Secret serialization fixes

2024-11-21 23:20:23 +00:00 · 2023-08-09 14:11:14 +00:00 · 2023-08-09 14:11:14 +00:00 · 6ca4c9d3cb
commit 6ca4c9d3cb
parent fab26e130e
11 changed files with 25 additions and 13 deletions
--- a/app/src/main/java/io/xpipe/app/core/mode/BaseMode.java
+++ b/app/src/main/java/io/xpipe/app/core/mode/BaseMode.java
@ -6,7 +6,7 @@ import io.xpipe.app.core.*;
 import io.xpipe.app.issue.*;
 import io.xpipe.app.prefs.AppPrefs;
 import io.xpipe.app.storage.DataStorage;
-import io.xpipe.app.util.DefaultSecretValue;
+import io.xpipe.core.util.DefaultSecretValue;
 import io.xpipe.app.util.FileBridge;
 import io.xpipe.app.util.LockedSecretValue;
 import io.xpipe.core.impl.LocalStore;
@ -36,7 +36,7 @@ public class BaseMode extends OperationMode {
        AppExtensionManager.init(true);
        JacksonMapper.initModularized(AppExtensionManager.getInstance().getExtendedLayer());
        JacksonMapper.configure(objectMapper -> {
-            objectMapper.registerSubtypes(LockedSecretValue.class, DefaultSecretValue.class);
+            objectMapper.registerSubtypes(LockedSecretValue.class);
        });
        // Load translations before storage initialization to localize store error messages
        // Also loaded before antivirus alert to localize that
--- a/app/src/main/java/io/xpipe/app/exchange/AskpassExchangeImpl.java
+++ b/app/src/main/java/io/xpipe/app/exchange/AskpassExchangeImpl.java
@ -15,6 +15,6 @@ public class AskpassExchangeImpl extends AskpassExchange
        }

        var r = AskpassAlert.query(msg.getPrompt(), msg.getRequest(), msg.getStoreId(), msg.getSubId());
-        return Response.builder().value(r != null ? r.getSecretValue() : null).build();
+        return Response.builder().value(r != null ? r.inPlace() : null).build();
    }
 }
--- a/app/src/main/java/io/xpipe/app/util/LockedSecretValue.java
+++ b/app/src/main/java/io/xpipe/app/util/LockedSecretValue.java
@ -3,6 +3,8 @@ package io.xpipe.app.util;
 import com.fasterxml.jackson.annotation.JsonTypeName;
 import io.xpipe.app.prefs.AppPrefs;
 import io.xpipe.core.util.AesSecretValue;
+import io.xpipe.core.util.DefaultSecretValue;
+import io.xpipe.core.util.SecretValue;
 import lombok.EqualsAndHashCode;
 import lombok.experimental.SuperBuilder;
 import lombok.extern.jackson.Jacksonized;
@ -26,6 +28,11 @@ public class LockedSecretValue extends AesSecretValue {
        super(secret);
    }

+    @Override
+    public SecretValue inPlace() {
+        return new DefaultSecretValue(getSecret());
+    }
+
    @Override
    public String toString() {
        return "<locked secret>";
--- a/app/src/main/java/io/xpipe/app/util/SecretHelper.java
+++ b/app/src/main/java/io/xpipe/app/util/SecretHelper.java
@ -1,6 +1,7 @@
 package io.xpipe.app.util;

 import io.xpipe.app.prefs.AppPrefs;
+import io.xpipe.core.util.DefaultSecretValue;
 import io.xpipe.core.util.EncryptedSecretValue;

 public class SecretHelper {
--- a/beacon/src/main/java/io/xpipe/beacon/exchange/AskpassExchange.java
+++ b/beacon/src/main/java/io/xpipe/beacon/exchange/AskpassExchange.java
@ -2,6 +2,7 @@ package io.xpipe.beacon.exchange;

 import io.xpipe.beacon.RequestMessage;
 import io.xpipe.beacon.ResponseMessage;
+import io.xpipe.core.util.SecretValue;
 import lombok.Builder;
 import lombok.NonNull;
 import lombok.Value;
@ -35,6 +36,6 @@ public class AskpassExchange implements MessageExchange {
    @Builder
    @Value
    public static class Response implements ResponseMessage {
-        String value;
+        SecretValue value;
    }
 }
--- a/core/src/main/java/io/xpipe/core/util/AesSecretValue.java
+++ b/core/src/main/java/io/xpipe/core/util/AesSecretValue.java
@ -3,7 +3,6 @@ package io.xpipe.core.util;
 import lombok.EqualsAndHashCode;
 import lombok.SneakyThrows;
 import lombok.experimental.SuperBuilder;
-import lombok.extern.jackson.Jacksonized;

 import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
@ -15,9 +14,8 @@ import java.security.spec.InvalidKeySpecException;
 import java.util.Random;

