use super::{AuthError, AuthFuture};
use crate::client::AuthClient;
use futures::Future;
use maidsafe_utilities::serialisation::{deserialise, serialise};
use rust_sodium::crypto::secretbox;
use safe_core::ipc::resp::{access_container_enc_key, AccessContainerEntry};
use safe_core::ipc::AppKeys;
use safe_core::utils::{symmetric_decrypt, symmetric_encrypt};
use safe_core::{recovery, Client, CoreError, FutureExt, MDataInfo};
use safe_nd::{
Error as SndError, MDataAction, MDataPermissionSet, MDataSeqEntryActions, PublicKey,
};
use std::collections::HashMap;
pub const AUTHENTICATOR_ENTRY: &str = "authenticator";
pub fn enc_key(
access_container: &MDataInfo,
app_id: &str,
secret_key: &secretbox::Key,
) -> Result<Vec<u8>, AuthError> {
let nonce = access_container
.nonce()
.ok_or_else(|| AuthError::from("No valid nonce for access container"))?;
Ok(access_container_enc_key(app_id, secret_key, nonce)?)
}
pub fn decode_authenticator_entry(
encoded: &[u8],
enc_key: &secretbox::Key,
) -> Result<HashMap<String, MDataInfo>, AuthError> {
let plaintext = symmetric_decrypt(encoded, enc_key)?;
Ok(deserialise(&plaintext)?)
}
#[allow(clippy::implicit_hasher)]
pub fn encode_authenticator_entry(
decoded: &HashMap<String, MDataInfo>,
enc_key: &secretbox::Key,
) -> Result<Vec<u8>, AuthError> {
let plaintext = serialise(decoded)?;
Ok(symmetric_encrypt(&plaintext, enc_key, None)?)
}
pub fn fetch_authenticator_entry(
client: &AuthClient,
) -> Box<AuthFuture<(u64, HashMap<String, MDataInfo>)>> {
let c2 = client.clone();
let access_container = client.access_container();
let key = {
let sk = client.secret_symmetric_key();
fry!(enc_key(&access_container, AUTHENTICATOR_ENTRY, &sk))
};
client
.get_seq_mdata_value(access_container.name(), access_container.type_tag(), key)
.map_err(From::from)
.and_then(move |value| {
let enc_key = c2.secret_symmetric_key();
decode_authenticator_entry(&value.data, &enc_key)
.map(|decoded| (value.version, decoded))
})
.into_box()
}
#[allow(clippy::implicit_hasher)]
pub fn put_authenticator_entry(
client: &AuthClient,
new_value: &HashMap<String, MDataInfo>,
version: u64,
) -> Box<AuthFuture<()>> {
let access_container = client.access_container();
let (key, ciphertext) = {
let sk = client.secret_symmetric_key();
let key = fry!(enc_key(&access_container, AUTHENTICATOR_ENTRY, &sk));
let ciphertext = fry!(encode_authenticator_entry(new_value, &sk));
(key, ciphertext)
};
let actions = if version == 0 {
MDataSeqEntryActions::new().ins(key, ciphertext, 0)
} else {
MDataSeqEntryActions::new().update(key, ciphertext, version)
};
recovery::mutate_mdata_entries(client, *access_container.address(), actions)
.map_err(From::from)
.into_box()
}
pub fn decode_app_entry(
encoded: &[u8],
enc_key: &secretbox::Key,
) -> Result<AccessContainerEntry, AuthError> {
let plaintext = symmetric_decrypt(encoded, enc_key)?;
Ok(deserialise(&plaintext)?)
}
pub fn encode_app_entry(
decoded: &AccessContainerEntry,
enc_key: &secretbox::Key,
) -> Result<Vec<u8>, AuthError> {
let plaintext = serialise(decoded)?;
Ok(symmetric_encrypt(&plaintext, enc_key, None)?)
}
pub fn fetch_entry(
client: &AuthClient,
app_id: &str,
app_keys: AppKeys,
) -> Box<AuthFuture<(u64, Option<AccessContainerEntry>)>> {
trace!(
"Fetching access container entry for app with ID {}...",
app_id
);
let access_container = client.access_container();
let key = fry!(enc_key(&access_container, app_id, &app_keys.enc_key));
trace!("Fetching entry using entry key {:?}", key);
client
.get_seq_mdata_value(access_container.name(), access_container.type_tag(), key)
.then(move |result| match result {
Err(CoreError::DataError(SndError::NoSuchEntry)) => Ok((0, None)),
Err(err) => Err(AuthError::from(err)),
Ok(value) => {
let decoded = Some(decode_app_entry(&value.data, &app_keys.enc_key)?);
Ok((value.version, decoded))
}
})
.into_box()
}
pub fn put_entry(
client: &AuthClient,
app_id: &str,
app_keys: &AppKeys,
permissions: &AccessContainerEntry,
version: u64,
) -> Box<AuthFuture<()>> {
trace!("Putting access container entry for app {}...", app_id);
let client2 = client.clone();
let client3 = client.clone();
let access_container = client.access_container();
let acc_cont_info = access_container.clone();
let key = fry!(enc_key(&access_container, app_id, &app_keys.enc_key));
let ciphertext = fry!(encode_app_entry(permissions, &app_keys.enc_key));
let actions = if version == 0 {
MDataSeqEntryActions::new().ins(key, ciphertext, 0)
} else {
MDataSeqEntryActions::new().update(key, ciphertext, version)
};
let app_pk: PublicKey = app_keys.bls_pk.into();
client
.get_mdata_version(*access_container.address())
.map_err(AuthError::from)
.and_then(move |shell_version| {
client2
.set_mdata_user_permissions(
*acc_cont_info.address(),
app_pk,
MDataPermissionSet::new().allow(MDataAction::Read),
shell_version + 1,
)
.map_err(AuthError::from)
})
.and_then(move |_| {
recovery::mutate_mdata_entries(&client3, *access_container.address(), actions)
.map_err(AuthError::from)
})
.into_box()
}
pub fn delete_entry(
client: &AuthClient,
app_id: &str,
app_keys: &AppKeys,
version: u64,
) -> Box<AuthFuture<()>> {
let access_container = client.access_container();
let acc_cont_info = access_container.clone();
let key = fry!(enc_key(&access_container, app_id, &app_keys.enc_key));
let client2 = client.clone();
let client3 = client.clone();
let actions = MDataSeqEntryActions::new().del(key, version);
let app_pk: PublicKey = app_keys.bls_pk.into();
client
.get_mdata_version(*access_container.address())
.map_err(AuthError::from)
.and_then(move |shell_version| {
client2
.del_mdata_user_permissions(*acc_cont_info.address(), app_pk, shell_version + 1)
.map_err(AuthError::from)
})
.and_then(move |_| {
recovery::mutate_mdata_entries(&client3, *access_container.address(), actions)
.map_err(AuthError::from)
})
.into_box()
}