mirror of
				https://github.com/maxgoedjen/secretive.git
				synced 2025-10-25 12:30:57 +00:00 
			
		
		
		
	refactoring KeychainDictionary
from CFDictionary to NSDictionary high-level API, supports ARC, which simplifies development and reduces the likelihood of memory leaks.
This commit is contained in:
		
							parent
							
								
									ad56019901
								
							
						
					
					
						commit
						fd7a9c2f7a
					
				| @ -2,12 +2,6 @@ import Foundation | ||||
| 
 | ||||
| public typealias SecurityError = Unmanaged<CFError> | ||||
| 
 | ||||
| /// Wraps a Swift dictionary in a CFDictionary. | ||||
| /// - Parameter dictionary: The Swift dictionary to wrap. | ||||
| /// - Returns: A CFDictionary containing the keys and values. | ||||
| public func KeychainDictionary(_ dictionary: [CFString: Any]) -> CFDictionary { | ||||
|     dictionary as CFDictionary | ||||
| } | ||||
| 
 | ||||
| public extension CFError { | ||||
| 
 | ||||
|  | ||||
| @ -49,7 +49,7 @@ extension SecureEnclave { | ||||
|                 throw error.takeRetainedValue() as Error | ||||
|             } | ||||
| 
 | ||||
|             let attributes = KeychainDictionary([ | ||||
|             let attributes : NSDictionary = [ | ||||
|                 kSecAttrLabel: name, | ||||
|                 kSecAttrKeyType: Constants.keyType, | ||||
|                 kSecAttrTokenID: kSecAttrTokenIDSecureEnclave, | ||||
| @ -58,7 +58,7 @@ extension SecureEnclave { | ||||
|                     kSecAttrIsPermanent: true, | ||||
|                     kSecAttrAccessControl: access | ||||
|                 ] | ||||
|             ]) | ||||
|             ] | ||||
| 
 | ||||
|             var createKeyError: SecurityError? | ||||
|             let keypair = SecKeyCreateRandomKey(attributes, &createKeyError) | ||||
| @ -73,10 +73,10 @@ extension SecureEnclave { | ||||
|         } | ||||
| 
 | ||||
|         public func delete(secret: Secret) throws { | ||||
|             let deleteAttributes = KeychainDictionary([ | ||||
|             let deleteAttributes : NSDictionary = [ | ||||
|                 kSecClass: kSecClassKey, | ||||
|                 kSecAttrApplicationLabel: secret.id as CFData | ||||
|             ]) | ||||
|                 kSecAttrApplicationLabel: secret.id | ||||
|             ] | ||||
|             let status = SecItemDelete(deleteAttributes) | ||||
|             if status != errSecSuccess { | ||||
|                 throw KeychainError(statusCode: status) | ||||
| @ -85,14 +85,14 @@ extension SecureEnclave { | ||||
|         } | ||||
| 
 | ||||
|         public func update(secret: Secret, name: String) throws { | ||||
|             let updateQuery = KeychainDictionary([ | ||||
|             let updateQuery : NSDictionary = [ | ||||
|                 kSecClass: kSecClassKey, | ||||
|                 kSecAttrApplicationLabel: secret.id as CFData | ||||
|             ]) | ||||
|                 kSecAttrApplicationLabel: secret.id | ||||
|             ] | ||||
| 
 | ||||
|             let updatedAttributes = KeychainDictionary([ | ||||
|             let updatedAttributes : NSDictionary = [ | ||||
|                 kSecAttrLabel: name, | ||||
|             ]) | ||||
|             ] | ||||
| 
 | ||||
|             let status = SecItemUpdate(updateQuery, updatedAttributes) | ||||
|             if status != errSecSuccess { | ||||
| @ -111,16 +111,16 @@ extension SecureEnclave { | ||||
|                 context = newContext | ||||
|             } | ||||
|             context.localizedReason = String(localized: "auth_context_request_signature_description_\(provenance.origin.displayName)_\(secret.name)") | ||||
|             let attributes = KeychainDictionary([ | ||||
|             let attributes : NSDictionary = [ | ||||
|                 kSecClass: kSecClassKey, | ||||
|                 kSecAttrKeyClass: kSecAttrKeyClassPrivate, | ||||
