// Copyright 2015-2017 Parity Technologies (UK) Ltd. // This file is part of Parity. // Parity is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // Parity is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // You should have received a copy of the GNU General Public License // along with Parity. If not, see . use std::{fs, io}; use std::io::Write; use std::path::{PathBuf, Path}; use std::collections::HashMap; use time; use {json, SafeAccount, Error}; use json::Uuid; use super::{KeyDirectory, VaultKeyDirectory, VaultKeyDirectoryProvider, VaultKey}; use super::vault::{VAULT_FILE_NAME, VaultDiskDirectory}; const IGNORED_FILES: &'static [&'static str] = &[ "thumbs.db", "address_book.json", "dapps_policy.json", "dapps_accounts.json", "dapps_history.json", "vault.json", ]; #[cfg(not(windows))] fn restrict_permissions_to_owner(file_path: &Path) -> Result<(), i32> { use std::ffi; use libc; let cstr = ffi::CString::new(&*file_path.to_string_lossy()) .map_err(|_| -1)?; match unsafe { libc::chmod(cstr.as_ptr(), libc::S_IWUSR | libc::S_IRUSR) } { 0 => Ok(()), x => Err(x), } } #[cfg(windows)] fn restrict_permissions_to_owner(_file_path: &Path) -> Result<(), i32> { Ok(()) } /// Root keys directory implementation pub type RootDiskDirectory = DiskDirectory; /// Disk directory key file manager pub trait KeyFileManager: Send + Sync { /// Read `SafeAccount` from given key file stream fn read(&self, filename: Option, reader: T) -> Result where T: io::Read; /// Write `SafeAccount` to given key file stream fn write(&self, account: SafeAccount, writer: &mut T) -> Result<(), Error> where T: io::Write; } /// Disk-based keys directory implementation pub struct DiskDirectory where T: KeyFileManager { path: PathBuf, key_manager: T, } /// Keys file manager for root keys directory pub struct DiskKeyFileManager; impl RootDiskDirectory { pub fn create

(path: P) -> Result where P: AsRef { fs::create_dir_all(&path)?; Ok(Self::at(path)) } pub fn at

(path: P) -> Self where P: AsRef { DiskDirectory::new(path, DiskKeyFileManager) } } impl DiskDirectory where T: KeyFileManager { /// Create new disk directory instance pub fn new

(path: P, key_manager: T) -> Self where P: AsRef { DiskDirectory { path: path.as_ref().to_path_buf(), key_manager: key_manager, } } fn files(&self) -> Result, Error> { Ok(fs::read_dir(&self.path)? .flat_map(Result::ok) .filter(|entry| { let metadata = entry.metadata().ok(); let file_name = entry.file_name(); let name = file_name.to_string_lossy(); // filter directories metadata.map_or(false, |m| !m.is_dir()) && // hidden files !name.starts_with(".") && // other ignored files !IGNORED_FILES.contains(&&*name) }) .map(|entry| entry.path()) .collect::>() ) } pub fn files_hash(&self) -> Result { use std::collections::hash_map::DefaultHasher; use std::hash::Hasher; let mut hasher = DefaultHasher::new(); let files = self.files()?; for file in files { hasher.write(file.to_str().unwrap_or("").as_bytes()) } Ok(hasher.finish()) } fn last_modification_date(&self) -> Result { use std::time::{Duration, UNIX_EPOCH}; let duration = fs::metadata(&self.path)?.modified()?.duration_since(UNIX_EPOCH).unwrap_or(Duration::default()); let timestamp = duration.as_secs() ^ (duration.subsec_nanos() as u64); Ok(timestamp) } /// all accounts found in keys directory fn files_content(&self) -> Result, Error> { // it's not done using one iterator cause // there is an issue with rustc and it takes tooo much time to compile let paths = self.files()?; Ok(paths .into_iter() .filter_map(|path| { let filename = Some(path.file_name().and_then(|n| n.to_str()).expect("Keys have valid UTF8 names only.").to_owned()); fs::File::open(path.clone()) .map_err(Into::into) .and_then(|file| self.key_manager.read(filename, file)) .map_err(|err| { warn!("Invalid key file: {:?