performInitialAuth method

  1. @override
Future<bool> performInitialAuth(
  1. String atSign, {
  2. String? cramSecret,
  3. String? pkamPrivateKey,
})
override

Implementation

@override
Future<bool> performInitialAuth(String atSign,
    {String? cramSecret, String? pkamPrivateKey}) async {
  // get existing keys from keychain
  var publicKey =
      await _keyChainManager.getValue(atSign, KEYCHAIN_PKAM_PUBLIC_KEY);
  var privateKey = pkamPrivateKey ??=
      await _keyChainManager.getValue(atSign, KEYCHAIN_PKAM_PRIVATE_KEY);
  var encryptionPrivateKey = await _keyChainManager.getValue(
      atSign, KEYCHAIN_ENCRYPTION_PRIVATE_KEY);

  if (cramSecret != null) {
    logger.finer('private key is empty. Performing cram');
    var cram_result = await atLookUp.authenticate_cram(cramSecret);
    if (!cram_result) {
      return false;
    }
    var keypair;

    if (!_pkamAuthenticated) {
      // Generate keypair if not already generated
      if (privateKey == null || privateKey.isEmpty) {
        logger.finer('generating pkam key pair');
        keypair = _keyChainManager.generateKeyPair();
        privateKey = keypair.privateKey.toString();
        publicKey = keypair.publicKey.toString();
      }
      // send public key to remote Secondary server
      logger.finer('updating pkam public key to server');
      var updateCommand = 'update:$AT_PKAM_PUBLIC_KEY $publicKey\n';
      // auth is false since already cram authenticated
      var pkamUpdateResult =
          await atLookUp.executeCommand(updateCommand, auth: false);
      logger.finer('pkam update result:$pkamUpdateResult');
    } else {
      logger.finer('pkam auth already done');
      return true; //Auth already performed
    }
  }
  var pkam_auth_result = await atLookUp.authenticate(privateKey);

  if (pkam_auth_result) {
    logger.finer('pkam auth is successful');
    _pkamAuthenticated = true;
    if (privateKey != null) {
      // Save pkam public/private key pair in keychain
      await _keyChainManager.storeCredentialToKeychain(atSign,
          secret: cramSecret, privateKey: privateKey, publicKey: publicKey);
      // Generate key pair for encryption if not already present
      if (encryptionPrivateKey == null || encryptionPrivateKey == '') {
        logger
            .finer('generating encryption key pair and self encryption key');
        var encryptionKeyPair = _keyChainManager.generateKeyPair();
        await _keyChainManager.putValue(
            atSign,
            KEYCHAIN_ENCRYPTION_PRIVATE_KEY,
            encryptionKeyPair.privateKey.toString());
        var encryptionPubKey = encryptionKeyPair.publicKey.toString();
        await _keyChainManager.putValue(
            atSign, KEYCHAIN_ENCRYPTION_PUBLIC_KEY, encryptionPubKey);
        var selfEncryptionKey = EncryptionUtil.generateAESKey();
        await _keyChainManager.putValue(
            atSign, KEYCHAIN_SELF_ENCRYPTION_KEY, selfEncryptionKey);
      }

      var deleteBuilder = DeleteVerbBuilder()..atKey = AT_CRAM_SECRET;
      var delete_response = await atLookUp.executeVerb(deleteBuilder);
      logger.finer('cram secret delete response : $delete_response');
    }
  }
  return true;
}