Last active
December 21, 2022 01:28
-
-
Save ItalyPaleAle/853aea376e3965f174d86c336c5d2d0e to your computer and use it in GitHub Desktop.
Subtle Crypto test app
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: dapr.io/v1alpha1 | |
kind: Component | |
metadata: | |
name: jwks | |
spec: | |
type: crypto.localstorage | |
version: v1 | |
metadata: | |
- name: path | |
value: keys |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module bindingtest | |
go 1.19 | |
require ( | |
github.com/dapr/dapr v1.6.1-0.20220223052122-c503710ab2d1 | |
google.golang.org/grpc v1.51.0 | |
) | |
require ( | |
github.com/golang/protobuf v1.5.2 // indirect | |
golang.org/x/net v0.4.0 // indirect | |
golang.org/x/sys v0.3.0 // indirect | |
golang.org/x/text v0.5.0 // indirect | |
google.golang.org/genproto v0.0.0-20221206210731-b1a01be3a5f6 // indirect | |
google.golang.org/protobuf v1.28.1 // indirect | |
) | |
replace github.com/dapr/dapr => ../dapr |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-----BEGIN RSA PRIVATE KEY----- | |
MIIEpQIBAAKCAQEA3I2mdIK4mRRu+ywMrYjUZzBxt0NlAVLrMhGlaJsby7PWTMiL | |
pZVip4SBD9GwnCU0TGFD7k2+7tfs0y9U6WV7MwgCjc9m/DUUGbE+kKjEU7JYkLzY | |
lndys+6xuhD4Jf1hu9AZVdfXftpWSy/NNg6fVwTH4nckOAbOSL1hXToOYWQcDDW9 | |
5Rhw3U4z04PqssEpRKn5KGBuTahNNNiZcWns99pChpLTxgdm93LjMBI1KCGBpOaz | |
7fcQJ9V3c6rSwMKyY3IPm1LwS6PIs7xb2ZJ0Eb8A6MtCkGhgNsodpkxhqKbqtxI+ | |
KqTuZy9g4jb8WKjJq9lB9q+HPHoQqIEDom6P8wIDAQABAoIBAQCwSSxWDjI8cR+v | |
9WqAvlB/1jHeeKjgIQXK9F3QucHC1RCiON2d0USUfw2ltkZC2F3v+wKQFGZbhA1Q | |
U5G8KBgMFwfrj25Sgp55VrmaaLrb5z5xGfDIe9sbxNsbzPp7awbWVqQZgDdHtn6p | |
BCEzZwanSDP4aKBzg8UYUP7kxEXAQwc/Z/L7U8SnZ0oGJPeyXbKjgiMw9FYxaHV7 | |
/bGe8VdhIYLHX7WrIP9WkIKkvv6S5NYJkU7HwKr8SlmJfui8NUERvQmWtPeytcAC | |
mQQTjZhgWeXdN6OWBk7LTSC/up77pYHXuUEz/b94V3mWJ0nNVLiuInFloE0l5bSy | |
D9K6xgARAoGBAPSzprPH3dBVcIdgsknMQVs+T4O4FbZQpuqg9mSg2S/OBQw/wVcs | |
uS0JvZVeJE3BN08lh+nR3hpieIN1habmOMbrLlPK3VVDr/naXC6FuICZ0OLGqinY | |
t7lOU5s6gqr8zV0qBAr8uQD1yvi4dNXOX4K5nkc2FBCTdoYMcWi+hyQZAoGBAOa8 | |
kSiac7GQ9gdcW521HkS04wUajiKhbFbhdJTIu0jGduCLCiH2vQngQnxiBZSMBnvo | |
yG6My9payLMN0N42R3MCFavatbPb6GXluGe3MpQgbPS6udffW+fuvkLngyuBZLIO | |
bkLA2NiZXmppudy+AjCI5gUWlRFDFu40X8TUCXXrAoGBAL2/bR3tdugsyJSBe97T | |
3z4kpD3sihGUmspHxKglPiTeqXVlHsQ9bt4otnTTymzszbm2zZyXW5W0E+VERT41 | |
OYOuLH9XSKfsU9H37BE7KeW24I5pJNxMK7MqtJQjG94BKDH8+aOXctH2xsx1JEwC | |
undA/iYUHhz4bCjoDyz8yQhJAoGBAKZE1+2Ebz5TkZb4TOS2cVtdZgJ1glseK63n | |
xVS52Yu1yFBCoUicPtjxC7gKAq9qv/lmY5iWSQfOR7YPjKW0Q4Ryyh8O+cTkAPH8 | |
ugezEfV/8EPikq0mvVnCxsP7hKBDG8bbc0UTJq/exRS1n0OcgINtAyRDg6PuzoVU | |
pHZ3vWGFAoGAc5Um3YYkhh2QScQBy5+kumH40LhFFy2ETznWEp0tS2NwmTfTm/Nl | |
