mutablelogic
diff --git a/‎cmd/api/bitwarden.go
Lines changed: 41 additions & 6 deletions b/‎cmd/api/bitwarden.go
Lines changed: 41 additions & 6 deletions
diff --git a/‎pkg/bitwarden/filestorage/filestorage.go
Lines changed: 4 additions & 18 deletions b/‎pkg/bitwarden/filestorage/filestorage.go
Lines changed: 4 additions & 18 deletions
diff --git a/‎pkg/bitwarden/schema/cipher.go
Lines changed: 21 additions & 60 deletions b/‎pkg/bitwarden/schema/cipher.go
Lines changed: 21 additions & 60 deletions
diff --git a/‎pkg/bitwarden/schema/folder.go
Lines changed: 4 additions & 2 deletions b/‎pkg/bitwarden/schema/folder.go
Lines changed: 4 additions & 2 deletions
diff --git a/‎pkg/bitwarden/schema/iterator.go
Lines changed: 59 additions & 9 deletions b/‎pkg/bitwarden/schema/iterator.go
Lines changed: 59 additions & 9 deletions
@@ -34,10 +34,11 @@ const (
 )
 
 var (
-	bwClient    *bitwarden.Client
-	bwPassword  string
-	bwConfigDir string
-	bwForce     bool
+	bwClient      *bitwarden.Client
+	bwPassword    string
+	bwConfigDir   string
+	bwForce       bool
+	bwInteractive bool
 )
 
 ///////////////////////////////////////////////////////////////////////////////
@@ -49,6 +50,7 @@ func bwRegister(flags *Flags) {
 	flags.String(bwName, "bitwarden-client-secret", "${BW_CLIENTSECRET}", "Client Secret")
 	flags.String(bwName, "bitwarden-password", "${BW_PASSWORD}", "Master password")
 	flags.Bool(bwName, "force", false, "Force login or sync to Bitwarden, even if existing token or data is valid")
+	flags.Bool(bwName, "interactive", true, "Allow interactive prompts for password")
 
 	// Register commands
 	flags.Register(Cmd{
@@ -82,6 +84,7 @@ func bwParse(flags *Flags, opts ...client.ClientOpt) error {
 		return ErrBadParameter.With("Missing -bitwarden-client-id or -bitwarden-client-secret argument")
 	}
 	bwForce = flags.GetBool("force")
+	bwInteractive = flags.GetBool("interactive")
 	bwPassword = flags.GetString("bitwarden-password")
 
 	// Create the client
@@ -124,6 +127,16 @@ func bwFolders(w *tablewriter.Writer, _ []string) error {
 	if bwForce {
 		opts = append(opts, bitwarden.OptForce())
 	}
+	if bwPassword == "" && bwInteractive {
+		if v, err := bwReadPasswordFromTerminal(); err != nil {
+			return err
+		} else {
+			bwPassword = v
+		}
+	}
+	if bwPassword != "" {
+		opts = append(opts, bitwarden.OptPassword(bwPassword))
+	}
 	folders, err := bwClient.Folders(opts...)
 	if err != nil {
 		return err
@@ -132,7 +145,13 @@ func bwFolders(w *tablewriter.Writer, _ []string) error {
 	// Decrypt the folders from the session
 	var result []*schema.Folder
 	for folder := folders.Next(); folder != nil; folder = folders.Next() {
-		result = append(result, folders.Decrypt(folder))
+		if folders.CanCrypt() {
+			if folder, err := folders.Decrypt(folder); err == nil {
+				result = append(result, folder)
+			}
+		} else {
+			result = append(result, folder)
+		}
 	}
 	return w.Write(result)
 }
@@ -142,6 +161,16 @@ func bwLogins(w *tablewriter.Writer, _ []string) error {
 	if bwForce {
 		opts = append(opts, bitwarden.OptForce())
 	}
+	if bwPassword == "" && bwInteractive {
+		if v, err := bwReadPasswordFromTerminal(); err != nil {
+			return err
+		} else {
+			bwPassword = v
+		}
+	}
+	if bwPassword != "" {
+		opts = append(opts, bitwarden.OptPassword(bwPassword))
+	}
 	ciphers, err := bwClient.Ciphers(opts...)
 	if err != nil {
 		return err
@@ -150,7 +179,13 @@ func bwLogins(w *tablewriter.Writer, _ []string) error {
 	// Decrypt the ciphers from the session
 	var result []*schema.Cipher
 	for cipher := ciphers.Next(); cipher != nil; cipher = ciphers.Next() {
-		result = append(result, ciphers.Decrypt(cipher))
+		if ciphers.CanCrypt() {
+			if cipher, err := ciphers.Decrypt(cipher); err == nil {
+				result = append(result, cipher)
+			}
+		} else {
+			result = append(result, cipher)
+		}
 	}
 	return w.Write(result)
 }
 
