host_sso/

product_key_cache.rs

//! Session-bound product key cache (CHAT-002 / DER-003).
//!
//! Holds derived product public keys in memory, keyed by `(product_id, index)`.
//! The cache is bound to a phone identity; any mismatch triggers a full clear
//! to prevent stale keys from a prior pairing leaking into a new session.

use std::collections::HashMap;

/// A single cached product key entry — serialisable for persistence.
#[derive(Debug, Clone, serde::Serialize, serde::Deserialize)]
pub struct ProductKeyCacheEntry {
    /// Opaque product identifier (e.g. `"acme.dot"`).
    pub product_id: String,
    /// Derivation index for the key slot.
    pub index: u32,
    /// 32-byte sr25519 public key derived by the paired phone.
    pub pubkey: [u8; 32],
}

/// Error returned by [`ProductKeyCache::insert`] when the supplied identity
/// does not match the identity the cache was created for.
#[derive(Debug)]
pub struct CacheIdentityMismatch;

impl std::fmt::Display for CacheIdentityMismatch {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.write_str("product key cache identity mismatch")
    }
}

/// In-memory cache mapping `(product_id, index)` → `pubkey`.
///
/// The cache is bound to a single phone identity at construction time.
/// Callers must pass the current phone identity on every read and write so the
/// cache can detect re-pairing events and self-invalidate automatically.
pub struct ProductKeyCache {
    phone_identity: [u8; 32],
    entries: HashMap<(String, u32), [u8; 32]>,
}

impl ProductKeyCache {
    /// Create an empty cache bound to `phone_identity`.
    pub fn new(phone_identity: [u8; 32]) -> Self {
        Self {
            phone_identity,
            entries: HashMap::new(),
        }
    }

    /// Return the phone identity this cache is bound to.
    pub fn identity(&self) -> &[u8; 32] {
        &self.phone_identity
    }

    /// Look up a cached key for `(product_id, index)`.
    ///
    /// Returns `None` on a cache miss. If `phone_identity` differs from the
    /// stored identity the entire cache is cleared and `None` is returned —
    /// this handles re-pairing with a different phone transparently.
    pub fn get(
        &mut self,
        phone_identity: &[u8; 32],
        product_id: &str,
        index: u32,
    ) -> Option<[u8; 32]> {
        if *phone_identity != self.phone_identity {
            log::warn!("product key cache identity mismatch — clearing");
            self.entries.clear();
            self.phone_identity = *phone_identity;
            return None;
        }
        self.entries.get(&(product_id.to_string(), index)).copied()
    }

    /// Store a key for `(product_id, index)`.
    ///
    /// Returns `Err(CacheIdentityMismatch)` if `phone_identity` differs from the
    /// stored identity; callers should log this as a security event and consider
    /// clearing the cache before retrying.
    pub fn insert(
        &mut self,
        phone_identity: &[u8; 32],
        product_id: &str,
        index: u32,
        pubkey: [u8; 32],
    ) -> Result<(), CacheIdentityMismatch> {
        if *phone_identity != self.phone_identity {
            return Err(CacheIdentityMismatch);
        }
        self.entries.insert((product_id.to_string(), index), pubkey);
        Ok(())
    }

    /// Remove a single entry. No-op if the entry does not exist.
    pub fn remove(&mut self, product_id: &str, index: u32) {
        self.entries.remove(&(product_id.to_string(), index));
    }

    /// Clear all cached entries.  The bound identity is preserved.
    pub fn clear(&mut self) {
        self.entries.clear();
    }

    /// Snapshot all entries for persistence.
    pub fn to_entries(&self) -> Vec<ProductKeyCacheEntry> {
        self.entries
            .iter()
            .map(|((product_id, index), pubkey)| ProductKeyCacheEntry {
                product_id: product_id.clone(),
                index: *index,
                pubkey: *pubkey,
            })
            .collect()
    }

    /// Populate the cache from a previously persisted snapshot.
    ///
    /// If `identity` does not match the cache's bound identity the snapshot is
    /// silently ignored — it belongs to a different pairing session.
    pub fn load_from(&mut self, identity: &[u8; 32], entries: &[ProductKeyCacheEntry]) {
        if *identity != self.phone_identity {
            // Stale snapshot from a prior pairing; discard silently.
            return;
        }
        for e in entries {
            self.entries
                .insert((e.product_id.clone(), e.index), e.pubkey);
        }
    }
}

// ---------------------------------------------------------------------------
// Tests
// ---------------------------------------------------------------------------

#[cfg(test)]
mod tests {
    use super::*;

    const IDENTITY_A: [u8; 32] = [0x01u8; 32];
    const IDENTITY_B: [u8; 32] = [0x02u8; 32];
    const PUBKEY_1: [u8; 32] = [0xAAu8; 32];
    const PUBKEY_2: [u8; 32] = [0xBBu8; 32];

    fn make_cache() -> ProductKeyCache {
        ProductKeyCache::new(IDENTITY_A)
    }

