diff --git a/sysclient/admin.go b/sysclient/admin.go index ff84d7b..81723e9 100644 --- a/sysclient/admin.go +++ b/sysclient/admin.go @@ -8,6 +8,8 @@ import ( "errors" "fmt" "os" + + "github.com/ricoschulte/go-myapps/encryption" ) // Sysclient message header @@ -64,7 +66,7 @@ func (am *AdminMessage) AsBytes() []byte { receives the sysclient password and stores it. no answer is required */ -func (am *AdminMessage) HandleAdminReceiveSysclientPassword(fileSysclientpassword string) error { +func (am *AdminMessage) HandleAdminReceiveSysclientPassword(secretKey []byte, fileSysclientpassword string) error { password, err_from_json := NewPassword(am.Data) if err_from_json != nil { return fmt.Errorf("parsing password from JSON failed: %v", err_from_json) @@ -73,14 +75,15 @@ func (am *AdminMessage) HandleAdminReceiveSysclientPassword(fileSysclientpasswor return fmt.Errorf("the password parsed from JSON has a invalid length of: %v", len(password.Password)) } - err := os.WriteFile(fileSysclientpassword, []byte(password.Password), 0644) + //err := os.WriteFile(fileSysclientpassword, []byte(password.Password), 0644) + err := encryption.EncryptFileSha256AES256(secretKey, []byte(password.Password), fileSysclientpassword, 0644) if err != nil { return fmt.Errorf("error while writing adminpassword to file '%s': %v", fileSysclientpassword, err) } return nil } -func (am *AdminMessage) HandleAdminReceiveChallenge(deviceInfo *Identity, fileSysclientpassword string) (*AdminMessage, error) { +func (am *AdminMessage) HandleAdminReceiveChallenge(secretKey []byte, deviceInfo *Identity, fileSysclientpassword string) (*AdminMessage, error) { challenge, err_from_json := NewChallenge(am.Data) if err_from_json != nil { return nil, fmt.Errorf("parsing challenge from json failed: %v", err_from_json) @@ -97,7 +100,8 @@ func (am *AdminMessage) HandleAdminReceiveChallenge(deviceInfo *Identity, fileSy if fileinfo.IsDir() { return nil, fmt.Errorf("path is a directory: %s", fileinfo.Name()) } - password, err := os.ReadFile(fileSysclientpassword) + //password, err := os.ReadFile(fileSysclientpassword) + password, err := encryption.DecryptFileSha256AES256(secretKey, fileSysclientpassword) if err != nil { fmt.Printf("error while reading password file: %v\n", err) return nil, err @@ -146,7 +150,7 @@ func (am *AdminMessage) GetLoginDigest(id, product, version, challenge, password /* receives a admin password and stores it, no answer is required */ -func (am *AdminMessage) handleAdminReceiveNewAdministrativePassword(fileSysclientpassword string, fileAdministrativePassword string) error { +func (am *AdminMessage) handleAdminReceiveNewAdministrativePassword(secretKey []byte, fileSysclientpassword string, fileAdministrativePassword string) error { if fileSysclientpassword == "" { return errors.New("fileSysclientpassword cant be empty") } @@ -156,7 +160,9 @@ func (am *AdminMessage) handleAdminReceiveNewAdministrativePassword(fileSysclien return fmt.Errorf("couldn't parse AdministrativePassword Message: %v", err) } - passwordBytes, err := os.ReadFile(fileSysclientpassword) + //passwordBytes, err := os.ReadFile(fileSysclientpassword) + passwordBytes, err := encryption.DecryptFileSha256AES256(secretKey, fileSysclientpassword) + if err != nil { return err } @@ -165,9 +171,10 @@ func (am *AdminMessage) handleAdminReceiveNewAdministrativePassword(fileSysclien return err_decrypt } - err = os.WriteFile(fileAdministrativePassword, decryped_adminpassword, 0644) - if err != nil { - return err + //err = os.WriteFile(fileAdministrativePassword, decryped_adminpassword, 0644) + err_write_adminpassword := encryption.EncryptFileSha256AES256(secretKey, decryped_adminpassword, fileAdministrativePassword, 0644) + if err_write_adminpassword != nil { + return err_write_adminpassword } return nil //resp, nil } diff --git a/sysclient/sysclient.go b/sysclient/sysclient.go index 584efb9..674ba85 100644 --- a/sysclient/sysclient.go +++ b/sysclient/sysclient.go @@ -14,7 +14,6 @@ import ( "github.com/ricoschulte/go-myapps/connection" ) - type Sysclient struct { Identity Identity Url string @@ -27,9 +26,10 @@ type Sysclient struct { FileSysclientPassword string // filename to store FileAdministrativePassword string // filename to store + SecretKey []byte // key to encrypt the local files as []bytes } -func NewSysclient(identity Identity, url string, timeout time.Duration, insecureSkipVerify bool, mux *http.ServeMux, fileSysclientPassword string, fileAdministrativePassword string) (*Sysclient, error) { +func NewSysclient(identity Identity, url string, timeout time.Duration, insecureSkipVerify bool, mux *http.ServeMux, fileSysclientPassword string, fileAdministrativePassword string, secretkey string) (*Sysclient, error) { if fileSysclientPassword == "" { return nil, errors.New("fileSysclientPassword cant be empty") } @@ -47,6 +47,7 @@ func NewSysclient(identity Identity, url string, timeout time.Duration, insecure FileSysclientPassword: fileSysclientPassword, FileAdministrativePassword: fileAdministrativePassword, + SecretKey: []byte(secretkey), } return sysclient, nil @@ -242,16 +243,16 @@ func (sc *Sysclient) HandleAdminMessage(messageIn *AdminMessage) (*AdminMessage, return nil, fmt.Errorf("unknown Admin Message of Type %v", messageIn.Type) case bytes.Equal(messageIn.Command, AdminReceiveSysclientPassword): - err := messageIn.HandleAdminReceiveSysclientPassword(sc.FileSysclientPassword) + err := messageIn.HandleAdminReceiveSysclientPassword(sc.SecretKey, sc.FileSysclientPassword) if err != nil { return nil, err } return nil, nil case bytes.Equal(messageIn.Command, AdminReceiveChallenge): - return messageIn.HandleAdminReceiveChallenge(&sc.Identity, sc.FileSysclientPassword) + return messageIn.HandleAdminReceiveChallenge(sc.SecretKey, &sc.Identity, sc.FileSysclientPassword) case bytes.Equal(messageIn.Command, AdminReceiveNewAdminPassword): - err := messageIn.handleAdminReceiveNewAdministrativePassword(sc.FileSysclientPassword, sc.FileAdministrativePassword) + err := messageIn.handleAdminReceiveNewAdministrativePassword(sc.SecretKey, sc.FileSysclientPassword, sc.FileAdministrativePassword) if err != nil { return nil, err } diff --git a/sysclient/sysclient_test.go b/sysclient/sysclient_test.go index 23894e7..56dcf3b 100644 --- a/sysclient/sysclient_test.go +++ b/sysclient/sysclient_test.go @@ -1,35 +1,35 @@ package sysclient_test import ( - "io/ioutil" "net/http" "os" "testing" "time" + "github.com/ricoschulte/go-myapps/encryption" "github.com/ricoschulte/go-myapps/sysclient" "github.com/stretchr/testify/assert" ) func TestResponseTypesToAdminMessages(t *testing.T) { sysclientpassword := "2jjH!u3ucXscEzHq8X!l83BX3!U8TPwA" - + secretkey := "to encrypt the local files" // create a dummy password file - sysclientpassword_file, err := ioutil.TempFile("", "sysclientpassword*.txt") + sysclientpassword_file, err := os.CreateTemp("", "sysclientpassword*.txt") if err != nil { panic(err) } defer os.Remove(sysclientpassword_file.Name()) // remove the file after the test is done // create a dummy admin password file - administrativepassword_file, err := ioutil.TempFile("", "sysclient_administrativepassword*.txt") + administrativepassword_file, err := os.CreateTemp("", "sysclient_administrativepassword*.txt") if err != nil { panic(err) } defer os.Remove(administrativepassword_file.Name()) // remove the file after the test is done // reset the content after the test - _, err = sysclientpassword_file.Write([]byte(sysclientpassword)) + err = encryption.EncryptFileSha256AES256([]byte(secretkey), []byte(sysclientpassword), sysclientpassword_file.Name(), 0644) if err != nil { panic(err) } @@ -135,6 +135,7 @@ func TestResponseTypesToAdminMessages(t *testing.T) { http.NewServeMux(), sysclientpassword_file.Name(), administrativepassword_file.Name(), + secretkey, ) if err_creating_client != nil { t.Fatalf("Error creating client: %v", err_creating_client)