fix: changes for backward compatibility

atsign-foundation · Sep 15, 2023 · acc2923 · acc2923
1 parent 41f8b5c
commit acc2923
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 34 deletions.
diff --git a/packages/at_onboarding_cli/lib/src/onboard/at_onboarding_service_impl.dart b/packages/at_onboarding_cli/lib/src/onboard/at_onboarding_service_impl.dart
@@ -92,8 +92,9 @@ class AtOnboardingServiceImpl implements AtOnboardingService {
 
   @override
   Future<bool> onboard() async {
-    if (atOnboardingPreference.appName == null ||
-        atOnboardingPreference.deviceName == null) {
+    if (atOnboardingPreference.enableEnrollmentDuringOnboard &&
+        (atOnboardingPreference.appName == null ||
+            atOnboardingPreference.deviceName == null)) {
       throw AtOnboardingException(
           'appName and deviceName are mandatory for onboarding. Please set the params in AtOnboardingPreference');
     }
@@ -328,38 +329,23 @@ class AtOnboardingServiceImpl implements AtOnboardingService {
   Future<void> _activateAtsign(AtLookupImpl atLookUpImpl) async {
     //1. Generate pkam key pair(if authMode is keyFile), encryption key pair, self encryption key and apkam symmetric key pair
     AtSecurityKeys atSecurityKeys = _generateKeyPairs();
-
-    var enrollBuilder = EnrollVerbBuilder()
-      ..appName = atOnboardingPreference.appName
-      ..deviceName = atOnboardingPreference.deviceName;
-
-    // #TODO replace encryption util methods with at_chops methods when refactoring
-    enrollBuilder.encryptedDefaultEncryptedPrivateKey =
-        EncryptionUtil.encryptValue(atSecurityKeys.defaultEncryptionPrivateKey!,
-            atSecurityKeys.apkamSymmetricKey!);
-    enrollBuilder.encryptedDefaultSelfEncryptionKey =
-        EncryptionUtil.encryptValue(atSecurityKeys.defaultSelfEncryptionKey!,
-            atSecurityKeys.apkamSymmetricKey!);
-    enrollBuilder.apkamPublicKey = atSecurityKeys.apkamPublicKey;
-
-    //2. Send enroll request to server
-    var enrollResult = await atLookUpImpl
-        .executeCommand(enrollBuilder.buildCommand(), auth: false);
-    if (enrollResult == null || enrollResult.isEmpty) {
-      throw AtOnboardingException('Enrollment response is null or empty');
-    } else if (enrollResult.startsWith('error:')) {
-      throw AtOnboardingException('Enrollment error:$enrollResult');
+    var enrollmentIdFromServer;
+
+    //2. Send enrollment request to server if enable enrollment is set in preference
+    if (atOnboardingPreference.enableEnrollmentDuringOnboard) {
+      // server will update the apkam public key during enrollment.So don't have to manually update in this scenario.
+      enrollmentIdFromServer =
+          await _sendOnboardingEnrollment(atSecurityKeys, atLookUpImpl);
+      atSecurityKeys.enrollmentId = enrollmentIdFromServer;
+    } else {
+      // update pkam public key to server if enrollment is not set in preference
+      logger.finer('Updating PkamPublicKey to remote secondary');
+      final pkamPublicKey = atSecurityKeys.apkamPublicKey;
+      String updateCommand = 'update:$AT_PKAM_PUBLIC_KEY $pkamPublicKey\n';
+      String? pkamUpdateResult =
+          await atLookUpImpl.executeCommand(updateCommand, auth: false);
+      logger.info('PkamPublicKey update result: $pkamUpdateResult');
     }
-    enrollResult = enrollResult.replaceFirst('data:', '');
-    logger.finer('enrollResult: $enrollResult');
-    var enrollResultJson = jsonDecode(enrollResult);
-    var enrollmentIdFromServer = enrollResultJson[enrollmentId];
-    var enrollmentStatus = enrollResultJson['status'];
-    if (enrollmentStatus != 'approved') {
-      throw AtOnboardingException(
-          'initial enrollment is not approved. Status from server: $enrollmentStatus');
-    }
-    atSecurityKeys.enrollmentId = enrollmentIdFromServer;
 
