@salesforce/core/lib/crypto/keyChain.js

Core libraries to interact with SFDX projects, orgs, and APIs.

"use strict";
/*
 * Copyright (c) 2020, salesforce.com, inc.
 * All rights reserved.
 * Licensed under the BSD 3-Clause license.
 * For full license text, see LICENSE.txt file in the repo root or https://opensource.org/licenses/BSD-3-Clause
 */
Object.defineProperty(exports, "__esModule", { value: true });
exports.retrieveKeychain = void 0;
const kit_1 = require("@salesforce/kit");
const logger_1 = require("../logger/logger");
const messages_1 = require("../messages");
const keyChainImpl_1 = require("./keyChainImpl");
;
const messages = new messages_1.Messages('@salesforce/core', 'encryption', new Map([["invalidEncryptedFormatError", "The encrypted data is not properly formatted."], ["invalidEncryptedFormatError.actions", ["If attempting to create a scratch org then re-authorize. Otherwise create a new scratch org."]], ["authDecryptError", "Failed to decipher auth data. reason: %s."], ["unsupportedOperatingSystemError", "Unsupported Operating System: %s"], ["missingCredentialProgramError", "Unable to find required security software: %s"], ["credentialProgramAccessError", "Unable to execute security software: %s"], ["passwordRetryError", "Failed to get the password after %i retries."], ["passwordRequiredError", "A password is required."], ["keyChainServiceRequiredError", "Unable to get or set a keychain value without a service name."], ["keyChainAccountRequiredError", "Unable to get or set a keychain value without an account name."], ["keyChainUserCanceledError", "User canceled authentication."], ["keychainPasswordCreationError", "Failed to create a password in the keychain."], ["genericKeychainServiceError", "The service and account specified in %s do not match the version of the toolbelt."], ["genericKeychainServiceError.actions", ["Check your toolbelt version and re-auth."]], ["genericKeychainInvalidPermsError", "Invalid file permissions for secret file: %s"], ["genericKeychainInvalidPermsError.actions", ["Ensure the file %s has the file permission octal value of %s."]], ["passwordNotFoundError", "Could not find password.\n%s"], ["passwordNotFoundError.actions", ["Ensure a valid password is returned with the following command: [%s]"]], ["setCredentialError", "Command failed with response:\n%s"], ["setCredentialError.actions", ["Determine why this command failed to set an encryption key for user %s: [%s]."]], ["macKeychainOutOfSync", "We\u2019ve encountered an error with the Mac keychain being out of sync with your `sfdx` credentials. To fix the problem, sync your credentials by authenticating into your org again using the auth commands."], ["v1CryptoWithV2KeyWarning", "The SF_CRYPTO_V2 environment variable was set to \"false\" but a v2 crypto key was detected. v1 crypto can only be used with a v1 key. Unset the SF_CRYPTO_V2 environment variable."], ["v2CryptoWithV1KeyWarning", "SF_CRYPTO_V2 was set to \"true\" but a v1 crypto key was detected. v2 crypto can only be used with a v2 key. To generate a v2 key:\n\n1. Logout of all orgs: `sf org logout --all`\n2. Delete the sfdx keychain entry (account: local, service: sfdx). If `SF_USE_GENERIC_UNIX_KEYCHAIN=true` env var is set, you can delete the `key.json` file.\n3. Set `SF_CRYPTO_V2=true` env var.\n4. Re-Authenticate with your orgs using the CLI org login commands."]]));
/**
 * Gets the os level keychain impl.
 *
 * @param platform The os platform.
 * @ignore
 */
const retrieveKeychain = async (platform) => {
    const logger = await logger_1.Logger.child('keyChain');
    const useGenericUnixKeychainVar = kit_1.env.getBoolean('SF_USE_GENERIC_UNIX_KEYCHAIN');
    if (platform.startsWith('win')) {
        logger.debug(`platform: ${platform}. Using generic Windows keychain.`);
        return keyChainImpl_1.keyChainImpl.generic_windows;
    }
    else if (platform.includes('darwin')) {
        // OSX can use the generic keychain. This is useful when running under an
        // automation user.
        if (useGenericUnixKeychainVar) {
            logger.debug(`platform: ${platform}. Using generic Unix keychain.`);
            return keyChainImpl_1.keyChainImpl.generic_unix;
        }
        else {
            logger.debug(`platform: ${platform}. Using Darwin native keychain.`);
            return keyChainImpl_1.keyChainImpl.darwin;
        }
    }
    else if (platform.includes('linux')) {
        // Use the generic keychain if specified
        if (useGenericUnixKeychainVar) {
            logger.debug(`platform: ${platform}. Using generic Unix keychain.`);
            return keyChainImpl_1.keyChainImpl.generic_unix;
        }
        else {
            // otherwise try and use the builtin keychain
            try {
                logger.debug(`platform: ${platform}. Using Linux keychain.`);
                await keyChainImpl_1.keyChainImpl.linux.validateProgram();
                return keyChainImpl_1.keyChainImpl.linux;
            }
            catch (e) {
                // If the builtin keychain is not available use generic
                logger.debug(`platform: ${platform}. Using generic Unix keychain.`);
                return keyChainImpl_1.keyChainImpl.generic_unix;
            }
        }
    }
    else {
        throw messages.createError('unsupportedOperatingSystemError', [platform]);
    }
};
exports.retrieveKeychain = retrieveKeychain;
//# sourceMappingURL=keyChain.js.map