From 65daa939b7892a4615684221f4fb7de1338afc42 Mon Sep 17 00:00:00 2001
From: Mark Wolfe <mark@wolfe.id.au>
Date: Fri, 24 Nov 2017 08:27:12 +1100
Subject: [PATCH] feat(wincred) Support wincred for retrieval of credentials

* Fix missing license headers making sure I reference original project
---
 Makefile                                      |  2 -
 cmd/saml2aws/commands/login_windows.go        | 10 ++
 glide.lock                                    | 37 +++----
 helper/osxkeychain/osxkeychain_darwin.c       | 22 +++++
 helper/osxkeychain/osxkeychain_darwin.go      | 22 +++++
 helper/osxkeychain/osxkeychain_darwin.h       | 22 +++++
 helper/osxkeychain/osxkeychain_darwin_test.go | 22 +++++
 helper/wincred/wincred_windows.go             | 96 +++++++++++++++++++
 8 files changed, 214 insertions(+), 19 deletions(-)
 create mode 100644 cmd/saml2aws/commands/login_windows.go
 create mode 100644 helper/wincred/wincred_windows.go

diff --git a/Makefile b/Makefile
index fae33062c..87c3b118d 100644
--- a/Makefile
+++ b/Makefile
@@ -33,8 +33,6 @@ compile: deps
 	-osarch="darwin/amd64" \
 	-osarch="linux/i386" \
 	-osarch="linux/amd64" \
-	-osarch="windows/amd64" \
-	-osarch="windows/i386" \
 	-output "build/{{.Dir}}_$(VERSION)_{{.OS}}_{{.Arch}}/$(NAME)" \
 	$(shell ./glide novendor)
 
diff --git a/cmd/saml2aws/commands/login_windows.go b/cmd/saml2aws/commands/login_windows.go
new file mode 100644
index 000000000..cb2765c62
--- /dev/null
+++ b/cmd/saml2aws/commands/login_windows.go
@@ -0,0 +1,10 @@
+package commands
+
+import (
+	"github.com/versent/saml2aws/helper/credentials"
+	"github.com/versent/saml2aws/helper/wincred"
+)
+
+func init() {
+	credentials.CurrentHelper = &wincred.Wincred{}
+}
diff --git a/glide.lock b/glide.lock
index 3674de643..44f4d88c7 100644
--- a/glide.lock
+++ b/glide.lock
@@ -1,5 +1,5 @@
 hash: 848f784f129d44ef88c8f0aea25e59205d6a16c172f6da53e8877439ee3c18ea
-updated: 2017-10-20T10:15:42.543485072+11:00
+updated: 2017-11-23T14:47:39.335566684+11:00
 imports:
 - name: github.com/alecthomas/kingpin
   version: d2d8a9115b36a531781f0ed3c57bcba202976150
@@ -40,8 +40,12 @@ imports:
   version: 2d5c7863390875bc4b5f81cdb65422602d15b003
 - name: github.com/beevik/etree
   version: ce53c4ce608a92897d74ff8fd47b5a1131e5606c
-- name: github.com/fatih/structs
-  version: 7e5a8eef611ee84dd359503f3969f80df4c50723
+- name: github.com/danieljoos/wincred
+  version: 412b574fb496839b312a75fba146bd32a89001cf
+- name: github.com/davecgh/go-spew
+  version: 5215b55f46b2b919f50a1df0eaa5886afe4e3b3d
+  subpackages:
+  - spew
 - name: github.com/go-ini/ini
   version: 6e4869b434bd001f6983749881c7ead3545887d8
 - name: github.com/howeyc/gopass
@@ -52,12 +56,24 @@ imports:
   version: b8bc1bf767474819792c23f32d8286a45736f1c6
 - name: github.com/pkg/errors
   version: 17b591df37844cde689f4d5813e5cea0927d8dd2
+- name: github.com/pmezard/go-difflib
+  version: d8ed2627bdf02c080bf22230dbb337003b7aba2d
+  subpackages:
+  - difflib
 - name: github.com/PuerkitoBio/goquery
   version: 152b1a2c8f5d0340f658bb656032a39b94e52958
 - name: github.com/segmentio/go-prompt
   version: f3218e418a3d6dbe1dcab5809d80fa6e15c05cb4
 - name: github.com/sirupsen/logrus
   version: 89742aefa4b206dcf400792f3bd35b542998eb3b
+- name: github.com/stretchr/objx
+  version: cbeaeb16a013161a98496fad62933b1d21786672
+- name: github.com/stretchr/testify
+  version: d77da356e56a7428ad25149ca77381849a6a5232
+  subpackages:
+  - assert
+  - mock
+  - require
 - name: github.com/tidwall/gjson
   version: 039b641eabfaaccef32ebcfeee4257e22627a255
 - name: github.com/tidwall/match
@@ -79,17 +95,4 @@ imports:
   - unix
 - name: gopkg.in/ini.v1
   version: 6e4869b434bd001f6983749881c7ead3545887d8
-testImports:
-- name: github.com/davecgh/go-spew
-  version: 5215b55f46b2b919f50a1df0eaa5886afe4e3b3d
-  subpackages:
-  - spew
-- name: github.com/pmezard/go-difflib
-  version: d8ed2627bdf02c080bf22230dbb337003b7aba2d
-  subpackages:
-  - difflib
-- name: github.com/stretchr/testify
-  version: d77da356e56a7428ad25149ca77381849a6a5232
-  subpackages:
-  - assert
-  - require
+testImports: []
diff --git a/helper/osxkeychain/osxkeychain_darwin.c b/helper/osxkeychain/osxkeychain_darwin.c
index f84d61ee5..9513e9377 100644
--- a/helper/osxkeychain/osxkeychain_darwin.c
+++ b/helper/osxkeychain/osxkeychain_darwin.c
@@ -1,3 +1,25 @@
+// Copyright (c) 2016 David Calavera
+
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+// https://github.com/docker/docker-credential-helpers
 #include "osxkeychain_darwin.h"
 #include <CoreFoundation/CoreFoundation.h>
 #include <Foundation/NSValue.h>
diff --git a/helper/osxkeychain/osxkeychain_darwin.go b/helper/osxkeychain/osxkeychain_darwin.go
index 7ce280309..0b384f8e9 100644
--- a/helper/osxkeychain/osxkeychain_darwin.go
+++ b/helper/osxkeychain/osxkeychain_darwin.go
@@ -1,3 +1,25 @@
+// Copyright (c) 2016 David Calavera
+
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+// https://github.com/docker/docker-credential-helpers
 package osxkeychain
 
