Merge pull request #60 from gabriel/master

Remove deprecated TrustedApplicationAccess
keybase · Dec 20, 2019 · f65a47c · f65a47c
2 parents ccd6794 + 378d9d7
commit f65a47c
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 140 deletions.
diff --git a/macos.go b/macos.go
@@ -28,93 +28,6 @@ var accessibleTypeRef = map[Accessible]C.CFTypeRef{
 	//AccessibleWhenPasscodeSetThisDeviceOnly:  C.CFTypeRef(C.kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly),
 }
 
-var (
-	// AccessKey is key for kSecAttrAccess
-	AccessKey = attrKey(C.CFTypeRef(C.kSecAttrAccess))
-)
-
-// createAccess creates a SecAccessRef as CFTypeRef.
-// The returned SecAccessRef, if non-nil, must be released via CFRelease.
-func createAccess(label string, trustedApplications []string) (C.CFTypeRef, error) {
-	var err error
-	var labelRef C.CFStringRef
-	if labelRef, err = StringToCFString(label); err != nil {
-		return 0, err
-	}
-	defer C.CFRelease(C.CFTypeRef(labelRef))
-
-	var trustedApplicationsArray C.CFArrayRef
-	if trustedApplications != nil {
-		if len(trustedApplications) > 0 {
-			// Always prepend with empty string which signifies that we
-			// include a NULL application, which means ourselves.
-			trustedApplications = append([]string{""}, trustedApplications...)
-		}
-
-		var trustedApplicationsRefs []C.CFTypeRef
-		for _, trustedApplication := range trustedApplications {
-			trustedApplicationRef, createErr := createTrustedApplication(trustedApplication)
-			if createErr != nil {
-				return 0, createErr
-			}
-			defer C.CFRelease(trustedApplicationRef)
-			trustedApplicationsRefs = append(trustedApplicationsRefs, trustedApplicationRef)
-		}
-
-		trustedApplicationsArray = ArrayToCFArray(trustedApplicationsRefs)
-		defer C.CFRelease(C.CFTypeRef(trustedApplicationsArray))
-	}
-
-	var access C.SecAccessRef
-	errCode := C.SecAccessCreate(labelRef, trustedApplicationsArray, &access) //nolint
-	err = checkError(errCode)
-	if err != nil {
-		return 0, err
-	}
-
-	return C.CFTypeRef(access), nil
-}
-
-// createTrustedApplication creates a SecTrustedApplicationRef as a CFTypeRef.
-// The returned SecTrustedApplicationRef, if non-nil, must be released via CFRelease.
-func createTrustedApplication(trustedApplication string) (C.CFTypeRef, error) {
-	var trustedApplicationCStr *C.char
-	if trustedApplication != "" {
-		trustedApplicationCStr = C.CString(trustedApplication)
-		defer C.free(unsafe.Pointer(trustedApplicationCStr))
-	}
-
-	var trustedApplicationRef C.SecTrustedApplicationRef
-	errCode := C.SecTrustedApplicationCreateFromPath(trustedApplicationCStr, &trustedApplicationRef) //nolint
-	err := checkError(errCode)
-	if err != nil {
-		return 0, err
-	}
-
-	return C.CFTypeRef(trustedApplicationRef), nil
-}
-
-// Access defines whats applications can use the keychain item
-type Access struct {
-	Label               string
-	TrustedApplications []string
-}
-
-// Convert converts Access to CFTypeRef.
-// The returned CFTypeRef, if non-nil, must be released via CFRelease.
-func (a Access) Convert() (C.CFTypeRef, error) {
-	return createAccess(a.Label, a.TrustedApplications)
-}
-
-// SetAccess sets Access on Item
-func (k *Item) SetAccess(a *Access) {
-	if a != nil {
-		k.attr[AccessKey] = a
-	} else {
-		delete(k.attr, AccessKey)
-	}
-}
-
 // DeleteItemRef deletes a keychain item reference.
 func DeleteItemRef(ref C.CFTypeRef) error {
 	errCode := C.SecKeychainItemDelete(C.SecKeychainItemRef(ref))

diff --git a/macos_test.go b/macos_test.go
@@ -10,59 +10,6 @@ import (
 	"time"
 )
 
-func TestAccess(t *testing.T) {
-	var err error
-
-	service, account, label, accessGroup, password := "TestAccess", "test2", "A label", "", "toomanysecrets2"
-	item := NewGenericPassword(service, account, label, []byte(password), accessGroup)
-	defer func() { _ = DeleteItem(item) }()
-
-	trustedApplications := []string{"/Applications/Mail.app"}
-	item.SetAccess(&Access{Label: "Mail", TrustedApplications: trustedApplications})
-	err = AddItem(item)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	_, err = GetGenericPassword(service, account, label, accessGroup)
-	if err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestAccessWithImpliedSelf(t *testing.T) {
-	var err error
-
-	service, account, label, accessGroup, password := "TestAccess", "test2", "A label", "", "toomanysecrets2"
-	item := NewGenericPassword(service, account, label, []byte(password), accessGroup)
-	defer func() { _ = DeleteItem(item) }()
-
-	item.SetAccess(&Access{Label: "Self", TrustedApplications: nil})
-	err = AddItem(item)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	_, err = GetGenericPassword(service, account, label, accessGroup)
-	if err != nil {
-		t.Fatal(err)
-	}
-}
-
-func TestAccessWithoutTrust(t *testing.T) {
-	var err error
-
-	item := NewGenericPassword("TestAccess", "test2", "A label", []byte("toomanysecrets2"), "")
-	defer func() { _ = DeleteItem(item) }()
-
-	trustedApplications := []string{}
-	item.SetAccess(&Access{Label: "No Trust", TrustedApplications: trustedApplications})
-	err = AddItem(item)
-	if err != nil {
-		t.Fatal(err)
-	}
-}
-
 func TestUpdateItem(t *testing.T) {
 	var err error