passwd-sso-cli 0.4.3

package/dist/lib/config.js

@@ -0,0 +1,110 @@
+/**
+ * Configuration management for the CLI tool.
+ *
+ * Config file: $XDG_CONFIG_HOME/passwd-sso/config.json
+ * Credentials: OS keychain (via keytar) or $XDG_DATA_HOME/passwd-sso/credentials
+ *
+ * Legacy ~/.passwd-sso/ is auto-migrated on first access.
+ */
+import { existsSync, mkdirSync, readFileSync, writeFileSync, lstatSync, openSync, writeSync, closeSync, constants as fsConstants } from "node:fs";
+import { getConfigDir, getDataDir, getConfigFilePath, getCredentialsFilePath, } from "./paths.js";
+import { migrateIfNeeded } from "./migrate.js";
+const KEYCHAIN_SERVICE = "passwd-sso-cli";
+const KEYCHAIN_ACCOUNT = "bearer-token";
+const DEFAULT_CONFIG = {
+    serverUrl: "",
+    locale: "en",
+};
+function ensureConfigDir() {
+    const dir = getConfigDir();
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { mode: 0o700, recursive: true });
+    }
+}
+function ensureDataDir() {
+    const dir = getDataDir();
+    if (!existsSync(dir)) {
+        mkdirSync(dir, { mode: 0o700, recursive: true });
+    }
+}
+export function loadConfig() {
+    migrateIfNeeded();
+    try {
+        const raw = readFileSync(getConfigFilePath(), "utf-8");
+        const parsed = JSON.parse(raw);
+        return { ...DEFAULT_CONFIG, ...parsed };
+    }
+    catch {
+        return { ...DEFAULT_CONFIG };
+    }
+}
+export function saveConfig(config) {
+    ensureConfigDir();
+    writeFileSync(getConfigFilePath(), JSON.stringify(config, null, 2), { mode: 0o600 });
+}
+// ─── Credential Storage ───────────────────────────────────────
+async function tryKeytar() {
+    if (process.env.PSSO_NO_KEYCHAIN === "1")
+        return null;
+    try {
+        const mod = await import("keytar");
+        // Dynamic import may wrap the CJS module in { default: ... }
+        return (mod.default ?? mod);
+    }
+    catch {
+        return null;
+    }
+}
+export async function saveToken(token) {
+    const kt = await tryKeytar();
+    if (kt) {
+        await kt.setPassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT, token);
+        return "keychain";
+    }
+    // File fallback — use O_NOFOLLOW to prevent symlink attacks (TOCTOU-safe)
+    ensureDataDir();
+    const dataDir = getDataDir();
+    const stat = lstatSync(dataDir);
+    if (stat.isSymbolicLink()) {
+        throw new Error("Data directory is a symlink — refusing to write credentials.");
+    }
+    const credPath = getCredentialsFilePath();
+    const fd = openSync(credPath, fsConstants.O_WRONLY | fsConstants.O_CREAT | fsConstants.O_TRUNC | (fsConstants.O_NOFOLLOW ?? 0), 0o600);
+    try {
+        writeSync(fd, token);
+    }
+    finally {
+        closeSync(fd);
+    }
+    return "file";
+}
+export async function loadToken() {
+    migrateIfNeeded();
+    const kt = await tryKeytar();
+    if (kt) {
+        const token = await kt.getPassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT);
+        if (token)
+            return token;
+    }
+    // File fallback
+    try {
+        return readFileSync(getCredentialsFilePath(), "utf-8").trim();
+    }
+    catch {
+        return null;
+    }
+}
+export async function deleteToken() {
+    const kt = await tryKeytar();
+    if (kt) {
+        await kt.deletePassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT);
+    }
+    try {
+        const { unlinkSync } = await import("node:fs");
+        unlinkSync(getCredentialsFilePath());
+    }
+    catch {
+        // file may not exist
+    }
+}
+//# sourceMappingURL=config.js.map

