in pkg/sdk/value/encryption/jwe/builders.go [79:122]
func Transformer(algorithm KeyAlgorithm, key string) (value.Transformer, error) {
switch algorithm {
case AES128_KW:
// Try to decode the key
k, err := base64.URLEncoding.DecodeString(key)
if err != nil {
return nil, fmt.Errorf("jwe: unable to decode key: %w", err)
}
if len(k) < 16 {
return nil, errors.New("jwe: key too short")
}
return transformer(k, jose.A128KW, jose.A128GCM)
case AES192_KW:
// Try to decode the key
k, err := base64.URLEncoding.DecodeString(key)
if err != nil {
return nil, fmt.Errorf("jwe: unable to decode key: %w", err)
}
if len(k) < 24 {
return nil, errors.New("jwe: key too short")
}
return transformer(k, jose.A192KW, jose.A192GCM)
case AES256_KW:
// Try to decode the key
k, err := base64.URLEncoding.DecodeString(key)
if err != nil {
return nil, fmt.Errorf("jwe: unable to decode key: %w", err)
}
if len(k) < 32 {
return nil, errors.New("jwe: key too short")
}
return transformer(k, jose.A256KW, jose.A256GCM)
case PBES2_HS256_A128KW:
return transformer(key, jose.PBES2_HS256_A128KW, jose.A128GCM)
case PBES2_HS384_A192KW:
return transformer(key, jose.PBES2_HS384_A192KW, jose.A192GCM)
case PBES2_HS512_A256KW:
return transformer(key, jose.PBES2_HS512_A256KW, jose.A256GCM)
default:
}
// Unsupported encryption scheme.
return nil, fmt.Errorf("unsupported jwe algorithm '%s'", algorithm)
}