forked from sneak/secret
4419ef7730
The stub previously panicked on all methods including NewKeychainUnlocker, which is called from vault code when processing keychain-type unlocker metadata. This caused crashes on Linux/Windows when a vault synced from macOS contained keychain unlockers. Now returns proper error values, allowing graceful degradation and cross-platform vault portability.
83 lines
2.3 KiB
Go
83 lines
2.3 KiB
Go
//go:build !darwin
|
|
// +build !darwin
|
|
|
|
package secret
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"filippo.io/age"
|
|
"github.com/awnumar/memguard"
|
|
"github.com/spf13/afero"
|
|
)
|
|
|
|
// KeychainUnlockerMetadata is a stub for non-Darwin platforms
|
|
type KeychainUnlockerMetadata struct {
|
|
UnlockerMetadata
|
|
KeychainItemName string `json:"keychainItemName"`
|
|
}
|
|
|
|
// KeychainUnlocker is a stub for non-Darwin platforms
|
|
type KeychainUnlocker struct {
|
|
Directory string
|
|
Metadata UnlockerMetadata
|
|
fs afero.Fs
|
|
}
|
|
|
|
var errKeychainNotSupported = fmt.Errorf("keychain unlockers are only supported on macOS")
|
|
|
|
// GetIdentity returns an error on non-Darwin platforms
|
|
func (k *KeychainUnlocker) GetIdentity() (*age.X25519Identity, error) {
|
|
return nil, errKeychainNotSupported
|
|
}
|
|
|
|
// GetType returns the unlocker type
|
|
func (k *KeychainUnlocker) GetType() string {
|
|
return "keychain"
|
|
}
|
|
|
|
// GetMetadata returns the unlocker metadata
|
|
func (k *KeychainUnlocker) GetMetadata() UnlockerMetadata {
|
|
return k.Metadata
|
|
}
|
|
|
|
// GetDirectory returns the unlocker directory
|
|
func (k *KeychainUnlocker) GetDirectory() string {
|
|
return k.Directory
|
|
}
|
|
|
|
// GetID returns the unlocker ID
|
|
func (k *KeychainUnlocker) GetID() string {
|
|
return fmt.Sprintf("%s-keychain", k.Metadata.CreatedAt.Format("2006-01-02.15.04"))
|
|
}
|
|
|
|
// GetKeychainItemName returns an error on non-Darwin platforms
|
|
func (k *KeychainUnlocker) GetKeychainItemName() (string, error) {
|
|
return "", errKeychainNotSupported
|
|
}
|
|
|
|
// Remove returns an error on non-Darwin platforms
|
|
func (k *KeychainUnlocker) Remove() error {
|
|
return errKeychainNotSupported
|
|
}
|
|
|
|
// NewKeychainUnlocker creates a stub KeychainUnlocker on non-Darwin platforms.
|
|
// The returned instance's methods that require macOS functionality will return errors.
|
|
func NewKeychainUnlocker(fs afero.Fs, directory string, metadata UnlockerMetadata) *KeychainUnlocker {
|
|
return &KeychainUnlocker{
|
|
Directory: directory,
|
|
Metadata: metadata,
|
|
fs: fs,
|
|
}
|
|
}
|
|
|
|
// CreateKeychainUnlocker returns an error on non-Darwin platforms
|
|
func CreateKeychainUnlocker(_ afero.Fs, _ string) (*KeychainUnlocker, error) {
|
|
return nil, errKeychainNotSupported
|
|
}
|
|
|
|
// getLongTermPrivateKey returns an error on non-Darwin platforms
|
|
func getLongTermPrivateKey(_ afero.Fs, _ VaultInterface) (*memguard.LockedBuffer, error) {
|
|
return nil, errKeychainNotSupported
|
|
}
|