package/dist/lib/crypto-aad.d.ts

@@ -0,0 +1,5 @@
+/**
+ * AAD (Additional Authenticated Data) builders for AES-256-GCM encryption.
+ * Ported from src/lib/crypto-aad.ts for CLI compatibility.
+ */
+export declare function buildPersonalEntryAAD(userId: string, entryId: string): Uint8Array;

package/dist/lib/crypto-aad.js

@@ -0,0 +1,44 @@
+/**
+ * AAD (Additional Authenticated Data) builders for AES-256-GCM encryption.
+ * Ported from src/lib/crypto-aad.ts for CLI compatibility.
+ */
+const AAD_VERSION = 1;
+const SCOPE_PERSONAL = "PV";
+function buildAADBytes(scope, expectedFieldCount, fields) {
+    if (scope.length !== 2) {
+        throw new Error(`AAD scope must be exactly 2 ASCII chars, got "${scope}"`);
+    }
+    if (fields.length !== expectedFieldCount) {
+        throw new Error(`AAD scope "${scope}" expects ${expectedFieldCount} fields, got ${fields.length}`);
+    }
+    const encoder = new TextEncoder();
+    const encodedFields = fields.map((f) => encoder.encode(f));
+    const headerSize = 4;
+    const fieldsSize = encodedFields.reduce((sum, ef) => sum + 2 + ef.length, 0);
+    const totalSize = headerSize + fieldsSize;
+    const buf = new ArrayBuffer(totalSize);
+    const view = new DataView(buf);
+    const bytes = new Uint8Array(buf);
+    let offset = 0;
+    bytes[offset] = scope.charCodeAt(0);
+    bytes[offset + 1] = scope.charCodeAt(1);
+    offset += 2;
+    view.setUint8(offset, AAD_VERSION);
+    offset += 1;
+    view.setUint8(offset, fields.length);
+    offset += 1;
+    for (const encoded of encodedFields) {
+        if (encoded.length > 0xffff) {
+            throw new Error(`AAD field too long: ${encoded.length} bytes (max 65535)`);
+        }
+        view.setUint16(offset, encoded.length, false);
+        offset += 2;
+        bytes.set(encoded, offset);
+        offset += encoded.length;
+    }
+    return bytes;
+}
+export function buildPersonalEntryAAD(userId, entryId) {
+    return buildAADBytes(SCOPE_PERSONAL, 2, [userId, entryId]);
+}
+//# sourceMappingURL=crypto-aad.js.map

package/dist/lib/crypto.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Crypto module for the CLI tool using Node.js crypto.subtle (Web Crypto API compatible).
+ *
+ * Ported from src/lib/crypto-client.ts — identical key derivation and encryption
+ * to ensure interoperability with the Web UI.
+ */
+export interface EncryptedData {
+    ciphertext: string;
+    iv: string;
+    authTag: string;
+}
+export declare function hexEncode(buf: ArrayBuffer | Uint8Array): string;
+export declare function hexDecode(hex: string): Uint8Array;
+export declare function deriveWrappingKey(passphrase: string, accountSalt: Uint8Array): Promise<CryptoKey>;
+export declare function deriveEncryptionKey(secretKey: Uint8Array): Promise<CryptoKey>;
+export declare function deriveAuthKey(secretKey: Uint8Array): Promise<CryptoKey>;
+export declare function unwrapSecretKey(encrypted: EncryptedData, wrappingKey: CryptoKey): Promise<Uint8Array>;
+export declare function computeAuthHash(authKey: CryptoKey): Promise<string>;
+export declare function verifyKey(encryptionKey: CryptoKey, artifact: EncryptedData): Promise<boolean>;
+export declare function encryptData(plaintext: string, key: CryptoKey, aad?: Uint8Array): Promise<EncryptedData>;
+export declare function decryptData(encrypted: EncryptedData, key: CryptoKey, aad?: Uint8Array): Promise<string>;
+export declare function deriveVerifierSalt(accountSalt: Uint8Array): Promise<Uint8Array>;
+export declare function computePassphraseVerifier(passphrase: string, accountSalt: Uint8Array): Promise<string>;

