feat(dev-load): Allow to save pki local pending request

Closes #11525

Author: FirelightFlagboy

libparsec/crates/platform_device_loader/src/lib.rs

@@ -135,6 +135,20 @@ pub fn get_default_key_file(config_dir: &Path, device_id: DeviceID) -> PathBuf {
     device_path
 }
 
+pub fn get_default_local_pending_file(config_dir: &Path, enrollment_id: EnrollmentID) -> PathBuf {
+    let mut local_pending_path = get_local_pending_dir(config_dir);
+
+    local_pending_path.push(format!("{}.{LOCAL_PENDING_EXT}", enrollment_id.hex()));
+
+    local_pending_path
+}
+
+const LOCAL_PENDING_EXT: &str = ".pending";
+
+fn get_local_pending_dir(config_dir: &Path) -> PathBuf {
+    config_dir.join("pending_requests")
+}
+
 #[derive(Debug, thiserror::Error)]
 pub enum ListAvailableDeviceError {
     #[error("Device storage is not available")]
@@ -727,3 +741,32 @@ fn server_url_from_device(device: &LocalDevice) -> String {
     .to_http_url(None)
     .to_string()
 }
+
+#[derive(Debug, thiserror::Error)]
+pub enum SavePkiLocalPendingError {
+    #[error("Device storage is not available")]
+    StorageNotAvailable,
+    #[error(transparent)]
+    InvalidPath(anyhow::Error),
+    #[error(transparent)]
+    Internal(anyhow::Error),
+}
+
+impl From<SaveDeviceError> for SavePkiLocalPendingError {
+    fn from(value: SaveDeviceError) -> Self {
+        match value {
+            SaveDeviceError::StorageNotAvailable => Self::StorageNotAvailable,
+            SaveDeviceError::InvalidPath(error) => Self::InvalidPath(error),
+            SaveDeviceError::Internal(error) => Self::Internal(error),
+            _ => unreachable!(),
+        }
+    }
+}
+
+pub async fn save_pki_local_pending(
+    local_pending: LocalPendingEnrollment,
+    local_file: PathBuf,
+) -> Result<(), SavePkiLocalPendingError> {
+    log::debug!("Saving local device at {}", local_file.display());
+    platform::save_pki_local_pending(local_pending, local_file).await
+}

libparsec/crates/platform_device_loader/src/native/mod.rs

@@ -10,8 +10,8 @@ use crate::{
     encrypt_device, get_device_archive_path, AccountVaultOperationsFetchOpaqueKeyError,
     AccountVaultOperationsUploadOpaqueKeyError, ArchiveDeviceError, AvailableDevice,
     DeviceAccessStrategy, DeviceSaveStrategy, ListAvailableDeviceError, LoadCiphertextKeyError,
-    LoadDeviceError, ReadFileError, RemoveDeviceError, SaveDeviceError, UpdateDeviceError,
-    DEVICE_FILE_EXT,
+    LoadDeviceError, ReadFileError, RemoveDeviceError, SaveDeviceError, SavePkiLocalPendingError,
+    UpdateDeviceError, DEVICE_FILE_EXT,
 };
 use libparsec_platform_pki::{decrypt_message, encrypt_message};
 use libparsec_types::prelude::*;
@@ -522,3 +522,13 @@ pub(super) fn is_keyring_available() -> bool {
         }
     }
 }
+
+pub async fn save_pki_local_pending(
+    local_pending: LocalPendingEnrollment,
+    local_file: PathBuf,
+) -> Result<(), SavePkiLocalPendingError> {
+    let file_content = local_pending.dump();
+    save_content(&local_file, &file_content)
+        .await
+        .map_err(Into::into)
+}

