server: Add GetSecret and GetSecrets implementation

This change adds Secret Service method GetSecrets and Secret Item method
GetSecret.

Signed-off-by: Dhanuka Warusadura <dhanuka@gnome.org>

Author: warusadura

server/src/collection.rs

@@ -157,6 +157,18 @@ impl Collection {
         self.alias.lock().await.clone()
     }
 
+    pub async fn get_item_from_path(&self, path: &OwnedObjectPath) -> Option<item::Item> {
+        let items = self.items.lock().await;
+
+        for item in items.iter() {
+            if item.path() == path {
+                return Some(item.clone());
+            }
+        }
+
+        None
+    }
+
     pub async fn dispatch_items(&self) -> Result<(), Error> {
         let keyring_items = self.keyring.items().await;
         let mut items = self.items.lock().await;

server/src/item.rs

@@ -20,7 +20,7 @@ pub struct Item {
     locked: Arc<AtomicBool>,
     inner: Arc<Mutex<oo7::portal::Item>>,
     // Other attributes
-    _manager: Arc<Mutex<ServiceManager>>,
+    manager: Arc<Mutex<ServiceManager>>,
     path: OwnedObjectPath,
 }
 
@@ -32,8 +32,47 @@ impl Item {
     }
 
     #[zbus(out_args("secret"))]
-    pub async fn get_secret(&self, _session: ObjectPath<'_>) -> Result<SecretInner, ServiceError> {
-        todo!()
+    pub async fn get_secret(
+        &self,
+        session: OwnedObjectPath,
+    ) -> Result<(SecretInner,), ServiceError> {
+        let manager = self.manager.lock().await;
+
+        let Some(session) = manager.session(&session) else {
+            tracing::error!("The session: {} does not exist.", session);
+            return Err(ServiceError::NoSession(
+                "The session does not exist.".to_string(),
+            ));
+        };
+
+        if self.is_locked().await {
+            tracing::error!("Cannot get secret of a locked object.");
+            return Err(ServiceError::IsLocked(
+                "Cannot get secret of a locked object.".to_string(),
+            ));
+        }
+
+        let inner = self.inner.lock().await;
+        let secret = inner.secret();
+        let mut iv = Vec::new();
+        let key = session.aes_key();
+        let encrypted;
+
+        if let Some(key) = key {
+            iv = oo7::crypto::generate_iv();
+            encrypted = oo7::crypto::encrypt(secret, &key, &iv);
+        } else {
+            encrypted = secret.to_vec();
+        };
+
+        tracing::info!("Secret retrieved from the item: {}.", self.path);
+
+        Ok((SecretInner(
+            session.path().clone(),
+            iv,
+            encrypted,
+            "text/plain".to_string(),
+        ),))
     }
 
     pub async fn set_secret(&self, _secret: SecretInner) -> Result<(), ServiceError> {
@@ -94,7 +133,7 @@ impl Item {
             locked: Arc::new(AtomicBool::new(locked)),
             inner: Arc::new(Mutex::new(item)),
             path: OwnedObjectPath::try_from(format!("{}/{}", collection_path, item_index)).unwrap(),
-            _manager: manager,
+            manager,
         }
     }
 

server/src/service.rs

@@ -107,10 +107,40 @@ impl Service {
     #[zbus(out_args("secrets"))]
     pub async fn get_secrets(
         &self,
-        _items: Vec<OwnedObjectPath>,
-        _session: ObjectPath<'_>,
+        items: Vec<OwnedObjectPath>,
+        session: OwnedObjectPath,
     ) -> Result<HashMap<OwnedObjectPath, SecretInner>, ServiceError> {
-        todo!()
+        let mut secrets = HashMap::new();
+        let collections = self.collections.lock().await;
+
+        'outer: for collection in collections.iter() {
+            for item in &items {
+                if let Some(item) = collection.get_item_from_path(item).await {
+                    match item.get_secret(session.clone()).await {
+                        Ok(secret) => {
+                            secrets.insert(item.path().clone(), secret.0);
+                            if secrets.len() == items.len() {
+                                break 'outer;
+                            }
+                        }
+                        Err(ServiceError::NoSession(err)) => {
+                            return Err(ServiceError::NoSession(err));
+                        }
+                        Err(err) => {
+                            return Err(err);
+                        }
+                    };
+                } else {
+                    tracing::info!(
+                        "Item: {:?} does not exist in collection: {}",
+                        item,
+                        collection.path().clone()
+                    );
+                }
+            }
+        }
+
+        Ok(secrets)
     }
 
     #[zbus(out_args("collection"))]

server/src/service_manager.rs

@@ -29,6 +29,10 @@ impl ServiceManager {
         self.sessions.len()
     }
 
+    pub fn session(&self, path: &OwnedObjectPath) -> Option<Arc<Session>> {
+        self.sessions.get(path).map(Arc::clone)
+    }
+
     pub fn insert_session(&mut self, path: OwnedObjectPath, session: Arc<Session>) {
         self.sessions.insert(path, session);
     }

server/src/session.rs

@@ -10,7 +10,7 @@ use crate::service_manager::ServiceManager;
 
 #[derive(Debug, Clone)]
 pub struct Session {
-    _aes_key: Option<Arc<Key>>,
+    aes_key: Option<Arc<Key>>,
     manager: Arc<Mutex<ServiceManager>>,
     path: OwnedObjectPath,
 }
@@ -34,12 +34,16 @@ impl Session {
         Self {
             path: OwnedObjectPath::try_from(format!("/org/freedesktop/secrets/session/s{index}"))
                 .unwrap(),
-            _aes_key: aes_key,
+            aes_key,
             manager,
         }
     }
 
     pub fn path(&self) -> &OwnedObjectPath {
         &self.path
     }
+
+    pub fn aes_key(&self) -> Option<Arc<Key>> {
+        self.aes_key.as_ref().map(Arc::clone)
+    }
 }