From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dcsapak@zita.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 586C05BE2A
 for <pbs-devel@lists.proxmox.com>; Wed,  8 Jul 2020 13:41:57 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 3EC55983F
 for <pbs-devel@lists.proxmox.com>; Wed,  8 Jul 2020 13:41:27 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [212.186.127.180])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id 363C19836
 for <pbs-devel@lists.proxmox.com>; Wed,  8 Jul 2020 13:41:26 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 444FD41F10
 for <pbs-devel@lists.proxmox.com>; Wed,  8 Jul 2020 13:32:21 +0200 (CEST)
From: Dominik Csapak <d.csapak@proxmox.com>
To: pbs-devel@lists.proxmox.com
Date: Wed,  8 Jul 2020 13:32:20 +0200
Message-Id: <20200708113220.27826-1-d.csapak@proxmox.com>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery
 methods
 NO_DNS_FOR_FROM         0.379 Envelope sender has no MX or A DNS records
 RCVD_IN_DNSWL_MED        -2.3 Sender listed at https://www.dnswl.org/,
 medium trust
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_NONE                0.001 SPF: sender does not publish an SPF Record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [rec.data]
Subject: [pbs-devel] [PATCH proxmox-backup] ui: adapt for new sign-only
 crypt mode
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
 <pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>, 
 <mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Wed, 08 Jul 2020 11:41:57 -0000

we can now show 'none', 'encprypted', 'signed' or 'mixed' for
the crypt mode

also adds a different icon for signed files, and adds a hint that
signatures cannot be verified on the server

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
 www/DataStoreContent.js            | 60 ++++++++++++++----------------
 www/Utils.js                       | 33 ++++++++++++++++
 www/window/BackupFileDownloader.js | 22 +++++++++--
 3 files changed, 78 insertions(+), 37 deletions(-)

diff --git a/www/DataStoreContent.js b/www/DataStoreContent.js
index 70406b5..cc4d955 100644
--- a/www/DataStoreContent.js
+++ b/www/DataStoreContent.js
@@ -12,26 +12,28 @@ Ext.define('pbs-data-store-snapshots', {
 	'owner',
 	{ name: 'size', type: 'int', allowNull: true, },
 	{
-	    name: 'encrypted',
+	    name: 'crypt-mode',
 	    type: 'boolean',
 	    calculate: function(data) {
 		let encrypted = 0;
+		let crypt = {
+		    none: 0,
+		    mixed: 0,
+		    'sign-only': 0,
+		    encrypt: 0,
+		};
+		let signed = 0;
 		let files = 0;
 		data.files.forEach(file => {
 		    if (file.filename === 'index.json.blob') return; // is never encrypted
-		    if (file.encrypted) {
-			encrypted++;
+		    let mode = PBS.Utils.cryptmap.indexOf(file['crypt-mode']);
+		    if (mode !== -1) {
+			crypt[file['crypt-mode']]++;
 		    }
 		    files++;
 		});
 
-		if (encrypted === 0) {
-		    return 0;
-		} else if (encrypted < files) {
-		    return 1;
-		} else {
-		    return 2;
-		}
+		return PBS.Utils.calculateCryptMode(crypt['sign-only'], crypt.encrypt, files);
 	    }
 	}
     ]
@@ -149,11 +151,14 @@ Ext.define('PBS.DataStoreContent', {
 	    let children = [];
 	    for (const [_key, group] of Object.entries(groups)) {
 		let last_backup = 0;
-		let encrypted = 0;
+		let crypt = {
+		    none: 0,
+		    mixed: 0,
+		    'sign-only': 0,
+		    encrypt: 0
+		};
 		for (const item of group.children) {
-		    if (item.encrypted > 0) {
-			encrypted++;
-		    }
+		    crypt[PBS.Utils.cryptmap[item['crypt-mode']]]++;
 		    if (item["backup-time"] > last_backup && item.size !== null) {
 			last_backup = item["backup-time"];
 			group["backup-time"] = last_backup;
@@ -163,14 +168,8 @@ Ext.define('PBS.DataStoreContent', {
 		    }
 
 		}
-		if (encrypted === 0) {
-		    group.encrypted = 0;
-		} else if (encrypted < group.children.length) {
-		    group.encrypted = 1;
-		} else {
-		    group.encrypted = 2;
-		}
 		group.count = group.children.length;
+		group['crypt-mode'] = PBS.Utils.calculateCryptMode(crypt['sign-only'], crypt.encrypt, group.count);
 		children.push(group);
 	    }
 
