All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.yahoo.vespa.security.tool.crypto.ResealTool Maven / Gradle / Ivy

There is a newer version: 8.441.21
Show newest version
// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.security.tool.crypto;

import com.yahoo.security.KeyId;
import com.yahoo.security.KeyUtils;
import com.yahoo.security.SealedSharedKey;
import com.yahoo.security.SharedKeyGenerator;
import com.yahoo.security.SharedKeyResealingSession;
import com.yahoo.vespa.security.tool.CliUtils;
import com.yahoo.vespa.security.tool.Tool;
import com.yahoo.vespa.security.tool.ToolDescription;
import com.yahoo.vespa.security.tool.ToolInvocation;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.Option;

import java.io.IOException;
import java.util.List;
import java.util.Optional;

import static com.yahoo.vespa.security.tool.crypto.ToolUtils.NO_INTERACTIVE_OPTION;
import static com.yahoo.vespa.security.tool.crypto.ToolUtils.PRIVATE_KEY_DIR_OPTION;
import static com.yahoo.vespa.security.tool.crypto.ToolUtils.PRIVATE_KEY_FILE_OPTION;

/**
 * Tooling for resealing a token for another recipient. This allows for delegating
 * decryption to another party without having to reveal the private key of the original
 * recipient.
 *
 * @author vekterli
 */
public class ResealTool implements Tool {

    static final String EXPECTED_KEY_ID_OPTION      = "expected-key-id";
    static final String RECIPIENT_KEY_ID_OPTION     = "key-id";
    static final String RECIPIENT_PUBLIC_KEY_OPTION = "recipient-public-key";
    static final String RESEAL_REQUEST_OPTION       = "reseal-request";

    private static final List




© 2015 - 2024 Weber Informatics LLC | Privacy Policy