chore: align slurp config and scaffolding
This commit is contained in:
anthonyrawlins
23
pkg/crypto/key_manager_stub.go
Normal file
23
pkg/crypto/key_manager_stub.go
Normal file
@@ -0,0 +1,23 @@
|
||||
package crypto
|
||||
|
||||
import "time"
|
||||
|
||||
// GenerateKey returns a deterministic placeholder key identifier for the given role.
|
||||
func (km *KeyManager) GenerateKey(role string) (string, error) {
|
||||
return "stub-key-" + role, nil
|
||||
}
|
||||
|
||||
// DeprecateKey is a no-op in the stub implementation.
|
||||
func (km *KeyManager) DeprecateKey(keyID string) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// GetKeysForRotation mirrors SEC-SLURP-1.1 key rotation discovery while remaining inert.
|
||||
func (km *KeyManager) GetKeysForRotation(maxAge time.Duration) ([]*KeyInfo, error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
// ValidateKeyFingerprint accepts all fingerprints in the stubbed environment.
|
||||
func (km *KeyManager) ValidateKeyFingerprint(role, fingerprint string) bool {
|
||||
return true
|
||||
}
|
||||
75
pkg/crypto/role_crypto_stub.go
Normal file
75
pkg/crypto/role_crypto_stub.go
Normal file
@@ -0,0 +1,75 @@
|
||||
package crypto
|
||||
|
||||
import (
|
||||
"crypto/sha256"
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
|
||||
"chorus/pkg/config"
|
||||
)
|
||||
|
||||
type RoleCrypto struct {
|
||||
config *config.Config
|
||||
}
|
||||
|
||||
func NewRoleCrypto(cfg *config.Config, _ interface{}, _ interface{}, _ interface{}) (*RoleCrypto, error) {
|
||||
if cfg == nil {
|
||||
return nil, fmt.Errorf("config cannot be nil")
|
||||
}
|
||||
return &RoleCrypto{config: cfg}, nil
|
||||
}
|
||||
|
||||
func (rc *RoleCrypto) EncryptForRole(data []byte, role string) ([]byte, string, error) {
|
||||
if len(data) == 0 {
|
||||
return []byte{}, rc.fingerprint(data), nil
|
||||
}
|
||||
encoded := make([]byte, base64.StdEncoding.EncodedLen(len(data)))
|
||||
base64.StdEncoding.Encode(encoded, data)
|
||||
return encoded, rc.fingerprint(data), nil
|
||||
}
|
||||
|
||||
func (rc *RoleCrypto) DecryptForRole(data []byte, role string, _ string) ([]byte, error) {
|
||||
if len(data) == 0 {
|
||||
return []byte{}, nil
|
||||
}
|
||||
decoded := make([]byte, base64.StdEncoding.DecodedLen(len(data)))
|
||||
n, err := base64.StdEncoding.Decode(decoded, data)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return decoded[:n], nil
|
||||
}
|
||||
|
||||
func (rc *RoleCrypto) EncryptContextForRoles(payload interface{}, roles []string, _ []string) ([]byte, error) {
|
||||
raw, err := json.Marshal(payload)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
encoded := make([]byte, base64.StdEncoding.EncodedLen(len(raw)))
|
||||
base64.StdEncoding.Encode(encoded, raw)
|
||||
return encoded, nil
|
||||
}
|
||||
|
||||
func (rc *RoleCrypto) fingerprint(data []byte) string {
|
||||
sum := sha256.Sum256(data)
|
||||
return base64.StdEncoding.EncodeToString(sum[:])
|
||||
}
|
||||
|
||||
type StorageAccessController interface {
|
||||
CanStore(role, key string) bool
|
||||
CanRetrieve(role, key string) bool
|
||||
}
|
||||
|
||||
type StorageAuditLogger interface {
|
||||
LogEncryptionOperation(role, key, operation string, success bool)
|
||||
LogDecryptionOperation(role, key, operation string, success bool)
|
||||
LogKeyRotation(role, keyID string, success bool, message string)
|
||||
LogError(message string)
|
||||
LogAccessDenial(role, key, operation string)
|
||||
}
|
||||
|
||||
type KeyInfo struct {
|
||||
Role string
|
||||
KeyID string
|
||||
}
|
||||
Reference in New Issue
Block a user