@@ -5,11 +5,7 @@ import (
 	"path/filepath"
 
 	// Packages
-
 	schema "github.com/mutablelogic/go-client/pkg/bitwarden/schema"
-
-	// Namespace imports
-	. "github.com/djthorpe/go-errors"
 )
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -141,12 +137,7 @@ func (f *fileStorage) WriteCiphers(v schema.Ciphers) error {
 // PUBLIC METHODS - READ CIPHERS AND FOLDERS
 
 // Read ciphers and return an iterator
-func (f *fileStorage) ReadCiphers(profile *schema.Profile) (schema.Iterator[*schema.Cipher], error) {
-	// Profile is a required argument
-	if profile == nil {
-		return nil, ErrBadParameter.With("missing profile")
-	}
-
+func (f *fileStorage) ReadCiphers() (schema.Iterator[*schema.Cipher], error) {
 	// Read the ciphers file
 	ciphers := schema.Ciphers{}
 	fileName := filepath.Join(f.cachePath, fileNameCiphers)
@@ -160,16 +151,11 @@ func (f *fileStorage) ReadCiphers(profile *schema.Profile) (schema.Iterator[*sch
 	}
 
 	// Return an iterator
-	return schema.NewIterator[*schema.Cipher](profile, ciphers), nil
+	return schema.NewIterator[*schema.Cipher](ciphers), nil
 }
 
 // Read folders and return an iterator
-func (f *fileStorage) ReadFolders(profile *schema.Profile) (schema.Iterator[*schema.Folder], error) {
-	// Profile is a required argument
-	if profile == nil {
-		return nil, ErrBadParameter.With("missing profile")
-	}
-
+func (f *fileStorage) ReadFolders() (schema.Iterator[*schema.Folder], error) {
 	// Read the folders file
 	folders := schema.Folders{}
 	fileName := filepath.Join(f.cachePath, fileNameFolders)
@@ -183,5 +169,5 @@ func (f *fileStorage) ReadFolders(profile *schema.Profile) (schema.Iterator[*sch
 	}
 
 	// Return an iterator
-	return schema.NewIterator[*schema.Folder](profile, folders), nil
+	return schema.NewIterator[*schema.Folder](folders), nil
 }
@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"io"
 	"time"
+
+	"github.com/mutablelogic/go-client/pkg/bitwarden/crypto"
 )
 
 ///////////////////////////////////////////////////////////////////////////////
@@ -23,7 +25,7 @@ type Cipher struct {
 	RevisionDate   time.Time    `json:"revisionDate"`
 	CollectionIds  []string     `json:"collectionIds,omitempty"`
 	ViewPassword   bool         `json:"viewPassword"`
-	Login          *CipherLogin `json:"Login,omitempty"`
+	Login          *CipherLogin `json:"Login,omitempty,wrap"`
 	//	Card           *CardData       `json:"Card,omitempty"`
 	//	SecureNote     *SecureNoteData `json:"SecureNote,omitempty"`
 	//	Identity       *IdentityData   `json:"Identity,omitempty"`
@@ -89,70 +91,29 @@ func (c *Ciphers) Write(w io.Writer) error {
 }
 
