-
Notifications
You must be signed in to change notification settings - Fork 2
/
encryption.go
108 lines (86 loc) · 2.85 KB
/
encryption.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
package gocd
import (
"crypto/aes"
"crypto/cipher"
"encoding/base64"
"encoding/hex"
"encoding/json"
"net/http"
"strings"
"github.com/jinzhu/copier"
"github.com/nikhilsbhat/gocd-sdk-go/pkg/errors"
)
func (conf *client) EncryptText(value string) (Encrypted, error) {
var encryptedValue Encrypted
newClient := &client{}
if err := copier.CopyWithOption(newClient, conf, copier.Option{IgnoreEmpty: true, DeepCopy: true}); err != nil {
return encryptedValue, err
}
valueObj := map[string]string{"value": value}
resp, err := newClient.httpClient.R().
SetHeaders(map[string]string{
"Accept": HeaderVersionOne,
"Content-Type": ContentJSON,
}).
SetBody(valueObj).
Post(EncryptEndpoint)
if err != nil {
return encryptedValue, &errors.APIError{Err: err, Message: "encrypt a value"}
}
if resp.StatusCode() != http.StatusOK {
return encryptedValue, &errors.NonOkError{Code: resp.StatusCode(), Response: resp}
}
if err = json.Unmarshal(resp.Body(), &encryptedValue); err != nil {
return encryptedValue, &errors.MarshalError{Err: err}
}
return encryptedValue, nil
}
func (conf *client) DecryptText(value, cipherKey string) (string, error) {
var decryptedValue string
newClient := &client{}
if err := copier.CopyWithOption(newClient, conf, copier.Option{IgnoreEmpty: true, DeepCopy: true}); err != nil {
return decryptedValue, err
}
if len(value) == 0 || len(cipherKey) == 0 {
return "", &errors.CipherError{}
}
// AES encrypted value should be split to get encoded IV and data from it.
// Sample AES encrypted value: 'AES:wSOqnltxM6Rp9j0Tb8uWpw==:4zVLtLx9msGleK+pLOOUHg=='. Upon splitting we would get three elements
// By ignoring first 'AES' we are left with two elements,
// first 'wSOqnltxM6Rp9j0Tb8uWpw==' would be encodedIV and the second/last element '4zVLtLx9msGleK+pLOOUHg==' would be encoded data.
// Both IV and data are base64 encoded, to decrypt we should base64 decode it first.
dataSplit := strings.Split(value, ":")
decodedIV, err := base64.StdEncoding.DecodeString(dataSplit[1])
if err != nil {
return "", err
}
decodedData, err := base64.StdEncoding.DecodeString(dataSplit[2])
if err != nil {
return "", err
}
// cipher block to be obtained from the cipher key.
block, err := cipherBlock(cipherKey)
if err != nil {
return "", err
}
ecb := cipher.NewCBCDecrypter(block, decodedIV)
decrypted := make([]byte, len(decodedData))
ecb.CryptBlocks(decrypted, decodedData)
pk5trimmedValue := string(pkcs5Trimming(decrypted))
return pk5trimmedValue, nil
}
func cipherBlock(key string) (cipher.Block, error) {
decodedKey, err := hex.DecodeString(key)
if err != nil {
return nil, err
}
block, err := aes.NewCipher(decodedKey)
if err != nil {
return nil, err
}
return block, nil
}
func pkcs5Trimming(encrypt []byte) []byte {
padding := encrypt[len(encrypt)-1]
return encrypt[:len(encrypt)-int(padding)]
}