use crate::*;
use age::secrecy::Secret;
use std::io::{Read, Write};
/// define universal dividends subcommands
#[derive(Clone, Default, Debug, clap::Parser)]
pub enum Subcommand {
#[default]
/// List available keys
List,
/// Show where vault stores secret
Where,
/// Generate a mnemonic
Generate,
/// Import mnemonic with interactive prompt
Import,
}
// encrypt input with passphrase
fn encrypt(input: &[u8], passphrase: String) -> Result<Vec<u8>, age::EncryptError> {
let encryptor = age::Encryptor::with_user_passphrase(Secret::new(passphrase));
let mut encrypted = vec![];
let mut writer = encryptor.wrap_output(age::armor::ArmoredWriter::wrap_output(
&mut encrypted,
age::armor::Format::AsciiArmor,
)?)?;
writer.write_all(input)?;
writer.finish().and_then(|armor| armor.finish())?;
Ok(encrypted)
}
// decrypt cypher with passphrase
fn decrypt(input: &[u8], passphrase: String) -> Result<Vec<u8>, age::DecryptError> {
let age::Decryptor::Passphrase(decryptor) =
age::Decryptor::new(age::armor::ArmoredReader::new(input))?
else {
unimplemented!()
};
let mut decrypted = vec![];
let mut reader = decryptor.decrypt(&Secret::new(passphrase.to_owned()), None)?;
reader.read_to_end(&mut decrypted)?;
Ok(decrypted)
}
/// handle ud commands
pub fn handle_command(data: Data, command: Subcommand) -> Result<(), GcliError> {
// match subcommand
match command {
Subcommand::List => {
if let Ok(entries) = std::fs::read_dir(data.project_dir.data_dir()) {
println!("available keys:");
entries.for_each(|e| println!("{}", e.unwrap().file_name().to_str().unwrap()));
} else {
println!("could not read project dir");
}
}
Subcommand::Where => {
println!("{}", data.project_dir.data_dir().to_str().unwrap());
}
Subcommand::Generate => {
// TODO allow custom word count
let mnemonic = bip39::Mnemonic::generate(12).unwrap();
println!("{mnemonic}");
}
Subcommand::Import => {
let mnemonic = rpassword::prompt_password("Mnemonic: ")?;
println!("Enter password to protect the key");
let password = rpassword::prompt_password("Password: ")?;
let address = store_mnemonic(&data, &mnemonic, password)?;
println!("Stored secret for {address}");
}
};
Ok(())
}
/// store mnemonic protected with password
pub fn store_mnemonic(
data: &Data,
mnemonic: &str,
password: String,
) -> Result<AccountId, GcliError> {
// check validity by deriving keypair
let keypair = pair_from_str(mnemonic)?;
let address = keypair.public();
// write encrypted mnemonic in file identified by pubkey
let path = data.project_dir.data_dir().join(address.to_string());
let mut file = std::fs::File::create(path)?;
file.write_all(&encrypt(mnemonic.as_bytes(), password).map_err(|e| anyhow!(e))?[..])?;
Ok(keypair.public().into())
}
/// try get secret in keystore
pub fn try_fetch_secret(data: &Data, address: AccountId) -> Result<Option<String>, GcliError> {
let path = data.project_dir.data_dir().join(address.to_string());
if path.exists() {
println!("Enter password to unlock account {address}");
let password = rpassword::prompt_password("Password: ")?;
let mut file = std::fs::OpenOptions::new().read(true).open(path)?;
let mut cypher = vec![];
file.read_to_end(&mut cypher)?;
let secret = decrypt(&cypher, password).map_err(|e| GcliError::Input(e.to_string()))?;
let secretstr = String::from_utf8(secret).map_err(|e| anyhow!(e))?;
Ok(Some(secretstr))
} else {
Ok(None)
}
}
// test that armored encryption/decryption work as intended
#[test]
fn test_encrypt_decrypt() {
let plaintext = b"Hello world!";
let passphrase = "this is not a good passphrase".to_string();
let encrypted = encrypt(plaintext, passphrase.clone()).unwrap();
let decrypted = decrypt(&encrypted, passphrase).unwrap();
assert_eq!(decrypted, plaintext);
}