keyring.go

package truststores

import (
	"errors"
	"fmt"

	"github.com/zalando/go-keyring"

	"github.com/safing/jess"
)

const (
	keyringServiceNamePrefix = "jess:"

	keyringSelfcheckKey   = "_selfcheck"
	keyringSelfcheckValue = "!selfcheck"
)

// KeyringTrustStore is a trust store that uses the system keyring.
// It does not support listing entries, so it cannot be easily managed.
type KeyringTrustStore struct {
	serviceName string
}

// NewKeyringTrustStore returns a new keyring trust store with the given service name.
// The effect of the service name depends on the operating system.
// Read more at https://pkg.go.dev/github.com/zalando/go-keyring
func NewKeyringTrustStore(serviceName string) (*KeyringTrustStore, error) {
	krts := &KeyringTrustStore{
		serviceName: keyringServiceNamePrefix + serviceName,
	}

	// Run a self-check.
	err := keyring.Set(krts.serviceName, keyringSelfcheckKey, keyringSelfcheckValue)
	if err != nil {
		return nil, err
	}
	selfcheckReturn, err := keyring.Get(krts.serviceName, keyringSelfcheckKey)
	if err != nil {
		return nil, err
	}
	if selfcheckReturn != keyringSelfcheckValue {
		return nil, errors.New("keyring is faulty")
	}

	return krts, nil
}

// GetSignet returns the Signet with the given ID.
func (krts *KeyringTrustStore) GetSignet(id string, recipient bool) (*jess.Signet, error) {
	// Build ID.
	if recipient {
		id += recipientSuffix
	} else {
		id += signetSuffix
	}

	// Get data from keyring.
	data, err := keyring.Get(krts.serviceName, id)
	if err != nil {
		return nil, fmt.Errorf("%w: %w", jess.ErrSignetNotFound, err)
	}

	// Parse and return.
	return jess.SignetFromBase58(data)
}

// StoreSignet stores a Signet.
func (krts *KeyringTrustStore) StoreSignet(signet *jess.Signet) error {
	// Build ID.
	var id string
	if signet.Public {
		id = signet.ID + recipientSuffix
	} else {
		id = signet.ID + signetSuffix
	}

	// Serialize.
	data, err := signet.ToBase58()
	if err != nil {
		return err
	}

	// Save to keyring.
	return keyring.Set(krts.serviceName, id, data)
}

// DeleteSignet deletes the Signet or Recipient with the given ID.
func (krts *KeyringTrustStore) DeleteSignet(id string, recipient bool) error {
	// Build ID.
	if recipient {
		id += recipientSuffix
	} else {
		id += signetSuffix
	}

	// Delete from keyring.
	return keyring.Delete(krts.serviceName, id)
}

// SelectSignets returns a selection of the signets in the trust store. Results are filtered by tool/algorithm and whether it you're looking for a signet (private key) or a recipient (public key).
func (krts *KeyringTrustStore) SelectSignets(filter uint8, schemes ...string) ([]*jess.Signet, error) {
	return nil, ErrNotSupportedByTrustStore
}

// GetEnvelope returns the Envelope with the given name.
func (krts *KeyringTrustStore) GetEnvelope(name string) (*jess.Envelope, error) {
	// Build ID.
	name += envelopeSuffix

	// Get data from keyring.
	data, err := keyring.Get(krts.serviceName, name)
	if err != nil {
		return nil, fmt.Errorf("%w: %w", jess.ErrEnvelopeNotFound, err)
	}

	// Parse and return.
	return jess.EnvelopeFromBase58(data)
}

// StoreEnvelope stores an Envelope.
func (krts *KeyringTrustStore) StoreEnvelope(envelope *jess.Envelope) error {
	// Build ID.
	name := envelope.Name + envelopeSuffix

	// Serialize.
	data, err := envelope.ToBase58()
	if err != nil {
		return err
	}

	// Save to keyring.
	return keyring.Set(krts.serviceName, name, data)
}

// DeleteEnvelope deletes the Envelope with the given name.
func (krts *KeyringTrustStore) DeleteEnvelope(name string) error {
	// Build ID.
	name += envelopeSuffix

	// Delete from keyring.
	return keyring.Delete(krts.serviceName, name)
}

// AllEnvelopes returns all envelopes.
func (krts *KeyringTrustStore) AllEnvelopes() ([]*jess.Envelope, error) {
	return nil, ErrNotSupportedByTrustStore
}