passepartout-apple/PassepartoutLibrary/Sources/PassepartoutVPNImpl/Strategies/KeychainSecretRepository.swift

88 lines
2.9 KiB
Swift

//
// KeychainSecretRepository.swift
// Passepartout
//
// Created by Davide De Rosa on 5/23/23.
// Copyright (c) 2023 Davide De Rosa. All rights reserved.
//
// https://github.com/passepartoutvpn
//
// This file is part of Passepartout.
//
// Passepartout is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Passepartout is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Passepartout. If not, see <http://www.gnu.org/licenses/>.
//
import Foundation
import PassepartoutCore
import PassepartoutVPN
import TunnelKitManager
public final class KeychainSecretRepository: SecretRepository {
private let appGroup: String
private let keychain: Keychain
public init(appGroup: String) {
guard UserDefaults(suiteName: appGroup) != nil else {
fatalError("No entitlements for group '\(appGroup)'")
}
self.appGroup = appGroup
keychain = Keychain(group: appGroup)
}
public func set(password: String, for entry: String, userDefined: String, label: String) throws {
try keychain.set(password: password, for: entry, context: appGroup, userDefined: userDefined, label: label)
}
public func removePassword(for entry: String, userDefined: String) {
keychain.removePassword(for: entry, context: appGroup, userDefined: userDefined)
}
public func passwordReference(for entry: String, userDefined: String) throws -> Data {
try keychain.passwordReference(for: entry, context: appGroup, userDefined: userDefined)
}
}
extension KeychainSecretRepository {
public func debugAllPasswords(matching id: UUID) {
var query = allPasswordsQuery(id, appGroup)
query[kSecReturnAttributes as String] = true
var list: CFTypeRef?
switch SecItemCopyMatching(query as CFDictionary, &list) {
case errSecSuccess:
break
default:
return
}
guard let list = list else {
pp_log.debug("Keychain items: none")
return
}
pp_log.debug("Keychain items: \(list)")
}
public func removeAllPasswords(matching id: UUID) {
_ = SecItemDelete(allPasswordsQuery(id, appGroup) as CFDictionary)
}
private func allPasswordsQuery(_ id: UUID, _ context: String) -> [String: Any] {
var query = [String: Any]()
keychain.setScope(query: &query, context: context, userDefined: id.uuidString)
query[kSecClass as String] = kSecClassGenericPassword
return query
}
}