} ({})", path, err); err }) .map(|account| (path, account)) .ok() }) .collect() ) } /// insert account with given filename. if the filename is a duplicate of any stored account and dedup is set to /// true, a random suffix is appended to the filename. pub fn insert_with_filename(&self, account: SafeAccount, mut filename: String, dedup: bool) -> Result { // path to keyfile let mut keyfile_path = self.path.join(filename.as_str()); // check for duplicate filename and append random suffix if dedup && keyfile_path.exists() { let suffix = ::random::random_string(4); filename.push_str(&format!("-{}", suffix)); keyfile_path.set_file_name(&filename); } // update account filename let original_account = account.clone(); let mut account = account; account.filename = Some(filename); { // save the file let mut file = fs::File::create(&keyfile_path)?; // write key content self.key_manager.write(original_account, &mut file).map_err(|e| Error::Custom(format!("{:?}", e)))?; file.flush()?; if let Err(_) = restrict_permissions_to_owner(keyfile_path.as_path()) { return Err(Error::Io(io::Error::last_os_error())); } file.sync_all()?; } Ok(account) } /// Get key file manager referece pub fn key_manager(&self) -> &T { &self.key_manager } } impl KeyDirectory for DiskDirectory where T: KeyFileManager { fn load(&self) -> Result, Error> { let accounts = self.files_content()? .into_iter() .map(|(_, account)| account) .collect(); Ok(accounts) } fn update(&self, account: SafeAccount) -> Result { // Disk store handles updates correctly iff filename is the same let filename = account_filename(&account); self.insert_with_filename(account, filename, false) } fn insert(&self, account: SafeAccount) -> Result { let filename = account_filename(&account); self.insert_with_filename(account, filename, true) } fn remove(&self, account: &SafeAccount) -> Result<(), Error> { // enumerate all entries in keystore // and find entry with given address let to_remove = self.files_content()? .into_iter() .find(|&(_, ref acc)| acc.id == account.id && acc.address == account.address); // remove it match to_remove { None => Err(Error::InvalidAccount), Some((path, _)) => fs::remove_file(path).map_err(From::from) } } fn path(&self) -> Option<&PathBuf> { Some(&self.path) } fn as_vault_provider(&self) -> Option<&VaultKeyDirectoryProvider> { Some(self) } fn unique_repr(&self) -> Result { self.last_modification_date() } } impl VaultKeyDirectoryProvider for DiskDirectory where T: KeyFileManager { fn create(&self, name: &str, key: VaultKey) -> Result, Error> { let vault_dir = VaultDiskDirectory::create(&self.path, name, key)?; Ok(Box::new(vault_dir)) } fn open(&self, name: &str, key: VaultKey) -> Result, Error> { let vault_dir = VaultDiskDirectory::at(&self.path, name, key)?; Ok(Box::new(vault_dir)) } fn list_vaults(&self) -> Result, Error> { Ok(fs::read_dir(&self.path)? .filter_map(|e| e.ok().map(|e| e.path())) .filter_map(|path| { let mut vault_file_path = path.clone(); vault_file_path.push(VAULT_FILE_NAME); if vault_file_path.is_file() { path.file_name().and_then(|f| f.to_str()).map(|f| f.to_owned()) } else { None } }) .collect()) } fn vault_meta(&self, name: &str) -> Result { VaultDiskDirectory::meta_at(&self.path, name) } } impl KeyFileManager for DiskKeyFileManager { fn read(&self, filename: Option, reader: T) -> Result where T: io::Read { let key_file = json::KeyFile::load(reader).map_err(|e| Error::Custom(format!("{:?}", e)))?; Ok(SafeAccount::from_file(key_file, filename)) } fn write(&self, mut account: SafeAccount, writer: &mut T) -> Result<(), Error> where T: io::Write { // when account is moved back to root directory from vault // => remove vault field from meta account.meta = json::remove_vault_name_from_json_meta(&account.meta) .map_err(|err| Error::Custom(format!("{:?}", err)))?; let key_file: json::KeyFile = account.into(); key_file.write(writer).map_err(|e| Error::Custom(format!("{:?}", e))) } } fn account_filename(account: &SafeAccount) -> String { // build file path account.filename.clone().unwrap_or_else(|| { let timestamp = time::strftime("%Y-%m-%dT%H-%M-%S", &time::now_utc()).expect("Time-format string is valid."); format!