diff --git a/common/pkg/acl/aclrecordproto/aclrecord.pb.go b/common/pkg/acl/aclrecordproto/aclrecord.pb.go index e11f5209..385d7df5 100644 --- a/common/pkg/acl/aclrecordproto/aclrecord.pb.go +++ b/common/pkg/acl/aclrecordproto/aclrecord.pb.go @@ -681,10 +681,9 @@ func (m *ACLUserAdd) GetPermissions() ACLUserPermissions { type ACLUserInvite struct { AcceptPublicKey []byte `protobuf:"bytes,1,opt,name=acceptPublicKey,proto3" json:"acceptPublicKey,omitempty"` - EncryptPublicKey []byte `protobuf:"bytes,2,opt,name=encryptPublicKey,proto3" json:"encryptPublicKey,omitempty"` + EncryptSymKeyHash uint64 `protobuf:"varint,2,opt,name=encryptSymKeyHash,proto3" json:"encryptSymKeyHash,omitempty"` EncryptedReadKeys [][]byte `protobuf:"bytes,3,rep,name=encryptedReadKeys,proto3" json:"encryptedReadKeys,omitempty"` Permissions ACLUserPermissions `protobuf:"varint,4,opt,name=permissions,proto3,enum=aclrecord.ACLUserPermissions" json:"permissions,omitempty"` - InviteId string `protobuf:"bytes,5,opt,name=inviteId,proto3" json:"inviteId,omitempty"` } func (m *ACLUserInvite) Reset() { *m = ACLUserInvite{} } @@ -727,11 +726,11 @@ func (m *ACLUserInvite) GetAcceptPublicKey() []byte { return nil } -func (m *ACLUserInvite) GetEncryptPublicKey() []byte { +func (m *ACLUserInvite) GetEncryptSymKeyHash() uint64 { if m != nil { - return m.EncryptPublicKey + return m.EncryptSymKeyHash } - return nil + return 0 } func (m *ACLUserInvite) GetEncryptedReadKeys() [][]byte { @@ -748,18 +747,11 @@ func (m *ACLUserInvite) GetPermissions() ACLUserPermissions { return ACLUserPermissions_Admin } -func (m *ACLUserInvite) GetInviteId() string { - if m != nil { - return m.InviteId - } - return "" -} - type ACLUserJoin struct { Identity []byte `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` EncryptionKey []byte `protobuf:"bytes,2,opt,name=encryptionKey,proto3" json:"encryptionKey,omitempty"` AcceptSignature []byte `protobuf:"bytes,3,opt,name=acceptSignature,proto3" json:"acceptSignature,omitempty"` - InviteId string `protobuf:"bytes,4,opt,name=inviteId,proto3" json:"inviteId,omitempty"` + AcceptPubKey []byte `protobuf:"bytes,4,opt,name=acceptPubKey,proto3" json:"acceptPubKey,omitempty"` EncryptedReadKeys [][]byte `protobuf:"bytes,5,rep,name=encryptedReadKeys,proto3" json:"encryptedReadKeys,omitempty"` } @@ -817,11 +809,11 @@ func (m *ACLUserJoin) GetAcceptSignature() []byte { return nil } -func (m *ACLUserJoin) GetInviteId() string { +func (m *ACLUserJoin) GetAcceptPubKey() []byte { if m != nil { - return m.InviteId + return m.AcceptPubKey } - return "" + return nil } func (m *ACLUserJoin) GetEncryptedReadKeys() [][]byte { @@ -1019,61 +1011,61 @@ func init() { } var fileDescriptor_14abe0d1b4206d54 = []byte{ - // 859 bytes of a gzipped FileDescriptorProto + // 854 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0x4f, 0x6f, 0x1b, 0x45, 0x14, 0xdf, 0x59, 0x3b, 0x71, 0xf6, 0xd9, 0x6d, 0xdc, 0x11, 0xa4, 0xab, 0xa8, 0x58, 0xd6, 0x8a, - 0x83, 0x55, 0x81, 0x0b, 0x06, 0xa9, 0x28, 0x07, 0x90, 0x6b, 0x5a, 0xd9, 0x24, 0x87, 0x6a, 0x02, - 0x14, 0x71, 0x9b, 0xee, 0x8e, 0x92, 0x51, 0xed, 0xdd, 0xd5, 0xec, 0xd8, 0xc8, 0x47, 0xce, 0x5c, - 0xe0, 0x23, 0xf0, 0x41, 0x38, 0x71, 0xe1, 0xd8, 0x0b, 0x12, 0x47, 0x94, 0x7c, 0x01, 0xee, 0x5c, - 0xd0, 0xcc, 0xfe, 0xdf, 0xb5, 0x2d, 0x2a, 0x59, 0x3d, 0x24, 0xde, 0xf7, 0xde, 0xef, 0x3d, 0xff, - 0xe6, 0xf7, 0xde, 0xbc, 0x35, 0x7c, 0x18, 0xbe, 0xba, 0x7a, 0x44, 0xdd, 0xb9, 0xfa, 0x13, 0xcc, - 0x0d, 0x84, 0x17, 0x8a, 0x40, 0x06, 0x8f, 0xf4, 0xff, 0x28, 0xf7, 0x0e, 0xb5, 0x03, 0x5b, 0x99, - 0xc3, 0x79, 0x06, 0x1d, 0x42, 0x7f, 0x18, 0x4f, 0x2e, 0x88, 0xb6, 0xb1, 0x0d, 0xad, 0x90, 0xae, - 0xe7, 0x01, 0xf5, 0x6c, 0xd4, 0x47, 0x83, 0x0e, 0x49, 0x4d, 0xfc, 0x00, 0xac, 0x88, 0x5f, 0xf9, - 0x54, 0x2e, 0x05, 0xb3, 0x4d, 0x1d, 0xcb, 0x1d, 0xce, 0xe7, 0x80, 0x8b, 0x75, 0x5e, 0x70, 0x79, - 0x3d, 0xdb, 0x55, 0xed, 0x2e, 0x98, 0xdc, 0xd3, 0x65, 0x2c, 0x62, 0x72, 0xcf, 0xf9, 0x15, 0x81, - 0x95, 0xb3, 0x38, 0x81, 0xc3, 0x50, 0xb0, 0xd5, 0x2c, 0x4e, 0xb3, 0x48, 0x62, 0xe1, 0x53, 0x38, - 0xe2, 0x1e, 0xf3, 0x25, 0x97, 0xeb, 0x84, 0x42, 0x66, 0x63, 0x0c, 0x4d, 0x8f, 0x4a, 0x6a, 0x37, - 0xb4, 0x5f, 0x3f, 0xe3, 0x21, 0x60, 0x77, 0x29, 0x04, 0xf3, 0x25, 0x61, 0xd4, 0x3b, 0x67, 0xeb, - 0x29, 0x8d, 0xae, 0xed, 0x66, 0x1f, 0x0d, 0x9a, 0x64, 0x43, 