mirror of
https://github.com/passbolt/go-passbolt.git
synced 2025-05-09 17:48:20 +00:00
Add Metadata Decryption
This commit is contained in:
parent
b0f75af26a
commit
2197d9e0f7
2 changed files with 141 additions and 0 deletions
41
api/metadata.go
Normal file
41
api/metadata.go
Normal file
|
|
@ -0,0 +1,41 @@
|
|||
package api
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/ProtonMail/gopenpgp/v3/crypto"
|
||||
)
|
||||
|
||||
// ResourceMetadataTypePasswordAndDescription
|
||||
type ResourceMetadataTypePasswordAndDescription struct {
|
||||
ObjectType string `json:"object_type"`
|
||||
ResourceTypeID string `json:"resource_type_id,omitempty"`
|
||||
Name string `json:"name,omitempty"`
|
||||
Username string `json:"username,omitempty"`
|
||||
URIs []string `json:"uris,omitempty"`
|
||||
Description string `json:"description,omitempty"`
|
||||
}
|
||||
|
||||
func (c *Client) DecryptMetadata(metadataKey *crypto.Key, armoredCiphertext string) (string, error) {
|
||||
// TODO Get SessionKey from Cache
|
||||
var sessionKey *crypto.SessionKey = nil
|
||||
|
||||
if sessionKey != nil {
|
||||
message, err := c.DecryptMessageWithSessionKey(sessionKey, armoredCiphertext)
|
||||
// If Decrypt was successfull
|
||||
if err == nil {
|
||||
return message, nil
|
||||
}
|
||||
// if this failed, fall through
|
||||
}
|
||||
|
||||
metadata, newSessionKey, err := c.DecryptMessageWithPrivateKeyAndReturnSessionKey(metadataKey, armoredCiphertext)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("Decrypting Metadata: %w", err)
|
||||
}
|
||||
|
||||
// TODO Save newSessionKey to cache
|
||||
_ = newSessionKey
|
||||
|
||||
return metadata, nil
|
||||
}
|
||||
100
helper/metadata.go
Normal file
100
helper/metadata.go
Normal file
|
|
@ -0,0 +1,100 @@
|
|||
package helper
|
||||
|
||||
import (
|
||||
"context"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
|
||||
"github.com/passbolt/go-passbolt/api"
|
||||
)
|
||||
|
||||
func GetResourceMetadata(ctx context.Context, c *api.Client, resource api.Resource, rType api.ResourceType) (string, error) {
|
||||
keys, err := c.GetMetadataKeys(ctx, &api.GetMetadataKeysOptions{
|
||||
ContainMetadataPrivateKeys: true,
|
||||
})
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("Get Metadata Key: %w", err)
|
||||
}
|
||||
|
||||
// TODO Get Key by id?
|
||||
if len(keys) != 1 {
|
||||
return "", fmt.Errorf("Not Exactly One Metadatakey Available")
|
||||
}
|
||||
|
||||
if len(keys[0].MetadataPrivateKeys) == 0 {
|
||||
return "", fmt.Errorf("No Metadata Private key for our user")
|
||||
}
|
||||
|
||||
if len(keys[0].MetadataPrivateKeys) > 1 {
|
||||
return "", fmt.Errorf("More than 1 metadata Private key for our user")
|
||||
}
|
||||
|
||||
var privMetdata api.MetadataPrivateKey = keys[0].MetadataPrivateKeys[0]
|
||||
if *privMetdata.UserID != c.GetUserID() {
|
||||
return "", fmt.Errorf("MetadataPrivateKey is not for our user id: %v", privMetdata.UserID)
|
||||
}
|
||||
|
||||
decPrivMetadatakey, err := c.DecryptMessage(privMetdata.Data)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("Decrypt Metadata Private Key Data: %w", err)
|
||||
}
|
||||
|
||||
var data api.MetadataPrivateKeyData
|
||||
err = json.Unmarshal([]byte(decPrivMetadatakey), &data)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("Parse Metadata Private Key Data")
|
||||
}
|
||||
|
||||
metadataPrivateKeyObj, err := api.GetPrivateKeyFromArmor(data.ArmoredKey, []byte(data.Passphrase))
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("Get Metadata Private Key: %w", err)
|
||||
}
|
||||
|
||||
decMetadata, err := c.DecryptMetadata(metadataPrivateKeyObj, resource.Metadata)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("Decrypt Metadata: %w", err)
|
||||
}
|
||||
/*
|
||||
|
||||
|
||||
var schemaDefinition api.ResourceTypeSchema
|
||||
err = json.Unmarshal([]byte(rType.Definition), &schemaDefinition)
|
||||
if err != nil {
|
||||
// Workaround for inconsistant API Responses where sometime the Schema is embedded directly and sometimes it's escaped as a string
|
||||
if err.Error() == "json: cannot unmarshal string into Go value of type api.ResourceTypeSchema" {
|
||||
var tmp string
|
||||
err = json.Unmarshal([]byte(rType.Definition), &tmp)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("Workaround Unmarshal Json Schema String: %w", err)
|
||||
}
|
||||
|
||||
err = json.Unmarshal([]byte(tmp), &schemaDefinition)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("Workaround Unmarshal Json Schema: %w", err)
|
||||
}
|
||||
|
||||
} else {
|
||||
return "", fmt.Errorf("Unmarshal Json Schema: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
comp := jsonschema.NewCompiler()
|
||||
|
||||
err = comp.AddResource("metadata.json", bytes.NewReader(schemaDefinition.Secret))
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("Adding Json Schema: %w", err)
|
||||
}
|
||||
|
||||
schema, err := comp.Compile("metadata.json")
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("Compiling Json Schema: %w", err)
|
||||
}
|
||||
|
||||
err = schema.Validate(strings.NewReader(decMetadata))
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("Validating Secret Data: %w", err)
|
||||
}
|
||||
*/
|
||||
|
||||
return decMetadata, nil
|
||||
}
|
||||
Loading…
Add table
Reference in a new issue