static void salt_password (string password, out string token, out string salt) { const int SALT_BYTES = 8; uchar salt_bytes[SALT_BYTES]; GCrypt.Random.randomize (salt_bytes, GCrypt.Random.Level.STRONG); uchar salt_chars[2*SALT_BYTES+1]; for (int i = 0; i < SALT_BYTES; i += 1) { salt_chars[2*i+0] = "0123456789abcdef"[(salt_bytes[i]>>4)&0xf]; salt_chars[2*i+1] = "0123456789abcdef"[(salt_bytes[i]>>0)&0xf]; } salt_chars[2*SALT_BYTES] = 0; var checksum = new Checksum (ChecksumType.MD5); checksum.update ((uchar[]) password, -1); checksum.update (salt_chars, -1); token = checksum.get_string (); salt = (string) salt_chars; } [GtkTemplate (ui = "/eu/callcc/audrey/ui/setup.ui")] public class Ui.Setup : Adw.PreferencesDialog { public string status { get; private set; default = _("Not connected"); } public bool authn_can_edit { get; private set; default = true; } public bool authn_can_validate { get; private set; default = false; } public string server_url { get; set; default = ""; } public string username { get; set; default = ""; } public string password { get; set; default = ""; } public string token; public string salt; public signal void connected (Subsonic api); private static Secret.Schema secret_schema = new Secret.Schema ( "eu.callcc.audrey", Secret.SchemaFlags.NONE, "server-url", Secret.SchemaAttributeType.STRING, "username", Secret.SchemaAttributeType.STRING ); [GtkCallback] private void on_authn_changed () { this.authn_can_validate = true; } [GtkCallback] private void on_authn_validate_activated () { this.authn_can_validate = false; this.authn_can_edit = false; this.status = _("Connecting..."); string new_token, new_salt; salt_password (this.password, out new_token, out new_salt); var api = new Subsonic.with_token ( this.server_url, this.username, new_token, new_salt); api.ping.begin ((obj, res) => { try { api.ping.end (res); this.status = _("Connected"); this.token = new_token; this.salt = new_salt; this.save (); this.connected (api); } catch (Error e) { this.status = @"$(_("Ping failed")): $(e.message)"; this.authn_can_validate = true; } this.authn_can_edit = true; }); } public void load () { this.authn_can_edit = false; Secret.password_searchv.begin ( secret_schema, new HashTable (null, null), Secret.SearchFlags.NONE, null, (obj, res) => { try { var list = Secret.password_searchv.end (res); if (list == null) { // didn't find shit, leave all empty this.server_url = ""; this.username = ""; this.password = ""; // TODO: onboarding this.authn_can_edit = true; this.authn_can_validate = true; } else { var first = list.data; assert (first != null); this.server_url = first.attributes["server-url"]; this.username = first.attributes["username"]; first.retrieve_secret.begin (null, (obj, res) => { try { var value = first.retrieve_secret.end (res); this.password = value.get_text () ?? ""; } catch (Error e) { error ("could not retrieve password from credentials: %s", e.message); } // first connection this.authn_can_validate = true; this.on_authn_validate_activated (); }); } } catch (Error e) { error ("could not search for password in keyring: %s", e.message); } }); } public void save () { this.authn_can_edit = false; Secret.password_store.begin (secret_schema, null, "Audrey Subsonic password", this.password, null, (obj, res) => { try { Secret.password_store.end (res); } catch (Error e) { error ("could not store password in keyring: %s", e.message); } this.authn_can_edit = true; }, "server-url", this.server_url, "username", this.username); } }