1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015
//! Encon is an optionally-encrypted config format, built on top of JSON. A mix of encrypted //! and plain fields, and support for encrypting arbitrary JSON values make it very flexible. //! //! # Example //! ``` //! use serde_json::json; //! use encon::{Password, Map, Encryptable}; //! //! let pass = Password::new("strongpassword"); //! //! let mut map = Map::new(); //! map.insert("foo", Encryptable::Plain("Foo".into())); //! map.insert("bar", Encryptable::Plain("Bar".into())); //! map.get_mut(&"foo".to_owned()).unwrap().intend_encrypted(); //! //! assert_eq!(map.get(&"foo".to_owned()).unwrap().is_encrypted(), false); //! assert_eq!(map.get(&"bar".to_owned()).unwrap().is_encrypted(), false); //! //! map.apply_all_intents(&pass).unwrap(); //! assert_eq!(map.get(&"foo".to_owned()).unwrap().is_encrypted(), true); //! assert_eq!(map.get(&"bar".to_owned()).unwrap().is_encrypted(), false); //! //! let json = map.to_json_pretty().unwrap(); //! let mut map2: Map = serde_json::from_str(&json).unwrap(); //! assert_eq!(map2.get(&"foo".to_owned()).unwrap().is_encrypted(), true); //! assert_eq!(map2.get(&"bar".to_owned()).unwrap().is_encrypted(), false); //! //! let value = map2.get_mut(&"foo".to_owned()).unwrap() //! .to_decrypted(&pass).unwrap() //! .as_plain().unwrap().clone(); //! assert_eq!(value, json!("Foo")); //! ``` mod error; pub mod legacy; /// Serialize/Deserialize impls are in here mod serde; mod util; pub use error::{DecryptError, EnconError, EncryptError, MapToJsonError}; use indexmap::map::IndexMap; use serde_json::Value; use sodiumoxide::crypto::aead::chacha20poly1305_ietf as aead; use sodiumoxide::crypto::pwhash; use sodiumoxide::randombytes::randombytes; use std::fmt; use std::io::Write as _; use std::ops::Deref; use std::ops::DerefMut; use std::sync::Arc; pub const SIGNATURE: [u8; 4] = [0xC2, 0x0A, 0x4B, 0xED]; /// `init()` initializes the sodium library and chooses faster versions of the primitives /// if possible. init() also makes the random number generation functions thread-safe /// /// See also [`sodiumoxide::init`]. /// /// [`sodiumoxide::init`]: https://docs.rs/sodiumoxide/0.2/sodiumoxide/fn.init.html pub fn init() -> Result<(), ()> { sodiumoxide::init() } /// Represents an encryption password, and contains the low level encrypt/decrypt operations /// on lists of bytes. /// /// The encryption used is [ChaCha20/Poly1305] (an Authenticated Encryption with Associated /// Data algorithm) of [libsodium's secret-stream]. /// /// [ChaCha20/Poly1305]: https://tools.ietf.org/html/rfc7905 /// [sodium's secret-stream]: https://docs.rs/sodiumoxide/0.2.6/sodiumoxide/crypto/secretstream/index.html #[derive(Clone)] pub struct Password { password: Arc<String>, } impl Password { /// Create a new password for encryption and decryption. pub fn new(password: impl Into<String>) -> Self { Password { password: Arc::new(password.into()), } } /// Encrypt a byte slice with this password. /// /// # Example /// /// Note that encrypting the same data twice will give different bytes as output. /// /// ``` /// use encon::Password; /// /// let pw = Password::new("strongpassword"); /// let data = [0x01, 0x02, 0x03]; /// let first: Vec<u8> = pw.encrypt(data).unwrap(); /// let second: Vec<u8> = pw.encrypt(data).unwrap(); /// assert_ne!(first, second); /// ``` pub fn encrypt(&self, bytes: impl AsRef<[u8]>) -> Result<Vec<u8>, EncryptError> { let bytes = bytes.as_ref(); let mut output = Vec::default(); // write file signature output.write_all(&SIGNATURE).map_err(EncryptError::write)?; let salt = pwhash::gen_salt(); output.write_all(&salt.0).map_err(EncryptError::write)?; let mut key = [0u8; aead::KEYBYTES]; pwhash::derive_key_interactive(&mut key, self.password.as_bytes(), &salt).unwrap(); let key = aead::Key(key); let nonce_bytes = randombytes(aead::NONCEBYTES); let nonce = aead::Nonce::from_slice(&nonce_bytes).expect("Nonce::from_slice"); output .write_all(&nonce_bytes) .map_err(EncryptError::write)?; let sealed = aead::seal(bytes, None, &nonce, &key); output.write_all(&sealed).map_err(EncryptError::write)?; Ok(output) } /// Decrypt a byte slice with this password. /// /// # Example /// Here is a known working example. /// /// ``` /// use encon::Password; /// /// let password = Password::new("strongpassword"); /// let buffer = password.decrypt(vec![ /// 0xc2, 0x0a, 0x4b, 0xed, 0x94, 0xb3, 0x10, 0xf3, 0x8e, 0x97, 0x5e, 0x9a, /// 0x9c, 0xb4, 0xf1, 0xd9, 0x4c, 0x32, 0xd4, 0x55, 0x60, 0x92, 0xa4, 0x40, /// 0x35, 0x0f, 0x21, 0x51, 0xee, 0x1b, 0x2b, 0xa2, 0x8b, 0x91, 0xdc, 0xe1, /// 0xc2, 0xf6, 0x47, 0x3e, 0x07, 0x1f, 0xad, 0xd2, 0x48, 0x14, 0x52, 0x85, /// 0xab, 0x4e, 0xa7, 0x5d, 0xee, 0xf5, 0x03, 0xb6, 0x9d, 0xcd, 0xe0, 0xe2, /// 0x91, 0x95, 0x49, 0x72, 0x04, 0xed, 0xb9, 0xa4, 0x9f, 0x07, 0x0b, 0x22, /// 0x26, 0x51, 0x62, 0x36, 0x52, /// ]).unwrap(); /// /// let s = String::from_utf8(buffer).unwrap(); /// assert_eq!(&s, "Hello, world!"); /// # /// # // Extra round-trip test /// # let buffer = password.encrypt("Hello, world!").unwrap(); /// # let buffer = password.decrypt(buffer).unwrap(); /// # let s = String::from_utf8(buffer).unwrap(); /// # assert_eq!(&s, "Hello, world!"); /// ``` pub fn decrypt(&self, bytes: impl AsRef<[u8]>) -> Result<Vec<u8>, DecryptError> { let bytes = bytes.as_ref(); if bytes.len() <= (pwhash::SALTBYTES + aead::NONCEBYTES + SIGNATURE.len()) { return Err(DecryptError::InputTooShort); } let mut offset = 0; let mut salt = [0u8; pwhash::SALTBYTES]; let mut signature = [0u8; 4]; signature.copy_from_slice(&bytes[offset..offset + SIGNATURE.len()]); offset += signature.len(); // TEMP: allows decrypting legacy payloads if signature == legacy::SIGNATURE { let legacy = legacy::Password::from(self.clone()); return legacy.decrypt(bytes); } salt.copy_from_slice(&bytes[offset..offset + pwhash::SALTBYTES]); offset += salt.len(); let salt = pwhash::Salt(salt); let mut nonce = [0u8; aead::NONCEBYTES]; nonce.copy_from_slice(&bytes[offset..offset + aead::NONCEBYTES]); offset += nonce.len(); let nonce = aead::Nonce(nonce); let mut key = [0u8; aead::KEYBYTES]; pwhash::derive_key_interactive(&mut key, self.password.as_bytes(), &salt) .map_err(|_| DecryptError::DeriveKey)?; let key = aead::Key(key); let output = aead::open(&bytes[offset..], None, &nonce, &key) .map_err(|_| DecryptError::LikelyWrongPassword)?; Ok(output) } } /// Pairs with `Encryptable`, and is used in `WithIntent`. #[derive(Debug, Clone, Copy, Eq, PartialEq)] pub enum EncryptableKind { Encrypted, Plain, } impl fmt::Display for EncryptableKind { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { write!( f, "{}", match self { Self::Encrypted => "Encrypted", Self::Plain => "Plain", } ) } } /// A value that can either be encrypted or plain, functionality to transition between /// the two states, and a pretty serde representation. In either variant, it represents an /// arbitrary JSON value. /// /// # Example /// The serialized form of `Encryptable::Plain` is transparent (equivalent to the underlying /// `serde_json::Value`). The encrypted form uses an array of fixed width hex strings to keep /// lines short and nicely formatted, even if the encrypted blob is kilobytes in size. /// /// ``` /// use encon::Encryptable; /// use serde_json::to_string_pretty; /// /// let encrypted = Encryptable::Encrypted((0..255).collect()); /// let json = to_string_pretty(&encrypted).unwrap(); /// assert_eq!