Merge pull request #11325 from davidkelly/dk/UserHfcAccountRework

Use new hfc account endpoint

interface/resources/qml/hifi/commerce/wallet/Wallet.qml

@@ -33,12 +33,19 @@ Rectangle {
     Hifi.QmlCommerce {
         id: commerce;
 
+        onAccountResult: {
+            if (result.status === "success") {
+                commerce.getKeyFilePathIfExists();
+            } else {
+                // unsure how to handle a failure here. We definitely cannot proceed.
+            }
+        }
         onLoginStatusResult: {
             if (!isLoggedIn && root.activeView !== "needsLogIn") {
                 root.activeView = "needsLogIn";
             } else if (isLoggedIn) {
                 root.activeView = "initialize";
-                commerce.getKeyFilePathIfExists();
+                commerce.account();
             }
         }
 

interface/src/commerce/Ledger.cpp

@@ -176,3 +176,28 @@ void Ledger::resetFailure(QNetworkReply& reply) { failResponse("reset", reply);
 void Ledger::reset() {
     send("reset_user_hfc_account", "resetSuccess", "resetFailure", QNetworkAccessManager::PutOperation, QJsonObject());
 }
+
+void Ledger::accountSuccess(QNetworkReply& reply) {
+    // lets set the appropriate stuff in the wallet now
+    auto wallet = DependencyManager::get<Wallet>();
+    QByteArray response = reply.readAll();
+    QJsonObject data = QJsonDocument::fromJson(response).object()["data"].toObject();
+
+    auto salt = QByteArray::fromBase64(data["salt"].toString().toUtf8());
+    auto iv = QByteArray::fromBase64(data["iv"].toString().toUtf8());
+    auto ckey = QByteArray::fromBase64(data["ckey"].toString().toUtf8());
+
+    wallet->setSalt(salt);
+    wallet->setIv(iv);
+    wallet->setCKey(ckey);
+
+    // none of the hfc account info should be emitted
+    emit accountResult(QJsonObject{ {"status", "success"} });
+}
+
+void Ledger::accountFailure(QNetworkReply& reply) {
+    failResponse("account", reply);
+}
+void Ledger::account() {
+    send("hfc_account", "accountSuccess", "accountFailure", QNetworkAccessManager::PutOperation, QJsonObject());
+}

interface/src/commerce/Ledger.h

@@ -29,6 +29,7 @@ public:
     void balance(const QStringList& keys);
     void inventory(const QStringList& keys);
     void history(const QStringList& keys);
+    void account();
     void reset();
 
 signals:
@@ -37,6 +38,7 @@ signals:
     void balanceResult(QJsonObject result);
     void inventoryResult(QJsonObject result);
     void historyResult(QJsonObject result);
+    void accountResult(QJsonObject result);
 
 public slots:
     void buySuccess(QNetworkReply& reply);
@@ -51,6 +53,8 @@ public slots:
     void historyFailure(QNetworkReply& reply);
     void resetSuccess(QNetworkReply& reply);
     void resetFailure(QNetworkReply& reply);
+    void accountSuccess(QNetworkReply& reply);
+    void accountFailure(QNetworkReply& reply);
 
 private:
     QJsonObject apiResponse(const QString& label, QNetworkReply& reply);

interface/src/commerce/QmlCommerce.cpp

@@ -27,6 +27,7 @@ QmlCommerce::QmlCommerce(QQuickItem* parent) : OffscreenQmlDialog(parent) {
     connect(wallet.data(), &Wallet::securityImageResult, this, &QmlCommerce::securityImageResult);
     connect(ledger.data(), &Ledger::historyResult, this, &QmlCommerce::historyResult);
     connect(wallet.data(), &Wallet::keyFilePathIfExistsResult, this, &QmlCommerce::keyFilePathIfExistsResult);
+    connect(ledger.data(), &Ledger::accountResult, this, &QmlCommerce::accountResult);
 }
 
 void QmlCommerce::getLoginStatus() {
@@ -106,3 +107,8 @@ void QmlCommerce::reset() {
     ledger->reset();
     wallet->reset();
 }
+
+void QmlCommerce::account() {
+    auto ledger = DependencyManager::get<Ledger>();
+    ledger->account();
+}

interface/src/commerce/QmlCommerce.h

@@ -39,6 +39,7 @@ signals:
     void balanceResult(QJsonObject result);
     void inventoryResult(QJsonObject result);
     void historyResult(QJsonObject result);
+    void accountResult(QJsonObject result);
 
 protected:
     Q_INVOKABLE void getLoginStatus();
@@ -55,6 +56,7 @@ protected:
     Q_INVOKABLE void history();
     Q_INVOKABLE void generateKeyPair();
     Q_INVOKABLE void reset();
+    Q_INVOKABLE void account();
 };
 
 #endif // hifi_QmlCommerce_h

interface/src/commerce/Wallet.cpp

@@ -55,9 +55,12 @@ QString imageFilePath() {
 // use the cached _passphrase if it exists, otherwise we need to prompt
 int passwordCallback(char* password, int maxPasswordSize, int rwFlag, void* u) {
     // just return a hardcoded pwd for now
-    auto passphrase = DependencyManager::get<Wallet>()->getPassphrase();
+    auto wallet = DependencyManager::get<Wallet>();
+    auto passphrase = wallet->getPassphrase();
     if (passphrase && !passphrase->isEmpty()) {
-        strcpy(password, passphrase->toLocal8Bit().constData());
+        QString saltedPassphrase(*passphrase);
+        saltedPassphrase.append(wallet->getSalt());
+        strcpy(password, saltedPassphrase.toUtf8().constData());
         return static_cast<int>(passphrase->size());
     } else {
         // this shouldn't happen - so lets log it to tell us we have
@@ -254,13 +257,12 @@ RSA* readPrivateKey(const char* filename) {
     }
     return key;
 }
-static const unsigned char IVEC[16] = "IAmAnIVecYay123";
 
 void initializeAESKeys(unsigned char* ivec, unsigned char* ckey, const QByteArray& salt) {
-    // first ivec
-    memcpy(ivec, IVEC, 16);
-    auto hash = QCryptographicHash::hash(salt, QCryptographicHash::Sha256);
-    memcpy(ckey, hash.data(), 32);
+    // use the ones in the wallet
+    auto wallet = DependencyManager::get<Wallet>();
+    memcpy(ivec, wallet->getIv(), 16);
+    memcpy(ckey, wallet->getCKey(), 32);
 }
 
 Wallet::~Wallet() {

interface/src/commerce/Wallet.h

@@ -35,6 +35,10 @@ public:
 
     void setSalt(const QByteArray& salt) { _salt = salt; }
     QByteArray getSalt() { return _salt; }
+    void setIv(const QByteArray& iv) { _iv = iv; }
+    QByteArray getIv() { return _iv; }
+    void setCKey(const QByteArray& ckey) { _ckey = ckey; }
+    QByteArray getCKey() { return _ckey; }
 
     void setPassphrase(const QString& passphrase);
     QString* getPassphrase() { return _passphrase; }
@@ -52,6 +56,8 @@ private:
     QStringList _publicKeys{};
     QPixmap* _securityImage { nullptr };
     QByteArray _salt {"iamsalt!"};
+    QByteArray _iv;
+    QByteArray _ckey;
     QString* _passphrase { new QString("") };
 
     void updateImageProvider();