speatzle/go-passbolt
1
0
Fork 0
mirror of https://github.com/passbolt/go-passbolt.git synced 2025-09-13 14:29:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: speatzle:d5f79a943fdec24806089c99fd3136199e6fb8b4
Branches Tags
speatzle:main
speatzle:v5
speatzle:v5-fix-jsonschema
speatzle:v5-schema-fixes
speatzle:fix-password-string-validation
speatzle:v5-metadata-trusting
speatzle:v5-reorg
speatzle:v5-resource-update
speatzle:v5-fix-metadatakey
speatzle:v5-resource-share
speatzle:v5-metadata-creation
speatzle:v5-metadata-decryption
speatzle:gopenpgp-v3
speatzle:v5-basic-metadatakeys
speatzle:v5-server-settings
speatzle:v5-run-workflow
speatzle:auto-skip-integration-tests
speatzle:jwt-auth
speatzle:v0.7.2
speatzle:v0.7.1
speatzle:v0.7.0
speatzle:v0.6.1
speatzle:v0.6.0
speatzle:v0.5.8
speatzle:v0.5.7
speatzle:v0.5.6
speatzle:v0.5.5
speatzle:v0.5.4
speatzle:v0.5.3
speatzle:v0.5.2
speatzle:v0.5.1
speatzle:v0.5.0
speatzle:v0.4.0
speatzle:v0.3.1
speatzle:v0.3.0
speatzle:v0.2.2
speatzle:v0.2.1
speatzle:v0.2.0
speatzle:v0.1.1
speatzle:v0.1.0
speatzle:v0.0.1
...
compare: speatzle:91df259a870250024d21d964b0af3f31d0c0f07e
Branches Tags
speatzle:v5
speatzle:v5-fix-jsonschema
speatzle:v5-schema-fixes
speatzle:fix-password-string-validation
speatzle:v5-metadata-trusting
speatzle:v5-reorg
speatzle:v5-resource-update
speatzle:v5-fix-metadatakey
speatzle:v5-resource-share
speatzle:v5-metadata-creation
speatzle:v5-metadata-decryption
speatzle:gopenpgp-v3
speatzle:v5-basic-metadatakeys
speatzle:v5-server-settings
speatzle:v5-run-workflow
speatzle:auto-skip-integration-tests
speatzle:main
speatzle:jwt-auth
speatzle:v0.7.2
speatzle:v0.7.1
speatzle:v0.7.0
speatzle:v0.6.1
speatzle:v0.6.0
speatzle:v0.5.8
speatzle:v0.5.7
speatzle:v0.5.6
speatzle:v0.5.5
speatzle:v0.5.4
speatzle:v0.5.3
speatzle:v0.5.2
speatzle:v0.5.1
speatzle:v0.5.0
speatzle:v0.4.0
speatzle:v0.3.1
speatzle:v0.3.0
speatzle:v0.2.2
speatzle:v0.2.1
speatzle:v0.2.0
speatzle:v0.1.1
speatzle:v0.1.0
speatzle:v0.0.1

3 commits
d5f79a943f ... 91df259a87

Author SHA1 Message Date
Samuel Lorch
91df259a87 Use Fallback Schemas for Metadata 2025-05-12 14:49:13 +02:00
Samuel Lorch
eb55164696 Add Fallback Resource Json Schemas 2025-05-12 14:44:51 +02:00
Samuel Lorch
b0a66d5dbf Add API Metadata Encryption 2025-05-12 14:43:04 +02:00
5 changed files with 310 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

7
api/encryption.go
View file

@ -33,12 +33,19 @@ func (c *Client) EncryptMessage(message string) (string, error) {
} }
// EncryptMessageWithPublicKey encrypts a message using the provided public key and then signes the message using the users private key // EncryptMessageWithPublicKey encrypts a message using the provided public key and then signes the message using the users private key
//
// Deprecated: EncryptMessageWithPublicKey is deprecated. Use EncryptMessageWithKey instead
func (c *Client) EncryptMessageWithPublicKey(publickey, message string) (string, error) { func (c *Client) EncryptMessageWithPublicKey(publickey, message string) (string, error) {
publicKey, err := crypto.NewKeyFromArmored(publickey) publicKey, err := crypto.NewKeyFromArmored(publickey)
if err != nil { if err != nil {
return "", fmt.Errorf("Get Public Key: %w", err) return "", fmt.Errorf("Get Public Key: %w", err)
} }
return c.EncryptMessageWithKey(publicKey, message)
}
// EncryptMessageWithKey encrypts a message using the provided key and then signes the message using the users private key
func (c *Client) EncryptMessageWithKey(publicKey *crypto.Key, message string) (string, error) {
key, err := c.userPrivateKey.Copy() key, err := c.userPrivateKey.Copy()
if err != nil { if err != nil {
return "", fmt.Errorf("Get Private Key Copy: %w", err) return "", fmt.Errorf("Get Private Key Copy: %w", err)

