passepartout-apple/PassepartoutLibrary/Sources/PassepartoutProfiles/Managers/ProfileManager+Keychain.swift

120 lines
3.7 KiB
Swift

//
// ProfileManager+Keychain.swift
// Passepartout
//
// Created by Davide De Rosa on 4/8/22.
// Copyright (c) 2022 Davide De Rosa. All rights reserved.
//
// https://github.com/passepartoutvpn
//
// This file is part of Passepartout.
//
// Passepartout is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Passepartout is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Passepartout. If not, see <http://www.gnu.org/licenses/>.
//
import Foundation
import TunnelKitManager
import PassepartoutCore
import PassepartoutUtils
extension ProfileManager {
public func savePassword(forProfile profile: Profile) {
guard !profile.isPlaceholder else {
assertionFailure("Placeholder")
return
}
guard let keychainEntry = profile.keychainEntry else {
return
}
let password = profile.account.password
guard !password.isEmpty else {
keychain.removePassword(
for: keychainEntry,
context: appGroup,
userDefined: profile.id.uuidString
)
return
}
do {
try keychain.set(
password: password,
for: keychainEntry,
context: appGroup,
userDefined: profile.id.uuidString,
label: keychainLabel(profile.header.name, profile.currentVPNProtocol)
)
} catch {
pp_log.error("Unable to save password to keychain: \(error)")
}
}
public func passwordReference(forProfile profile: Profile) -> Data? {
guard !profile.isPlaceholder else {
assertionFailure("Placeholder")
return nil
}
guard let keychainEntry = profile.keychainEntry else {
return nil
}
do {
return try keychain.passwordReference(
for: keychainEntry,
context: appGroup,
userDefined: profile.id.uuidString
)
} catch {
pp_log.debug("Unable to load password reference from keychain: \(error)")
return nil
}
}
}
private extension Profile {
var keychainEntry: String? {
"\(id.uuidString):\(currentVPNProtocol.description):\(account.username)"
}
}
extension Keychain {
func debugAllPasswords(matching id: UUID, context: String) {
var query = allPasswordsQuery(id, context)
query[kSecReturnAttributes as String] = true
var list: CFTypeRef?
switch SecItemCopyMatching(query as CFDictionary, &list) {
case errSecSuccess:
break
default:
return
}
guard let list = list else {
pp_log.debug("Keychain items: none")
return
}
pp_log.debug("Keychain items: \(list)")
}
func removeAllPasswords(matching id: UUID, context: String) {
_ = SecItemDelete(allPasswordsQuery(id, context) as CFDictionary)
}
private func allPasswordsQuery(_ id: UUID, _ context: String) -> [String: Any] {
var query = [String: Any]()
setScope(query: &query, context: context, userDefined: id.uuidString)
query[kSecClass as String] = kSecClassGenericPassword
return query
}
}