1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

// MIT License
//
// Copyright (c) 2023,2024 Robin Doer
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to
// deal in the Software without restriction, including without limitation the
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
// sell copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
// IN THE SOFTWARE.

use anyhow::{ensure, Result};
use clap::{value_parser, ArgAction, Args};
use log::debug;
use nuts_container::{Cipher, Container, CreateOptionsBuilder, Kdf};
use nuts_tool_api::tool::Plugin;

use crate::backend::{PluginBackend, PluginBackendCreateBuilder};
use crate::cli::ask_for_password;
use crate::cli::container::{CliCipher, AES128_GCM};
use crate::config::{ContainerConfig, PluginConfig};

#[derive(Args, Debug)]
pub struct ContainerCreateArgs {
    /// The  name of the new container
    name: String,

    /// Specifies the plugin used by the new container
    #[clap(short, long)]
    plugin: String,

    /// Sets the cipher to CIPHER.
    #[clap(short, long, value_parser = value_parser!(CliCipher), default_value = AES128_GCM)]
    cipher: CliCipher,

    /// Specifies the key derivation function.
    ///
    /// There are two ways to specify the KDF. The short form
    /// only specifies the algorithm name. The long form can
    /// customize the algorithm; it starts with the algorithm
    /// name followed by sections separated by a colon. A section
    /// can empty. In this case a default value is taken. The
    /// number of sections and its meaning depends on the
    /// algorithm.
    ///
    /// For PBKDF2: pbkdf2[:[<DIGEST>]:[<ITERATIONS>]:[<SALT_LENGTH>]]
    ///
    /// Selects PBKDF2 with the given digest (default: sha1),
    /// the given number of iterations (default: 65536) and salt
    /// length (default: 16).
    #[clap(short, long, value_parser)]
    kdf: Option<Kdf>,

    /// If set, overwrites an existing container
    #[clap(short, long, action = ArgAction::SetTrue)]
    overwrite: bool,

    /// Arguments passed to the plugin
    #[clap(value_name = "PLUGIN ARGS")]
    plugin_args: Vec<String>,
}

impl ContainerCreateArgs {
    pub fn run(&self) -> Result<()> {
        debug!("name: {}", self.name);
        debug!("plugin: {}", self.plugin);
        debug!("cipher: {:?}", *self.cipher);
        debug!("overwrite: {}", self.overwrite);
        debug!("plugin args: {:?}", self.plugin_args);

        let plugin_config = PluginConfig::load()?;
        let mut container_config = ContainerConfig::load()?;

        let exe = plugin_config.path(&self.plugin)?;
        let plugin = Plugin::new(&exe);

        let container_add_ok = container_config.add_plugin(&self.name, &self.plugin, false);
        ensure!(
            container_add_ok,
            "you already have a container with the name {}",
            self.name
        );

        let backend_options = PluginBackendCreateBuilder::new(plugin, &self.name)?;
        let mut builder = CreateOptionsBuilder::new(*self.cipher)
            .with_password_callback(ask_for_password)
            .with_overwrite(self.overwrite);

        if self.cipher != Cipher::None {
            if let Some(kdf) = self.kdf.clone() {
                debug!("kdf: {:?}", kdf);
                builder = builder.with_kdf(kdf);
            }
        }

        let options = builder.build::<PluginBackend>()?;
        Container::<PluginBackend>::create(backend_options, options)?;

        container_config.save()?;

        Ok(())
    }
}