MGTheTrain · MGTheTrain · Dec 23, 2024 · Dec 22, 2024 · Dec 22, 2024 · Dec 23, 2024
@@ -2,11 +2,11 @@
     // Docker images officially provided by Microsoft that can be utilized as base images
     // https://hub.docker.com/_/microsoft-vscode-devcontainers
     "name": "Tools for building and running Go projects",
-    "image": "mcr.microsoft.com/vscode/devcontainers/go:1.21",
+    "image": "mcr.microsoft.com/vscode/devcontainers/go:1.23",
     // Features to add to the dev container. More info: https://containers.dev/features
     "features": {
         "ghcr.io/devcontainers/features/docker-in-docker:2": {},
     },
-    "postCreateCommand": "apt-get update && apt-get install -y openssl opensc softhsm libssl-dev libengine-pkcs11-openssl",
+    "postCreateCommand": "./install.sh",
     "remoteUser": "root"
 }
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+apt-get update
+apt-get install -y openssl opensc softhsm libssl-dev libengine-pkcs11-openssl protobuf-compiler
+go install google.golang.org/protobuf/cmd/protoc-gen-go@latest
+go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@latest
+go install github.com/fullstorydev/grpcurl/cmd/grpcurl@latest
@@ -11,10 +11,10 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
 
-      - name: Setup Go 1.21.x 🐹
+      - name: Setup Go 1.23.x 🐹
         uses: actions/setup-go@v4
         with:
-          go-version: '1.21.x'
+          go-version: '1.23.x'
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3

@@ -11,10 +11,10 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
 
-      - name: Setup Go 1.21.x 🐹
+      - name: Setup Go 1.23.x 🐹
         uses: actions/setup-go@v4
         with:
-          go-version: '1.21.x'
+          go-version: '1.23.x'
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3

@@ -12,10 +12,10 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
 
-      - name: Setup Go 1.21.x 🐹
+      - name: Setup Go 1.23.x 🐹
         uses: actions/setup-go@v4
         with:
-          go-version: '1.21.x'
+          go-version: '1.23.x'
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3

@@ -13,10 +13,10 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@v3
 
-    - name: Setup Go 1.21.x 🐹
+    - name: Setup Go 1.23.x 🐹
       uses: actions/setup-go@v4
       with:
-        go-version: '1.21.x'
+        go-version: '1.23.x'
 
     - name: Install golangci-lint package 📦
       run: go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest

@@ -10,26 +10,7 @@
             "type": "go",
             "request": "launch",
             "mode": "auto",
-            "program": "${fileDirname}",
-            "env": {
-                "PORT": "8080",
-                "DATABASE_TYPE": "postgres",
-                "DATABASE_DSN": "user=postgres password=postgres host=localhost port=5432 sslmode=disable",
-                "DATABASE_NAME": "meta",
-                "BLOB_CONNECTOR_CLOUD_PROVIDER": "azure",
-                "BLOB_CONNECTOR_CONNECTION_STRING": "DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=http://127.0.0.1:10000/devstoreaccount1;",
-                "BLOB_CONNECTOR_CONTAINER_NAME": "blobs",
-                "KEY_CONNECTOR_CLOUD_PROVIDER": "azure",
-                "KEY_CONNECTOR_CONNECTION_STRING": "DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=http://127.0.0.1:10000/devstoreaccount1;",
-                "KEY_CONNECTOR_CONTAINER_NAME": "keys",
-                "LOGGER_LOG_LEVEL": "info",
-                "LOGGER_LOG_TYPE": "console",
-                "LOGGER_FILE_PATH": "",
-                "PKCS11_MODULE_PATH": "/usr/lib/softhsm/libsofthsm2.so",
-                "PKCS11_SO_PIN": "123456",
-                "PKCS11_USER_PIN": "234567",
-                "PKCS11_SLOT_ID": "0x0"
-            }
+            "program": "${fileDirname}"
         }
     ]
 }
@@ -15,9 +15,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **Logging**: Integrated console and file logging (e.g. using structured logging with `logrus`) 
 - **Manage cryptographic material**: Enabled management of private/public key pairs and symmetric keys and implemented key lifecycle management including primarily key generation and key export
 - **Secure file storage integration**: Provided mechanisms to securely store encrypted files in Azure Blob Storage 
-- **RESTful API**: Provided HTTP endpoints to manage cryptographic material and secure data (files, metadata) at rest.
+- **RESTful API**: Provided HTTP endpoints to manage cryptographic material and secure data at rest.
 - **Documentation**: Provided clear API documentation (e.g. Swagger/OpenAPI) for ease of integration by other developers.
 - **Versioning**: Implemented proper API versioning to maintain backward compatibility as the API evolves.
+- **gRPC API**: Provided gRPC endpoints to manage cryptographic material and secure data at rest
 
