diff options
Diffstat (limited to 'lockchain-core/src')
-rw-r--r-- | lockchain-core/src/init.rs | 21 | ||||
-rw-r--r-- | lockchain-core/src/traits.rs | 2 | ||||
-rw-r--r-- | lockchain-core/src/users/userstore.rs | 17 |
3 files changed, 30 insertions, 10 deletions
diff --git a/lockchain-core/src/init.rs b/lockchain-core/src/init.rs index 1880599..410974a 100644 --- a/lockchain-core/src/init.rs +++ b/lockchain-core/src/init.rs @@ -2,16 +2,31 @@ use errors::VaultError; use traits::{Body, Vault}; /// Describes the internal permission layout of a vault +/// +/// --- +/// +/// **Important Note** Because lockchain-core doesn't make assumptions about +/// about the existence of a cryptographic layer, the `UserStore` that +/// handles these secrets assumes they are **not** secret! +/// +/// This means that only already encrypted keys should be given to the +/// generator type, because they will be written to disk **as is** by +/// certain backends! +/// +/// It is in the responsibility of the library user to make sure that all +/// cryptographic operations are handled on the client side. Clear-text +/// keys that are given to a generator +/// should be considered **fully compromised** #[derive(Debug, Serialize, Deserialize, Clone)] pub enum VaultType { /// Create an all-powerful root user which can access everything Administrated { - /// Set a root password - secret: String, + /// + secret: Vec<u8>, }, /// Similar to `Administrated` /// but only allows a single-user for a vault - SoloUser { username: String, secret: String }, + SoloUser { username: String, secret: Vec<u8> }, } /// A shared initialisation generator for vaults diff --git a/lockchain-core/src/traits.rs b/lockchain-core/src/traits.rs index 13fc1b3..9cd77b0 100644 --- a/lockchain-core/src/traits.rs +++ b/lockchain-core/src/traits.rs @@ -188,7 +188,7 @@ where /// Auto-implement this trait to serialise types to json pub trait AutoEncoder: Serialize + DeserializeOwned { fn encode(&self) -> Result<String, SerdeError> { - serde_json::to_string_pretty(self) + serde_json::to_string(self) } fn decode(s: &str) -> Result<Self, SerdeError> { diff --git a/lockchain-core/src/users/userstore.rs b/lockchain-core/src/users/userstore.rs index 5355cdb..51d78a8 100644 --- a/lockchain-core/src/users/userstore.rs +++ b/lockchain-core/src/users/userstore.rs @@ -1,7 +1,6 @@ //! Merging `KeyStore` and `Userstore` into the same concept use super::rights::Access; -use crypto::Key; use std::collections::HashMap; use traits::AutoEncoder; @@ -18,7 +17,7 @@ pub struct UserStore { #[derive(Serialize, Deserialize)] pub struct StoreUser { name: String, - keys: HashMap<Access, Key>, + keys: HashMap<Access, Vec<u8>>, } impl AutoEncoder for UserStore {} @@ -34,7 +33,7 @@ impl UserStore { } } /// Adds a new user to the store, with a root-key - pub fn add_user(&mut self, name: String, key: Key) { + pub fn add_user(&mut self, name: String, key: Vec<u8>) { let mut user = StoreUser { name: name.clone(), keys: HashMap::new(), @@ -47,7 +46,7 @@ impl UserStore { self.store.remove(name); } /// Add a key to an existing user - pub fn add_key(&mut self, user: String, k: Key, access: Access) { + pub fn add_key(&mut self, user: String, k: Vec<u8>, access: Access) { if !self.store.contains_key(&user) { return; } @@ -55,7 +54,13 @@ impl UserStore { self.store.get_mut(&user).unwrap().keys.insert(access, k); } - pub fn get_key(&self, user: String, access: Access) -> Option<&Key> { - self.store.get(&user).map_or(None, |u| u.keys.get(&access)) + pub fn get_root_key(&self, user: &str) -> Option<&Vec<u8>> { + self.store + .get(user) + .map_or(None, |u| u.keys.get(&Access::Root)) + } + + pub fn get_key(&self, user: &str, access: Access) -> Option<&Vec<u8>> { + self.store.get(user).map_or(None, |u| u.keys.get(&access)) } } |