shadow-crypt-shell 1.0.7

Main workflows and I/O operations for shadow-crypt
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290

use std::path::PathBuf;

use shadow_crypt_core::{
    v1::header_ops::{get_version_from_bytes, is_shadow_file},
    version::is_supported_version,
};

use crate::{
    decryption::{cli::DecryptionCliArgs, file::DecryptionInputFile},
    errors::{WorkflowError, WorkflowResult},
    utils::read_n_bytes_from_file,
};

#[derive(Debug)]
pub struct ValidDecryptionArgs {
    pub files: Vec<DecryptionInputFile>,
}

pub fn validate_input(input: DecryptionCliArgs) -> WorkflowResult<ValidDecryptionArgs> {
    ensure_not_empty(&input)?;

    let validated_files: Vec<DecryptionInputFile> = input
        .input_files
        .iter()
        .map(PathBuf::from)
        .map(ensure_exists)
        .map(ensure_is_regular_file)
        .map(ensure_is_encrypted_shadow_file)
        .map(ensure_version_supported)
        .map(create_input_file)
        .collect::<WorkflowResult<Vec<DecryptionInputFile>>>()?;

    Ok(ValidDecryptionArgs {
        files: validated_files,
    })
}

fn ensure_not_empty(input: &DecryptionCliArgs) -> WorkflowResult<()> {
    if input.input_files.is_empty() {
        return Err(WorkflowError::UserInput(
            "No input files provided".to_string(),
        ));
    }
    Ok(())
}

fn ensure_exists(path: PathBuf) -> WorkflowResult<PathBuf> {
    if !path.exists() {
        return Err(WorkflowError::UserInput(format!(
            "Input file does not exist: {}",
            path.display()
        )));
    }
    Ok(path)
}

fn ensure_is_regular_file(path: WorkflowResult<PathBuf>) -> WorkflowResult<PathBuf> {
    if let Ok(path) = &path
        && !path.is_file()
    {
        return Err(WorkflowError::UserInput(format!(
            "Input path is not a file: {}",
            path.display()
        )));
    }
    path
}

fn ensure_is_encrypted_shadow_file(path: WorkflowResult<PathBuf>) -> WorkflowResult<PathBuf> {
    let path = path?;
    let first_bytes = read_n_bytes_from_file(&path, 10)?;
    if !is_shadow_file(first_bytes.as_slice())? {
        return Err(WorkflowError::UserInput(format!(
            "File is not a valid Shadow encrypted file: {}",
            path.display()
        )));
    }
    Ok(path)
}

fn ensure_version_supported(path: WorkflowResult<PathBuf>) -> WorkflowResult<PathBuf> {
    let path = path?;
    let first_bytes = read_n_bytes_from_file(&path, 10)?;
    let version: u8 = get_version_from_bytes(first_bytes.as_slice()).map_err(|_| {
        WorkflowError::UserInput(format!(
            "Unable to read version from file: {}",
            path.display()
        ))
    })?;
    if !is_supported_version(version) {
        return Err(WorkflowError::UserInput(format!(
            "Unsupported Shadow file version in file: {}",
            path.display()
        )));
    }
    Ok(path)
}

fn create_input_file(path: WorkflowResult<PathBuf>) -> WorkflowResult<DecryptionInputFile> {
    let path = path?;
    let name: String = path
        .file_name()
        .and_then(|n| n.to_str())
        .ok_or_else(|| {
            WorkflowError::UserInput(format!("Invalid filename for path: {}", path.display()))
        })?
        .to_string();
    let size: u64 = path
        .metadata()
        .map_err(|_| {
            WorkflowError::UserInput(format!(
                "Unable to read metadata for file: {}",
                path.display()
            ))
        })?
        .len();

    Ok(DecryptionInputFile {
        path,
        filename: name,
        size,
    })
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::decryption::cli::DecryptionCliArgs;
    use std::fs;
    use tempfile::TempDir;

    #[test]
    fn test_validate_input_no_files() {
        let args = DecryptionCliArgs {
            input_files: vec![],
        };
        let result = validate_input(args);
        assert!(result.is_err());
    }

    #[test]
    fn test_validate_input_file_does_not_exist() {
        let args = DecryptionCliArgs {
            input_files: vec!["nonexistent.txt".to_string()],
        };
        let result = validate_input(args);
        assert!(result.is_err());
    }

    #[test]
    fn test_validate_input_path_is_directory() {
        let temp_dir = TempDir::new().unwrap();
        let args = DecryptionCliArgs {
            input_files: vec![temp_dir.path().to_str().unwrap().to_string()],
        };
        let result = validate_input(args);
        assert!(result.is_err());
    }

