1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371

use std::io;
use std::io::ErrorKind::InvalidData;

use Error;
use MarkerType;
use CompressType;
use super::{MAX_DOC_SIZE, Hash, Value, ValueRef};
use super::crypto::{HashState, Vault, Key, Identity, CryptoError};
use decode;

/// A single, immutable fog-pack object that can be signed, hashed, and compressed.
#[derive(Clone)]
pub struct Document {
    hash_state: Option<HashState>,
    doc_hash: Option<Hash>,
    hash: Hash,
    doc_len: usize,
    doc: Vec<u8>,
    compressed: Option<Vec<u8>>,
    override_compression: bool,
    compression: Option<i32>,
    signed_by: Vec<Identity>,
    schema_hash: Option<Hash>,
    validated: bool,
}

// Documents with matching hashes are completely identical
impl PartialEq for Document {
    fn eq(&self, other: &Self) -> bool {
        self.hash() == other.hash()
    }
}

impl Eq for Document {}

impl Document {

    /// Not to be used outside the crate. Allows for creation of a Document from its internal 
    /// parts. Should only be used by Schema/NoSchema for completing the decoding process.
    pub(crate) fn from_parts(
        hash_state: Option<HashState>,
        doc_hash: Option<Hash>,
        hash: Hash,
        doc_len: usize,
        doc: Vec<u8>,
        compressed: Option<Vec<u8>>,
        override_compression: bool,
        compression: Option<i32>,
        signed_by: Vec<Identity>,
        schema_hash: Option<Hash>,
        ) -> Document {

        Document {
            hash_state,
            doc_hash,
            hash,
            doc_len,
            doc,
            compressed,
            override_compression,
            compression,
            signed_by,
            schema_hash,
            validated: true
        }
    }

    /// Create a new document from a given Value. Fails if value isn't an Object, if the value 
    /// has an empty string ("") field that doesn't contain a hash, or if the encoded value is 
    /// greater than the maximum allowed document size.
    pub fn new(v: Value) -> Result<Document, ()> {
        let (schema_hash, validated) = if let Some(obj) = v.as_obj() {
            if let Some(val) = obj.get("") {
                if let Some(hash) = val.as_hash() {
                    (Some(hash.clone()), false)
                }
                else {
                    return Err(()); // Empty string field doesn't contain a hash.
                }
            }
            else {
                (None, true)
            }
        }
        else {
            return Err(()); // Value isn't an object
        };
        let mut doc = Vec::new();
        super::encode::write_value(&mut doc, &v);
        let doc_len = doc.len();
        if doc_len > MAX_DOC_SIZE {
            return Err(());
        }
        let mut hash_state = HashState::new();
        hash_state.update(&doc[..]); 
        let hash = hash_state.get_hash();
        let doc_hash = Some(hash.clone());
        Ok(Document {
            hash_state: Some(hash_state),
            doc_hash,
            hash,
            doc_len,
            doc,
            compressed: None,
            override_compression: false,
            compression: None,
            signed_by: Vec::new(),
            schema_hash,
            validated,
        })
    }

    /// Sign the document with a given Key from a given Vault. Fails if the key is invalid 
    /// (`BadKey`), or can't be found (`NotInStorage`). Also fails if the resulting document is 
    /// larger than the maximum allowed document size.
    pub fn sign(&mut self, vault: &Vault, key: &Key) -> Result<(), CryptoError> {

        // Create the hasher, compute the inner document hasher, and update the hasher to include 
        // any existing signatures.
        if self.hash_state.is_none() || self.doc_hash.is_none() {
            let mut hash_state = HashState::new();
            hash_state.update(&self.doc[..self.doc_len]);
            let doc_hash = hash_state.get_hash();
            if self.doc.len() > self.doc_len {
                hash_state.update(&self.doc[self.doc_len..]);
            }
            self.hash_state = Some(hash_state);
            self.doc_hash = Some(doc_hash);
        }

        let signature = vault.sign(self.doc_hash.as_ref().unwrap(), key)?;
        self.signed_by.push(signature.signed_by().clone());
        let len = self.doc.len();
        signature.encode(&mut self.doc);
        let new_len = self.doc.len();
        if new_len > MAX_DOC_SIZE {
            return Err(CryptoError::Io(io::Error::new(InvalidData, "Document is too large with signature")));
        }
        if new_len > len {
            let hash_state = self.hash_state.as_mut().unwrap();
            hash_state.update(&self.doc[len..]);
            self.hash = hash_state.get_hash();
        }
        self.compressed = None;
        Ok(())
    }