@SuperBuilder
-@Jacksonized
@EqualsAndHashCode(callSuper = true)
-public class AesSecretValue extends EncryptedSecretValue {
+public abstract class AesSecretValue extends EncryptedSecretValue {

    private static final String ENCRYPT_ALGO = "AES/GCM/NoPadding";
    private static final int TAG_LENGTH_BIT = 128;
--- a/core/src/main/java/io/xpipe/core/util/CoreJacksonModule.java
+++ b/core/src/main/java/io/xpipe/core/util/CoreJacksonModule.java
@ -36,6 +36,7 @@ public class CoreJacksonModule extends SimpleModule {
    @Override
    public void setupModule(SetupContext context) {
        context.registerSubtypes(
+                new NamedType(DefaultSecretValue.class),
                new NamedType(StdinDataStore.class),
                new NamedType(StdoutDataStore.class),
                new NamedType(LocalDirectoryDataStore.class),
--- a/core/src/main/java/io/xpipe/core/util/DefaultSecretValue.java
+++ b/core/src/main/java/io/xpipe/core/util/DefaultSecretValue.java
@ -1,7 +1,6 @@
-package io.xpipe.app.util;
+package io.xpipe.core.util;

 import com.fasterxml.jackson.annotation.JsonTypeName;
-import io.xpipe.core.util.AesSecretValue;
 import lombok.EqualsAndHashCode;
 import lombok.experimental.SuperBuilder;
 import lombok.extern.jackson.Jacksonized;
@ -25,6 +24,11 @@ public class DefaultSecretValue extends AesSecretValue {
        super(secret);
    }

+    @Override
+    public SecretValue inPlace() {
+        return this;
+    }
+
    protected SecretKey getAESKey(int keysize) throws NoSuchAlgorithmException, InvalidKeySpecException {
        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
        var salt = new byte[16];
--- a/core/src/main/java/io/xpipe/core/util/EncryptedSecretValue.java
+++ b/core/src/main/java/io/xpipe/core/util/EncryptedSecretValue.java
@ -3,16 +3,14 @@ package io.xpipe.core.util;
 import lombok.EqualsAndHashCode;
 import lombok.Getter;
 import lombok.experimental.SuperBuilder;
-import lombok.extern.jackson.Jacksonized;

 import java.nio.ByteBuffer;
 import java.nio.CharBuffer;
 import java.nio.charset.StandardCharsets;

@SuperBuilder
-@Jacksonized
@EqualsAndHashCode
-public class EncryptedSecretValue implements SecretValue {
+public abstract class EncryptedSecretValue implements SecretValue {

    @Getter
    String encryptedValue;
--- a/core/src/main/java/io/xpipe/core/util/SecretValue.java
+++ b/core/src/main/java/io/xpipe/core/util/SecretValue.java
@ -9,6 +9,8 @@ import java.util.function.Consumer;
@JsonTypeInfo(use = JsonTypeInfo.Id.NAME, property = "type")
 public interface SecretValue {

+    SecretValue inPlace();
+
    static String toBase64e(byte[] b) {
        var base64 = Base64.getEncoder().encodeToString(b);
        return base64.replace("/", "-");
--- a/ext/base/src/main/java/io/xpipe/ext/base/action/AddStoreAction.java
+++ b/ext/base/src/main/java/io/xpipe/ext/base/action/AddStoreAction.java
@ -3,7 +3,7 @@ package io.xpipe.ext.base.action;
 import io.xpipe.app.comp.store.GuiDsStoreCreator;
 import io.xpipe.app.ext.ActionProvider;
 import io.xpipe.app.storage.DataStoreEntry;
-import io.xpipe.app.util.DefaultSecretValue;
+import io.xpipe.core.util.DefaultSecretValue;
 import io.xpipe.core.store.DataStore;
 import io.xpipe.core.util.JacksonMapper;
 import lombok.Value;