package/dist/lib/crypto.js

@@ -0,0 +1,148 @@
+/**
+ * Crypto module for the CLI tool using Node.js crypto.subtle (Web Crypto API compatible).
+ *
+ * Ported from src/lib/crypto-client.ts — identical key derivation and encryption
+ * to ensure interoperability with the Web UI.
+ */
+const PBKDF2_ITERATIONS = 600_000;
+const AES_KEY_LENGTH = 256;
+const IV_LENGTH = 12;
+const HKDF_ENC_INFO = "passwd-sso-enc-v1";
+const HKDF_AUTH_INFO = "passwd-sso-auth-v1";
+const VERIFICATION_PLAINTEXT = "passwd-sso-vault-verification-v1";
+const VERIFIER_DOMAIN_PREFIX = "verifier";
+const VERIFIER_PBKDF2_HASH = "SHA-256";
+const VERIFIER_PBKDF2_ITERATIONS = 600_000;
+const VERIFIER_PBKDF2_BITS = 256;
+// ─── Utility ──────────────────────────────────────────────────
+export function hexEncode(buf) {
+    const bytes = buf instanceof Uint8Array ? buf : new Uint8Array(buf);
+    return Array.from(bytes)
+        .map((b) => b.toString(16).padStart(2, "0"))
+        .join("");
+}
+export function hexDecode(hex) {
+    if (hex.length % 2 !== 0) {
+        throw new Error("Invalid hex string: odd length");
+    }
+    const bytes = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < hex.length; i += 2) {
+        bytes[i / 2] = parseInt(hex.substring(i, i + 2), 16);
+    }
+    return bytes;
+}
+function toArrayBuffer(arr) {
+    return arr.buffer.slice(arr.byteOffset, arr.byteOffset + arr.byteLength);
+}
+function textEncode(text) {
+    return toArrayBuffer(new TextEncoder().encode(text));
+}
+function textDecode(buf) {
+    return new TextDecoder().decode(buf);
+}
+// ─── Key Derivation ────────────────────────────────────────────
+export async function deriveWrappingKey(passphrase, accountSalt) {
+    const keyMaterial = await crypto.subtle.importKey("raw", textEncode(passphrase), "PBKDF2", false, ["deriveKey"]);
+    return crypto.subtle.deriveKey({
+        name: "PBKDF2",
+        salt: toArrayBuffer(accountSalt),
+        iterations: PBKDF2_ITERATIONS,
+        hash: "SHA-256",
+    }, keyMaterial, { name: "AES-GCM", length: AES_KEY_LENGTH }, false, ["encrypt", "decrypt"]);
+}
+export async function deriveEncryptionKey(secretKey) {
+    const hkdfKey = await crypto.subtle.importKey("raw", toArrayBuffer(secretKey), "HKDF", false, ["deriveKey"]);
+    return crypto.subtle.deriveKey({
+        name: "HKDF",
+        hash: "SHA-256",
+        salt: new ArrayBuffer(32),
+        info: textEncode(HKDF_ENC_INFO),
+    }, hkdfKey, { name: "AES-GCM", length: AES_KEY_LENGTH }, false, ["encrypt", "decrypt"]);
+}
+export async function deriveAuthKey(secretKey) {
+    const hkdfKey = await crypto.subtle.importKey("raw", toArrayBuffer(secretKey), "HKDF", false, ["deriveKey"]);
+    return crypto.subtle.deriveKey({
+        name: "HKDF",
+        hash: "SHA-256",
+        salt: new ArrayBuffer(32),
+        info: textEncode(HKDF_AUTH_INFO),
+    }, hkdfKey, { name: "HMAC", hash: "SHA-256", length: AES_KEY_LENGTH }, true, ["sign"]);
+}
+// ─── Secret Key Management ─────────────────────────────────────
+export async function unwrapSecretKey(encrypted, wrappingKey) {
+    const ciphertext = hexDecode(encrypted.ciphertext);
+    const iv = hexDecode(encrypted.iv);
+    const authTag = hexDecode(encrypted.authTag);
+    const combined = new Uint8Array(ciphertext.length + authTag.length);
+    combined.set(ciphertext);