0x44, 0x9d, 0x51, 0xf2, 0x05, 0x8b, - 0x24, 0x5d, 0x84, 0xf6, 0x41, 0x1f, 0x0d, 0x1a, 0x24, 0x77, 0x38, 0x3f, 0x99, 0xd0, 0x52, 0x1c, - 0x83, 0x40, 0x96, 0x98, 0xa0, 0x0a, 0x93, 0xf7, 0xe1, 0x0e, 0xf3, 0x5d, 0xb1, 0x0e, 0x25, 0x0f, - 0xfc, 0x73, 0x96, 0x52, 0x2d, 0x3b, 0x95, 0x36, 0x51, 0x48, 0x5d, 0x36, 0xf3, 0x34, 0x65, 0x8b, - 0xa4, 0x26, 0x7e, 0x08, 0xdd, 0x04, 0xca, 0xbc, 0x84, 0x9d, 0xe6, 0xdc, 0x21, 0x35, 0xbf, 0xc2, - 0x7a, 0x4c, 0xf0, 0x15, 0x55, 0x65, 0x2f, 0xdd, 0x6b, 0xb6, 0x60, 0x9a, 0xb8, 0x45, 0x6a, 0xfe, - 0x2d, 0x6a, 0x1c, 0xfe, 0x3f, 0x35, 0x5a, 0x55, 0x35, 0xfe, 0x34, 0xe1, 0x78, 0x3c, 0xb9, 0x98, - 0x04, 0xbe, 0x64, 0xbe, 0xfc, 0x96, 0xce, 0x97, 0x0c, 0x7f, 0x0c, 0xad, 0x65, 0xc4, 0xc4, 0xd8, - 0x8b, 0x1b, 0xd7, 0x1e, 0xbd, 0x3b, 0xcc, 0x67, 0x6f, 0x3c, 0xb9, 0xf8, 0x26, 0x0e, 0x4e, 0x0d, - 0x92, 0xe2, 0xf0, 0x19, 0x80, 0x7a, 0x24, 0x6c, 0x11, 0xac, 0xe2, 0xb9, 0x6a, 0x8f, 0xec, 0x7a, - 0x56, 0x1c, 0x9f, 0x1a, 0xa4, 0x80, 0xc6, 0xdf, 0xc1, 0x3b, 0xca, 0x7a, 0xce, 0xc4, 0x82, 0x47, - 0x11, 0x0f, 0xfc, 0xc9, 0x35, 0xf5, 0xaf, 0x98, 0xd6, 0xb3, 0x3d, 0x72, 0xea, 0x55, 0xaa, 0xc8, - 0xa9, 0x41, 0x36, 0x56, 0x48, 0x59, 0xcd, 0xfc, 0x15, 0x97, 0x4c, 0x8b, 0xbf, 0x91, 0x55, 0x1c, - 0x4f, 0x59, 0xc5, 0x16, 0xfe, 0x14, 0x8e, 0x94, 0xf5, 0x55, 0xc0, 0x7d, 0xdd, 0x8a, 0xf6, 0xe8, - 0xa4, 0x9e, 0xa9, 0xa2, 0x53, 0x83, 0x64, 0xc8, 0x27, 0x2d, 0x38, 0x58, 0x29, 0x0d, 0x9d, 0xa7, - 0x7a, 0xc8, 0xbe, 0x54, 0xe3, 0x7b, 0x06, 0x40, 0xdd, 0x79, 0xa2, 0xb0, 0x8d, 0xfa, 0x8d, 0x41, - 0x7b, 0x74, 0x5a, 0xae, 0x55, 0x94, 0x9f, 0x14, 0xd0, 0xce, 0xbf, 0x08, 0x8e, 0xc6, 0x93, 0x8b, - 0x4b, 0x49, 0x25, 0x53, 0x13, 0x29, 0xf2, 0xc6, 0xb2, 0x48, 0xd7, 0x6a, 0x92, 0xb2, 0x13, 0x3f, - 0x8e, 0x0f, 0xad, 0x53, 0x22, 0xdb, 0xd4, 0x5f, 0x77, 0xbf, 0x4e, 0x5d, 0xc7, 0x49, 0x01, 0x8a, - 0xcf, 0xa0, 0xc5, 0xf5, 0xd9, 0x23, 0xbb, 0xa1, 0xb3, 0xfa, 0xe5, 0x2c, 0x0d, 0x1b, 0xc6, 0xf2, - 0x44, 0x4f, 0x7d, 0x29, 0xd6, 0x24, 0x4d, 0x38, 0xfd, 0x1a, 0x3a, 0xc5, 0x00, 0xee, 0x42, 0xe3, - 0x15, 0x5b, 0x27, 0xf7, 0x5e, 0x3d, 0xe2, 0x61, 0xa2, 0xcc, 0xf6, 0xe1, 0x88, 0x0b, 0x90, 0x18, - 0x76, 0x66, 0x7e, 0x86, 0x9c, 0x5f, 0x10, 0x74, 0x8a, 0x74, 0xf7, 0x70, 0x5f, 0xbf, 0x80, 0x76, - 0x98, 0x8d, 0x49, 0xa4, 0x67, 0xec, 0xee, 0xe8, 0xbd, 0x5d, 0x33, 0x16, 0x91, 0x62, 0x86, 0xf3, - 0x1b, 0x02, 0xc8, 0xef, 0xc0, 0x1e, 0x18, 0x7d, 0x00, 0xf7, 0xaa, 0xfb, 0x20, 0x6e, 0x40, 0x87, - 0xd4, 0x03, 0x55, 0xfe, 0xcd, 0x37, 0xe6, 0xff, 0x0f, 0x82, 0x3b, 0x25, 0xc1, 0xf1, 0x00, 0x8e, - 0xa9, 0xeb, 0xb2, 0x50, 0x3e, 0x5f, 0xbe, 0x9c, 0x73, 0xf7, 0x9c, 0xa5, 0x27, 0xa9, 0xba, 0x0b, - 0x2b, 0x2d, 0x87, 0x9a, 0xa5, 0x95, 0x96, 0x63, 0xdf, 0xee, 0xb1, 0x74, 0x1f, 0xf4, 0x71, 0x66, - 0x5e, 0xb2, 0x39, 0x33, 0xdb, 0xf9, 0x1d, 0x41, 0xbb, 0x70, 0x61, 0xf7, 0xd0, 0xb3, 0x4c, 0xb2, - 0xcb, 0xec, 0x5d, 0xda, 0x28, 0x4a, 0x96, 0xb9, 0x4b, 0xbc, 0x9a, 0x65, 0x5e, 0x9b, 0x25, 0x3a, - 0xd8, 0x22, 0x91, 0x13, 0x65, 0x7d, 0x4b, 0xf6, 0xe6, 0xae, 0x63, 0x3c, 0x83, 0xe3, 0x64, 0x2b, - 0x10, 0x16, 0xce, 0xa9, 0x9b, 0xdd, 0xe9, 0x07, 0x65, 0x4d, 0x49, 0x09, 0x44, 0xaa, 0x49, 0xce, - 0x8f, 0x08, 0xee, 0xd5, 0x60, 0x7b, 0x10, 0x70, 0xd3, 0xcb, 0xb1, 0xb1, 0xf9, 0xe5, 0xe8, 0xac, - 0xe0, 0xfe, 0x96, 0xc5, 0xbf, 0x93, 0x48, 0x65, 0xa4, 0xcc, 0x37, 0x1d, 0xa9, 0x87, 0x8f, 0x01, - 0xd7, 0x21, 0xd8, 0x82, 0x83, 0xb1, 0xb7, 0xe0, 0x7e, 0xd7, 0xc0, 0x00, 0x87, 0x2f, 0x04, 0x97, - 0x4c, 0x74, 0x91, 0x7a, 0x56, 0x7c, 0x99, 0xe8, 0x9a, 0x4f, 0x3e, 0xfa, 0xe3, 0xa6, 0x87, 0x5e, - 0xdf, 0xf4, 0xd0, 0xdf, 0x37, 0x3d, 0xf4, 0xf3, 0x6d, 0xcf, 0x78, 0x7d, 0xdb, 0x33, 0xfe, 0xba, - 0xed, 0x19, 0xdf, 0x9f, 0x6c, 0xfe, 0x85, 0xf7, 0xf2, 0x50, 0x7f, 0x7c, 0xf2, 0x5f, 0x00, 0x00, - 0x00, 0xff, 0xff, 0x0d, 0xd2, 0xee, 0x14, 0x02, 0x0a, 0x00, 0x00, + 0x83, 0x55, 0x81, 0x0b, 0x06, 0xa9, 0x28, 0x07, 0x90, 0x6b, 0x5a, 0x39, 0x24, 0x87, 0x6a, 0x02, + 0x14, 0x71, 0x9b, 0xee, 0x8e, 0xe2, 0x51, 0xed, 0xdd, 0xd5, 0xec, 0xd8, 0xc8, 0x47, 0xce, 0x5c, + 0xe0, 0x23, 0xf0, 0x41, 0xb8, 0x23, 0x71, 0xe9, 0x05, 0xc4, 0x11, 0x25, 0x1f, 0x83, 0x0b, 0x9a, + 0xd9, 0xff, 0xbb, 0xb6, 0x45, 0x25, 0xab, 0x87, 0xc4, 0xf3, 0xde, 0xfb, 0xbd, 0xe7, 0xdf, 0xfc, + 0xe6, 0xcd, 0x1b, 0xc3, 0x87, 0xe1, 0xab, 0xeb, 0x47, 0xd4, 0x9d, 0xab, 0x3f, 0xc1, 0xdc, 0x40, + 0x78, 0xa1, 0x08, 0x64, 0xf0, 0x48, 0xff, 0x8f, 0x72, 0xef, 