Merge pull request #258 from jjhwan-h/feat/rsa-encrypt-helper

Mzack9999 · web-flow · commit e590dc753065 · 2025-09-12T22:07:51.000+02:00
feat: add rsa encrypt helper
diff --git a/dsl.go b/dsl.go
@@ -11,12 +11,15 @@ import (
 	"crypto/hmac"
 	"crypto/md5"
 	"crypto/rand"
+	"crypto/rsa"
 	"crypto/sha1"
 	"crypto/sha256"
 	"crypto/sha512"
+	"crypto/x509"
 	"encoding/base64"
 	"encoding/hex"
 	"encoding/json"
+	"encoding/pem"
 	"errors"
 	"fmt"
 	"hash"
@@ -1457,6 +1460,45 @@ func init() {
 
 		return float64(mtime), nil
 	}))
+
+	MustAddFunction(NewWithPositionalArgs("rsa_encrypt",
+		2,
+		true,
+		func(args ...interface{}) (interface{}, error) {
+			if len(args) != 2 {
+				return nil, errors.New("rsa_encrypt expects 2 arguments: plaintext, pemPublicKey")
+			}
+
+			plaintext, ok1 := args[0].(string)
+			publicKeyPem, ok2 := args[1].(string)
+
+			if !ok1 || !ok2 {
+				return nil, errors.New("invalid arguments")
+			}
+
+			block, _ := pem.Decode([]byte(publicKeyPem))
+			if block == nil {
+				return nil, errors.New("invalid PEM format")
+			}
+
+			pub, err := x509.ParsePKIXPublicKey(block.Bytes)
+			if err != nil {
+				return nil, err
+			}
+
+			rsaPub, ok := pub.(*rsa.PublicKey)
+			if !ok {
+				return nil, errors.New("not an RSA public key")
+			}
+
+			ciphertext, err := rsa.EncryptPKCS1v15(rand.Reader, rsaPub, []byte(plaintext))
+			if err != nil {
+				return nil, fmt.Errorf("RSA encryption failed: %w", err)
+			}
+			return base64.StdEncoding.EncodeToString(ciphertext), nil
+		}),
+	)
+
 	DefaultHelperFunctions = HelperFunctions()
 	FunctionNames = GetFunctionNames(DefaultHelperFunctions)
 }
diff --git a/dsl_test.go b/dsl_test.go
@@ -297,6 +297,7 @@ func TestGetPrintableDslFunctionSignatures(t *testing.T) {
 	replace(arg1, arg2, arg3 interface{}) interface{}
 	replace_regex(arg1, arg2, arg3 interface{}) interface{}
 	reverse(arg1 interface{}) interface{}
+	rsa_encrypt(arg1, arg2 interface{}) interface{}
 	sha1(arg1 interface{}) interface{}
 	sha256(arg1 interface{}) interface{}
 	sha512(arg1 interface{}) interface{}
@@ -454,6 +455,15 @@ func TestDslExpressions(t *testing.T) {
 		`zlib_decode(hex_decode("789cf248cdc9c907040000ffff058c01f5"), 100)`:                         "Hello",
 		`gzip_decode(hex_decode("1f8b08000000000000fff248cdc9c907040000ffff8289d1f705000000"), 100)`: "Hello",
 		`inflate(hex_decode("f248cdc9c907040000ffff"), 100)`:                                         "Hello",
+		`rsa_encrypt("plaindata", "-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKqKDIZyXltCyLVym+VL
+N4kMQHoazrJ7G5GbOSITuFaV0lpbXTw9VmW8wkyxG0U9b5zMaIfWyF5T9DWw/AcI
+9ehszNYTy1U6KgNN94bZzILsWnQ3M7o8T9qZxITNBd/90VpW2O0ClR1z+gB4ls1C
+cSy4ym0pQ7ZKMEJbWYxFuw3CJfWAFbdXcULgqIG0K7Nh++g6v5XLRceqxOW9j9Mc
+29THVYk8uvF8gEOZBvM4RnhJhJX03ACRCHqBg4CdKaYaWIWc+eOxZrBg0iAfWpy+
+vOZml6PnbXH+Z1+yVskAoyGKnOxRSaD0DJY6xq1x3z5AoVImLsCLSkJr2D+4W+EC
+PQIDAQAB
+-----END PUBLIC KEY-----") != ""`: true,
 	}
 
 	testDslExpressions(t, dslExpressions)