    #[test]
    fn test_validate_input_valid_file() {
        let temp_dir = TempDir::new().unwrap();
        let file_path = temp_dir.path().join("test.txt");
        fs::write(&file_path, b"test").unwrap();

        let args = DecryptionCliArgs {
            input_files: vec![file_path.to_str().unwrap().to_string()],
        };
        let result = validate_input(args);
        // This will fail because the file is not a shadow file, but that's tested elsewhere
        // We just want to ensure the validation pipeline works for valid file paths
        assert!(result.is_err()); // Expected to fail at shadow file check
    }

    #[test]
    fn test_validate_input_multiple_files() {
        let temp_dir = TempDir::new().unwrap();
        let file1 = temp_dir.path().join("test1.txt");
        let file2 = temp_dir.path().join("test2.txt");
        fs::write(&file1, b"test1").unwrap();
        fs::write(&file2, b"test2").unwrap();

        let args = DecryptionCliArgs {
            input_files: vec![
                file1.to_str().unwrap().to_string(),
                file2.to_str().unwrap().to_string(),
            ],
        };
        let result = validate_input(args);
        assert!(result.is_err()); // Expected to fail at shadow file check
    }

    #[test]
    fn test_validate_input_valid_shadow_file() {
        let temp_dir = TempDir::new().unwrap();
        let file_path = temp_dir.path().join("test.shadow");
        // Create a valid shadow file header: "SHADOW" + version 1 + some dummy data
        let mut header = b"SHADOW".to_vec();
        header.push(1); // version 1
        // Add minimal header data to make it valid (at least 10 bytes total)
        header.extend_from_slice(&[0u8; 4]); // dummy data
        fs::write(&file_path, header).unwrap();

        let args = DecryptionCliArgs {
            input_files: vec![file_path.to_str().unwrap().to_string()],
        };
        let result = validate_input(args);
        assert!(result.is_ok());
        let valid_args = result.unwrap();
        assert_eq!(valid_args.files.len(), 1);
        assert_eq!(valid_args.files[0].filename, "test.shadow");
        assert_eq!(valid_args.files[0].size, 11); // "SHADOW" (6) + version (1) + dummy (4)
    }

    #[test]
    fn test_validate_input_invalid_magic_bytes() {
        let temp_dir = TempDir::new().unwrap();
        let file_path = temp_dir.path().join("invalid.txt");
        // Write invalid magic bytes
        fs::write(&file_path, b"INVALID").unwrap();

        let args = DecryptionCliArgs {
            input_files: vec![file_path.to_str().unwrap().to_string()],
        };
        let result = validate_input(args);
        assert!(result.is_err());
        let err = result.unwrap_err();
        match err {
            WorkflowError::UserInput(msg) => {
                assert!(msg.contains("not a valid Shadow encrypted file"))
            }
            _ => panic!("Expected UserInput error"),
        }
    }

    #[test]
    fn test_validate_input_unsupported_version() {
        let temp_dir = TempDir::new().unwrap();
        let file_path = temp_dir.path().join("unsupported.shadow");
        // Create file with "SHADOW" but unsupported version (e.g., 99)
        let mut header = b"SHADOW".to_vec();
        header.push(99); // unsupported version
        fs::write(&file_path, header).unwrap();

        let args = DecryptionCliArgs {
            input_files: vec![file_path.to_str().unwrap().to_string()],
        };
        let result = validate_input(args);
        assert!(result.is_err());
        let err = result.unwrap_err();
        match err {
            WorkflowError::UserInput(msg) => {
                assert!(msg.contains("Unsupported Shadow file version"))
            }
            _ => panic!("Expected UserInput error"),
        }
    }

    #[test]
    fn test_validate_input_insufficient_bytes() {
        let temp_dir = TempDir::new().unwrap();
        let file_path = temp_dir.path().join("short.txt");
        // Write only 5 bytes, less than needed for header validation
        fs::write(&file_path, b"SHORT").unwrap();

        let args = DecryptionCliArgs {
            input_files: vec![file_path.to_str().unwrap().to_string()],
        };
        let result = validate_input(args);
        assert!(result.is_err());
        // This should fail at the magic bytes check due to insufficient bytes
    }

    #[test]
    fn test_validate_input_directory_instead_of_file() {
        // Test with a directory path instead of a file
        let temp_dir = TempDir::new().unwrap();

        let args = DecryptionCliArgs {
            input_files: vec![temp_dir.path().to_str().unwrap().to_string()],
        };
        let result = validate_input(args);
        assert!(result.is_err());
        let err = result.unwrap_err();
        match err {
            WorkflowError::UserInput(msg) => assert!(msg.contains("Input path is not a file")),
            _ => panic!("Expected UserInput error"),
        }
    }
}