Implemented constructors for both encryption and decryption

Signed-off-by: Brandon Lum <lumjjb@gmail.com>

pkg/encryption/config/config.go

@@ -40,8 +40,8 @@ type CryptoConfig struct {
 }
 
 // InitDecryption initialized a CryptoConfig object with parameters used for decryption
-func InitDecryption(dcparameters map[string][][]byte) *CryptoConfig {
-	return &CryptoConfig{
+func InitDecryption(dcparameters map[string][][]byte) CryptoConfig {
+	return CryptoConfig{
 		DecryptConfig: &DecryptConfig{
 			Parameters: dcparameters,
 		},
@@ -51,8 +51,8 @@ func InitDecryption(dcparameters map[string][][]byte) *CryptoConfig {
 // InitEncryption initializes a CryptoConfig object with parameters used for encryption
 // It also takes dcparameters that may be needed for decryption when adding a recipient
 // to an already encrypted image
-func InitEncryption(parameters, dcparameters map[string][][]byte) *CryptoConfig {
-	return &CryptoConfig{
+func InitEncryption(parameters, dcparameters map[string][][]byte) CryptoConfig {
+	return CryptoConfig{
 		EncryptConfig: &EncryptConfig{
 			Parameters: parameters,
 			DecryptConfig: DecryptConfig{
@@ -94,6 +94,15 @@ func CombineCryptoConfigs(ccs []CryptoConfig) CryptoConfig {
 
 }
 
+// AttachDecryptConfig adds DecryptConfig to the field of EncryptConfig so that
+// the decryption parameters can be used to add recipients to an existing image
+// if the user is able to decrypt it.
+func (ec *EncryptConfig) AttachDecryptConfig(dc *DecryptConfig) {
+	if dc != nil {
+		addToMap(ec.DecryptConfig.Parameters, dc.Parameters)
+	}
+}
+
 func addToMap(orig map[string][][]byte, add map[string][][]byte) {
 	for k, v := range add {
 		if ov, ok := orig[k]; ok {

pkg/encryption/config/constructors.go

@@ -16,30 +16,13 @@
 
 package config
 
-// NewJweCryptoConfig returns a CryptoConfig that contains the required configuration for using
-// the jwe keyunwrap interface
-func NewJweCryptoConfig(pubKey *[]byte, privKey *[]byte, privKeyPassword *string) CryptoConfig {
-	pubKeys := [][]byte{}
-	privKeys := [][]byte{}
-	privKeysPasswords := [][]byte{}
-
-	if pubKey != nil {
-		pubKeys = append(pubKeys, *pubKey)
-	}
-	if privKey != nil {
-		privKeys = append(privKeys, *privKey)
-	}
-	if privKeyPassword != nil {
-		privKeysPasswords = append(privKeysPasswords, []byte(*privKeyPassword))
-	}
-
-	dc := DecryptConfig{
-		Parameters: map[string][][]byte{
-			"privkeys":           privKeys,
-			"privkeys-passwords": privKeysPasswords,
-		},
-	}
+import (
+	"github.com/pkg/errors"
+)
 
+// EncryptWithJwe returns a CryptoConfig to encrypt with jwe public keys
+func EncryptWithJwe(pubKeys [][]byte) (CryptoConfig, error) {
+	dc := DecryptConfig{}
 	ep := map[string][][]byte{
 		"pubkeys": pubKeys,
 	}
@@ -50,32 +33,12 @@ func NewJweCryptoConfig(pubKey *[]byte, privKey *[]byte, privKeyPassword *string
 			DecryptConfig: dc,
 		},
 		DecryptConfig: &dc,
-	}
+	}, nil
 }
 
