wincred: store encoding used as attribute

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

Author: thaJeztah

wincred/wincred.go

@@ -4,9 +4,9 @@ package wincred
 
 import (
 	"bytes"
-	"encoding/binary"
+	"errors"
+	"fmt"
 	"net/url"
-	"unicode/utf16"
 
 	winc "github.com/danieljoos/wincred"
 	"golang.org/x/text/encoding/unicode"
@@ -25,7 +25,10 @@ func (h Wincred) Add(creds *credentials.Credentials) error {
 	g := winc.NewGenericCredential(creds.ServerURL)
 	g.UserName = creds.Username
 	g.Persist = winc.PersistLocalMachine
-	g.Attributes = []winc.CredentialAttribute{{Keyword: "label", Value: credsLabels}}
+	g.Attributes = []winc.CredentialAttribute{
+		{Keyword: "label", Value: credsLabels},
+		{Keyword: "encoding", Value: []byte("utf16le")},
+	}
 
 	encoder := unicode.UTF16(unicode.LittleEndian, unicode.IgnoreBOM).NewEncoder()
 	blob, _, err := transform.Bytes(encoder, []byte(creds.Secret))
@@ -66,21 +69,23 @@ func (h Wincred) Get(serverURL string) (string, string, error) {
 
 	for _, attr := range g.Attributes {
 		if attr.Keyword == "label" && bytes.Equal(attr.Value, []byte(credentials.CredsLabel)) {
-			creds := string(g.CredentialBlob)
-
 			// Older versions of the wincred credential-helper stored the password blob
 			// as raw string bytes. Newer versions store it as UTF-16LE.
 			//
-			// The credential blob does not include encoding metadata, so we cannot
-			// reliably distinguish legacy entries from UTF-16LE entries in all cases.
-			// For backward compatibility, keep the legacy raw-byte form by default and
-			// only use the UTF-16LE-decoded form when it round-trips cleanly.
-			//
 			// See https://github.com/docker/docker-credential-helpers/pull/335
-			if p, ok := tryDecodeUTF16LE(g.CredentialBlob); ok {
-				creds = p
+			switch enc := credentialEncoding(g.Attributes); enc {
+			case "utf16le":
+				decoder := unicode.UTF16(unicode.LittleEndian, unicode.IgnoreBOM).NewDecoder()
+				creds, _, err := transform.Bytes(decoder, g.CredentialBlob)
+				if err != nil {
+					return "", "", fmt.Errorf("decoding credentials: %w", err)
+				}
+				return g.UserName, string(creds), nil
+			case "":
+				return g.UserName, string(g.CredentialBlob), nil
+			default:
+				return "", "", errors.New("unsupported credential encoding: " + enc)
 			}
-			return g.UserName, creds, nil
 		}
 	}
 	return "", "", credentials.NewErrCredentialsNotFound()
@@ -171,30 +176,11 @@ func (h Wincred) List() (map[string]string, error) {
 	return resp, nil
 }
 
-func tryDecodeUTF16LE(blob []byte) (string, bool) {
-	if len(blob)%2 != 0 {
-		return "", false
-	}
-
-	decoder := unicode.UTF16(unicode.LittleEndian, unicode.IgnoreBOM).NewDecoder()
-	s, _, err := transform.String(decoder, string(blob))
-	if err != nil {
-		return "", false
-	}
-
-	// roundtrip the value to check if it was indeed valid UTF-16LE.
-	if string(encodeUTF16LE(s)) != string(blob) {
-		return "", false
-	}
-
-	return s, true
-}
-
-func encodeUTF16LE(s string) []byte {
-	u16 := utf16.Encode([]rune(s))
-	buf := make([]byte, len(u16)*2)
-	for i, r := range u16 {
-		binary.LittleEndian.PutUint16(buf[i*2:], r)
+func credentialEncoding(attrs []winc.CredentialAttribute) string {
+	for _, attr := range attrs {
+		if attr.Keyword == "encoding" {
+			return string(attr.Value)
+		}
 	}
-	return buf
+	return ""
 }