Documentation
¶
Overview ¶
Package usecase defines interfaces and implementations for tokenization use cases. Provides format-preserving token generation with configurable deterministic behavior and full lifecycle management.
Package usecase implements tokenization business logic.
Coordinates token generation, encryption, and lifecycle management with configurable deterministic behavior. Uses TxManager for transactional consistency.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DekRepository ¶
type DekRepository interface {
Create(ctx context.Context, dek *cryptoDomain.Dek) error
Get(ctx context.Context, dekID uuid.UUID) (*cryptoDomain.Dek, error)
}
DekRepository defines the interface for DEK persistence operations.
type HashService ¶
HashService provides cryptographic hashing for deterministic token lookups.
func NewSHA256HashService ¶
func NewSHA256HashService() HashService
NewSHA256HashService creates a new SHA-256 hash service.
type TokenRepository ¶
type TokenRepository interface {
Create(ctx context.Context, token *tokenizationDomain.Token) error
GetByToken(ctx context.Context, token string) (*tokenizationDomain.Token, error)
GetByValueHash(ctx context.Context, keyID uuid.UUID, valueHash string) (*tokenizationDomain.Token, error)
Revoke(ctx context.Context, token string) error
// DeleteExpired deletes tokens that expired before the specified timestamp.
// Returns the number of deleted tokens. Uses transaction support via database.GetTx().
// All timestamps are expected in UTC.
DeleteExpired(ctx context.Context, olderThan time.Time) (int64, error)
// CountExpired counts tokens that expired before the specified timestamp without deleting them.
// Returns the count of matching tokens. Uses transaction support via database.GetTx().
// All timestamps are expected in UTC.
CountExpired(ctx context.Context, olderThan time.Time) (int64, error)
}
TokenRepository defines the interface for token mapping persistence.
type TokenizationKeyRepository ¶
type TokenizationKeyRepository interface {
Create(ctx context.Context, key *tokenizationDomain.TokenizationKey) error
Delete(ctx context.Context, keyID uuid.UUID) error
Get(ctx context.Context, keyID uuid.UUID) (*tokenizationDomain.TokenizationKey, error)
GetByName(ctx context.Context, name string) (*tokenizationDomain.TokenizationKey, error)
GetByNameAndVersion(
ctx context.Context,
name string,
version uint,
) (*tokenizationDomain.TokenizationKey, error)
}
TokenizationKeyRepository defines the interface for tokenization key persistence.
type TokenizationKeyUseCase ¶
type TokenizationKeyUseCase interface {
// Create generates a new tokenization key with version 1 and an associated DEK.
// The key name must be unique.
Create(
ctx context.Context,
name string,
formatType tokenizationDomain.FormatType,
isDeterministic bool,
alg cryptoDomain.Algorithm,
) (*tokenizationDomain.TokenizationKey, error)
// Rotate creates a new version of an existing tokenization key by incrementing the version number.
// Generates a new DEK for the new version while preserving old versions for detokenization.
Rotate(
ctx context.Context,
name string,
formatType tokenizationDomain.FormatType,
isDeterministic bool,
alg cryptoDomain.Algorithm,
) (*tokenizationDomain.TokenizationKey, error)
// Delete soft deletes a tokenization key and all its versions by key ID.
Delete(ctx context.Context, keyID uuid.UUID) error
}
TokenizationKeyUseCase defines the interface for tokenization key management operations.
func NewTokenizationKeyUseCase ¶
func NewTokenizationKeyUseCase( txManager database.TxManager, tokenizationKeyRepo TokenizationKeyRepository, dekRepo DekRepository, keyManager cryptoService.KeyManager, kekChain *cryptoDomain.KekChain, ) TokenizationKeyUseCase
NewTokenizationKeyUseCase creates a new tokenization key use case instance.
func NewTokenizationKeyUseCaseWithMetrics ¶
func NewTokenizationKeyUseCaseWithMetrics( useCase TokenizationKeyUseCase, m metrics.BusinessMetrics, ) TokenizationKeyUseCase
NewTokenizationKeyUseCaseWithMetrics wraps a TokenizationKeyUseCase with metrics recording.
type TokenizationUseCase ¶
type TokenizationUseCase interface {
// Tokenize generates a token for the given plaintext value using the latest version of the named key.
// In deterministic mode, returns the existing token if the value has been tokenized before.
// Metadata is optional display data (e.g., last 4 digits, expiry date) stored unencrypted.
Tokenize(
ctx context.Context,
keyName string,
plaintext []byte,
metadata map[string]any,
expiresAt *time.Time,
) (*tokenizationDomain.Token, error)
// Detokenize retrieves the original plaintext value for a given token.
// Returns ErrTokenNotFound if token doesn't exist, ErrTokenExpired if expired, ErrTokenRevoked if revoked.
// Security Note: Callers MUST zero the returned plaintext after use: cryptoDomain.Zero(plaintext).
Detokenize(ctx context.Context, token string) (plaintext []byte, metadata map[string]any, err error)
// Validate checks if a token exists and is valid (not expired or revoked).
Validate(ctx context.Context, token string) (bool, error)
// Revoke marks a token as revoked, preventing further detokenization.
Revoke(ctx context.Context, token string) error
// CleanupExpired deletes tokens that expired more than the specified number of days ago.
// Returns the number of deleted tokens. Use dryRun=true to preview count without deletion.
CleanupExpired(ctx context.Context, days int, dryRun bool) (int64, error)
}
TokenizationUseCase defines the interface for token generation and management operations.
func NewTokenizationUseCase ¶
func NewTokenizationUseCase( txManager database.TxManager, tokenizationRepo TokenizationKeyRepository, tokenRepo TokenRepository, dekRepo DekRepository, aeadManager cryptoService.AEADManager, keyManager cryptoService.KeyManager, hashService HashService, kekChain *cryptoDomain.KekChain, ) TokenizationUseCase
NewTokenizationUseCase creates a new TokenizationUseCase with injected dependencies.
func NewTokenizationUseCaseWithMetrics ¶
func NewTokenizationUseCaseWithMetrics( useCase TokenizationUseCase, m metrics.BusinessMetrics, ) TokenizationUseCase
NewTokenizationUseCaseWithMetrics wraps a TokenizationUseCase with metrics recording.
Source Files
Directories