Rework ssh host key trust handling

This commit is contained in:
crschnick 2024-03-09 02:02:00 +00:00
parent 74d6ff7fa3
commit ccea37e0e0
3 changed files with 11 additions and 5 deletions

View file

@ -24,7 +24,7 @@ public class AskpassAlert {
alert.setAlertType(Alert.AlertType.CONFIRMATION);
// Link to help page for double prompt
if (!SecretManager.shouldCacheForPrompt(prompt)) {
if (SecretManager.isSpecialPrompt(prompt)) {
var type = new ButtonType("Help", ButtonBar.ButtonData.HELP);
alert.getButtonTypes().add(type);
var button = alert.getDialogPane().lookupButton(type);

View file

@ -47,15 +47,21 @@ public class SecretManager {
return p;
}
public static boolean shouldCacheForPrompt(String prompt) {
public static boolean isSpecialPrompt(String prompt) {
var l = prompt.toLowerCase(Locale.ROOT);
// 2FA
if (l.contains("passcode") || l.contains("verification code")) {
return false;
return true;
}
// SSH host key trust prompt
if (l.contains("authenticity of host") || l.contains("please type 'yes', 'no' or the fingerprint")) {
return true;
}
return false;
}
public static SecretValue retrieve(SecretRetrievalStrategy strategy, String prompt, UUID secretId, int sub) {
if (!strategy.expectsQuery()) {
return null;

View file

@ -115,7 +115,7 @@ public class SecretQueryProgress {
private boolean shouldCache(SecretQuery query, String prompt) {
var shouldCache = query.cache()
&& SecretManager.shouldCacheForPrompt(prompt)
&& !SecretManager.isSpecialPrompt(prompt)
&& (!query.respectDontCacheSetting()
|| !AppPrefs.get().dontCachePasswords().get());
return shouldCache;