Merge pull request #96 from Versent/wip_windows_wincred

feat(wincred) Support wincred for retrieval of credentials

Makefile

@@ -33,8 +33,6 @@ compile: deps
 	-osarch="darwin/amd64" \
 	-osarch="linux/i386" \
 	-osarch="linux/amd64" \
-	-osarch="windows/amd64" \
-	-osarch="windows/i386" \
 	-output "build/{{.Dir}}_$(VERSION)_{{.OS}}_{{.Arch}}/$(NAME)" \
 	$(shell ./glide novendor)
 

cmd/saml2aws/commands/login_windows.go

@@ -0,0 +1,10 @@
+package commands
+
+import (
+	"github.com/versent/saml2aws/helper/credentials"
+	"github.com/versent/saml2aws/helper/wincred"
+)
+
+func init() {
+	credentials.CurrentHelper = &wincred.Wincred{}
+}

helper/osxkeychain/osxkeychain_darwin.c

@@ -1,3 +1,25 @@
+// Copyright (c) 2016 David Calavera
+
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+// https://github.com/docker/docker-credential-helpers
 #include "osxkeychain_darwin.h"
 #include <CoreFoundation/CoreFoundation.h>
 #include <Foundation/NSValue.h>

helper/osxkeychain/osxkeychain_darwin.go

@@ -1,3 +1,25 @@
+// Copyright (c) 2016 David Calavera
+
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+// https://github.com/docker/docker-credential-helpers
 package osxkeychain
 
 /*

helper/osxkeychain/osxkeychain_darwin.h

@@ -1,3 +1,25 @@
+// Copyright (c) 2016 David Calavera
+
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+// https://github.com/docker/docker-credential-helpers
 #include <Security/Security.h>
 
 struct Server {

helper/osxkeychain/osxkeychain_darwin_test.go

@@ -1,3 +1,25 @@
+// Copyright (c) 2016 David Calavera
+
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+// https://github.com/docker/docker-credential-helpers
 package osxkeychain
 
 import (

helper/wincred/wincred_windows.go

@@ -0,0 +1,96 @@
+// Copyright (c) 2016 David Calavera
+
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+// https://github.com/docker/docker-credential-helpers
+package wincred
+
+import (
+	"bytes"
+	"strings"
+
+	winc "github.com/danieljoos/wincred"
+	"github.com/versent/saml2aws/helper/credentials"
+)
+
+// Wincred handles secrets using the Windows credential service.
+type Wincred struct{}
+
+// Add adds new credentials to the windows credentials manager.
+func (h Wincred) Add(creds *credentials.Credentials) error {
+	g := winc.NewGenericCredential(creds.ServerURL)
+	g.UserName = creds.Username
+	g.CredentialBlob = []byte(creds.Secret)
+	g.Persist = winc.PersistLocalMachine
+	g.Attributes = []winc.CredentialAttribute{{"label", []byte(credentials.CredsLabel)}}
+
+	return g.Write()
+}
+
+// Delete removes credentials from the windows credentials manager.
+func (h Wincred) Delete(serverURL string) error {
+	g, err := winc.GetGenericCredential(serverURL)
+	if g == nil {
+		return nil
+	}
+	if err != nil {
+		return err
+	}
+	return g.Delete()
+}
+
+// Get retrieves credentials from the windows credentials manager.
+func (h Wincred) Get(serverURL string) (string, string, error) {
+	g, _ := winc.GetGenericCredential(serverURL)
+	if g == nil {
+		return "", "", credentials.ErrCredentialsNotFound
+	}
+	for _, attr := range g.Attributes {
+		if strings.Compare(attr.Keyword, "label") == 0 &&
+			bytes.Compare(attr.Value, []byte(credentials.CredsLabel)) == 0 {
+
+			return g.UserName, string(g.CredentialBlob), nil
+		}
+	}
+	return "", "", credentials.ErrCredentialsNotFound
+}
+
+// List returns the stored URLs and corresponding usernames for a given credentials label.
+func (h Wincred) List() (map[string]string, error) {
+	creds, err := winc.List()
+	if err != nil {
+		return nil, err
+	}
+
+	resp := make(map[string]string)
+	for i := range creds {
+		attrs := creds[i].Attributes
+		for _, attr := range attrs {
+			if strings.Compare(attr.Keyword, "label") == 0 &&
+				bytes.Compare(attr.Value, []byte(credentials.CredsLabel)) == 0 {
+
+				resp[creds[i].TargetName] = creds[i].UserName
+			}
+		}
+
+	}
+
+	return resp, nil
+}