CryptoKit migration (#628)

* WIP. * WIP * WIP Edit * Key selection. * WIP * WIP * Proxy through * WIP * Remove verify. * Migration. * Comment * Add param * Semi-offering key * Ignore updates if test build. * Fix rsa public key gen * Messily fix RSA * Remove 1024 bit rsa * Cleanup * Cleanup * Clean out MLDSA refs for now * Dump notifier changes * Put back UI tweaks * Fixes.
2026-03-06 01:37:22 +01:00 · 2025-08-24 15:35:15 -07:00
parent 5b0135d694
commit 3d3d123484
38 changed files with 923 additions and 763 deletions
--- a/Sources/SecretAgent/AppDelegate.swift
+++ b/Sources/SecretAgent/AppDelegate.swift
@@ -12,7 +12,10 @@ class AppDelegate: NSObject, NSApplicationDelegate {

    @MainActor private let storeList: SecretStoreList = {
        let list = SecretStoreList()
-        list.add(store: SecureEnclave.Store())
+        let cryptoKit = SecureEnclave.Store()
+        let migrator = SecureEnclave.CryptoKitMigrator()
+        try? migrator.migrate(to: cryptoKit)
+        list.add(store: cryptoKit)
        list.add(store: SmartCard.Store())
        return list
    }()
@@ -46,6 +49,7 @@ class AppDelegate: NSObject, NSApplicationDelegate {
            updater.update
        } onChange: { [updater, notifier] in
            Task {
+                guard !updater.testBuild else { return }
                await notifier.notify(update: updater.update!) { release in
                    await updater.ignore(release: release)
                }
--- a/Sources/SecretAgent/Notifier.swift
+++ b/Sources/SecretAgent/Notifier.swift
@@ -69,7 +69,7 @@ final class Notifier: Sendable {
        notificationContent.userInfo[Constants.persistSecretIDKey] = secret.id.description
        notificationContent.userInfo[Constants.persistStoreIDKey] = store.id.description
        notificationContent.interruptionLevel = .timeSensitive
-        if await store.existingPersistedAuthenticationContext(secret: secret) == nil && secret.requiresAuthentication {
+        if await store.existingPersistedAuthenticationContext(secret: secret) == nil && secret.authenticationRequirement.required {
            notificationContent.categoryIdentifier = Constants.persistAuthenticationCategoryIdentitifier
        }
        if let iconURL = provenance.origin.iconURL, let attachment = try? UNNotificationAttachment(identifier: "icon", url: iconURL, options: nil) {