external/secretive
1
0
Fork 0
mirror of https://github.com/maxgoedjen/secretive.git synced 2025-04-18 05:22:11 +00:00
Code Issues Projects Releases Wiki Activity

Cache existing contexts

Browse Source
This commit is contained in:
Max Goedjen 2021-11-06 16:49:38 -07:00
parent ec2165f898
commit 33ecabef20
No known key found for this signature in database
GPG Key ID: E58C21DD77B9B8E8
1 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
SecretKit/SecureEnclave/SecureEnclaveStore.swift
View File

@ -7,14 +7,6 @@ extension SecureEnclave {
public class Store: SecretStoreModifiable { public class Store: SecretStoreModifiable {
private let context: LAContext = {
let context = LAContext()
context.localizedReason = "test"
context.localizedCancelTitle = "Deny"
context.touchIDAuthenticationAllowableReuseDuration = 60 * 60
return context
}()
public var isAvailable: Bool { public var isAvailable: Bool {
// For some reason, as of build time, CryptoKit.SecureEnclave.isAvailable always returns false // For some reason, as of build time, CryptoKit.SecureEnclave.isAvailable always returns false
// error msg "Received error sending GET UNIQUE DEVICE command" // error msg "Received error sending GET UNIQUE DEVICE command"
@ -24,6 +16,7 @@ extension SecureEnclave {
public let id = UUID() public let id = UUID()
public let name = NSLocalizedString("Secure Enclave", comment: "Secure Enclave") public let name = NSLocalizedString("Secure Enclave", comment: "Secure Enclave")
@Published public private(set) var secrets: [Secret] = [] @Published public private(set) var secrets: [Secret] = []
private var existingLAContexts: [Secret: LAContext] = [:]
public init() { public init() {
DistributedNotificationCenter.default().addObserver(forName: .secretStoreUpdated, object: nil, queue: .main) { _ in DistributedNotificationCenter.default().addObserver(forName: .secretStoreUpdated, object: nil, queue: .main) { _ in
@ -102,6 +95,17 @@ extension SecureEnclave {
} }
public func sign(data: Data, with secret: SecretType, for provenance: SigningRequestProvenance) throws -> Data { public func sign(data: Data, with secret: SecretType, for provenance: SigningRequestProvenance) throws -> Data {
let context: LAContext
if let existing = existingLAContexts[secret] {
context = existing
} else {
let newContext = LAContext()
newContext.localizedCancelTitle = "Deny"
newContext.touchIDAuthenticationAllowableReuseDuration = 60 * 5
existingLAContexts[secret] = newContext
context = newContext
}
context.localizedReason = "sign a request from \"\(provenance.origin.displayName)\" using secret \"\(secret.name)\""
let attributes = [ let attributes = [
kSecClass: kSecClassKey, kSecClass: kSecClassKey,
kSecAttrKeyClass: kSecAttrKeyClassPrivate, kSecAttrKeyClass: kSecAttrKeyClassPrivate,
@ -182,6 +186,7 @@ extension SecureEnclave.Store {
throw SecureEnclave.KeychainError(statusCode: status) throw SecureEnclave.KeychainError(statusCode: status)
} }
} }
} }
extension SecureEnclave { extension SecureEnclave {