0x50, 0x3b, 0xb0, 0x95, 0x39, 0x9c, + 0x67, 0xd0, 0x21, 0xf4, 0x87, 0xf1, 0xe4, 0x92, 0x68, 0x1b, 0xdb, 0xd0, 0x0a, 0xe9, 0x7a, 0x1e, + 0x50, 0xcf, 0x46, 0x7d, 0x34, 0xe8, 0x90, 0xd4, 0xc4, 0x0f, 0xc0, 0x8a, 0xf8, 0xb5, 0x4f, 0xe5, + 0x52, 0x30, 0xdb, 0xd4, 0xb1, 0xdc, 0xe1, 0x7c, 0x0e, 0xb8, 0x58, 0xe7, 0x05, 0x97, 0xb3, 0xf3, + 0x5d, 0xd5, 0xee, 0x82, 0xc9, 0x3d, 0x5d, 0xc6, 0x22, 0x26, 0xf7, 0x9c, 0x5f, 0x11, 0x58, 0x39, + 0x8b, 0x13, 0x38, 0x0c, 0x05, 0x5b, 0x9d, 0xc7, 0x69, 0x16, 0x49, 0x2c, 0x7c, 0x0a, 0x47, 0xdc, + 0x63, 0xbe, 0xe4, 0x72, 0x9d, 0x50, 0xc8, 0x6c, 0x8c, 0xa1, 0xe9, 0x51, 0x49, 0xed, 0x86, 0xf6, + 0xeb, 0x35, 0x1e, 0x02, 0x76, 0x97, 0x42, 0x30, 0x5f, 0x12, 0x46, 0xbd, 0x0b, 0xb6, 0x9e, 0xd2, + 0x68, 0x66, 0x37, 0xfb, 0x68, 0xd0, 0x24, 0x1b, 0x22, 0x6a, 0x8f, 0x92, 0x2f, 0x58, 0x24, 0xe9, + 0x22, 0xb4, 0x0f, 0xfa, 0x68, 0xd0, 0x20, 0xb9, 0xc3, 0xf9, 0xc9, 0x84, 0x96, 0xe2, 0x18, 0x04, + 0xb2, 0xc4, 0x04, 0x55, 0x98, 0xbc, 0x0f, 0x77, 0x98, 0xef, 0x8a, 0x75, 0x28, 0x79, 0xe0, 0x5f, + 0xb0, 0x94, 0x6a, 0xd9, 0xa9, 0xb4, 0x89, 0x42, 0xea, 0xb2, 0x73, 0x4f, 0x53, 0xb6, 0x48, 0x6a, + 0xe2, 0x87, 0xd0, 0x4d, 0xa0, 0xcc, 0x4b, 0xd8, 0x69, 0xce, 0x1d, 0x52, 0xf3, 0x2b, 0xac, 0xc7, + 0x04, 0x5f, 0x51, 0x55, 0xf6, 0xca, 0x9d, 0xb1, 0x05, 0xd3, 0xc4, 0x2d, 0x52, 0xf3, 0x6f, 0x51, + 0xe3, 0xf0, 0xff, 0xa9, 0xd1, 0xaa, 0xaa, 0xf1, 0xa7, 0x09, 0xc7, 0xe3, 0xc9, 0xe5, 0x24, 0xf0, + 0x25, 0xf3, 0xe5, 0xb7, 0x74, 0xbe, 0x64, 0xf8, 0x63, 0x68, 0x2d, 0x23, 0x26, 0xc6, 0x5e, 0x7c, + 0x70, 0xed, 0xd1, 0xbb, 0xc3, 0xbc, 0xf7, 0xc6, 0x93, 0xcb, 0x6f, 0xe2, 0xe0, 0xd4, 0x20, 0x29, + 0x0e, 0x9f, 0x01, 0xa8, 0x25, 0x61, 0x8b, 0x60, 0x15, 0xf7, 0x55, 0x7b, 0x64, 0xd7, 0xb3, 0xe2, + 0xf8, 0xd4, 0x20, 0x05, 0x34, 0xfe, 0x0e, 0xde, 0x51, 0xd6, 0x73, 0x26, 0x16, 0x3c, 0x8a, 0x78, + 0xe0, 0x4f, 0x66, 0xd4, 0xbf, 0x66, 0x5a, 0xcf, 0xf6, 0xc8, 0xa9, 0x57, 0xa9, 0x22, 0xa7, 0x06, + 0xd9, 0x58, 0x21, 0x65, 0x75, 0xee, 0xaf, 0xb8, 0x64, 0x5a, 0xfc, 0x8d, 0xac, 0xe2, 0x78, 0xca, + 0x2a, 0xb6, 0xf0, 0xa7, 0x70, 0xa4, 0xac, 0xaf, 0x02, 0xee, 0xeb, 0xa3, 0x68, 0x8f, 0x4e, 0xea, + 0x99, 0x2a, 0x3a, 0x35, 0x48, 0x86, 0x7c, 0xd2, 0x82, 0x83, 0x95, 0xd2, 0xd0, 0x79, 0xaa, 0x9b, + 0xec, 0x4b, 0xd5, 0xbe, 0x67, 0x00, 0xd4, 0x9d, 0x27, 0x0a, 0xdb, 0xa8, 0xdf, 0x18, 0xb4, 0x47, + 0xa7, 0xe5, 0x5a, 0x45, 0xf9, 0x49, 0x01, 0xed, 0xfc, 0x8b, 0xe0, 0x68, 0x3c, 0xb9, 0xbc, 0x92, + 0x54, 0x32, 0xd5, 0x91, 0x22, 0x3f, 0x58, 0x16, 0xe9, 0x5a, 0x4d, 0x52, 0x76, 0xe2, 0xc7, 0xf1, + 0xa6, 0x75, 0x4a, 0x64, 0x9b, 0xfa, 0xeb, 0xee, 0xd7, 0xa9, 0xeb, 0x38, 0x29, 0x40, 0xf1, 0x19, + 0xb4, 0xb8, 0xde, 0x7b, 0x64, 0x37, 0x74, 0x56, 0xbf, 0x9c, 0xa5, 0x61, 0xc3, 0x58, 0x9e, 0xe8, + 0xa9, 0x2f, 0xc5, 0x9a, 0xa4, 0x09, 0xa7, 0x5f, 0x43, 0xa7, 0x18, 0xc0, 0x5d, 0x68, 0xbc, 0x62, + 0xeb, 0xe4, 0xde, 0xab, 0x25, 0x1e, 0x26, 0xca, 0x6c, 0x6f, 0x8e, 0xb8, 0x00, 0x89, 0x61, 0x67, + 0xe6, 0x67, 0xc8, 0xf9, 0x05, 0x41, 0xa7, 0x48, 0x77, 0x0f, 0xf7, 0xf5, 0x0b, 0x68, 0x87, 0x59, + 0x9b, 0x44, 0xba, 0xc7, 0xee, 0x8e, 0xde, 0xdb, 0xd5, 0x63, 0x11, 0x29, 0x66, 0x38, 0xbf, 0x21, + 0x80, 0xfc, 0x0e, 0xec, 0x81, 0xd1, 0x07, 0x70, 0xaf, 0x3a, 0x0f, 0xe2, 0x03, 0xe8, 0x90, 0x7a, + 0xa0, 0xca, 0xbf, 0xf9, 0xc6, 0xfc, 0xff, 0x42, 0x70, 0xa7, 0x24, 0x38, 0x1e, 0xc0, 0x31, 0x75, + 0x5d, 0x16, 0xca, 0xe7, 0xcb, 0x97, 0x73, 0xee, 0x5e, 0xb0, 0x74, 0x27, 0x55, 0x77, 0x81, 0xea, + 0xd5, 0x7a, 0x91, 0x4e, 0x1e, 0x53, 0x4f, 0x9e, 0x7a, 0xe0, 0x6d, 0x6f, 0xec, 0x0f, 0x04, 0xed, + 0xc2, 0xb5, 0xdc, 0xc3, 0xc9, 0x64, 0xc2, 0x5c, 0x65, 0x2f, 0x66, 0xa3, 0x28, 0x4c, 0xe6, 0xc6, + 0x0e, 0x74, 0x32, 0xad, 0xf2, 0x39, 0x5f, 0xf2, 0x6d, 0x96, 0xe3, 0x60, 0x8b, 0x1c, 0x4e, 0x94, + 0x9d, 0x52, 0x32, 0x25, 0x77, 0x6d, 0xe7, 0x19, 0x1c, 0x27, 0x33, 0x80, 0xb0, 0x70, 0x4e, 0xdd, + 0xec, 0x06, 0x3f, 0x28, 0xeb, 0x47, 0x4a, 0x20, 0x52, 0x4d, 0x72, 0x7e, 0x44, 0x70, 0xaf, 0x06, + 0xdb, 0x83, 0x90, 0x9b, 0x9e, 0xc2, 0xc6, 0xe6, 0xa7, 0xd0, 0x59, 0xc1, 0xfd, 0x2d, 0x63, 0x7e, + 0x27, 0x91, 0x4a, 0xfb, 0x98, 0x6f, 0xda, 0x3e, 0x0f, 0x1f, 0x03, 0xae, 0x43, 0xb0, 0x05, 0x07, + 0x63, 0x6f, 0xc1, 0xfd, 0xae, 0x81, 0x01, 0x0e, 0x5f, 0x08, 0x2e, 0x99, 0xe8, 0x22, 0xb5, 0x56, + 0x7c, 0x99, 0xe8, 0x9a, 0x4f, 0x3e, 0xfa, 0xfd, 0xa6, 0x87, 0x5e, 0xdf, 0xf4, 0xd0, 0x3f, 0x37, + 0x3d, 0xf4, 0xf3, 0x6d, 0xcf, 0x78, 