    /// Specifically set compression, overriding default schema settings. If None, no compression 
    /// will be used. If some `i32`, the value will be passed to the zstd compressor. Note: if the 
    /// document has no schema settings, it defaults to generic compression with default zstd 
    /// settings. This also clears out any cached compression data.
    pub fn set_compression(&mut self, compression: Option<i32>) {
        self.override_compression = true;
        self.compression = compression;
        self.compressed = None;
    }

    /// Remove any overrides on the compression settings set by [`set_compression`], and clears any 
    /// cached compression data.
    ///
    /// [`set_compression`]: #method.set_compression
    pub fn reset_compression(&mut self) {
        self.override_compression = false;
        self.compressed = None;
    }

    /// Clear out any cached compression data. If the Document was decoded and had been compressed, 
    /// the compressed version is cached on load in case this is to be re-encoded. This can be 
    /// called to clear out the cached compressed version - it will also be cleared if either
    /// [`set_compression`] or [`reset_compression`] is called.
    ///
    /// [`set_compression`]: #method.set_compression
    /// [`reset_compression`]: #method.reset_compression
    pub fn clear_compress_cache(&mut self) {
        self.compressed = None;
    }

    /// Get an iterator over all known signers of the document.
    pub fn signed_by(&self) -> std::slice::Iter<Identity> {
        self.signed_by.iter()
    }

    /// Get the length of the raw document, prior to encoding.
    pub fn len(&self) -> usize {
        self.doc.len()
    }

    /// Get the Hash of the document as it currently is. Note that adding additional signatures 
    /// will change the Hash.
    pub fn hash(&self) -> &Hash {
        &self.hash
    }

    /// Get the Hash of the schema used by the document, if it exists.
    pub fn schema_hash(&self) -> &Option<Hash> {
        &self.schema_hash
    }

    /// Returns the compression setting that will be used if the compression is overridden. Check 
    /// override status with [`override_compression`].
    ///
    /// [`override_compression`]: #method.override_compression
    pub fn compression(&self) -> Option<i32> {
        self.compression
    }

    /// Returns true if compression is being overridden. If true, the setting returned by 
    /// [`compression`] will be used.
    ///
    /// [`compression`]: #method.compression
    pub fn override_compression(&self) -> bool {
        self.override_compression
    }

    /// Returns true if the document has previously been validated by a schema or the general 
    /// fog-pack validator. This is always true on Documents that were decoded from raw byte 
    /// slices.
    pub fn validated(&self) -> bool {
        self.validated
    }

    /// Retrieve the value stored inside the document as a `ValueRef`. This value has the same 
    /// lifetime as the Document; it can be converted to a `Value` if it needs to outlast the 
    /// Document.
    pub fn value(&self) -> ValueRef {
        super::decode::read_value_ref(&mut &self.doc[..]).unwrap()
    }

