Pick tunnel password reference from existing item

Assume that credentials already exist elsewhere for reuse as password reference. Avoids a redundant keychain entry.
2021-01-27 01:27:28 +01:00 · 2021-01-27 01:27:28 +01:00 · 4490f0c116
parent 4b3f3dee5f
commit 4490f0c116
2 changed files with 16 additions and 11 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -12,6 +12,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Handle `--data-ciphers` and `data-ciphers-fallback` from OpenVPN 2.5
 - Support DNS over HTTPS (DoH) and TLS (DoT).

+### Changed
+
+- Pick tunnel password reference from an existing keychain item context.
+
 ### Fixed

 - Do not override network DNS settings when not provided by VPN. [#197](https://github.com/passepartoutvpn/tunnelkit/issues/197)
--- a/TunnelKit/Sources/Protocols/OpenVPN/AppExtension/OpenVPNTunnelProvider+Configuration.swift
+++ b/TunnelKit/Sources/Protocols/OpenVPN/AppExtension/OpenVPNTunnelProvider+Configuration.swift
@ -273,24 +273,25 @@ extension OpenVPNTunnelProvider {
         
         - Parameter bundleIdentifier: The provider bundle identifier required to locate the tunnel extension.
         - Parameter appGroup: The name of the app group in which the tunnel extension lives in.
-         - Parameter credentials: The optional credentials to authenticate with.
+         - Parameter context: The keychain context where to look for the password reference.
+         - Parameter username: The username to authenticate with.
         - Returns: The generated `NETunnelProviderProtocol` object.
         - Throws: `ProviderError.credentials` if unable to store `credentials.password` to the `appGroup` keychain.
         */
-        public func generatedTunnelProtocol(withBundleIdentifier bundleIdentifier: String, appGroup: String, credentials: OpenVPN.Credentials? = nil) throws -> NETunnelProviderProtocol {
+        public func generatedTunnelProtocol(
+            withBundleIdentifier bundleIdentifier: String,
+            appGroup: String,
+            context: String,
+            username: String?) throws -> NETunnelProviderProtocol {
+            
            let protocolConfiguration = NETunnelProviderProtocol()
+            let keychain = Keychain(group: appGroup)

            protocolConfiguration.providerBundleIdentifier = bundleIdentifier
            protocolConfiguration.serverAddress = sessionConfiguration.hostname ?? resolvedAddresses?.first
-            if let username = credentials?.username, let password = credentials?.password {
-                let keychain = Keychain(group: appGroup)
-                do {
-                    try keychain.set(password: password, for: username, context: bundleIdentifier)
-                } catch _ {
-                    throw ProviderConfigurationError.credentials(details: "keychain.set()")
-                }
+            if let username = username {
                protocolConfiguration.username = username
-                protocolConfiguration.passwordReference = try? keychain.passwordReference(for: username, context: bundleIdentifier)
+                protocolConfiguration.passwordReference = try? keychain.passwordReference(for: username, context: context)
            }
            protocolConfiguration.providerConfiguration = generatedProviderConfiguration(appGroup: appGroup)