0x7d, 0xdb, 0x33, 0xfe, 0xbe, 0xed, 0x19, 0xdf, 0x9f, 0x6c, + 0xfe, 0x3d, 0xf7, 0xf2, 0x50, 0x7f, 0x7c, 0xf2, 0x5f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xa5, 0x4a, + 0x77, 0x11, 0xf0, 0x09, 0x00, 0x00, } func (m *RawACLRecord) Marshal() (dAtA []byte, err error) { @@ -1640,13 +1632,6 @@ func (m *ACLUserInvite) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l - if len(m.InviteId) > 0 { - i -= len(m.InviteId) - copy(dAtA[i:], m.InviteId) - i = encodeVarintAclrecord(dAtA, i, uint64(len(m.InviteId))) - i-- - dAtA[i] = 0x2a - } if m.Permissions != 0 { i = encodeVarintAclrecord(dAtA, i, uint64(m.Permissions)) i-- @@ -1661,12 +1646,10 @@ func (m *ACLUserInvite) MarshalToSizedBuffer(dAtA []byte) (int, error) { dAtA[i] = 0x1a } } - if len(m.EncryptPublicKey) > 0 { - i -= len(m.EncryptPublicKey) - copy(dAtA[i:], m.EncryptPublicKey) - i = encodeVarintAclrecord(dAtA, i, uint64(len(m.EncryptPublicKey))) + if m.EncryptSymKeyHash != 0 { + i = encodeVarintAclrecord(dAtA, i, uint64(m.EncryptSymKeyHash)) i-- - dAtA[i] = 0x12 + dAtA[i] = 0x10 } if len(m.AcceptPublicKey) > 0 { i -= len(m.AcceptPublicKey) @@ -1707,10 +1690,10 @@ func (m *ACLUserJoin) MarshalToSizedBuffer(dAtA []byte) (int, error) { dAtA[i] = 0x2a } } - if len(m.InviteId) > 0 { - i -= len(m.InviteId) - copy(dAtA[i:], m.InviteId) - i = encodeVarintAclrecord(dAtA, i, uint64(len(m.InviteId))) + if len(m.AcceptPubKey) > 0 { + i -= len(m.AcceptPubKey) + copy(dAtA[i:], m.AcceptPubKey) + i = encodeVarintAclrecord(dAtA, i, uint64(len(m.AcceptPubKey))) i-- dAtA[i] = 0x22 } @@ -2146,9 +2129,8 @@ func (m *ACLUserInvite) Size() (n int) { if l > 0 { n += 1 + l + sovAclrecord(uint64(l)) } - l = len(m.EncryptPublicKey) - if l > 0 { - n += 1 + l + sovAclrecord(uint64(l)) + if m.EncryptSymKeyHash != 0 { + n += 1 + sovAclrecord(uint64(m.EncryptSymKeyHash)) } if len(m.EncryptedReadKeys) > 0 { for _, b := range m.EncryptedReadKeys { @@ -2159,10 +2141,6 @@ func (m *ACLUserInvite) Size() (n int) { if m.Permissions != 0 { n += 1 + sovAclrecord(uint64(m.Permissions)) } - l = len(m.InviteId) - if l > 0 { - n += 1 + l + sovAclrecord(uint64(l)) - } return n } @@ -2184,7 +2162,7 @@ func (m *ACLUserJoin) Size() (n int) { if l > 0 { n += 1 + l + sovAclrecord(uint64(l)) } - l = len(m.InviteId) + l = len(m.AcceptPubKey) if l > 0 { n += 1 + l + sovAclrecord(uint64(l)) } @@ -3903,10 +3881,10 @@ func (m *ACLUserInvite) Unmarshal(dAtA []byte) error { } iNdEx = postIndex case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field EncryptPublicKey", wireType) + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field EncryptSymKeyHash", wireType) } - var byteLen int + m.EncryptSymKeyHash = 0 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAclrecord @@ -3916,26 +3894,11 @@ func (m *ACLUserInvite) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - byteLen |= int(b&0x7F) << shift + m.EncryptSymKeyHash |= uint64(b&0x7F) << shift if b < 0x80 { break } } - if byteLen < 0 { - return ErrInvalidLengthAclrecord - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthAclrecord - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.EncryptPublicKey = append(m.EncryptPublicKey[:0], dAtA[iNdEx:postIndex]...) - if m.EncryptPublicKey == nil { - m.EncryptPublicKey = []byte{} - } - iNdEx = postIndex case 3: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field EncryptedReadKeys", wireType) @@ -3987,38 +3950,6 @@ func (m *ACLUserInvite) Unmarshal(dAtA []byte) error { break } } - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field InviteId", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAclrecord - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthAclrecord - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthAclrecord - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.InviteId = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipAclrecord(dAtA[iNdEx:]) @@ -4173,9 +4104,9 @@ func (m *ACLUserJoin) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field InviteId", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field AcceptPubKey", wireType) } - var stringLen uint64 + var byteLen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowAclrecord @@ -4185,23 +4116,25 @@ func (m *ACLUserJoin) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= uint64(b&0x7F) << shift + byteLen |= int(b&0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if byteLen < 0 { return ErrInvalidLengthAclrecord } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + byteLen if postIndex < 0 { return ErrInvalidLengthAclrecord } if postIndex > l { return io.ErrUnexpectedEOF } - m.InviteId = string(dAtA[iNdEx:postIndex]) + m.AcceptPubKey = append(m.AcceptPubKey[:0], dAtA[iNdEx:postIndex]...) + if m.AcceptPubKey == nil { + m.AcceptPubKey = []byte{} + } iNdEx = postIndex case 5: if wireType != 2 { diff --git a/common/pkg/acl/aclrecordproto/protos/aclrecord.proto b/common/pkg/acl/aclrecordproto/protos/aclrecord.proto index 0da3b260..954796ed 100644 --- a/common/pkg/acl/aclrecordproto/protos/aclrecord.proto +++ b/common/pkg/acl/aclrecordproto/protos/aclrecord.proto @@ -63,28 +63,18 @@ message ACLUserAdd { ACLUserPermissions permissions = 4; } -// signing accept key -// rsa encryption key -> read keys - -// accept key, encrypt key, invite id -// GetSpace(id) -> ... (space header + acl root) -> diff -// Join(ACLJoinRecord) -> Ok - -// - message ACLUserInvite { bytes acceptPublicKey = 1; - bytes encryptPublicKey = 2; + uint64 encryptSymKeyHash = 2; repeated bytes encryptedReadKeys = 3; ACLUserPermissions permissions = 4; - string inviteId = 5; } message ACLUserJoin { bytes identity = 1; bytes encryptionKey = 2; bytes acceptSignature = 3; - string inviteId = 4; + bytes acceptPubKey = 4; repeated bytes encryptedReadKeys = 5; } diff --git a/common/pkg/acl/list/aclrecordbuilder.go b/common/pkg/acl/list/aclrecordbuilder.go index 64013f4a..07d6e6a8 100644 --- a/common/pkg/acl/list/aclrecordbuilder.go +++ b/common/pkg/acl/list/aclrecordbuilder.go @@ -4,6 +4,8 @@ import ( "github.com/anytypeio/go-anytype-infrastructure-experiments/common/pkg/acl/aclrecordproto" "github.com/anytypeio/go-anytype-infrastructure-experiments/common/pkg/acl/common" "github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/cid" + "github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys/asymmetric/signingkey" + "github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys/symmetric" "github.com/gogo/protobuf/proto" ) @@ -23,6 +25,69 @@ func newACLRecordBuilder(id string, keychain *common.Keychain) ACLRecordBuilder } } +func (a *aclRecordBuilder) BuildUserJoin(acceptPrivKeyBytes []byte, encSymKeyBytes []byte, state *ACLState) (rec *aclrecordproto.RawACLRecord, err error) { + acceptPrivKey, err := signingkey.NewSigningEd25519PrivKeyFromBytes(acceptPrivKeyBytes) + if err != nil { + return + } + acceptPubKeyBytes, err := acceptPrivKey.GetPublic().Raw() + if err != nil { + return + } + encSymKey, err := symmetric.DeriveFromBytes(encSymKeyBytes) + if err != nil { + return + } + + invite, err := state.Invite(acceptPubKeyBytes) + if err != nil { + return + } + + encPrivKey, signPrivKey := state.UserKeys() + var symKeys [][]byte + for _, rk := range invite.EncryptedReadKeys { + dec, err := encSymKey.Decrypt(rk) + if err != nil { + return nil, err + } + newEnc, err := encPrivKey.GetPublic().Encrypt(dec) + if err != nil { + return nil, err + } + symKeys = append(symKeys, newEnc) + } + idSignature, err := acceptPrivKey.Sign(state.Identity()) + if err != nil { + return + } + encPubKeyBytes, err := encPrivKey.GetPublic().Raw() + if err != nil { + return + } + + userJoin := &aclrecordproto.ACLUserJoin{ + Identity: state.Identity(), + EncryptionKey: encPubKeyBytes, + AcceptSignature: idSignature, + AcceptPubKey: acceptPubKeyBytes, + EncryptedReadKeys: symKeys, + } + marshalledJoin, err := userJoin.Marshal() + if err != nil { + return + } + joinSignature, err := signPrivKey.Sign(marshalledJoin) + if err != nil { + return + } + rec = &aclrecordproto.RawACLRecord{ + Payload: marshalledJoin, + Signature: joinSignature, + } + return +} + func (a *aclRecordBuilder) ConvertFromRaw(rawIdRecord *aclrecordproto.RawACLRecordWithId) (rec *ACLRecord, err error) { rawRec := &aclrecordproto.RawACLRecord{} err = proto.Unmarshal(rawIdRecord.Payload, rawRec) diff --git a/common/pkg/acl/list/aclstate.go b/common/pkg/acl/list/aclstate.go index f74634f3..0bdcc853 100644 --- a/common/pkg/acl/list/aclstate.go +++ b/common/pkg/acl/list/aclstate.go @@ -7,6 +7,7 @@ import ( "github.com/anytypeio/go-anytype-infrastructure-experiments/common/app/logger" "github.com/anytypeio/go-anytype-infrastructure-experiments/common/pkg/acl/aclrecordproto" "github.com/anytypeio/go-anytype-infrastructure-experiments/common/pkg/acl/common" + "github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys" "github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys/asymmetric/encryptionkey" "github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys/asymmetric/signingkey" "github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys/symmetric" @@ -23,6 +24,8 @@ var ErrUserRemoved = errors.New("user was removed from the document") var ErrDocumentForbidden = errors.New("your user was forbidden access to the document") var ErrUserAlreadyExists = errors.New("user already exists") var ErrNoSuchRecord = errors.New("no such record") +var ErrNoSuchInvite = errors.New("no such invite") +var ErrOldInvite = errors.New("invite is too old") var ErrInsufficientPermissions = errors.New("insufficient permissions") var ErrNoReadKey = errors.New("acl state doesn't have a read key") var ErrInvalidSignature = errors.New("signature is invalid") @@ -41,6 +44,7 @@ type ACLState struct { userInvites map[string]*aclrecordproto.ACLUserInvite encryptionKey encryptionkey.PrivKey signingKey signingkey.PrivKey + totalReadKeys int identity string permissionsAtRecord map[string][]UserPermissionPair @@ -199,6 +203,8 @@ func (st *ACLState) saveReadKeyFromRoot(root *aclrecordproto.ACLRoot) (err error } st.currentReadKeyHash = root.CurrentReadKeyHash st.userReadKeys[root.CurrentReadKeyHash] = readKey + st.totalReadKeys++ + return } @@ -207,7 +213,10 @@ func (st *ACLState) applyChangeData(changeData *aclrecordproto.ACLData, hash uin if err != nil { return } - st.currentReadKeyHash = hash + if hash != st.currentReadKeyHash { + st.totalReadKeys++ + st.currentReadKeyHash = hash + } }() if !st.isUserJoin(changeData) { @@ -262,14 +271,14 @@ func (st *ACLState) applyUserPermissionChange(ch *aclrecordproto.ACLUserPermissi } func (st *ACLState) applyUserInvite(ch *aclrecordproto.ACLUserInvite) error { - st.userInvites[ch.InviteId] = ch + st.userInvites[string(ch.AcceptPublicKey)] = ch return nil } func (st *ACLState) applyUserJoin(ch *aclrecordproto.ACLUserJoin) error { - invite, exists := st.userInvites[ch.InviteId] + invite, exists := st.userInvites[string(ch.AcceptPubKey)] if !exists { - return fmt.Errorf("no such invite with id %s", ch.InviteId) + return fmt.Errorf("no such invite with such public key %s", keys.EncodeBytesToString(ch.AcceptPubKey)) } chIdentity := string(ch.Identity) @@ -284,7 +293,7 @@ func (st *ACLState) applyUserJoin(ch *aclrecordproto.ACLUserJoin) error { return fmt.Errorf("public key verifying invite accepts is given in incorrect format: %v", err) } - res, err := verificationKey.(signingkey.PubKey).Verify(ch.Identity, signature) + res, err := verificationKey.Verify(ch.Identity, signature) if err != nil { return fmt.Errorf("verification returned error: %w", err) } @@ -361,8 +370,8 @@ func (st *ACLState) applyUserRemove(ch *aclrecordproto.ACLUserRemove) error { return ErrFailedToDecrypt } - st.currentReadKeyHash = hash - st.userReadKeys[st.currentReadKeyHash] = key + st.userReadKeys[hash] = key + break } } return nil @@ -404,6 +413,26 @@ func (st *ACLState) isUserAdd(data *aclrecordproto.ACLData, identity []byte) boo return data.GetAclContent() != nil && userAdd != nil && bytes.Compare(userAdd.GetIdentity(), identity) == 0 } -func (st *ACLState) GetUserStates() map[string]*aclrecordproto.ACLUserState { +func (st *ACLState) UserStates() map[string]*aclrecordproto.ACLUserState { return st.userStates } + +func (st *ACLState) Invite(acceptPubKey []byte) (invite *aclrecordproto.ACLUserInvite, err error) { + invite, exists := st.userInvites[string(acceptPubKey)] + if !exists { + err = ErrNoSuchInvite + return + } + if len(invite.EncryptedReadKeys) != st.totalReadKeys { + err = ErrOldInvite + } + return +} + +func (st *ACLState) UserKeys() (encKey encryptionkey.PrivKey, signKey signingkey.PrivKey) { + return st.encryptionKey, st.signingKey +} + +func (st *ACLState) Identity() []byte { + return []byte(st.identity) +} diff --git a/common/pkg/acl/list/list_test.go b/common/pkg/acl/list/list_test.go index 668c2d5f..c4effdae 100644 --- a/common/pkg/acl/list/list_test.go +++ b/common/pkg/acl/list/list_test.go @@ -22,9 +22,9 @@ func TestAclList_ACLState_UserInviteAndJoin(t *testing.T) { idC := keychain.GetIdentity("C") // checking final state - assert.Equal(t, aclrecordproto.ACLUserPermissions_Admin, aclList.ACLState().GetUserStates()[idA].Permissions) - assert.Equal(t, aclrecordproto.ACLUserPermissions_Writer, aclList.ACLState().GetUserStates()[idB].Permissions) - assert.Equal(t, aclrecordproto.ACLUserPermissions_Reader, aclList.ACLState().GetUserStates()[idC].Permissions) + assert.Equal(t, aclrecordproto.ACLUserPermissions_Admin, aclList.ACLState().UserStates()[idA].Permissions) + assert.Equal(t, aclrecordproto.ACLUserPermissions_Writer, aclList.ACLState().UserStates()[idB].Permissions) + assert.Equal(t, aclrecordproto.ACLUserPermissions_Reader, aclList.ACLState().UserStates()[idC].Permissions) assert.Equal(t, aclList.Head().CurrentReadKeyHash, aclList.ACLState().CurrentReadKeyHash()) var records []*ACLRecord @@ -61,11 +61,11 @@ func TestAclList_ACLState_UserJoinAndRemove(t *testing.T) { idC := keychain.GetIdentity("C") // checking final state - assert.Equal(t, aclrecordproto.ACLUserPermissions_Admin, aclList.ACLState().GetUserStates()[idA].Permissions) - assert.Equal(t, aclrecordproto.ACLUserPermissions_Reader, aclList.ACLState().GetUserStates()[idC].Permissions) + assert.Equal(t, aclrecordproto.ACLUserPermissions_Admin, aclList.ACLState().UserStates()[idA].Permissions) + assert.Equal(t, aclrecordproto.ACLUserPermissions_Reader, aclList.ACLState().UserStates()[idC].Permissions) assert.Equal(t, aclList.Head().CurrentReadKeyHash, aclList.ACLState().CurrentReadKeyHash()) - _, exists := aclList.ACLState().GetUserStates()[idB] + _, exists := aclList.ACLState().UserStates()[idB] assert.Equal(t, false, exists) var records []*ACLRecord diff --git a/common/pkg/acl/testutils/acllistbuilder/liststoragebuilder.go b/common/pkg/acl/testutils/acllistbuilder/liststoragebuilder.go index 6777777c..dad7271b 100644 --- a/common/pkg/acl/testutils/acllistbuilder/liststoragebuilder.go +++ b/common/pkg/acl/testutils/acllistbuilder/liststoragebuilder.go @@ -9,6 +9,7 @@ import ( "github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/cid" "github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys/asymmetric/encryptionkey" "github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys/asymmetric/signingkey" + "github.com/anytypeio/go-anytype-infrastructure-experiments/common/util/keys/symmetric" "hash/fnv" "io/ioutil" "path" @@ -183,7 +184,7 @@ func (t *ACLListStorageBuilder) parseACLChange(ch *ACLChange) (convCh *aclrecord UserAdd: &aclrecordproto2.ACLUserAdd{ Identity: []byte(t.keychain.GetIdentity(add.Identity)), EncryptionKey: rawKey, - EncryptedReadKeys: t.encryptReadKeys(add.EncryptedReadKeys, encKey), + EncryptedReadKeys: t.encryptReadKeysWithPubKey(add.EncryptedReadKeys, encKey), Permissions: t.convertPermission(add.Permission), }, }, @@ -191,16 +192,16 @@ func (t *ACLListStorageBuilder) parseACLChange(ch *ACLChange) (convCh *aclrecord case ch.UserJoin != nil: join := ch.UserJoin - encKey := t.keychain. - GetKey(join.EncryptionKey).(encryptionkey.PrivKey) + encKey := t.keychain.GetKey(join.EncryptionKey).(encryptionkey.PrivKey) rawKey, _ := encKey.GetPublic().Raw() idKey, _ := t.keychain.SigningKeysByYAMLIdentity[join.Identity].GetPublic().Raw() - signKey := t.keychain.GetKey(join.AcceptSignature).(signingkey.PrivKey) + signKey := t.keychain.GetKey(join.AcceptKey).(signingkey.PrivKey) signature, err := signKey.Sign(idKey) if err != nil { panic(err) } + acceptPubKey, _ := signKey.GetPublic().Raw() convCh = &aclrecordproto2.ACLContentValue{ Value: &aclrecordproto2.ACLContentValue_UserJoin{ @@ -208,26 +209,24 @@ func (t *ACLListStorageBuilder) parseACLChange(ch *ACLChange) (convCh *aclrecord Identity: []byte(t.keychain.GetIdentity(join.Identity)), EncryptionKey: rawKey, AcceptSignature: signature, - InviteId: join.InviteId, - EncryptedReadKeys: t.encryptReadKeys(join.EncryptedReadKeys, encKey), + AcceptPubKey: acceptPubKey, + EncryptedReadKeys: t.encryptReadKeysWithPubKey(join.EncryptedReadKeys, encKey), }, }, } case ch.UserInvite != nil: invite := ch.UserInvite rawAcceptKey, _ := t.keychain.GetKey(invite.AcceptKey).(signingkey.PrivKey).GetPublic().Raw() - encKey := t.keychain. - GetKey(invite.EncryptionKey).