(json.as_str(), r#"{ /// "_encrypted": [ /// "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122", /// "232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445", /// "464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768", /// "696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b", /// "8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadae", /// "afb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1", /// "d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4", /// "f5f6f7f8f9fafbfcfdfe" /// ] /// }"#); /// ``` #[derive(Debug, Clone)] pub enum Encryptable { Encrypted(Vec<u8>), Plain(Value), } impl Encryptable { /// Returns the variant kind. pub fn kind(&self) -> EncryptableKind { match self { Self::Encrypted(_) => EncryptableKind::Encrypted, Self::Plain(_) => EncryptableKind::Plain, } } pub fn is_encrypted(&self) -> bool { match self { Self::Encrypted(_) => true, _ => false, } } /// If this is the encrypted variant, returns a the encrypted blob. pub fn as_encrypted(&self) -> Option<&[u8]> { match self { Self::Encrypted(value) => Some(&*value), _ => None, } } /// If this is the plain variant, returns the serde_json `Value`. pub fn as_plain(&self) -> Option<&Value> { match self { Self::Plain(value) => Some(value), _ => None, } } /// If not already encrypted, this will return an encrypted copy of the `Encryptable`. /// /// See [`Password::encrypt`] for details. /// /// [`Password::encrypt`]: ./struct.Password.html#method.encrypt pub fn to_encrypted(&self, password: &Password) -> Result<Self, EncryptError> { Ok(Self::Encrypted(self.encrypt(password)?)) } /// If not already in the plain variant, this will return a decrypted/plain copy of /// the `Encryptable`. Will return an error if the password is invalid, or the encrypted /// blob is invalid. /// /// See [`Password::decrypt`] for details. /// /// [`Password::decrypt`]: ./struct.Password.html#method.decrypt pub fn to_decrypted(&self, password: &Password) -> Result<Self, DecryptError> { Ok(Self::Plain(self.decrypt(password)?)) } /// Produces the encryption output as a `Vec` of bytes. This encrypts the value if not /// already encrypted. /// /// See [`Password::encrypt`] for details. /// /// [`Password::encrypt`]: ./struct.Password.html#method.encrypt pub fn encrypt(&self, password: &Password) -> Result<Vec<u8>, EncryptError> { match self { Self::Encrypted(bytes) => Ok(bytes.clone()), Self::Plain(value) => { let json = serde_json::to_string(value).map_err(EncryptError::serialize)?; let bytes = password.encrypt(&json)?; Ok(bytes) } } } /// Produces the decrypted JSON value. This decrypts the value if /// already encrypted. /// /// See [`Password::decrypt`] for details. /// /// [`Password::decrypt`]: ./struct.Password.html#method.decrypt pub fn decrypt(&self, password: &Password) -> Result<Value, DecryptError> { match self { Self::Plain(inner) => Ok(inner.clone()), Self::Encrypted(bytes) => { let bytes = password.decrypt(bytes)?; let json = String::from_utf8(bytes).map_err(DecryptError::utf8)?; let value: Value = serde_json::from_str(&json).map_err(DecryptError::deserialize)?; Ok(value) } } } /// Wrap this in a `WithIntent` with the encrypted variant pub fn with_intent_encrypted(self) -> WithIntent { WithIntent { intent: EncryptableKind::Encrypted, inner: self, } } /// Wrap this in a `WithIntent` with the plain variant pub fn with_intent_plain(self) -> WithIntent { WithIntent { intent: EncryptableKind::Plain, inner: self, } } } /// Shorthand for creating an `Encryptable::Plain` from text (not interpreted as JSON). pub fn string(s: impl ToString) -> Encryptable { Encryptable::Plain(s.to_string().into()) } /// A wrapper around [`Encryptable`] that also has an intent flag, indicating if we'd like /// it to be outputted as encrypted or plain. /// /// Derefs into [`Encryptable`]. /// /// [`Encryptable`]: ./enum.Encryptable.html #[derive(Debug, Clone)] pub struct WithIntent { intent: EncryptableKind, inner: Encryptable, } impl WithIntent { // Extract the inner `Encryptable`, discarding the intent. pub fn into_inner(self) -> Encryptable { self.inner } /// Get the current intent pub fn intent(&self) -> EncryptableKind { self.intent } /// Get a mutable reference to the current intent pub fn intent_mut(&mut self) -> &mut EncryptableKind { &mut self.intent } /// Set the intent to `EncryptableKind::Encrypted` without changing the underlying `Encryptable`. pub fn intend_encrypted(&mut self) -> &mut Self { self.intent = EncryptableKind::Encrypted; self } /// Set the