Prompting for access.

2026-03-26 02:57:22 +01:00 · 2020-09-23 21:32:36 -07:00
parent d68479cf10
commit bbae36a29c
8 changed files with 21 additions and 15 deletions
--- a/SecretKit/Common/Erasers/AnySecretStore.swift
+++ b/SecretKit/Common/Erasers/AnySecretStore.swift
@@ -8,7 +8,7 @@ public class AnySecretStore: SecretStore {
    private let _id: () -> UUID
    private let _name: () -> String
    private let _secrets: () -> [AnySecret]
-    private let _sign: (Data, AnySecret) throws -> Data
+    private let _sign: (Data, AnySecret, SigningRequestProvenance) throws -> Data
    private var sink: AnyCancellable?

    public init<SecretStoreType>(_ secretStore: SecretStoreType) where SecretStoreType: SecretStore {
@@ -17,7 +17,7 @@ public class AnySecretStore: SecretStore {
        _name = { secretStore.name }
        _id = { secretStore.id }
        _secrets = { secretStore.secrets.map { AnySecret($0) } }
-        _sign = { try secretStore.sign(data: $0, with: $1.base as! SecretStoreType.SecretType) }
+        _sign = { try secretStore.sign(data: $0, with: $1.base as! SecretStoreType.SecretType, for: $2) }
        sink = secretStore.objectWillChange.sink { _ in
            self.objectWillChange.send()
        }
@@ -39,8 +39,8 @@ public class AnySecretStore: SecretStore {
        return _secrets()
    }

-    public func sign(data: Data, with secret: AnySecret) throws -> Data {
-        try _sign(data, secret)
+    public func sign(data: Data, with secret: AnySecret, for provenance: SigningRequestProvenance) throws -> Data {
+        try _sign(data, secret, provenance)
    }

 }
--- a/SecretKit/Common/Types/SecretStore.swift
+++ b/SecretKit/Common/Types/SecretStore.swift
@@ -9,7 +9,7 @@ public protocol SecretStore: ObservableObject, Identifiable {
    var name: String { get }
    var secrets: [SecretType] { get }

-    func sign(data: Data, with secret: SecretType) throws -> Data
+    func sign(data: Data, with secret: SecretType, for provenance: SigningRequestProvenance) throws -> Data

 }

--- a/SecretKit/Common/Types/SigningRequestProvenance.swift
+++ b/SecretKit/Common/Types/SigningRequestProvenance.swift
@@ -0,0 +1,45 @@
+import Foundation
+import AppKit
+
+public struct SigningRequestProvenance: Equatable {
+
+    public var chain: [Process]
+    public init(root: Process) {
+        self.chain = [root]
+    }
+
+}
+
+extension SigningRequestProvenance {
+
+    public var origin: Process {
+        chain.last!
+    }
+
+    public var intact: Bool {
+        chain.allSatisfy { $0.validSignature }
+    }
+
+}
+
+extension SigningRequestProvenance {
+
+    public struct Process: Equatable {
+
+        public let pid: Int32
+        public let name: String
+        public let path: String
+        public let validSignature: Bool
+        public let parentPID: Int32?
+
+        public init(pid: Int32, name: String, path: String, validSignature: Bool, parentPID: Int32?) {
+            self.pid = pid
+            self.name = name
+            self.path = path
+            self.validSignature = validSignature
+            self.parentPID = parentPID
+        }
+
+    }
+
+}
--- a/SecretKit/SecureEnclave/SecureEnclaveStore.swift
+++ b/SecretKit/SecureEnclave/SecureEnclaveStore.swift
@@ -76,9 +76,9 @@ extension SecureEnclave {
            reloadSecrets()
        }

-        public func sign(data: Data, with secret: SecretType) throws -> Data {
+        public func sign(data: Data, with secret: SecretType, for provenance: SigningRequestProvenance) throws -> Data {
            let context = LAContext()
-            context.localizedReason = "sign a request from Terminal using secret \"\(secret.name)\""
+            context.localizedReason = "sign a request from \(provenance.origin) using secret \"\(secret.name)\""
            context.localizedCancelTitle = "Deny"
            let attributes = [
                kSecClass: kSecClassKey,
--- a/SecretKit/SmartCard/SmartCardStore.swift
+++ b/SecretKit/SmartCard/SmartCardStore.swift
@@ -1,6 +1,7 @@
 import Foundation
 import Security
 import CryptoTokenKit
+import LocalAuthentication

 // TODO: Might need to split this up into "sub-stores?"
 // ie, each token has its own Store.
@@ -43,13 +44,17 @@ extension SmartCard {
            fatalError("Keys must be deleted on the smart card.")
        }

-        public func sign(data: Data, with secret: SecretType) throws -> Data {
+        public func sign(data: Data, with secret: SecretType, for provenance: SigningRequestProvenance) throws -> Data {
            guard let tokenID = tokenID else { fatalError() }
+            let context = LAContext()
+            context.localizedReason = "sign a request from \(provenance.origin.name) using secret \"\(secret.name)\""
+            context.localizedCancelTitle = "Deny"
            let attributes = [
                kSecClass: kSecClassKey,
                kSecAttrKeyClass: kSecAttrKeyClassPrivate,
                kSecAttrApplicationLabel: secret.id as CFData,
                kSecAttrTokenID: tokenID,
+                kSecUseAuthenticationContext: context,
                kSecReturnRef: true
                ] as CFDictionary
            var untyped: CFTypeRef?