diff options
Diffstat (limited to 'src/third_party/kms-message/src/kms_message/kms_azure_request.h')
-rw-r--r-- | src/third_party/kms-message/src/kms_message/kms_azure_request.h | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/src/third_party/kms-message/src/kms_message/kms_azure_request.h b/src/third_party/kms-message/src/kms_message/kms_azure_request.h new file mode 100644 index 00000000000..2e9af68fd03 --- /dev/null +++ b/src/third_party/kms-message/src/kms_message/kms_azure_request.h @@ -0,0 +1,110 @@ +/* + * Copyright 2020-present MongoDB, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef KMS_AZURE_REQUEST_H +#define KMS_AZURE_REQUEST_H + +#include "kms_message_defines.h" +#include "kms_request.h" +#include "kms_request_opt.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* Constructs an oauth client credentials grant request for Azure. + * See + * https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow#get-a-token. + * + * Parameters: + * All parameters must be NULL terminated strings. + * - host: The value of the Host header. This should be a custom host or + * "login.microsoftonline.com". + * - scope: The oauth scope. This should be a custom scope or + * "https%3A%2F%2Fvault.azure.net%2F.default". Must be URL encoded. + * - tenant_id: The Azure tenant ID. + * - client_id: The client ID to authenticate. + * - client_secret: The client secret to authenticate. + * - opt: Additional options. This must have the Azure provider set via + * kms_request_opt_set_provider. + * + * Returns: A new kms_request_t. + * Always returns a new kms_request_t, even on error. + * Caller must check if an error occurred by calling kms_request_get_error. + */ +KMS_MSG_EXPORT (kms_request_t *) +kms_azure_request_oauth_new (const char *host, + const char *scope, + const char *tenant_id, + const char *client_id, + const char *client_secret, + const kms_request_opt_t *opt); + +/* Constructs a wrapkey request for Azure. + * See https://docs.microsoft.com/en-us/rest/api/keyvault/wrapkey/wrapkey + * + * Parameters: + * All parameters must be NULL terminated strings. + * - host: The value of the Host header, like "mykeyvault.vault.azure.net". + * - access_token: The access_token obtained from an oauth response as a + * base64url encoded string. + * - key_name: The azure key name. + * - key_version: An optional key version. May be NULL or empty string. + * - plaintext: The plaintext key to encrypt. + * - plaintext_len: The number of bytes of plaintext. + * - opt: Additional options. This must have the Azure provider set via + * kms_request_opt_set_provider. + */ + +KMS_MSG_EXPORT (kms_request_t *) +kms_azure_request_wrapkey_new (const char *host, + const char *access_token, + const char *key_name, + const char *key_version, + const uint8_t *plaintext, + size_t plaintext_len, + const kms_request_opt_t *opt); + +/* Constructs an unwrapkey request for Azure. + * See https://docs.microsoft.com/en-us/rest/api/keyvault/unwrapkey/unwrapkey + * + * Parameters: + * All parameters must be NULL terminated strings. + * - host: The value of the Host header, like "mykeyvault.vault.azure.net". + * - access_token: The access_token obtained from an oauth response as a + * base64url encoded string. + * - key_name: The azure key name. + * - key_version: An optional key version. May be NULL or empty string. + * - ciphertext: The ciphertext key to decrypt. + * - ciphertext_len: The number of bytes of ciphertext. + * - opt: Additional options. This must have the Azure provider set via + * kms_request_opt_set_provider. + */ + +KMS_MSG_EXPORT (kms_request_t *) +kms_azure_request_unwrapkey_new (const char *host, + const char *access_token, + const char *key_name, + const char *key_version, + const uint8_t *ciphertext, + size_t ciphertext_len, + const kms_request_opt_t *opt); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* KMS_AZURE_REQUEST_H */ |