|                 kSecAttrApplicationLabel: secret.id as CFData, | ||||
|                 kSecAttrApplicationLabel: secret.id, | ||||
|                 kSecAttrKeyType: Constants.keyType, | ||||
|                 kSecAttrTokenID: kSecAttrTokenIDSecureEnclave, | ||||
|                 kSecAttrApplicationTag: Constants.keyTag, | ||||
|                 kSecUseAuthenticationContext: context, | ||||
|                 kSecReturnRef: true | ||||
|                 ]) | ||||
|                 ] | ||||
|             var untyped: CFTypeRef? | ||||
|             let status = SecItemCopyMatching(attributes, &untyped) | ||||
|             if status != errSecSuccess { | ||||
| @ -142,16 +142,16 @@ extension SecureEnclave { | ||||
|             let context = LAContext() | ||||
|             context.localizedReason = String(localized: "auth_context_request_verify_description_\(secret.name)") | ||||
|             context.localizedCancelTitle = String(localized: "auth_context_request_deny_button") | ||||
|             let attributes = KeychainDictionary([ | ||||
|             let attributes : NSDictionary = [ | ||||
|                 kSecClass: kSecClassKey, | ||||
|                 kSecAttrKeyClass: kSecAttrKeyClassPrivate, | ||||
|                 kSecAttrApplicationLabel: secret.id as CFData, | ||||
|                 kSecAttrApplicationLabel: secret.id, | ||||
|                 kSecAttrKeyType: Constants.keyType, | ||||
|                 kSecAttrTokenID: kSecAttrTokenIDSecureEnclave, | ||||
|                 kSecAttrApplicationTag: Constants.keyTag, | ||||
|                 kSecUseAuthenticationContext: context, | ||||
|                 kSecReturnRef: true | ||||
|                 ]) | ||||
|                 ] | ||||
|             var verifyError: SecurityError? | ||||
|             var untyped: CFTypeRef? | ||||
|             let status = SecItemCopyMatching(attributes, &untyped) | ||||
| @ -225,7 +225,7 @@ extension SecureEnclave.Store { | ||||
| 
 | ||||
|     /// Loads all secrets from the store. | ||||
|     private func loadSecrets() { | ||||
|         let publicAttributes = KeychainDictionary([ | ||||
|         let publicAttributes : NSDictionary = [ | ||||
|             kSecClass: kSecClassKey, | ||||
|             kSecAttrKeyType: SecureEnclave.Constants.keyType, | ||||
|             kSecAttrApplicationTag: SecureEnclave.Constants.keyTag, | ||||
| @ -233,11 +233,11 @@ extension SecureEnclave.Store { | ||||
|             kSecReturnRef: true, | ||||
|             kSecMatchLimit: kSecMatchLimitAll, | ||||
|             kSecReturnAttributes: true | ||||
|             ]) | ||||
|             ] | ||||
|         var publicUntyped: CFTypeRef? | ||||
|         SecItemCopyMatching(publicAttributes, &publicUntyped) | ||||
|         guard let publicTyped = publicUntyped as? [[CFString: Any]] else { return } | ||||
|         let privateAttributes = KeychainDictionary([ | ||||
|         let privateAttributes : NSDictionary = [ | ||||
|             kSecClass: kSecClassKey, | ||||
|             kSecAttrKeyType: SecureEnclave.Constants.keyType, | ||||
|             kSecAttrApplicationTag: SecureEnclave.Constants.keyTag, | ||||
| @ -245,7 +245,7 @@ extension SecureEnclave.Store { | ||||
|             kSecReturnRef: true, | ||||
|             kSecMatchLimit: kSecMatchLimitAll, | ||||
|             kSecReturnAttributes: true | ||||
|             ]) | ||||
|             ] | ||||
|         var privateUntyped: CFTypeRef? | ||||
|         SecItemCopyMatching(privateAttributes, &privateUntyped) | ||||
|         guard let privateTyped = privateUntyped as? [[CFString: Any]] else { return } | ||||
| @ -283,7 +283,7 @@ extension SecureEnclave.Store { | ||||
|     ///   - publicKey: The public key to save. | ||||
|     ///   - name: A user-facing name for the key. | ||||
|     private func savePublicKey(_ publicKey: SecKey, name: String) throws { | ||||
