62 lines
2.6 KiB
Swift
62 lines
2.6 KiB
Swift
import Foundation
|
|
import Combine
|
|
|
|
/// Manages access to Secrets, and performs signature operations on data using those Secrets.
|
|
public protocol SecretStore: ObservableObject, Identifiable {
|
|
|
|
associatedtype SecretType: Secret
|
|
|
|
/// A boolean indicating whether or not the store is available.
|
|
var isAvailable: Bool { get }
|
|
/// A unique identifier for the store.
|
|
var id: UUID { get }
|
|
/// A user-facing name for the store.
|
|
var name: String { get }
|
|
/// The secrets the store manages.
|
|
var secrets: [SecretType] { get }
|
|
|
|
/// Signs a data payload with a specified Secret.
|
|
/// - Parameters:
|
|
/// - data: The data to sign.
|
|
/// - secret: The ``Secret`` to sign with.
|
|
/// - provenance: A ``SigningRequestProvenance`` describing where the request came from.
|
|
/// - Returns: A ``SignedData`` object, containing the signature and metadata about the signature process.
|
|
func sign(data: Data, with secret: SecretType, for provenance: SigningRequestProvenance) throws -> SignedData
|
|
|
|
/// Persists user authorization for access to a secret.
|
|
/// - Parameters:
|
|
/// - secret: The ``Secret`` to persist the authorization for.
|
|
/// - duration: The duration that the authorization should persist for.
|
|
/// - Note: This is used for temporarily unlocking access to a secret which would otherwise require authentication every single use. This is useful for situations where the user anticipates several rapid accesses to a authorization-guarded secret.
|
|
func persistAuthentication(secret: SecretType, forDuration duration: TimeInterval) throws
|
|
|
|
}
|
|
|
|
/// A SecretStore that the Secretive admin app can modify.
|
|
public protocol SecretStoreModifiable: SecretStore {
|
|
|
|
/// Creates a new ``Secret`` in the store.
|
|
/// - Parameters:
|
|
/// - name: The user-facing name for the ``Secret``.
|
|
/// - requiresAuthentication: A boolean indicating whether or not the user will be required to authenticate before performing signature operations with the secret.
|
|
func create(name: String, requiresAuthentication: Bool) throws
|
|
|
|
/// Deletes a Secret in the store.
|
|
/// - Parameters:
|
|
/// - secret: The ``Secret`` to delete.
|
|
func delete(secret: SecretType) throws
|
|
|
|
/// Updates the name of a Secret in the store.
|
|
/// - Parameters:
|
|
/// - secret: The ``Secret`` to update.
|
|
/// - name: The new name for the Secret.
|
|
func update(secret: SecretType, name: String) throws
|
|
|
|
}
|
|
|
|
extension NSNotification.Name {
|
|
|
|
public static let secretStoreUpdated = NSNotification.Name("com.maxgoedjen.Secretive.secretStore.updated")
|
|
|
|
}
|