Skip to content

Commit

Permalink
lib: Rewrite "credentials" as a TypeScript class
Browse files Browse the repository at this point in the history
  • Loading branch information
mvollmer committed Dec 20, 2024
1 parent af2a6d6 commit b3af36e
Show file tree
Hide file tree
Showing 2 changed files with 111 additions and 67 deletions.
176 changes: 110 additions & 66 deletions pkg/lib/credentials.js → pkg/lib/credentials.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,67 +17,91 @@
* along with Cockpit; If not, see <https://www.gnu.org/licenses/>.
*/

import cockpit from "cockpit";
import cockpit, { SpawnOptions } from "cockpit";

// @ts-expect-error: magic verbatim string import, not a JS module
import lister from "credentials-ssh-private-keys.sh";
// @ts-expect-error: magic verbatim string import, not a JS module
import remove_key from "credentials-ssh-remove-key.sh";

const _ = cockpit.gettext;

function Keys() {
const self = this;
export interface Key {
type: string;
comment: string;
data: string;
name?: string;
loaded?: boolean;
agent_only?: boolean;
size?: number | null;
fingerprint?: string;
}

export class KeyLoadError extends Error {
sent_password: boolean;

constructor(sent_password: boolean, message: string) {
super(message);
this.sent_password = sent_password;
}
}

self.path = null;
self.items = { };
class Keys extends EventTarget {
path: string | null = null;
items: Record<string, Key> = { };

let proc = null;
let timeout = null;
p_have_path: Promise<void>;

cockpit.event_target(this);
constructor() {
super();
this.p_have_path = cockpit.user()
.then(user => {
this.path = user.home + '/.ssh';
this.#refresh();
});
}

self.p_have_path = cockpit.user()
.then(user => {
self.path = user.home + '/.ssh';
refresh();
});
#proc: cockpit.Spawn<string> | null = null;
#timeout: number | null = null;

function refresh() {
if (proc)
#refresh(): void {
if (this.#proc || !this.path)
return;

window.clearTimeout(timeout);
timeout = null;
if (this.#timeout)
window.clearTimeout(this.#timeout);
this.#timeout = null;

proc = cockpit.script(lister, [self.path], { err: "message" });
proc
.then(data => process(data))
this.#proc = cockpit.script(lister, [this.path], { err: "message" });
this.#proc
.then(data => this.#process(data))
.catch(ex => console.warn("failed to list keys in home directory: " + ex.message))
.finally(() => {
proc = null;
this.#proc = null;

if (!timeout)
timeout = window.setTimeout(refresh, 5000);
if (!this.#timeout)
this.#timeout = window.setTimeout(() => this.#refresh(), 5000);
});
}

function process(data) {
#process(data: string): void {
const blocks = data.split('\v');
let key;
let key: Key | undefined;
const items = { };

/* First block is the data from ssh agent */
blocks[0].trim().split("\n")
.forEach(function(line) {
key = parse_key(line, items);
.forEach(line => {
key = this.#parse_key(line, items);
if (key)
key.loaded = true;
});

/* Next come individual triples of blocks */
blocks.slice(1).forEach(function(block, i) {
blocks.slice(1).forEach((block, i) => {
switch (i % 3) {
case 0:
key = parse_key(block, items);
key = this.#parse_key(block, items);
break;
case 1:
if (key) {
Expand All @@ -92,16 +116,16 @@ function Keys() {
break;
case 2:
if (key)
parse_info(block, key);
this.#parse_info(block, key);
break;
}
});

self.items = items;
self.dispatchEvent("changed");
this.items = items;
this.dispatchEvent(new CustomEvent("changed"));
}

function parse_key(line, items) {
#parse_key(line: string, items: Record<string, Key>): Key | undefined {
const parts = line.trim().split(" ");
let id, type, comment;

Expand All @@ -123,16 +147,22 @@ function Keys() {
}

let key = items[id];
if (!key)
key = items[id] = { };
if (key) {
key.type = type;
key.comment = comment;
key.data = line;
} else {
key = items[id] = {
type,
comment,
data: line,
};
}

key.type = type;
key.comment = comment;
key.data = line;
return key;
}

function parse_info(line, key) {
#parse_info(line: string, key: Key): void {
const parts = line.trim().split(" ")
.filter(n => !!n);