(encryptionkey.PrivKey) - rawEncKey, _ := encKey.GetPublic().Raw() + hash := t.keychain.GetKey(invite.EncryptionKey).(*SymKey).Hash + encKey := t.keychain.ReadKeysByHash[hash] convCh = &aclrecordproto2.ACLContentValue{ Value: &aclrecordproto2.ACLContentValue_UserInvite{ UserInvite: &aclrecordproto2.ACLUserInvite{ AcceptPublicKey: rawAcceptKey, - EncryptPublicKey: rawEncKey, - EncryptedReadKeys: t.encryptReadKeys(invite.EncryptedReadKeys, encKey), + EncryptSymKeyHash: hash, + EncryptedReadKeys: t.encryptReadKeysWithSymKey(invite.EncryptedReadKeys, encKey.Key), Permissions: t.convertPermission(invite.Permissions), - InviteId: invite.InviteId, }, }, } @@ -278,7 +277,7 @@ func (t *ACLListStorageBuilder) parseACLChange(ch *ACLChange) (convCh *aclrecord return convCh } -func (t *ACLListStorageBuilder) encryptReadKeys(keys []string, encKey encryptionkey.PrivKey) (enc [][]byte) { +func (t *ACLListStorageBuilder) encryptReadKeysWithPubKey(keys []string, encKey encryptionkey.PrivKey) (enc [][]byte) { for _, k := range keys { realKey := t.keychain.GetKey(k).(*SymKey).Key.Bytes() res, err := encKey.GetPublic().Encrypt(realKey) @@ -291,6 +290,19 @@ func (t *ACLListStorageBuilder) encryptReadKeys(keys []string, encKey encryption return } +func (t *ACLListStorageBuilder) encryptReadKeysWithSymKey(keys []string, key *symmetric.Key) (enc [][]byte) { + for _, k := range keys { + realKey := t.keychain.GetKey(k).(*SymKey).Key.Bytes() + res, err := key.Encrypt(realKey) + if err != nil { + panic(err) + } + + enc = append(enc, res) + } + return +} + func (t *ACLListStorageBuilder) convertPermission(perm string) aclrecordproto2.ACLUserPermissions { switch perm { case "admin": diff --git a/common/pkg/acl/testutils/acllistbuilder/ymlentities.go b/common/pkg/acl/testutils/acllistbuilder/ymlentities.go index df1e43c6..ccdfd295 100644 --- a/common/pkg/acl/testutils/acllistbuilder/ymlentities.go +++ b/common/pkg/acl/testutils/acllistbuilder/ymlentities.go @@ -23,8 +23,7 @@ type ACLChange struct { UserJoin *struct { Identity string `yaml:"identity"` EncryptionKey string `yaml:"encryptionKey"` - AcceptSignature string `yaml:"acceptSignature"` - InviteId string `yaml:"inviteId"` + AcceptKey string `yaml:"acceptKey"` EncryptedReadKeys []string `yaml:"encryptedReadKeys"` } `yaml:"userJoin"` @@ -33,7 +32,6 @@ type ACLChange struct { EncryptionKey string `yaml:"encryptionKey"` EncryptedReadKeys []string `yaml:"encryptedReadKeys"` Permissions string `yaml:"permissions"` - InviteId string `yaml:"inviteId"` } `yaml:"userInvite"` UserRemove *struct { diff --git a/common/pkg/acl/testutils/yamltests/userjoinexample.yml b/common/pkg/acl/testutils/yamltests/userjoinexample.yml index 6d7bb48e..c78670e6 100644 --- a/common/pkg/acl/testutils/yamltests/userjoinexample.yml +++ b/common/pkg/acl/testutils/yamltests/userjoinexample.yml @@ -6,10 +6,9 @@ records: aclChanges: - userInvite: acceptKey: key.Sign.Onetime1 - encryptionKey: key.Enc.Onetime1 + encryptionKey: key.Read.EncKey encryptedReadKeys: [key.Read.1] permissions: writer - inviteId: A.1.2 - userAdd: identity: C permission: reader @@ -21,8 +20,7 @@ records: - userJoin: identity: B encryptionKey: key.Enc.B - acceptSignature: key.Sign.Onetime1 - inviteId: A.1.2 + acceptKey: key.Sign.Onetime1 encryptedReadKeys: [key.Read.1] readKey: key.Read.1 keys: @@ -48,3 +46,5 @@ keys: Read: - name: 1 value: derived + - name: EncKey + value: generated diff --git a/common/pkg/acl/testutils/yamltests/userremoveexample.yml b/common/pkg/acl/testutils/yamltests/userremoveexample.yml index 6cf51b84..9335f839 100644 --- a/common/pkg/acl/testutils/yamltests/userremoveexample.yml +++ b/common/pkg/acl/testutils/yamltests/userremoveexample.yml @@ -6,10 +6,9 @@ records: aclChanges: - userInvite: acceptKey: key.Sign.Onetime1 - encryptionKey: key.Enc.Onetime1 + encryptionKey: key.Read.EncKey encryptedReadKeys: [key.Read.1] permissions: writer - inviteId: A.1.2 - userAdd: identity: C permission: reader @@ -21,8 +20,7 @@ records: - userJoin: identity: B encryptionKey: key.Enc.B - acceptSignature: key.Sign.Onetime1 - inviteId: A.1.2 + acceptKey: key.Sign.Onetime1 encryptedReadKeys: [key.Read.1] readKey: key.Read.1 - identity: A @@ -57,3 +55,5 @@ keys: value: derived - name: 2 value: generated + - name: EncKey + value: generated