     //3. Close connection to server
     try {
@@ -371,7 +357,7 @@ class AtOnboardingServiceImpl implements AtOnboardingService {
     //4. initialise atClient and atChops and attempt a pkam auth to server.
     await _init(atSecurityKeys);
 
-    //4. create new connection to server and do pkam with enrollmentId
+    //5. create new connection to server and do pkam with enrollmentId
     try {
       _isPkamAuthenticated = await _atLookUp!
           .pkamAuthenticate(enrollmentId: enrollmentIdFromServer);
@@ -409,6 +395,40 @@ class AtOnboardingServiceImpl implements AtOnboardingService {
     }
   }
 
+  Future<String> _sendOnboardingEnrollment(
+      AtSecurityKeys atSecurityKeys, AtLookupImpl atLookUpImpl) async {
+    var enrollBuilder = EnrollVerbBuilder()
+      ..appName = atOnboardingPreference.appName
+      ..deviceName = atOnboardingPreference.deviceName;
+
+    // #TODO replace encryption util methods with at_chops methods when refactoring
+    enrollBuilder.encryptedDefaultEncryptedPrivateKey =
+        EncryptionUtil.encryptValue(atSecurityKeys.defaultEncryptionPrivateKey!,
+            atSecurityKeys.apkamSymmetricKey!);
+    enrollBuilder.encryptedDefaultSelfEncryptionKey =
+        EncryptionUtil.encryptValue(atSecurityKeys.defaultSelfEncryptionKey!,
+            atSecurityKeys.apkamSymmetricKey!);
+    enrollBuilder.apkamPublicKey = atSecurityKeys.apkamPublicKey;
+
+    var enrollResult = await atLookUpImpl
+        .executeCommand(enrollBuilder.buildCommand(), auth: false);
+    if (enrollResult == null || enrollResult.isEmpty) {
+      throw AtOnboardingException('Enrollment response is null or empty');
+    } else if (enrollResult.startsWith('error:')) {
+      throw AtOnboardingException('Enrollment error:$enrollResult');
+    }
+    enrollResult = enrollResult.replaceFirst('data:', '');
+    logger.finer('enrollResult: $enrollResult');
+    var enrollResultJson = jsonDecode(enrollResult);
+    var enrollmentIdFromServer = enrollResultJson[enrollmentId];
+    var enrollmentStatus = enrollResultJson['status'];
+    if (enrollmentStatus != 'approved') {
+      throw AtOnboardingException(
+          'initial enrollment is not approved. Status from server: $enrollmentStatus');
+    }
+    return enrollmentIdFromServer;
+  }
+
   Future<EnrollResponse> _sendEnrollRequest(
       String appName,
       String deviceName,

diff --git a/packages/at_onboarding_cli/lib/src/util/at_onboarding_preference.dart b/packages/at_onboarding_cli/lib/src/util/at_onboarding_preference.dart
@@ -33,4 +33,6 @@ class AtOnboardingPreference extends AtClientPreference {
   String? deviceName;
 
   int apkamAuthRetryDurationMins = 30;
+
+  bool enableEnrollmentDuringOnboard = false;
 }
diff --git a/tests/at_onboarding_cli_functional_tests/test/enrollment_test.dart b/tests/at_onboarding_cli_functional_tests/test/enrollment_test.dart
@@ -25,6 +25,7 @@ void main() {
       String atSign = '@naresh🛠';
       //1. Onboard first client
       AtOnboardingPreference preference_1 = getPreferenceForAuth(atSign);
+      preference_1..enableEnrollmentDuringOnboard = true;
       AtOnboardingService? onboardingService_1 =
           AtOnboardingServiceImpl(atSign, preference_1);
       bool status = await onboardingService_1.onboard();
@@ -91,6 +92,7 @@ void main() {
     String atSign = '@purnima🛠';
     //1. Onboard first client
     AtOnboardingPreference preference_1 = getPreferenceForAuth(atSign);
+    preference_1.enableEnrollmentDuringOnboard = true;
     AtOnboardingService? onboardingService_1 =
         AtOnboardingServiceImpl(atSign, preference_1);
     bool status = await onboardingService_1.onboard();