Expand All @@ -146,7 +176,7 @@ function Keys() {
key.name = parts[2];
}

async function run_keygen(file, new_type, old_pass, new_pass) {
async #run_keygen(file: string, new_type: string | null, old_pass: string | null, new_pass: string): Promise<void> {
const old_exps = [/.*Enter old passphrase: $/];
const new_exps = [/.*Enter passphrase.*/, /.*Enter new passphrase.*/, /.*Enter same passphrase again: $/];
const bad_exps = [/.*failed: passphrase is too short.*/];
Expand All @@ -164,9 +194,10 @@ function Keys() {
else
cmd.push("-p");

await self.p_have_path;
await this.p_have_path;
cockpit.assert(this.path);

const proc = cockpit.spawn(cmd, { pty: true, environ: ["LC_ALL=C"], err: "out", directory: self.path });
const proc = cockpit.spawn(cmd, { pty: true, environ: ["LC_ALL=C"], err: "out", directory: this.path });

proc.stream(data => {
buffer += data;
Expand Down Expand Up @@ -198,25 +229,29 @@ function Keys() {
try {
await proc;
} catch (ex) {
if (ex.exit_status)
if (ex instanceof cockpit.ProcessError && ex.exit_status)
throw new Error(failure);
throw ex;
} finally {
window.clearInterval(timeout);
}
}

self.change = (name, old_pass, new_pass) => run_keygen(name, null, old_pass, new_pass);
async change(name: string, old_pass: string, new_pass: string): Promise<void> {
await this.#run_keygen(name, null, old_pass, new_pass);
}

self.create = async (name, type, new_pass) => {
async create(name: string, type: string, new_pass: string): Promise<void> {
// ensure ~/.ssh directory exists
await cockpit.script('dir=$(dirname "$1"); test -e "$dir" || mkdir -m 700 "$dir"', [name]);
await run_keygen(name, type, null, new_pass);
};
await this.#run_keygen(name, type, null, new_pass);
}

self.get_pubkey = name => cockpit.file(name + ".pub").read();
async get_pubkey(name: string): Promise<string> {
return await cockpit.file(name + ".pub").read();
}

self.load = async function(name, password) {
async load(name: string, password: string): Promise<void> {
const ask_exp = /.*Enter passphrase for .*/;
const perm_exp = /.*UNPROTECTED PRIVATE KEY FILE.*/;
const bad_exp = /.*Bad passphrase.*/;
Expand All @@ -226,10 +261,11 @@ function Keys() {
let failure = _("Not a valid private key");
let sent_password = false;

await self.p_have_path;
await this.p_have_path;
cockpit.assert(this.path);

const proc = cockpit.spawn(["ssh-add", name],
{ pty: true, environ: ["LC_ALL=C"], err: "out", directory: self.path });
{ pty: true, environ: ["LC_ALL=C"], err: "out", directory: this.path });

const timeout = window.setTimeout(() => {
failure = _("Prompting via ssh-add timed out");
Expand All @@ -255,35 +291,43 @@ function Keys() {

try {
await proc;
refresh();
this.#refresh();
} catch (error) {
console.log(output);
const ex = error.exit_status ? new Error(failure) : error;
ex.sent_password = sent_password;
let ex: KeyLoadError | unknown;
if (error instanceof cockpit.ProcessError && error.exit_status)
ex = new KeyLoadError(sent_password, failure);
else if (error instanceof Error)
ex = new KeyLoadError(sent_password, error.message);
else
ex = error;
throw ex;
} finally {
window.clearTimeout(timeout);
}
};
}

async unload(key: Key): Promise<void> {
await this.p_have_path;
cockpit.assert(this.path);

self.unload = async function(key) {
await self.p_have_path;
const options = { pty: true, err: "message", directory: self.path };
const options: SpawnOptions & { binary?: false; } = { pty: true, err: "message", directory: this.path };

if (key.name && !key.agent_only)
await cockpit.spawn(["ssh-add", "-d", key.name], options);
else
await cockpit.script(remove_key, [key.data], options);

await refresh();
};
this.#refresh();
}

self.close = function() {
if (proc)
proc.close();
window.clearTimeout(timeout);
timeout = null;
};
close() {
if (this.#proc)
this.#proc.close();
if (this.#timeout)
window.clearTimeout(this.#timeout);
this.#timeout = null;
}
}

export function keys_instance() {
Expand Down
2 changes: 1 addition & 1 deletion pkg/shell/credentials.jsx
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@ const AddNewKey = ({ load, unlockKey, onClose }) => {
load(newKeyPath)
.then(onClose)
.catch(ex => {
if (!ex.sent_password)
if (!(ex instanceof credentials.KeyLoadError) || !ex.sent_password)
setNewKeyPathError(ex.message);
else
unlockKey(newKeyPath);
Expand Down

0 comments on commit b3af36e

Please sign in to comment.