re-encrypt temp commit

Dockerfile

@@ -5,7 +5,7 @@ ENV CGO_ENABLED=0
 
 COPY . .
 
-RUN go build -buildvcs=false -o ./sda-download ./cmd
+RUN set -ex; for p in cmd/*; do test -d "$p" && go build -buildvcs=false -o "sda-${p#cmd/}" "./$p"; done
 RUN echo "nobody:x:65534:65534:nobody:/:/sbin/nologin" > passwd
 
 FROM scratch

cmd/main.go → cmd/download/download.go

@@ -18,7 +18,7 @@ func init() {
 	log.Info("(1/5) Loading configuration")
 
 	// Load configuration
-	conf, err := config.NewConfig()
+	conf, err := config.NewConfig("download")
 	if err != nil {
 		log.Panicf("configuration loading failed, reason: %v", err)
 	}

cmd/reencrypt/reencrypt.go

@@ -0,0 +1,85 @@
+package main
+
+import (
+	"context"
+	"fmt"
+	"net"
+	"strings"
+
+	log "github.com/sirupsen/logrus"
+
+	"github.com/neicnordic/crypt4gh/keys"
+	"github.com/neicnordic/crypt4gh/model/headers"
+	"golang.org/x/crypto/chacha20poly1305"
+
+	"github.com/neicnordic/sda-download/internal/config"
+	"github.com/neicnordic/sda-download/internal/database"
+	re "github.com/neicnordic/sda-download/internal/reencrypt"
+	"google.golang.org/grpc"
+)
+
+// server is used to implement reencrypt.ReEncryptServer.
+type server struct {
+	re.UnimplementedReencryptServer
+}
+
+// init is run before main, it sets up configuration and other required things
+func init() {
+	log.Info("(1/5) Loading configuration")
+
+	// Load configuration
+	conf, err := config.NewConfig("reencrypt")
+	if err != nil {
+		log.Panicf("configuration loading failed, reason: %v", err)
+	}
+	config.Config = *conf
+
+	// Connect to database
+	db, err := database.NewDB(conf.DB)
+	if err != nil {
+		log.Panicf("database connection failed, reason: %v", err)
+	}
+	defer db.Close()
+	database.DB = db
+
+}
+
+// Reencrypt implements reencrypt.ReEncryptServer
+func (s *server) ReencryptHeader(ctx context.Context, in *re.ReencryptRequest) (*re.ReencryptResponse, error) {
+	log.Debugf("Received Public key: %v", in.GetPublickey())
+	log.Debugf("Received Public key: %v", in.GetPublickey())
+	// Get file header
+	fileDetails, err := database.GetFile(in.GetFileid())
+	if err != nil {
+
+		return nil, err
+	}
+
+	newReaderPublicKey, err := keys.ReadPublicKey(strings.NewReader(in.GetPublickey()))
+	if err != nil {
+		return nil, err
+	}
+
+	newReaderPublicKeyList := [][chacha20poly1305.KeySize]byte{}
+	newReaderPublicKeyList = append(newReaderPublicKeyList, newReaderPublicKey)
+
+	newheader, err := headers.ReEncryptHeader(fileDetails.Header, *config.Config.App.Crypt4GHKey, newReaderPublicKeyList)
+	if err != nil {
+		return nil, err
+	}
+
+	return &re.ReencryptResponse{Header: newheader}, nil
+}
+
+func main() {
+	lis, err := net.Listen("tcp", fmt.Sprintf(":%d", *&config.Config.Grpc.Port))
+	if err != nil {
+		log.Fatalf("failed to listen: %v", err)
+	}
+	s := grpc.NewServer()
+	re.RegisterReencryptServer(s, &server{})
+	log.Printf("server listening at %v", lis.Addr())
+	if err := s.Serve(lis); err != nil {
+		log.Fatalf("failed to serve: %v", err)
+	}
+}

go.mod

@@ -36,6 +36,7 @@ require (
 	github.com/go-playground/validator/v10 v10.15.2 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/golang/glog v1.1.2 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
@@ -69,12 +70,14 @@ require (
 	go.uber.org/atomic v1.9.0 // indirect
 	go.uber.org/multierr v1.9.0 // indirect
 	golang.org/x/arch v0.4.0 // indirect
-	golang.org/x/crypto v0.14.0 // indirect
+	golang.org/x/crypto v0.14.0
 	golang.org/x/net v0.17.0 // indirect
 	golang.org/x/sys v0.13.0 // indirect
 	golang.org/x/text v0.13.0 // indirect
 	golang.org/x/tools v0.13.0 // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 // indirect
+	google.golang.org/grpc v1.59.0
+	google.golang.org/protobuf v1.31.0
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect

go.sum

@@ -138,6 +138,8 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
@@ -597,6 +599,8 @@ google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6D
 google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13 h1:N3bU/SQDCDyD6R528GJ/PwW9KjYcJA3dgyH+MovAkIM=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20230920204549-e6e6cdab5c13/go.mod h1:KSqppvjFjtoCI+KGd4PELB0qLNxdJHRGqRI09mB6pQA=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -613,6 +617,8 @@ google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
 google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
 google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
+google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
+google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -624,6 +630,7 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD
 google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
 google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

internal/config/config.go

@@ -34,6 +34,7 @@ type Map struct {
 	DB      DatabaseConfig
 	OIDC    OIDCConfig
 	Archive storage.Conf
+	Grpc    GrpcConfig
 }
 
 type AppConfig struct {
@@ -62,6 +63,10 @@ type AppConfig struct {
 	Middleware string
 }
 
