Rework ssh host key trust handling

This commit is contained in:
crschnick 2024-03-09 02:02:00 +00:00
parent 74d6ff7fa3
commit ccea37e0e0
3 changed files with 11 additions and 5 deletions

View file

@ -24,7 +24,7 @@ public class AskpassAlert {
alert.setAlertType(Alert.AlertType.CONFIRMATION); alert.setAlertType(Alert.AlertType.CONFIRMATION);
// Link to help page for double prompt // Link to help page for double prompt
if (!SecretManager.shouldCacheForPrompt(prompt)) { if (SecretManager.isSpecialPrompt(prompt)) {
var type = new ButtonType("Help", ButtonBar.ButtonData.HELP); var type = new ButtonType("Help", ButtonBar.ButtonData.HELP);
alert.getButtonTypes().add(type); alert.getButtonTypes().add(type);
var button = alert.getDialogPane().lookupButton(type); var button = alert.getDialogPane().lookupButton(type);

View file

@ -47,15 +47,21 @@ public class SecretManager {
return p; return p;
} }
public static boolean shouldCacheForPrompt(String prompt) { public static boolean isSpecialPrompt(String prompt) {
var l = prompt.toLowerCase(Locale.ROOT); var l = prompt.toLowerCase(Locale.ROOT);
// 2FA
if (l.contains("passcode") || l.contains("verification code")) { if (l.contains("passcode") || l.contains("verification code")) {
return false; return true;
} }
// SSH host key trust prompt
if (l.contains("authenticity of host") || l.contains("please type 'yes', 'no' or the fingerprint")) {
return true; return true;
} }
return false;
}
public static SecretValue retrieve(SecretRetrievalStrategy strategy, String prompt, UUID secretId, int sub) { public static SecretValue retrieve(SecretRetrievalStrategy strategy, String prompt, UUID secretId, int sub) {
if (!strategy.expectsQuery()) { if (!strategy.expectsQuery()) {
return null; return null;

View file

@ -115,7 +115,7 @@ public class SecretQueryProgress {
private boolean shouldCache(SecretQuery query, String prompt) { private boolean shouldCache(SecretQuery query, String prompt) {
var shouldCache = query.cache() var shouldCache = query.cache()
&& SecretManager.shouldCacheForPrompt(prompt) && !SecretManager.isSpecialPrompt(prompt)
&& (!query.respectDontCacheSetting() && (!query.respectDontCacheSetting()
|| !AppPrefs.get().dontCachePasswords().get()); || !AppPrefs.get().dontCachePasswords().get());
return shouldCache; return shouldCache;