manage_device_key.go

/*
Copyright (c) 2018 Vereign AG [https://www.vereign.com]

This is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/

package handler

import (
	keyutils "code.vereign.com/code/key-storage-agent/utils"
	"code.vereign.com/code/viam-apis/data-storage-agent/client"
	"code.vereign.com/code/viam-apis/errors"
	"code.vereign.com/code/viam-apis/key-storage-agent/api"
	"golang.org/x/net/context"
)

func (s *KeyStorageServerImpl) SetAuthorized(ctx context.Context, in *api.SetAuthorizedRequest) (*api.SetAuthorizedResponse, error) {

	err := s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Unauthorized = !in.Value })
	if err != nil {
		return nil, errors.WrapInternal(err, "Could not authorize keys")
	}

	setAuthorizedResponse := &api.SetAuthorizedResponse{}
	return setAuthorizedResponse, nil
}

func (s *KeyStorageServerImpl) Destroy(ctx context.Context, in *api.DestroyRequest) (*api.DestroyResponse, error) {

	err := s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Destroyed = true })
	if err != nil {
		return nil, errors.WrapInternal(err, "Could not destroy keys")
	}

	destroyResponse := &api.DestroyResponse{}
	return destroyResponse, nil
}

func (s *KeyStorageServerImpl) Revoke(ctx context.Context, in *api.RevokeRequest) (*api.RevokeResponse, error) {

	err := s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Revoked = true })
	if err != nil {
		return nil, errors.WrapInternal(err, "Could not revoke keys")
	}

	revokeResponse := &api.RevokeResponse{}
	return revokeResponse, nil
}

func (s *KeyStorageServerImpl) Suspend(ctx context.Context, in *api.SuspendRequest) (*api.SuspendResponse, error) {

	err := s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Suspended = true })
	if err != nil {
		return nil, errors.WrapInternal(err, "Could not suspend keys")
	}

	suspendResponse := &api.SuspendResponse{}
	return suspendResponse, nil
}

func (s *KeyStorageServerImpl) Resume(ctx context.Context, in *api.ResumeRequest) (*api.ResumeResponse, error) {

	err := s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Suspended = false })
	if err != nil {
		return nil, errors.WrapInternal(err, "Could not resume keys")
	}

	resumeResponse := &api.ResumeResponse{}
	return resumeResponse, nil
}

func (s *KeyStorageServerImpl) Rename(ctx context.Context, in *api.RenameRequest) (*api.RenameResponse, error) {

	err := s.updateAll(ctx, in.Uuid, func(k *api.Key) { k.Name = in.Name })
	if err != nil {
		return nil, errors.WrapInternal(err, "Could not rename keys")
	}

	renameResponse := &api.RenameResponse{}
	return renameResponse, nil
}

func (s *KeyStorageServerImpl) updateAll(ctx context.Context, uuid string, updateFunc func(*api.Key)) error {
	auth := s.CreateAuthentication(ctx)

	client := keyutils.CreateDataStorageClient(auth)
	defer client.CloseClient()

	for _, kType := range []api.KeyType{api.KeyType_PRIVATE, api.KeyType_PUBLIC, api.KeyType_CERTIFICATE} {
		err := updateKey(client, uuid, kType, updateFunc)
		if err != nil {
			if !errors.Wraps(err, keyutils.ErrNoData) {
				return err
			}
		}
	}

	return nil
}

func updateKey(client *client.DataStorageClientImpl, uuid string, keyType api.KeyType, updateFunc func(*api.Key)) error {
	key, err := keyutils.GetKey(client, uuid, keyType)
	if err != nil {
		return err
	}

	updateFunc(key)

	_, _, err = client.PutData("keys", uuid+"/"+api.KeyType.String(keyType), key)
	if err != nil {
		return errors.WrapInternalFormat(err, "Could not store key %s", uuid+"/"+api.KeyType.String(keyType))
	}

	return nil
}