allow electron to execute ssh-add for the keys/certs generated

package.json

 {
-  "name": "angular-electron",
+  "name": "strudel2",
   "version": "9.0.4",
-  "description": "Angular 11 with Electron (Typescript + SASS + Hot Reload)",
-  "homepage": "https://github.com/maximegris/angular-electron",
+  "description": "Strudel2",
+  "homepage": "https://gitlab.erc.monash.edu.au/hpc-team/strudelv2_spa",
   "author": {
-    "name": "Maxime GRIS",
-    "email": "maxime.gris@gmail.com"
+    "name": "Chris Hines",
+    "email": "chris.hines@monash.edu"
   },
   "keywords": [
     "angular",
@@ -46,11 +46,14 @@
     "@angular/flex-layout": "11.0.0-beta.33",
     "@angular/material": "11.2.3",
     "buffer": "6.0.3",
+    "child_process": "^1.0.2",
     "jwk-to-ssh": "1.2.0",
     "keypair": "1.0.2",
     "node-forge": "0.10.0",
     "rxjs-compat": "6.6.6",
-    "web-ext": "5.5.0"
+    "tmp": "^0.0.33",
+    "web-ext": "5.5.0",
+    "yaml": "^1.10.2"
   },
   "devDependencies": {
     "@angular-builders/custom-webpack": "11.0.0",
@@ -113,5 +116,21 @@
   },
   "browserslist": [
     "chrome 83"
-  ]
+  ],
+  "build": {
+    "extraResources": [
+      {
+        "from": "./resources/",
+        "to": "",
+        "filter": [
+          "**/*"
+        ]
+      }
+    ],
+    "files": [
+      "main.js",
+      "./dist/**/*",
+      "./public/electron.js"
+    ]
+  }
 }

src/app/app.component.ts

@@ -52,6 +52,7 @@ export class AppComponent {
     this.authService.loggedOutAuthZ.pipe(
       isdefined
     ).subscribe((v) => { this.loggedout = (<[]>v).length } );
+    console.log('call ipcService once for oauth2-redirect');
     this.ipcService.once('oauth2-redirect',(event, ...args: any[]) => this.route_to_keygen(event, args));
   }
 
@@ -59,7 +60,7 @@ export class AppComponent {
     console.log('calling back from oauth', args);
     var url: string = args[0][0];
     let fragment = "#" + url.split('#')[1];
-    console.log('app.component is updating fragment');
+    console.log('app.component is updating fragment',fragment);
     this.authService.updateFragment(fragment);
     this.router.navigate(['/sshauthz_callback']);
   }

src/app/authorisation.service.ts

@@ -365,7 +365,7 @@ public getKeys(id?: Identity) {
    let state = statematch[1];
    let tuple = JSON.parse(sessionStorage.getItem('authservice'));
    if (tuple[1] != state) {
-     throw new Error('callback state parameter does not match');
+     throw new Error('callback state parameter does not match'+frag+tuple);
    }
 
    return new AuthToken(tokenmatch[1],tuple[0]);
@@ -401,13 +401,27 @@ public getKeys(id?: Identity) {
     return this.sshAdd(keyCert,apiserver);
   }
 
- public sshAdd(keyCert: KeyCert, apiserver) {
+ public sshAdd(keyCert: KeyCert, apiserver): Observable<any> {
    let headers = new HttpHeaders();
    let options = { headers: headers, withCredentials: true};
-   var anyvar: any;
    let data = {'key': keyCert.key, 'cert': keyCert.cert};
     console.log('in authService.sshAdd, adding to',apiserver);
-   return this.http.post<any>(apiserver.tes+'/sshagent',data,options)
+   let localAddCert = new Observable<any>(observer => {
+      this.ipcService.once('addCertResponse', (event, arg) => {
+        console.log('received addCertReply, sending to observers');
+        observer.next(arg);
+      })
+    }).pipe(tap((v) => console.log('localAddCert returned',v)))
+    this.ipcService.send('addCert', (data));
+    let remoteAddCert = this.http.post<any>(apiserver.tes+'/sshagent',data,options);
+    if (this.ipcService.useIpc) {
+      console.log('sshAdd using IPC and API server');
+      return combineLatest([localAddCert,remoteAddCert]).pipe(map(([_,remote]) => { return remote }));
+    } else {
+      console.log('sshAdd using API server only');
+      return remoteAddCert;
+    }
+    //return localAddCert;
  }
 
   storeKey(keyCert: KeyCert) {

src/app/ipc.service.ts

@@ -8,11 +8,13 @@ import { IpcRenderer } from 'electron';
 })
 export class IpcService {
   private _ipc: IpcRenderer | undefined;
+  public useIpc: boolean = false;
 
   constructor() { 
     if (window.require) {
       try {
         this._ipc = window.require('electron').ipcRenderer;
+        this.useIpc = true;
       } catch (e) {
         throw e;
       }

src/assets/config/authservers.json

@@ -11,17 +11,4 @@
       "scope": "user:email",
       "cafingerprint": "ECDSA SHA256:6wVXdokvvlTNcXPMc9KyvIXA8a8XNfLuhBfNOYeeMdg",
       "desc": "<div>The Characterisation Virtual Laboratory remote desktop services are available here. The service provides software, data and compute for researchers in the Characterisation research community.  For CVL desktop researchers from MASSIVE see <a href=https://www.massive.org.au>https://www.massive.org.au</a> for more information.  For CVL desktop users from other infrastructures see <a href=https://www.cvl.org.au>https://www.cvl.org.au</a></div>"
-    },
-    {
-      "authorise": "http://localhost:5000/oauth2/oauth/authorize/choose",
-      "base": "http://localhost:5000/oauth2/",
-      "client_id": "Q96kt2Vtw6S78dpORktM81DH",
-      "sign": "http://localhost:5000/sign/monash_hpcid/api/v1/sign_key",
-      "logout": "http://localhost:5000/oauth2/logout",
-      "name": "Localhost",
-      "icon": null,
-      "scope": "user:email",
-      "cafingerprint": "RSA SHA256:cmDxHrZQSPlBMUUcI/BWmruXho1XOzfXPDHSqVTwV2I",
-      "desc": "<div>The Characterisation Virtual Laboratory remote desktop services are available here. The service provides software, data and compute for researchers in the Characterisation research community.  For CVL desktop researchers from MASSIVE see <a href=https://www.massive.org.au>https://www.massive.org.au</a> for more information.  For CVL desktop users from other infrastructures see <a href=https://www.cvl.org.au>https://www.cvl.org.au</a></div>"
-    }
-]
+    }]