status-go/server/payload_manager.go

498 lines
13 KiB
Go
Raw Normal View History

package server
import (
"crypto/rand"
"encoding/json"
"fmt"
"io/ioutil"
"os"
"path/filepath"
"github.com/golang/protobuf/proto"
2022-10-21 12:15:39 +00:00
"go.uber.org/zap"
2022-06-24 23:09:01 +00:00
"github.com/status-im/status-go/account/generator"
"github.com/status-im/status-go/eth-node/keystore"
"github.com/status-im/status-go/multiaccounts"
"github.com/status-im/status-go/protocol/common"
"github.com/status-im/status-go/protocol/protobuf"
)
// PayloadManager is the interface for PayloadManagers and wraps the basic functions for fulfilling payload management
2022-07-01 15:37:53 +00:00
type PayloadManager interface {
// Mount Loads the payload into the PayloadManager's state
2022-07-01 15:37:53 +00:00
Mount() error
// Receive stores data from an inbound source into the PayloadManager's state
2022-07-01 15:37:53 +00:00
Receive(data []byte) error
// ToSend returns an outbound safe (encrypted) payload
2022-07-01 15:37:53 +00:00
ToSend() []byte
// Received returns a decrypted and parsed payload from an inbound source
2022-07-01 15:37:53 +00:00
Received() []byte
// ResetPayload resets all payloads the PayloadManager has in its state
ResetPayload()
// EncryptPlain encrypts the given plaintext using internal key(s)
2022-08-19 12:45:50 +00:00
EncryptPlain(plaintext []byte) ([]byte, error)
// LockPayload prevents future excess to outbound safe and received data
LockPayload()
2022-07-01 15:37:53 +00:00
}
// PairingPayloadSourceConfig represents location and access data of the pairing payload
// ONLY available from the application client
type PairingPayloadSourceConfig struct {
KeystorePath string `json:"keystorePath"`
KeyUID string `json:"keyUID"`
Password string `json:"password"`
}
// PairingPayloadManagerConfig represents the initialisation parameters required for a PairingPayloadManager
2022-07-01 15:37:53 +00:00
type PairingPayloadManagerConfig struct {
DB *multiaccounts.Database
PairingPayloadSourceConfig
2022-07-01 15:37:53 +00:00
}
// PairingPayloadManager is responsible for the whole lifecycle of a PairingPayload
2022-06-29 15:21:22 +00:00
type PairingPayloadManager struct {
2022-10-21 12:15:39 +00:00
logger *zap.Logger
pp *PairingPayload
2022-08-19 12:45:50 +00:00
*PayloadEncryptionManager
2022-06-29 15:21:22 +00:00
ppm *PairingPayloadMarshaller
2022-07-01 15:37:53 +00:00
ppr PayloadRepository
2022-06-29 15:21:22 +00:00
}
// NewPairingPayloadManager generates a new and initialised PairingPayloadManager
2022-10-21 12:15:39 +00:00
func NewPairingPayloadManager(aesKey []byte, config *PairingPayloadManagerConfig, logger *zap.Logger) (*PairingPayloadManager, error) {
l := logger.Named("PairingPayloadManager")
l.Debug("fired", zap.Binary("aesKey", aesKey), zap.Any("config", config))
pem, err := NewPayloadEncryptionManager(aesKey, l)
2022-06-29 15:21:22 +00:00
if err != nil {
return nil, err
}
// A new SHARED PairingPayload
p := new(PairingPayload)
2022-06-29 15:21:22 +00:00
return &PairingPayloadManager{
2022-10-21 12:15:39 +00:00
logger: l,
