func runConfidentialWrapTestCase()

in cmd/conformance/main.go [755:835]

• 67 lines of code
• 13 McCabe index (conditional complexity)

func runConfidentialWrapTestCase(ctx context.Context, t confidentialWrapUnwrapTest) error {
	c, sessionContext, err := establishSecureSessionWithNullAttestation(ctx, t.keyInfo)

	if err != nil {
		return err
	}

	if t.closeSession {
		if _, err := c.tls.Write([]byte(constants.EndSessionString)); err != nil {
			return fmt.Errorf("session-encrypting the EndSession constant: %w", err)
		}

		records := c.shim.DrainSendBuf()
		_, err := c.client.EndSession(ctx, &sspb.EndSessionRequest{
			SessionContext: sessionContext,
			TlsRecords:     records,
		})
		if err != nil {
			return fmt.Errorf("ending session: %w", err)
		}
	}

	for i := 0; i <= t.extraCalls; i++ {
		if t.mutateSessionKey != nil {
			sessionContext = t.mutateSessionKey(sessionContext)
		}

		keyPath := (t.keyInfo.uri)[strings.LastIndex(t.keyInfo.uri, "/")+1:]

		// Create a WrapRequest, marshal, then session-encrypt it.
		wrapReq := &cwpb.WrapRequest{
			KeyPath:   keyPath,
			Plaintext: []byte{0x01},
			AdditionalContext: &cwpb.RequestContext{
				RelativeResourceName: *unprotectedKeyResourceName,
				AccessReasonContext:  &cwpb.AccessReasonContext{Reason: cwpb.AccessReasonContext_CUSTOMER_INITIATED_ACCESS},
			},
			AdditionalAuthenticatedData: nil,
			KeyUriPrefix:                "",
		}

		marshaledWrapReq, err := proto.Marshal(wrapReq)
		if err != nil {
			return fmt.Errorf("error marshalling the WrapRequest to proto: %v", err)
		}

		if _, err := c.tls.Write(marshaledWrapReq); err != nil {
			return fmt.Errorf("error writing the WrapRequest to the TLS session: %v", err)
		}

		records := c.shim.DrainSendBuf()
		if t.mutateTLSRecords != nil {
			records = t.mutateTLSRecords(records)
		}

		req := &cwpb.ConfidentialWrapRequest{
			SessionContext: sessionContext,
			TlsRecords:     records,
			RequestMetadata: &cwpb.RequestMetadata{
				KeyPath:           wrapReq.GetKeyPath(),
				KeyUriPrefix:      wrapReq.GetKeyUriPrefix(),
				AdditionalContext: wrapReq.GetAdditionalContext(),
			},
		}

		if t.mutateJWT != nil {
			newToken, err := t.mutateJWT(ctx, c.client.GetJWTToken())
			if err != nil {
				glog.Fatalf("Error mutating JWT: %v", err)
			}
			c.client.SetJWTToken(newToken)
		}

		_, err = c.client.ConfidentialWrap(ctx, req)
		if err != nil {
			return fmt.Errorf("error session-encrypting the records: %v", err)
		}
	}

	return err
}