libparsec/crates/platform_device_loader/src/web/error.rs

@@ -94,20 +94,20 @@ error_set::error_set! {
         GetFile(GetFileHandleError),
         ReadFile(ReadToEndError),
     }
-    SaveDeviceError := SaveDeviceFileError || {
+    SaveDeviceError := SaveRawDataError || {
         RemoteOpaqueKeyUploadFailed(anyhow::Error),
         RemoteOpaqueKeyUploadOffline(ConnectionError),
         Internal(anyhow::Error),
     }
-    SaveDeviceFileError := GetFileHandleError || WriteAllError
+    SaveRawDataError := GetFileHandleError || WriteAllError
     RemoveEntryError := NotFoundError || DomExceptionError || AwaitPromiseError || GetDirectoryHandleError
     ArchiveDeviceError := RemoveEntryError || {
         GetDeviceToArchive(GetFileHandleError),
         ReadDeviceToArchive(ReadToEndError),
         CreateArchiveDevice(GetFileHandleError),
         WriteArchiveDevice(WriteAllError),
     }
-    RemoveDeviceError := SaveDeviceFileError
+    RemoveDeviceError := SaveRawDataError
 }
 
 macro_rules! impl_from_new_storage_error {
@@ -211,3 +211,21 @@ impl From<ArchiveDeviceError> for crate::ArchiveDeviceError {
         Self::Internal(anyhow::anyhow!("{value}"))
     }
 }
+
+impl From<SaveRawDataError> for crate::SavePkiLocalPendingError {
+    fn from(value: SaveRawDataError) -> Self {
+        match value {
+            SaveRawDataError::NotAFile { .. } => Self::InvalidPath(anyhow::anyhow!("{value}")),
+            SaveRawDataError::NotADirectory { .. } => Self::InvalidPath(anyhow::anyhow!("{value}")),
+            SaveRawDataError::NotFound { .. } => Self::InvalidPath(anyhow::anyhow!("{value}")),
+            SaveRawDataError::CreateWritable { .. } => Self::Internal(anyhow::anyhow!("{value}")),
+            SaveRawDataError::CannotEdit { .. } => Self::Internal(anyhow::anyhow!("{value}")),
+            SaveRawDataError::Write { .. } => Self::Internal(anyhow::anyhow!("{value}")),
+            SaveRawDataError::Close { .. } => Self::Internal(anyhow::anyhow!("{value}")),
+            SaveRawDataError::DomException { .. } => Self::Internal(anyhow::anyhow!("{value}")),
+            SaveRawDataError::Cast { .. } => Self::Internal(anyhow::anyhow!("{value}")),
+            SaveRawDataError::Promise { .. } => Self::Internal(anyhow::anyhow!("{value}")),
+            SaveRawDataError::NoSpaceLeft { .. } => Self::Internal(anyhow::anyhow!("{value}")),
+        }
+    }
+}

libparsec/crates/platform_device_loader/src/web/internal.rs

@@ -192,10 +192,18 @@ impl Storage {
         &self,
         key: &Path,
         file_data: &DeviceFile,
-    ) -> Result<(), SaveDeviceFileError> {
+    ) -> Result<(), SaveRawDataError> {
         let data = file_data.dump();
-        log::trace!("Saving device file at {}", key.display());
-        let parent = if let Some(parent) = key.parent() {
+        self.save_raw_data(key, &data).await
+    }
+
+    pub(crate) async fn save_raw_data(
+        &self,
+        path: &Path,
+        data: &[u8],
+    ) -> Result<(), SaveRawDataError> {
+        log::trace!("Saving device file at {}", path.display());
+        let parent = if let Some(parent) = path.parent() {
             Some(self.root_dir.create_dir_all(parent).await?)
         } else {
             None
@@ -204,7 +212,7 @@ impl Storage {
             .as_ref()
             .unwrap_or(&self.root_dir)
             .get_file(
-                key.file_name()
+                path.file_name()
                     .and_then(std::ffi::OsStr::to_str)
                     .expect("Missing filename"),
                 Some(OpenOptions::create()),
@@ -247,6 +255,15 @@ impl Storage {
             .await
             .map_err(Into::into)
     }
+
+    pub(crate) async fn save_pki_local_pending(
+        &self,
+        local_file: PathBuf,
+        file_data: LocalPendingEnrollment,
+    ) -> Result<(), SaveRawDataError> {
+        let data = file_data.dump();
+        self.save_raw_data(&local_file, &data).await
+    }
 }
 
 async fn load_available_device(file: &File) -> Result<AvailableDevice, LoadAvailableDeviceError> {