2022-08-19 12:45:50 +00:00
pp: p,
PayloadEncryptionManager: pem,
ppm: NewPairingPayloadMarshaller(p, l),
2022-08-19 12:45:50 +00:00
ppr: NewPairingPayloadRepository(p, config),
2022-06-29 15:21:22 +00:00
}, nil
}
// Mount loads and prepares the payload to be stored in the PairingPayloadManager's state ready for later access
2022-07-01 15:37:53 +00:00
func (ppm *PairingPayloadManager) Mount() error {
2022-10-21 12:15:39 +00:00
l := ppm.logger.Named("Mount()")
l.Debug("fired")
2022-07-01 15:37:53 +00:00
err := ppm.ppr.LoadFromSource()
if err != nil {
return err
}
2022-10-21 12:15:39 +00:00
l.Debug("after LoadFromSource")
2022-07-01 15:37:53 +00:00
pb, err := ppm.ppm.MarshalToProtobuf()
if err != nil {
return err
}
2022-10-21 12:15:39 +00:00
l.Debug(
"after MarshalToProtobuf",
zap.Any("ppm.ppm.keys", ppm.ppm.keys),
zap.Any("ppm.ppm.multiaccount", ppm.ppm.multiaccount),
zap.String("ppm.ppm.password", ppm.ppm.password),
zap.Binary("pb", pb),
)
2022-10-17 09:25:57 +00:00
2022-08-19 12:45:50 +00:00
return ppm.Encrypt(pb)
2022-07-01 15:37:53 +00:00
}
// Receive takes a []byte representing raw data, parses and stores the data
2022-07-01 15:37:53 +00:00
func (ppm *PairingPayloadManager) Receive(data []byte) error {
2022-10-21 12:15:39 +00:00
l := ppm.logger.Named("Receive()")
l.Debug("fired")
2022-08-19 12:45:50 +00:00
err := ppm.Decrypt(data)
2022-07-01 15:37:53 +00:00
if err != nil {
return err
}
2022-10-21 12:15:39 +00:00
l.Debug("after Decrypt")
2022-07-01 15:37:53 +00:00
2022-08-19 12:45:50 +00:00
err = ppm.ppm.UnmarshalProtobuf(ppm.Received())
2022-07-01 15:37:53 +00:00
if err != nil {
return err
}
2022-10-21 12:15:39 +00:00
l.Debug(
"after UnmarshalProtobuf",
zap.Any("ppm.ppm.keys", ppm.ppm.keys),
zap.Any("ppm.ppm.multiaccount", ppm.ppm.multiaccount),
zap.String("ppm.ppm.password", ppm.ppm.password),
zap.Binary("ppm.Received()", ppm.Received()),
)
2022-07-01 15:37:53 +00:00
return ppm.ppr.StoreToSource()
}
// ResetPayload resets all payload state managed by the PairingPayloadManager
func (ppm *PairingPayloadManager) ResetPayload() {
ppm.pp.ResetPayload()
2022-08-19 12:45:50 +00:00
ppm.PayloadEncryptionManager.ResetPayload()
}
2022-07-01 15:37:53 +00:00
// EncryptionPayload represents the plain text and encrypted text of payload data
2022-06-29 15:21:22 +00:00
type EncryptionPayload struct {
plain []byte
encrypted []byte
locked bool
}
func (ep *EncryptionPayload) lock() {
ep.locked = true
}
2022-07-01 15:37:53 +00:00
// PayloadEncryptionManager is responsible for encrypting and decrypting payload data
2022-06-29 15:21:22 +00:00
type PayloadEncryptionManager struct {
2022-10-21 12:15:39 +00:00
logger *zap.Logger
aesKey []byte
2022-06-29 15:21:22 +00:00
toSend *EncryptionPayload
received *EncryptionPayload
}
2022-10-21 12:15:39 +00:00
func NewPayloadEncryptionManager(aesKey []byte, logger *zap.Logger) (*PayloadEncryptionManager, error) {
return &PayloadEncryptionManager{logger.Named("PayloadEncryptionManager"), aesKey, new(EncryptionPayload), new(EncryptionPayload)}, nil
}
// EncryptPlain encrypts any given plain text using the internal AES key and returns the encrypted value
