Skip to content

Commit

Permalink
Merge branch 'trunk' into 2121-uptake-pubkeyhash-changes
Browse files Browse the repository at this point in the history
  • Loading branch information
sitaram-kalluri authored Dec 9, 2024
2 parents 4fb2928 + 67af8f8 commit 04517b2
Show file tree
Hide file tree
Showing 5 changed files with 30 additions and 36 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/at_server.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,7 @@ jobs:
run: |
echo "hashes=$(cat checksums.txt | base64 -w0)" >> "$GITHUB_OUTPUT"
- if: ${{ matrix.dart-channel == 'stable' && startsWith(github.ref, 'refs/tags/') }}
uses: actions/attest-build-provenance@619dbb2e03e0189af0c55118e7d3c5e129e99726 # v2.0.0
uses: actions/attest-build-provenance@c4fbc648846ca6f503a13a2281a5e7b98aa57202 # v2.0.1
with:
subject-path: 'sboms/**'

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/promote_canary.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@ jobs:
working-directory: sboms
run: |
echo "hashes=$(cat checksums.txt | base64 -w0)" >> "$GITHUB_OUTPUT"
- uses: actions/attest-build-provenance@619dbb2e03e0189af0c55118e7d3c5e129e99726 # v2.0.0
- uses: actions/attest-build-provenance@c4fbc648846ca6f503a13a2281a5e7b98aa57202 # v2.0.1
with:
subject-path: 'sboms/**'

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -249,9 +249,6 @@ class EnrollVerbHandler extends AbstractVerbHandler {
final inboundConnectionMetadata =
atConnection.metaData as InboundConnectionMetadata;
inboundConnectionMetadata.enrollmentId = newEnrollmentId;
// Store default encryption private key and self encryption key(both encrypted)
// for future retrieval
await _storeEncryptionKeys(newEnrollmentId, enrollParams, currentAtSign);
// store this apkam as default pkam public key for old clients
// The keys with AT_PKAM_PUBLIC_KEY does not sync to client.
await keyStore.put(AtConstants.atPkamPublicKey,
Expand Down Expand Up @@ -409,12 +406,18 @@ class EnrollVerbHandler extends AbstractVerbHandler {
String newEnrollmentId, EnrollParams enrollParams, String atSign) async {
var privateKeyJson = {};
privateKeyJson['value'] = enrollParams.encryptedDefaultEncryptionPrivateKey;
if (enrollParams.encPrivateKeyIV != null) {
privateKeyJson['iv'] = enrollParams.encPrivateKeyIV;
}
await keyStore.put(
'$newEnrollmentId.${AtConstants.defaultEncryptionPrivateKey}.$enrollManageNamespace$atSign',
AtData()..data = jsonEncode(privateKeyJson),
skipCommit: true);
var selfKeyJson = {};
selfKeyJson['value'] = enrollParams.encryptedDefaultSelfEncryptionKey;
if (enrollParams.selfEncKeyIV != null) {
selfKeyJson['iv'] = enrollParams.selfEncKeyIV;
}
await keyStore.put(
'$newEnrollmentId.${AtConstants.defaultSelfEncryptionKey}.$enrollManageNamespace$atSign',
AtData()..data = jsonEncode(selfKeyJson),
Expand Down
2 changes: 1 addition & 1 deletion packages/at_secondary_server/pubspec.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ dependencies:
basic_utils: 5.7.0
ecdsa: 0.1.0
encrypt: 5.0.3
at_commons: 5.1.0
at_commons: 5.1.1
at_utils: 3.0.19
at_chops: 2.2.0
at_lookup: 3.0.49
Expand Down
51 changes: 21 additions & 30 deletions tests/at_functional_test/test/enroll_verb_test.dart
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import 'dart:convert';
import 'dart:io';

import 'package:at_chops/at_chops.dart';
import 'package:at_commons/at_commons.dart';
import 'package:at_demo_data/at_demo_data.dart' as at_demos;
import 'package:at_demo_data/at_demo_data.dart';
Expand Down Expand Up @@ -274,35 +275,6 @@ void main() {
expect(llookupResponseMap['errorCode'], 'AT0009');
expect(llookupResponseMap['errorDescription'],
'UnAuthorized client in request : Connection with enrollment ID $enrollmentId is not authorized to llookup key: $enrollmentKey');

