Merge d5f79a943f into b0f75af26a

api/metadata.go

@@ -0,0 +1,70 @@
+package api
+
+import (
+	"fmt"
+
+	"github.com/ProtonMail/gopenpgp/v3/crypto"
+)
+
+// ResourceMetadataTypeV5Default
+type ResourceMetadataTypeV5Default struct {
+	ObjectType     string   `json:"object_type"`
+	ResourceTypeID string   `json:"resource_type_id,omitempty"`
+	Name           string   `json:"name,omitempty"`
+	Username       string   `json:"username,omitempty"`
+	URIs           []string `json:"uris,omitempty"`
+	Description    string   `json:"description,omitempty"`
+}
+
+// ResourceMetadataTypeV5DefaultWithTOTP
+type ResourceMetadataTypeV5DefaultWithTOTP struct {
+	ObjectType     string   `json:"object_type"`
+	ResourceTypeID string   `json:"resource_type_id,omitempty"`
+	Name           string   `json:"name,omitempty"`
+	Username       string   `json:"username,omitempty"`
+	URIs           []string `json:"uris,omitempty"`
+	Description    string   `json:"description,omitempty"`
+}
+
+// ResourceMetadataTypeV5PasswordString
+type ResourceMetadataTypeV5PasswordString struct {
+	ObjectType     string   `json:"object_type"`
+	ResourceTypeID string   `json:"resource_type_id,omitempty"`
+	Name           string   `json:"name,omitempty"`
+	Username       string   `json:"username,omitempty"`
+	URIs           []string `json:"uris,omitempty"`
+	Description    string   `json:"description,omitempty"`
+}
+
+// ResourceMetadataTypeV5TOTPStandalone
+type ResourceMetadataTypeV5TOTPStandalone struct {
+	ObjectType     string   `json:"object_type"`
+	ResourceTypeID string   `json:"resource_type_id,omitempty"`
+	Name           string   `json:"name,omitempty"`
+	URIs           []string `json:"uris,omitempty"`
+	Description    string   `json:"description,omitempty"`
+}
+
+func (c *Client) DecryptMetadata(metadataKey *crypto.Key, armoredCiphertext string) (string, error) {
+	// TODO Get SessionKey from Cache
+	var sessionKey *crypto.SessionKey = nil
+
+	if sessionKey != nil {
+		message, err := c.DecryptMessageWithSessionKey(sessionKey, armoredCiphertext)
+		// If Decrypt was successfull
+		if err == nil {
+			return message, nil
+		}
+		// if this failed, fall through
+	}
+
+	metadata, newSessionKey, err := c.DecryptMessageWithPrivateKeyAndReturnSessionKey(metadataKey, armoredCiphertext)
+	if err != nil {
+		return "", fmt.Errorf("Decrypting Metadata: %w", err)
+	}
+
+	// TODO Save newSessionKey to cache
+	_ = newSessionKey
+
+	return metadata, nil
+}

api/secrets.go

@@ -41,6 +41,33 @@ type SecretDataTypePasswordDescriptionTOTP struct {
 	TOTP        SecretDataTOTP `json:"totp"`
 }
 
+// SecretDataTypeV5Default
+type SecretDataTypeV5Default struct {
+	ObjectType     string `json:"object_type"`
+	ResourceTypeID string `json:"resource_type_id,omitempty"`
+	Password       string `json:"password,omitempty"`
+	Description    string `json:"description,omitempty"`
+}
+
+// SecretDataTypeV5DefaultWithTOTP
+type SecretDataTypeV5DefaultWithTOTP struct {
+	ObjectType     string         `json:"object_type"`
+	ResourceTypeID string         `json:"resource_type_id,omitempty"`
+	Password       string         `json:"password,omitempty"`
+	Description    string         `json:"description,omitempty"`
+	TOTP           SecretDataTOTP `json:"totp"`
+}
+
+// SecretDataTypeV5PasswordString, is just the Password directly
+type SecretDataTypeV5PasswordString string
+
+// SecretDataTypeV5TOTPStandalone
+type SecretDataTypeV5TOTPStandalone struct {
+	ObjectType     string         `json:"object_type"`
+	ResourceTypeID string         `json:"resource_type_id,omitempty"`
+	TOTP           SecretDataTOTP `json:"totp"`
+}
+
 // GetSecret gets a Passbolt Secret
 func (c *Client) GetSecret(ctx context.Context, resourceID string) (*Secret, error) {
 	err := checkUUIDFormat(resourceID)