|         let attributes = KeychainDictionary([ | ||||
|         let attributes : NSDictionary = [ | ||||
|             kSecClass: kSecClassKey, | ||||
|             kSecAttrKeyType: SecureEnclave.Constants.keyType, | ||||
|             kSecAttrKeyClass: kSecAttrKeyClassPublic, | ||||
| @ -292,7 +292,7 @@ extension SecureEnclave.Store { | ||||
|             kSecAttrIsPermanent: true, | ||||
|             kSecReturnData: true, | ||||
|             kSecAttrLabel: name | ||||
|             ]) | ||||
|             ] | ||||
|         let status = SecItemAdd(attributes, nil) | ||||
|         if status != errSecSuccess { | ||||
|             throw KeychainError(statusCode: status) | ||||
|  | ||||
| @ -52,14 +52,15 @@ extension SmartCard { | ||||
|             let context = LAContext() | ||||
|             context.localizedReason = String(localized: "auth_context_request_signature_description_\(provenance.origin.displayName)_\(secret.name)") | ||||
|             context.localizedCancelTitle = String(localized: "auth_context_request_deny_button") | ||||
|             let attributes = KeychainDictionary([ | ||||
|             let attributes : NSDictionary = [ | ||||
|                 kSecClass: kSecClassKey, | ||||
|                 kSecAttrKeyClass: kSecAttrKeyClassPrivate, | ||||
|                 kSecAttrApplicationLabel: secret.id as CFData, | ||||
|                 kSecAttrApplicationLabel: secret.id, | ||||
|                 kSecAttrTokenID: tokenID, | ||||
|                 kSecUseAuthenticationContext: context, | ||||
|                 kSecReturnRef: true | ||||
|             ]) | ||||
|             ] | ||||
|              | ||||
|             var untyped: CFTypeRef? | ||||
|             let status = SecItemCopyMatching(attributes, &untyped) | ||||
|             if status != errSecSuccess { | ||||
| @ -77,11 +78,12 @@ extension SmartCard { | ||||
|         } | ||||
|          | ||||
|         public func verify(signature: Data, for data: Data, with secret: Secret) throws -> Bool { | ||||
|             let attributes = KeychainDictionary([ | ||||
|             let attributes : NSDictionary = [ | ||||
|                 kSecAttrKeyType: secret.algorithm.secAttrKeyType, | ||||
|                 kSecAttrKeySizeInBits: secret.keySize, | ||||
|                 kSecAttrKeyClass: kSecAttrKeyClassPublic | ||||
|             ]) | ||||
|             ] | ||||
|              | ||||
|             var verifyError: SecurityError? | ||||
|             let untyped: CFTypeRef? = SecKeyCreateWithData(secret.publicKey as CFData, attributes, &verifyError) | ||||
|             guard let untypedSafe = untyped else { | ||||
| @ -145,13 +147,13 @@ extension SmartCard.Store { | ||||
|             name = fallbackName | ||||
|         } | ||||
| 
 | ||||
|         let attributes = KeychainDictionary([ | ||||
|         let attributes : NSDictionary = [ | ||||
|             kSecClass: kSecClassKey, | ||||
|             kSecAttrTokenID: tokenID, | ||||
|             kSecReturnRef: true, | ||||
|             kSecMatchLimit: kSecMatchLimitAll, | ||||
|             kSecReturnAttributes: true | ||||
|         ]) | ||||
|         ] | ||||
|         var untyped: CFTypeRef? | ||||
|         SecItemCopyMatching(attributes, &untyped) | ||||
|         guard let typed = untyped as? [[CFString: Any]] else { return } | ||||
| @ -185,12 +187,12 @@ extension SmartCard.Store { | ||||
|         let context = LAContext() | ||||
|         context.localizedReason = String(localized: "auth_context_request_encrypt_description_\(secret.name)") | ||||
|         context.localizedCancelTitle = String(localized: "auth_context_request_deny_button") | ||||
|         let attributes = KeychainDictionary([ | ||||
|         let attributes : NSDictionary = [ | ||||
|             kSecAttrKeyType: secret.algorithm.secAttrKeyType, | ||||
|             kSecAttrKeySizeInBits: secret.keySize, | ||||
