mirror/kopia
1
0
Fork 0
mirror of https://github.com/kopia/kopia.git synced 2026-01-30 09:12:56 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
68ffb41db81ea330bd327cece273b695d3583bed
kopia/cli/command_repository_connect_server.go
Julio López ca1962f6e4 refactor(general): user password hashing and key derivation helpers (#3821) 
Code movement and simplification, no functional changes.

Objectives:
- Allow callers specifying the needed key (or hash) size, instead of
hard-coding it in the registered PBK derivers. Conceptually, the caller
needs to specify the key size, since that is a requirement of the
(encryption) algorithm being used in the caller. Now, the code changes
here do not result in any functional changes since the key size is
always 32 bytes.
- Remove a global definition for the default PB key deriver to use.
Instead, each of the 3 use case sets the default value.

Changes:
- `crypto.DeriveKeyFromPassword` now takes a key size.
- Adds new constants for the key sizes at the callers.
- Removes the global `crypto.MasterKeySize` const.
- Removes the global `crypto.DefaultKeyDerivationAlgorithm` const.
- Adds const for the default derivation algorithms for each use case.
- Adds a const for the salt length in the `internal/user` package, to ensure
  the same salt length is used in both hash versions.
- Unexports various functions, variables and constants in the `internal/crypto`
  & `internal/user` packages.
- Renames various constants for consistency.
- Removes unused functions and symbols.
- Renames files to be consistent and better reflect the structure of the code.
- Adds a couple of tests to ensure the const values are in sync and supported.
- Fixes a couple of typos

Followups to:
- #3725
- #3770
- #3779
- #3799
- #3816

The individual commits show the code transformations to simplify the
review of the changes.
2024-04-26 23:30:56 -07:00

80 lines
2.5 KiB
Go
Raw Blame History

package cli
import (
"context"
"strings"
"github.com/pkg/errors"
"github.com/kopia/kopia/internal/passwordpersist"
"github.com/kopia/kopia/repo"
)
type commandRepositoryConnectServer struct {
co *connectOptions
connectAPIServerURL string
connectAPIServerCertFingerprint string
connectAPIServerLocalCacheKeyDerivationAlgorithm string
svc advancedAppServices
out textOutput
}
func (c *commandRepositoryConnectServer) setup(svc advancedAppServices, parent commandParent, co *connectOptions) {
c.co = co
c.svc = svc
c.out.setup(svc)
cmd := parent.Command("server", "Connect to a repository API Server.")
cmd.Flag("url", "Server URL").Required().StringVar(&c.connectAPIServerURL)
cmd.Flag("server-cert-fingerprint", "Server certificate fingerprint").StringVar(&c.connectAPIServerCertFingerprint)
//nolint:lll
cmd.Flag("local-cache-key-derivation-algorithm", "Key derivation algorithm used to derive the local cache encryption key").Hidden().Default(repo.DefaultServerRepoCacheKeyDerivationAlgorithm).EnumVar(&c.connectAPIServerLocalCacheKeyDerivationAlgorithm, repo.SupportedLocalCacheKeyDerivationAlgorithms()...)
cmd.Action(svc.noRepositoryAction(c.run))
}
func (c *commandRepositoryConnectServer) run(ctx context.Context) error {
localCacheKeyDerivationAlgorithm := c.connectAPIServerLocalCacheKeyDerivationAlgorithm
if localCacheKeyDerivationAlgorithm == "" {
localCacheKeyDerivationAlgorithm = repo.DefaultServerRepoCacheKeyDerivationAlgorithm
}
as := &repo.APIServerInfo{
BaseURL: strings.TrimSuffix(c.connectAPIServerURL, "/"),
TrustedServerCertificateFingerprint: strings.ToLower(c.connectAPIServerCertFingerprint),
LocalCacheKeyDerivationAlgorithm: localCacheKeyDerivationAlgorithm,
}
configFile := c.svc.repositoryConfigFileName()
opt := c.co.toRepoConnectOptions()
u := opt.Username
if u == "" {
u = repo.GetDefaultUserName(ctx)
}
h := opt.Hostname
if h == "" {
h = repo.GetDefaultHostName(ctx)
}
log(ctx).Infof("Connecting to server '%v' as '%v@%v'...", as.BaseURL, u, h)
pass, err := c.svc.getPasswordFromFlags(ctx, false, false)
if err != nil {
return errors.Wrap(err, "getting password")
}
if err := passwordpersist.OnSuccess(
ctx, repo.ConnectAPIServer(ctx, configFile, as, pass, opt),
c.svc.passwordPersistenceStrategy(), configFile, pass); err != nil {
return errors.Wrap(err, "error connecting to API server")
}
log(ctx).Infof("Connected to repository API Server.")
c.svc.maybeInitializeUpdateCheck(ctx, c.co)
return nil
}
Reference in New Issue View Git Blame Copy Permalink