redact-client 1.5.9

Receives request for private data and decrypts it to display securely in browser
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165

use rand::{thread_rng, Rng};
use sha2::{Digest, Sha256};
use std::ops::Deref;
use std::sync::{Arc, RwLock};
use thiserror::Error;
use warp::reject::Reject;

#[derive(Error, Debug)]
pub enum TokenGenerationError {
    #[error("Failed to generate cryptographically secure random bytes")]
    RandError { source: rand::Error },
}

impl Reject for TokenGenerationError {}

pub trait TokenGenerator: Clone + Send + Sync {
    fn generate_token(&self) -> Result<String, TokenGenerationError>;
}

impl<T> TokenGenerator for Arc<T>
where
    T: TokenGenerator,
{
    fn generate_token(&self) -> Result<String, TokenGenerationError> {
        self.deref().generate_token()
    }
}

pub struct FromCustomRng<T: Rng + Send + Sync> {
    rand_source: Arc<RwLock<T>>,
}

#[derive(Clone)]
pub struct FromThreadRng;

impl<T: Rng + Send + Sync> Clone for FromCustomRng<T> {
    fn clone(&self) -> FromCustomRng<T> {
        FromCustomRng {
            rand_source: self.rand_source.clone(),
        }
    }
}

impl<T: Rng + Send + Sync> TokenGenerator for FromCustomRng<T> {
    fn generate_token(&self) -> Result<String, TokenGenerationError> {
        // Generate 32 cryptographically secure random bytes
        let mut random_bytes: [u8; 32] = [0; 32];
        self.rand_source
            .write()
            .unwrap()
            .try_fill(&mut random_bytes)
            .map_err(|source| TokenGenerationError::RandError { source })?;

        // Hash random bytes to create a displayable 32-byte string
        let mut hasher = Sha256::new();
        for b in &random_bytes {
            hasher.update(format!("{}", b));
        }

        Ok(format!("{:X}", hasher.finalize()))
    }
}

impl TokenGenerator for FromThreadRng {
    fn generate_token(&self) -> Result<String, TokenGenerationError> {
        // Generate 32 cryptographically secure random bytes
        let mut random_bytes: [u8; 32] = [0; 32];
        thread_rng()
            .try_fill(&mut random_bytes)
            .map_err(|source| TokenGenerationError::RandError { source })?;

        // Hash random bytes to create a displayable 32-byte string
        let mut hasher = Sha256::new();
        for b in &random_bytes {
            hasher.update(format!("{}", b));
        }

        Ok(format!("{:X}", hasher.finalize()))
    }
}

impl<T: Rng + Send + Sync> FromCustomRng<T> {
    pub fn new(rand_source: T) -> FromCustomRng<T> {
        FromCustomRng {
            rand_source: Arc::new(RwLock::new(rand_source)),
        }
    }
}

impl FromThreadRng {
    pub fn new() -> FromThreadRng {
        FromThreadRng {}
    }
}

#[cfg(test)]
pub mod tests {
    use crate::token::{FromCustomRng, FromThreadRng, TokenGenerationError, TokenGenerator};
    use mockall::predicate::*;
    use mockall::*;
    use rand::{prelude::*, Error, RngCore};
    use rand_pcg::Pcg64;

    mock! {
    pub TokenGenerator {}
    impl TokenGenerator for TokenGenerator {
            fn generate_token(&self) -> Result<String, TokenGenerationError>;
    }
    impl Clone for TokenGenerator {
            fn clone(&self) -> Self;
    }
    }

    mock! {
    FailingRng {}
    impl RngCore for FailingRng {
            fn fill_bytes(&mut self, dest: &mut [u8]);
            fn next_u32(&mut self) -> u32;
            fn next_u64(&mut self) -> u64;
            fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error>;
    }
    }

    #[test]
    fn test_token_generation_with_deterministic_rng() {
        let token_generator = FromCustomRng::new(Pcg64::seed_from_u64(1));
        let token = token_generator.generate_token().unwrap();
        assert_eq!(
            token,
            "E0AE2C1C9AA2DB85DFA2FF6B4AAC7A5E51FFDAA3948BECEC353561D513E59A9C"
        );
    }

    #[test]
    fn test_token_generation_with_thread_local_rng() {
        let token_generator = FromThreadRng::new();
        let token = token_generator.generate_token().unwrap();
        assert_eq!(token.chars().count(), 64);
    }

    #[test]
    #[should_panic(expected = "filling array failed")]
    fn test_token_generation_with_rng_error() {
        let mut failing_rng = MockFailingRng::new();
        let err = Error::new("filling array failed".to_owned());
        failing_rng
            .expect_try_fill_bytes()
            .return_once(move |_| Err(err));
        let token_generator = FromCustomRng::new(failing_rng);
        let _ = token_generator.generate_token().unwrap();
    }

    #[test]
    fn test_converting_token_generation_error_to_warp_rejection() {
        let rand_err = Error::new("some random error".to_string());
        let token_generation_error = TokenGenerationError::RandError { source: rand_err };
        let _: warp::Rejection = warp::Rejection::from(token_generation_error);
    }

    #[test]
    fn test_clone_fromcustomrng() {
        let rng = FromCustomRng::new(Pcg64::seed_from_u64(1));
        let _ = rng.clone();
    }
}