diff --git a/Cargo.lock b/Cargo.lock index 0f67065..25de481 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2077,7 +2077,7 @@ dependencies = [ [[package]] name = "tiny-encrypt" -version = "1.9.18" +version = "1.9.19" dependencies = [ "aes-gcm-stream", "base64 0.22.1", diff --git a/Cargo.toml b/Cargo.toml index 5628176..42c0f98 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "tiny-encrypt" -version = "1.9.18" +version = "1.9.19" edition = "2021" license = "MIT" description = "A simple and tiny file encrypt tool" diff --git a/src/cmd_config.rs b/src/cmd_config.rs index 68aa798..d159010 100644 --- a/src/cmd_config.rs +++ b/src/cmd_config.rs @@ -54,6 +54,9 @@ pub struct CmdConfig { /// Temporary key output #[arg(long)] pub temporary_key: bool, + /// Hide __all__ + #[arg(long)] + pub hide_all: bool, /// Encryption profile (use default when --key-filter is assigned) #[arg(long, short = 'p')] pub profile: Option, @@ -129,7 +132,7 @@ fn strip_field(kid: &str, max_len: usize) -> String { } } -fn config_profiles(cmd_version: &CmdConfig, config: &TinyEncryptConfig) -> XResult<()> { +fn config_profiles(cmd_config: &CmdConfig, config: &TinyEncryptConfig) -> XResult<()> { let mut reverse_map = HashMap::new(); if let Some(profiles) = &config.profiles { for (p, v) in profiles { @@ -148,6 +151,9 @@ fn config_profiles(cmd_version: &CmdConfig, config: &TinyEncryptConfig) -> XResu let mut ps: Vec<_> = pvs.iter().map(|pv| pv.0).collect(); ps.sort(); let pp = ps.iter().map(|s| s.to_string()).collect::>().join(", "); + if cmd_config.hide_all && pp == "__all__" { + continue; + } let kids = pvs[0].1; let mut ks = Vec::with_capacity(kids.len()); for kid in kids { @@ -156,7 +162,7 @@ fn config_profiles(cmd_version: &CmdConfig, config: &TinyEncryptConfig) -> XResu ks.push(format!("[ERROR] Key not found: {}", kid)); } Some(envelop) => { - let kid = if cmd_version.show_kid { + let kid = if cmd_config.show_kid { format!("Kid: {}", envelop.kid) } else { envelop.sid.as_ref() diff --git a/src/cmd_initkeychain.rs b/src/cmd_initkeychain.rs index 8e76c41..029df18 100644 --- a/src/cmd_initkeychain.rs +++ b/src/cmd_initkeychain.rs @@ -88,6 +88,7 @@ pub fn keychain_key_se(cmd_init_keychain: CmdInitKeychain) -> XResult<()> { desc: Some("Keychain Secure Enclave".to_string()), args: Some(vec![saved_arg0]), public_part: public_key_hex, + profiles: None, }; information!("Config envelop:\n{}", serde_json::to_string_pretty(&config_envelop).unwrap()); @@ -175,6 +176,7 @@ pub fn keychain_key_static(cmd_init_keychain: CmdInitKeychain) -> XResult<()> { desc: Some("Keychain static".to_string()), args: Some(vec![keychain_key.to_str()]), public_part: public_key_hex, + profiles: None, }; information!("Config envelop:\n{}", serde_json::to_string_pretty(&config_envelop).unwrap()); diff --git a/src/cmd_initpiv.rs b/src/cmd_initpiv.rs index a7657e1..d75fd51 100644 --- a/src/cmd_initpiv.rs +++ b/src/cmd_initpiv.rs @@ -69,6 +69,7 @@ pub fn init_piv(cmd_init_piv: CmdInitPiv) -> XResult<()> { slot_id_hex.clone() ]), public_part: public_key_point_hex, + profiles: None, }; information!("Config envelop:\n{}", serde_json::to_string_pretty(&config_envelop).unwrap()); @@ -84,6 +85,7 @@ pub fn init_piv(cmd_init_piv: CmdInitPiv) -> XResult<()> { slot_id_hex.clone() ]), public_part: util::to_pem(&spki, "PUBLIC KEY"), + profiles: None, }; information!("Config envelop:\n{}", serde_json::to_string_pretty(&config_envelop).unwrap()); diff --git a/src/config.rs b/src/config.rs index d406358..72203d4 100644 --- a/src/config.rs +++ b/src/config.rs @@ -72,6 +72,7 @@ pub struct TinyEncryptConfigEnvelop { #[serde(skip_serializing_if = "Option::is_none")] pub args: Option>, pub public_part: String, + pub profiles: Option>, } impl TinyEncryptConfig { @@ -123,26 +124,9 @@ impl TinyEncryptConfig { file ); debugging!("Config: {:#?}", config); - let mut config = load_includes_and_merge(config); + let config = load_includes_and_merge(config); debugging!("Final config: {:#?}", config); - if let Some(profiles) = config.profiles { - let mut splited_profiles = HashMap::new(); - for (k, v) in profiles.into_iter() { - if !k.contains(',') { - splited_profiles.insert(k, v); - } else { - k.split(',') - .map(|k| k.trim()) - .filter(|k| !k.is_empty()) - .for_each(|k| { - splited_profiles.insert(k.to_string(), v.clone()); - }); - } - } - config.profiles = Some(splited_profiles); - } - if let Some(environment) = &config.environment { for (k, v) in environment { let v = match v { @@ -364,22 +348,44 @@ pub fn load_includes_and_merge(mut config: TinyEncryptConfig) -> TinyEncryptConf } config.envelops.push(sub_envelop.clone()); } - // merge profiles - if let Some(sub_profiles) = &sub_config.profiles { - match &mut config.profiles { - None => { - config.profiles = Some(sub_profiles.clone()); - } - Some(profiles) => { - for (k, v) in sub_profiles { - match profiles.get_mut(k) { - None => { - profiles.insert(k.clone(), v.clone()); + + // deal with envelop profiles + let mut sub_profiles: HashMap> = match &sub_config.profiles { + None => HashMap::new(), + Some(sub_profiles) => sub_profiles.clone(), + }; + for envelop in &sub_config.envelops { + if let Some(profiles) = &envelop.profiles { + let kid = envelop.kid.clone(); + for profile in profiles { + match sub_profiles.get_mut(profile) { + None => { + sub_profiles.insert(profile.clone(), vec![kid.clone()]); + } + Some(kids) => { + if !kids.contains(&kid) { + kids.push(kid.clone()); } - Some(env_val) => { - for vv in v { - env_val.push(vv.clone()); - } + } + } + } + } + } + + // merge profiles + match &mut config.profiles { + None => { + config.profiles = Some(sub_profiles.clone()); + } + Some(profiles) => { + for (k, v) in &sub_profiles { + match profiles.get_mut(k) { + None => { + profiles.insert(k.clone(), v.clone()); + } + Some(env_val) => { + for vv in v { + env_val.push(vv.clone()); } } } diff --git a/src/temporary_key.rs b/src/temporary_key.rs index e205e61..a0764ff 100644 --- a/src/temporary_key.rs +++ b/src/temporary_key.rs @@ -51,6 +51,7 @@ pub fn deserialize_config_envelop(k: &str) -> XResult desc: None, args: None, public_part: decode(k_parts[4])?, + profiles: None, }) }