120 lines
3.7 KiB
Swift
120 lines
3.7 KiB
Swift
//
|
|
// ProfileManager+Keychain.swift
|
|
// Passepartout
|
|
//
|
|
// Created by Davide De Rosa on 4/8/22.
|
|
// Copyright (c) 2022 Davide De Rosa. All rights reserved.
|
|
//
|
|
// https://github.com/passepartoutvpn
|
|
//
|
|
// This file is part of Passepartout.
|
|
//
|
|
// Passepartout is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// Passepartout is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU General Public License
|
|
// along with Passepartout. If not, see <http://www.gnu.org/licenses/>.
|
|
//
|
|
|
|
import Foundation
|
|
import TunnelKitManager
|
|
import PassepartoutCore
|
|
import PassepartoutUtils
|
|
|
|
extension ProfileManager {
|
|
public func savePassword(forProfile profile: Profile, newPassword: String? = nil) {
|
|
guard !profile.isPlaceholder else {
|
|
assertionFailure("Placeholder")
|
|
return
|
|
}
|
|
guard let keychainEntry = profile.keychainEntry else {
|
|
return
|
|
}
|
|
let password = newPassword ?? profile.account.password
|
|
guard !password.isEmpty else {
|
|
keychain.removePassword(
|
|
for: keychainEntry,
|
|
context: appGroup,
|
|
userDefined: profile.id.uuidString
|
|
)
|
|
return
|
|
}
|
|
do {
|
|
try keychain.set(
|
|
password: password,
|
|
for: keychainEntry,
|
|
context: appGroup,
|
|
userDefined: profile.id.uuidString,
|
|
label: keychainLabel(profile.header.name, profile.currentVPNProtocol)
|
|
)
|
|
} catch {
|
|
pp_log.error("Unable to save password to keychain: \(error)")
|
|
}
|
|
}
|
|
|
|
public func passwordReference(forProfile profile: Profile) -> Data? {
|
|
guard !profile.isPlaceholder else {
|
|
assertionFailure("Placeholder")
|
|
return nil
|
|
}
|
|
guard let keychainEntry = profile.keychainEntry else {
|
|
return nil
|
|
}
|
|
do {
|
|
return try keychain.passwordReference(
|
|
for: keychainEntry,
|
|
context: appGroup,
|
|
userDefined: profile.id.uuidString
|
|
)
|
|
} catch {
|
|
pp_log.debug("Unable to load password reference from keychain: \(error)")
|
|
return nil
|
|
}
|
|
}
|
|
}
|
|
|
|
private extension Profile {
|
|
var keychainEntry: String? {
|
|
"\(id.uuidString):\(currentVPNProtocol.description):\(account.username)"
|
|
}
|
|
}
|
|
|
|
extension Keychain {
|
|
func debugAllPasswords(matching id: UUID, context: String) {
|
|
var query = allPasswordsQuery(id, context)
|
|
query[kSecReturnAttributes as String] = true
|
|
|
|
var list: CFTypeRef?
|
|
switch SecItemCopyMatching(query as CFDictionary, &list) {
|
|
case errSecSuccess:
|
|
break
|
|
|
|
default:
|
|
return
|
|
}
|
|
guard let list = list else {
|
|
pp_log.debug("Keychain items: none")
|
|
return
|
|
}
|
|
pp_log.debug("Keychain items: \(list)")
|
|
}
|
|
|
|
func removeAllPasswords(matching id: UUID, context: String) {
|
|
_ = SecItemDelete(allPasswordsQuery(id, context) as CFDictionary)
|
|
}
|
|
|
|
private func allPasswordsQuery(_ id: UUID, _ context: String) -> [String: Any] {
|
|
var query = [String: Any]()
|
|
setScope(query: &query, context: context, userDefined: id.uuidString)
|
|
query[kSecClass as String] = kSecClassGenericPassword
|
|
return query
|
|
}
|
|
}
|