use crate::evaluator::{EvalError, Value}; use std::path::PathBuf; #[tracing::instrument(level = "trace", skip_all)] pub fn hash_file(args: &[Value]) -> Result { let path = match args.first() { Some(Value::Path(p)) => p.clone(), Some(Value::Str(s)) => PathBuf::from(s), _ => return Err(EvalError::TypeError("hash_file expects a path".to_string())), }; let content = std::fs::read(&path)?; let hash = blake3::hash(&content); Ok(Value::Str(hash.to_hex().to_string())) } #[tracing::instrument(level = "trace", skip_all)] pub fn hash_str(args: &[Value]) -> Result { let s = match args.first() { Some(Value::Str(s)) => s, _ => { return Err(EvalError::TypeError( "hash_str expects a string".to_string(), )); } }; let hash = blake3::hash(s.as_bytes()); Ok(Value::Str(hash.to_hex().to_string())) } #[tracing::instrument(level = "trace", skip_all)] pub fn encrypt_age(args: &[Value]) -> Result { let content = match args.first() { Some(Value::Str(s)) => s, _ => { return Err(EvalError::TypeError( "encrypt_age expects content string".to_string(), )); } }; let recipient = match args.get(1) { Some(Value::Str(s)) => s, _ => { return Err(EvalError::TypeError( "encrypt_age requires recipient public key".to_string(), )); } }; let recipient = recipient .parse::() .map_err(|e| EvalError::TypeError(format!("invalid recipient: {}", e)))?; let encryptor = age::Encryptor::with_recipients(vec![Box::new(recipient)]) .expect("failed to create encryptor"); let mut encrypted = vec![]; let mut writer = encryptor .wrap_output(&mut encrypted) .map_err(|e| EvalError::TypeError(format!("encryption error: {}", e)))?; use std::io::Write; writer .write_all(content.as_bytes()) .map_err(|e| EvalError::TypeError(format!("encryption error: {}", e)))?; writer .finish() .map_err(|e| EvalError::TypeError(format!("encryption error: {}", e)))?; Ok(Value::Str(base64_encode(&encrypted))) } #[tracing::instrument(level = "trace", skip_all)] pub fn decrypt_age(args: &[Value]) -> Result { let encrypted = match args.first() { Some(Value::Str(s)) => s, _ => { return Err(EvalError::TypeError( "decrypt_age expects encrypted string".to_string(), )); } }; let identity_str = match args.get(1) { Some(Value::Str(s)) => s, _ => { return Err(EvalError::TypeError( "decrypt_age requires identity".to_string(), )); } }; let identity = identity_str .parse::() .map_err(|e| EvalError::TypeError(format!("invalid identity: {}", e)))?; let encrypted_bytes = base64_decode(encrypted) .map_err(|e| EvalError::TypeError(format!("invalid base64: {}", e)))?; let decryptor = match age::Decryptor::new(&encrypted_bytes[..]) .map_err(|e| EvalError::TypeError(format!("decryption error: {}", e)))? { age::Decryptor::Recipients(d) => d, _ => { return Err(EvalError::TypeError( "unexpected decryptor type".to_string(), )); } }; let mut decrypted = vec![]; let mut reader = decryptor .decrypt(std::iter::once(&identity as &dyn age::Identity)) .map_err(|e| EvalError::TypeError(format!("decryption error: {}", e)))?; use std::io::Read; reader .read_to_end(&mut decrypted) .map_err(|e| EvalError::TypeError(format!("decryption error: {}", e)))?; Ok(Value::Str(String::from_utf8(decrypted).map_err(|e| { EvalError::TypeError(format!("invalid UTF-8: {}", e)) })?)) } pub fn base64_encode(data: &[u8]) -> String { const ALPHABET: &[u8] = b"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; let mut result = String::new(); for chunk in data.chunks(3) { let b0 = chunk[0] as usize; let b1 = chunk.get(1).copied().unwrap_or(0) as usize; let b2 = chunk.get(2).copied().unwrap_or(0) as usize; result.push(ALPHABET[b0 >> 2] as char); result.push(ALPHABET[((b0 & 0x03) << 4) | (b1 >> 4)] as char); if chunk.len() > 1 { result.push(ALPHABET[((b1 & 0x0f) << 2) | (b2 >> 6)] as char); } else { result.push('='); } if chunk.len() > 2 { result.push(ALPHABET[b2 & 0x3f] as char); } else { result.push('='); } } result } pub fn base64_decode(s: &str) -> Result, String> { const DECODE: [i8; 256] = { let mut table = [-1i8; 256]; let alphabet = b"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; let mut i = 0; while i < 64 { table[alphabet[i] as usize] = i as i8; i += 1; } table }; let s = s.trim_end_matches('='); let mut result = Vec::with_capacity(s.len() * 3 / 4); let chars: Vec = s.bytes().collect(); for chunk in chars.chunks(4) { let mut buf = [0u8; 4]; for (i, &c) in chunk.iter().enumerate() { let val = DECODE[c as usize]; if val < 0 { return Err(format!("invalid base64 character: {}", c as char)); } buf[i] = val as u8; } result.push((buf[0] << 2) | (buf[1] >> 4)); if chunk.len() > 2 { result.push((buf[1] << 4) | (buf[2] >> 2)); } if chunk.len() > 3 { result.push((buf[2] << 6) | buf[3]); } } Ok(result) }