MCPcopy Index your code
hub / github.com/smallstep/cli / decryptAction

Function decryptAction

command/crypto/jwe/decrypt.go:59–163  ·  view source on GitHub ↗
(ctx *cli.Context)

Source from the content-addressed store, hash-verified

57}
58
59func decryptAction(ctx *cli.Context) error {
60 if err := errs.NumberOfArguments(ctx, 0); err != nil {
61 return err
62 }
63
64 data, err := utils.ReadAll(os.Stdin)
65 if err != nil {
66 return err
67 }
68
69 key := ctx.String("key")
70 jwks := ctx.String("jwks")
71 kid := ctx.String("kid")
72 passwordFile := ctx.String("password-file")
73
74 obj, err := jose.ParseEncrypted(string(data))
75 if err != nil {
76 return errors.Wrap(err, "error parsing data")
77 }
78
79 alg := jose.KeyAlgorithm(obj.Header.Algorithm)
80
81 var isPBES2 bool
82 switch alg {
83 case jose.PBES2_HS256_A128KW, jose.PBES2_HS384_A192KW, jose.PBES2_HS512_A256KW:
84 isPBES2 = true
85 }
86
87 switch {
88 case isPBES2 && key != "":
89 return errors.Errorf("flag '--key' cannot be used with JWE algorithm '%s'", alg)
90 case isPBES2 && jwks != "":
91 return errors.Errorf("flag '--jwks' cannot be used with JWE algorithm '%s'", alg)
92 case !isPBES2 && key == "" && jwks == "":
93 return errs.RequiredOrFlag(ctx, "key", "jwk")
94 case key != "" && jwks != "":
95 return errs.MutuallyExclusiveFlags(ctx, "key", "jwks")
96 case jwks != "" && kid == "":
97 return errs.RequiredWithFlag(ctx, "kid", "jwks")
98 }
99
100 // Add parse options
101 var options []jose.Option
102 options = append(options, jose.WithUse("enc"))
103 if kid != "" {
104 options = append(options, jose.WithKid(kid))
105 }
106
107 // Read key from --key or --jwks
108 var pbes2Key []byte
109 var jwk *jose.JSONWebKey
110 switch {
111 case key != "":
112 jwk, err = jose.ReadKey(key, options...)
113 case jwks != "":
114 jwk, err = jose.ReadKeySet(jwks, options...)
115 case isPBES2:
116 var password string

Callers

nothing calls this directly

Calls 3

ReadAllFunction · 0.92
StringMethod · 0.65

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…