1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
use crate::{errors::AtomicResult, urls, Resource, Storelike, Value};
#[derive(Clone, Debug)]
pub struct Agent {
pub private_key: Option<String>,
pub public_key: String,
pub subject: String,
pub created_at: i64,
pub name: Option<String>,
}
impl Agent {
pub fn to_resource(&self) -> AtomicResult<Resource> {
let mut resource = Resource::new(self.subject.clone());
resource.set_class(urls::AGENT)?;
resource.set_subject(self.subject.clone());
if let Some(name) = &self.name {
resource.set_propval_unsafe(crate::urls::NAME.into(), Value::String(name.into()));
}
resource.set_propval_unsafe(
crate::urls::PUBLIC_KEY.into(),
Value::String(self.public_key.clone()),
);
resource.push_propval(crate::urls::READ, urls::PUBLIC_AGENT.into(), true)?;
resource.set_propval_unsafe(
crate::urls::CREATED_AT.into(),
Value::Timestamp(self.created_at),
);
Ok(resource)
}
pub fn new(name: Option<&str>, store: &impl Storelike) -> AtomicResult<Agent> {
let keypair = generate_keypair()?;
Ok(Agent::new_from_private_key(name, store, &keypair.private))
}
pub fn new_from_private_key(
name: Option<&str>,
store: &impl Storelike,
private_key: &str,
) -> Agent {
let keypair = generate_public_key(private_key);
Agent {
private_key: Some(keypair.private),
public_key: keypair.public.clone(),
subject: format!("{}/agents/{}", store.get_server_url(), keypair.public),
name: name.map(|x| x.to_owned()),
created_at: crate::utils::now(),
}
}
pub fn new_from_public_key(store: &impl Storelike, public_key: &str) -> AtomicResult<Agent> {
verify_public_key(public_key)?;
Ok(Agent {
private_key: None,
public_key: public_key.into(),
subject: format!("{}/agents/{}", store.get_server_url(), public_key),
name: None,
created_at: crate::utils::now(),
})
}
}
pub struct Pair {
pub private: String,
pub public: String,
}
fn generate_keypair() -> AtomicResult<Pair> {
use ring::signature::KeyPair;
let rng = ring::rand::SystemRandom::new();
const SEED_LEN: usize = 32;
let seed: [u8; SEED_LEN] = ring::rand::generate(&rng)
.map_err(|_| "Error generating random seed: {}")?
.expose();
let key_pair = ring::signature::Ed25519KeyPair::from_seed_unchecked(&seed)
.map_err(|e| format!("Error generating keypair {}", e))
.unwrap();
Ok(Pair {
private: base64::encode(&seed),
public: base64::encode(&key_pair.public_key()),
})
}
pub fn generate_public_key(private_key: &str) -> Pair {
use ring::signature::KeyPair;
let private_key_bytes = base64::decode(private_key).unwrap();
let key_pair = ring::signature::Ed25519KeyPair::from_seed_unchecked(private_key_bytes.as_ref())
.map_err(|_| "Error generating keypair")
.unwrap();
Pair {
private: base64::encode(private_key_bytes),
public: base64::encode(key_pair.public_key().as_ref()),
}
}
pub fn verify_public_key(public_key: &str) -> AtomicResult<()> {
let pubkey_bin = base64::decode(public_key)
.map_err(|e| format!("Invalid public key. Not valid Base64. {}", e))?;
if pubkey_bin.len() != 32 {
return Err(format!(
"Invalid public key, should be 32 bytes long instead of {}. Key: {}",
pubkey_bin.len(),
public_key
)
.into());
}
Ok(())
}
#[cfg(test)]
mod test {
#[cfg(test)]
use super::*;
#[test]
fn keypair() {
let pair = generate_keypair().unwrap();
let regenerated_pair = generate_public_key(&pair.private);
assert_eq!(pair.public, regenerated_pair.public);
}
#[test]
fn generate_from_private_key() {
let private_key = "CapMWIhFUT+w7ANv9oCPqrHrwZpkP2JhzF9JnyT6WcI=";
let public_key = "7LsjMW5gOfDdJzK/atgjQ1t20J/rw8MjVg6xwqm+h8U=";
let regenerated_pair = generate_public_key(private_key);
assert_eq!(public_key, regenerated_pair.public);
}
#[test]
fn verifies_public_keys() {
let valid_public_key = "7LsjMW5gOfDdJzK/atgjQ1t20J/rw8MjVg6xwqm+h8U=";
let invalid_length = "7LsjMW5gOfDdJzK/atgjQ1t20J/rw8MjVg6xwm+h8U";
let invalid_char = "7LsjMW5gOfDdJzK/atgjQ1t20^/rw8MjVg6xwqm+h8U=";
verify_public_key(valid_public_key).unwrap();
verify_public_key(invalid_length).unwrap_err();
verify_public_key(invalid_char).unwrap_err();
}
}