helper/metadata.go

@@ -0,0 +1,100 @@
+package helper
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+
+	"github.com/passbolt/go-passbolt/api"
+)
+
+func GetResourceMetadata(ctx context.Context, c *api.Client, resource api.Resource, rType api.ResourceType) (string, error) {
+	keys, err := c.GetMetadataKeys(ctx, &api.GetMetadataKeysOptions{
+		ContainMetadataPrivateKeys: true,
+	})
+	if err != nil {
+		return "", fmt.Errorf("Get Metadata Key: %w", err)
+	}
+
+	// TODO Get Key by id?
+	if len(keys) != 1 {
+		return "", fmt.Errorf("Not Exactly One Metadatakey Available")
+	}
+
+	if len(keys[0].MetadataPrivateKeys) == 0 {
+		return "", fmt.Errorf("No Metadata Private key for our user")
+	}
+
+	if len(keys[0].MetadataPrivateKeys) > 1 {
+		return "", fmt.Errorf("More than 1 metadata Private key for our user")
+	}
+
+	var privMetdata api.MetadataPrivateKey = keys[0].MetadataPrivateKeys[0]
+	if *privMetdata.UserID != c.GetUserID() {
+		return "", fmt.Errorf("MetadataPrivateKey is not for our user id: %v", privMetdata.UserID)
+	}
+
+	decPrivMetadatakey, err := c.DecryptMessage(privMetdata.Data)
+	if err != nil {
+		return "", fmt.Errorf("Decrypt Metadata Private Key Data: %w", err)
+	}
+
+	var data api.MetadataPrivateKeyData
+	err = json.Unmarshal([]byte(decPrivMetadatakey), &data)
+	if err != nil {
+		return "", fmt.Errorf("Parse Metadata Private Key Data")
+	}
+
+	metadataPrivateKeyObj, err := api.GetPrivateKeyFromArmor(data.ArmoredKey, []byte(data.Passphrase))
+	if err != nil {
+		return "", fmt.Errorf("Get Metadata Private Key: %w", err)
+	}
+
+	decMetadata, err := c.DecryptMetadata(metadataPrivateKeyObj, resource.Metadata)
+	if err != nil {
+		return "", fmt.Errorf("Decrypt Metadata: %w", err)
+	}
+	/*
+
+
+		var schemaDefinition api.ResourceTypeSchema
+		err = json.Unmarshal([]byte(rType.Definition), &schemaDefinition)
+		if err != nil {
+			// Workaround for inconsistant API Responses where sometime the Schema is embedded directly and sometimes it's escaped as a string
+			if err.Error() == "json: cannot unmarshal string into Go value of type api.ResourceTypeSchema" {
+				var tmp string
+				err = json.Unmarshal([]byte(rType.Definition), &tmp)
+				if err != nil {
+					return "", fmt.Errorf("Workaround Unmarshal Json Schema String: %w", err)
+				}
+
+				err = json.Unmarshal([]byte(tmp), &schemaDefinition)
+				if err != nil {
+					return "", fmt.Errorf("Workaround Unmarshal Json Schema: %w", err)
+				}
+
+			} else {
+				return "", fmt.Errorf("Unmarshal Json Schema: %w", err)
+			}
+		}
+
+		comp := jsonschema.NewCompiler()
+
+		err = comp.AddResource("metadata.json", bytes.NewReader(schemaDefinition.Secret))
+		if err != nil {
+			return "", fmt.Errorf("Adding Json Schema: %w", err)
+		}
+
+		schema, err := comp.Compile("metadata.json")
+		if err != nil {
+			return "", fmt.Errorf("Compiling Json Schema: %w", err)
+		}
+
+		err = schema.Validate(strings.NewReader(decMetadata))
+		if err != nil {
+			return "", fmt.Errorf("Validating Secret Data: %w", err)
+		}
+	*/
+
+	return decMetadata, nil
+}

helper/resources.go

@@ -104,16 +104,26 @@ func GetResource(ctx context.Context, c *api.Client, resourceID string) (folderP
 }
 
 // GetResourceFromData Decrypts Resources using only local data, the Resource object must inlude the secret
-func GetResourceFromData(c *api.Client, resource api.Resource, secret api.Secret, rType api.ResourceType) (folderParentID, name, username, uri, password, description string, err error) {
+// With v5 This needs network calls for Metadata of v5 Resources
+func GetResourceFromData(c *api.Client, resource api.Resource, secret api.Secret, rType api.ResourceType) (string, string, string, string, string, string, error) {
+	var name string
+	var username string
+	var uri string
 	var pw string
 	var desc string
 