11
api/metadata.go
View file

@ -68,3 +68,14 @@ func (c *Client) DecryptMetadata(metadataKey *crypto.Key, armoredCiphertext stri
return metadata, nil return metadata, nil
} }
func (c *Client) EncryptMetadata(metadataKey *crypto.Key, data string) (string, error) {
armoredCiphertext, err := c.EncryptMessageWithKey(metadataKey, data)
if err != nil {
return "", fmt.Errorf("Encrypting Metadata: %w", err)
}
// TODO save Session Key to cache
return armoredCiphertext, nil
}

231
api/schema.go Normal file
View file

@ -0,0 +1,231 @@
package api
import "encoding/json"
// Fallback Schema, Only to be used if we encounter a Broken Server (v5.0), Not API Stable!
var ResourceSchemas = map[string]json.RawMessage{
"v5-default": json.RawMessage(`
{
"resource": {
"type": "object",
"required": ["name"],
"properties": {
"name": {
"type": "string",
"maxLength": 255
},
"username": {
"type": "string",
"maxLength": 255,
"nullable": true
},
"uris": {
"type": "array",
"items": {
"type": "string",
"maxLength": 1024,
"nullable": true
}
},
"description": {
"type": "string",
"maxLength": 10000,
"nullable": true
}
}
},
"secret": {
"type": "object",
"required": ["password"],
"properties": {
"object_type": {
"type": "string",
"enum": ["PASSBOLT_SECRET_DATA"]
},
"password": {
"type": "string",
"maxLength": 4096,
"nullable": true
},
"description": {
"type": "string",
"maxLength": 10000,
"nullable": true
}
}
}
}`),
"v5-password-string": json.RawMessage(`
{
"resource": {
"type": "object",
"required": ["name"],
"properties": {
"name": {
"type": "string",
"maxLength": 255
},
"username": {
"type": "string",
"maxLength": 255,
"nullable": true
},
"uris": {
"type": "array",
"items": {
"type": "string",
"maxLength": 1024,
"nullable": true
}
},
"description": {
"type": "string",
"maxLength": 10000,
"nullable": true
}
}
},
"secret": {
"type": "string",
"maxLength": 4096
}
}`),
"v5-default-with-totp": json.RawMessage(`
{
"resource": {
"type": "object",
"required": ["name"],
"properties": {
"name": {
"type": "string",
"maxLength": 255
},
"username": {
"type": "string",
"maxLength": 255,
"nullable": true
},
"uris": {
"type": "array",
"items": {
"type": "string",
"maxLength": 1024,
"nullable": true
}
},
"description": {
"type": "string",
"maxLength": 10000,
"nullable": true
}
}
},
"secret": {
"type": "object",
"required": ["totp"],
"properties": {
"object_type": {
"type": "string",
"enum": ["PASSBOLT_SECRET_DATA"]
},
"password": {
"type": "string",
"maxLength": 4096,
"nullable": true
},
"description": {
"type": "string",
"maxLength": 10000,
"nullable": true
},
"totp": {
"type": "object",
"required": ["secret_key", "digits", "algorithm"],
"properties": {
"algorithm": {
"type": "string",
"minLength": 4,
"maxLength": 6
},
"secret_key": {
"type": "string",
"maxLength": 1024
},
"digits": {
"type": "number",
"minimum": 6,
"maximum": 8
},
"period": {
"type": "number"
}
}
}
}
}
}`),
"v5-totp-standalone": json.RawMessage(`
{
"resource": {
"type": "object",
"required": ["name"],
"properties": {
"name": {
"type": "string",
"maxLength": 255
},
"username": {
"type": "string",
"maxLength": 255,
"nullable": true
},
"uris": {
"type": "array",
"items": {
"type": "string",
"maxLength": 1024,
"nullable": true
}
},
"description": {
"type": "string",
"maxLength": 10000,
"nullable": true
}
}
},
"secret": {
"type": "object",
"required": ["totp"],
"properties": {
"object_type": {
"type": "string",
"enum": ["PASSBOLT_SECRET_DATA"]
},
"totp": {
"type": "object",
"required": ["secret_key", "digits", "algorithm"],
"properties": {
"algorithm": {
"type": "string",
"minLength": 4,
"maxLength": 6
},
"secret_key": {
"type": "string",
"maxLength": 1024
},
"digits": {
"type": "number",
"minimum": 6,
"maximum": 8
},
"period": {
"type": "number"
}
}
}
}
}
}`),
}