-// NewPkcs7CryptoConfig returns a CryptoConfig that contains the required configuration for using
-// the pkcs7 keyunwrap interface
-func NewPkcs7CryptoConfig(x509 *[]byte, privKey *[]byte, privKeyPassword *string) CryptoConfig {
-	x509s := [][]byte{}
-	privKeys := [][]byte{}
-	privKeysPasswords := [][]byte{}
-
-	if x509 != nil {
-		x509s = append(x509s, *x509)
-	}
-	if privKey != nil {
-		privKeys = append(privKeys, *privKey)
-	}
-	if privKeyPassword != nil {
-		privKeysPasswords = append(privKeysPasswords, []byte(*privKeyPassword))
-	}
-
-	dc := DecryptConfig{
-		Parameters: map[string][][]byte{
-			"privkeys":           privKeys,
-			"privkeys-passwords": privKeysPasswords,
-		},
-	}
+// EncryptWithPkcs7 returns a CryptoConfig to encrypt with pkcs7 x509 certs
+func EncryptWithPkcs7(x509s [][]byte) (CryptoConfig, error) {
+	dc := DecryptConfig{}
 
 	ep := map[string][][]byte{
 		"x509s": x509s,
@@ -87,5 +50,85 @@ func NewPkcs7CryptoConfig(x509 *[]byte, privKey *[]byte, privKeyPassword *string
 			DecryptConfig: dc,
 		},
 		DecryptConfig: &dc,
-	}
+	}, nil
+}
+
+// EncryptWithGpg returns a CryptoConfig to encrypt with configured gpg parameters
+func EncryptWithGpg(gpgRecipients [][]byte, gpgPubRingFile []byte) (CryptoConfig, error) {
+	dc := DecryptConfig{}
+	ep := map[string][][]byte{
+		"gpg-recipients":     gpgRecipients,
+		"gpg-pubkeyringfile": {gpgPubRingFile},
+	}
+
+	return CryptoConfig{
+		EncryptConfig: &EncryptConfig{
+			Parameters:    ep,
+			DecryptConfig: dc,
+		},
+		DecryptConfig: &dc,
+	}, nil
+}
+
+// DecryptWithPrivKeys returns a CryptoConfig to decrypt with configured private keys
+func DecryptWithPrivKeys(privKeys [][]byte, privKeysPasswords [][]byte) (CryptoConfig, error) {
+	if len(privKeys) != len(privKeysPasswords) {
+		return CryptoConfig{}, errors.New("Length of privKeys should match length of privKeysPasswords")
+	}
+
+	dc := DecryptConfig{
+		Parameters: map[string][][]byte{
+			"privkeys":           privKeys,
+			"privkeys-passwords": privKeysPasswords,
+		},
+	}
+
+	ep := map[string][][]byte{}
+
+	return CryptoConfig{
+		EncryptConfig: &EncryptConfig{
+			Parameters:    ep,
+			DecryptConfig: dc,
+		},
+		DecryptConfig: &dc,
+	}, nil
+}
+
+// DecryptWithX509s returns a CryptoConfig to decrypt with configured x509 certs
+func DecryptWithX509s(x509s [][]byte) (CryptoConfig, error) {
+	dc := DecryptConfig{
+		Parameters: map[string][][]byte{
+			"x509s": x509s,
+		},
+	}
+
+	ep := map[string][][]byte{}
+
+	return CryptoConfig{
+		EncryptConfig: &EncryptConfig{
+			Parameters:    ep,
+			DecryptConfig: dc,
+		},
+		DecryptConfig: &dc,
+	}, nil
+}
+
+// DecryptWithGpgPrivKeys returns a CryptoConfig to decrypt with configured gpg private keys
+func DecryptWithGpgPrivKeys(gpgPrivKeys, gpgPrivKeysPwds [][]byte) (CryptoConfig, error) {
+	dc := DecryptConfig{
+		Parameters: map[string][][]byte{
+			"gpg-privatekeys":           gpgPrivKeys,
+			"gpg-privatekeys-passwords": gpgPrivKeysPwds,
+		},
+	}
+
+	ep := map[string][][]byte{}
+
+	return CryptoConfig{
+		EncryptConfig: &EncryptConfig{
+			Parameters:    ep,
+			DecryptConfig: dc,
+		},
+		DecryptConfig: &dc,
+	}, nil
 }