1*e7b1675dSTing-Kang Chang# Copyright 2020 Google LLC 2*e7b1675dSTing-Kang Chang# 3*e7b1675dSTing-Kang Chang# Licensed under the Apache License, Version 2.0 (the "License"); 4*e7b1675dSTing-Kang Chang# you may not use this file except in compliance with the License. 5*e7b1675dSTing-Kang Chang# You may obtain a copy of the License at 6*e7b1675dSTing-Kang Chang# 7*e7b1675dSTing-Kang Chang# http://www.apache.org/licenses/LICENSE-2.0 8*e7b1675dSTing-Kang Chang# 9*e7b1675dSTing-Kang Chang# Unless required by applicable law or agreed to in writing, software 10*e7b1675dSTing-Kang Chang# distributed under the License is distributed on an "AS-IS" BASIS, 11*e7b1675dSTing-Kang Chang# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12*e7b1675dSTing-Kang Chang# See the License for the specific language governing permissions and 13*e7b1675dSTing-Kang Chang# limitations under the License. 14*e7b1675dSTing-Kang Chang"""Tink Primitive Testing Service in Python.""" 15*e7b1675dSTing-Kang Chang 16*e7b1675dSTing-Kang Changfrom concurrent import futures 17*e7b1675dSTing-Kang Changimport sys 18*e7b1675dSTing-Kang Chang 19*e7b1675dSTing-Kang Changfrom absl import app 20*e7b1675dSTing-Kang Changfrom absl import flags 21*e7b1675dSTing-Kang Changimport grpc 22*e7b1675dSTing-Kang Changfrom tink import aead 23*e7b1675dSTing-Kang Changfrom tink import daead 24*e7b1675dSTing-Kang Changfrom tink import hybrid 25*e7b1675dSTing-Kang Changfrom tink import jwt 26*e7b1675dSTing-Kang Changfrom tink import mac 27*e7b1675dSTing-Kang Changfrom tink import prf 28*e7b1675dSTing-Kang Changfrom tink import signature 29*e7b1675dSTing-Kang Changfrom tink import streaming_aead 30*e7b1675dSTing-Kang Changfrom tink.integration import gcpkms 31*e7b1675dSTing-Kang Chang 32*e7b1675dSTing-Kang Changfrom tink.testing import fake_kms 33*e7b1675dSTing-Kang Changfrom protos import testing_api_pb2_grpc 34*e7b1675dSTing-Kang Changimport jwt_service 35*e7b1675dSTing-Kang Changimport services 36*e7b1675dSTing-Kang Chang 37*e7b1675dSTing-Kang Changfrom tink.integration import awskms 38*e7b1675dSTing-Kang Chang 39*e7b1675dSTing-Kang ChangFLAGS = flags.FLAGS 40*e7b1675dSTing-Kang Chang 41*e7b1675dSTing-Kang Changflags.DEFINE_integer('port', 10000, 'The port of the server.') 42*e7b1675dSTing-Kang ChangGCP_CREDENTIALS_PATH = flags.DEFINE_string( 43*e7b1675dSTing-Kang Chang 'gcp_credentials_path', '', 'Google Cloud KMS credentials path.') 44*e7b1675dSTing-Kang ChangGCP_KEY_URI = flags.DEFINE_string( 45*e7b1675dSTing-Kang Chang 'gcp_key_uri', '', 'Google Cloud KMS key URL of the form: ' 46*e7b1675dSTing-Kang Chang 'gcp-kms://projects/*/locations/*/keyRings/*/cryptoKeys/*.') 47*e7b1675dSTing-Kang ChangAWS_CREDENTIALS_PATH = flags.DEFINE_string('aws_credentials_path', '', 48*e7b1675dSTing-Kang Chang 'AWS KMS credentials path.') 49*e7b1675dSTing-Kang ChangAWS_KEY_URI = flags.DEFINE_string( 50*e7b1675dSTing-Kang Chang 'aws_key_uri', '', 'AWS KMS key URL of the form: ' 51*e7b1675dSTing-Kang Chang 'aws-kms://arn:aws:kms:<region>:<account-id>:key/<key-id>.') 52*e7b1675dSTing-Kang Chang 53*e7b1675dSTing-Kang Chang 54*e7b1675dSTing-Kang Changdef init_tink() -> None: 55*e7b1675dSTing-Kang Chang """Initializes Tink registering the required primitives.""" 