|             kSecAttrKeyClass: kSecAttrKeyClassPublic, | ||||
|             kSecUseAuthenticationContext: context | ||||
|         ]) | ||||
|         ] | ||||
|         var encryptError: SecurityError? | ||||
|         let untyped: CFTypeRef? = SecKeyCreateWithData(secret.publicKey as CFData, attributes, &encryptError) | ||||
|         guard let untypedSafe = untyped else { | ||||
| @ -214,14 +216,14 @@ extension SmartCard.Store { | ||||
|         let context = LAContext() | ||||
|         context.localizedReason = String(localized: "auth_context_request_decrypt_description_\(secret.name)") | ||||
|         context.localizedCancelTitle = String(localized: "auth_context_request_deny_button") | ||||
|         let attributes = KeychainDictionary([ | ||||
|         let attributes : NSDictionary = [ | ||||
|             kSecClass: kSecClassKey, | ||||
|             kSecAttrKeyClass: kSecAttrKeyClassPrivate, | ||||
|             kSecAttrApplicationLabel: secret.id as CFData, | ||||
|             kSecAttrApplicationLabel: secret.id, | ||||
|             kSecAttrTokenID: tokenID, | ||||
|             kSecUseAuthenticationContext: context, | ||||
|             kSecReturnRef: true | ||||
|         ]) | ||||
|         ] | ||||
|         var untyped: CFTypeRef? | ||||
|         let status = SecItemCopyMatching(attributes, &untyped) | ||||
|         if status != errSecSuccess { | ||||
|  | ||||
| @ -27,7 +27,7 @@ extension Stub { | ||||
|                                                 flags, | ||||
|                                                 nil) as Any | ||||
| 
 | ||||
|             let attributes = KeychainDictionary([ | ||||
|             let attributes : NSDictionary = [ | ||||
|                 kSecAttrLabel: name, | ||||
|                 kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom, | ||||
|                 kSecAttrKeySizeInBits: size, | ||||
| @ -35,7 +35,7 @@ extension Stub { | ||||
|                     kSecAttrIsPermanent: true, | ||||
|                     kSecAttrAccessControl: access | ||||
|                 ] | ||||
|                 ]) | ||||
|                 ] | ||||
| 
 | ||||
|             let privateKey = SecKeyCreateRandomKey(attributes, nil)! | ||||
|             let publicKey = SecKeyCopyPublicKey(privateKey)! | ||||
| @ -52,21 +52,21 @@ extension Stub { | ||||
|             guard !shouldThrow else { | ||||
|                 throw NSError(domain: "test", code: 0, userInfo: nil) | ||||
|             } | ||||
|             let privateKey = SecKeyCreateWithData(secret.privateKey as CFData, KeychainDictionary([ | ||||
|             let privateKey = SecKeyCreateWithData(secret.privateKey as CFData, [ | ||||
|                 kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom, | ||||
|                 kSecAttrKeySizeInBits: secret.keySize, | ||||
|                 kSecAttrKeyClass: kSecAttrKeyClassPrivate | ||||
|                 ]) | ||||
|                 ] as CFDictionary | ||||
|                 , nil)! | ||||
|             return SecKeyCreateSignature(privateKey, signatureAlgorithm(for: secret), data as CFData, nil)! as Data | ||||
|         } | ||||
| 
 | ||||
|         public func verify(signature: Data, for data: Data, with secret: Stub.Secret) throws -> Bool { | ||||
|             let attributes = KeychainDictionary([ | ||||
|             let attributes: NSDictionary = [ | ||||
|                 kSecAttrKeyType: secret.algorithm.secAttrKeyType, | ||||
|                 kSecAttrKeySizeInBits: secret.keySize, | ||||
|                 kSecAttrKeyClass: kSecAttrKeyClassPublic | ||||
|             ]) | ||||
|             ] | ||||
|             var verifyError: Unmanaged<CFError>? | ||||
|             let untyped: CFTypeRef? = SecKeyCreateWithData(secret.publicKey as CFData, attributes, &verifyError) | ||||
|             guard let untypedSafe = untyped else { | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user