 // Decrypt a cipher
-func (c Cipher) Decrypt(s *Session) (Crypter, error) {
+func (c Cipher) Decrypt(k *crypto.CryptoKey) (Crypter, error) {
 	result := &c
-	if value, err := s.DecryptStr(result.Name); err != nil {
+	if value, err := k.DecryptStr(result.Name); err != nil {
 		return nil, err
 	} else {
 		result.Name = value
 	}
-	if value, err := s.DecryptStr(result.Login.Username); err != nil {
-		return nil, err
-	} else {
-		result.Login.Username = value
-	}
-	if value, err := s.DecryptStr(result.Login.URI); err != nil {
-		return nil, err
-	} else {
-		result.Login.URI = value
+	if result.Login != nil {
+		if value, err := k.DecryptStr(result.Login.Username); err != nil {
+			return nil, err
+		} else {
+			result.Login.Username = value
+		}
+		if value, err := k.DecryptStr(result.Login.Password); err != nil {
+			return nil, err
+		} else {
+			result.Login.Password = value
+		}
+		if value, err := k.DecryptStr(result.Login.URI); err != nil {
+			return nil, err
+		} else {
+			result.Login.URI = value
+		}
 	}
 	return result, nil
 }
-
-/*
-"collectionIds": [
-	"86f7c94b-12a0-4eb2-bb0e-aedb007de863"
-],
-"folderId": null,
-"favorite": false,
-"edit": true,
-"": true,
-"id": "b5f097b5-b4a5-4a87-9b99-aedb007e6de0",
-"organizationId": "9e18928b-72ca-45c6-aa83-aedb007de85a",
-"type": 1,
-"data": {
-	"uri": null,
-	"uris": null,
-	"username": "2.DAvbumAOG0xC6GqbJrhpnA==|HnOHH11CfVNKhlZ6O4qw2cu2auJ8Htny21fzce8K+Mk=|CEMiSK11mlcKUlQbYjDc0geZKX4Lf4wVd0HhvbvsXuY=",
-	"password": "2.4abHZh9TmpDgSrw3KtdKeA==|Z5mniOuc5fafK+wMTv8gog==|2GDJ7tV8sz4cjqoUo/4wIQdgKay2QcEevwj7QqrK/XA=",
-	"passwordRevisionDate": null,
-	"totp": null,
-	"autofillOnPageLoad": null,
-	"name": "2.fkAxwCyKYwn06kULey5wnQ==|Xtwh+fpHZ0MEm0EAljGF5g==|89uI/dnpvGIfZDn8r3xqgNBCgezXLS73KK5fyupC6CQ=",
-	"notes": null,
-	"fields": null,
-	"passwordHistory": null
-},
-"name": "2.fkAxwCyKYwn06kULey5wnQ==|Xtwh+fpHZ0MEm0EAljGF5g==|89uI/dnpvGIfZDn8r3xqgNBCgezXLS73KK5fyupC6CQ=",
-"notes": null,
-"login": {
-	"uri": null,
-	"uris": null,
-	"username": "2.DAvbumAOG0xC6GqbJrhpnA==|HnOHH11CfVNKhlZ6O4qw2cu2auJ8Htny21fzce8K+Mk=|CEMiSK11mlcKUlQbYjDc0geZKX4Lf4wVd0HhvbvsXuY=",
-	"password": "2.4abHZh9TmpDgSrw3KtdKeA==|Z5mniOuc5fafK+wMTv8gog==|2GDJ7tV8sz4cjqoUo/4wIQdgKay2QcEevwj7QqrK/XA=",
-	"passwordRevisionDate": null,
-	"totp": null,
-	"autofillOnPageLoad": null
-},
-"card": null,
-"identity": null,
-"secureNote": null,
-"fields": null,
-"passwordHistory": null,
-"attachments": null,
-"organizationUseTotp": false,
-"revisionDate": "2022-07-23T07:40:18.88Z",
-"deletedDate": null,
-"reprompt": 0,
-"object": "cipherDetails"
-*/
@@ -4,6 +4,8 @@ import (
 	"encoding/json"
 	"io"
 	"time"
+
+	"github.com/mutablelogic/go-client/pkg/bitwarden/crypto"
 )
 
