cc/examples/walkthrough/write_keyset.cc - platform/external/tink - Git at Google

 // Copyright 2022 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 ///////////////////////////////////////////////////////////////////////////////

 #include "walkthrough/write_keyset.h"

 // [START tink_walkthrough_write_keyset]
 #include <fstream>
 #include <memory>
 #include <ostream>
 #include <utility>

 #include "absl/status/status.h"
 #include "absl/strings/string_view.h"
 #include "tink/aead.h"
 #include "tink/json_keyset_writer.h"
 #include "tink/keyset_handle.h"
 #include "tink/kms_client.h"
 #include "tink/kms_clients.h"

 namespace tink_walkthrough {

 using ::crypto::tink::JsonKeysetWriter;
 using ::crypto::tink::util::StatusOr;

 // Writes a `keyset` to `output_stream` in JSON format; the keyset is encrypted
 // through a KMS service using the KMS key `master_kms_key_uri`.
 //
 // Prerequisites for this example:
 //  - Register AEAD implementations of Tink.
 //  - Register a KMS client that can use `master_kms_key_uri`.
 //  - Create a keyset and obtain a KeysetHandle to it.
 crypto::tink::util::Status WriteEncryptedKeyset(
     const crypto::tink::KeysetHandle& keyset,
     std::unique_ptr<std::ostream> output_stream,
     absl::string_view master_kms_key_uri) {
   // Create a writer that will write the keyset to output_stream as JSON.
   StatusOr<std::unique_ptr<JsonKeysetWriter>> writer =
       JsonKeysetWriter::New(std::move(output_stream));
   if (!writer.ok()) return writer.status();
   // Get a KMS client for the given key URI.
   StatusOr<const crypto::tink::KmsClient*> kms_client =
       crypto::tink::KmsClients::Get(master_kms_key_uri);
   if (!kms_client.ok()) return kms_client.status();
   // Get an Aead primitive that uses the KMS service to encrypt/decrypt.
   StatusOr<std::unique_ptr<crypto::tink::Aead>> kms_aead =
       (*kms_client)->GetAead(master_kms_key_uri);
   if (!kms_aead.ok()) return kms_aead.status();
   return keyset.Write(writer->get(), **kms_aead);
 }

 }  // namespace tink_walkthrough
 // [END tink_walkthrough_write_keyset]
	// Copyright 2022 Google LLC
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//
	///////////////////////////////////////////////////////////////////////////////

	#include "walkthrough/write_keyset.h"

	// [START tink_walkthrough_write_keyset]
	#include <fstream>
	#include <memory>
	#include <ostream>
	#include <utility>

	#include "absl/status/status.h"
	#include "absl/strings/string_view.h"
	#include "tink/aead.h"
	#include "tink/json_keyset_writer.h"
	#include "tink/keyset_handle.h"
	#include "tink/kms_client.h"
	#include "tink/kms_clients.h"

	namespace tink_walkthrough {

	using ::crypto::tink::JsonKeysetWriter;
	using ::crypto::tink::util::StatusOr;

	// Writes a `keyset` to `output_stream` in JSON format; the keyset is encrypted
	// through a KMS service using the KMS key `master_kms_key_uri`.
	//
	// Prerequisites for this example:
	// - Register AEAD implementations of Tink.
	// - Register a KMS client that can use `master_kms_key_uri`.
	// - Create a keyset and obtain a KeysetHandle to it.
	crypto::tink::util::Status WriteEncryptedKeyset(
	const crypto::tink::KeysetHandle& keyset,
	std::unique_ptr<std::ostream> output_stream,
	absl::string_view master_kms_key_uri) {
	// Create a writer that will write the keyset to output_stream as JSON.
	StatusOr<std::unique_ptr<JsonKeysetWriter>> writer =
	JsonKeysetWriter::New(std::move(output_stream));
	if (!writer.ok()) return writer.status();
	// Get a KMS client for the given key URI.
	StatusOr<const crypto::tink::KmsClient*> kms_client =
	crypto::tink::KmsClients::Get(master_kms_key_uri);
	if (!kms_client.ok()) return kms_client.status();
	// Get an Aead primitive that uses the KMS service to encrypt/decrypt.
	StatusOr<std::unique_ptr<crypto::tink::Aead>> kms_aead =
	(*kms_client)->GetAead(master_kms_key_uri);
	if (!kms_aead.ok()) return kms_aead.status();
	return keyset.Write(writer->get(), **kms_aead);
	}

	} // namespace tink_walkthrough
	// [END tink_walkthrough_write_keyset]