server: Add GetSecret and GetSecrets implementation

warusadura · warusadura · commit 8784f6d3e78a · 2024-11-11T18:43:56.000+05:30
This change adds Secret Service method GetSecrets and Secret Item method
GetSecret.

Signed-off-by: Dhanuka Warusadura &lt;dhanuka@gnome.org&gt;
diff --git a/server/src/collection.rs b/server/src/collection.rs
@@ -157,6 +157,18 @@ impl Collection {
         self.alias.lock().await.clone()
     }
 
+    pub async fn item_inner(&self, path: &OwnedObjectPath) -> Option<item::Item> {
+        let items = self.items.lock().await;
+
+        for item in items.iter() {
+            if item.path() == path {
+                return Some(item.clone());
+            }
+        }
+
+        None
+    }
+
     pub async fn dispatch_items(&self) -> Result<(), Error> {
         let keyring_items = self.keyring.items().await;
         let mut items = self.items.lock().await;
diff --git a/server/src/item.rs b/server/src/item.rs
@@ -20,7 +20,7 @@ pub struct Item {
     locked: Arc<AtomicBool>,
     inner: Arc<Mutex<oo7::portal::Item>>,
     // Other attributes
-    _manager: Arc<Mutex<ServiceManager>>,
+    manager: Arc<Mutex<ServiceManager>>,
     path: OwnedObjectPath,
 }
 
@@ -32,8 +32,49 @@ impl Item {
     }
 
     #[zbus(out_args("secret"))]
-    pub async fn get_secret(&self, _session: ObjectPath<'_>) -> Result<SecretInner, ServiceError> {
-        todo!()
+    pub async fn get_secret(
+        &self,
+        session: OwnedObjectPath,
+    ) -> Result<(SecretInner,), ServiceError> {
+        let manager = self.manager.lock().await;
+        let session_inner;
+
+        if let Some(session) = manager.session(&session) {
+            session_inner = session;
+        } else {
+            tracing::error!("The session: {} does not exist.", session);
+            return Err(ServiceError::NoSession(
+                "The session does not exist.".to_string(),
+            ));
+        }
+
+        if self.is_locked().await {
+            tracing::error!("Cannot get secret of a locked object.");
+            return Err(ServiceError::IsLocked(
+                "Cannot get secret of a locked object.".to_string(),
+            ));
+        }
+
+        let inner = self.inner.lock().await;
+        let secret = inner.secret();
+        let iv = oo7::crypto::generate_iv();
+        let key = session_inner.aes_key();
+        let encrypted;
+
+        if let Some(key) = key {
+            encrypted = oo7::crypto::encrypt(secret, &key, &iv);
+        } else {
+            encrypted = secret.to_vec();
+        };
+
+        tracing::info!("Secret retrieved from the item: {}.", self.path);
+
+        Ok((SecretInner(
+            session,
+            iv,
+            encrypted,
+            "text/plain".to_string(),
+        ),))
     }
 
     pub async fn set_secret(&self, _secret: SecretInner) -> Result<(), ServiceError> {
@@ -94,7 +135,7 @@ impl Item {
             locked: Arc::new(AtomicBool::new(locked)),
             inner: Arc::new(Mutex::new(item)),
             path: OwnedObjectPath::try_from(format!("{}/{}", collection_path, item_index)).unwrap(),
-            _manager: manager,
+            manager,
         }
     }
 
diff --git a/server/src/service.rs b/server/src/service.rs
@@ -107,10 +107,38 @@ impl Service {
     #[zbus(out_args("secrets"))]
     pub async fn get_secrets(
         &self,
-        _items: Vec<OwnedObjectPath>,
-        _session: ObjectPath<'_>,
+        items: Vec<OwnedObjectPath>,
+        session: OwnedObjectPath,
     ) -> Result<HashMap<OwnedObjectPath, SecretInner>, ServiceError> {
-        todo!()
+        let mut secrets: HashMap<OwnedObjectPath, SecretInner> = HashMap::new();
+        let collections = self.collections.lock().await;
+
+        'outer: for collection in collections.iter() {
+            for item in &items {
+                if let Some(item) = collection.item_inner(item).await {
+                    match item.get_secret(session.clone()).await {
+                        Ok(secret) => {
+                            secrets.insert(item.path().clone(), secret.0);
+                            if secrets.len() == items.len() {
+                                break 'outer;
+                            }
+                        }
+                        Err(ServiceError::NoSession(err)) => {
+                            return Err(ServiceError::NoSession(err));
+                        }
+                        Err(_) => (),
+                    };
+                } else {
+                    tracing::info!(
+                        "Item: {:?} does not exist in collection: {}",
+                        item,
+                        collection.path().clone()
+                    );
+                }
+            }
+        }
+
+        Ok(secrets)
     }
 
