From 378d9d7f431816a42f30985e8ffee63ac5434370 Mon Sep 17 00:00:00 2001 From: Gabriel Handford Date: Thu, 19 Dec 2019 18:13:28 -0800 Subject: [PATCH] Remove deprecated TrustedApplicationAccess --- macos.go | 87 --------------------------------------------------- macos_test.go | 53 ------------------------------- 2 files changed, 140 deletions(-) diff --git a/macos.go b/macos.go index 1a7f581..4aaa163 100644 --- a/macos.go +++ b/macos.go @@ -28,93 +28,6 @@ var accessibleTypeRef = map[Accessible]C.CFTypeRef{ //AccessibleWhenPasscodeSetThisDeviceOnly: C.CFTypeRef(C.kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly), } -var ( - // AccessKey is key for kSecAttrAccess - AccessKey = attrKey(C.CFTypeRef(C.kSecAttrAccess)) -) - -// createAccess creates a SecAccessRef as CFTypeRef. -// The returned SecAccessRef, if non-nil, must be released via CFRelease. -func createAccess(label string, trustedApplications []string) (C.CFTypeRef, error) { - var err error - var labelRef C.CFStringRef - if labelRef, err = StringToCFString(label); err != nil { - return 0, err - } - defer C.CFRelease(C.CFTypeRef(labelRef)) - - var trustedApplicationsArray C.CFArrayRef - if trustedApplications != nil { - if len(trustedApplications) > 0 { - // Always prepend with empty string which signifies that we - // include a NULL application, which means ourselves. - trustedApplications = append([]string{""}, trustedApplications...) - } - - var trustedApplicationsRefs []C.CFTypeRef - for _, trustedApplication := range trustedApplications { - trustedApplicationRef, createErr := createTrustedApplication(trustedApplication) - if createErr != nil { - return 0, createErr - } - defer C.CFRelease(trustedApplicationRef) - trustedApplicationsRefs = append(trustedApplicationsRefs, trustedApplicationRef) - } - - trustedApplicationsArray = ArrayToCFArray(trustedApplicationsRefs) - defer C.CFRelease(C.CFTypeRef(trustedApplicationsArray)) - } - - var access C.SecAccessRef - errCode := C.SecAccessCreate(labelRef, trustedApplicationsArray, &access) //nolint - err = checkError(errCode) - if err != nil { - return 0, err - } - - return C.CFTypeRef(access), nil -} - -// createTrustedApplication creates a SecTrustedApplicationRef as a CFTypeRef. -// The returned SecTrustedApplicationRef, if non-nil, must be released via CFRelease. -func createTrustedApplication(trustedApplication string) (C.CFTypeRef, error) { - var trustedApplicationCStr *C.char - if trustedApplication != "" { - trustedApplicationCStr = C.CString(trustedApplication) - defer C.free(unsafe.Pointer(trustedApplicationCStr)) - } - - var trustedApplicationRef C.SecTrustedApplicationRef - errCode := C.SecTrustedApplicationCreateFromPath(trustedApplicationCStr, &trustedApplicationRef) //nolint - err := checkError(errCode) - if err != nil { - return 0, err - } - - return C.CFTypeRef(trustedApplicationRef), nil -} - -// Access defines whats applications can use the keychain item -type Access struct { - Label string - TrustedApplications []string -} - -// Convert converts Access to CFTypeRef. -// The returned CFTypeRef, if non-nil, must be released via CFRelease. -func (a Access) Convert() (C.CFTypeRef, error) { - return createAccess(a.Label, a.TrustedApplications) -} - -// SetAccess sets Access on Item -func (k *Item) SetAccess(a *Access) { - if a != nil { - k.attr[AccessKey] = a - } else { - delete(k.attr, AccessKey) - } -} - // DeleteItemRef deletes a keychain item reference. func DeleteItemRef(ref C.CFTypeRef) error { errCode := C.SecKeychainItemDelete(C.SecKeychainItemRef(ref)) diff --git a/macos_test.go b/macos_test.go index c9ea7d0..33eb032 100644 --- a/macos_test.go +++ b/macos_test.go @@ -10,59 +10,6 @@ import ( "time" ) -func TestAccess(t *testing.T) { - var err error - - service, account, label, accessGroup, password := "TestAccess", "test2", "A label", "", "toomanysecrets2" - item := NewGenericPassword(service, account, label, []byte(password), accessGroup) - defer func() { _ = DeleteItem(item) }() - - trustedApplications := []string{"/Applications/Mail.app"} - item.SetAccess(&Access{Label: "Mail", TrustedApplications: trustedApplications}) - err = AddItem(item) - if err != nil { - t.Fatal(err) - } - - _, err = GetGenericPassword(service, account, label, accessGroup) - if err != nil { - t.Fatal(err) - } -} - -func TestAccessWithImpliedSelf(t *testing.T) { - var err error - - service, account, label, accessGroup, password := "TestAccess", "test2", "A label", "", "toomanysecrets2" - item := NewGenericPassword(service, account, label, []byte(password), accessGroup) - defer func() { _ = DeleteItem(item) }() - - item.SetAccess(&Access{Label: "Self", TrustedApplications: nil}) - err = AddItem(item) - if err != nil { - t.Fatal(err) - } - - _, err = GetGenericPassword(service, account, label, accessGroup) - if err != nil { - t.Fatal(err) - } -} - -func TestAccessWithoutTrust(t *testing.T) { - var err error - - item := NewGenericPassword("TestAccess", "test2", "A label", []byte("toomanysecrets2"), "") - defer func() { _ = DeleteItem(item) }() - - trustedApplications := []string{} - item.SetAccess(&Access{Label: "No Trust", TrustedApplications: trustedApplications}) - err = AddItem(item) - if err != nil { - t.Fatal(err) - } -} - func TestUpdateItem(t *testing.T) { var err error