Exemple #1
0
func decryptRoomKey(clientKey *security.ManagedKey, capability security.Capability) (
	*security.ManagedKey, error) {

	if clientKey.Encrypted() {
		return nil, security.ErrKeyMustBeDecrypted
	}

	iv, err := base64.URLEncoding.DecodeString(capability.CapabilityID())
	if err != nil {
		return nil, err
	}

	roomKeyJSON := capability.EncryptedPayload()
	if err := clientKey.BlockCrypt(iv, clientKey.Plaintext, roomKeyJSON, false); err != nil {
		return nil, err
	}

	roomKey := &security.ManagedKey{
		KeyType: security.AES128,
	}
	if err := json.Unmarshal(clientKey.Unpad(roomKeyJSON), &roomKey.Plaintext); err != nil {
		return nil, err
	}
	return roomKey, nil
}
Exemple #2
0
func (cs *capabilities) Save(ctx scope.Context, account proto.Account, c security.Capability) error {
	cs.Lock()
	defer cs.Unlock()

	if cs.capabilities == nil {
		cs.capabilities = map[string]security.Capability{}
		cs.accounts = map[string]proto.Account{}
	}

	cid := c.CapabilityID()
	cs.capabilities[cid] = c
	cs.accounts[cid] = account
	return nil
}
Exemple #3
0
func (rmc *RoomManagerCapabilities) Save(
	ctx scope.Context, account proto.Account, c security.Capability) error {

	capRow := &Capability{
		ID:                   c.CapabilityID(),
		NonceBytes:           c.Nonce(),
		EncryptedPrivateData: c.EncryptedPayload(),
		PublicData:           c.PublicPayload(),
	}
	rmCapRow := &RoomManagerCapability{
		Room:         rmc.Room.Name,
		CapabilityID: c.CapabilityID(),
		Granted:      time.Now(),
	}
	if account != nil {
		capRow.AccountID = account.ID().String()
		rmCapRow.AccountID = account.ID().String()
	}
	return rmc.Executor.Insert(capRow, rmCapRow)
}