+type GrpcConfig struct {
+	AppConfig
+}
+
 type SessionConfig struct {
 	// Session key expiration time in seconds.
 	// Optional. Default value -1
@@ -139,7 +144,9 @@ type DatabaseConfig struct {
 }
 
 // NewConfig populates ConfigMap with data
-func NewConfig() (*Map, error) {
+func NewConfig(app string) (*Map, error) {
+	var requiredConfVars []string
+
 	viper.SetConfigName("config")
 	viper.AddConfigPath(".")
 	viper.AutomaticEnv()
@@ -162,21 +169,6 @@ func NewConfig() (*Map, error) {
 			return nil, err
 		}
 	}
-	requiredConfVars := []string{
-		"db.host", "db.user", "db.password", "db.database", "c4gh.filepath", "c4gh.passphrase", "oidc.configuration.url",
-	}
-
-	if viper.GetString("archive.type") == S3 {
-		requiredConfVars = append(requiredConfVars, []string{"archive.url", "archive.accesskey", "archive.secretkey", "archive.bucket"}...)
-	} else if viper.GetString("archive.type") == POSIX {
-		requiredConfVars = append(requiredConfVars, []string{"archive.location"}...)
-	}
-
-	for _, s := range requiredConfVars {
-		if !viper.IsSet(s) || viper.GetString(s) == "" {
-			return nil, fmt.Errorf("%s not set", s)
-		}
-	}
 
 	if viper.IsSet("log.format") {
 		if viper.GetString("log.format") == "json" {
@@ -196,22 +188,60 @@ func NewConfig() (*Map, error) {
 		log.Printf("Setting log level to '%s'", stringLevel)
 	}
 
-	c := &Map{}
-	c.applyDefaults()
-	c.sessionConfig()
-	c.configArchive()
-	err := c.configureOIDC()
-	if err != nil {
-		return nil, err
+	switch app {
+	case "download":
+		requiredConfVars = []string{
+			"db.host", "db.user", "db.password", "db.database", "c4gh.filepath", "c4gh.passphrase", "oidc.configuration.url",
+		}
+	case "reencrypt":
+		requiredConfVars = []string{
+			"db.host", "db.user", "db.password", "db.database", "c4gh.filepath", "c4gh.passphrase",
+		}
+	default:
+		requiredConfVars = []string{
+			"db.host", "db.user", "db.password", "db.database", "c4gh.filepath", "c4gh.passphrase", "oidc.configuration.url",
+		}
 	}
-	err = c.appConfig()
-	if err != nil {
-		return nil, err
+
+	if viper.GetString("archive.type") == S3 {
+		requiredConfVars = append(requiredConfVars, []string{"archive.url", "archive.accesskey", "archive.secretkey", "archive.bucket"}...)
+	} else if viper.GetString("archive.type") == POSIX {
+		requiredConfVars = append(requiredConfVars, []string{"archive.location"}...)
 	}
 
-	err = c.configDatabase()
-	if err != nil {
-		return nil, err
+	for _, s := range requiredConfVars {
+		if !viper.IsSet(s) || viper.GetString(s) == "" {
+			return nil, fmt.Errorf("%s not set", s)
+		}
+	}
+	c := &Map{}
+	c.applyDefaults()
+	switch app {
+	case "download":
+		c.sessionConfig()
+		c.configArchive()
+		err := c.configureOIDC()
+		if err != nil {
+			return nil, err
+		}
+		err = c.appConfig()
+		if err != nil {
+			return nil, err
+		}
+
+		err = c.configDatabase()
+		if err != nil {
+			return nil, err
+		}
+	case "reencrypt":
+		err := c.configDatabase()
+		if err != nil {
+			return nil, err
+		}
+		err = c.grpcServerConfig()
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	return c, nil
@@ -325,6 +355,28 @@ func (c *Map) appConfig() error {
 	return nil
 }
 
+// grpc-server sets required settings
+func (c *Map) grpcServerConfig() error {
+	c.Grpc.Host = viper.GetString("grpc.server.host")
+	c.Grpc.Port = viper.GetInt("grpc.server.port")
+	c.Grpc.ServerCert = viper.GetString("grpc.server.servercert")
+	c.Grpc.ServerKey = viper.GetString("grpc.server.serverkey")
+
+	if c.Grpc.Port != 443 && c.App.Port != 5051 {
+		c.Grpc.Port = viper.GetInt("app.port")
+	} else if c.Grpc.ServerCert != "" && c.App.ServerKey != "" {
+		c.Grpc.Port = 443
+	}
+
+	var err error
+	c.Grpc.Crypt4GHKey, err = GetC4GHKey()
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
 // sessionConfig controls cookie settings and session cache
 func (c *Map) sessionConfig() {
 	c.Session.Expiration = time.Duration(viper.GetInt("session.expiration")) * time.Second

internal/config/config_test.go

@@ -41,7 +41,7 @@ func TestConfigTestSuite(t *testing.T) {
 
 func (suite *TestSuite) TestConfigFile() {
 	viper.Set("configFile", "test")
-	config, err := NewConfig()
+	config, err := NewConfig("download")
 	assert.Nil(suite.T(), config)
 	assert.Error(suite.T(), err)
 	assert.Equal(suite.T(), "test", viper.ConfigFileUsed())
@@ -52,7 +52,7 @@ func (suite *TestSuite) TestMissingRequiredConfVar() {
 		requiredConfVarValue := viper.Get(requiredConfVar)
 		viper.Set(requiredConfVar, nil)
 		expectedError := fmt.Errorf("%s not set", requiredConfVar)
-		config, err := NewConfig()
+		config, err := NewConfig("download")
 		assert.Nil(suite.T(), config)
 		if assert.Error(suite.T(), err) {
 			assert.Equal(suite.T(), expectedError, err)