+    combined.set(authTag, ciphertext.length);
+    const decrypted = await crypto.subtle.decrypt({ name: "AES-GCM", iv: toArrayBuffer(iv) }, wrappingKey, toArrayBuffer(combined));
+    return new Uint8Array(decrypted);
+}
+// ─── Auth Hash ────────────────────────────────────────────────
+export async function computeAuthHash(authKey) {
+    const rawKey = await crypto.subtle.exportKey("raw", authKey);
+    const hash = await crypto.subtle.digest("SHA-256", rawKey);
+    return hexEncode(hash);
+}
+// ─── Verification ──────────────────────────────────────────────
+export async function verifyKey(encryptionKey, artifact) {
+    try {
+        const plaintext = await decryptData(artifact, encryptionKey);
+        return plaintext === VERIFICATION_PLAINTEXT;
+    }
+    catch {
+        return false;
+    }
+}
+// ─── E2E Encryption ────────────────────────────────────────────
+export async function encryptData(plaintext, key, aad) {
+    const iv = crypto.getRandomValues(new Uint8Array(IV_LENGTH));
+    const params = { name: "AES-GCM", iv: toArrayBuffer(iv) };
+    if (aad)
+        params.additionalData = toArrayBuffer(aad);
+    const encrypted = await crypto.subtle.encrypt(params, key, textEncode(plaintext));
+    const encryptedBytes = new Uint8Array(encrypted);
+    const ciphertext = encryptedBytes.slice(0, encryptedBytes.length - 16);
+    const authTag = encryptedBytes.slice(encryptedBytes.length - 16);
+    return {
+        ciphertext: hexEncode(ciphertext),
+        iv: hexEncode(iv),
+        authTag: hexEncode(authTag),
+    };
+}
+export async function decryptData(encrypted, key, aad) {
+    const ciphertext = hexDecode(encrypted.ciphertext);
+    const iv = hexDecode(encrypted.iv);
+    const authTag = hexDecode(encrypted.authTag);
+    const combined = new Uint8Array(ciphertext.length + authTag.length);
+    combined.set(ciphertext);
+    combined.set(authTag, ciphertext.length);
+    const params = { name: "AES-GCM", iv: toArrayBuffer(iv) };
+    if (aad)
+        params.additionalData = toArrayBuffer(aad);
+    const decrypted = await crypto.subtle.decrypt(params, key, toArrayBuffer(combined));
+    return textDecode(decrypted);
+}
+// ─── Passphrase Verifier ──────────────────────────────────────
+export async function deriveVerifierSalt(accountSalt) {
+    const prefix = new TextEncoder().encode(VERIFIER_DOMAIN_PREFIX);
+    const combined = new Uint8Array(prefix.length + accountSalt.length);
+    combined.set(prefix);
+    combined.set(accountSalt, prefix.length);
+    const hash = await crypto.subtle.digest("SHA-256", toArrayBuffer(combined));
+    return new Uint8Array(hash);
+}
+export async function computePassphraseVerifier(passphrase, accountSalt) {
+    const verifierSalt = await deriveVerifierSalt(accountSalt);
+    const keyMaterial = await crypto.subtle.importKey("raw", textEncode(passphrase), "PBKDF2", false, ["deriveBits"]);
+    const verifierKeyBits = await crypto.subtle.deriveBits({
+        name: "PBKDF2",
+        salt: toArrayBuffer(verifierSalt),
+        iterations: VERIFIER_PBKDF2_ITERATIONS,
+        hash: VERIFIER_PBKDF2_HASH,
+    }, keyMaterial, VERIFIER_PBKDF2_BITS);
+    const verifierHash = await crypto.subtle.digest("SHA-256", verifierKeyBits);
+    return hexEncode(verifierHash);
+}
+//# sourceMappingURL=crypto.js.map