    #[test]
    fn test_cache_hit_returns_stored_key() {
        let mut cache = make_cache();
        cache.insert(&IDENTITY_A, "acme.dot", 0, PUBKEY_1).unwrap();

        let result = cache.get(&IDENTITY_A, "acme.dot", 0);
        assert_eq!(result, Some(PUBKEY_1));
    }

    #[test]
    fn test_cache_miss_returns_none() {
        let mut cache = make_cache();
        let result = cache.get(&IDENTITY_A, "acme.dot", 99);
        assert_eq!(result, None);
    }

    #[test]
    fn test_cache_clears_on_identity_mismatch() {
        let mut cache = make_cache();
        cache.insert(&IDENTITY_A, "acme.dot", 0, PUBKEY_1).unwrap();

        // Reading with a different identity should clear and return None.
        let result = cache.get(&IDENTITY_B, "acme.dot", 0);
        assert_eq!(result, None, "mismatched identity must yield None");

        // Cache must now be empty — even with the new identity.
        let result2 = cache.get(&IDENTITY_B, "acme.dot", 0);
        assert_eq!(
            result2, None,
            "cache must be empty after identity mismatch clear"
        );
    }

    #[test]
    fn test_insert_rejects_identity_mismatch() {
        let mut cache = make_cache();
        let err = cache.insert(&IDENTITY_B, "acme.dot", 0, PUBKEY_1);
        assert!(err.is_err(), "insert must reject a mismatched identity");
    }

    #[test]
    fn test_remove_deletes_entry() {
        let mut cache = make_cache();
        cache.insert(&IDENTITY_A, "acme.dot", 0, PUBKEY_1).unwrap();
        cache.remove("acme.dot", 0);

        let result = cache.get(&IDENTITY_A, "acme.dot", 0);
        assert_eq!(result, None, "entry must be absent after remove");
    }

    #[test]
    fn test_clear_removes_all() {
        let mut cache = make_cache();
        cache.insert(&IDENTITY_A, "acme.dot", 0, PUBKEY_1).unwrap();
        cache.insert(&IDENTITY_A, "foo.dot", 1, PUBKEY_2).unwrap();

        cache.clear();

        assert_eq!(cache.get(&IDENTITY_A, "acme.dot", 0), None);
        assert_eq!(cache.get(&IDENTITY_A, "foo.dot", 1), None);
    }

    #[test]
    fn test_load_from_populates_matching_identity() {
        let mut cache = make_cache();
        let snapshot = vec![
            ProductKeyCacheEntry {
                product_id: "acme.dot".to_string(),
                index: 0,
                pubkey: PUBKEY_1,
            },
            ProductKeyCacheEntry {
                product_id: "foo.dot".to_string(),
                index: 2,
                pubkey: PUBKEY_2,
            },
        ];

        cache.load_from(&IDENTITY_A, &snapshot);

        assert_eq!(cache.get(&IDENTITY_A, "acme.dot", 0), Some(PUBKEY_1));
        assert_eq!(cache.get(&IDENTITY_A, "foo.dot", 2), Some(PUBKEY_2));
    }

    #[test]
    fn test_load_from_ignores_mismatching_identity() {
        let mut cache = make_cache();
        let snapshot = vec![ProductKeyCacheEntry {
            product_id: "acme.dot".to_string(),
            index: 0,
            pubkey: PUBKEY_1,
        }];

        // Load from a different identity — must be ignored.
        cache.load_from(&IDENTITY_B, &snapshot);

        // Original identity lookup must still miss.
        assert_eq!(
            cache.get(&IDENTITY_A, "acme.dot", 0),
            None,
            "stale snapshot must be discarded on identity mismatch"
        );
    }

    #[test]
    fn test_to_entries_snapshots_all() {
        let mut cache = make_cache();
        cache.insert(&IDENTITY_A, "acme.dot", 0, PUBKEY_1).unwrap();
        cache.insert(&IDENTITY_A, "foo.dot", 3, PUBKEY_2).unwrap();

        let entries = cache.to_entries();
        assert_eq!(entries.len(), 2);

        // Verify both entries are present (order is unspecified for HashMap).
        let has_acme = entries
            .iter()
            .any(|e| e.product_id == "acme.dot" && e.index == 0 && e.pubkey == PUBKEY_1);
        let has_foo = entries
            .iter()
            .any(|e| e.product_id == "foo.dot" && e.index == 3 && e.pubkey == PUBKEY_2);

        assert!(has_acme, "snapshot must contain acme.dot entry");
        assert!(has_foo, "snapshot must contain foo.dot entry");
    }
}