+	ctx := context.TODO()
+
 	switch rType.Slug {
 	case "password-string":
+		var err error
 		pw, err = c.DecryptMessage(secret.Data)
 		if err != nil {
 			return "", "", "", "", "", "", fmt.Errorf("Decrypting Secret Data: %w", err)
 		}
+		name = resource.Name
+		username = resource.Username
+		uri = resource.URI
 		desc = resource.Description
 	case "password-and-description":
 		rawSecretData, err := c.DecryptMessage(secret.Data)
@@ -126,6 +136,9 @@ func GetResourceFromData(c *api.Client, resource api.Resource, secret api.Secret
 		if err != nil {
 			return "", "", "", "", "", "", fmt.Errorf("Parsing Decrypted Secret Data: %w", err)
 		}
+		name = resource.Name
+		username = resource.Username
+		uri = resource.URI
 		pw = secretData.Password
 		desc = secretData.Description
 	case "password-description-totp":
@@ -139,14 +152,109 @@ func GetResourceFromData(c *api.Client, resource api.Resource, secret api.Secret
 		if err != nil {
 			return "", "", "", "", "", "", fmt.Errorf("Parsing Decrypted Secret Data: %w", err)
 		}
+		name = resource.Name
+		username = resource.Username
+		uri = resource.URI
 		pw = secretData.Password
 		desc = secretData.Description
 	case "totp":
+		name = resource.Name
+		username = resource.Username
+		uri = resource.URI
+		// nothing fits into the interface in this case
+	case "v5-default":
+		rawMetadata, err := GetResourceMetadata(ctx, c, resource, rType)
+		if err != nil {
+			return "", "", "", "", "", "", fmt.Errorf("Getting Metadata: %w", err)
+		}
+
+		var metadata api.ResourceMetadataTypeV5Default
+		err = json.Unmarshal([]byte(rawMetadata), &metadata)
+		if err != nil {
+			return "", "", "", "", "", "", fmt.Errorf("Parsing Decrypted Metadata: %w", err)
+		}
+
+		name = metadata.Name
+		username = metadata.Username
+		if len(metadata.URIs) != 0 {
+			uri = metadata.URIs[0]
+		}
+
+		rawSecretData, err := c.DecryptMessage(secret.Data)
+		if err != nil {
+			return "", "", "", "", "", "", fmt.Errorf("Decrypting Secret Data: %w", err)
+		}
+
+		var secretData api.SecretDataTypeV5Default
+		err = json.Unmarshal([]byte(rawSecretData), &secretData)
+		if err != nil {
+			return "", "", "", "", "", "", fmt.Errorf("Parsing Decrypted Secret Data: %w", err)
+		}
+		pw = secretData.Password
+		desc = secretData.Description
+	case "v5-default-with-totp":
+		rawMetadata, err := GetResourceMetadata(ctx, c, resource, rType)
+		if err != nil {
+			return "", "", "", "", "", "", fmt.Errorf("Getting Metadata: %w", err)
+		}
+
+		var metadata api.ResourceMetadataTypeV5DefaultWithTOTP
+		err = json.Unmarshal([]byte(rawMetadata), &metadata)
+		if err != nil {
+			return "", "", "", "", "", "", fmt.Errorf("Parsing Decrypted Metadata: %w", err)
+		}
+
+		name = metadata.Name
+		username = metadata.Username
+		if len(metadata.URIs) != 0 {
+			uri = metadata.URIs[0]
+		}
+
+		rawSecretData, err := c.DecryptMessage(secret.Data)
+		if err != nil {
+			return "", "", "", "", "", "", fmt.Errorf("Decrypting Secret Data: %w", err)
+		}
+
+		var secretData api.SecretDataTypeV5DefaultWithTOTP
+		err = json.Unmarshal([]byte(rawSecretData), &secretData)
+		if err != nil {
+			return "", "", "", "", "", "", fmt.Errorf("Parsing Decrypted Secret Data: %w", err)
+		}
+		pw = secretData.Password
+		desc = secretData.Description
+	case "v5-password-string":
+		rawMetadata, err := GetResourceMetadata(ctx, c, resource, rType)
+		if err != nil {
+			return "", "", "", "", "", "", fmt.Errorf("Getting Metadata: %w", err)
+		}
+
+		var metadata api.ResourceMetadataTypeV5PasswordString
+		err = json.Unmarshal([]byte(rawMetadata), &metadata)
+		if err != nil {
+			return "", "", "", "", "", "", fmt.Errorf("Parsing Decrypted Metadata: %w", err)
+		}
+
+		name = metadata.Name
+		username = metadata.Username
+		if len(metadata.URIs) != 0 {
+			uri = metadata.URIs[0]
+		}
+
+		// Not available in the Secret
+		desc = metadata.Description
+
+		rawSecretData, err := c.DecryptMessage(secret.Data)
+		if err != nil {
+			return "", "", "", "", "", "", fmt.Errorf("Decrypting Secret Data: %w", err)
+		}
+
+		pw = rawSecretData
+	case "v5-totp-standalone":
 		// nothing fits into the interface in this case
 	default:
 		return "", "", "", "", "", "", fmt.Errorf("Unknown ResourceType: %v", rType.Slug)
 	}
-	return resource.FolderParentID, resource.Name, resource.Username, resource.URI, pw, desc, nil
+	return resource.FolderParentID, name, username, uri, pw, desc, nil
 }
 
 // UpdateResource Updates all Fields.