libparsec/crates/platform_device_loader/src/web/mod.rs

@@ -11,7 +11,7 @@ use libparsec_types::prelude::*;
 use crate::{
     AccountVaultOperationsFetchOpaqueKeyError, ArchiveDeviceError, AvailableDevice,
     DeviceAccessStrategy, DeviceSaveStrategy, ListAvailableDeviceError, LoadCiphertextKeyError,
-    ReadFileError, RemoveDeviceError, SaveDeviceError, UpdateDeviceError,
+    ReadFileError, RemoveDeviceError, SaveDeviceError, SavePkiLocalPendingError, UpdateDeviceError,
 };
 use internal::Storage;
 
@@ -174,3 +174,18 @@ pub(super) async fn remove_device(device_path: &Path) -> Result<(), RemoveDevice
     };
     storage.remove_device(device_path).await.map_err(Into::into)
 }
+
+pub(super) async fn save_pki_local_pending(
+    local_pending: LocalPendingEnrollment,
+    local_file: PathBuf,
+) -> Result<(), SavePkiLocalPendingError> {
+    let Ok(storage) = Storage::new().await.inspect_err(|e| {
+        log::error!("Failed to access storage: {e}");
+    }) else {
+        return Err(SavePkiLocalPendingError::StorageNotAvailable);
+    };
+    storage
+        .save_pki_local_pending(local_file, local_pending)
+        .await
+        .map_err(Into::into)
+}

libparsec/crates/platform_device_loader/tests/units/mod.rs

@@ -6,6 +6,7 @@ libparsec_tests_lite::platform::wasm_bindgen_test_configure!(run_in_browser run_
 mod archive;
 mod list;
 mod load;
+mod pki;
 mod recovery;
 mod remove;
 mod save;

libparsec/crates/platform_device_loader/tests/units/pki/mod.rs

@@ -0,0 +1,3 @@
+// Parsec Cloud (https://parsec.cloud) Copyright (c) BUSL-1.1 2016-present Scille SAS
+
+mod save;

libparsec/crates/platform_device_loader/tests/units/pki/save.rs

@@ -0,0 +1,40 @@
+// Parsec Cloud (https://parsec.cloud) Copyright (c) BUSL-1.1 2016-present Scille SAS
+
+use libparsec_testbed::TestbedEnv;
+use libparsec_tests_fixtures::prelude::*;
+use libparsec_tests_lite::parsec_test;
+use libparsec_types::{
+    Bytes, EnrollmentID, LocalPendingEnrollment, ParsecPkiEnrollmentAddr,
+    PkiEnrollmentSubmitPayload, X509CertificateHash,
+};
+
+use crate::save_pki_local_pending;
+
+#[parsec_test(testbed = "minimal")]
+async fn ok_simple(tmp_path: TmpPath, env: &TestbedEnv) {
+    let path = tmp_path.join("local_pki_enrol.keys");
+
+    let alice_device = env.local_device("alice@dev1");
+    let pki_addr = ParsecPkiEnrollmentAddr::new(
+        alice_device.organization_addr.clone(),
+        alice_device.organization_id().clone(),
+    );
+    let local_pending = LocalPendingEnrollment {
+        cert_ref: X509CertificateHash::fake_sha256().into(),
+        addr: pki_addr,
+        submitted_on: "2000-01-01T00:00:00Z".parse().unwrap(),
+        enrollment_id: EnrollmentID::default(),
+        payload: PkiEnrollmentSubmitPayload {
+            // We reuse `alice_device` attribute for simplicity sake.
+            // IRL, those values are RNG and provided by the user.
+            verify_key: alice_device.signing_key.verify_key(),
+            public_key: alice_device.private_key.public_key(),
+            device_label: alice_device.device_label.clone(),
+            human_handle: alice_device.human_handle.clone(),
+        },
+        encrypted_key: Bytes::from_static(b"encrypted key"),
+        encrypted_key_algo: libparsec_types::EncryptionAlgorithm::RsaesOaepSha256,
+        ciphertext: Bytes::from_static(b"encrypted secret part"),
+    };
+    save_pki_local_pending(local_pending, path).await.unwrap();
+}