func decryptRoomKey(clientKey *security.ManagedKey, capability security.Capability) (
*security.ManagedKey, error) {
if clientKey.Encrypted() {
return nil, security.ErrKeyMustBeDecrypted
}
iv, err := base64.URLEncoding.DecodeString(capability.CapabilityID())
if err != nil {
return nil, err
}
roomKeyJSON := capability.EncryptedPayload()
if err := clientKey.BlockCrypt(iv, clientKey.Plaintext, roomKeyJSON, false); err != nil {
return nil, err
}
roomKey := &security.ManagedKey{
KeyType: security.AES128,
}
if err := json.Unmarshal(clientKey.Unpad(roomKeyJSON), &roomKey.Plaintext); err != nil {
return nil, err
}
return roomKey, nil
}
func (cs *capabilities) Save(ctx scope.Context, account proto.Account, c security.Capability) error {
cs.Lock()
defer cs.Unlock()
if cs.capabilities == nil {
cs.capabilities = map[string]security.Capability{}
cs.accounts = map[string]proto.Account{}
}
cid := c.CapabilityID()
cs.capabilities[cid] = c
cs.accounts[cid] = account
return nil
}
func (rmc *RoomManagerCapabilities) Save(
ctx scope.Context, account proto.Account, c security.Capability) error {
capRow := &Capability{
ID: c.CapabilityID(),
NonceBytes: c.Nonce(),
EncryptedPrivateData: c.EncryptedPayload(),
PublicData: c.PublicPayload(),
}
rmCapRow := &RoomManagerCapability{
Room: rmc.Room.Name,
CapabilityID: c.CapabilityID(),
Granted: time.Now(),
}
if account != nil {
capRow.AccountID = account.ID().String()
rmCapRow.AccountID = account.ID().String()
}
return rmc.Executor.Insert(capRow, rmCapRow)
}