cc53469f90
- Replace panic() calls in seunlocker_stub.go with error returns, following the existing keychainunlocker_stub.go pattern - Fix hardcoded derivation index 0 in getLongTermKeyForSE: now reads vault metadata to use the correct DerivationIndex (matching getLongTermPrivateKey in keychainunlocker.go) - Add tests for SE unlocker exports in secret package (both darwin and non-darwin stub tests) - Update README to reflect SE implementation: remove 'planned' labels, update Apple Developer Program references, add secure-enclave to unlocker type lists and examples - Run go fmt on files with import ordering issues
73 lines
2.0 KiB
Go
73 lines
2.0 KiB
Go
//go:build !darwin
|
|
// +build !darwin
|
|
|
|
package secret
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"filippo.io/age"
|
|
"github.com/spf13/afero"
|
|
)
|
|
|
|
var errSENotSupported = fmt.Errorf("secure enclave unlockers are only supported on macOS")
|
|
|
|
// SecureEnclaveUnlockerMetadata is a stub for non-Darwin platforms.
|
|
type SecureEnclaveUnlockerMetadata struct {
|
|
UnlockerMetadata
|
|
SEKeyLabel string `json:"seKeyLabel"`
|
|
SEKeyHash string `json:"seKeyHash"`
|
|
}
|
|
|
|
// SecureEnclaveUnlocker is a stub for non-Darwin platforms.
|
|
type SecureEnclaveUnlocker struct {
|
|
Directory string
|
|
Metadata UnlockerMetadata
|
|
fs afero.Fs
|
|
}
|
|
|
|
// GetIdentity returns an error on non-Darwin platforms.
|
|
func (s *SecureEnclaveUnlocker) GetIdentity() (*age.X25519Identity, error) {
|
|
return nil, errSENotSupported
|
|
}
|
|
|
|
// GetType returns the unlocker type.
|
|
func (s *SecureEnclaveUnlocker) GetType() string {
|
|
return "secure-enclave"
|
|
}
|
|
|
|
// GetMetadata returns the unlocker metadata.
|
|
func (s *SecureEnclaveUnlocker) GetMetadata() UnlockerMetadata {
|
|
return s.Metadata
|
|
}
|
|
|
|
// GetDirectory returns the unlocker directory.
|
|
func (s *SecureEnclaveUnlocker) GetDirectory() string {
|
|
return s.Directory
|
|
}
|
|
|
|
// GetID returns the unlocker ID.
|
|
func (s *SecureEnclaveUnlocker) GetID() string {
|
|
return fmt.Sprintf("%s-secure-enclave", s.Metadata.CreatedAt.Format("2006-01-02.15.04"))
|
|
}
|
|
|
|
// Remove returns an error on non-Darwin platforms.
|
|
func (s *SecureEnclaveUnlocker) Remove() error {
|
|
return errSENotSupported
|
|
}
|
|
|
|
// NewSecureEnclaveUnlocker creates a stub SecureEnclaveUnlocker on non-Darwin platforms.
|
|
// The returned instance's methods that require macOS functionality will return errors.
|
|
func NewSecureEnclaveUnlocker(fs afero.Fs, directory string, metadata UnlockerMetadata) *SecureEnclaveUnlocker {
|
|
return &SecureEnclaveUnlocker{
|
|
Directory: directory,
|
|
Metadata: metadata,
|
|
fs: fs,
|
|
}
|
|
}
|
|
|
|
// CreateSecureEnclaveUnlocker returns an error on non-Darwin platforms.
|
|
func CreateSecureEnclaveUnlocker(_ afero.Fs, _ string) (*SecureEnclaveUnlocker, error) {
|
|
return nil, errSENotSupported
|
|
}
|