lysann/passforios
1
0
Fork 0
Code Issues Pull requests Activity

Store SSH private keys in Keychain instead of files

Browse source
This commit is contained in:
Danny Moesch 2019-07-02 20:28:47 +02:00 committed by Mingshen Sun
parent 6b95e60ea1
commit f1337622dc
9 changed files with 45 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

4
passKit/Helpers/AppKeychain.swift
View file

@ -22,6 +22,10 @@ public class AppKeychain {
keychain[key] = string
}
public static func contains(key: String) -> Bool {
return (try? keychain.contains(key)) ?? false
}
public static func get(for key: String) -> Data? {
return try? keychain.getData(key)
}

17
passKit/Helpers/CryptographicKeys.swift
View file

@ -34,3 +34,20 @@ public enum PgpKey: CryptographicKey {
}
}
public enum SshKey: CryptographicKey {
case PRIVATE
public func getKeychainKey() -> String {
switch self {
case .PRIVATE:
return "sshPrivateKey"
}
}
public func getFileSharingPath() -> String {
switch self {
case .PRIVATE:
return Globals.iTunesFileSharingSSHPrivate
}
}
}

2
passKit/Helpers/DefaultsKeys.swift
View file

@ -19,6 +19,7 @@ public extension DefaultsKeys {
// Keep them for legacy reasons.
static let pgpPublicKeyArmor = DefaultsKey<String?>("pgpPublicKeyArmor")
static let pgpPrivateKeyArmor = DefaultsKey<String?>("pgpPrivateKeyArmor")
static let gitSSHPrivateKeyArmor = DefaultsKey<String?>("gitSSHPrivateKeyArmor")
static let gitURL = DefaultsKey<URL?>("gitURL")
static let gitAuthenticationMethod = DefaultsKey<String?>("gitAuthenticationMethod")
@ -26,7 +27,6 @@ public extension DefaultsKeys {
static let gitBranchName = DefaultsKey<String>("gitBranchName", defaultValue: "master")
static let gitSSHPrivateKeyURL = DefaultsKey<URL?>("gitSSHPrivateKeyURL")
static let gitSSHKeySource = DefaultsKey<String?>("gitSSHKeySource")
static let gitSSHPrivateKeyArmor = DefaultsKey<String?>("gitSSHPrivateKeyArmor")
static let gitSignatureName = DefaultsKey<String?>("gitSignatureName")
static let gitSignatureEmail = DefaultsKey<String?>("gitSignatureEmail")

1
passKit/Helpers/KeyFileManager.swift
View file

@ -11,6 +11,7 @@ public class KeyFileManager {
public static let PublicPgp = KeyFileManager(keyType: PgpKey.PUBLIC)
public static let PrivatePgp = KeyFileManager(keyType: PgpKey.PRIVATE)
public static let PrivateSsh = KeyFileManager(keyType: SshKey.PRIVATE)
private let keyType: CryptographicKey
private let keyPath: String

6
passKit/Models/GitCredential.swift
View file

@ -17,7 +17,7 @@ public struct GitCredential {
public enum Credential {
case http(userName: String)
case ssh(userName: String, privateKeyFile: URL)
case ssh(userName: String, privateKey: String)
}
public init(credential: Credential) {
@ -48,7 +48,7 @@ public struct GitCredential {
}
attempts += 1
credential = try? GTCredential(userName: userName, password: lastPassword!)
case let .ssh(userName, privateKeyFile):
case let .ssh(userName, privateKey):
if attempts > 0 {
// The passphrase seems correct, but the previous authentification failed.
return nil
@ -65,7 +65,7 @@ public struct GitCredential {
}
}
attempts += 1
credential = try? GTCredential(userName: userName, publicKeyURL: nil, privateKeyURL: privateKeyFile, passphrase: lastPassword!)
credential = try? GTCredential(userName: userName, publicKeyString: nil, privateKeyString: privateKey, passphrase: lastPassword!)
}
return credential
}

26
passKit/Models/PasswordStore.swift
View file

@ -142,7 +142,7 @@ public class PasswordStore {
private func migrateIfNeeded() {
// migrate happens only if the repository was cloned and pgp keys were set up using earlier versions
let needMigration = !pgpKeyExists() && !gitSSHKeyExists() && !fm.fileExists(atPath: Globals.repositoryPath) && fm.fileExists(atPath: Globals.repositoryPathLegacy)
let needMigration = !pgpKeyExists() && !fm.fileExists(atPath: Globals.gitSSHPrivateKeyPath) && !fm.fileExists(atPath: Globals.repositoryPath) && fm.fileExists(atPath: Globals.repositoryPathLegacy)
guard needMigration == true else {
return
}
@ -190,21 +190,19 @@ public class PasswordStore {
do {
try KeyFileManager(keyType: PgpKey.PUBLIC, keyPath: Globals.pgpPublicKeyPath).importKeyAndDeleteFile()
try KeyFileManager(keyType: PgpKey.PRIVATE, keyPath: Globals.pgpPrivateKeyPath).importKeyAndDeleteFile()
try KeyFileManager(keyType: SshKey.PRIVATE, keyPath: Globals.gitSSHPrivateKeyPath).importKeyAndDeleteFile()
SharedDefaults.remove(.pgpPublicKeyArmor)
SharedDefaults.remove(.pgpPrivateKeyArmor)
SharedDefaults.remove(.gitSSHPrivateKeyArmor)
SharedDefaults[.pgpKeySource] = "file"
SharedDefaults[.gitSSHKeySource] = "file"
} catch {
print("MigrationError".localize(error))
}
}
enum SSHKeyType {
case `public`, secret
}
public func initGitSSHKey(with armorKey: String) throws {
let keyPath = Globals.gitSSHPrivateKeyPath
try armorKey.write(toFile: keyPath, atomically: true, encoding: .ascii)
AppKeychain.add(string: armorKey, for: SshKey.PRIVATE.getKeychainKey())
}
public func initPGPKeys() throws {
@ -851,17 +849,11 @@ public class PasswordStore {
public func removeGitSSHKeys() {
try? fm.removeItem(atPath: Globals.gitSSHPrivateKeyPath)
Defaults.remove(.gitSSHKeySource)
Defaults.remove(.gitSSHPrivateKeyArmor)
Defaults.remove(.gitSSHPrivateKeyURL)
self.gitSSHPrivateKeyPassphrase = nil
}
public func gitSSHKeyExists(inFileSharing: Bool = false) -> Bool {
if inFileSharing == false {
return fm.fileExists(atPath: Globals.gitSSHPrivateKeyPath)
} else {
return fm.fileExists(atPath: Globals.iTunesFileSharingSSHPrivate)
}
AppKeychain.removeContent(for: SshKey.PRIVATE.getKeychainKey())
gitSSHPrivateKeyPassphrase = nil
}
public func pgpKeyExists(inFileSharing: Bool = false) -> Bool {
@ -873,7 +865,7 @@ public class PasswordStore {
}
public func gitSSHKeyImportFromFileSharing() throws {
try fm.moveItem(atPath: Globals.iTunesFileSharingSSHPrivate, toPath: Globals.gitSSHPrivateKeyPath)
try KeyFileManager.PrivateSsh.importKeyAndDeleteFile()
}
public func pgpKeyImportFromFileSharing() throws {