("UTC--{}Z--{}", timestamp, Uuid::from(account.id)) }) } #[cfg(test)] mod test { extern crate tempdir; use std::{env, fs}; use super::{KeyDirectory, RootDiskDirectory, VaultKey}; use account::SafeAccount; use ethkey::{Random, Generator}; use self::tempdir::TempDir; #[test] fn should_create_new_account() { // given let mut dir = env::temp_dir(); dir.push("ethstore_should_create_new_account"); let keypair = Random.generate().unwrap(); let password = "hello world"; let directory = RootDiskDirectory::create(dir.clone()).unwrap(); // when let account = SafeAccount::create(&keypair, [0u8; 16], password, 1024, "Test".to_owned(), "{}".to_owned()); let res = directory.insert(account); // then assert!(res.is_ok(), "Should save account succesfuly."); assert!(res.unwrap().filename.is_some(), "Filename has been assigned."); // cleanup let _ = fs::remove_dir_all(dir); } #[test] fn should_handle_duplicate_filenames() { // given let mut dir = env::temp_dir(); dir.push("ethstore_should_handle_duplicate_filenames"); let keypair = Random.generate().unwrap(); let password = "hello world"; let directory = RootDiskDirectory::create(dir.clone()).unwrap(); // when let account = SafeAccount::create(&keypair, [0u8; 16], password, 1024, "Test".to_owned(), "{}".to_owned()); let filename = "test".to_string(); let dedup = true; directory.insert_with_filename(account.clone(), "foo".to_string(), dedup).unwrap(); let file1 = directory.insert_with_filename(account.clone(), filename.clone(), dedup).unwrap().filename.unwrap(); let file2 = directory.insert_with_filename(account.clone(), filename.clone(), dedup).unwrap().filename.unwrap(); let file3 = directory.insert_with_filename(account.clone(), filename.clone(), dedup).unwrap().filename.unwrap(); // then // the first file should have the original names assert_eq!(file1, filename); // the following duplicate files should have a suffix appended assert!(file2 != file3); assert_eq!(file2.len(), filename.len() + 5); assert_eq!(file3.len(), filename.len() + 5); // cleanup let _ = fs::remove_dir_all(dir); } #[test] fn should_manage_vaults() { // given let mut dir = env::temp_dir(); dir.push("should_create_new_vault"); let directory = RootDiskDirectory::create(dir.clone()).unwrap(); let vault_name = "vault"; let password = "password"; // then assert!(directory.as_vault_provider().is_some()); // and when let before_root_items_count = fs::read_dir(&dir).unwrap().count(); let vault = directory.as_vault_provider().unwrap().create(vault_name, VaultKey::new(password, 1024)); // then assert!(vault.is_ok()); let after_root_items_count = fs::read_dir(&dir).unwrap().count(); assert!(after_root_items_count > before_root_items_count); // and when let vault = directory.as_vault_provider().unwrap().open(vault_name, VaultKey::new(password, 1024)); // then assert!(vault.is_ok()); let after_root_items_count2 = fs::read_dir(&dir).unwrap().count(); assert!(after_root_items_count == after_root_items_count2); // cleanup let _ = fs::remove_dir_all(dir); } #[test] fn should_list_vaults() { // given let temp_path = TempDir::new("").unwrap(); let directory = RootDiskDirectory::create(&temp_path).unwrap(); let vault_provider = directory.as_vault_provider().unwrap(); vault_provider.create("vault1", VaultKey::new("password1", 1)).unwrap(); vault_provider.create("vault2", VaultKey::new("password2", 1)).unwrap(); // then let vaults = vault_provider.list_vaults().unwrap(); assert_eq!(vaults.len(), 2); assert!(vaults.iter().any(|v| &*v == "vault1")); assert!(vaults.iter().any(|v| &*v == "vault2")); } #[test] fn hash_of_files() { let temp_path = TempDir::new("").unwrap(); let directory = RootDiskDirectory::create(&temp_path).unwrap(); let hash = directory.files_hash().expect("Files hash should be calculated ok"); assert_eq!( hash, 15130871412783076140 ); let keypair = Random.generate().unwrap(); let password = "test pass"; let account = SafeAccount::create(&keypair, [0u8; 16], password, 1024, "Test".to_owned(), "{}".to_owned()); directory.insert(account).expect("Account should be inserted ok"); let new_hash = directory.files_hash().expect("New files hash should be calculated ok"); assert!(new_hash != hash, "hash of the file list should change once directory content changed"); } }