// This function is different to Encrypt as the internal EncryptionPayload.encrypted value is not set
2022-08-19 12:45:50 +00:00
func (pem *PayloadEncryptionManager) EncryptPlain(plaintext []byte) ([]byte, error) {
2022-10-21 12:15:39 +00:00
l := pem.logger.Named("EncryptPlain()")
l.Debug("fired")
2022-08-19 12:45:50 +00:00
return common.Encrypt(plaintext, pem.aesKey, rand.Reader)
}
2022-07-01 15:37:53 +00:00
func (pem *PayloadEncryptionManager) Encrypt(data []byte) error {
2022-10-21 12:15:39 +00:00
l := pem.logger.Named("Encrypt()")
l.Debug("fired")
2022-06-29 15:21:22 +00:00
ep, err := common.Encrypt(data, pem.aesKey, rand.Reader)
if err != nil {
return err
}
2022-06-29 15:21:22 +00:00
pem.toSend.plain = data
pem.toSend.encrypted = ep
2022-10-21 12:15:39 +00:00
l.Debug(
"after common.Encrypt",
zap.Binary("data", data),
zap.Binary("pem.aesKey", pem.aesKey),
zap.Binary("ep", ep),
)
return nil
}
2022-07-01 15:37:53 +00:00
func (pem *PayloadEncryptionManager) Decrypt(data []byte) error {
2022-10-21 12:15:39 +00:00
l := pem.logger.Named("Decrypt()")
l.Debug("fired")
2022-06-29 15:21:22 +00:00
pd, err := common.Decrypt(data, pem.aesKey)
2022-10-21 12:15:39 +00:00
l.Debug(
"after common.Decrypt(data, pem.aesKey)",
zap.Binary("data", data),
zap.Binary("pem.aesKey", pem.aesKey),
zap.Binary("pd", pd),
zap.Error(err),
)
if err != nil {
return err
}
2022-06-29 15:21:22 +00:00
pem.received.encrypted = data
pem.received.plain = pd
return nil
}
2022-06-29 15:21:22 +00:00
func (pem *PayloadEncryptionManager) ToSend() []byte {
if pem.toSend.locked {
return nil
}
2022-06-29 15:21:22 +00:00
return pem.toSend.encrypted
}
2022-06-29 15:21:22 +00:00
func (pem *PayloadEncryptionManager) Received() []byte {
if pem.toSend.locked {
return nil
}
2022-06-29 15:21:22 +00:00
return pem.received.plain
}
2022-06-29 15:21:22 +00:00
func (pem *PayloadEncryptionManager) ResetPayload() {
pem.toSend = new(EncryptionPayload)
pem.received = new(EncryptionPayload)
}
func (pem *PayloadEncryptionManager) LockPayload() {
l := pem.logger.Named("LockPayload")
l.Debug("fired")
pem.toSend.lock()
pem.received.lock()
}
2022-06-29 15:21:22 +00:00
// PairingPayload represents the payload structure a PairingServer handles
type PairingPayload struct {
keys map[string][]byte
multiaccount *multiaccounts.Account
password string
}
func (pp *PairingPayload) ResetPayload() {
*pp = PairingPayload{}
}
2022-06-29 15:21:22 +00:00
// PairingPayloadMarshaller is responsible for marshalling and unmarshalling PairingServer payload data
type PairingPayloadMarshaller struct {
2022-10-21 12:15:39 +00:00
logger *zap.Logger
2022-06-29 15:21:22 +00:00
*PairingPayload
}
func NewPairingPayloadMarshaller(p *PairingPayload, logger *zap.Logger) *PairingPayloadMarshaller {
return &PairingPayloadMarshaller{logger: logger, PairingPayload: p}
2022-07-01 15:37:53 +00:00
}
2022-06-29 15:21:22 +00:00
func (ppm *PairingPayloadMarshaller) MarshalToProtobuf() ([]byte, error) {
return proto.Marshal(&protobuf.LocalPairingPayload{
Keys: ppm.accountKeysToProtobuf(),
