server/secrets/utils.go - infra/luci/luci-go - Git at Google

 // Copyright 2021 The LUCI Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package secrets

 import (
 	"context"
 	"encoding/base64"
 )

 // URLSafeEncrypt encrypts plaintext to an encrypted, URL safe string.
 func URLSafeEncrypt(ctx context.Context, plaintext, additionalData []byte) (string, error) {
 	encryptedBytes, err := Encrypt(ctx, plaintext, additionalData)
 	if err != nil {
 		return "", err
 	}

 	encryptedString := base64.RawURLEncoding.EncodeToString(encryptedBytes)
 	return encryptedString, nil
 }

 // URLSafeDecrypt decrypts the plaintext from the string generated by
 // URLSafeEncrypt with the same additional data.
 func URLSafeDecrypt(ctx context.Context, encryptedString string, additionalData []byte) ([]byte, error) {
 	encryptedBytes, err := base64.RawURLEncoding.DecodeString(encryptedString)
 	if err != nil {
 		return nil, err
 	}

 	plaintext, err := Decrypt(ctx, encryptedBytes, additionalData)
 	if err != nil {
 		return nil, err
 	}

 	return plaintext, nil
 }
	// Copyright 2021 The LUCI Authors.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package secrets

	import (
	"context"
	"encoding/base64"
	)

	// URLSafeEncrypt encrypts plaintext to an encrypted, URL safe string.
	func URLSafeEncrypt(ctx context.Context, plaintext, additionalData []byte) (string, error) {
	encryptedBytes, err := Encrypt(ctx, plaintext, additionalData)
	if err != nil {
	return "", err
	}

	encryptedString := base64.RawURLEncoding.EncodeToString(encryptedBytes)
	return encryptedString, nil
	}

	// URLSafeDecrypt decrypts the plaintext from the string generated by
	// URLSafeEncrypt with the same additional data.
	func URLSafeDecrypt(ctx context.Context, encryptedString string, additionalData []byte) ([]byte, error) {
	encryptedBytes, err := base64.RawURLEncoding.DecodeString(encryptedString)
	if err != nil {
	return nil, err
	}

	plaintext, err := Decrypt(ctx, encryptedBytes, additionalData)
	if err != nil {
	return nil, err
	}

	return plaintext, nil
	}