mirror of https://github.com/waku-org/nwaku.git
242 lines
8.9 KiB
Nim
242 lines
8.9 KiB
Nim
when (NimMajor, NimMinor) < (1, 4):
|
|
{.push raises: [Defect].}
|
|
else:
|
|
{.push raises: [].}
|
|
|
|
import options, json, strutils, sequtils, std/[tables, os]
|
|
|
|
import ./keyfile, ./conversion_utils, ./protocol_types, ./utils
|
|
|
|
# This proc creates an empty keystore (i.e. with no credentials)
|
|
proc createAppKeystore*(
|
|
path: string, appInfo: AppInfo, separator: string = "\n"
|
|
): KeystoreResult[void] =
|
|
let keystore = AppKeystore(
|
|
application: appInfo.application,
|
|
appIdentifier: appInfo.appIdentifier,
|
|
version: appInfo.version,
|
|
credentials: initTable[string, KeystoreMembership](),
|
|
)
|
|
|
|
var jsonKeystore: string
|
|
jsonKeystore.toUgly(%keystore)
|
|
|
|
var f: File
|
|
if not f.open(path, fmWrite):
|
|
return
|
|
err(AppKeystoreError(kind: KeystoreOsError, msg: "Cannot open file for writing"))
|
|
|
|
try:
|
|
# To avoid other users/attackers to be able to read keyfiles, we make the file readable/writable only by the running user
|
|
setFilePermissions(path, {fpUserWrite, fpUserRead})
|
|
f.write(jsonKeystore)
|
|
# We separate keystores with separator
|
|
f.write(separator)
|
|
ok()
|
|
except CatchableError:
|
|
err(AppKeystoreError(kind: KeystoreOsError, msg: getCurrentExceptionMsg()))
|
|
finally:
|
|
f.close()
|
|
|
|
# This proc load a keystore based on the application, appIdentifier and version filters.
|
|
# If none is found, it automatically creates an empty keystore for the passed parameters
|
|
proc loadAppKeystore*(
|
|
path: string, appInfo: AppInfo, separator: string = "\n"
|
|
): KeystoreResult[JsonNode] =
|
|
## Load and decode JSON keystore from pathname
|
|
var data: JsonNode
|
|
|
|
# If no keystore exists at path we create a new empty one with passed keystore parameters
|
|
if fileExists(path) == false:
|
|
let newKeystoreRes = createAppKeystore(path, appInfo, separator)
|
|
if newKeystoreRes.isErr():
|
|
return err(newKeystoreRes.error)
|
|
|
|
try:
|
|
# We read all the file contents
|
|
var f: File
|
|
if not f.open(path, fmRead):
|
|
return err(
|
|
AppKeystoreError(kind: KeystoreOsError, msg: "Cannot open file for reading")
|
|
)
|
|
let fileContents = readAll(f)
|
|
|
|
# We iterate over each substring split by separator (which we expect to correspond to a single keystore json)
|
|
for keystore in fileContents.split(separator):
|
|
# We skip if read line is empty
|
|
if keystore.len == 0:
|
|
continue
|
|
# We skip all lines that don't seem to define a json
|
|
if not keystore.startsWith("{") or not keystore.endsWith("}"):
|
|
continue
|
|
|
|
try:
|
|
# We parse the json
|
|
data = json.parseJson(keystore)
|
|
|
|
# We check if parsed json contains the relevant keystore credentials fields and if these are set to the passed parameters
|
|
# (note that "if" is lazy, so if one of the .contains() fails, the json fields contents will not be checked and no ResultDefect will be raised due to accessing unavailable fields)
|
|
if not data.hasKeys(["application", "appIdentifier", "credentials", "version"]):
|
|
return err(
|
|
AppKeystoreError(
|
|
kind: KeystoreJsonKeyError, msg: "Missing required fields in keystore"
|
|
)
|
|
)
|
|
|
|
if data["application"].getStr() != appInfo.application:
|
|
return err(
|
|
AppKeystoreError(
|
|
kind: KeystoreJsonValueMismatchError,
|
|
msg:
|
|
"Application does not match. Expected '" & appInfo.application &
|
|
"' but got '" & data["application"].getStr() & "'",
|
|
)
|
|
)
|
|
|
|
if data["appIdentifier"].getStr() != appInfo.appIdentifier:
|
|
return err(
|
|
AppKeystoreError(
|
|
kind: KeystoreJsonValueMismatchError,
|
|
msg:
|
|
"AppIdentifier does not match. Expected '" & appInfo.appIdentifier &
|
|
"' but got '" & data["appIdentifier"].getStr() & "'",
|
|
)
|
|
)
|
|
|
|
if data["version"].getStr() != appInfo.version:
|
|
return err(
|
|
AppKeystoreError(
|
|
kind: KeystoreJsonValueMismatchError,
|
|
msg:
|
|
"Version does not match. Expected '" & appInfo.version & "' but got '" &
|
|
data["version"].getStr() & "'",
|
|
)
|
|
)
|
|
# We return the first json keystore that matches the passed app parameters
|
|
# We assume a unique kesytore with such parameters is present in the file
|
|
return ok(data)
|
|
# TODO: we might continue rather than return for some of these errors
|
|
except JsonParsingError:
|
|
return
|
|
err(AppKeystoreError(kind: KeystoreJsonError, msg: getCurrentExceptionMsg()))
|
|
except ValueError:
|
|
return
|
|
err(AppKeystoreError(kind: KeystoreJsonError, msg: getCurrentExceptionMsg()))
|
|
except OSError:
|
|
return
|
|
err(AppKeystoreError(kind: KeystoreOsError, msg: getCurrentExceptionMsg()))
|
|
except Exception: #parseJson raises Exception
|
|
return
|
|
err(AppKeystoreError(kind: KeystoreOsError, msg: getCurrentExceptionMsg()))
|
|
except IOError:
|
|
return err(AppKeystoreError(kind: KeystoreIoError, msg: getCurrentExceptionMsg()))
|
|
|
|
return err(
|
|
AppKeystoreError(
|
|
kind: KeystoreKeystoreDoesNotExist,
|
|
msg: "No keystore found for the passed parameters",
|
|
)
|
|
)
|
|
|
|
# Adds a membership credential to the keystore matching the application, appIdentifier and version filters.
|
|
proc addMembershipCredentials*(
|
|
path: string,
|
|
membership: KeystoreMembership,
|
|
password: string,
|
|
appInfo: AppInfo,
|
|
separator: string = "\n",
|
|
): KeystoreResult[void] =
|
|
# We load the keystore corresponding to the desired parameters
|
|
# This call ensures that JSON has all required fields
|
|
let jsonKeystoreRes = loadAppKeystore(path, appInfo, separator)
|
|
|
|
if jsonKeystoreRes.isErr():
|
|
return err(jsonKeystoreRes.error)
|
|
|
|
# We load the JSON node corresponding to the app keystore
|
|
var jsonKeystore = jsonKeystoreRes.get()
|
|
|
|
try:
|
|
if jsonKeystore.hasKey("credentials"):
|
|
# We get all credentials in keystore
|
|
let keystoreCredentials = jsonKeystore["credentials"]
|
|
let key = membership.hash()
|
|
if keystoreCredentials.hasKey(key):
|
|
# noop
|
|
return ok()
|
|
|
|
let encodedMembershipCredential = membership.encode()
|
|
let keyfileRes = createKeyFileJson(encodedMembershipCredential, password)
|
|
if keyfileRes.isErr():
|
|
return err(
|
|
AppKeystoreError(kind: KeystoreCreateKeyfileError, msg: $keyfileRes.error)
|
|
)
|
|
|
|
# We add it to the credentials field of the keystore
|
|
jsonKeystore["credentials"][key] = keyfileRes.get()
|
|
except CatchableError:
|
|
return err(AppKeystoreError(kind: KeystoreJsonError, msg: getCurrentExceptionMsg()))
|
|
|
|
# We save to disk the (updated) keystore.
|
|
let saveRes = save(jsonKeystore, path, separator)
|
|
if saveRes.isErr():
|
|
return err(saveRes.error)
|
|
|
|
return ok()
|
|
|
|
# Returns the membership credentials in the keystore matching the application, appIdentifier and version filters, further filtered by the input
|
|
# identity credentials and membership contracts
|
|
proc getMembershipCredentials*(
|
|
path: string, password: string, query: KeystoreMembership, appInfo: AppInfo
|
|
): KeystoreResult[KeystoreMembership] =
|
|
# We load the keystore corresponding to the desired parameters
|
|
# This call ensures that JSON has all required fields
|
|
let jsonKeystoreRes = loadAppKeystore(path, appInfo)
|
|
|
|
if jsonKeystoreRes.isErr():
|
|
return err(jsonKeystoreRes.error)
|
|
|
|
# We load the JSON node corresponding to the app keystore
|
|
var jsonKeystore = jsonKeystoreRes.get()
|
|
|
|
try:
|
|
if jsonKeystore.hasKey("credentials"):
|
|
# We get all credentials in keystore
|
|
var keystoreCredentials = jsonKeystore["credentials"]
|
|
if keystoreCredentials.len == 0:
|
|
# error
|
|
return err(
|
|
AppKeystoreError(
|
|
kind: KeystoreCredentialNotFoundError,
|
|
msg: "No credentials found in keystore",
|
|
)
|
|
)
|
|
var keystoreCredential: JsonNode
|
|
if keystoreCredentials.len == 1:
|
|
keystoreCredential = keystoreCredentials.getFields().values().toSeq()[0]
|
|
else:
|
|
let key = query.hash()
|
|
if not keystoreCredentials.hasKey(key):
|
|
# error
|
|
return err(
|
|
AppKeystoreError(
|
|
kind: KeystoreCredentialNotFoundError,
|
|
msg: "Credential not found in keystore",
|
|
)
|
|
)
|
|
keystoreCredential = keystoreCredentials[key]
|
|
|
|
let decodedKeyfileRes = decodeKeyFileJson(keystoreCredential, password)
|
|
if decodedKeyfileRes.isErr():
|
|
return err(
|
|
AppKeystoreError(
|
|
kind: KeystoreReadKeyfileError, msg: $decodedKeyfileRes.error
|
|
)
|
|
)
|
|
# we parse the json decrypted keystoreCredential
|
|
let decodedCredentialRes = decode(decodedKeyfileRes.get())
|
|
let keyfileMembershipCredential = decodedCredentialRes.get()
|
|
return ok(keyfileMembershipCredential)
|
|
except CatchableError:
|
|
return err(AppKeystoreError(kind: KeystoreJsonError, msg: getCurrentExceptionMsg()))
|