-
Notifications
You must be signed in to change notification settings - Fork 246
/
payload_manager.go
586 lines (482 loc) · 15.9 KB
/
payload_manager.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
package pairing
import (
"crypto/rand"
"encoding/json"
"fmt"
"io/ioutil"
"os"
"path/filepath"
"github.com/status-im/status-go/api"
"github.com/golang/protobuf/proto"
"go.uber.org/zap"
"github.com/status-im/status-go/account/generator"
"github.com/status-im/status-go/eth-node/keystore"
"github.com/status-im/status-go/multiaccounts"
"github.com/status-im/status-go/protocol/common"
"github.com/status-im/status-go/protocol/protobuf"
)
// PayloadManager is the interface for PayloadManagers and wraps the basic functions for fulfilling payload management
type PayloadManager interface {
// Mount Loads the payload into the PayloadManager's state
Mount() error
// Receive stores data from an inbound source into the PayloadManager's state
Receive(data []byte) error
// ToSend returns an outbound safe (encrypted) payload
ToSend() []byte
// Received returns a decrypted and parsed payload from an inbound source
Received() []byte
// ResetPayload resets all payloads the PayloadManager has in its state
ResetPayload()
// EncryptPlain encrypts the given plaintext using internal key(s)
EncryptPlain(plaintext []byte) ([]byte, error)
// LockPayload prevents future excess to outbound safe and received data
LockPayload()
}
// PayloadSourceConfig represents location and access data of the pairing payload
// ONLY available from the application client
type PayloadSourceConfig struct {
// required
KeystorePath string `json:"keystorePath"`
// following 2 fields r optional.
// optional cases:
// 1. server mode is Receiving and server side doesn't contain this info
// 2. server mode is Sending and client side doesn't contain this info
// they are required in other cases
KeyUID string `json:"keyUID"`
Password string `json:"password"`
}
// AccountPayloadManagerConfig represents the initialisation parameters required for a AccountPayloadManager
type AccountPayloadManagerConfig struct {
DB *multiaccounts.Database
*PayloadSourceConfig
}
// AccountPayloadManager is responsible for the whole lifecycle of a AccountPayload
type AccountPayloadManager struct {
logger *zap.Logger
accountPayload *AccountPayload
*PayloadEncryptionManager
accountPayloadMarshaller *AccountPayloadMarshaller
payloadRepository PayloadRepository
}
// NewAccountPayloadManager generates a new and initialised AccountPayloadManager
func NewAccountPayloadManager(aesKey []byte, config *AccountPayloadManagerConfig, logger *zap.Logger) (*AccountPayloadManager, error) {
l := logger.Named("AccountPayloadManager")
l.Debug("fired", zap.Binary("aesKey", aesKey), zap.Any("config", config))
pem, err := NewPayloadEncryptionManager(aesKey, l)
if err != nil {
return nil, err
}
// A new SHARED AccountPayload
p := new(AccountPayload)
return &AccountPayloadManager{
logger: l,
accountPayload: p,
PayloadEncryptionManager: pem,
accountPayloadMarshaller: NewPairingPayloadMarshaller(p, l),
payloadRepository: NewAccountPayloadRepository(p, config),
}, nil
}
// Mount loads and prepares the payload to be stored in the AccountPayloadManager's state ready for later access
func (apm *AccountPayloadManager) Mount() error {
l := apm.logger.Named("Mount()")
l.Debug("fired")
err := apm.payloadRepository.LoadFromSource()
if err != nil {
return err
}
l.Debug("after LoadFromSource")
pb, err := apm.accountPayloadMarshaller.MarshalToProtobuf()
if err != nil {
return err
}
l.Debug(
"after MarshalToProtobuf",
zap.Any("accountPayloadMarshaller.accountPayloadMarshaller.keys", apm.accountPayloadMarshaller.keys),
zap.Any("accountPayloadMarshaller.accountPayloadMarshaller.multiaccount", apm.accountPayloadMarshaller.multiaccount),
zap.String("accountPayloadMarshaller.accountPayloadMarshaller.password", apm.accountPayloadMarshaller.password),
zap.Binary("pb", pb),