56*e7b1675dSTing-Kang Chang 57*e7b1675dSTing-Kang Chang aead.register() 58*e7b1675dSTing-Kang Chang daead.register() 59*e7b1675dSTing-Kang Chang hybrid.register() 60*e7b1675dSTing-Kang Chang mac.register() 61*e7b1675dSTing-Kang Chang prf.register() 62*e7b1675dSTing-Kang Chang signature.register() 63*e7b1675dSTing-Kang Chang streaming_aead.register() 64*e7b1675dSTing-Kang Chang jwt.register_jwt_mac() 65*e7b1675dSTing-Kang Chang jwt.register_jwt_signature() 66*e7b1675dSTing-Kang Chang fake_kms.register_client() 67*e7b1675dSTing-Kang Chang awskms.AwsKmsClient.register_client( 68*e7b1675dSTing-Kang Chang key_uri=AWS_KEY_URI.value, credentials_path=AWS_CREDENTIALS_PATH.value) 69*e7b1675dSTing-Kang Chang 70*e7b1675dSTing-Kang Chang gcpkms.GcpKmsClient.register_client( 71*e7b1675dSTing-Kang Chang key_uri=GCP_KEY_URI.value, credentials_path=GCP_CREDENTIALS_PATH.value 72*e7b1675dSTing-Kang Chang ) 73*e7b1675dSTing-Kang Chang 74*e7b1675dSTing-Kang Chang 75*e7b1675dSTing-Kang Changdef main(unused_argv): 76*e7b1675dSTing-Kang Chang init_tink() 77*e7b1675dSTing-Kang Chang 78*e7b1675dSTing-Kang Chang server = grpc.server(futures.ThreadPoolExecutor(max_workers=2)) 79*e7b1675dSTing-Kang Chang testing_api_pb2_grpc.add_MetadataServicer_to_server( 80*e7b1675dSTing-Kang Chang services.MetadataServicer(), server) 81*e7b1675dSTing-Kang Chang testing_api_pb2_grpc.add_KeysetServicer_to_server( 82*e7b1675dSTing-Kang Chang services.KeysetServicer(), server) 83*e7b1675dSTing-Kang Chang testing_api_pb2_grpc.add_AeadServicer_to_server( 84*e7b1675dSTing-Kang Chang services.AeadServicer(), server) 85*e7b1675dSTing-Kang Chang testing_api_pb2_grpc.add_DeterministicAeadServicer_to_server( 86*e7b1675dSTing-Kang Chang services.DeterministicAeadServicer(), server) 87*e7b1675dSTing-Kang Chang testing_api_pb2_grpc.add_MacServicer_to_server( 88*e7b1675dSTing-Kang Chang services.MacServicer(), server) 89*e7b1675dSTing-Kang Chang testing_api_pb2_grpc.add_PrfSetServicer_to_server(services.PrfSetServicer(), 90*e7b1675dSTing-Kang Chang server) 91*e7b1675dSTing-Kang Chang testing_api_pb2_grpc.add_HybridServicer_to_server( 92*e7b1675dSTing-Kang Chang services.HybridServicer(), server) 93*e7b1675dSTing-Kang Chang testing_api_pb2_grpc.add_SignatureServicer_to_server( 94*e7b1675dSTing-Kang Chang services.SignatureServicer(), server) 95*e7b1675dSTing-Kang Chang testing_api_pb2_grpc.add_StreamingAeadServicer_to_server( 96*e7b1675dSTing-Kang Chang services.StreamingAeadServicer(), server) 97*e7b1675dSTing-Kang Chang testing_api_pb2_grpc.add_JwtServicer_to_server(jwt_service.JwtServicer(), 98*e7b1675dSTing-Kang Chang server) 99*e7b1675dSTing-Kang Chang used_port = server.add_secure_port('[::]:%d' % FLAGS.port, 100*e7b1675dSTing-Kang Chang grpc.local_server_credentials()) 101*e7b1675dSTing-Kang Chang server.start() 102*e7b1675dSTing-Kang Chang print('Server started on port ' + str(used_port)) 103*e7b1675dSTing-Kang Chang print(' (stderr) Server started on port ' + str(used_port), file=sys.stderr) 104*e7b1675dSTing-Kang Chang server.wait_for_termination() 105*e7b1675dSTing-Kang Chang 106*e7b1675dSTing-Kang Chang 107*e7b1675dSTing-Kang Changif __name__ == '__main__': 108*e7b1675dSTing-Kang Chang app.run(main) 109