 /*
diff --git a/helper/osxkeychain/osxkeychain_darwin.h b/helper/osxkeychain/osxkeychain_darwin.h
index c54e7d728..6fe708788 100644
--- a/helper/osxkeychain/osxkeychain_darwin.h
+++ b/helper/osxkeychain/osxkeychain_darwin.h
@@ -1,3 +1,25 @@
+// Copyright (c) 2016 David Calavera
+
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+// https://github.com/docker/docker-credential-helpers
 #include <Security/Security.h>
 
 struct Server {
diff --git a/helper/osxkeychain/osxkeychain_darwin_test.go b/helper/osxkeychain/osxkeychain_darwin_test.go
index ba694abb7..af47fc21c 100644
--- a/helper/osxkeychain/osxkeychain_darwin_test.go
+++ b/helper/osxkeychain/osxkeychain_darwin_test.go
@@ -1,3 +1,25 @@
+// Copyright (c) 2016 David Calavera
+
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+// https://github.com/docker/docker-credential-helpers
 package osxkeychain
 
 import (
diff --git a/helper/wincred/wincred_windows.go b/helper/wincred/wincred_windows.go
new file mode 100644
index 000000000..92279db43
--- /dev/null
+++ b/helper/wincred/wincred_windows.go
@@ -0,0 +1,96 @@
+// Copyright (c) 2016 David Calavera
+
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+//
+// https://github.com/docker/docker-credential-helpers
+package wincred
+
+import (
+	"bytes"
+	"strings"
+
+	winc "github.com/danieljoos/wincred"
+	"github.com/versent/saml2aws/helper/credentials"
+)
+
+// Wincred handles secrets using the Windows credential service.
+type Wincred struct{}
+
+// Add adds new credentials to the windows credentials manager.
+func (h Wincred) Add(creds *credentials.Credentials) error {
+	g := winc.NewGenericCredential(creds.ServerURL)
+	g.UserName = creds.Username
+	g.CredentialBlob = []byte(creds.Secret)
+	g.Persist = winc.PersistLocalMachine
+	g.Attributes = []winc.CredentialAttribute{{"label", []byte(credentials.CredsLabel)}}
+
+	return g.Write()
+}
+
+// Delete removes credentials from the windows credentials manager.
+func (h Wincred) Delete(serverURL string) error {
+	g, err := winc.GetGenericCredential(serverURL)
+	if g == nil {
+		return nil
+	}
+	if err != nil {
+		return err
+	}
+	return g.Delete()
+}
+
+// Get retrieves credentials from the windows credentials manager.
+func (h Wincred) Get(serverURL string) (string, string, error) {
+	g, _ := winc.GetGenericCredential(serverURL)
+	if g == nil {
+		return "", "", credentials.ErrCredentialsNotFound
+	}
+	for _, attr := range g.Attributes {
+		if strings.Compare(attr.Keyword, "label") == 0 &&
+			bytes.Compare(attr.Value, []byte(credentials.CredsLabel)) == 0 {
+
+			return g.UserName, string(g.CredentialBlob), nil
+		}
+	}
+	return "", "", credentials.ErrCredentialsNotFound
+}
+
+// List returns the stored URLs and corresponding usernames for a given credentials label.
+func (h Wincred) List() (map[string]string, error) {
+	creds, err := winc.List()
+	if err != nil {
+		return nil, err
+	}
+
+	resp := make(map[string]string)
+	for i := range creds {
+		attrs := creds[i].Attributes
+		for _, attr := range attrs {
+			if strings.Compare(attr.Keyword, "label") == 0 &&
+				bytes.Compare(attr.Value, []byte(credentials.CredsLabel)) == 0 {
+
+				resp[creds[i].TargetName] = creds[i].UserName
+			}
+		}
+
+	}
+
+	return resp, nil
+}