18
api/schema_test.go Normal file
View file

@ -0,0 +1,18 @@
package api
import (
"encoding/json"
"testing"
)
func TestResourceJsonSchema(t *testing.T) {
for slug, schema := range ResourceSchemas {
var schemaDefinition ResourceTypeSchema
err := json.Unmarshal(schema, &schemaDefinition)
if err != nil {
t.Errorf("Error While Parsing Resource Schema %v: %v", slug, err)
} else {
t.Logf("Schema for type %v is ok", slug)
}
}
}

77
helper/metadata.go
View file

@ -1,11 +1,14 @@
package helper package helper
import ( import (
"bytes"
"context" "context"
"encoding/json" "encoding/json"
"fmt" "fmt"
"strings"
"github.com/passbolt/go-passbolt/api" "github.com/passbolt/go-passbolt/api"
"github.com/santhosh-tekuri/jsonschema"
) )
func GetResourceMetadata(ctx context.Context, c *api.Client, resource api.Resource, rType api.ResourceType) (string, error) { func GetResourceMetadata(ctx context.Context, c *api.Client, resource api.Resource, rType api.ResourceType) (string, error) {
@ -54,47 +57,53 @@ func GetResourceMetadata(ctx context.Context, c *api.Client, resource api.Resour
if err != nil { if err != nil {
return "", fmt.Errorf("Decrypt Metadata: %w", err) return "", fmt.Errorf("Decrypt Metadata: %w", err)
} }
/*
var schemaDefinition api.ResourceTypeSchema
var schemaDefinition api.ResourceTypeSchema err = json.Unmarshal([]byte(rType.Definition), &schemaDefinition)
err = json.Unmarshal([]byte(rType.Definition), &schemaDefinition) if err != nil {
if err != nil { // Workaround for inconsistant API Responses where sometime the Schema is embedded directly and sometimes it's escaped as a string
// Workaround for inconsistant API Responses where sometime the Schema is embedded directly and sometimes it's escaped as a string if err.Error() == "json: cannot unmarshal string into Go value of type api.ResourceTypeSchema" {
if err.Error() == "json: cannot unmarshal string into Go value of type api.ResourceTypeSchema" { var tmp string
var tmp string err = json.Unmarshal([]byte(rType.Definition), &tmp)
err = json.Unmarshal([]byte(rType.Definition), &tmp) if err != nil {
if err != nil { return "", fmt.Errorf("Workaround Unmarshal Json Schema String: %w", err)
return "", fmt.Errorf("Workaround Unmarshal Json Schema String: %w", err)
}
err = json.Unmarshal([]byte(tmp), &schemaDefinition)
if err != nil {
return "", fmt.Errorf("Workaround Unmarshal Json Schema: %w", err)
}
} else {
return "", fmt.Errorf("Unmarshal Json Schema: %w", err)
} }
}
comp := jsonschema.NewCompiler() if tmp == "[]" {
// Use The Builtin Fallback Schemas in this Case
schema, ok := api.ResourceSchemas[rType.Slug]
if !ok {
return "", fmt.Errorf("Server Does not have the Required json Schema and there is no fallback available for type: %v", rType.Slug)
}
tmp = string(schema)
}
err = comp.AddResource("metadata.json", bytes.NewReader(schemaDefinition.Secret)) err = json.Unmarshal([]byte(tmp), &schemaDefinition)
if err != nil { if err != nil {
return "", fmt.Errorf("Adding Json Schema: %w", err) return "", fmt.Errorf("Workaround Unmarshal Json Schema: %w", err)
} }
schema, err := comp.Compile("metadata.json") } else {
if err != nil { return "", fmt.Errorf("Unmarshal Json Schema: %w", err)
return "", fmt.Errorf("Compiling Json Schema: %w", err)
} }
}
err = schema.Validate(strings.NewReader(decMetadata)) comp := jsonschema.NewCompiler()
if err != nil {
return "", fmt.Errorf("Validating Secret Data: %w", err) err = comp.AddResource("metadata.json", bytes.NewReader(schemaDefinition.Resource))
} if err != nil {
*/ return "", fmt.Errorf("Adding Json Schema: %w", err)
}
schema, err := comp.Compile("metadata.json")
if err != nil {
return "", fmt.Errorf("Compiling Json Schema: %w", err)
}
err = schema.Validate(strings.NewReader(decMetadata))
if err != nil {
return "", fmt.Errorf("Validating Secret Data: %w", err)
}
return decMetadata, nil return decMetadata, nil
} }