Sg+Ct2nOw93cIhwDjWyoilkIapuuX2obY+sUc3kj2ugU+hONfuBStsF020IPP1sk | |
A9okIZVbz8ycqcjaBiNc4+TeiXED1K7bV9Kg+A9lxDxfGRybJ1/ECWA= | |
-----END RSA PRIVATE KEY----- |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"bytes" | |
"context" | |
"crypto/rand" | |
"crypto/sha256" | |
"encoding/base64" | |
"fmt" | |
"io" | |
"net" | |
"net/http" | |
"os" | |
"time" | |
runtime "github.com/dapr/dapr/pkg/proto/runtime/v1" | |
"google.golang.org/grpc" | |
"google.golang.org/grpc/credentials/insecure" | |
"google.golang.org/protobuf/encoding/protojson" | |
) | |
const keyName = "rsa.pem" | |
func main() { | |
time.Sleep(1 * time.Second) | |
grpcPort := os.Getenv("DAPR_GRPC_PORT") | |
if grpcPort == "" { | |
grpcPort = "50001" | |
} | |
httpPort := os.Getenv("DAPR_HTTP_PORT") | |
if httpPort == "" { | |
httpPort = "3500" | |
} | |
conn, err := grpc.DialContext( | |
context.Background(), | |
net.JoinHostPort("127.0.0.1", grpcPort), | |
grpc.WithTransportCredentials(insecure.NewCredentials()), | |
grpc.WithBlock(), | |
) | |
client := runtime.NewDaprClient(conn) | |
getKeyMessage := &runtime.SubtleGetKeyAlpha1Request{ | |
ComponentName: "jwks", | |
Name: keyName, | |
//Format: runtime.SubtleGetKeyAlpha1Request_JSON, | |
} | |
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) | |
resGetKey, err := client.SubtleGetKeyAlpha1(ctx, getKeyMessage) | |
cancel() | |
if err != nil { | |
panic(err) | |
} | |
fmt.Println(resGetKey) | |
// Try with HTTP | |
{ | |
reqBody, _ := protojson.Marshal(getKeyMessage) | |
ctx, cancel = context.WithTimeout(context.Background(), 10*time.Second) | |
defer cancel() | |
u := fmt.Sprintf("http://localhost:%s/v1.0-alpha1/subtlecrypto/getkey", httpPort) | |
req, err := http.NewRequestWithContext(ctx, "POST", u, bytes.NewReader(reqBody)) | |
if err != nil { | |
panic(err) | |
} | |
res, err := http.DefaultClient.Do(req) | |
if err != nil { | |
panic(err) | |
} | |
defer res.Body.Close() | |
resBody, err := io.ReadAll(res.Body) | |
if err != nil { | |
panic(err) | |
} | |
fmt.Println("RESPONSE FROM HTTP:", string(resBody)) | |
} | |
ctx, cancel = context.WithTimeout(context.Background(), 10*time.Second) | |
resEncrypt, err := client.SubtleEncryptAlpha1(ctx, &runtime.SubtleEncryptAlpha1Request{ | |
ComponentName: "jwks", | |
Key: keyName, | |
Plaintext: []byte("hello world"), | |
Algorithm: "RSA-OAEP", | |
Nonce: nil, | |
}) | |
cancel() | |
if err != nil { | |
panic(err) | |
} | |
fmt.Println("ciphertext len:", len(resEncrypt.Ciphertext), "tag len:", len(resEncrypt.Tag)) | |
ctx, cancel = context.WithTimeout(context.Background(), 10*time.Second) | |
