wilderjds
/
peroxide
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
100 Commits
2 Branches
0 Tags
12 MiB
 
 
Tag: Branch: Tree: 313e803fdd
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '313e803fdd'
${ noResults }
peroxide/pkg/keychain/keychain.go

131 lines
3.6 KiB
Raw Blame History

// Copyright (c) 2020 Proton Technologies AG
//
// This file is part of ProtonMail Bridge.
//
// ProtonMail Bridge is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// ProtonMail Bridge is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with ProtonMail Bridge. If not, see <https://www.gnu.org/licenses/>.
// Package keychain implements a native secure password store for each platform.
package keychain
import (
"errors"
"strings"
"sync"
"github.com/docker/docker-credential-helpers/credentials"
"github.com/sirupsen/logrus"
)
const (
KeychainVersion = "k11" //nolint[golint]
)
var (
log = logrus.WithField("pkg", "bridgeUtils/keychain") //nolint[gochecknoglobals]
ErrWrongKeychainURL = errors.New("wrong keychain base URL")
ErrMacKeychainRebuild = errors.New("keychain error -25293")
ErrMacKeychainList = errors.New("function `osxkeychain.List()` is not valid function for mac keychain. Use `Access.ListKeychain()` instead")
ErrNoKeychainInstalled = errors.New("no keychain management installed on this system")
accessLocker = &sync.Mutex{} //nolint[gochecknoglobals]
)
// NewAccess creates a new native keychain.
func NewAccess(appName string) (*Access, error) {
newHelper, err := newKeychain()
if err != nil {
return nil, err
}
return &Access{
helper: newHelper,
KeychainURL: "protonmail/" + appName + "/users",
KeychainOldURL: "protonmail/users",
KeychainMacURL: "ProtonMail" + strings.Title(appName) + "Service",
KeychainOldMacURL: "ProtonMailService",
}, nil
}
type Access struct {
helper credentials.Helper
KeychainURL,
KeychainOldURL,
KeychainMacURL,
KeychainOldMacURL string
}
func (s *Access) List() (userIDs []string, err error) {
accessLocker.Lock()
defer accessLocker.Unlock()
var userIDByURL map[string]string
userIDByURL, err = s.ListKeychain()
if err != nil {
return
}
for itemURL, userID := range userIDByURL {
if itemURL == s.KeychainName(userID) {
userIDs = append(userIDs, userID)
}
// Clean up old keychain name.
if itemURL == s.KeychainOldName(userID) {
_ = s.helper.Delete(s.KeychainOldName(userID))
}
}
return
}
func (s *Access) Delete(userID string) (err error) {
accessLocker.Lock()
defer accessLocker.Unlock()
return s.helper.Delete(s.KeychainName(userID))
}
func (s *Access) Get(userID string) (secret string, err error) {
accessLocker.Lock()
defer accessLocker.Unlock()
_, secret, err = s.helper.Get(s.KeychainName(userID))
return
}
func (s *Access) Put(userID, secret string) error {
accessLocker.Lock()
defer accessLocker.Unlock()
// On macOS, adding a credential that already exists does not update it and returns an error.
// So let's remove it first.
_ = s.helper.Delete(s.KeychainName(userID))
cred := &credentials.Credentials{
ServerURL: s.KeychainName(userID),
Username: userID,
Secret: secret,
}
return s.helper.Add(cred)
}
func splitServiceAndID(keychainName string) (serviceName string, userID string, err error) { //nolint[unused]
splitted := strings.FieldsFunc(keychainName, func(c rune) bool { return c == '/' })
n := len(splitted)
if n <= 1 {
return "", "", ErrWrongKeychainURL
}
userID = splitted[len(splitted)-1]
serviceName = strings.Join(splitted[:len(splitted)-1], "/")
return
}