mirror of
https://github.com/maxgoedjen/secretive.git
synced 2025-07-01 09:43:37 +00:00
Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| a2105a2ae6 | |||
| c1d535ef95 | |||
| 1083c0f733 | |||
| 914e4d6910 | |||
| e70774f6aa |
5
.github/workflows/release.yml
vendored
5
.github/workflows/release.yml
vendored
@ -45,12 +45,9 @@ jobs:
|
||||
- name: Update Build Number
|
||||
env:
|
||||
TAG_NAME: ${{ github.ref }}
|
||||
RUN_ID: ${{ github.run_id }}
|
||||
run: |
|
||||
export CLEAN_TAG=$(echo $TAG_NAME | sed -e 's/refs\/tags\/v//')
|
||||
sed -i '' -e "s/GITHUB_CI_VERSION/$CLEAN_TAG/g" Config/Config.xcconfig
|
||||
sed -i '' -e "s/GITHUB_BUILD_NUMBER/1.$RUN_ID/g" Config/Config.xcconfig
|
||||
sed -i '' -e "s/GITHUB_BUILD_URL/https:\/\/github.com\/maxgoedjen\/secretive\/actions\/runs\/$RUN_ID/g" Secretive/Credits.rtf
|
||||
sed -i '' -e "s/CI_VERSION = 0.0.0/CI_VERSION = $CLEAN_TAG/g" Config/Config.xcconfig
|
||||
- name: Build
|
||||
run: xcrun xcodebuild -project Secretive.xcodeproj -scheme Secretive -configuration Release -archivePath Archive.xcarchive archive
|
||||
- name: Create ZIPs
|
||||
|
||||
@ -1,2 +1 @@
|
||||
CI_VERSION = GITHUB_CI_VERSION
|
||||
CI_BUILD_NUMBER = GITHUB_BUILD_NUMBER
|
||||
CI_VERSION = 0.0.0
|
||||
@ -24,9 +24,6 @@ class Notifier {
|
||||
|
||||
extension Notifier: SigningWitness {
|
||||
|
||||
func speakNowOrForeverHoldYourPeace(forAccessTo secret: AnySecret, by provenance: SigningRequestProvenance) throws {
|
||||
}
|
||||
|
||||
func witness(accessTo secret: AnySecret, by provenance: SigningRequestProvenance) throws {
|
||||
notify(accessTo: secret, by: provenance)
|
||||
}
|
||||
|
||||
@ -87,7 +87,7 @@ extension Agent {
|
||||
|
||||
let provenance = requestTracer.provenance(from: pid)
|
||||
if let witness = witness {
|
||||
try witness.speakNowOrForeverHoldYourPeace(forAccessTo: secret, by: provenance)
|
||||
try witness.witness(accessTo: secret, by: provenance)
|
||||
}
|
||||
|
||||
let dataToSign = try reader.readNextChunk()
|
||||
@ -122,10 +122,6 @@ extension Agent {
|
||||
sub.append(writer.lengthAndData(of: signatureChunk))
|
||||
signedData.append(writer.lengthAndData(of: sub))
|
||||
|
||||
if let witness = witness {
|
||||
try witness.witness(accessTo: secret, by: provenance)
|
||||
}
|
||||
|
||||
os_log(.debug, "Agent signed request")
|
||||
|
||||
return signedData
|
||||
|
||||
@ -7,16 +7,6 @@
|
||||
//
|
||||
|
||||
#import <Foundation/Foundation.h>
|
||||
#import <Security/Security.h>
|
||||
|
||||
|
||||
// Forward declarations
|
||||
|
||||
// from libproc.h
|
||||
int proc_pidpath(int pid, void * buffer, uint32_t buffersize);
|
||||
|
||||
// from SecTask.h
|
||||
OSStatus SecCodeCreateWithPID(int32_t, SecCSFlags, SecCodeRef *);
|
||||
|
||||
//! Project version number for SecretAgentKit.
|
||||
FOUNDATION_EXPORT double SecretAgentKitVersionNumber;
|
||||
@ -24,4 +14,6 @@ FOUNDATION_EXPORT double SecretAgentKitVersionNumber;
|
||||
//! Project version string for SecretAgentKit.
|
||||
FOUNDATION_EXPORT const unsigned char SecretAgentKitVersionString[];
|
||||
|
||||
// In this header, you should import all the public headers of your framework using statements like #import <SecretAgentKit/PublicHeader.h>
|
||||
|
||||
|
||||
|
||||
@ -16,10 +16,6 @@ extension SigningRequestProvenance {
|
||||
chain.last!
|
||||
}
|
||||
|
||||
public var intact: Bool {
|
||||
return chain.reduce(true) { $0 && $1.validSignature }
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
extension SigningRequestProvenance {
|
||||
@ -29,14 +25,12 @@ extension SigningRequestProvenance {
|
||||
public let pid: Int32
|
||||
public let name: String
|
||||
public let path: String
|
||||
public let validSignature: Bool
|
||||
let parentPID: Int32?