resDecrypt, err := client.SubtleDecryptAlpha1(ctx, &runtime.SubtleDecryptAlpha1Request{ | |
ComponentName: "jwks", | |
Key: keyName, | |
Ciphertext: resEncrypt.Ciphertext, | |
Algorithm: "RSA-OAEP", | |
Tag: resEncrypt.Tag, | |
Nonce: nil, | |
}) | |
cancel() | |
if err != nil { | |
panic(err) | |
} | |
fmt.Println("decrypted", resDecrypt) | |
plainTextKey := make([]byte, 32) | |
_, err = io.ReadFull(rand.Reader, plainTextKey) | |
if err != nil { | |
panic(err) | |
} | |
ctx, cancel = context.WithTimeout(context.Background(), 10*time.Second) | |
resWrap, err := client.SubtleWrapKeyAlpha1(ctx, &runtime.SubtleWrapKeyAlpha1Request{ | |
ComponentName: "jwks", | |
Key: keyName, | |
PlaintextKey: plainTextKey, | |
Algorithm: "RSA-OAEP", | |
Nonce: nil, | |
}) | |
cancel() | |
if err != nil { | |
panic(err) | |
} | |
fmt.Println("wrapped key len:", len(resWrap.WrappedKey), "tag len:", len(resWrap.Tag)) | |
ctx, cancel = context.WithTimeout(context.Background(), 10*time.Second) | |
resUnwrap, err := client.SubtleUnwrapKeyAlpha1(ctx, &runtime.SubtleUnwrapKeyAlpha1Request{ | |
ComponentName: "jwks", | |
Key: keyName, | |
WrappedKey: resWrap.WrappedKey, | |
Algorithm: "RSA-OAEP", | |
Nonce: nil, | |
}) | |
cancel() | |
if err != nil { | |
panic(err) | |
} | |
fmt.Println("unwrapped key matches:", bytes.Equal(resUnwrap.PlaintextKey, plainTextKey)) | |
msg := []byte("transfer $100 to Alice") | |
digestB := sha256.Sum256(msg) | |
digest := digestB[:] | |
ctx, cancel = context.WithTimeout(context.Background(), 10*time.Second) | |
resSgin, err := client.SubtleSignAlpha1(ctx, &runtime.SubtleSignAlpha1Request{ | |
ComponentName: "jwks", | |
Key: keyName, | |
Algorithm: "PS256", | |
Digest: digest, | |
}) | |
cancel() | |
if err != nil { | |
panic(err) | |
} | |
fmt.Println("signature:", base64.RawURLEncoding.EncodeToString(resSgin.Signature)) | |
ctx, cancel = context.WithTimeout(context.Background(), 10*time.Second) | |
resVerify, err := client.SubtleVerifyAlpha1(ctx, &runtime.SubtleVerifyAlpha1Request{ | |
ComponentName: "jwks", | |
Key: keyName, | |
Algorithm: "PS256", | |
Signature: resSgin.Signature, | |
Digest: digest, | |
}) | |
cancel() | |
if err != nil { | |
panic(err) | |
} | |
fmt.Println("signature valid:", resVerify.Valid) | |
} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
LOG_LEVEL=${1:-"debug"} | |
dapr run \ | |
--app-id app \ | |
--app-port 6202 \ | |
--dapr-http-port 3602 \ | |
--dapr-grpc-port 60002 \ | |
--components-path ./components \ | |
--log-level "$LOG_LEVEL" \ | |
--\ | |
go run main.go |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment