Skip to content

Commit

Permalink
Use SecKeychainCopyDomainSearchList to find system keychain
Browse files Browse the repository at this point in the history
  • Loading branch information
mlink committed Jan 5, 2024
1 parent 415e63f commit 5858581
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 2 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [1.1.1] - 2024-01-05
### Changed
- System keychain is located using Security framework API.

## [1.1.0] - 2023-09-14
### Added
- Import and export capability for certificates, keys, and identities.
Expand Down
44 changes: 42 additions & 2 deletions Sources/Haversack/Security/KeychainFile.swift
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,27 @@ public class KeychainFile {
public static let systemRootCertificates = KeychainFile(at: rootCertificatesKeychainPath)

/// The path to the system keychain.
static let systemKeychainPath = "/Library/Keychains/System.keychain"
static let systemKeychainPath = system.path

/// An instance of ``KeychainFile`` that points at the system keychain
public static let system = KeychainFile(at: systemKeychainPath)
public static let system: KeychainFile = {
let legacySystemKeychainPath = "/Library/Keychains/System.keychain"
var searchList: CFArray?
let status = withUnsafeMutablePointer(to: &searchList) {
SecKeychainCopyDomainSearchList(.system, UnsafeMutablePointer($0))
}

Check warning on line 43 in Sources/Haversack/Security/KeychainFile.swift

View workflow job for this annotation

GitHub Actions / SwiftLint

Trailing Whitespace Violation: Lines should not have trailing whitespace (trailing_whitespace)
guard status == errSecSuccess else {
// attempt to use traditional path, may fail later
return KeychainFile(at: legacySystemKeychainPath)
}

Check warning on line 48 in Sources/Haversack/Security/KeychainFile.swift

View workflow job for this annotation

GitHub Actions / SwiftLint

Trailing Whitespace Violation: Lines should not have trailing whitespace (trailing_whitespace)
guard let searchList = searchList as? [SecKeychain], let systemKeychain = searchList.first else {
return KeychainFile(at: legacySystemKeychainPath)
}

Check warning on line 52 in Sources/Haversack/Security/KeychainFile.swift

View workflow job for this annotation

GitHub Actions / SwiftLint

Trailing Whitespace Violation: Lines should not have trailing whitespace (trailing_whitespace)
return KeychainFile(reference: systemKeychain)
}()

/// The full path to the keychain file.
public let path: FilePath
Expand All @@ -54,6 +71,29 @@ public class KeychainFile {
self.path = (filePath as NSString).standardizingPath
self.passwordProvider = passwordProvider
}

Check warning on line 74 in Sources/Haversack/Security/KeychainFile.swift

View workflow job for this annotation

GitHub Actions / SwiftLint

Trailing Whitespace Violation: Lines should not have trailing whitespace (trailing_whitespace)
/// Create an instance from an existing keychain reference
/// - Parameters:
/// - reference: A reference to a `SecKeychain`.
init(reference: SecKeychain) {
passwordProvider = nil
self.reference = reference

Check warning on line 81 in Sources/Haversack/Security/KeychainFile.swift

View workflow job for this annotation

GitHub Actions / SwiftLint

Trailing Whitespace Violation: Lines should not have trailing whitespace (trailing_whitespace)
var pathLength = UInt32(PATH_MAX)
let pathName = UnsafeMutablePointer<CChar>.allocate(capacity: Int(pathLength))
let status = withUnsafeMutablePointer(to: &pathLength) { pathLength in
SecKeychainGetPath(reference, pathLength, pathName)
}

Check warning on line 87 in Sources/Haversack/Security/KeychainFile.swift

View workflow job for this annotation

GitHub Actions / SwiftLint

Trailing Whitespace Violation: Lines should not have trailing whitespace (trailing_whitespace)
if status == errSecSuccess {
path = FileManager().string(withFileSystemRepresentation: pathName, length: Int(pathLength))
} else {
// should never happen
path = ""
}

Check warning on line 94 in Sources/Haversack/Security/KeychainFile.swift

View workflow job for this annotation

GitHub Actions / SwiftLint

Trailing Whitespace Violation: Lines should not have trailing whitespace (trailing_whitespace)
pathName.deallocate()
}

/// Try to open and unlock the keychain file, or create the keychain if it does not yet exist.
/// - Throws: A ``HaversackError`` entity
Expand Down

0 comments on commit 5858581

Please sign in to comment.