+/*
+tofuproxy -- HTTP proxy with TLS certificates management
+Copyright (C) 2021 Sergey Matveev <stargrave@stargrave.org>
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 3 of the License.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+package tofuproxy
+
+import (
+ "bytes"
+ "errors"
+ "fmt"
+ "io/ioutil"
+ "log"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "strings"
+ "sync"
+)
+
+var (
+ authCache = make(map[string][2]string)
+ authCacheM sync.Mutex
+)
+
+func findInNetrc(host string) (string, string) {
+ netrcPath, ok := os.LookupEnv("NETRC")
+ if !ok {
+ netrcPath = filepath.Join(os.Getenv("HOME"), ".netrc")
+ }
+ data, err := ioutil.ReadFile(netrcPath)
+ if err != nil {
+ if os.IsNotExist(err) {
+ return "", ""
+ }
+ log.Fatalln(err)
+ }
+ var login string
+ var password string
+ for _, line := range strings.Split(string(data), "\n") {
+ if i := strings.Index(line, "#"); i >= 0 {
+ line = line[:i]
+ }
+ f := strings.Fields(line)
+ if len(f) >= 6 &&
+ f[0] == "machine" && f[1] == host &&
+ f[2] == "login" && f[4] == "password" {
+ login, password = f[3], f[5]
+ break
+ }
+ }
+ return login, password
+}
+
+func authDialog(host, realm string) (string, string, error) {
+ var b bytes.Buffer
+ userInit, passInit := findInNetrc(host)
+ b.WriteString(fmt.Sprintf(`
+wm title . "Unauthorized: %s"
+
+label .luser -text "User"
+set userinit "%s"
+set u [entry .user -textvariable userinit]
+grid .luser .user
+
+label .lpass -text "Password"
+set passinit "%s"
+set p [entry .pass -show "*" -textvariable passinit]
+grid .lpass .pass
+
+proc submit {} {
+ global u p
+ puts [$u get]
+ puts [$p get]
+ exit
+}
+
+button .submit -text "Submit" -command submit
+grid .submit
+`, realm, userInit, passInit))
+ cmd := exec.Command(CmdWish)
+ cmd.Stdin = &b
+ out, err := cmd.Output()
+ if err != nil {
+ return "", "", err
+ }
+ lines := strings.Split(string(out), "\n")
+ if len(lines) < 2 {
+ return "", "", errors.New("invalid output from authorization form")
+ }
+ return lines[0], lines[1], nil
+}