manage_device_key.go

/*
Copyright (c) 2018 Vereign AG [https://www.vereign.com]

This is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/

package handler

import (
	keyutils "code.vereign.com/code/key-storage-agent/utils"
	"code.vereign.com/code/viam-apis/data-storage-agent/client"
	"code.vereign.com/code/viam-apis/key-storage-agent/api"
	"code.vereign.com/code/viam-apis/utils"
	"golang.org/x/net/context"
)

func (s *KeyStorageServerImpl) SetAuthorized(ctx context.Context, in *api.SetAuthorizedRequest) (*api.SetAuthorizedResponse, error) {
	setAuthorizedResponse := &api.SetAuthorizedResponse{}

	setAuthorizedResponse.StatusList = s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Unauthorized = !in.Value })
	if setAuthorizedResponse.StatusList != nil {
		return setAuthorizedResponse, nil
	}
	setAuthorizedResponse.StatusList = utils.AddStatus(setAuthorizedResponse.StatusList, "200", api.StatusType_INFO, "Keys authorization updated")
	return setAuthorizedResponse, nil
}

func (s *KeyStorageServerImpl) Destroy(ctx context.Context, in *api.DestroyRequest) (*api.DestroyResponse, error) {
	destroyResponse := &api.DestroyResponse{}

	destroyResponse.StatusList = s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Destroyed = true })
	if destroyResponse.StatusList != nil {
		return destroyResponse, nil
	}
	destroyResponse.StatusList = utils.AddStatus(destroyResponse.StatusList, "200", api.StatusType_INFO, "Keys destroyed")
	return destroyResponse, nil
}

func (s *KeyStorageServerImpl) Revoke(ctx context.Context, in *api.RevokeRequest) (*api.RevokeResponse, error) {
	revokeResponse := &api.RevokeResponse{}

	revokeResponse.StatusList = s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Revoked = true })
	if revokeResponse.StatusList != nil {
		return revokeResponse, nil
	}
	revokeResponse.StatusList = utils.AddStatus(revokeResponse.StatusList, "200", api.StatusType_INFO, "Keys revoked")
	return revokeResponse, nil
}

func (s *KeyStorageServerImpl) Suspend(ctx context.Context, in *api.SuspendRequest) (*api.SuspendResponse, error) {
	suspendResponse := &api.SuspendResponse{}

	suspendResponse.StatusList = s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Suspended = true })
	if suspendResponse.StatusList != nil {
		return suspendResponse, nil
	}
	suspendResponse.StatusList = utils.AddStatus(suspendResponse.StatusList, "200", api.StatusType_INFO, "Keys suspended")
	return suspendResponse, nil
}

func (s *KeyStorageServerImpl) Resume(ctx context.Context, in *api.ResumeRequest) (*api.ResumeResponse, error) {
	resumeResponse := &api.ResumeResponse{}

	resumeResponse.StatusList = s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Suspended = false })
	if resumeResponse.StatusList != nil {
		return resumeResponse, nil
	}
	resumeResponse.StatusList = utils.AddStatus(resumeResponse.StatusList, "200", api.StatusType_INFO, "Keys resumed")
	return resumeResponse, nil
}

func (s *KeyStorageServerImpl) Rename(ctx context.Context, in *api.RenameRequest) (*api.RenameResponse, error) {
	renameResponse := &api.RenameResponse{}

	renameResponse.StatusList = s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Name = in.Name })
	if renameResponse.StatusList != nil {
		return renameResponse, nil
	}
	renameResponse.StatusList = utils.AddStatus(renameResponse.StatusList, "200", api.StatusType_INFO, "Keys renamed")
	return renameResponse, nil
}

func (s *KeyStorageServerImpl) updateAll(ctx context.Context, uuid string, update func(*api.Key)) []*api.Status {
	auth := s.CreateAuthentication(ctx)

	client := keyutils.CreateDataStorageClient(auth)
	defer client.CloseClient()

	for _, kType := range []api.KeyType{api.KeyType_PRIVATE, api.KeyType_PUBLIC, api.KeyType_CERTIFICATE} {
		statusList := updateKey(client, uuid, kType, update)
		if statusList != nil {
			return statusList
		}
	}

	return nil
}

func updateKey(client *client.DataStorageClientImpl, uuid string, keyType api.KeyType, update func(*api.Key)) []*api.Status {
	key, statusList := keyutils.GetKey(client, uuid, keyType)
	if statusList != nil {
		return statusList
	}

	update(key)

	_, errors, err := client.PutData("keys", uuid+"/"+api.KeyType.String(keyType), key)
	statusList = keyutils.HandlePutDataErrors(statusList, errors, err)
	if statusList != nil && len(statusList) > 0 {
		return statusList
	}

	return nil
}