From 33ecabef20a687bf851d8beb8220d02fefecbe00 Mon Sep 17 00:00:00 2001
From: Max Goedjen <max.goedjen@gmail.com>
Date: Sat, 6 Nov 2021 16:49:38 -0700
Subject: [PATCH] Cache existing contexts

---
 .../SecureEnclave/SecureEnclaveStore.swift    | 21 ++++++++++++-------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/SecretKit/SecureEnclave/SecureEnclaveStore.swift b/SecretKit/SecureEnclave/SecureEnclaveStore.swift
index 57e16a7..d31c73f 100644
--- a/SecretKit/SecureEnclave/SecureEnclaveStore.swift
+++ b/SecretKit/SecureEnclave/SecureEnclaveStore.swift
@@ -7,14 +7,6 @@ extension SecureEnclave {
 
     public class Store: SecretStoreModifiable {
 
-        private let context: LAContext = {
-            let context = LAContext()
-            context.localizedReason = "test"
-            context.localizedCancelTitle = "Deny"
-            context.touchIDAuthenticationAllowableReuseDuration = 60 * 60
-            return context
-        }()
-
         public var isAvailable: Bool {
             // For some reason, as of build time, CryptoKit.SecureEnclave.isAvailable always returns false
             // error msg "Received error sending GET UNIQUE DEVICE command"
@@ -24,6 +16,7 @@ extension SecureEnclave {
         public let id = UUID()
         public let name = NSLocalizedString("Secure Enclave", comment: "Secure Enclave")
         @Published public private(set) var secrets: [Secret] = []
+        private var existingLAContexts: [Secret: LAContext] = [:]
 
         public init() {
             DistributedNotificationCenter.default().addObserver(forName: .secretStoreUpdated, object: nil, queue: .main) { _ in
@@ -102,6 +95,17 @@ extension SecureEnclave {
         }
 
         public func sign(data: Data, with secret: SecretType, for provenance: SigningRequestProvenance) throws -> Data {
+            let context: LAContext
+            if let existing = existingLAContexts[secret] {
+                context = existing
+            } else {
+                let newContext = LAContext()
+                newContext.localizedCancelTitle = "Deny"
+                newContext.touchIDAuthenticationAllowableReuseDuration = 60 * 5
+                existingLAContexts[secret] = newContext
+                context = newContext
+            }
+            context.localizedReason = "sign a request from \"\(provenance.origin.displayName)\" using secret \"\(secret.name)\""
             let attributes = [
                 kSecClass: kSecClassKey,
                 kSecAttrKeyClass: kSecAttrKeyClassPrivate,
@@ -182,6 +186,7 @@ extension SecureEnclave.Store {
             throw SecureEnclave.KeychainError(statusCode: status)
         }
     }
+
 }
 
 extension SecureEnclave {