Commit 547904d1 authored by ale's avatar ale

Move user key encryption/decryption to the backend package

parent e5211476
......@@ -2,11 +2,14 @@ package backend
import (
"errors"
"fmt"
"strings"
"git.autistici.org/ai3/accountserver"
)
// Extend the AppSpecificPasswordInfo type, which only contains public
// information, with the encrypted password.
type appSpecificPassword struct {
accountserver.AppSpecificPasswordInfo
Password string
......@@ -63,3 +66,26 @@ func getASPInfo(asps []*appSpecificPassword) []*accountserver.AppSpecificPasswor
}
return out
}
func decodeUserEncryptionKeys(values []string) []*accountserver.UserEncryptionKey {
var out []*accountserver.UserEncryptionKey
for _, value := range values {
idx := strings.IndexByte(value, ':')
if idx < 0 {
continue
}
out = append(out, &accountserver.UserEncryptionKey{
ID: value[:idx],
Key: []byte(value[idx+1:]),
})
}
return out
}
func encodeUserEncryptionKeys(keys []*accountserver.UserEncryptionKey) []string {
var out []string
for _, key := range keys {
out = append(out, fmt.Sprintf("%s:%s", key.ID, string(key.Key)))
}
return out
}
......@@ -272,11 +272,11 @@ func (tx *backendTX) SetUserPassword(ctx context.Context, user *accountserver.Us
func (tx *backendTX) GetUserEncryptionKeys(ctx context.Context, user *accountserver.User) ([]*accountserver.UserEncryptionKey, error) {
rawKeys := tx.readAttributeValues(ctx, getUserDN(user), "storageEncryptionKey")
return accountserver.DecodeUserEncryptionKeys(rawKeys), nil
return decodeUserEncryptionKeys(rawKeys), nil
}
func (tx *backendTX) SetUserEncryptionKeys(ctx context.Context, user *accountserver.User, keys []*accountserver.UserEncryptionKey) error {
encKeys := accountserver.EncodeUserEncryptionKeys(keys)
encKeys := encodeUserEncryptionKeys(keys)
tx.setAttr(getUserDN(user), "storageEncryptionKey", encKeys...)
return nil
}
......
......@@ -3,7 +3,6 @@ package accountserver
import (
"encoding/json"
"errors"
"fmt"
"net/url"
"path/filepath"
"strings"
......@@ -84,29 +83,6 @@ type UserEncryptionKey struct {
Key []byte `json:"key"`
}
func DecodeUserEncryptionKeys(values []string) []*UserEncryptionKey {
var out []*UserEncryptionKey
for _, value := range values {
idx := strings.IndexByte(value, ':')
if idx < 0 {
continue
}
out = append(out, &UserEncryptionKey{
ID: value[:idx],
Key: []byte(value[idx+1:]),
})
}
return out
}
func EncodeUserEncryptionKeys(keys []*UserEncryptionKey) []string {
var out []string
for _, key := range keys {
out = append(out, fmt.Sprintf("%s:%s", key.ID, string(key.Key)))
}
return out
}
const (
ResourceTypeEmail = "email"
ResourceTypeMailingList = "list"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment