SCB-1563: Support for encrypting values

cmd/kieserver/main.go

@@ -18,6 +18,7 @@
 package main
 
 import (
+	"github.com/apache/servicecomb-kie/server/cipher"
 	"github.com/apache/servicecomb-kie/server/service"
 	"os"
 
@@ -101,6 +102,9 @@ func main() {
 	if err := service.DBInit(); err != nil {
 		openlogging.Fatal(err.Error())
 	}
+	if err := cipher.Init(); err != nil {
+		openlogging.Fatal(err.Error())
+	}
 	if err := chassis.Run(); err != nil {
 		openlogging.Fatal("service exit: " + err.Error())
 	}

examples/dev/kie-conf.yaml

@@ -5,4 +5,7 @@ db:
   poolSize: 10
   timeout:  5m
   sslEnabled: false
-  rootCAFile: /opt/kie/ca.crt
+  rootCAFile: /opt/kie/ca.crt
+
+cipher:
+  name: noop

server/cipher/cipher.go

@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cipher
+
+import (
+	"github.com/apache/servicecomb-kie/server/config"
+	"github.com/apache/servicecomb-kie/server/service"
+	"github.com/go-chassis/foundation/security"
+)
+
+//See https://github.com/go-chassis/foundation/blob/master/security/cipher.go
+var ciphers map[string]security.Cipher
+
+// Register is register crypto
+func Register(name string, c security.Cipher) {
+	if ciphers == nil {
+		ciphers = make(map[string]security.Cipher)
+	}
+	ciphers[name] = c
+}
+
+// Lookup is lookup crypto
+func Lookup(name string) security.Cipher {
+	cipher, ok := ciphers[name]
+	if !ok {
+		cipher = &namedNoop{Name: name}
+		ciphers[name] = cipher
+	}
+
+	return cipher
+}
+
+// Init init crypto config
+func Init() error {
+	if config.GetCrypto().Name == "" {
+		return nil
+	}
+	if service.KVService != nil {
+		service.KVService = newCipherKV(service.KVService)
+	}
+	if service.HistoryService != nil {
+		service.HistoryService = newCipherHistory(service.HistoryService)
+	}
+
+	return nil
+}

server/cipher/cipher_test.go

@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cipher
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestLookup(t *testing.T) {
+	type args struct {
+		name  string
+		value string
+	}
+	tests := []struct {
+		name string
+		args args
+		want string
+	}{
+		{"noop", args{"noop", "123"}, "123"},
+		{"namedNoop", args{"not_implemented", "123"}, "123"},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			gotCipher := Lookup(tt.args.name)
+			expect, _ := gotCipher.Encrypt(tt.args.value)
+			if !reflect.DeepEqual(expect, tt.want) {
+				t.Errorf("Lookup() = %v, want %v", expect, tt.want)
+			}
+
+			expect, _ = gotCipher.Decrypt(tt.args.value)
+			if !reflect.DeepEqual(expect, tt.want) {
+				t.Errorf("Lookup() = %v, want %v", expect, tt.want)
+			}
+		})
+	}
+}
+
+type testCipher struct{}
+
+func (*testCipher) Encrypt(src string) (string, error) {
+	return src, nil
+}
+
+func (*testCipher) Decrypt(src string) (string, error) {
+	return src, nil
+}
+
+func TestRegister(t *testing.T) {
+	test := &testCipher{}
+	noop2 := &namedNoop{}
+	Register("test", test)
+	Register("noop2", noop2)
+
+	act := Lookup("test")
+	if !reflect.DeepEqual(test, act) {
+		t.Errorf("Register() = %v, want %v", test, act)
+	}
+	act = Lookup("noop2")
+	if !reflect.DeepEqual(noop2, act) {
+		t.Errorf("Register() = %v, want %v", noop2, act)
+	}
+}

server/cipher/init.go

@@ -0,0 +1,22 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cipher
+
+func init() {
+	Register("noop", &Noop{})
+}

server/cipher/noop.go

@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cipher
+
+import (
+	"fmt"
+	"github.com/go-mesh/openlogging"
+)
+
+// Noop is none implement
+type Noop struct {
+}
+
+// Encrypt implement
+func (*Noop) Encrypt(src string) (string, error) {
+	return src, nil
+}
+
+// Decrypt implement
+func (*Noop) Decrypt(src string) (string, error) {
+	return src, nil
+}
+
+type namedNoop struct {
+	Name string
+}
+
+func (nn *namedNoop) Encrypt(src string) (string, error) {
+	openlogging.Warn(fmt.Sprintf("security name [%s] not implemented.", nn.Name))
+	return src, nil
+}
+
+func (nn *namedNoop) Decrypt(src string) (string, error) {
+	openlogging.Warn(fmt.Sprintf("security name [%s] not implemented.", nn.Name))
+	return src, nil
+}

server/cipher/noop_test.go

@@ -0,0 +1,141 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package cipher
+
+import "testing"
+
+func TestNoop_Encrypt(t *testing.T) {
+	type args struct {
+		src string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    string
+		wantErr bool
+	}{
+		{"empty", args{""}, "", false},
+		{"123", args{"123"}, "123", false},
+		{"nil", args{}, "", false},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			n := &Noop{}
+			got, err := n.Encrypt(tt.args.src)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Noop.Encrypt() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != tt.want {
+				t.Errorf("Noop.Encrypt() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestNoop_Decrypt(t *testing.T) {
+	type args struct {
+		src string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    string
+		wantErr bool
+	}{
+		{"empty", args{""}, "", false},
+		{"123", args{"123"}, "123", false},
+		{"nil", args{}, "", false},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			n := &Noop{}
+			got, err := n.Decrypt(tt.args.src)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("Noop.Decrypt() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != tt.want {
+				t.Errorf("Noop.Decrypt() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func Test_namedNoop_Encrypt(t *testing.T) {
+	type args struct {
+		src string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    string
+		wantErr bool
+	}{
+		{"empty", args{""}, "", false},
+		{"123", args{"123"}, "123", false},
+		{"nil", args{}, "", false},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			nn := &namedNoop{
+				Name: "any",
+			}
+			got, err := nn.Encrypt(tt.args.src)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("namedNoop.Encrypt() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != tt.want {
+				t.Errorf("namedNoop.Encrypt() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func Test_namedNoop_Decrypt(t *testing.T) {
+
+	type args struct {
+		src string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    string
+		wantErr bool
+	}{
+		{"empty", args{""}, "", false},
+		{"123", args{"123"}, "123", false},
+		{"nil", args{}, "", false},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			nn := &namedNoop{
+				Name: "any",
+			}
+			got, err := nn.Decrypt(tt.args.src)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("namedNoop.Decrypt() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if got != tt.want {
+				t.Errorf("namedNoop.Decrypt() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}