server: Add GetSecret, GetSecrets and SetSecret implementation

This change adds Secret Service method GetSecrets and Secret Item methods
GetSecret and SetSecret.

Signed-off-by: Dhanuka Warusadura <dhanuka@gnome.org>

Author: warusadura

server/src/collection.rs

@@ -193,6 +193,18 @@ impl Collection {
         items
     }
 
+    pub async fn item_from_path(&self, path: &OwnedObjectPath) -> Option<item::Item> {
+        let items = self.items.lock().await;
+
+        for item in items.iter() {
+            if item.path() == path {
+                return Some(item.clone());
+            }
+        }
+
+        None
+    }
+
     pub async fn dispatch_items(&self) -> Result<(), Error> {
         let keyring_items = self.keyring.items().await;
         let mut items = self.items.lock().await;

server/src/item.rs

@@ -20,7 +20,7 @@ pub struct Item {
     locked: Arc<AtomicBool>,
     inner: Arc<Mutex<oo7::portal::Item>>,
     // Other attributes
-    _manager: Arc<Mutex<ServiceManager>>,
+    manager: Arc<Mutex<ServiceManager>>,
     path: OwnedObjectPath,
 }
 
@@ -32,12 +32,83 @@ impl Item {
     }
 
     #[zbus(out_args("secret"))]
-    pub async fn get_secret(&self, _session: ObjectPath<'_>) -> Result<SecretInner, ServiceError> {
-        todo!()
+    pub async fn get_secret(
+        &self,
+        session: OwnedObjectPath,
+    ) -> Result<(SecretInner,), ServiceError> {
+        let manager = self.manager.lock().await;
+
+        let Some(session) = manager.session(&session) else {
+            tracing::error!("The session `{}` does not exist.", session);
+            return Err(ServiceError::NoSession(format!(
+                "The session `{}` does not exist.",
+                session
+            )));
+        };
+
+        if self.is_locked().await {
+            tracing::error!("Cannot get secret of a locked object `{}`", self.path);
+            return Err(ServiceError::IsLocked(format!(
+                "Cannot get secret of a locked object `{}`.",
+                self.path
+            )));
+        }
+
+        let inner = self.inner.lock().await;
+        let secret = inner.secret();
+
+        tracing::debug!("Secret retrieved from the item: {}.", self.path);
+
+        match session.aes_key() {
+            Some(key) => {
+                let iv = oo7::crypto::generate_iv();
+                let encrypted = oo7::crypto::encrypt(secret, &key, &iv);
+
+                Ok((SecretInner(
+                    session.path().clone(),
+                    iv,
+                    encrypted,
+                    "text/plain".to_owned(),
+                ),))
+            }
+            None => Ok((SecretInner(
+                session.path().clone(),
+                Vec::new(),
+                secret.to_vec(),
+                "text/plain".to_owned(),
+            ),)),
+        }
     }
 
-    pub async fn set_secret(&self, _secret: SecretInner) -> Result<(), ServiceError> {
-        todo!()
+    pub async fn set_secret(&self, secret: SecretInner) -> Result<(), ServiceError> {
+        let session = secret.0;
+        let manager = self.manager.lock().await;
+
+        let Some(session) = manager.session(&session) else {
+            tracing::error!("The session `{}` does not exist.", session);
+            return Err(ServiceError::NoSession(format!(
+                "The session `{}` does not exist.",
+                session
+            )));
+        };
+
+        let mut inner = self.inner.lock().await;
+
+        match session.aes_key() {
+            Some(key) => {
+                let iv = secret.1;
+                let secret_encrypted = secret.2;
+
+                let decrypted = oo7::crypto::decrypt(secret_encrypted, &key, &iv);
+                inner.set_secret(decrypted);
+            }
+            None => {
+                let secret_plain = secret.2;
+                inner.set_secret(secret_plain);
+            }
+        }
+
+        Ok(())
     }
 
     #[zbus(property, name = "Locked")]
@@ -94,7 +165,7 @@ impl Item {
             locked: Arc::new(AtomicBool::new(locked)),
             inner: Arc::new(Mutex::new(item)),
             path: OwnedObjectPath::try_from(format!("{}/{}", collection_path, item_index)).unwrap(),
-            _manager: manager,
+            manager,
         }
     }
 

server/src/service.rs

@@ -131,10 +131,38 @@ impl Service {
     #[zbus(out_args("secrets"))]
     pub async fn get_secrets(
         &self,
-        _items: Vec<OwnedObjectPath>,
-        _session: ObjectPath<'_>,
+        items: Vec<OwnedObjectPath>,
+        session: OwnedObjectPath,
     ) -> Result<HashMap<OwnedObjectPath, SecretInner>, ServiceError> {
-        todo!()
+        let mut secrets = HashMap::new();
+        let collections = self.collections.lock().await;
+
+        'outer: for collection in collections.iter() {
+            for item in &items {
+                if let Some(item) = collection.item_from_path(item).await {
+                    match item.get_secret(session.clone()).await {
+                        Ok(secret) => {
+                            secrets.insert(item.path().clone(), secret.0);
+                            // To avoid iterating through all the remaining collection, if the items
+                            // secrets are already retrieved.
+                            if secrets.len() == items.len() {
+                                break 'outer;
+                            }
+                        }
+                        // Based on gnome-keyring-daemon behavior, to avoid error out when the item
+                        // is Locked.
+                        Err(ServiceError::IsLocked(_)) => {
+                            continue;
+                        }
+                        Err(err) => {
+                            return Err(err);
+                        }
+                    };
+                }
+            }
+        }
+
+        Ok(secrets)
     }
 
     #[zbus(out_args("collection"))]

server/src/service_manager.rs

@@ -29,6 +29,10 @@ impl ServiceManager {
         self.sessions.len()
     }
 
+    pub fn session(&self, path: &OwnedObjectPath) -> Option<Arc<Session>> {
+        self.sessions.get(path).map(Arc::clone)
+    }
+
     pub fn insert_session(&mut self, path: OwnedObjectPath, session: Arc<Session>) {
         self.sessions.insert(path, session);
     }

server/src/session.rs

@@ -10,7 +10,7 @@ use crate::service_manager::ServiceManager;
 
 #[derive(Debug, Clone)]
 pub struct Session {
-    _aes_key: Option<Arc<Key>>,
+    aes_key: Option<Arc<Key>>,
     manager: Arc<Mutex<ServiceManager>>,
     path: OwnedObjectPath,
 }
@@ -34,12 +34,16 @@ impl Session {
         Self {
             path: OwnedObjectPath::try_from(format!("/org/freedesktop/secrets/session/s{index}"))
                 .unwrap(),
-            _aes_key: aes_key,
+            aes_key,
             manager,
         }
     }
 
     pub fn path(&self) -> &OwnedObjectPath {
         &self.path
     }
+
+    pub fn aes_key(&self) -> Option<Arc<Key>> {
+        self.aes_key.as_ref().map(Arc::clone)
+    }
 }