Commit 547904d1 authored by ale's avatar ale

Move user key encryption/decryption to the backend package

parent e5211476
...@@ -2,11 +2,14 @@ package backend ...@@ -2,11 +2,14 @@ package backend
import ( import (
"errors" "errors"
"fmt"
"strings" "strings"
"git.autistici.org/ai3/accountserver" "git.autistici.org/ai3/accountserver"
) )
// Extend the AppSpecificPasswordInfo type, which only contains public
// information, with the encrypted password.
type appSpecificPassword struct { type appSpecificPassword struct {
accountserver.AppSpecificPasswordInfo accountserver.AppSpecificPasswordInfo
Password string Password string
...@@ -63,3 +66,26 @@ func getASPInfo(asps []*appSpecificPassword) []*accountserver.AppSpecificPasswor ...@@ -63,3 +66,26 @@ func getASPInfo(asps []*appSpecificPassword) []*accountserver.AppSpecificPasswor
} }
return out return out
} }
func decodeUserEncryptionKeys(values []string) []*accountserver.UserEncryptionKey {
var out []*accountserver.UserEncryptionKey
for _, value := range values {
idx := strings.IndexByte(value, ':')
if idx < 0 {
continue
}
out = append(out, &accountserver.UserEncryptionKey{
ID: value[:idx],
Key: []byte(value[idx+1:]),
})
}
return out
}
func encodeUserEncryptionKeys(keys []*accountserver.UserEncryptionKey) []string {
var out []string
for _, key := range keys {
out = append(out, fmt.Sprintf("%s:%s", key.ID, string(key.Key)))
}
return out
}
...@@ -272,11 +272,11 @@ func (tx *backendTX) SetUserPassword(ctx context.Context, user *accountserver.Us ...@@ -272,11 +272,11 @@ func (tx *backendTX) SetUserPassword(ctx context.Context, user *accountserver.Us
func (tx *backendTX) GetUserEncryptionKeys(ctx context.Context, user *accountserver.User) ([]*accountserver.UserEncryptionKey, error) { func (tx *backendTX) GetUserEncryptionKeys(ctx context.Context, user *accountserver.User) ([]*accountserver.UserEncryptionKey, error) {
rawKeys := tx.readAttributeValues(ctx, getUserDN(user), "storageEncryptionKey") rawKeys := tx.readAttributeValues(ctx, getUserDN(user), "storageEncryptionKey")
return accountserver.DecodeUserEncryptionKeys(rawKeys), nil return decodeUserEncryptionKeys(rawKeys), nil
} }
func (tx *backendTX) SetUserEncryptionKeys(ctx context.Context, user *accountserver.User, keys []*accountserver.UserEncryptionKey) error { func (tx *backendTX) SetUserEncryptionKeys(ctx context.Context, user *accountserver.User, keys []*accountserver.UserEncryptionKey) error {
encKeys := accountserver.EncodeUserEncryptionKeys(keys) encKeys := encodeUserEncryptionKeys(keys)
tx.setAttr(getUserDN(user), "storageEncryptionKey", encKeys...) tx.setAttr(getUserDN(user), "storageEncryptionKey", encKeys...)
return nil return nil
} }
......
...@@ -3,7 +3,6 @@ package accountserver ...@@ -3,7 +3,6 @@ package accountserver
import ( import (
"encoding/json" "encoding/json"
"errors" "errors"
"fmt"
"net/url" "net/url"
"path/filepath" "path/filepath"
"strings" "strings"
...@@ -84,29 +83,6 @@ type UserEncryptionKey struct { ...@@ -84,29 +83,6 @@ type UserEncryptionKey struct {
Key []byte `json:"key"` Key []byte `json:"key"`
} }
func DecodeUserEncryptionKeys(values []string) []*UserEncryptionKey {
var out []*UserEncryptionKey
for _, value := range values {
idx := strings.IndexByte(value, ':')
if idx < 0 {
continue
}
out = append(out, &UserEncryptionKey{
ID: value[:idx],
Key: []byte(value[idx+1:]),
})
}
return out
}
func EncodeUserEncryptionKeys(keys []*UserEncryptionKey) []string {
var out []string
for _, key := range keys {
out = append(out, fmt.Sprintf("%s:%s", key.ID, string(key.Key)))
}
return out
}
const ( const (
ResourceTypeEmail = "email" ResourceTypeEmail = "email"
ResourceTypeMailingList = "list" ResourceTypeMailingList = "list"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment