external/secretive
1
0
Fork 0
mirror of https://github.com/maxgoedjen/secretive.git synced 2025-04-03 14:17:08 +00:00
Code Issues Projects Releases Wiki Activity

Merge a530a83e87 into ad56019901

Browse Source
This commit is contained in:
Taradai Dmitrii 2024-09-09 09:16:29 +00:00 committed by GitHub
commit da451c6a06
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 60 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Sources/Packages/Sources/SecretKit/Erasers/AnySecretStore.swift
View File

@ -2,7 +2,7 @@ import Foundation
import Combine
/// Type eraser for SecretStore.
public class AnySecretStore: SecretStore {
public class AnySecretStore: SecretStore, ObservableObject {
let base: Any
private let _isAvailable: () -> Bool
@ -28,9 +28,11 @@ public class AnySecretStore: SecretStore {
_existingPersistedAuthenticationContext = { secretStore.existingPersistedAuthenticationContext(secret: $0.base as! SecretStoreType.SecretType) }
_persistAuthentication = { try secretStore.persistAuthentication(secret: $0.base as! SecretStoreType.SecretType, forDuration: $1) }
_reloadSecrets = { secretStore.reloadSecrets() }
sink = secretStore.objectWillChange.sink { _ in
self.objectWillChange.send()
}
sink = secretStore.objectWillChange
.receive(on: DispatchQueue.main) // Ensure updates are received on the main thread
.sink { [weak self] _ in
self?.objectWillChange.send()
}
}
public var isAvailable: Bool {

6
Sources/Packages/Sources/SecretKit/KeychainTypes.swift
View File

@ -2,12 +2,6 @@ import Foundation
public typealias SecurityError = Unmanaged<CFError>
/// Wraps a Swift dictionary in a CFDictionary.
/// - Parameter dictionary: The Swift dictionary to wrap.
/// - Returns: A CFDictionary containing the keys and values.
public func KeychainDictionary(_ dictionary: [CFString: Any]) -> CFDictionary {
dictionary as CFDictionary
}
public extension CFError {