 ## [0.1.0] - TBD-TBD-TBD
 

@@ -36,3 +36,6 @@ shut-down-docker-containers:
 
 generate-swagger-docs:
 	@cd $(SCRIPT_DIR) && ./generate-docs.sh
+
+generate-grpc-files:
+	@cd $(SCRIPT_DIR) && ./generate-grpc-files.sh
@@ -17,13 +17,16 @@ Interfaces (CLIs, gRPC APIs, RESTful Web APIs) for managing cryptographic keys a
 - [OpenSSL with libp11 for Signing, Verifying and Encrypting, Decrypting](https://docs.yubico.com/hardware/yubihsm-2/hsm-2-user-guide/hsm2-openssl-libp11.html#rsa-pkcs)
 - [pkcs11-tool usage](https://docs.nitrokey.com/nethsm/pkcs11-tool#id1)
 - [OpenFGA online editor](https://play.fga.dev/sandbox/?store=github)
+- [Adding gRPC-Gateway annotations to an existing proto file](https://grpc-ecosystem.github.io/grpc-gateway/docs/tutorials/adding_annotations/)
+- [grpc-gateway Github repository](https://github.com/grpc-ecosystem/grpc-gateway)
+- [grpcurl Github repository](https://github.com/fullstorydev/grpcurl)
 
 ## Features
 
 ### Functional
 
-- [x] **RESTful API**: Provide HTTP endpoints to manage cryptographic material and secure data (files, metadata) at rest.
-- [ ] **gRPC API**: Provide gRPC endpoints to manage cryptographic material and secure data (files, metadata) at rest.
+- [x] **RESTful API**: Provide HTTP endpoints to manage cryptographic material and secure data at rest.
+- [x] **gRPC API**: Provide gRPC endpoints to manage cryptographic material and secure data at rest.
 - [x] **Asymmetric encryption and decryption**: Support RSA encryption algorithm for data protection.
 - [x] **Symmetric encryption**: Support for symmetric key encryption (e.g. AES) for data protection.
 - [x] **Signature creation and verification:** Support for hashing algorithms (e.g. SHA-256, SHA-512) to create digital signatures and the ability to verify these signatures using asymmetric keys (RSA, ECDSA).

