xref: /aosp_15_r20/external/tink/cc/integration/gcpkms/gcp_kms_client.h (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1 // Copyright 2019 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 //
15 ///////////////////////////////////////////////////////////////////////////////
16 
17 #ifndef TINK_INTEGRATION_GCPKMS_GCP_KMS_CLIENT_H_
18 #define TINK_INTEGRATION_GCPKMS_GCP_KMS_CLIENT_H_
19 
20 #include <memory>
21 #include <string>
22 #include <utility>
23 
24 #include "google/cloud/kms/v1/service.grpc.pb.h"
25 #include "grpcpp/channel.h"
26 #include "absl/strings/string_view.h"
27 #include "tink/aead.h"
28 #include "tink/kms_client.h"
29 #include "tink/util/status.h"
30 #include "tink/util/statusor.h"
31 
32 namespace crypto {
33 namespace tink {
34 namespace integration {
35 namespace gcpkms {
36 
37 // GcpKmsClient is an implementation of KmsClient for Google Cloud KMS
38 // (https://cloud.google.com/kms/).
39 class GcpKmsClient : public crypto::tink::KmsClient {
40  public:
41   // Move only.
42   GcpKmsClient(GcpKmsClient&& other) = default;
43   GcpKmsClient& operator=(GcpKmsClient&& other) = default;
44   GcpKmsClient(const GcpKmsClient&) = delete;
45   GcpKmsClient& operator=(const GcpKmsClient&) = delete;
46 
47   // Creates a new GcpKmsClient that is bound to the key specified in `key_uri`,
48   // and that uses the specified credentials when communicating with the KMS.
49   //
50   // Either argument can be empty.
51   // If `key_uri` is empty, then the client is not bound to any particular key.
52   // If `credential_path` is empty, then default credentials will be used.
53   static crypto::tink::util::StatusOr<std::unique_ptr<GcpKmsClient>> New(
54       absl::string_view key_uri, absl::string_view credentials_path);
55 
56   // Creates a new client and registers it in KMSClients.
57   static crypto::tink::util::Status RegisterNewClient(
58       absl::string_view key_uri, absl::string_view credentials_path);
59 
60   // Returns true iff this client does support KMS key specified by `key_uri`.
61   bool DoesSupport(absl::string_view key_uri) const override;
62 
63   // Returns an Aead-primitive backed by KMS key specified by `key_uri`,
64   // provided that this KmsClient does support `key_uri`.
65   crypto::tink::util::StatusOr<std::unique_ptr<Aead>> GetAead(
66       absl::string_view key_uri) const override;
67 
68  private:
GcpKmsClient(std::string key_name,std::shared_ptr<google::cloud::kms::v1::KeyManagementService::Stub> kms_stub)69   explicit GcpKmsClient(
70       std::string key_name,
71       std::shared_ptr<google::cloud::kms::v1::KeyManagementService::Stub>
72           kms_stub)
73       : key_name_(key_name), kms_stub_(std::move(kms_stub)) {}
74 
75   std::string key_name_;
76   std::shared_ptr<google::cloud::kms::v1::KeyManagementService::Stub> kms_stub_;
77 };
78 
79 }  // namespace gcpkms
80 }  // namespace integration
81 }  // namespace tink
82 }  // namespace crypto
83 
84 #endif  // TINK_INTEGRATION_GCPKMS_GCP_KMS_CLIENT_H_
85