72
Sources/Packages/Sources/SecureEnclaveSecretKit/SecureEnclaveStore.swift
View File

@ -49,34 +49,34 @@ extension SecureEnclave {
throw error.takeRetainedValue() as Error
}
let attributes = KeychainDictionary([
let attributes : NSDictionary = [
kSecAttrLabel: name,
kSecAttrKeyType: Constants.keyType,
kSecAttrTokenID: kSecAttrTokenIDSecureEnclave,
kSecAttrApplicationTag: Constants.keyTag,
kSecAttrIsPermanent: true,
kSecPrivateKeyAttrs: [
kSecAttrIsPermanent: true,
kSecAttrKeyClass: kSecAttrKeyClassPrivate,
kSecAttrAccessControl: access
],
kSecPublicKeyAttrs: [
kSecAttrKeyClass: kSecAttrKeyClassPublic
]
])
]
var createKeyError: SecurityError?
let keypair = SecKeyCreateRandomKey(attributes, &createKeyError)
SecKeyCreateRandomKey(attributes, &createKeyError)
if let error = createKeyError {
throw error.takeRetainedValue() as Error
}
guard let keypair = keypair, let publicKey = SecKeyCopyPublicKey(keypair) else {
throw KeychainError(statusCode: nil)
}
try savePublicKey(publicKey, name: name)
reloadSecretsInternal()
}
public func delete(secret: Secret) throws {
let deleteAttributes = KeychainDictionary([
let deleteAttributes : NSDictionary = [
kSecClass: kSecClassKey,
kSecAttrApplicationLabel: secret.id as CFData
])
kSecAttrApplicationLabel: secret.id
]
let status = SecItemDelete(deleteAttributes)
if status != errSecSuccess {
throw KeychainError(statusCode: status)
@ -85,14 +85,14 @@ extension SecureEnclave {
}
public func update(secret: Secret, name: String) throws {
let updateQuery = KeychainDictionary([
let updateQuery : NSDictionary = [
kSecClass: kSecClassKey,
kSecAttrApplicationLabel: secret.id as CFData
])
kSecAttrApplicationLabel: secret.id
]
let updatedAttributes = KeychainDictionary([
let updatedAttributes : NSDictionary = [
kSecAttrLabel: name,
])
]
let status = SecItemUpdate(updateQuery, updatedAttributes)
if status != errSecSuccess {
@ -111,16 +111,16 @@ extension SecureEnclave {
context = newContext
}
context.localizedReason = String(localized: "auth_context_request_signature_description_\(provenance.origin.displayName)_\(secret.name)")
let attributes = KeychainDictionary([
let attributes : NSDictionary = [
kSecClass: kSecClassKey,
kSecAttrKeyClass: kSecAttrKeyClassPrivate,
kSecAttrApplicationLabel: secret.id as CFData,
kSecAttrApplicationLabel: secret.id,
kSecAttrKeyType: Constants.keyType,
kSecAttrTokenID: kSecAttrTokenIDSecureEnclave,
kSecAttrApplicationTag: Constants.keyTag,
kSecUseAuthenticationContext: context,
kSecReturnRef: true
])
]
var untyped: CFTypeRef?
let status = SecItemCopyMatching(attributes, &untyped)
if status != errSecSuccess {
@ -142,16 +142,16 @@ extension SecureEnclave {
let context = LAContext()
context.localizedReason = String(localized: "auth_context_request_verify_description_\(secret.name)")
context.localizedCancelTitle = String(localized: "auth_context_request_deny_button")
let attributes = KeychainDictionary([
let attributes : NSDictionary = [
kSecClass: kSecClassKey,
kSecAttrKeyClass: kSecAttrKeyClassPrivate,
kSecAttrApplicationLabel: secret.id as CFData,
kSecAttrApplicationLabel: secret.id,
kSecAttrKeyType: Constants.keyType,
kSecAttrTokenID: kSecAttrTokenIDSecureEnclave,
kSecAttrApplicationTag: Constants.keyTag,
kSecUseAuthenticationContext: context,
kSecReturnRef: true
])
]
var verifyError: SecurityError?
var untyped: CFTypeRef?
let status = SecItemCopyMatching(attributes, &untyped)
@ -225,7 +225,7 @@ extension SecureEnclave.Store {
/// Loads all secrets from the store.
private func loadSecrets() {
let publicAttributes = KeychainDictionary([
let publicAttributes : NSDictionary = [
kSecClass: kSecClassKey,
kSecAttrKeyType: SecureEnclave.Constants.keyType,
kSecAttrApplicationTag: SecureEnclave.Constants.keyTag,
@ -233,11 +233,11 @@ extension SecureEnclave.Store {
kSecReturnRef: true,
kSecMatchLimit: kSecMatchLimitAll,
kSecReturnAttributes: true
])
]
var publicUntyped: CFTypeRef?
SecItemCopyMatching(publicAttributes, &publicUntyped)
guard let publicTyped = publicUntyped as? [[CFString: Any]] else { return }
let privateAttributes = KeychainDictionary([
let privateAttributes : NSDictionary = [
kSecClass: kSecClassKey,
kSecAttrKeyType: SecureEnclave.Constants.keyType,
kSecAttrApplicationTag: SecureEnclave.Constants.keyTag,
@ -245,7 +245,7 @@ extension SecureEnclave.Store {
kSecReturnRef: true,
kSecMatchLimit: kSecMatchLimitAll,
kSecReturnAttributes: true
])
]
var privateUntyped: CFTypeRef?
SecItemCopyMatching(privateAttributes, &privateUntyped)
guard let privateTyped = privateUntyped as? [[CFString: Any]] else { return }
@ -278,26 +278,6 @@ extension SecureEnclave.Store {
secrets.append(contentsOf: wrapped)
}
/// Saves a public key.
/// - Parameters:
/// - publicKey: The public key to save.
/// - name: A user-facing name for the key.
private func savePublicKey(_ publicKey: SecKey, name: String) throws {
let attributes = KeychainDictionary([
kSecClass: kSecClassKey,
kSecAttrKeyType: SecureEnclave.Constants.keyType,
kSecAttrKeyClass: kSecAttrKeyClassPublic,
kSecAttrApplicationTag: SecureEnclave.Constants.keyTag,
kSecValueRef: publicKey,
kSecAttrIsPermanent: true,
kSecReturnData: true,
kSecAttrLabel: name
])
let status = SecItemAdd(attributes, nil)
if status != errSecSuccess {
throw KeychainError(statusCode: status)
}
}
}

26
Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift
View File

@ -52,14 +52,15 @@ extension SmartCard {
let context = LAContext()
context.localizedReason = String(localized: "auth_context_request_signature_description_\(provenance.origin.displayName)_\(secret.name)")
context.localizedCancelTitle = String(localized: "auth_context_request_deny_button")
let attributes = KeychainDictionary([
let attributes : NSDictionary = [
kSecClass: kSecClassKey,
kSecAttrKeyClass: kSecAttrKeyClassPrivate,
kSecAttrApplicationLabel: secret.id as CFData,
kSecAttrApplicationLabel: secret.id,
kSecAttrTokenID: tokenID,
kSecUseAuthenticationContext: context,
kSecReturnRef: true
])
]
var untyped: CFTypeRef?
let status = SecItemCopyMatching(attributes, &untyped)
if status != errSecSuccess {
@ -77,11 +78,12 @@ extension SmartCard {
}
public func verify(signature: Data, for data: Data, with secret: Secret) throws -> Bool {
let attributes = KeychainDictionary([
let attributes : NSDictionary = [
kSecAttrKeyType: secret.algorithm.secAttrKeyType,
kSecAttrKeySizeInBits: secret.keySize,
kSecAttrKeyClass: kSecAttrKeyClassPublic
])
]
var verifyError: SecurityError?
let untyped: CFTypeRef? = SecKeyCreateWithData(secret.publicKey as CFData, attributes, &verifyError)
guard let untypedSafe = untyped else {
@ -145,13 +147,13 @@ extension SmartCard.Store {
name = fallbackName
}
let attributes = KeychainDictionary([
let attributes : NSDictionary = [
kSecClass: kSecClassKey,
kSecAttrTokenID: tokenID,
kSecReturnRef: true,
kSecMatchLimit: kSecMatchLimitAll,
kSecReturnAttributes: true
])
]
var untyped: CFTypeRef?
SecItemCopyMatching(attributes, &untyped)
guard let typed = untyped as? [[CFString: Any]] else { return }
@ -185,12 +187,12 @@ extension SmartCard.Store {
let context = LAContext()
context.localizedReason = String(localized: "auth_context_request_encrypt_description_\(secret.name)")
context.localizedCancelTitle = String(localized: "auth_context_request_deny_button")
let attributes = KeychainDictionary([
let attributes : NSDictionary = [
kSecAttrKeyType: secret.algorithm.secAttrKeyType,
kSecAttrKeySizeInBits: secret.keySize,
kSecAttrKeyClass: kSecAttrKeyClassPublic,
kSecUseAuthenticationContext: context
])
]
var encryptError: SecurityError?
let untyped: CFTypeRef? = SecKeyCreateWithData(secret.publicKey as CFData, attributes, &encryptError)
guard let untypedSafe = untyped else {
@ -214,14 +216,14 @@ extension SmartCard.Store {
let context = LAContext()
context.localizedReason = String(localized: "auth_context_request_decrypt_description_\(secret.name)")
context.localizedCancelTitle = String(localized: "auth_context_request_deny_button")
let attributes = KeychainDictionary([
let attributes : NSDictionary = [
kSecClass: kSecClassKey,
kSecAttrKeyClass: kSecAttrKeyClassPrivate,
kSecAttrApplicationLabel: secret.id as CFData,
kSecAttrApplicationLabel: secret.id,
kSecAttrTokenID: tokenID,
kSecUseAuthenticationContext: context,
kSecReturnRef: true
])
]
var untyped: CFTypeRef?
let status = SecItemCopyMatching(attributes, &untyped)
if status != errSecSuccess {

12
Sources/Packages/Tests/SecretAgentKitTests/StubStore.swift
View File

@ -27,7 +27,7 @@ extension Stub {
flags,
nil) as Any
let attributes = KeychainDictionary([
let attributes : NSDictionary = [
kSecAttrLabel: name,
kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom,
kSecAttrKeySizeInBits: size,
@ -35,7 +35,7 @@ extension Stub {
kSecAttrIsPermanent: true,
kSecAttrAccessControl: access
]
])
]
let privateKey = SecKeyCreateRandomKey(attributes, nil)!
let publicKey = SecKeyCopyPublicKey(privateKey)!
@ -52,21 +52,21 @@ extension Stub {
guard !shouldThrow else {
throw NSError(domain: "test", code: 0, userInfo: nil)
}
let privateKey = SecKeyCreateWithData(secret.privateKey as CFData, KeychainDictionary([
let privateKey = SecKeyCreateWithData(secret.privateKey as CFData, [
kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom,
kSecAttrKeySizeInBits: secret.keySize,
kSecAttrKeyClass: kSecAttrKeyClassPrivate
])
] as CFDictionary
, nil)!
return SecKeyCreateSignature(privateKey, signatureAlgorithm(for: secret), data as CFData, nil)! as Data
}
public func verify(signature: Data, for data: Data, with secret: Stub.Secret) throws -> Bool {
let attributes = KeychainDictionary([
let attributes: NSDictionary = [
kSecAttrKeyType: secret.algorithm.secAttrKeyType,
kSecAttrKeySizeInBits: secret.keySize,
kSecAttrKeyClass: kSecAttrKeyClassPublic
])
]
var verifyError: Unmanaged<CFError>?
let untyped: CFTypeRef? = SecKeyCreateWithData(secret.publicKey as CFData, attributes, &verifyError)
guard let untypedSafe = untyped else {

5
Sources/SecretAgent/AppDelegate.swift
View File

@ -32,7 +32,10 @@ class AppDelegate: NSObject, NSApplicationDelegate {
func applicationDidFinishLaunching(_ aNotification: Notification) {
logger.debug("SecretAgent finished launching")
DispatchQueue.main.async {
self.socketController.handler = self.agent.handle(reader:writer:)
self.socketController.handler = { [weak self] reader, writer in
guard let self = self else { return false }
return await self.agent.handle(reader: reader, writer: writer)
}
}
NotificationCenter.default.addObserver(forName: .secretStoreReloaded, object: nil, queue: .main) { [self] _ in
try? publicKeyFileStoreController.generatePublicKeys(for: storeList.allSecrets, clear: true)

6
Sources/Secretive/Views/CreateSecretView.swift
View File

@ -93,14 +93,14 @@ struct ThumbnailPickerView<ValueType: Hashable>: View {
extension ThumbnailPickerView {
struct Item<ValueType: Hashable>: Identifiable {
struct Item<Value: Hashable>: Identifiable {
let id = UUID()
let value: ValueType
let value: Value
let name: LocalizedStringKey
let description: LocalizedStringKey
let thumbnail: AnyView
init<ViewType: View>(value: ValueType, name: LocalizedStringKey, description: LocalizedStringKey, thumbnail: ViewType) {
init<ThumbnailView: View>(value: Value, name: LocalizedStringKey, description: LocalizedStringKey, thumbnail: ThumbnailView) {
self.value = value
self.name = name
self.description = description

2
Sources/Secretive/Views/SetupView.swift
View File

@ -55,7 +55,7 @@ struct StepView: View {
.foregroundColor(.green)
.frame(width: max(0, ((width - (Constants.padding * 2)) / Double(numberOfSteps - 1)) * Double(currentStep) - (Constants.circleWidth / 2)), height: 5)
HStack {
ForEach(0..<numberOfSteps) { index in
ForEach(0..<numberOfSteps, id: \.self) { index in
ZStack {
if currentStep > index {
Circle()