package azblob

// ClientProvidedKeyOptions contains headers which may be be specified from service version 2019-02-02

// or higher to encrypts the data on the service-side with the given key. Use of customer-provided keys

// must be done over HTTPS. As the encryption key itself is provided in the request, a secure connection

// must be established to transfer the key.

// Note: Azure Storage does not store or manage customer provided encryption keys. Keys are securely discarded

// as soon as possible after they’ve been used to encrypt or decrypt the blob data.

// https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption

// https://docs.microsoft.com/en-us/azure/storage/common/customer-managed-keys-overview

type ClientProvidedKeyOptions struct {

	// A Base64-encoded AES-256 encryption key value.

	EncryptionKey *string

	// The Base64-encoded SHA256 of the encryption key.

	EncryptionKeySha256 *string

	// Specifies the algorithm to use when encrypting data using the given key. Must be AES256.

	EncryptionAlgorithm EncryptionAlgorithmType

	// Specifies the name of the encryption scope to use to encrypt the data provided in the request

	// https://docs.microsoft.com/en-us/azure/storage/blobs/encryption-scope-overview

	// https://docs.microsoft.com/en-us/azure/key-vault/general/overview

	EncryptionScope *string

}

// NewClientProvidedKeyOptions function.

// By default the value of encryption algorithm params is "AES256" for service version 2019-02-02 or higher.

func NewClientProvidedKeyOptions(ek *string, eksha256 *string, es *string) (cpk ClientProvidedKeyOptions) {

	cpk = ClientProvidedKeyOptions{}

	cpk.EncryptionKey, cpk.EncryptionKeySha256, cpk.EncryptionAlgorithm, cpk.EncryptionScope = ek, eksha256, EncryptionAlgorithmAES256, es

	return cpk

}