Move user key encryption/decryption to the backend package

547904d1 · ale · e5211476 · 547904d1 · 547904d1 · 547904d1
Commit 547904d1 authored 6 years ago by ale
--- a/backend/composite_values.go
+++ b/backend/composite_values.go
@@ -2,11 +2,14 @@ package backend

 import (
 	"errors"
+	"fmt"
 	"strings"

 	"git.autistici.org/ai3/accountserver"
 )

+// Extend the AppSpecificPasswordInfo type, which only contains public
+// information, with the encrypted password.
 type appSpecificPassword struct {
 	accountserver.AppSpecificPasswordInfo
 	Password string
@@ -63,3 +66,26 @@ func getASPInfo(asps []*appSpecificPassword) []*accountserver.AppSpecificPasswor
 	}
 	return out
 }
+
+func decodeUserEncryptionKeys(values []string) []*accountserver.UserEncryptionKey {
+	var out []*accountserver.UserEncryptionKey
+	for _, value := range values {
+		idx := strings.IndexByte(value, ':')
+		if idx < 0 {
+			continue
+		}
+		out = append(out, &accountserver.UserEncryptionKey{
+			ID:  value[:idx],
+			Key: []byte(value[idx+1:]),
+		})
+	}
+	return out
+}
+
+func encodeUserEncryptionKeys(keys []*accountserver.UserEncryptionKey) []string {
+	var out []string
+	for _, key := range keys {
+		out = append(out, fmt.Sprintf("%s:%s", key.ID, string(key.Key)))
+	}
+	return out
+}
--- a/backend/model.go
+++ b/backend/model.go
@@ -272,11 +272,11 @@ func (tx *backendTX) SetUserPassword(ctx context.Context, user *accountserver.Us

 func (tx *backendTX) GetUserEncryptionKeys(ctx context.Context, user *accountserver.User) ([]*accountserver.UserEncryptionKey, error) {
 	rawKeys := tx.readAttributeValues(ctx, getUserDN(user), "storageEncryptionKey")
-	return accountserver.DecodeUserEncryptionKeys(rawKeys), nil
+	return decodeUserEncryptionKeys(rawKeys), nil
 }

 func (tx *backendTX) SetUserEncryptionKeys(ctx context.Context, user *accountserver.User, keys []*accountserver.UserEncryptionKey) error {
-	encKeys := accountserver.EncodeUserEncryptionKeys(keys)
+	encKeys := encodeUserEncryptionKeys(keys)
 	tx.setAttr(getUserDN(user), "storageEncryptionKey", encKeys...)
 	return nil
 }

--- a/types.go
+++ b/types.go
@@ -3,7 +3,6 @@ package accountserver
 import (
 	"encoding/json"
 	"errors"
-	"fmt"
 	"net/url"
 	"path/filepath"
 	"strings"
@@ -84,29 +83,6 @@ type UserEncryptionKey struct {
 	Key []byte `json:"key"`
 }

-func DecodeUserEncryptionKeys(values []string) []*UserEncryptionKey {
-	var out []*UserEncryptionKey
-	for _, value := range values {
-		idx := strings.IndexByte(value, ':')
-		if idx < 0 {
-			continue
-		}
-		out = append(out, &UserEncryptionKey{
-			ID:  value[:idx],
-			Key: []byte(value[idx+1:]),
-		})
-	}
-	return out
-}
-
-func EncodeUserEncryptionKeys(keys []*UserEncryptionKey) []string {
-	var out []string
-	for _, key := range keys {
-		out = append(out, fmt.Sprintf("%s:%s", key.ID, string(key.Key)))
-	}
-	return out
-}
-
 const (
 	ResourceTypeEmail       = "email"
 	ResourceTypeMailingList = "list"