intent to `EncryptableKind::Plain` without changing the underlying `Encryptable`. pub fn intend_plain(&mut self) -> &mut Self { self.intent = EncryptableKind::Plain; self } /// Set the intent to `EncryptableKind::Plain` without changing the underlying `Encryptable`. pub fn apply_intent(&mut self, password: &Password) -> Result<(), EnconError> { use EncryptableKind::{Encrypted, Plain}; match (self.inner.kind(), self.intent) { (Encrypted, Plain) => { self.inner = self .inner .to_decrypted(password) .map_err(EnconError::from) .map_err(|err| err.apply_intent(Plain))?; } (Plain, Encrypted) => { self.inner = self .inner .to_encrypted(password) .map_err(EnconError::from) .map_err(|err| err.apply_intent(Encrypted))?; } (Plain, Plain) => {} (Encrypted, Encrypted) => {} } Ok(()) } /// Like [`Encryptable::to_decrypted`] but preserving the intent. /// /// [`Encryptable::to_decrypted`]: ./enum.Encryptable.html#method.to_decrypted pub fn to_decrypted(&self, password: &Password) -> Result<Self, DecryptError> { Ok(Self { inner: self.inner.to_decrypted(password)?, intent: self.intent, }) } /// Like [`Encryptable::to_encrypted`] but preserving the intent. /// /// [`Encryptable::to_encrypted`]: ./enum.Encryptable.html#method.to_encrypted pub fn to_encrypted(&self, password: &Password) -> Result<Self, EncryptError> { Ok(Self { inner: self.inner.to_encrypted(password)?, intent: self.intent, }) } } impl From<Encryptable> for WithIntent { fn from(inner: Encryptable) -> Self { Self { intent: inner.kind(), inner, } } } impl Deref for WithIntent { type Target = Encryptable; fn deref(&self) -> &Self::Target { &self.inner } } impl DerefMut for WithIntent { fn deref_mut(&mut self) -> &mut Self::Target { &mut self.inner } } /// Represents a mapping of string keys to [`WithIntent`] values (a wrapper around [`Encryptable`]). /// /// [`WithIntent`]: ./struct.WithIntent.html /// [`Encryptable`]: ./enum.Encryptable.html /// /// # Example /// ``` /// use encon::Map; /// use serde_json::json; /// use serde_json::from_value; /// /// let map: Map = from_value(json!({ /// "k1": "foo", /// "k2": { /// "_encrypted": [ /// "c10a4bed22a6511e0b6724f8c62832a6d85c154272b3b57a355568bb6af62ca99cc98e", /// "226163081382e58b796fc212e5427546aa9efb2923f561bc7e3b2418ec9166ea69309d", /// "aa0fee467e6ca538d9f7c29e" /// ] /// } /// })).unwrap(); /// ``` #[derive(Debug, Clone, Default)] pub struct Map { inner: IndexMap<String, WithIntent>, } impl Map { /// Creates an empty `Map` pub fn new() -> Self { Self::default() } /// Attempts to decrypt all fields with the provided key. This does *not* change the intent /// of the fields. You may later call `.apply_all_intents()` to re-encrypt any keys that were /// originally encrypted; possibly with a different password. pub fn decrypt_all_in_place(&mut self, password: &Password) -> Result<(), EnconError> { let mut good_keys = vec![]; let mut bad_keys = vec![]; let mut first_error = None; for (key, value) in &mut self.inner { match value.to_decrypted(password) { Ok(decrypted) => { good_keys.push(key.clone()); *value = decrypted; } Err(err) => { bad_keys.push(key.clone()); if first_error.is_none() { first_error = Some(err); } } } } if let Some(source) = first_error { Err(EnconError::DecryptAll { good_keys, bad_keys, source: Box::new(source), }) } else { Ok(()) } } /// Applies the intended state of each field. See [`WithIntent::apply_intent`] for details. /// /// [`WithIntent::apply_intent`]: ./struct.WithIntent.html#method.apply_intent pub fn apply_all_intents(&mut self, password: &Password) -> Result<(), EnconError> { for (_, value) in &mut self.inner { value.apply_intent(password)?; } Ok(()) } fn to_json_pre(&self) -> Result<(), MapToJsonError> { for (_, value) in &self.inner { if value.intent != value.intent() { return Err(MapToJsonError::ApplyRequired); } } Ok(()) } /// Converts the `Map` to pretty-printed JSON. /// /// This method requires that all intents have been applied (use [`apply_all_intents`] /// to accomplish this). If intents aren't applied, then [`Err(MapToJsonError::ApplyRequired)`][MapToJsonError::ApplyRequired] will be returned /// /// [`apply_all_intents`]: #method.apply_all_intents /// [MapToJsonError::ApplyRequired]: ./enum.MapToJsonError.html#variant.ApplyRequired pub fn to_json_pretty(&self) -> Result<String, MapToJsonError> { self.to_json_pre()?; serde_json::to_string_pretty(&self.inner).map_err(MapToJsonError::Serde) } /// Similar to [`to_json_pretty`], except printed as compactly as possible. /// /// This is `serde_json::to_string`, but named explicitly since you usually want /// the `to_json_pretty` variant. /// /// [`to_json_pretty`]: #method.to_json_pretty pub fn to_json_compact(&self) -> Result<String, MapToJsonError> { self.to_json_pre()?; serde_json::to_string(&self.inner).map_err(MapToJsonError::Serde) } /// Decrypts all fields and returns a `PlainMap` containing them. This allows you to /// skip the plain vs encrypted checks in following code. /// /// The method clones the keys/values because you may later want to apply changes to the /// `PlainMap` back on the `Map`, and then apply the original intents (which are only /// stored in `Map`). pub fn to_plain_map(&self, password: &Password) -> Result<PlainMap, EnconError> { let mut copy = self.clone(); copy.decrypt_all_in_place(password)?; let mut plain_map = PlainMap { inner: IndexMap::with_capacity(self.len()), }; for (key, with_intent) in copy { match with_intent.into_inner() { Encryptable::Plain(value) => { plain_map.insert(key, value); } _ => panic!( "Expected key {:?} to be decrypted after decrypt_all_in_place", key ), } } Ok(plain_map) } /// Insert a `WithIntent`/`Encryptable`, returning the existing `WithIntent`, if any. pub fn insert( &mut self, key: impl Into<String>, value: impl Into<WithIntent>, ) -> Option<WithIntent> { self.inner.insert(key.into(), value.into()) } /// Inserts the item before the specified index. If the index is >= the number of items, /// it's simply appended to the end. /// /// ``` /// use encon::Map; /// use encon::Encryptable; /// /// let mut map = Map::new(); /// map.insert("foo", encon::string("a")); /// map.insert("baz", encon::string("c")); /// map.insert_before(1, "bar", encon::string("b")); /// /// let keys = map.keys().map(|k| k as &str).collect::<Vec<_>>(); /// assert_eq!(keys, vec!["foo", "bar", "baz"]); /// ``` pub fn insert_before( &mut self, index: usize, key: impl Into<String>, value: impl Into<WithIntent>, ) -> Option<WithIntent> { // Check if we're inserting before an item that doesn't yet exist, i.e. appending if index >= self.len() { return self.insert(key, value); } let key = key.into(); let mut to_insert = Some((key.clone(), value.into())); let current_index = self.inner.get_index_of(&key); let new_map = IndexMap::with_capacity(if current_index.is_some() { self.inner.len() } else { self.inner.len() + 1 }); let inner = std::mem::replace(&mut self.inner, new_map); // Try to find an existing item let mut ret = None; for (i, (k, v)) in inner.into_iter().enumerate() { if i == index { // This will only be executed once, but no reason to `.unwrap()` if let Some((key, value)) = to_insert.take() { self.inner.insert(key, value); } } if current_index == Some(i) { ret = Some(v); } else { self.inner.insert(k, v); } } ret } /// Return an iterator over the keys of the map, in their order pub fn keys(&self) -> impl Iterator<Item = &String> { self.inner.keys() } /// Return an iterator over the values of the map, in their order pub fn values(&self) -> impl Iterator<Item = &WithIntent> { self.inner.values() } /// Get the given key’s corresponding entry in the map for insertion and/or in-place manipulation. pub fn entry(&mut self, key: String) -> indexmap::map::Entry<'_, String, WithIntent> { self.inner.entry(key) } /// Return a reference to the value stored for key, if it is present, else None. pub fn get(&self, key: impl Into<String>) -> Option<&WithIntent> { self.inner.get(&key.into()) } /// Return a mutable