Multiaccount: ppm.multiaccount.ToProtobuf(),
2022-06-29 15:21:22 +00:00
Password: ppm.password,
})
}
func (ppm *PairingPayloadMarshaller) accountKeysToProtobuf() []*protobuf.LocalPairingPayload_Key {
var keys []*protobuf.LocalPairingPayload_Key
for name, data := range ppm.keys {
keys = append(keys, &protobuf.LocalPairingPayload_Key{Name: name, Data: data})
}
return keys
}
func (ppm *PairingPayloadMarshaller) UnmarshalProtobuf(data []byte) error {
2022-10-21 12:15:39 +00:00
l := ppm.logger.Named("UnmarshalProtobuf()")
l.Debug("fired")
2022-06-29 15:21:22 +00:00
pb := new(protobuf.LocalPairingPayload)
err := proto.Unmarshal(data, pb)
2022-10-21 12:15:39 +00:00
l.Debug(
"after protobuf.LocalPairingPayload",
zap.Any("pb", pb),
zap.Any("pb.Multiaccount", pb.Multiaccount),
zap.Any("pb.Keys", pb.Keys),
)
if err != nil {
return err
}
2022-06-29 15:21:22 +00:00
ppm.accountKeysFromProtobuf(pb.Keys)
ppm.multiaccountFromProtobuf(pb.Multiaccount)
ppm.password = pb.Password
return nil
}
func (ppm *PairingPayloadMarshaller) accountKeysFromProtobuf(pbKeys []*protobuf.LocalPairingPayload_Key) {
2022-10-21 12:15:39 +00:00
l := ppm.logger.Named("accountKeysFromProtobuf()")
l.Debug("fired")
2022-06-29 15:21:22 +00:00
if ppm.keys == nil {
ppm.keys = make(map[string][]byte)
}
for _, key := range pbKeys {
ppm.keys[key.Name] = key.Data
}
2022-10-21 12:15:39 +00:00
l.Debug(
"after for _, key := range pbKeys",
zap.Any("pbKeys", pbKeys),
zap.Any("ppm.keys", ppm.keys),
)
2022-06-29 15:21:22 +00:00
}
func (ppm *PairingPayloadMarshaller) multiaccountFromProtobuf(pbMultiAccount *protobuf.MultiAccount) {
ppm.multiaccount = new(multiaccounts.Account)
ppm.multiaccount.FromProtobuf(pbMultiAccount)
2022-06-29 15:21:22 +00:00
}
2022-07-01 15:37:53 +00:00
type PayloadRepository interface {
LoadFromSource() error
StoreToSource() error
}
2022-06-29 15:21:22 +00:00
// PairingPayloadRepository is responsible for loading, parsing, validating and storing PairingServer payload data
type PairingPayloadRepository struct {
*PairingPayload
multiaccountsDB *multiaccounts.Database
2022-07-01 15:37:53 +00:00
keystorePath, keyUID string
2022-06-29 15:21:22 +00:00
}
func NewPairingPayloadRepository(p *PairingPayload, config *PairingPayloadManagerConfig) *PairingPayloadRepository {
2022-07-01 15:37:53 +00:00
ppr := &PairingPayloadRepository{
PairingPayload: p,
2022-06-29 15:21:22 +00:00
}
2022-07-01 15:37:53 +00:00
if config == nil {
return ppr
}
ppr.multiaccountsDB = config.DB
ppr.keystorePath = config.KeystorePath
ppr.keyUID = config.KeyUID
ppr.password = config.Password
return ppr
2022-06-29 15:21:22 +00:00
}
2022-07-01 15:37:53 +00:00
func (ppr *PairingPayloadRepository) LoadFromSource() error {
err := ppr.loadKeys(ppr.keystorePath)
if err != nil {
return err
}
2022-06-29 15:21:22 +00:00
2022-07-01 15:37:53 +00:00
err = ppr.validateKeys(ppr.password)
2022-06-29 15:21:22 +00:00
if err != nil {
return err
}
2022-07-01 15:37:53 +00:00
ppr.multiaccount, err = ppr.multiaccountsDB.GetAccount(ppr.keyUID)
2022-06-29 15:21:22 +00:00
if err != nil {
return err
}
return nil
}
