Page MenuHomePhabricator
Files F14064136

D7625.diff
No OneTemporary
Actions

D7625.diff
View Options

Index: src/__phutil_library_map__.php
===================================================================
--- src/__phutil_library_map__.php
+++ src/__phutil_library_map__.php
@@ -947,6 +947,7 @@
'PackageDeleteMail' => 'applications/owners/mail/PackageDeleteMail.php',
'PackageMail' => 'applications/owners/mail/PackageMail.php',
'PackageModifyMail' => 'applications/owners/mail/PackageModifyMail.php',
+ 'PassphraseAbstractKey' => 'applications/passphrase/keys/PassphraseAbstractKey.php',
'PassphraseController' => 'applications/passphrase/controller/PassphraseController.php',
'PassphraseCredential' => 'applications/passphrase/storage/PassphraseCredential.php',
'PassphraseCredentialControl' => 'applications/passphrase/view/PassphraseCredentialControl.php',
@@ -968,6 +969,8 @@
'PassphraseCredentialViewController' => 'applications/passphrase/controller/PassphraseCredentialViewController.php',
'PassphraseDAO' => 'applications/passphrase/storage/PassphraseDAO.php',
'PassphrasePHIDTypeCredential' => 'applications/passphrase/phid/PassphrasePHIDTypeCredential.php',
+ 'PassphrasePasswordKey' => 'applications/passphrase/keys/PassphrasePasswordKey.php',
+ 'PassphraseSSHKey' => 'applications/passphrase/keys/PassphraseSSHKey.php',
'PassphraseSecret' => 'applications/passphrase/storage/PassphraseSecret.php',
'PasteCapabilityDefaultView' => 'applications/paste/capability/PasteCapabilityDefaultView.php',
'PasteCreateMailReceiver' => 'applications/paste/mail/PasteCreateMailReceiver.php',
@@ -3330,6 +3333,7 @@
'PackageDeleteMail' => 'PackageMail',
'PackageMail' => 'PhabricatorMail',
'PackageModifyMail' => 'PackageMail',
+ 'PassphraseAbstractKey' => 'Phobject',
'PassphraseController' => 'PhabricatorController',
'PassphraseCredential' =>
array(
@@ -3359,6 +3363,8 @@
'PassphraseCredentialViewController' => 'PassphraseController',
'PassphraseDAO' => 'PhabricatorLiskDAO',
'PassphrasePHIDTypeCredential' => 'PhabricatorPHIDType',
+ 'PassphrasePasswordKey' => 'PassphraseAbstractKey',
+ 'PassphraseSSHKey' => 'PassphraseAbstractKey',
'PassphraseSecret' => 'PassphraseDAO',
'PasteCapabilityDefaultView' => 'PhabricatorPolicyCapability',
'PasteCreateMailReceiver' => 'PhabricatorMailReceiver',
Index: src/applications/passphrase/credentialtype/PassphraseCredentialTypePassword.php
===================================================================
--- src/applications/passphrase/credentialtype/PassphraseCredentialTypePassword.php
+++ src/applications/passphrase/credentialtype/PassphraseCredentialTypePassword.php
@@ -3,12 +3,15 @@
final class PassphraseCredentialTypePassword
extends PassphraseCredentialType {
+ const CREDENTIAL_TYPE = 'password';
+ const PROVIDES_TYPE = 'provides/password';
+
public function getCredentialType() {
- return 'password';
+ return self::CREDENTIAL_TYPE;
}
public function getProvidesType() {
- return 'provides/password';
+ return self::PROVIDES_TYPE;
}
public function getCredentialTypeName() {
Index: src/applications/passphrase/credentialtype/PassphraseCredentialTypeSSHPrivateKey.php
===================================================================
--- src/applications/passphrase/credentialtype/PassphraseCredentialTypeSSHPrivateKey.php
+++ src/applications/passphrase/credentialtype/PassphraseCredentialTypeSSHPrivateKey.php
@@ -3,8 +3,10 @@
abstract class PassphraseCredentialTypeSSHPrivateKey
extends PassphraseCredentialType {
+ const PROVIDES_TYPE = 'provides/ssh-key-file';
+
final public function getProvidesType() {
- return 'provides/ssh-key-file';
+ return self::PROVIDES_TYPE;
}
}
Index: src/applications/passphrase/credentialtype/PassphraseCredentialTypeSSHPrivateKeyFile.php
===================================================================
--- src/applications/passphrase/credentialtype/PassphraseCredentialTypeSSHPrivateKeyFile.php
+++ src/applications/passphrase/credentialtype/PassphraseCredentialTypeSSHPrivateKeyFile.php
@@ -3,8 +3,10 @@
final class PassphraseCredentialTypeSSHPrivateKeyFile
extends PassphraseCredentialTypeSSHPrivateKey {
+ const CREDENTIAL_TYPE = 'ssh-key-file';
+
public function getCredentialType() {
- return 'ssh-key-file';
+ return self::CREDENTIAL_TYPE;
}
public function getCredentialTypeName() {
