(ctx *cli.Context)
| 57 | } |
| 58 | |
| 59 | func decryptAction(ctx *cli.Context) error { |
| 60 | if err := errs.NumberOfArguments(ctx, 0); err != nil { |
| 61 | return err |
| 62 | } |
| 63 | |
| 64 | data, err := utils.ReadAll(os.Stdin) |
| 65 | if err != nil { |
| 66 | return err |
| 67 | } |
| 68 | |
| 69 | key := ctx.String("key") |
| 70 | jwks := ctx.String("jwks") |
| 71 | kid := ctx.String("kid") |
| 72 | passwordFile := ctx.String("password-file") |
| 73 | |
| 74 | obj, err := jose.ParseEncrypted(string(data)) |
| 75 | if err != nil { |
| 76 | return errors.Wrap(err, "error parsing data") |
| 77 | } |
| 78 | |
| 79 | alg := jose.KeyAlgorithm(obj.Header.Algorithm) |
| 80 | |
| 81 | var isPBES2 bool |
| 82 | switch alg { |
| 83 | case jose.PBES2_HS256_A128KW, jose.PBES2_HS384_A192KW, jose.PBES2_HS512_A256KW: |
| 84 | isPBES2 = true |
| 85 | } |
| 86 | |
| 87 | switch { |
| 88 | case isPBES2 && key != "": |
| 89 | return errors.Errorf("flag '--key' cannot be used with JWE algorithm '%s'", alg) |
| 90 | case isPBES2 && jwks != "": |
| 91 | return errors.Errorf("flag '--jwks' cannot be used with JWE algorithm '%s'", alg) |
| 92 | case !isPBES2 && key == "" && jwks == "": |
| 93 | return errs.RequiredOrFlag(ctx, "key", "jwk") |
| 94 | case key != "" && jwks != "": |
| 95 | return errs.MutuallyExclusiveFlags(ctx, "key", "jwks") |
| 96 | case jwks != "" && kid == "": |
| 97 | return errs.RequiredWithFlag(ctx, "kid", "jwks") |
| 98 | } |
| 99 | |
| 100 | // Add parse options |
| 101 | var options []jose.Option |
| 102 | options = append(options, jose.WithUse("enc")) |
| 103 | if kid != "" { |
| 104 | options = append(options, jose.WithKid(kid)) |
| 105 | } |
| 106 | |
| 107 | // Read key from --key or --jwks |
| 108 | var pbes2Key []byte |
| 109 | var jwk *jose.JSONWebKey |
| 110 | switch { |
| 111 | case key != "": |
| 112 | jwk, err = jose.ReadKey(key, options...) |
| 113 | case jwks != "": |
| 114 | jwk, err = jose.ReadKeySet(jwks, options...) |
| 115 | case isPBES2: |
| 116 | var password string |
nothing calls this directly
no test coverage detected
searching dependent graphs…