231 lines
4.9 KiB
Go
231 lines
4.9 KiB
Go
package passgo
|
|
|
|
import (
|
|
"bufio"
|
|
"encoding/hex"
|
|
"fmt"
|
|
"io"
|
|
"io/ioutil"
|
|
"os"
|
|
"os/user"
|
|
"path"
|
|
"regexp"
|
|
"sort"
|
|
"strings"
|
|
|
|
"github.com/jcmdev0/gpgagent"
|
|
|
|
"golang.org/x/crypto/openpgp"
|
|
"golang.org/x/crypto/openpgp/armor"
|
|
"golang.org/x/crypto/openpgp/packet"
|
|
)
|
|
|
|
var (
|
|
basename *regexp.Regexp
|
|
ask openpgp.PromptFunction
|
|
)
|
|
|
|
func init() {
|
|
basename = regexp.MustCompile(".gpg$")
|
|
}
|
|
|
|
type Store struct {
|
|
Dir string
|
|
keyring openpgp.KeyRing
|
|
}
|
|
|
|
func GetStore(store *Store) error {
|
|
u, err := user.Current()
|
|
if err != nil {
|
|
return fmt.Errorf("Can't get current user.")
|
|
}
|
|
if store.Dir == "" {
|
|
store.Dir = path.Join(u.HomeDir, ".password-store")
|
|
}
|
|
|
|
fd, err := os.Open(path.Join(u.HomeDir, ".gnupg/secring.gpg"))
|
|
defer fd.Close()
|
|
if err != nil {
|
|
return fmt.Errorf("Can't open keyring file")
|
|
}
|
|
kr, err := openpgp.ReadKeyRing(fd)
|
|
if err != nil {
|
|
return fmt.Errorf("Can't open gnupg keyring.")
|
|
}
|
|
store.keyring = kr
|
|
return nil
|
|
}
|
|
|
|
type caseInsensitive []os.FileInfo
|
|
|
|
func (fs caseInsensitive) Len() int { return len(fs) }
|
|
func (fs caseInsensitive) Swap(i, j int) { fs[i], fs[j] = fs[j], fs[i] }
|
|
func (fs caseInsensitive) Less(i, j int) bool {
|
|
return strings.ToLower(fs[i].Name()) < strings.ToLower(fs[j].Name())
|
|
}
|
|
|
|
type Pass struct {
|
|
Pathname string
|
|
Level int
|
|
Dir bool
|
|
}
|
|
|
|
func (s *Store) List() ([]Pass, error) {
|
|
return s.list(0, "")
|
|
}
|
|
|
|
func (s *Store) list(level int, p string) ([]Pass, error) {
|
|
ret := make([]Pass, 0)
|
|
dir := path.Join(s.Dir, p)
|
|
fd, err := os.Open(dir)
|
|
defer fd.Close()
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Cannot open password store")
|
|
}
|
|
files, err := fd.Readdir(0)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("Cannot read password store")
|
|
}
|
|
sort.Sort(caseInsensitive(files))
|
|
for _, x := range files {
|
|
n := basename.ReplaceAllLiteralString(x.Name(), "")
|
|
entry := Pass{Pathname: path.Join(p, n), Level: level}
|
|
|
|
if n[0] == '.' {
|
|
continue
|
|
}
|
|
if x.IsDir() {
|
|
entry.Dir = true
|
|
ret = append(ret, entry)
|
|
l, err := s.list(level+1, path.Join(p, x.Name()))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
ret = append(ret, l...)
|
|
} else {
|
|
ret = append(ret, entry)
|
|
}
|
|
}
|
|
return ret, nil
|
|
}
|
|
|
|
func AskPass(prompts ...func() []byte) openpgp.PromptFunction {
|
|
var prompt func() []byte
|
|
if len(prompts) > 0 {
|
|
prompt = prompts[0]
|
|
} else {
|
|
prompt = func() []byte {
|
|
fmt.Print("AskPass(): enter passphrase: ")
|
|
reader := bufio.NewReader(os.Stdin)
|
|
text, _ := reader.ReadString('\n')
|
|
return []byte(text[:len(text)-1])
|
|
}
|
|
}
|
|
|
|
var passphrase []byte
|
|
dec := func(p *packet.PrivateKey) error {
|
|
for i := 0; i < 3; i++ {
|
|
if err := p.Decrypt(passphrase); err == nil {
|
|
passphrase = nil
|
|
return err
|
|
}
|
|
passphrase = prompt()
|
|
if passphrase == nil {
|
|
passphrase = nil
|
|
return fmt.Errorf("Passphrase entry aborted")
|
|
}
|
|
}
|
|
passphrase = nil
|
|
return fmt.Errorf("Passphrase entry failed")
|
|
}
|
|
|
|
var ret openpgp.PromptFunction
|
|
ret = func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
|
|
if !symmetric {
|
|
for _, k := range keys {
|
|
if p := k.PrivateKey; p != nil && p.Encrypted {
|
|
if err := dec(p); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
for _, s := range k.Entity.Subkeys {
|
|
if p := s.PrivateKey; p != nil && p.Encrypted {
|
|
if err := dec(p); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return passphrase, nil
|
|
}
|
|
return ret
|
|
}
|
|
|
|
//https://github.com/jcmdev0/gpgagent/blob/master/example/example.go
|
|
func GPGPrompt(keys []openpgp.Key, symmetric bool) ([]byte, error) {
|
|
conn, err := gpgagent.NewGpgAgentConn()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer conn.Close()
|
|
|
|
for _, key := range keys {
|
|
cacheId := strings.ToUpper(hex.EncodeToString(key.PublicKey.Fingerprint[:]))
|
|
request := gpgagent.PassphraseRequest{CacheKey: cacheId}
|
|
for i := 0; i < 3; i++ {
|
|
var passphrase string
|
|
passphrase, err = conn.GetPassphrase(&request)
|
|
if err != nil {
|
|
continue
|
|
}
|
|
err = key.PrivateKey.Decrypt([]byte(passphrase))
|
|
if err != nil {
|
|
conn.RemoveFromCache(cacheId)
|
|
continue
|
|
}
|
|
return []byte(passphrase), nil
|
|
}
|
|
return nil, err
|
|
}
|
|
return nil, fmt.Errorf("Unable to find key")
|
|
}
|
|
|
|
func (s *Store) Decrypt(name string, prompts ...func() []byte) (string, error) {
|
|
if ask == nil {
|
|
ask = AskPass(prompts...)
|
|
}
|
|
file := path.Join(s.Dir, strings.Join([]string{name, ".gpg"}, ""))
|
|
if _, err := os.Stat(file); os.IsNotExist(err) {
|
|
return "", fmt.Errorf("Not in password store.")
|
|
}
|
|
fd, err := os.Open(file)
|
|
defer fd.Close()
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
var reader io.Reader
|
|
unarmor, err := armor.Decode(fd)
|
|
if err == nil {
|
|
reader = unarmor.Body
|
|
} else {
|
|
fd.Close()
|
|
fd, err = os.Open(file)
|
|
defer fd.Close()
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
reader = fd
|
|
}
|
|
md, err := openpgp.ReadMessage(reader, s.keyring, ask, nil)
|
|
if err != nil {
|
|
fmt.Println("Error reading message")
|
|
return "", err
|
|
}
|
|
ra, err := ioutil.ReadAll(md.UnverifiedBody)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return string(ra), nil
|
|
}
|