)
return apm.Encrypt(pb)
}
// Receive takes a []byte representing raw data, parses and stores the data
func (apm *AccountPayloadManager) Receive(data []byte) error {
l := apm.logger.Named("Receive()")
l.Debug("fired")
err := apm.Decrypt(data)
if err != nil {
return err
}
l.Debug("after Decrypt")
err = apm.accountPayloadMarshaller.UnmarshalProtobuf(apm.Received())
if err != nil {
return err
}
l.Debug(
"after UnmarshalProtobuf",
zap.Any("accountPayloadMarshaller.accountPayloadMarshaller.keys", apm.accountPayloadMarshaller.keys),
zap.Any("accountPayloadMarshaller.accountPayloadMarshaller.multiaccount", apm.accountPayloadMarshaller.multiaccount),
zap.String("accountPayloadMarshaller.accountPayloadMarshaller.password", apm.accountPayloadMarshaller.password),
zap.Binary("accountPayloadMarshaller.Received()", apm.Received()),
)
return apm.payloadRepository.StoreToSource()
}
// ResetPayload resets all payload state managed by the AccountPayloadManager
func (apm *AccountPayloadManager) ResetPayload() {
apm.accountPayload.ResetPayload()
apm.PayloadEncryptionManager.ResetPayload()
}
// EncryptionPayload represents the plain text and encrypted text of payload data
type EncryptionPayload struct {
plain []byte
encrypted []byte
locked bool
}
func (ep *EncryptionPayload) lock() {
ep.locked = true
}
// PayloadEncryptionManager is responsible for encrypting and decrypting payload data
type PayloadEncryptionManager struct {
logger *zap.Logger
aesKey []byte
toSend *EncryptionPayload
received *EncryptionPayload
}
func NewPayloadEncryptionManager(aesKey []byte, logger *zap.Logger) (*PayloadEncryptionManager, error) {
return &PayloadEncryptionManager{logger.Named("PayloadEncryptionManager"), aesKey, new(EncryptionPayload), new(EncryptionPayload)}, nil
}
// EncryptPlain encrypts any given plain text using the internal AES key and returns the encrypted value
// This function is different to Encrypt as the internal EncryptionPayload.encrypted value is not set
func (pem *PayloadEncryptionManager) EncryptPlain(plaintext []byte) ([]byte, error) {
l := pem.logger.Named("EncryptPlain()")
l.Debug("fired")
return common.Encrypt(plaintext, pem.aesKey, rand.Reader)
}
func (pem *PayloadEncryptionManager) Encrypt(data []byte) error {
l := pem.logger.Named("Encrypt()")
l.Debug("fired")
ep, err := common.Encrypt(data, pem.aesKey, rand.Reader)
if err != nil {
return err
}
pem.toSend.plain = data
pem.toSend.encrypted = ep
l.Debug(
"after common.Encrypt",
zap.Binary("data", data),
zap.Binary("pem.aesKey", pem.aesKey),
zap.Binary("ep", ep),
)
return nil
}
func (pem *PayloadEncryptionManager) Decrypt(data []byte) error {
l := pem.logger.Named("Decrypt()")
l.Debug("fired")
pd, err := common.Decrypt(data, pem.aesKey)
l.Debug(
"after common.Decrypt(data, pem.aesKey)",
zap.Binary("data", data),
zap.Binary("pem.aesKey", pem.aesKey),
zap.Binary("pd", pd),
zap.Error(err),
)
if err != nil {
return err
}
pem.received.encrypted = data
pem.received.plain = pd
return nil
}
func (pem *PayloadEncryptionManager) ToSend() []byte {
if pem.toSend.locked {
return nil
}
return pem.toSend.encrypted
}
func (pem *PayloadEncryptionManager) Received() []byte {
if pem.toSend.locked {
return nil
}
return pem.received.plain
}
func (pem *PayloadEncryptionManager) ResetPayload() {
pem.toSend = new(EncryptionPayload)
pem.received = new(EncryptionPayload)
}
func (pem *PayloadEncryptionManager) LockPayload() {
l := pem.logger.Named("LockPayload")
l.Debug("fired")
pem.toSend.lock()
pem.received.lock()
}
// AccountPayload represents the payload structure a Server handles
type AccountPayload struct {
keys map[string][]byte
multiaccount *multiaccounts.Account
password string
}
func (ap *AccountPayload) ResetPayload() {
*ap = AccountPayload{}
}
// AccountPayloadMarshaller is responsible for marshalling and unmarshalling Server payload data
type AccountPayloadMarshaller struct {
logger *zap.Logger
*AccountPayload
}
