|
|
|
|
@ -451,31 +451,10 @@ impl service::users::Data for KeyValueDatabase {
|
|
|
|
|
user_signing_key: &Option<Raw<CrossSigningKey>>, |
|
|
|
|
) -> Result<()> { |
|
|
|
|
// TODO: Check signatures
|
|
|
|
|
|
|
|
|
|
let mut prefix = user_id.as_bytes().to_vec(); |
|
|
|
|
prefix.push(0xff); |
|
|
|
|
|
|
|
|
|
// Master key
|
|
|
|
|
let mut master_key_ids = master_key |
|
|
|
|
.deserialize() |
|
|
|
|
.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Invalid master key"))? |
|
|
|
|
.keys |
|
|
|
|
.into_values(); |
|
|
|
|
|
|
|
|
|
let master_key_id = master_key_ids.next().ok_or(Error::BadRequest( |
|
|
|
|
ErrorKind::InvalidParam, |
|
|
|
|
"Master key contained no key.", |
|
|
|
|
))?; |
|
|
|
|
|
|
|
|
|
if master_key_ids.next().is_some() { |
|
|
|
|
return Err(Error::BadRequest( |
|
|
|
|
ErrorKind::InvalidParam, |
|
|
|
|
"Master key contained more than one key.", |
|
|
|
|
)); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
let mut master_key_key = prefix.clone(); |
|
|
|
|
master_key_key.extend_from_slice(master_key_id.as_bytes()); |
|
|
|
|
let (master_key_key, _) = self.parse_master_key(user_id, master_key)?; |
|
|
|
|
|
|
|
|
|
self.keyid_key |
|
|
|
|
.insert(&master_key_key, master_key.json().get().as_bytes())?; |
|
|
|
|
@ -690,45 +669,80 @@ impl service::users::Data for KeyValueDatabase {
|
|
|
|
|
}) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
fn parse_master_key( |
|
|
|
|
&self, |
|
|
|
|
user_id: &UserId, |
|
|
|
|
master_key: &Raw<CrossSigningKey>, |
|
|
|
|
) -> Result<(Vec<u8>, CrossSigningKey)> { |
|
|
|
|
let mut prefix = user_id.as_bytes().to_vec(); |
|
|
|
|
prefix.push(0xff); |
|
|
|
|
|
|
|
|
|
let master_key = master_key |
|
|
|
|
.deserialize() |
|
|
|
|
.map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Invalid master key"))?; |
|
|
|
|
let mut master_key_ids = master_key.keys.values(); |
|
|
|
|
let master_key_id = master_key_ids.next().ok_or(Error::BadRequest( |
|
|
|
|
ErrorKind::InvalidParam, |
|
|
|
|
"Master key contained no key.", |
|
|
|
|
))?; |
|
|
|
|
if master_key_ids.next().is_some() { |
|
|
|
|
return Err(Error::BadRequest( |
|
|
|
|
ErrorKind::InvalidParam, |
|
|
|
|
"Master key contained more than one key.", |
|
|
|
|
)); |
|
|
|
|
} |
|
|
|
|
let mut master_key_key = prefix.clone(); |
|
|
|
|
master_key_key.extend_from_slice(master_key_id.as_bytes()); |
|
|
|
|
Ok((master_key_key, master_key)) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
fn get_key( |
|
|
|
|
&self, |
|
|
|
|
key: &[u8], |
|
|
|
|
sender_user: Option<&UserId>, |
|
|
|
|
user_id: &UserId, |
|
|
|
|
allowed_signatures: &dyn Fn(&UserId) -> bool, |
|
|
|
|
) -> Result<Option<Raw<CrossSigningKey>>> { |
|
|
|
|
self.keyid_key.get(key)?.map_or(Ok(None), |bytes| { |
|
|
|
|
let mut cross_signing_key = serde_json::from_slice::<serde_json::Value>(&bytes) |
