ckaczor/azuredatastudio
1
0
Fork 0
mirror of https://github.com/ckaczor/azuredatastudio.git synced 2026-02-18 02:51:36 -05:00
Code Issues Packages Projects Releases Wiki Activity

Allow users to use file based key storage if they have to (#9993)

Browse Source 
* Don't enforce the password limit for file keytar (#9974)

* Allow users to use file based keychain if they have to

* Don't enforce this limit for FS keytar

* Spacing

* Allow users to use file based keychain if they have to (#9952)
This commit is contained in:
Amir Omidi
2020-04-16 15:07:19 -07:00
committed by GitHub
parent ae13131370
commit 2e127582bd
1 changed files with 37 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
extensions/azurecore/src/account-provider/simpleTokenCache.ts
View File

@@ -3,9 +3,10 @@
* Licensed under the Source EULA. See License.txt in the project root for license information.
*--------------------------------------------------------------------------------------------*/
import * as keytarType from 'keytar';
import { join } from 'path';
import { join, parse } from 'path';
import { FileDatabase } from './utils/fileDatabase';
import * as azdata from 'azdata';
import * as crypto from 'crypto';
function getSystemKeytar(): Keytar | undefined | null {
try {
@@ -22,45 +23,43 @@ export type MultipleAccountsResponse = { account: string, password: string }[];
const separator = '§';
async function getFileKeytar(filePath: string, credentialService: azdata.CredentialProvider): Promise<Keytar | undefined> {
// Comment alias: amomidi, PR: 9743 March 26th 2020
// const fileName = parse(filePath).base;
// const iv = await credentialService.readCredential(`${fileName}-iv`);
// const key = await credentialService.readCredential(`${fileName}-key`);
// let ivBuffer: Buffer;
// let keyBuffer: Buffer;
// if (!iv?.password || !key?.password) {
// ivBuffer = crypto.randomBytes(16);
// keyBuffer = crypto.randomBytes(32);
// try {
// await credentialService.saveCredential(`${fileName}-iv`, ivBuffer.toString('hex'));
// await credentialService.saveCredential(`${fileName}-key`, keyBuffer.toString('hex'));
// } catch (ex) {
// console.log(ex);
// }
// } else {
// ivBuffer = Buffer.from(iv.password, 'hex');
// keyBuffer = Buffer.from(key.password, 'hex');
// }
const fileName = parse(filePath).base;
const iv = await credentialService.readCredential(`${fileName}-iv`);
const key = await credentialService.readCredential(`${fileName}-key`);
let ivBuffer: Buffer;
let keyBuffer: Buffer;
if (!iv?.password || !key?.password) {
ivBuffer = crypto.randomBytes(16);
keyBuffer = crypto.randomBytes(32);
try {
await credentialService.saveCredential(`${fileName}-iv`, ivBuffer.toString('hex'));
await credentialService.saveCredential(`${fileName}-key`, keyBuffer.toString('hex'));
} catch (ex) {
console.log(ex);
}
} else {
ivBuffer = Buffer.from(iv.password, 'hex');
keyBuffer = Buffer.from(key.password, 'hex');
}
// const fileSaver = async (content: string): Promise<string> => {
// const cipherIv = crypto.createCipheriv('aes-256-gcm', keyBuffer, ivBuffer);
// return `${cipherIv.update(content, 'utf8', 'hex')}${cipherIv.final('hex')}%${cipherIv.getAuthTag().toString('hex')}`;
// };
const fileSaver = async (content: string): Promise<string> => {
const cipherIv = crypto.createCipheriv('aes-256-gcm', keyBuffer, ivBuffer);
return `${cipherIv.update(content, 'utf8', 'hex')}${cipherIv.final('hex')}%${cipherIv.getAuthTag().toString('hex')}`;
};
// const fileOpener = async (content: string): Promise<string> => {
// const decipherIv = crypto.createDecipheriv('aes-256-gcm', keyBuffer, ivBuffer);
const fileOpener = async (content: string): Promise<string> => {
const decipherIv = crypto.createDecipheriv('aes-256-gcm', keyBuffer, ivBuffer);
// const split = content.split('%');
// if (split.length !== 2) {
// throw new Error('File didn\'t contain the auth tag.');
// }
// decipherIv.setAuthTag(Buffer.from(split[1], 'hex'));
const split = content.split('%');
if (split.length !== 2) {
throw new Error('File didn\'t contain the auth tag.');
}
decipherIv.setAuthTag(Buffer.from(split[1], 'hex'));
// return `${decipherIv.update(split[0], 'hex', 'utf8')}${decipherIv.final('utf8')}`;
// };
return `${decipherIv.update(split[0], 'hex', 'utf8')}${decipherIv.final('utf8')}`;
};
// const db = new FileDatabase(filePath, fileOpener, fileSaver);
const db = new FileDatabase(filePath);
const db = new FileDatabase(filePath, fileOpener, fileSaver);
await db.initialize();
const fileKeytar: Keytar = {
@@ -142,7 +141,7 @@ export class SimpleTokenCache {
}
async saveCredential(id: string, key: string): Promise<void> {
if (key.length > 2500) { // Windows limitation
if (!this.forceFileStorage && key.length > 2500) { // Windows limitation
throw new Error('Key length is longer than 2500 chars');
}
@@ -160,9 +159,11 @@ export class SimpleTokenCache {
async getCredential(id: string): Promise<string | undefined> {
try {
const result = await this.keytar.getPassword(this.serviceName, id);
if (result === null) {
return undefined;
}
return result;
} catch (ex) {
console.log(`Getting key failed: ${ex}`);