From bcc34e0bb63caff1e9f3de04a60fd6ad33388f4b Mon Sep 17 00:00:00 2001
From: Andrej Mihajlov <and@mullvad.net>
Date: Wed, 2 Dec 2020 18:16:41 +0100
Subject: [PATCH] Keychain: Avoid roundtrip via items when accessing item label
 (stored in kSecAttrLabel)

Signed-off-by: Andrej Mihajlov <and@mullvad.net>
---
 Sources/Shared/Keychain.swift | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/Sources/Shared/Keychain.swift b/Sources/Shared/Keychain.swift
index 82acb86..52817c3 100644
--- a/Sources/Shared/Keychain.swift
+++ b/Sources/Shared/Keychain.swift
@@ -28,8 +28,9 @@ class Keychain {
         if bundleIdentifier.hasSuffix(".network-extension") {
             bundleIdentifier.removeLast(".network-extension".count)
         }
+        let itemLabel = "WireGuard Tunnel: \(name)"
         var items: [CFString: Any] = [kSecClass: kSecClassGenericPassword,
-                                    kSecAttrLabel: "WireGuard Tunnel: " + name,
+                                    kSecAttrLabel: itemLabel,
                                     kSecAttrAccount: name + ": " + UUID().uuidString,
                                     kSecAttrDescription: "wg-quick(8) config",
                                     kSecAttrService: bundleIdentifier,
@@ -60,9 +61,7 @@ class Keychain {
             return nil
         }
         var access: SecAccess?
-        ret = SecAccessCreate((items[kSecAttrLabel] as? String)! as CFString,
-                              [extensionApp!, mainApp!] as CFArray,
-                              &access)
+        ret = SecAccessCreate(itemLabel as CFString, [extensionApp!, mainApp!] as CFArray, &access)
         if ret != errSecSuccess || access == nil {
             wg_log(.error, message: "Unable to create keychain ACL object: \(ret)")
             return nil