func NewPairingPayloadMarshaller(ap *AccountPayload, logger *zap.Logger) *AccountPayloadMarshaller {
return &AccountPayloadMarshaller{logger: logger, AccountPayload: ap}
}
func (ppm *AccountPayloadMarshaller) MarshalToProtobuf() ([]byte, error) {
return proto.Marshal(&protobuf.LocalPairingPayload{
Keys: ppm.accountKeysToProtobuf(),
Multiaccount: ppm.multiaccount.ToProtobuf(),
Password: ppm.password,
})
}
func (ppm *AccountPayloadMarshaller) accountKeysToProtobuf() []*protobuf.LocalPairingPayload_Key {
var keys []*protobuf.LocalPairingPayload_Key
for name, data := range ppm.keys {
keys = append(keys, &protobuf.LocalPairingPayload_Key{Name: name, Data: data})
}
return keys
}
func (ppm *AccountPayloadMarshaller) UnmarshalProtobuf(data []byte) error {
l := ppm.logger.Named("UnmarshalProtobuf()")
l.Debug("fired")
pb := new(protobuf.LocalPairingPayload)
err := proto.Unmarshal(data, pb)
l.Debug(
"after protobuf.LocalPairingPayload",
zap.Any("pb", pb),
zap.Any("pb.Multiaccount", pb.Multiaccount),
zap.Any("pb.Keys", pb.Keys),
)
if err != nil {
return err
}
ppm.accountKeysFromProtobuf(pb.Keys)
ppm.multiaccountFromProtobuf(pb.Multiaccount)
ppm.password = pb.Password
return nil
}
func (ppm *AccountPayloadMarshaller) accountKeysFromProtobuf(pbKeys []*protobuf.LocalPairingPayload_Key) {
l := ppm.logger.Named("accountKeysFromProtobuf()")
l.Debug("fired")
if ppm.keys == nil {
ppm.keys = make(map[string][]byte)
}
for _, key := range pbKeys {
ppm.keys[key.Name] = key.Data
}
l.Debug(
"after for _, key := range pbKeys",
zap.Any("pbKeys", pbKeys),
zap.Any("accountPayloadMarshaller.keys", ppm.keys),
)
}
func (ppm *AccountPayloadMarshaller) multiaccountFromProtobuf(pbMultiAccount *protobuf.MultiAccount) {
ppm.multiaccount = new(multiaccounts.Account)
ppm.multiaccount.FromProtobuf(pbMultiAccount)
}
type PayloadRepository interface {
LoadFromSource() error
StoreToSource() error
}
// AccountPayloadRepository is responsible for loading, parsing, validating and storing Server payload data
type AccountPayloadRepository struct {
*AccountPayload
multiaccountsDB *multiaccounts.Database
keystorePath, keyUID string
}
func NewAccountPayloadRepository(p *AccountPayload, config *AccountPayloadManagerConfig) *AccountPayloadRepository {
ppr := &AccountPayloadRepository{
AccountPayload: p,
}
if config == nil {
return ppr
}
ppr.multiaccountsDB = config.DB
ppr.keystorePath = config.KeystorePath
ppr.keyUID = config.KeyUID
ppr.password = config.Password
return ppr
}
func (apr *AccountPayloadRepository) LoadFromSource() error {
err := apr.loadKeys(apr.keystorePath)
if err != nil {
return err
}
err = apr.validateKeys(apr.password)
if err != nil {
return err
}
apr.multiaccount, err = apr.multiaccountsDB.GetAccount(apr.keyUID)
if err != nil {
return err
}
return nil
}
func (apr *AccountPayloadRepository) loadKeys(keyStorePath string) error {
apr.keys = make(map[string][]byte)
fileWalker := func(path string, fileInfo os.FileInfo, err error) error {
if err != nil {
return err
}
if fileInfo.IsDir() || filepath.Dir(path) != keyStorePath {
return nil
}
rawKeyFile, err := ioutil.ReadFile(path)
if err != nil {
return fmt.Errorf("invalid account key file: %v", err)
}
accountKey := new(keystore.EncryptedKeyJSONV3)
if err := json.Unmarshal(rawKeyFile, &accountKey); err != nil {
return fmt.Errorf("failed to read key file: %s", err)
}
if len(accountKey.Address) != 40 {
return fmt.Errorf("account key address has invalid length '%s'", accountKey.Address)
}
apr.keys[fileInfo.Name()] = rawKeyFile
return nil
}
err := filepath.Walk(keyStorePath, fileWalker)
if err != nil {
return fmt.Errorf("cannot traverse key store folder: %v", err)
}
return nil
}
func (apr *AccountPayloadRepository) StoreToSource() error {
err := apr.validateKeys(apr.password)
if err != nil {
return err
}
err = apr.storeKeys(apr.keystorePath)
if err != nil {
return err
}
err = apr.storeMultiAccount()
if err != nil {
return err
}
