | 2023-02-02 05:21:09 -0800 |
| commit | 39b61c1dc76979916e939ae0bd22e81d19b28193 (patch) | |
| tree | be34b8d7cd0d530df67cc7a50c37d0817701ceb3 /tools | |
| parent | 400ef41797432a5ca120fcc5c9a8a9d20d371a46 (diff) | |
| download | tink-39b61c1dc76979916e939ae0bd22e81d19b28193.tar.gz | |
Remove generate_envelope_keyset.go.
This is not needed anymore, since we don't use CLIs anymore to cross-language test KMS integrations.
PiperOrigin-RevId: 506591632
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/testing/go/BUILD.bazel | 20 | ||||
| -rw-r--r-- | tools/testing/go/generate_envelope_keyset.go | 114 |
2 files changed, 0 insertions, 134 deletions
diff --git a/tools/testing/go/BUILD.bazel b/tools/testing/go/BUILD.bazel index d4aa4287f..22b483d1c 100644 --- a/tools/testing/go/BUILD.bazel +++ b/tools/testing/go/BUILD.bazel @@ -44,23 +44,3 @@ go_binary( ], ) -go_binary( - name = "generate_envelope_keyset", - testonly = 1, # keep - srcs = ["generate_envelope_keyset.go"], - out = "generate_envelope_keyset", - data = [ - "//testdata/aws:credentials", - "//testdata/gcp:credentials", - ], - tags = ["no_rbe"], - deps = [ - "@tink_go//aead", - "@tink_go//core/registry", - "@tink_go//insecurecleartextkeyset", - "@tink_go//integration/awskms", - "@tink_go//integration/gcpkms", - "@tink_go//keyset", - "@tink_go//proto/tink_go_proto", - ], -) diff --git a/tools/testing/go/generate_envelope_keyset.go b/tools/testing/go/generate_envelope_keyset.go deleted file mode 100644 index e8011b425..000000000 --- a/tools/testing/go/generate_envelope_keyset.go +++ /dev/null @@ -1,114 +0,0 @@ -// Copyright 2017 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -//////////////////////////////////////////////////////////////////////////////// - -package main - -import ( - "bytes" - "io/ioutil" - "log" - "os" - "path" - "path/filepath" - "strings" - - "flag" - // context is used to cancel outstanding requests - "github.com/google/tink/go/aead" - "github.com/google/tink/go/core/registry" - "github.com/google/tink/go/insecurecleartextkeyset" - "github.com/google/tink/go/integration/awskms" - "github.com/google/tink/go/integration/gcpkms" - "github.com/google/tink/go/keyset" - - tinkpb "github.com/google/tink/go/proto/tink_go_proto" -) - -var ( - gcpURI = "gcp-kms://projects/tink-test-infrastructure/locations/global/keyRings/unit-and-integration-testing/cryptoKeys/aead-key" - gcpCredFile = filepath.Join(os.Getenv("TEST_SRCDIR"), "tools/testdata/gcp/credential.json") - awsURI = "aws-kms://arn:aws:kms:us-east-2:235739564943:key/3ee50705-5a82-4f5b-9753-05c4f473922f" - awsCredFile = filepath.Join(os.Getenv("TEST_SRCDIR"), "tools/testdata/aws/credentials.csv") -) - -func init() { - certPath := path.Join(os.Getenv("TEST_SRCDIR"), "tink_base/roots.pem") - flag.Set("cacerts", certPath) - os.Setenv("SSL_CERT_FILE", certPath) -} - -func main() { - if len(os.Args) != 4 { - log.Fatalf("Usage: %s keyset-file kms dek-template", os.Args[0]) - } - f := os.Args[1] - kms := os.Args[2] - dek := os.Args[3] - var dekT *tinkpb.KeyTemplate - var handle *keyset.Handle - var b bytes.Buffer - switch strings.ToUpper(dek) { - case "AES128_GCM": - dekT = aead.AES128GCMKeyTemplate() - case "AES128_CTR_HMAC_SHA256": - dekT = aead.AES128CTRHMACSHA256KeyTemplate() - default: - log.Fatalf("DEK template %s, is not supported. Expecting AES128_GCM or AES128_CTR_HMAC_SHA256", dek) - } - switch strings.ToUpper(kms) { - case "GCP": - gcpclient, err := gcpkms.NewClientWithCredentials(gcpURI, gcpCredFile) - if err != nil { - log.Fatal(err) - } - registry.RegisterKMSClient(gcpclient) - template, err := aead.CreateKMSEnvelopeAEADKeyTemplate(gcpURI, dekT) - if err != nil { - log.Fatal(err) - } - handle, err = keyset.NewHandle(template) - if err != nil { - log.Fatal(err) - } - case "AWS": - awsclient, err := awskms.NewClientWithCredentials(awsURI, awsCredFile) - if err != nil { - log.Fatal(err) - } - registry.RegisterKMSClient(awsclient) - template, err := aead.CreateKMSEnvelopeAEADKeyTemplate(awsURI, dekT) - if err != nil { - log.Fatal(err) - } - handle, err = keyset.NewHandle(template) - if err != nil { - log.Fatal(err) - } - default: - log.Fatalf("KMS %s, is not supported. Expecting AWS or GCP", kms) - } - ks := insecurecleartextkeyset.KeysetMaterial(handle) - h, err := insecurecleartextkeyset.Read(&keyset.MemReaderWriter{Keyset: ks}) - if err != nil { - log.Fatal(err) - } - if err := insecurecleartextkeyset.Write(h, keyset.NewBinaryWriter(&b)); err != nil { - log.Fatal(err) - } - if err := ioutil.WriteFile(f, b.Bytes(), 0644); err != nil { - log.Fatal(err) - } -} |