Certificate UI/Import (#798)

* Sketching out. * WIP * WIP * Dump * Apply stash * Merge + WIP * UI * More WIP * Agent config * UI cleanup * Restore dirty files * XPC * Edit/delete * UI fixes * Cleanup * Change id for OpenSSHCertificate to hex of md5 * Fix runtime warning for confirmation dialog * Mark strings as reviewed * Cleanup * Fix agent tests
2026-05-07 16:08:58 +02:00 · 2026-05-06 01:03:21 -07:00
parent 2f4d10d70d
commit b337b24641
35 changed files with 1516 additions and 225 deletions
--- a/Sources/SecretAgent/AppDelegate.swift
+++ b/Sources/SecretAgent/AppDelegate.swift
@@ -6,8 +6,21 @@ import SmartCardSecretKit
 import SecretAgentKit
 import Brief
 import Observation
+import SSHProtocolKit
+import CertificateKit
 import Common
+import SwiftUI

+extension EnvironmentValues {
+
+    @MainActor fileprivate static let _certificateStore: CertificateStore = CertificateStore()
+
+    @MainActor var certificateStore: CertificateStore {
+        EnvironmentValues._certificateStore
+    }
+
+
+}
@main
 class AppDelegate: NSObject, NSApplicationDelegate {

@@ -18,13 +31,15 @@ class AppDelegate: NSObject, NSApplicationDelegate {
        try? migrator.migrate(to: cryptoKit)
        list.add(store: cryptoKit)
        list.add(store: SmartCard.Store())
+        let certsMigrator = CertificateMigrator(homeDirectory: URL.homeDirectory, certificateStore: EnvironmentValues._certificateStore)
+        try? certsMigrator.migrate()
        return list
    }()
    private let updater = Updater(checkOnLaunch: true)
    private let notifier = Notifier()
-    private let publicKeyFileStoreController = PublicKeyFileStoreController(directory: URL.publicKeyDirectory)
-    private lazy var agent: Agent = {
-        Agent(storeList: storeList, witness: notifier)
+    private let publicKeyFileStoreController = PublicKeyFileStoreController(publicKeysURL: URL.publicKeyDirectory, certificatesURL: URL.certificatesDirectory)
+    @MainActor private lazy var agent: Agent = {
+        Agent(storeList: storeList, certificateStore: EnvironmentValues._certificateStore, witness: notifier)
    }()
    private lazy var socketController: SocketController = {
        let path = URL.socketPath as String
@@ -55,7 +70,13 @@ class AppDelegate: NSObject, NSApplicationDelegate {
                try? publicKeyFileStoreController.generatePublicKeys(for: storeList.allSecrets, clear: true)
            }
        }
+        Task {
+            for await _ in NotificationCenter.default.notifications(named: .certificateStoreReloaded) {
+                try? publicKeyFileStoreController.generateCertificates(for: EnvironmentValues._certificateStore.certificates, clear: true)
+            }
+        }
        try? publicKeyFileStoreController.generatePublicKeys(for: storeList.allSecrets, clear: true)
+        try? publicKeyFileStoreController.generateCertificates(for: EnvironmentValues._certificateStore.certificates, clear: true)
        notifier.prompt()
        _ = withObservationTracking {
            updater.update
--- a/Sources/SecretAgent/CertificateMigrator.swift
+++ b/Sources/SecretAgent/CertificateMigrator.swift
@@ -0,0 +1,47 @@
+import Foundation
+import Security
+import CryptoTokenKit
+import CryptoKit
+import os
+import SSHProtocolKit
+import CertificateKit
+import SharedXPCServices
+
+public struct CertificateMigrator {
+
+    private let logger = Logger(subsystem: "com.maxgoedjen.secretive.migration", category: "CertificateKitMigrator")
+    private let directory: URL
+    private let certificateStore: CertificateStore
+
+    /// Initializes a PublicKeyFileStoreController.
+    public init(homeDirectory: URL, certificateStore: CertificateStore) {
+        directory = homeDirectory.appending(component: "PublicKeys")
+        self.certificateStore = certificateStore
+    }
+
+    @MainActor public func migrate() throws {
+        let fileCerts = try FileManager.default
+            .contentsOfDirectory(atPath: directory.path())
+            .filter { $0.hasSuffix("-cert.pub") }
+        Task {
+            for path in fileCerts {
+                do {
+                    let url = directory.appending(component: path)
+                    let data = try Data(contentsOf: url)
+                    let parser = try await XPCCertificateParser()
+                    let cert = try await parser.parse(data: data)
+                    try certificateStore.save(certificate: cert, originalData: data)
+                    do {
+                        try FileManager.default.removeItem(at: url)
+                    } catch {
+                        logger.error("Failed to delete successfully migrated cert: \(path)")
+                    }
+                } catch {
+                    logger.error("Failed to migrate cert: \(path)")
+                }
+            }
+
+        }
+    }
+
+}
--- a/Sources/SecretAgent/XPCInputParser.swift
+++ b/Sources/SecretAgent/XPCInputParser.swift
@@ -1,5 +1,6 @@
 import Foundation
-import SecretAgentKit
+import OSLog
+import SSHProtocolKit
 import Brief
 import XPCWrappers
 import OSLog