@@ -296,7 +295,7 @@ Ext.define('PBS.DataStoreContent', {
 
 	    let encrypted = false;
 	    data.files.forEach(file => {
-		if (file.filename === 'catalog.pcat1.didx' && file.encrypted) {
+		if (file.filename === 'catalog.pcat1.didx' && file['crypt-mode'] === 'encrypt') {
 		    encrypted = true;
 		}
 	    });
@@ -365,15 +364,8 @@ Ext.define('PBS.DataStoreContent', {
 	},
 	{
 	    header: gettext('Encrypted'),
-	    dataIndex: 'encrypted',
-	    renderer: function(value) {
-		switch (value) {
-		    case 0: return Proxmox.Utils.noText;
-		    case 1: return gettext('Mixed');
-		    case 2: return Proxmox.Utils.yesText;
-		    default: Proxmox.Utils.unknownText;
-		}
-	    }
+	    dataIndex: 'crypt-mode',
+	    renderer: value => PBS.Utils.cryptText[value] || Proxmox.Utils.unknownText,
 	},
 	{
 	    header: gettext("Files"),
@@ -383,8 +375,10 @@ Ext.define('PBS.DataStoreContent', {
 		return files.map((file) => {
 		    let icon = '';
 		    let size = '';
-		    if (file.encrypted) {
-			icon = '<i class="fa fa-lock"></i> ';
+		    let mode = PBS.Utils.cryptmap.indexOf(file['crypt-mode']);
+		    let iconCls = PBS.Utils.cryptIconCls[mode] || '';
+		    if (iconCls !== '') {
+			icon = `<i class="fa fa-${iconCls}"></i> `;
 		    }
 		    if (file.size)  {
 			size = ` (${Proxmox.Utils.format_size(file.size)})`;
diff --git a/www/Utils.js b/www/Utils.js
index bd585c9..db7dbf8 100644
--- a/www/Utils.js
+++ b/www/Utils.js
@@ -13,6 +13,39 @@ Ext.define('PBS.Utils', {
 
     dataStorePrefix: 'DataStore-',
 
+    cryptmap: [
+	'none',
+	'mixed',
+	'sign-only',
+	'encrypt',
+    ],
+
+    cryptText: [
+	Proxmox.Utils.noText,
+	gettext('Mixed'),
+	gettext('Signed'),
+	gettext('Encrypted'),
+    ],
+
+    cryptIconCls: [
+	'',
+	'',
+	'certificate',
+	'lock',
+    ],
+
+    calculateCryptMode: function(signed, encrypted, files) {
+	if (files === encrypted) {
+	    return PBS.Utils.cryptmap.indexOf('encrypt');
+	} else if (files === signed) {
+	    return PBS.Utils.cryptmap.indexOf('sign-only');
+	} else if ((signed+encrypted) === 0) {
+	    return PBS.Utils.cryptmap.indexOf('none');
+	} else {
+	    return PBS.Utils.cryptmap.indexOf('mixed');
+	}
+    },
+
     getDataStoreFromPath: function(path) {
 	return path.slice(PBS.Utils.dataStorePrefix.length);
     },
diff --git a/www/window/BackupFileDownloader.js b/www/window/BackupFileDownloader.js
index 5f8566e..6abe40f 100644
--- a/www/window/BackupFileDownloader.js
+++ b/www/window/BackupFileDownloader.js
@@ -46,8 +46,9 @@ Ext.define('PBS.window.BackupFileDownloader', {
 	    let me = this;
 	    let combo = me.lookup('file');
 	    let rec = combo.getStore().findRecord('filename', value, 0, false, true, true);
-	    let canDownload = !rec.data.encrypted;
+	    let canDownload = rec.data['crypt-mode'] !== 'encrypt';
 	    me.lookup('encryptedHint').setVisible(!canDownload);
+	    me.lookup('signedHint').setVisible(rec.data['crypt-mode'] === 'sign-only');
 	    me.lookup('downloadBtn').setDisabled(!canDownload);
 	},
 
@@ -88,7 +89,7 @@ Ext.define('PBS.window.BackupFileDownloader', {
 	    emptyText: gettext('No file selected'),
 	    fieldLabel: gettext('File'),
 	    store: {
-		fields: ['filename', 'size', 'encrypted',],
+		fields: ['filename', 'size', 'crypt-mode',],
 		idProperty: ['filename'],
 	    },
 	    listConfig: {
@@ -107,12 +108,25 @@ Ext.define('PBS.window.BackupFileDownloader', {
 		    },
 		    {
 			text: gettext('Encrypted'),
-			dataIndex: 'encrypted',
-			renderer: Proxmox.Utils.format_boolean,
+			dataIndex: 'crypt-mode',
+			renderer: function(value) {
+			    let mode = -1;
+			    if (value !== undefined) {
+				mode = PBS.Utils.cryptmap.indexOf(value);
+			    }
+			    return PBS.Utils.cryptText[mode] || Proxmox.Utils.unknownText;
+			}
 		    },
 		],
 	    },
 	},
+	{
+	    xtype: 'displayfield',
+	    userCls: 'pmx-hint',
+	    reference: 'signedHint',
+	    hidden: true,
+	    value: gettext('Note: Signatures of signed files will not be verified on the server. Please use the client to do this.'),
+	},
 	{
 	    xtype: 'displayfield',
 	    userCls: 'pmx-hint',
-- 
2.20.1