package/dist/lib/migrate.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Auto-migration from legacy ~/.passwd-sso/ to XDG directories.
+ *
+ * Called once on first access. Idempotent — safe to call multiple times.
+ */
+export declare function migrateIfNeeded(): void;
+/** Reset migration state (for testing only). */
+export declare function _resetMigrationState(): void;

package/dist/lib/migrate.js

@@ -0,0 +1,87 @@
+/**
+ * Auto-migration from legacy ~/.passwd-sso/ to XDG directories.
+ *
+ * Called once on first access. Idempotent — safe to call multiple times.
+ */
+import { copyFileSync, chmodSync, existsSync, lstatSync, mkdirSync, readdirSync, renameSync, rmSync, unlinkSync, } from "node:fs";
+import { join } from "node:path";
+import { getLegacyDir, getConfigDir, getDataDir } from "./paths.js";
+let migrationDone = false;
+/**
+ * Move a single file from `src` to `dest`, creating `destDir` if needed.
+ * Handles cross-device moves (EXDEV) by falling back to copy + delete.
+ */
+function moveFile(src, dest, destDir) {
+    try {
+        mkdirSync(destDir, { mode: 0o700, recursive: true });
+        renameSync(src, dest);
+        return true;
+    }
+    catch (err) {
+        if (err.code === "EXDEV") {
+            try {
+                copyFileSync(src, dest);
+                chmodSync(dest, 0o600);
+                unlinkSync(src);
+                return true;
+            }
+            catch {
+                return false;
+            }
+        }
+        return false;
+    }
+}
+export function migrateIfNeeded() {
+    if (migrationDone)
+        return;
+    migrationDone = true;
+    const legacyDir = getLegacyDir();
+    if (!existsSync(legacyDir))
+        return;
+    // Safety: refuse to follow symlinks
+    const stat = lstatSync(legacyDir);
+    if (stat.isSymbolicLink())
+        return;
+    const legacyConfig = join(legacyDir, "config.json");
+    const legacyCredentials = join(legacyDir, "credentials");
+    let migratedAny = false;
+    // Migrate config.json → XDG_CONFIG_HOME/passwd-sso/config.json
+    if (existsSync(legacyConfig)) {
+        const configDir = getConfigDir();
+        const target = join(configDir, "config.json");
+        if (!existsSync(target)) {
+            if (moveFile(legacyConfig, target, configDir)) {
+                migratedAny = true;
+            }
+        }
+    }
+    // Migrate credentials → XDG_DATA_HOME/passwd-sso/credentials
+    if (existsSync(legacyCredentials)) {
+        const dataDir = getDataDir();
+        const target = join(dataDir, "credentials");
+        if (!existsSync(target)) {
+            if (moveFile(legacyCredentials, target, dataDir)) {
+                migratedAny = true;
+            }
+        }
+    }
+    // Remove legacy directory if empty
+    if (migratedAny) {
+        try {
+            const remaining = readdirSync(legacyDir);
+            if (remaining.length === 0) {
+                rmSync(legacyDir, { recursive: true });
+            }
+        }
+        catch {
+            // Best effort — leave it if removal fails
+        }
+        console.error(`[passwd-sso] Migrated config to XDG directories. Config: ${getConfigDir()}, Data: ${getDataDir()}`);
+    }
+}
+/** Reset migration state (for testing only). */
+export function _resetMigrationState() {
+    migrationDone = false;
+}
+//# sourceMappingURL=migrate.js.map

package/dist/lib/openssh-key-parser.d.ts

@@ -0,0 +1,17 @@
+/**
+ * OpenSSH private key format parser.
+ *
+ * Handles `-----BEGIN OPENSSH PRIVATE KEY-----` format that
+ * Node.js/OpenSSL `createPrivateKey()` cannot always parse
+ * (notably encrypted keys using bcrypt-pbkdf).
+ *
+ * Supports: Ed25519, RSA, ECDSA (encrypted and unencrypted).
+ *
+ * Reference: https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key
+ */
+import type { KeyObject } from "node:crypto";
+/**
+ * Parse an OpenSSH private key PEM into a Node.js KeyObject.
+ * Falls back to this when `createPrivateKey()` can't handle the format.
+ */
+export declare function parseOpenSshPrivateKey(pem: string, passphrase?: string): Promise<KeyObject>;