// TODO install PublicKey into settings, probably do this outside of StoreToSource
return nil
}
func (apr *AccountPayloadRepository) validateKeys(password string) error {
for _, key := range apr.keys {
k, err := keystore.DecryptKey(key, password)
if err != nil {
return err
}
err = generator.ValidateKeystoreExtendedKey(k)
if err != nil {
return err
}
}
return nil
}
func (apr *AccountPayloadRepository) storeKeys(keyStorePath string) error {
if keyStorePath == "" {
return fmt.Errorf("keyStorePath can not be empty")
}
_, lastDir := filepath.Split(keyStorePath)
// If lastDir == "keystore" we presume we need to create the rest of the keystore path
// else we presume the provided keystore is valid
if lastDir == "keystore" {
if apr.multiaccount == nil || apr.multiaccount.KeyUID == "" {
return fmt.Errorf("no known Key UID")
}
keyStorePath = filepath.Join(keyStorePath, apr.multiaccount.KeyUID)
err := os.MkdirAll(keyStorePath, 0777)
if err != nil {
return err
}
}
for name, data := range apr.keys {
accountKey := new(keystore.EncryptedKeyJSONV3)
if err := json.Unmarshal(data, &accountKey); err != nil {
return fmt.Errorf("failed to read key file: %s", err)
}
if len(accountKey.Address) != 40 {
return fmt.Errorf("account key address has invalid length '%s'", accountKey.Address)
}
err := ioutil.WriteFile(filepath.Join(keyStorePath, name), data, 0600)
if err != nil {
return err
}
}
return nil
}
func (apr *AccountPayloadRepository) storeMultiAccount() error {
return apr.multiaccountsDB.SaveAccount(*apr.multiaccount)
}
type RawMessagePayloadManager struct {
logger *zap.Logger
// reference from AccountPayloadManager#accountPayload
accountPayload *AccountPayload
*PayloadEncryptionManager
payloadRepository *RawMessageRepository
}
func NewRawMessagePayloadManager(logger *zap.Logger, accountPayload *AccountPayload, aesKey []byte, backend *api.GethStatusBackend, keystorePath string) (*RawMessagePayloadManager, error) {
l := logger.Named("RawMessagePayloadManager")
pem, err := NewPayloadEncryptionManager(aesKey, l)
if err != nil {
return nil, err
}
return &RawMessagePayloadManager{
logger: l,
accountPayload: accountPayload,
PayloadEncryptionManager: pem,
payloadRepository: NewRawMessageRepository(backend, keystorePath, accountPayload),
}, nil
}
func (r *RawMessagePayloadManager) Mount() error {
err := r.payloadRepository.LoadFromSource()
if err != nil {
return err
}
return r.Encrypt(r.payloadRepository.payload)
}
func (r *RawMessagePayloadManager) Receive(data []byte) error {
err := r.Decrypt(data)
if err != nil {
return err
}
r.payloadRepository.payload = r.Received()
return r.payloadRepository.StoreToSource()
}
func (r *RawMessagePayloadManager) ResetPayload() {
r.payloadRepository.payload = make([]byte, 0)
r.PayloadEncryptionManager.ResetPayload()
}
type RawMessageRepository struct {
payload []byte
syncRawMessageHandler *SyncRawMessageHandler
keystorePath string
accountPayload *AccountPayload
}
func NewRawMessageRepository(backend *api.GethStatusBackend, keystorePath string, accountPayload *AccountPayload) *RawMessageRepository {
return &RawMessageRepository{
syncRawMessageHandler: NewSyncRawMessageHandler(backend),
keystorePath: keystorePath,
payload: make([]byte, 0),
accountPayload: accountPayload,
}
}
func (r *RawMessageRepository) LoadFromSource() error {
account := r.accountPayload.multiaccount
if account == nil || account.KeyUID == "" {
return fmt.Errorf("no known KeyUID when loading raw messages")
}
payload, err := r.syncRawMessageHandler.PrepareRawMessage(account.KeyUID)
if err != nil {
return err
}
r.payload = payload
return nil
}
func (r *RawMessageRepository) StoreToSource() error {
accountPayload := r.accountPayload
if accountPayload == nil || accountPayload.multiaccount == nil {
return fmt.Errorf("no known multiaccount when storing raw messages")
}
return r.syncRawMessageHandler.HandleRawMessage(accountPayload.multiaccount, accountPayload.password, r.keystorePath, r.payload)
}