2022-06-29 15:21:22 +00:00
func (ppr *PairingPayloadRepository) loadKeys(keyStorePath string) error {
ppr.keys = make(map[string][]byte)
fileWalker := func(path string, fileInfo os.FileInfo, err error) error {
if err != nil {
return err
}
if fileInfo.IsDir() || filepath.Dir(path) != keyStorePath {
return nil
}
rawKeyFile, err := ioutil.ReadFile(path)
if err != nil {
return fmt.Errorf("invalid account key file: %v", err)
}
accountKey := new(keystore.EncryptedKeyJSONV3)
if err := json.Unmarshal(rawKeyFile, &accountKey); err != nil {
return fmt.Errorf("failed to read key file: %s", err)
}
if len(accountKey.Address) != 40 {
return fmt.Errorf("account key address has invalid length '%s'", accountKey.Address)
}
2022-06-29 15:21:22 +00:00
ppr.keys[fileInfo.Name()] = rawKeyFile
return nil
}
err := filepath.Walk(keyStorePath, fileWalker)
if err != nil {
return fmt.Errorf("cannot traverse key store folder: %v", err)
}
return nil
}
2022-07-01 15:37:53 +00:00
func (ppr *PairingPayloadRepository) StoreToSource() error {
err := ppr.validateKeys(ppr.password)
2022-06-24 23:09:01 +00:00
if err != nil {
return err
}
2022-07-01 15:37:53 +00:00
err = ppr.storeKeys(ppr.keystorePath)
2022-06-24 23:09:01 +00:00
if err != nil {
return err
}
2022-06-29 15:21:22 +00:00
err = ppr.storeMultiAccount()
2022-06-24 23:09:01 +00:00
if err != nil {
return err
}
2022-06-29 15:21:22 +00:00
// TODO install PublicKey into settings, probably do this outside of StoreToSource
2022-06-24 23:09:01 +00:00
return nil
}
2022-06-29 15:21:22 +00:00
func (ppr *PairingPayloadRepository) validateKeys(password string) error {
for _, key := range ppr.keys {
2022-06-24 23:09:01 +00:00
k, err := keystore.DecryptKey(key, password)
if err != nil {
return err
}
err = generator.ValidateKeystoreExtendedKey(k)
if err != nil {
return err
}
}
return nil
}
2022-06-29 15:21:22 +00:00
func (ppr *PairingPayloadRepository) storeKeys(keyStorePath string) error {
if keyStorePath == "" {
return fmt.Errorf("keyStorePath can not be empty")
}
_, lastDir := filepath.Split(keyStorePath)
// If lastDir == "keystore" we presume we need to create the rest of the keystore path
// else we presume the provided keystore is valid
if lastDir == "keystore" {
if ppr.multiaccount == nil || ppr.multiaccount.KeyUID == "" {
return fmt.Errorf("no known Key UID")
}
keyStorePath = filepath.Join(keyStorePath, ppr.multiaccount.KeyUID)
err := os.MkdirAll(keyStorePath, 0777)
if err != nil {
return err
}
}
2022-06-29 15:21:22 +00:00
for name, data := range ppr.keys {
2022-06-24 23:09:01 +00:00
accountKey := new(keystore.EncryptedKeyJSONV3)
if err := json.Unmarshal(data, &accountKey); err != nil {
return fmt.Errorf("failed to read key file: %s", err)
}
if len(accountKey.Address) != 40 {
return fmt.Errorf("account key address has invalid length '%s'", accountKey.Address)
}
err := ioutil.WriteFile(filepath.Join(keyStorePath, name), data, 0600)
if err != nil {
return err
}
}
return nil
}
2022-06-29 15:21:22 +00:00
func (ppr *PairingPayloadRepository) storeMultiAccount() error {
return ppr.multiaccountsDB.SaveAccount(*ppr.multiaccount)
}