reference to the value stored for key, if it is present, else None. pub fn get_mut(&mut self, key: impl Into<String>) -> Option<&mut WithIntent> { self.inner.get_mut(&key.into()) } /// Returns a double-ended iterator visiting all key-value pairs in order of insertion. /// Iterator element type is (&'a String, &'a mut WithIntent) pub fn iter(&self) -> indexmap::map::Iter<String, WithIntent> { self.inner.iter() } /// Returns a double-ended iterator visiting all key-value pairs in order of insertion. /// Iterator element type is (&'a String, &'a mut WithIntent) pub fn iter_mut(&mut self) -> indexmap::map::IterMut<String, WithIntent> { self.inner.iter_mut() } /// Remove the entry for this key, and return it if it exists. pub fn remove(&mut self, key: impl Into<String>) -> Option<WithIntent> { self.inner.remove(&key.into()) } /// Remove the entry for this key, and return it if it exists. pub fn sort_keys(&mut self) { self.inner.sort_keys() } pub fn reverse(&mut self) { self.inner.reverse() } /// Returns the number of elements in the map. pub fn len(&self) -> usize { self.inner.len() } /// Returns true if the map contains no elements. pub fn is_empty(&self) -> bool { self.inner.is_empty() } } impl IntoIterator for Map { type Item = (String, WithIntent); type IntoIter = indexmap::map::IntoIter<String, WithIntent>; fn into_iter(self) -> Self::IntoIter { self.inner.into_iter() } } impl<'a> IntoIterator for &'a Map { type Item = (&'a String, &'a WithIntent); type IntoIter = indexmap::map::Iter<'a, String, WithIntent>; fn into_iter(self) -> Self::IntoIter { self.iter() } } impl<'a> IntoIterator for &'a mut Map { type Item = (&'a String, &'a mut WithIntent); type IntoIter = indexmap::map::IterMut<'a, String, WithIntent>; fn into_iter(self) -> Self::IntoIter { self.iter_mut() } } // TODO: impl FromIterator<(String, WithIntent)> // TODO: impl FromIterator<(String, Encryptable)> /// Similar to [`Map`], but with all fields decrypted into [`Value`s]. /// /// You can acquire this by calling [`Map::to_plain_map`] with a password. /// /// [`Map`]: struct.Map.html /// [`Map:to_plain_map`]: struct.Map.html#method.to_plain_map /// [`Value`s]: https://docs.rs/serde_json/1/serde_json/enum.Value.html #[derive(Debug, Clone, Default)] pub struct PlainMap { inner: IndexMap<String, Value>, } impl PlainMap { pub fn new() -> Self { Self::default() } /// Converts the `PlainMap` to pretty-printed JSON. pub fn to_json_pretty(&self) -> Result<String, MapToJsonError> { serde_json::to_string_pretty(&self.inner).map_err(MapToJsonError::Serde) } /// Similar to [`to_json_pretty`], except printed as compactly as possible. /// /// This is `serde_json::to_string`, but named explicitly since you usually want /// the `to_json_pretty` variant. /// /// [`to_json_pretty`]: #method.to_json_pretty pub fn to_json_compact(&self) -> Result<String, MapToJsonError> { serde_json::to_string(&self.inner).map_err(MapToJsonError::Serde) } /// Convert this to a [`serde_json::Value`] (in the Object/Map variant). /// /// [`serde_json::Value`]: https://docs.rs/serde_json/1/serde_json/enum.Value.html pub fn to_value(&self) -> Value { let map: serde_json::Map<String, Value> = self.iter().map(|(k, v)| (k.clone(), v.clone())).collect(); map.into() } /// Insert a [`Value`], returning the existing `Value`, if any. /// /// [`Value`]: https://docs.rs/serde_json/1/serde_json/enum.Value.html pub fn insert(&mut self, key: impl Into<String>, value: impl Into<Value>) -> Option<Value> { self.inner.insert(key.into(), value.into()) } /// Inserts the item before the specified index. If the index is >= the number of items, /// it's simply appended to the end. /// /// ``` /// use encon::PlainMap; /// /// let mut map = PlainMap::new(); /// map.insert("foo", serde_json::json!("a")); /// map.insert("baz", serde_json::json!("c")); /// map.insert_before(1, "bar", serde_json::json!("b")); /// /// let keys = map.keys().map(|k| k as &str).collect::<Vec<_>>(); /// assert_eq!(keys, vec!