     #[zbus(out_args("collection"))]
diff --git a/server/src/service_manager.rs b/server/src/service_manager.rs
@@ -29,6 +29,10 @@ impl ServiceManager {
         self.sessions.len()
     }
 
+    pub fn session(&self, path: &OwnedObjectPath) -> Option<Arc<Session>> {
+        self.sessions.get(path).map(Arc::clone)
+    }
+
     pub fn insert_session(&mut self, path: OwnedObjectPath, session: Arc<Session>) {
         self.sessions.insert(path, session);
     }
diff --git a/server/src/session.rs b/server/src/session.rs
@@ -10,7 +10,7 @@ use crate::service_manager::ServiceManager;
 
 #[derive(Debug, Clone)]
 pub struct Session {
-    _aes_key: Option<Arc<Key>>,
+    aes_key: Option<Arc<Key>>,
     manager: Arc<Mutex<ServiceManager>>,
     path: OwnedObjectPath,
 }
@@ -34,12 +34,16 @@ impl Session {
         Self {
             path: OwnedObjectPath::try_from(format!("/org/freedesktop/secrets/session/s{index}"))
                 .unwrap(),
-            _aes_key: aes_key,
+            aes_key,
             manager,
         }
     }
 
     pub fn path(&self) -> &OwnedObjectPath {
         &self.path
     }
+
+    pub fn aes_key(&self) -> Option<Arc<Key>> {
+        self.aes_key.as_ref().map(Arc::clone)
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,10 @@ impl ServiceManager {`
`29`	`29`	`self.sessions.len()`
`30`	`30`	`}`
`31`	`31`
	`32`	`+ pub fn session(&self, path: &OwnedObjectPath) -> Option<Arc<Session>> {`
	`33`	`+ self.sessions.get(path).map(Arc::clone)`
	`34`	`+ }`
	`35`	`+`
`32`	`36`	`pub fn insert_session(&mut self, path: OwnedObjectPath, session: Arc<Session>) {`
`33`	`37`	`self.sessions.insert(path, session);`
`34`	`38`	`}`
Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@ use crate::service_manager::ServiceManager;`
`10`	`10`
`11`	`11`	`#[derive(Debug, Clone)]`
`12`	`12`	`pub struct Session {`
`13`		`- _aes_key: Option<Arc<Key>>,`
	`13`	`+ aes_key: Option<Arc<Key>>,`
`14`	`14`	`manager: Arc<Mutex<ServiceManager>>,`
`15`	`15`	`path: OwnedObjectPath,`
`16`	`16`	`}`
`@@ -34,12 +34,16 @@ impl Session {`
`34`	`34`	`Self {`
`35`	`35`	`path: OwnedObjectPath::try_from(format!("/org/freedesktop/secrets/session/s{index}"))`
`36`	`36`	`.unwrap(),`
`37`		`- _aes_key: aes_key,`
	`37`	`+ aes_key,`
`38`	`38`	`manager,`
`39`	`39`	`}`
`40`	`40`	`}`
`41`	`41`
`42`	`42`	`pub fn path(&self) -> &OwnedObjectPath {`
`43`	`43`	`&self.path`
`44`	`44`	`}`
	`45`	`+`
	`46`	`+ pub fn aes_key(&self) -> Option<Arc<Key>> {`
	`47`	`+ self.aes_key.as_ref().map(Arc::clone)`
	`48`	`+ }`
`45`	`49`	`}`