@@ -0,0 +1,22 @@
+# Build stage
+FROM golang:1.23-alpine AS build
+
+WORKDIR /app
+
+RUN apk update
+COPY . .
+RUN go mod tidy
+RUN go build -o crypto_vault_service ./cmd/crypto-vault-grpc-service/crypto_vault_service.go
+
+# Serve stage
+FROM alpine:latest
+
+WORKDIR /root/
+
+RUN apk update && apk add --no-cache libc6-compat
+COPY --from=build /app/crypto_vault_service .
+
+EXPOSE 8090
+EXPOSE 50051
+
+ENTRYPOINT ["./crypto_vault_service"]
@@ -0,0 +1,151 @@
+# crypto-vault-grpc-service
+
+## Table of Contents
+
++ [Summary](#summary)
++ [Getting started](#getting-started)
+
+## Summary
+
+gRPC service capable of managing cryptographic keys and securing data at rest (metadata, BLOB)
+
+## Getting Started
+
+Set up your IDE with the necessary Go tooling (such as the `delve` debugger or `grpcurl`) or use the provided [devcontainer.json file](../../.devcontainer/devcontainer.json). You can start the service by either running `go run crypto_vault_service.go` from this directory or by using the `spin-up-docker-containers Make target` from the [Makefile](../../Makefile). 
+
+### List available services
+
+Run `grpcurl -plaintext localhost:50051 list`
+
+The output should resemble:
+
+```sh
+grpc.reflection.v1.ServerReflection
+grpc.reflection.v1alpha.ServerReflection
+internal.BlobDownload
+internal.BlobMetadata
+internal.BlobUpload
+internal.CryptoKeyDownload
+internal.CryptoKeyMetadata
+internal.CryptoKeyUpload
+```
+
+### Upload blob
+
+**NOTE:** Multipart file uploads are not supported with grpc-gateway and `curl`. For more details checkout: `https://grpc-ecosystem.github.io/grpc-gateway/docs/mapping/binary_file_uploads/`. 
+
+Run:
+
+```sh
+grpcurl -import-path ./internal/api/grpc/v1/proto -proto internal/api/grpc/v1/proto/internal/service.proto -d '{
+  "file_name": "task.tmp",
+  "file_content": "'$(base64 -w 0 task.tmp)'"
+}' -plaintext localhost:50051 internal.BlobUpload/Upload
+```
+
+### List blob metadata
+
+Run `curl -X 'GET' 'http://localhost:8090/api/v1/cvs/blobs' -H 'accept: application/json'`
+
+Optionally:
+
+```sh
+grpcurl -import-path ./internal/api/grpc/v1/proto -proto internal/api/grpc/v1/proto/internal/service.proto -d '{
+     "name": null,
+     "size": null,
+     "type": null,
+     "date_time_created": null,
+     "limit": null,
+     "offset": null,
+     "sort_by": null,
+     "sort_order": null
+    }' -plaintext localhost:50051 internal.BlobMetadata/ListMetadata
+```
+
+#### Get blob metadata
+
+Run `curl -X 'GET' 'http://localhost:8090/api/v1/cvs/blobs/<blob_id>' -H 'accept: application/json'`
+
+Optionally:
+
+```sh
+grpcurl -import-path ./internal/api/grpc/v1/proto -proto internal/api/grpc/v1/proto/internal/service.proto -d '{
+    "id": "<blob_id>"
+}' -plaintext localhost:50051 internal.BlobMetadata/GetMetadataById
+```
+
+### Download blob
+
+Run `curl -X 'GET' 'http://localhost:8090/api/v1/cvs/blobs/<blob_id>/file' -H 'accept: application/json'`
+
+Optionally:
+
+```sh
+grpcurl -import-path ./internal/api/grpc/v1/proto -proto internal/api/grpc/v1/proto/internal/service.proto -d '{
+    "id": "<blob_id>",
+    "decryption_key_id": ""
+}' -plaintext localhost:50051 internal.BlobDownload/DownloadById
+```
+
+### Delete blob
+
+Run `curl -X 'DELETE' 'http://localhost:8090/api/v1/cvs/blobs/<blob_id>' -H 'accept: application/json'`
+
+Optionally:
+
+```sh
+grpcurl -import-path ./internal/api/grpc/v1/proto -proto internal/api/grpc/v1/proto/internal/service.proto -d '{
+    "id": "<blob_id>"
+}' -plaintext localhost:50051 internal.BlobMetadata/DeleteById
+```
+
+### Generate and upload keys
+
+Run:
+
+```sh
+grpcurl -import-path ./internal/api/grpc/v1/proto -proto internal/api/grpc/v1/proto/internal/service.proto -d '{
+  "algorithm": "RSA",
+  "key_size": "2048"
+}' -plaintext localhost:50051 internal.CryptoKeyUpload/Upload
+```
+
+### List key metadata
+
+Run:
+
+```sh
+grpcurl -import-path ./internal/api/grpc/v1/proto -proto internal/api/grpc/v1/proto/internal/service.proto -d '{
+    "algorithm": null,
+    "type": null,
+    "date_time_created": null,
+    "limit": null,
+    "offset": null,
+    "sort_by": null,
+    "sort_order": null
+}' -plaintext localhost:50051 internal.CryptoKeyMetadata/ListMetadata
+```
+
+### Get key metadata
+
+Run: 
+
+```sh
+grpcurl -import-path ./internal/api/grpc/v1/proto -proto internal/api/grpc/v1/proto/internal/service.proto -d '{
+    "id": "<key_id>"
+}' -plaintext localhost:50051 internal.CryptoKeyMetadata/GetMetadataById
+```
+
+### Download key
+
+Run:
+
+```sh
+grpcurl -import-path ./internal/api/grpc/v1/proto -proto internal/api/grpc/v1/proto/internal/service.proto -d '{
+    "id": "<key_id>"
+}' -plaintext localhost:50051 internal.CryptoKeyDownload/DownloadById
+```
+
+### Delete key
+
+Run `curl -X 'DELETE' 'http://localhost:8090/api/v1/cvs/keys/<key_id>' -H 'accept: application/json'`