["foo", "bar", "baz"]); /// ``` pub fn insert_before( &mut self, index: usize, key: impl Into<String>, value: impl Into<Value>, ) -> Option<Value> { // TODO: refactor this into a helper to reduce duplication // Check if we're inserting before an item that doesn't yet exist, i.e. appending if index >= self.len() { return self.insert(key, value); } let key = key.into(); let mut to_insert = Some((key.clone(), value.into())); let current_index = self.inner.get_index_of(&key); let new_map = IndexMap::with_capacity(if current_index.is_some() { self.inner.len() } else { self.inner.len() + 1 }); let inner = std::mem::replace(&mut self.inner, new_map); // Try to find an existing item let mut ret = None; for (i, (k, v)) in inner.into_iter().enumerate() { if i == index { // This will only be executed once, but no reason to `.unwrap()` if let Some((key, value)) = to_insert.take() { self.inner.insert(key, value); } } if current_index == Some(i) { ret = Some(v); } else { self.inner.insert(k, v); } } ret } /// Return an iterator over the keys of the map, in their order pub fn keys(&self) -> impl Iterator<Item = &String> { self.inner.keys() } /// Return an iterator over the values of the map, in their order pub fn values(&self) -> impl Iterator<Item = &Value> { self.inner.values() } /// Get the given key’s corresponding entry in the map for insertion and/or in-place manipulation. pub fn entry(&mut self, key: String) -> indexmap::map::Entry<'_, String, Value> { self.inner.entry(key) } /// Return a reference to the value stored for key, if it is present, else None. pub fn get(&self, key: impl Into<String>) -> Option<&Value> { self.inner.get(&key.into()) } /// Return a mutable reference to the value stored for key, if it is present, else None. pub fn get_mut(&mut self, key: impl Into<String>) -> Option<&mut Value> { self.inner.get_mut(&key.into()) } /// Returns a double-ended iterator visiting all key-value pairs in order of insertion. /// Iterator element type is (&'a String, &'a mut Value) pub fn iter(&self) -> indexmap::map::Iter<String, Value> { self.inner.iter() } /// Returns a double-ended iterator visiting all key-value pairs in order of insertion. /// Iterator element type is (&'a String, &'a mut Value) pub fn iter_mut(&mut self) -> indexmap::map::IterMut<String, Value> { self.inner.iter_mut() } /// Remove the entry for this key, and return it if it exists. pub fn remove(&mut self, key: impl Into<String>) -> Option<Value> { self.inner.remove(&key.into()) } /// Remove the entry for this key, and return it if it exists. pub fn sort_keys(&mut self) { self.inner.sort_keys() } pub fn reverse(&mut self) { self.inner.reverse() } /// Returns the number of elements in the map. pub fn len(&self) -> usize { self.inner.len() } /// Returns true if the map contains no elements. pub fn is_empty(&self) -> bool { self.inner.is_empty() } } impl IntoIterator for PlainMap { type Item = (String, Value); type IntoIter = indexmap::map::IntoIter<String, Value>; fn into_iter(self) -> Self::IntoIter { self.inner.into_iter() } } impl<'a> IntoIterator for &'a PlainMap { type Item = (&'a String, &'a Value); type IntoIter = indexmap::map::Iter<'a, String, Value>; fn into_iter(self) -> Self::IntoIter { self.iter() } } impl<'a> IntoIterator for &'a mut PlainMap { type Item = (&'a String, &'a mut Value); type IntoIter = indexmap::map::IterMut<'a, String, Value>; fn into_iter(self) -> Self::IntoIter { self.iter_mut() } } #[cfg(test)] mod tests { use super::Encryptable; use serde_json::json; #[test] fn deserialize_encrypted() { let enc: Encryptable = serde_json::from_value(json!({ "_encrypted": [ "010203", "040506" ] })) .expect("deserialize"); assert_eq!( enc.as_encrypted().expect("as_encrypted"), &[1, 2, 3, 4, 5, 6] ); } #[test] fn deserialize_other_object() { let value = json!({ "_encrypted": [ "NOT_HEX", "040506" ] }); let enc: Encryptable = serde_json::from_value(value.clone()).expect("deserialize"); assert_eq!(enc.as_plain().expect("as_plain"), &value); } }