[PM-14990] Add password prompt for ssh key import (#12105)

* Add password prompt for ssh key import * Remove empty line * Convert to switch statement
2025-12-15 07:43:35 +00:00 · 2024-11-27 08:29:36 -08:00
parent 2767851925
commit f79141c421
5 changed files with 147 additions and 30 deletions
--- a/apps/desktop/src/locales/en/messages.json
+++ b/apps/desktop/src/locales/en/messages.json
@@ -207,6 +207,21 @@
  "sshKeyGenerated": {
    "message": "A new SSH key was generated"
  },
+  "sshKeyWrongPassword": {
+    "message": "The password you entered is incorrect."
+  },
+  "importSshKey": {
+    "message": "Import"
+  },
+  "confirmSshKeyPassword": {
+    "message": "Confirm password"
+  },
+  "enterSshKeyPasswordDesc": {
+    "message": "Enter the password for the SSH key."
+  },
+  "enterSshKeyPassword": {
+    "message": "Enter password"
+  },
  "sshAgentUnlockRequired": {
    "message": "Please unlock your vault to approve the SSH key request."
  },
@@ -1752,10 +1767,10 @@
  "deleteAccountWarning": {
    "message": "Deleting your account is permanent. It cannot be undone."
  },
-  "cannotDeleteAccount":{
+  "cannotDeleteAccount": {
    "message": "Cannot delete account"
  },
-  "cannotDeleteAccountDesc":{
+  "cannotDeleteAccountDesc": {
    "message": "This action cannot be completed because your account is owned by an organization. Contact your organization administrator for additional details."
  },
  "accountDeleted": {
--- a/apps/desktop/src/vault/app/vault/add-edit.component.ts
+++ b/apps/desktop/src/vault/app/vault/add-edit.component.ts
@@ -2,6 +2,7 @@ import { DatePipe } from "@angular/common";
 import { Component, NgZone, OnChanges, OnDestroy, OnInit, ViewChild } from "@angular/core";
 import { NgForm } from "@angular/forms";
 import { sshagent as sshAgent } from "desktop_native/napi";
+import { lastValueFrom } from "rxjs";

 import { CollectionService } from "@bitwarden/admin-console/common";
 import { AddEditComponent as BaseAddEditComponent } from "@bitwarden/angular/vault/components/add-edit.component";
@@ -22,6 +23,7 @@ import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folde
 import { CipherType } from "@bitwarden/common/vault/enums";
 import { CipherAuthorizationService } from "@bitwarden/common/vault/services/cipher-authorization.service";
 import { DialogService, ToastService } from "@bitwarden/components";
+import { SshKeyPasswordPromptComponent } from "@bitwarden/importer/ui";
 import { PasswordRepromptService } from "@bitwarden/vault";

 const BroadcasterSubscriptionId = "AddEditComponent";
@@ -170,42 +172,64 @@ export class AddEditComponent extends BaseAddEditComponent implements OnInit, On
    }
  }

-  async importSshKeyFromClipboard() {
+  async importSshKeyFromClipboard(password: string = "") {
    const key = await this.platformUtilsService.readFromClipboard();
-    const parsedKey = await ipc.platform.sshAgent.importKey(key, "");
-    if (parsedKey == null || parsedKey.status === sshAgent.SshKeyImportStatus.ParsingError) {
+    const parsedKey = await ipc.platform.sshAgent.importKey(key, password);
+    if (parsedKey == null) {
      this.toastService.showToast({
        variant: "error",
        title: "",
        message: this.i18nService.t("invalidSshKey"),
      });
      return;
-    } else if (parsedKey.status === sshAgent.SshKeyImportStatus.UnsupportedKeyType) {
-      this.toastService.showToast({
-        variant: "error",
-        title: "",
-        message: this.i18nService.t("sshKeyTypeUnsupported"),
-      });
-    } else if (
-      parsedKey.status === sshAgent.SshKeyImportStatus.PasswordRequired ||
-      parsedKey.status === sshAgent.SshKeyImportStatus.WrongPassword
-    ) {
-      this.toastService.showToast({
-        variant: "error",
-        title: "",
-        message: this.i18nService.t("sshKeyPasswordUnsupported"),
-      });
-      return;
-    } else {
-      this.cipher.sshKey.privateKey = parsedKey.sshKey.privateKey;
-      this.cipher.sshKey.publicKey = parsedKey.sshKey.publicKey;
-      this.cipher.sshKey.keyFingerprint = parsedKey.sshKey.keyFingerprint;
-      this.toastService.showToast({
-        variant: "success",
-        title: "",
-        message: this.i18nService.t("sshKeyPasted"),
-      });
    }
+
+    switch (parsedKey.status) {
+      case sshAgent.SshKeyImportStatus.ParsingError:
+        this.toastService.showToast({
+          variant: "error",
+          title: "",
+          message: this.i18nService.t("invalidSshKey"),
+        });
+        return;
+      case sshAgent.SshKeyImportStatus.UnsupportedKeyType:
+        this.toastService.showToast({
+          variant: "error",
+          title: "",
+          message: this.i18nService.t("sshKeyTypeUnsupported"),
+        });
+        return;
+      case sshAgent.SshKeyImportStatus.PasswordRequired:
+      case sshAgent.SshKeyImportStatus.WrongPassword:
+        if (password !== "") {
+          this.toastService.showToast({
+            variant: "error",
+            title: "",
+            message: this.i18nService.t("sshKeyWrongPassword"),
+          });
+        } else {
+          password = await this.getSshKeyPassword();
+          await this.importSshKeyFromClipboard(password);
+        }
+        return;
+      default:
+        this.cipher.sshKey.privateKey = parsedKey.sshKey.privateKey;
+        this.cipher.sshKey.publicKey = parsedKey.sshKey.publicKey;
+        this.cipher.sshKey.keyFingerprint = parsedKey.sshKey.keyFingerprint;
+        this.toastService.showToast({
+          variant: "success",
+          title: "",
+          message: this.i18nService.t("sshKeyPasted"),
+        });
+    }
+  }
+
+  async getSshKeyPassword(): Promise<string> {
+    const dialog = this.dialogService.open<string>(SshKeyPasswordPromptComponent, {
+      ariaModal: true,
+    });
+
+    return await lastValueFrom(dialog.closed);
  }

  async typeChange() {