diff --git a/README.md b/README.md
index 8fbeb5f..73ae2f5 100644
--- a/README.md
+++ b/README.md
@@ -110,7 +110,7 @@ Example query:
$ curl --cacert cert/server.crt https://localhost:8080/delegate \
-d '{"Name":"Dodo","Password":"Dodgson","Time":"2h34m","Uses":3}'
{"Status":"ok"}
-
+
### Create User
Create Users creates a new user account. Allows an optional "UserType"
@@ -174,6 +174,13 @@ Example query:
-d '{"Name":"Alice","Password":"Lewis","Minimum":2, "Owners":["Alice","Bill","Cat","Dodo"],"Data":"V2h5IGlzIGEgcmF2ZW4gbGlrZSBhIHdyaXRpbmcgZGVzaz8K"}'
{"Status":"ok","Response":"eyJWZXJzaW9uIj...NSSllzPSJ9"}
+Example query with a predicate:
+
+ $ curl --cacert cert/server.crt https://localhost:8080/encrypt \
+ -d '{"Name":"Alice","Password":"Lewis","Predicate":"Alice & (Bob | Carl)",
+ Data":"V2h5IGlzIGEgcmF2ZW4gbGlrZSBhIHdyaXRpbmcgZGVzaz8K"}'
+ {"Status":"ok","Response":"eyJWZXJzaW9uIj...NSSllzPSJ9"}
+
The data expansion is not tied to the size of the input.
### Decrypt
diff --git a/core/core.go b/core/core.go
index e3fccb1..0362703 100644
--- a/core/core.go
+++ b/core/core.go
@@ -125,8 +125,9 @@ type DecryptWithDelegates struct {
}
type OwnersData struct {
- Status string
- Owners []string
+ Status string
+ Owners []string
+ Predicate string
}
// Helper functions that create JSON responses sent by core
@@ -619,12 +620,12 @@ func Owners(jsonIn []byte) ([]byte, error) {
return jsonStatusError(err)
}
- names, err := crypt.GetOwners(s.Data)
+ names, predicate, err := crypt.GetOwners(s.Data)
if err != nil {
return jsonStatusError(err)
}
- return json.Marshal(OwnersData{Status: "ok", Owners: names})
+ return json.Marshal(OwnersData{Status: "ok", Owners: names, Predicate: predicate})
}
// Export returns a backed up vault.
diff --git a/cryptor/cryptor.go b/cryptor/cryptor.go
index 3289eb6..b749e87 100644
--- a/cryptor/cryptor.go
+++ b/cryptor/cryptor.go
@@ -567,7 +567,7 @@ func (c *Cryptor) Decrypt(in []byte, user string) (resp []byte, names []string,
// GetOwners returns the list of users that can delegate their passwords
// to decrypt the given encrypted secret.
-func (c *Cryptor) GetOwners(in []byte) (names []string, err error) {
+func (c *Cryptor) GetOwners(in []byte) (names []string, predicate string, err error) {
// unwrap encrypted file
var encrypted EncryptedData
if err = json.Unmarshal(in, &encrypted); err != nil {
@@ -605,7 +605,7 @@ func (c *Cryptor) GetOwners(in []byte) (names []string, err error) {
}
addedNames := make(map[string]bool)
- for _, mwKey := range encrypted.KeySet {
+ for _, mwKey := range encrypted.KeySet { // names from the combinatorial method
for _, mwName := range mwKey.Name {
if !addedNames[mwName] {
names = append(names, mwName)
@@ -614,5 +614,14 @@ func (c *Cryptor) GetOwners(in []byte) (names []string, err error) {
}
}
+ for name, _ := range encrypted.ShareSet { // names from the secret splitting method
+ if !addedNames[name] {
+ names = append(names, name)
+ addedNames[name] = true
+ }
+ }
+
+ predicate = encrypted.Predicate
+
return
}
diff --git a/index.html b/index.html
index 4788736..ea9ef7e 100644
--- a/index.html
+++ b/index.html
@@ -528,7 +528,7 @@
submit( $form, {
data : data,
success : function(d){
- $form.find('.feedback').empty().append( makeAlert({ type: 'success', message: 'Owners: '+d.Owners.sort().join(', ')+'
' }) );
+ $form.find('.feedback').empty().append( makeAlert({ type: 'success', message: 'Owners: '+d.Owners.sort().join(', ')+(d.Predicate == '' ? '' : '
Predicate: '+d.Predicate)+'
' }) );
}
});
});
diff --git a/redoctober.go b/redoctober.go
index c933556..cadb6c2 100644
--- a/redoctober.go
+++ b/redoctober.go
@@ -801,7 +801,7 @@ var indexHtml = []byte(`
submit( $form, {
data : data,
success : function(d){
- $form.find('.feedback').empty().append( makeAlert({ type: 'success', message: 'Owners: '+d.Owners.sort().join(', ')+'
' }) );
+ $form.find('.feedback').empty().append( makeAlert({ type: 'success', message: 'Owners: '+d.Owners.sort().join(', ')+(d.Predicate == '' ? '' : '
Predicate: '+d.Predicate)+'
' }) );
}
});
});