// keys:get:self should return default self encryption key
var selfKey = '$enrollmentId.default_self_enc_key.__manage$firstAtSign';
String selfKeyResponse =
await socketConnection2.sendRequestToServer('keys:get:self');
expect(selfKeyResponse.contains(selfKey), true);

// keys:get:private should return private encryption key
var privateKey =
'$enrollmentId.default_enc_private_key.__manage$firstAtSign';
String privateKeyResponse =
await socketConnection2.sendRequestToServer('keys:get:private');
expect(privateKeyResponse.contains(privateKey), true);

// keys:get:keyName should return the enrollment key with __manage namespace
String selfKeyGetResponse = await socketConnection2
.sendRequestToServer('keys:get:keyName:$selfKey');
expect(
selfKeyGetResponse
.contains('${apkamEncryptedKeysMap['encryptedSelfEncKey']}'),
true);

// keys:get:keyName should return the enrollment key with __manage namespace
String privateKeyGetResponse = await socketConnection2
.sendRequestToServer('keys:get:keyName:$privateKey');
expect(
privateKeyGetResponse.contains(
'${apkamEncryptedKeysMap['encryptedDefaultEncPrivateKey']}'),
true);
});

test(
Expand Down Expand Up @@ -387,8 +359,12 @@ void main() {
var secondEnrollId = enrollJson['enrollmentId'];

// connect to the first client to approve the enroll request
final encryptionPrivateKeyIV =
base64Encode(AtChopsUtil.generateRandomIV(16).ivBytes);
final selfEncryptionKeyIV =
base64Encode(AtChopsUtil.generateRandomIV(16).ivBytes);
String approveResponse = (await firstAtSignConnection.sendRequestToServer(
'enroll:approve:{"enrollmentId":"$secondEnrollId","encryptedDefaultEncryptionPrivateKey":"${apkamEncryptedKeysMap['encryptedDefaultEncPrivateKey']}","encryptedDefaultSelfEncryptionKey": "${apkamEncryptedKeysMap['encryptedSelfEncKey']}"}'))
'enroll:approve:{"enrollmentId":"$secondEnrollId","encryptedDefaultEncryptionPrivateKey":"${apkamEncryptedKeysMap['encryptedDefaultEncPrivateKey']}","encPrivateKeyIV":"$encryptionPrivateKeyIV","encryptedDefaultSelfEncryptionKey": "${apkamEncryptedKeysMap['encryptedSelfEncKey']}","selfEncKeyIV":"$selfEncryptionKeyIV"}'))
.replaceFirst('data:', '');
var approveJson = jsonDecode(approveResponse);
expect(approveJson['status'], 'approved');
Expand All @@ -406,12 +382,27 @@ void main() {
await socketConnection2.sendRequestToServer('keys:get:self');
expect(selfKeyResponse.contains(selfKey), true);

String selfKeyGetResponse = await socketConnection2
.sendRequestToServer('keys:get:keyName:$selfKey');
selfKeyGetResponse = selfKeyGetResponse.replaceFirst('data:', '');
var selfKeyResponseJson = jsonDecode(selfKeyGetResponse);
expect(selfKeyResponseJson['value'],
apkamEncryptedKeysMap['encryptedSelfEncKey']);
expect(selfKeyResponseJson['iv'], selfEncryptionKeyIV);

// keys:get:private should return private encryption key
var privateKey =
'$secondEnrollId.default_enc_private_key.__manage$firstAtSign';
String privateKeyResponse =
await socketConnection2.sendRequestToServer('keys:get:private');
expect(privateKeyResponse.contains(privateKey), true);
String privateKeyGetResponse = await socketConnection2
.sendRequestToServer('keys:get:keyName:$privateKey');
privateKeyGetResponse = privateKeyGetResponse.replaceFirst('data:', '');
var privateKeyResponseJson = jsonDecode(privateKeyGetResponse);
expect(privateKeyResponseJson['value'],
apkamEncryptedKeysMap['encryptedDefaultEncPrivateKey']);
expect(privateKeyResponseJson['iv'], encryptionPrivateKeyIV);
});

test(
Expand Down

0 comments on commit 04517b2

Please sign in to comment.