Certificate UI/Import (#798)

* Sketching out. * WIP * WIP * Dump * Apply stash * Merge + WIP * UI * More WIP * Agent config * UI cleanup * Restore dirty files * XPC * Edit/delete * UI fixes * Cleanup * Change id for OpenSSHCertificate to hex of md5 * Fix runtime warning for confirmation dialog * Mark strings as reviewed * Cleanup * Fix agent tests
2026-05-07 16:08:58 +02:00 · 2026-05-06 01:03:21 -07:00
parent 2f4d10d70d
commit b337b24641
35 changed files with 1516 additions and 225 deletions
--- a/Sources/Packages/Tests/SecretAgentKitTests/AgentTests.swift
+++ b/Sources/Packages/Tests/SecretAgentKitTests/AgentTests.swift
@@ -1,16 +1,17 @@
 import Foundation
 import Testing
 import CryptoKit
+import CertificateKit
@testable import SSHProtocolKit
@testable import SecretKit
@testable import SecretAgentKit

-@Suite struct AgentTests {
+@Suite @MainActor struct AgentTests {

    // MARK: Identity Listing

    @Test func emptyStores() async throws {
-        let agent = Agent(storeList: SecretStoreList())
+        let agent = Agent(storeList: SecretStoreList(), certificateStore: CertificateStore())
        let request = try SSHAgentInputParser().parse(data: Constants.Requests.requestIdentities)
        let response = await agent.handle(request: request, provenance: .test)
        #expect(response == Constants.Responses.requestIdentitiesEmpty)
@@ -18,7 +19,7 @@ import CryptoKit

    @Test func identitiesList() async throws {
        let list = await storeList(with: [Constants.Secrets.ecdsa256Secret, Constants.Secrets.ecdsa384Secret])
-        let agent = Agent(storeList: list)
+        let agent = Agent(storeList: list, certificateStore: CertificateStore())
        let request = try SSHAgentInputParser().parse(data: Constants.Requests.requestIdentities)
        let response = await agent.handle(request: request, provenance: .test)

@@ -32,7 +33,7 @@ import CryptoKit

    @Test func noMatchingIdentities() async throws {
        let list = await storeList(with: [Constants.Secrets.ecdsa256Secret, Constants.Secrets.ecdsa384Secret])
-        let agent = Agent(storeList: list)
+        let agent = Agent(storeList: list, certificateStore: CertificateStore())
        let request = try SSHAgentInputParser().parse(data: Constants.Requests.requestSignatureWithNoneMatching)
        let response = await agent.handle(request: request, provenance: .test)
        #expect(response == Constants.Responses.requestFailure)
@@ -42,7 +43,7 @@ import CryptoKit
        let request = try SSHAgentInputParser().parse(data: Constants.Requests.requestSignature)
        guard case SSHAgent.Request.signRequest(let context) = request else { return }
        let list = await storeList(with: [Constants.Secrets.ecdsa256Secret, Constants.Secrets.ecdsa384Secret])
-        let agent = Agent(storeList: list)
+        let agent = Agent(storeList: list, certificateStore: CertificateStore())
        let response = await agent.handle(request: request, provenance: .test)
        let responseReader = OpenSSHReader(data: response)
        let length = try responseReader.readNextBytes(as: UInt32.self)
@@ -77,7 +78,7 @@ import CryptoKit
        let witness = StubWitness(speakNow: { _,_  in
            return true
        }, witness: { _, _ in })
-        let agent = Agent(storeList: list, witness: witness)
+        let agent = Agent(storeList: list, certificateStore: CertificateStore(), witness: witness)
        let response = await agent.handle(request: .signRequest(.empty), provenance: .test)
        #expect(response == Constants.Responses.requestFailure)
    }
@@ -90,7 +91,7 @@ import CryptoKit
        }, witness: { _, trace in
            witnessed = true
        })
-        let agent = Agent(storeList: list, witness: witness)
+        let agent = Agent(storeList: list, certificateStore: CertificateStore(), witness: witness)
        let request = try SSHAgentInputParser().parse(data: Constants.Requests.requestSignature)
        _ = await agent.handle(request: request, provenance: .test)
        #expect(witnessed)
@@ -106,7 +107,7 @@ import CryptoKit
        }, witness: { _, trace in
            witnessTrace = trace
        })
-        let agent = Agent(storeList: list, witness: witness)
+        let agent = Agent(storeList: list, certificateStore: CertificateStore(), witness: witness)
        let request = try SSHAgentInputParser().parse(data: Constants.Requests.requestSignature)
        _ = await agent.handle(request: request, provenance: .test)
        #expect(witnessTrace == speakNowTrace)
@@ -117,9 +118,9 @@ import CryptoKit

    @Test func signatureException() async throws {
        let list = await storeList(with: [Constants.Secrets.ecdsa256Secret, Constants.Secrets.ecdsa384Secret])
-        let store = await list.stores.first?.base as! Stub.Store
+        let store = list.stores.first?.base as! Stub.Store
        store.shouldThrow = true
-        let agent = Agent(storeList: list)
+        let agent = Agent(storeList: list, certificateStore: CertificateStore())
        let request = try SSHAgentInputParser().parse(data: Constants.Requests.requestSignature)
        let response = await agent.handle(request: request, provenance: .test)
        #expect(response == Constants.Responses.requestFailure)
@@ -128,7 +129,7 @@ import CryptoKit
    // MARK: Unsupported

    @Test func unhandledAdd() async throws {
-        let agent = Agent(storeList: SecretStoreList())
+        let agent = Agent(storeList: SecretStoreList(), certificateStore: CertificateStore())
        let response = await agent.handle(request: .addIdentity, provenance: .test)
        #expect(response == Constants.Responses.requestFailure)
    }
@@ -143,7 +144,7 @@ extension SigningRequestProvenance {

 extension AgentTests {

-    @MainActor func storeList(with secrets: [Stub.Secret]) async -> SecretStoreList {
+    func storeList(with secrets: [Stub.Secret]) async -> SecretStoreList {
        let store = Stub.Store()
        store.secrets.append(contentsOf: secrets)
        let storeList = SecretStoreList()