 ///////////////////////////////////////////////////////////////////////////////
@@ -32,9 +34,9 @@ func (f *Folders) Write(w io.Writer) error {
 }
 
 // Decrypt a folder
-func (f Folder) Decrypt(s *Session) (Crypter, error) {
+func (f Folder) Decrypt(k *crypto.CryptoKey) (Crypter, error) {
 	result := &f
-	if value, err := s.DecryptStr(result.Name); err != nil {
+	if value, err := k.DecryptStr(result.Name); err != nil {
 		return nil, err
 	} else {
 		result.Name = value
 
@@ -1,11 +1,18 @@
 package schema
 
-import "fmt"
+import (
+	// Packages
+	crypto "github.com/mutablelogic/go-client/pkg/bitwarden/crypto"
+
+	// Namespace imports
+	. "github.com/djthorpe/go-errors"
+)
 
 /////////////////////////////////////////////////////////////////////////////////
 // TYPES
 
 type Iterable interface {
+	Crypter
 	*Folder | *Cipher
 }
 
@@ -14,20 +21,30 @@ type Iterator[T Iterable] interface {
 	// Return next value or nil if there are no more values
 	Next() T
 
-	// Decrypt the value
-	Decrypt(T) T
+	// Compute and return the encryption/decryption key from the profile,
+	// password and KDF parameters
+	CryptKey(*Profile, string, Kdf) (*crypto.CryptoKey, error)
+
+	// CanCrypt returns true if the iterator has a key
+	// for encryption and decryption
+	CanCrypt() bool
+
+	// Decrypt the value and return a copy of it
+	Decrypt(T) (T, error)
 }
 
 // Concrete iterator
 type iterator[T Iterable] struct {
-	n      int
-	values []T
+	n        int
+	values   []T
+	cryptKey *crypto.CryptoKey
 }
 
 /////////////////////////////////////////////////////////////////////////////////
 // LIFECYCLE
 
-func NewIterator[T Iterable](profile *Profile, values []T) Iterator[T] {
+// NewIterator returns a new iterator which can be used to iterate over values
+func NewIterator[T Iterable](values []T) Iterator[T] {
 	iterator := new(iterator[T])
 	iterator.values = values
 	return iterator
@@ -36,6 +53,7 @@ func NewIterator[T Iterable](profile *Profile, values []T) Iterator[T] {
 /////////////////////////////////////////////////////////////////////////////////
 // PUBLIC METHODS
 
+// Return the next value or nil if there are no more values
 func (i *iterator[T]) Next() T {
 	var result T
 	if i.n < len(i.values) {
@@ -45,7 +63,39 @@ func (i *iterator[T]) Next() T {
 	return result
 }
 
-func (i *iterator[T]) Decrypt(v T) T {
-	fmt.Printf("TODO: Decrypt %T\n", v)
-	return v
+// CanCrypt returns true if the iterator has a key for encryption and decryption
+func (i *iterator[T]) CanCrypt() bool {
+	return i.cryptKey != nil
+}
+
+// CryptKey computes and returns the encryption key. The key is cached by the iterator
+// for use in the Decrypt and Encrypt function calls
+func (i *iterator[T]) CryptKey(profile *Profile, passwd string, kdf Kdf) (*crypto.CryptoKey, error) {
+	if profile == nil || passwd == "" || kdf.Iterations == 0 {
+		return nil, ErrBadParameter.With("DecryptKey")
+	}
+
+	key, err := profile.MakeKey(kdf, passwd)
+	if err != nil {
+		return nil, err
+	}
+
+	// Cache the key
+	i.cryptKey = key
+	return key, nil
+}
+
+// Decrypt T and return a new copy of T
+func (i *iterator[T]) Decrypt(v T) (T, error) {
+	if v == nil {
+		return nil, nil
+	} else if i.cryptKey == nil {
+		return nil, ErrNotAuthorized.With("No decryption key")
+	} else if v, err := v.Decrypt(i.cryptKey); err != nil {
+		return nil, err
+	} else if v, ok := v.(T); !ok {
+		panic("Unexpected type")
+	} else {
+		return v, nil
+	}
 }