    pub(crate) fn raw_doc(&self) -> &[u8] {
        &self.doc
    }

}

/// Finds the schema hash for a raw, encoded document. Fails if raw data doesn't fit the document 
/// format, or if the empty field ("") doesn't contain a Hash. If there is no schema, `None` is 
/// returned.
///
/// This function is primarily meant for finding what schema to use for decoding of a byte vector 
/// into a document.
///
/// # Examples
///
/// Basic Usage, assuming a HashMap of schemas is available:
///
/// ```
/// # use fog_pack::*;
/// # use std::collections::HashMap;
/// # use std::io;
/// # fn decode_doc(
/// #   no_schema: &mut NoSchema,
/// #   schema_db: &mut HashMap<Hash, Schema>,
/// #   buffer: &[u8]
/// # )
/// # -> fog_pack::Result<Document> {
///
/// let schema_hash = extract_schema_hash(&buffer)?;
/// if let Some(schema_hash) = schema_hash {
///     if let Some(schema) = schema_db.get_mut(&schema_hash) {
///         let mut buf: &[u8] = buffer;
///         schema.decode_doc(&mut buf)
///     }
///     else {
///         Err(Error::FailValidate(0, "Don't have schema"))
///     }
/// }
/// else {
///     no_schema.decode_doc(&mut &buffer[..])
/// }
/// # }
/// ```
pub fn extract_schema_hash(buf: &[u8]) -> crate::Result<Option<Hash>> {
    let mut buf: &[u8] = buf;
    let compressed = CompressType::decode(&mut buf)?;
    match compressed {
        CompressType::CompressedNoSchema => Ok(None),
        CompressType::Uncompressed | CompressType::Compressed | CompressType::DictCompressed 
            => parse_schema_hash(&mut buf),
    }
}

/// Parses the schema hash and advances the slice pointer past the hash. Used when we already 
/// parsed the compression type and want to try reading the schema hash
pub(crate) fn parse_schema_hash(buf: &mut &[u8]) -> crate::Result<Option<Hash>> {
    // Get the object tag & number of field/value pairs it has
    let obj_len = if let MarkerType::Object(len) = decode::read_marker(buf)? {
        len
    }
    else {
        return Err(Error::BadEncode(buf.len(), "Raw document isn't a fogpack object"));
    };
    if obj_len == 0 { return Ok(None); }

    // Get the first field - should be the empty string if there is a schema used.
    let field = decode::read_str(buf)?;
    if field.len() > 0 {
        return Ok(None);
    }
    decode::read_hash(buf)
        .map(|v| Some(v))
        .map_err(|_e| Error::BadEncode(buf.len(), "Empty string field doesn't have a Hash as its value"))
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::crypto::{Vault, PasswordLevel};

    fn test_doc() -> Document {
        let test: Value = fogpack!({
            "test": true,
            "boolean": true,
            "positive": 1,
            "negative": -1,
            "string": "string",
            "float32": 1.0f32,
            "float64": 1.0f64,
            "binary": vec![0u8,1u8,2u8],
            "array": [Value::from(0), Value::from("an_array")] 
        });
        Document::new(test).expect("Should've been able to encode as a document")
    }

    fn test_doc_with_schema() -> Document {
        let fake_hash = Hash::new("test".as_bytes());
        let test: Value = fogpack!({
            "" : fake_hash,
            "test": true,
            "boolean": true,
        });
        Document::new(test).expect("Should've been able to encode as a document")
    }

    fn prep_vault() -> (Vault, Key) {
        let mut vault = Vault::new_from_password(PasswordLevel::Interactive, "test".to_string())
            .expect("Should have been able to make a new vault for testing");
        let key = vault.new_key();
        (vault, key)
    }

    #[test]
    fn equality_checks() {
        let test0 = test_doc_with_schema();
        let test1 = test_doc();
        let test2 = test_doc();
        assert!(test0 != test1, "Different documents were considered equal");
        assert!(test2 == test1, "Identically-generated documents weren't considered equal");
    }

    #[test]
    fn large_data() {
        let mut large_bin = Vec::new();
        large_bin.resize(MAX_DOC_SIZE, 0u8);
        let test: Value = fogpack!({
            "b": large_bin.clone(),
        });
        let test = Document::new(test);
        assert!(test.is_err(), "Should've been too large to encode as a document");

        large_bin.resize(MAX_DOC_SIZE-8, 0u8);
        let test: Value = fogpack!({
            "b": large_bin,
        });
        let test = Document::new(test);
        assert!(test.is_ok(), "Should've been just small enough to encode as a document");

        let mut test = test.unwrap();
        let (vault, key) = prep_vault();
        assert!(test.sign(&vault, &key).is_err(), "Should've failed because signing put it past the maximum allowed size");
    }
}