|
|
|
|
.map_err(|_| Error::bad_database("CrossSigningKey in db is invalid."))?; |
|
|
|
|
clean_signatures( |
|
|
|
|
&mut cross_signing_key, |
|
|
|
|
sender_user, |
|
|
|
|
user_id, |
|
|
|
|
allowed_signatures, |
|
|
|
|
)?; |
|
|
|
|
|
|
|
|
|
Ok(Some(Raw::from_json( |
|
|
|
|
serde_json::value::to_raw_value(&cross_signing_key) |
|
|
|
|
.expect("Value to RawValue serialization"), |
|
|
|
|
))) |
|
|
|
|
}) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
fn get_master_key( |
|
|
|
|
&self, |
|
|
|
|
sender_user: Option<&UserId>, |
|
|
|
|
user_id: &UserId, |
|
|
|
|
allowed_signatures: &dyn Fn(&UserId) -> bool, |
|
|
|
|
) -> Result<Option<Raw<CrossSigningKey>>> { |
|
|
|
|
self.userid_masterkeyid |
|
|
|
|
.get(user_id.as_bytes())? |
|
|
|
|
.map_or(Ok(None), |key| { |
|
|
|
|
self.keyid_key.get(&key)?.map_or(Ok(None), |bytes| { |
|
|
|
|
let mut cross_signing_key = serde_json::from_slice::<serde_json::Value>(&bytes) |
|
|
|
|
.map_err(|_| Error::bad_database("CrossSigningKey in db is invalid."))?; |
|
|
|
|
clean_signatures(&mut cross_signing_key, user_id, allowed_signatures)?; |
|
|
|
|
|
|
|
|
|
Ok(Some(Raw::from_json( |
|
|
|
|
serde_json::value::to_raw_value(&cross_signing_key) |
|
|
|
|
.expect("Value to RawValue serialization"), |
|
|
|
|
))) |
|
|
|
|
}) |
|
|
|
|
self.get_key(&key, sender_user, user_id, allowed_signatures) |
|
|
|
|
}) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
fn get_self_signing_key( |
|
|
|
|
&self, |
|
|
|
|
sender_user: Option<&UserId>, |
|
|
|
|
user_id: &UserId, |
|
|
|
|
allowed_signatures: &dyn Fn(&UserId) -> bool, |
|
|
|
|
) -> Result<Option<Raw<CrossSigningKey>>> { |
|
|
|
|
self.userid_selfsigningkeyid |
|
|
|
|
.get(user_id.as_bytes())? |
|
|
|
|
.map_or(Ok(None), |key| { |
|
|
|
|
self.keyid_key.get(&key)?.map_or(Ok(None), |bytes| { |
|
|
|
|
let mut cross_signing_key = serde_json::from_slice::<serde_json::Value>(&bytes) |
|
|
|
|
.map_err(|_| Error::bad_database("CrossSigningKey in db is invalid."))?; |
|
|
|
|
clean_signatures(&mut cross_signing_key, user_id, allowed_signatures)?; |
|
|
|
|
|
|
|
|
|
Ok(Some(Raw::from_json( |
|
|
|
|
serde_json::value::to_raw_value(&cross_signing_key) |
|
|
|
|
.expect("Value to RawValue serialization"), |
|
|
|
|
))) |
|
|
|
|
}) |
|
|
|
|
self.get_key(&key, sender_user, user_id, allowed_signatures) |
|
|
|
|
}) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@ -929,6 +943,8 @@ impl service::users::Data for KeyValueDatabase {
|
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
impl KeyValueDatabase {} |
|
|
|
|
|
|
|
|
|
/// Will only return with Some(username) if the password was not empty and the
|
|
|
|
|
/// username could be successfully parsed.
|
|
|
|
|
/// If utils::string_from_bytes(...) returns an error that username will be skipped
|
|
|
|
|
|
Timo Kösters
3 years ago