2022-01-02 00:43:29 +00:00
|
|
|
import Foundation
|
2020-02-19 04:52:00 +00:00
|
|
|
import Combine
|
|
|
|
|
|
2022-01-02 02:10:44 +00:00
|
|
|
/// Manages access to Secrets, and performs signature operations on data using those Secrets.
|
2020-03-09 03:03:40 +00:00
|
|
|
public protocol SecretStore: ObservableObject, Identifiable {
|
2020-02-19 04:52:00 +00:00
|
|
|
|
|
|
|
|
associatedtype SecretType: Secret
|
2020-03-09 03:03:40 +00:00
|
|
|
|
2022-01-02 02:10:44 +00:00
|
|
|
/// A boolean indicating whether or not the store is available.
|
2020-03-07 23:42:40 +00:00
|
|
|
var isAvailable: Bool { get }
|
2022-01-02 02:10:44 +00:00
|
|
|
/// A unique identifier for the store.
|
2020-03-09 03:03:40 +00:00
|
|
|
var id: UUID { get }
|
2022-01-02 02:10:44 +00:00
|
|
|
/// A user-facing name for the store.
|
2020-03-04 07:14:38 +00:00
|
|
|
var name: String { get }
|
2022-01-02 02:10:44 +00:00
|
|
|
/// The secrets the store manages.
|
2020-02-19 04:52:00 +00:00
|
|
|
var secrets: [SecretType] { get }
|
|
|
|
|
|
2022-01-02 02:10:44 +00:00
|
|
|
/// Signs a data payload with a specified Secret.
|
|
|
|
|
/// - Parameters:
|
|
|
|
|
/// - data: The data to sign.
|
|
|
|
|
/// - secret: The ``Secret`` to sign with.
|
|
|
|
|
/// - provenance: A ``SigningRequestProvenance`` describing where the request came from.
|
|
|
|
|
/// - Returns: A ``SignedData`` object, containing the signature and metadata about the signature process.
|
2021-11-08 01:41:59 +00:00
|
|
|
func sign(data: Data, with secret: SecretType, for provenance: SigningRequestProvenance) throws -> SignedData
|
|
|
|
|
|
2022-01-02 02:10:44 +00:00
|
|
|
/// Persists user authorization for access to a secret.
|
|
|
|
|
/// - Parameters:
|
|
|
|
|
/// - secret: The ``Secret`` to persist the authorization for.
|
|
|
|
|
/// - duration: The duration that the authorization should persist for.
|
|
|
|
|
/// - Note: This is used for temporarily unlocking access to a secret which would otherwise require authentication every single use. This is useful for situations where the user anticipates several rapid accesses to a authorization-guarded secret.
|
2021-11-08 01:41:59 +00:00
|
|
|
func persistAuthentication(secret: SecretType, forDuration duration: TimeInterval) throws
|
2020-03-09 03:03:40 +00:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-02 02:10:44 +00:00
|
|
|
/// A SecretStore that the Secretive admin app can modify.
|
2020-03-09 03:03:40 +00:00
|
|
|
public protocol SecretStoreModifiable: SecretStore {
|
|
|
|
|
|
2022-01-02 02:10:44 +00:00
|
|
|
/// Creates a new ``Secret`` in the store.
|
|
|
|
|
/// - Parameters:
|
|
|
|
|
/// - name: The user-facing name for the ``Secret``.
|
|
|
|
|
/// - requiresAuthentication: A boolean indicating whether or not the user will be required to authenticate before performing signature operations with the secret.
|
2020-03-09 03:03:40 +00:00
|
|
|
func create(name: String, requiresAuthentication: Bool) throws
|
2022-01-02 02:10:44 +00:00
|
|
|
|
|
|
|
|
/// Deletes a Secret in the store.
|
|
|
|
|
/// - Parameters:
|
|
|
|
|
/// - secret: The ``Secret`` to delete.
|
2020-03-04 07:14:38 +00:00
|
|
|
func delete(secret: SecretType) throws
|
2022-01-02 02:10:44 +00:00
|
|
|
|
|
|
|
|
/// Updates the name of a Secret in the store.
|
|
|
|
|
/// - Parameters:
|
|
|
|
|
/// - secret: The ``Secret`` to update.
|
|
|
|
|
/// - name: The new name for the Secret.
|
2021-06-01 06:20:38 +00:00
|
|
|
func update(secret: SecretType, name: String) throws
|
2020-03-04 07:14:38 +00:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
extension NSNotification.Name {
|
|
|
|
|
|
2022-01-02 00:43:29 +00:00
|
|
|
public static let secretStoreUpdated = NSNotification.Name("com.maxgoedjen.Secretive.secretStore.updated")
|
2020-03-04 07:14:38 +00:00
|
|
|
|
2020-02-19 04:52:00 +00:00
|
|
|
}
|