Index: src/applications/passphrase/credentialtype/PassphraseCredentialTypeSSHPrivateKeyText.php
===================================================================
--- src/applications/passphrase/credentialtype/PassphraseCredentialTypeSSHPrivateKeyText.php
+++ src/applications/passphrase/credentialtype/PassphraseCredentialTypeSSHPrivateKeyText.php
@@ -3,8 +3,10 @@
final class PassphraseCredentialTypeSSHPrivateKeyText
extends PassphraseCredentialTypeSSHPrivateKey {
+ const CREDENTIAL_TYPE = 'ssh-key-text';
+
public function getCredentialType() {
- return 'ssh-key-text';
+ return self::CREDENTIAL_TYPE;
}
public function getCredentialTypeName() {
Index: src/applications/passphrase/keys/PassphraseAbstractKey.php
===================================================================
--- /dev/null
+++ src/applications/passphrase/keys/PassphraseAbstractKey.php
@@ -0,0 +1,66 @@
+<?php
+
+abstract class PassphraseAbstractKey extends Phobject {
+
+ private $credential;
+
+ protected function requireCredential() {
+ if (!$this->credential) {
+ throw new Exception(pht("Credential is required!"));
+ }
+ return $this->credential;
+ }
+
+ private function loadCredential(
+ $phid,
+ PhabricatorUser $viewer) {
+
+ $credential = id(new PassphraseCredentialQuery())
+ ->setViewer($viewer)
+ ->withPHIDs(array($phid))
+ ->needSecrets(true)
+ ->executeOne();
+
+ if (!$credential) {
+ throw new Exception(pht('Failed to load credential "%s"!', $phid));
+ }
+
+ return $credential;
+ }
+
+ private function validateCredential(
+ PassphraseCredential $credential,
+ $provides_type) {
+
+ $type = $credential->getCredentialType();
+ if ($type->getProvides() !== $provides_type) {
+ throw new Exception(
+ pht(
+ 'Credential "%s" must provide "%s", but provides "%s"!',
+ 'K'.$credential->getID(),
+ $provides_type,
+ $type->getProvides()));
+ }
+
+ }
+
+ protected function loadAndValidateFromPHID(
+ $phid,
+ PhabricatorUser $viewer,
+ $type) {
+
+ $credential = $this->loadCredential($phid, $viewer);
+
+ $this->validateCredential($credential, $type);
+
+ $this->credential = $credential;
+
+ return $this;
+ }
+
+ public function getUsernameEnvelope() {
+ $credential = $this->requireCredential();
+ return new PhutilOpaqueEnvelope($credential->getUsername());
+ }
+
+}
Index: src/applications/passphrase/keys/PassphrasePasswordKey.php
===================================================================
--- /dev/null
+++ src/applications/passphrase/keys/PassphrasePasswordKey.php
@@ -0,0 +1,17 @@
+<?php
+
+final class PassphrasePasswordKey extends PassphraseAbstractKey {
+
+ public static function loadFromPHID($phid, PhabricatorUser $viewer) {
+ $key = new PassphraseSSHKey();
+ return $key->loadAndValidateFromPHID(
+ $phid,
+ $viewer,
+ PassphraseCredentialTypePassword::PROVIDES_TYPE);
+ }
+
+ public function getPasswordEnvelope() {
+ return $this->requireCredential()->getSecret();
+ }
+
+}
Index: src/applications/passphrase/keys/PassphraseSSHKey.php
===================================================================
--- /dev/null
+++ src/applications/passphrase/keys/PassphraseSSHKey.php
@@ -0,0 +1,40 @@
+<?php
+
+final class PassphraseSSHKey extends PassphraseAbstractKey {
+
+ private $keyFile;
+
+ public static function loadFromPHID($phid, PhabricatorUser $viewer) {
+ $key = new PassphraseSSHKey();
+ return $key->loadAndValidateFromPHID(
+ $phid,
+ $viewer,
+ PassphraseCredentialTypeSSHPrivateKey::PROVIDES_TYPE);
+ }
+
+ public function getKeyfileEnvelope() {
+ $credential = $this->requireCredential();
+
+ $text_type = PassphraseCredentialTypeSSHPrivateKeyText::CREDENTIAL_TYPE;
+ if ($credential->getCredentialType() == $text_type) {
+ // If the credential stores key text, write it out to a temporary file
+ // so we can pass it to `ssh`.
+ if (!$this->keyFile) {
+ $temporary_file = new TempFile('passphrase-ssh-key');
+
+ Filesystem::changePermissions($temporary_file, 0600);
+
+ Filesystem::writeFile(
+ $temporary_file,
+ $credential->getSecret()->openEnvelope());
+
+ $this->keyFile = $temporary_file;
+ }
+
+ return new PhutilOpaqueEnvelope((string)$this->keyFile);
+ }
+
+ return $credential->getSecret();
+ }
+
+}

File Metadata

Mime Type
text/plain
Expires
Tue, Nov 19, 9:58 PM (16 h, 42 m ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6757276
Default Alt Text
D7625.diff (8 KB)

Event Timeline

Phabricator · Built by Phacility