|
||||
|
||||
init(pid: Int32, name: String, path: String, validSignature: Bool, parentPID: Int32?) {
|
||||
init(pid: Int32, name: String, path: String, parentPID: Int32?) {
|
||||
self.pid = pid
|
||||
self.name = name
|
||||
self.path = path
|
||||
self.validSignature = validSignature
|
||||
self.parentPID = parentPID
|
||||
}
|
||||
|
||||
|
||||
@ -1,6 +1,5 @@
|
||||
import Foundation
|
||||
import AppKit
|
||||
import Security
|
||||
|
||||
struct SigningRequestTracer {
|
||||
|
||||
@ -30,14 +29,7 @@ struct SigningRequestTracer {
|
||||
var pidAndNameInfo = self.pidAndNameInfo(from: pid)
|
||||
let ppid = pidAndNameInfo.kp_eproc.e_ppid != 0 ? pidAndNameInfo.kp_eproc.e_ppid : nil
|
||||
let procName = String(cString: &pidAndNameInfo.kp_proc.p_comm.0)
|
||||
let pathPointer = UnsafeMutablePointer<UInt8>.allocate(capacity: Int(MAXPATHLEN))
|
||||
_ = proc_pidpath(pid, pathPointer, UInt32(MAXPATHLEN))
|
||||
let path = String(cString: pathPointer)
|
||||
var secCode: Unmanaged<SecCode>!
|
||||
let flags: SecCSFlags = [.considerExpiration, .enforceRevocationChecks]
|
||||
SecCodeCreateWithPID(pid, SecCSFlags(), &secCode)
|
||||
let valid = SecCodeCheckValidity(secCode.takeRetainedValue(), flags, nil) == errSecSuccess
|
||||
return SigningRequestProvenance.Process(pid: pid, name: procName, path: path, validSignature: valid, parentPID: ppid)
|
||||
return SigningRequestProvenance.Process(pid: pid, name: procName, path: "", parentPID: ppid)
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -3,7 +3,6 @@ import SecretKit
|
||||
|
||||
public protocol SigningWitness {
|
||||
|
||||
func speakNowOrForeverHoldYourPeace(forAccessTo secret: AnySecret, by provenance: SigningRequestProvenance) throws
|
||||
func witness(accessTo secret: AnySecret, by provenance: SigningRequestProvenance) throws
|
||||
|
||||
}
|
||||
|
||||
@ -11,17 +11,16 @@ extension SmartCard {
|
||||
// TODO: Read actual smart card name, eg "YubiKey 5c"
|
||||
@Published public var isAvailable: Bool = false
|
||||
public let id = UUID()
|
||||
public fileprivate(set) var name = NSLocalizedString("Smart Card", comment: "Smart Card")
|
||||
public let name = NSLocalizedString("Smart Card", comment: "Smart Card")
|
||||
@Published public fileprivate(set) var secrets: [Secret] = []
|
||||
fileprivate let watcher = TKTokenWatcher()
|
||||
fileprivate var tokenID: String?
|
||||
|
||||
public init() {
|
||||
tokenID = watcher.nonSecureEnclaveTokens.first
|
||||
tokenID = watcher.tokenIDs.filter { !$0.contains("setoken") }.first
|
||||
watcher.setInsertionHandler { string in
|
||||
guard self.tokenID == nil else { return }
|
||||
guard !string.contains("setoken") else { return }
|
||||
|
||||
self.tokenID = string
|
||||
self.reloadSecrets()
|
||||
self.watcher.addRemovalHandler(self.smartcardRemoved, forTokenID: string)
|
||||
@ -98,14 +97,6 @@ extension SmartCard.Store {
|
||||
|
||||
fileprivate func loadSecrets() {
|
||||
guard let tokenID = tokenID else { return }
|
||||
// Hack to read name if there's only one smart card
|
||||
let slotNames = TKSmartCardSlotManager().slotNames
|
||||
if watcher.nonSecureEnclaveTokens.count == 1 && slotNames.count == 1 {
|
||||
name = slotNames.first!
|
||||
} else {
|
||||
name = NSLocalizedString("Smart Card", comment: "Smart Card")
|
||||
}
|
||||
|
||||
let attributes = [
|
||||
kSecClass: kSecClassKey,
|
||||
kSecAttrTokenID: tokenID,
|
||||
@ -133,14 +124,6 @@ extension SmartCard.Store {
|
||||
|
||||
}
|
||||
|
||||
extension TKTokenWatcher {
|
||||
|
||||
fileprivate var nonSecureEnclaveTokens: [String] {
|
||||
tokenIDs.filter { !$0.contains("setoken") }
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
extension SmartCard {
|
||||
|
||||
public struct KeychainError: Error {
|
||||
|
||||
@ -26,7 +26,6 @@
|
||||
50617DCE23FCECFA0099B055 /* SecureEnclaveSecret.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50617DCD23FCECFA0099B055 /* SecureEnclaveSecret.swift */; };
|
||||
50617DD023FCED2C0099B055 /* SecureEnclave.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50617DCF23FCED2C0099B055 /* SecureEnclave.swift */; };
|
||||
50617DD223FCEFA90099B055 /* PreviewStore.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50617DD123FCEFA90099B055 /* PreviewStore.swift */; };
|
||||
506772C72424784600034DED /* Credits.rtf in Resources */ = {isa = PBXBuildFile; fileRef = 506772C62424784600034DED /* Credits.rtf */; };
|
||||
5068389E241471CD00F55094 /* SecretStoreList.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5068389D241471CD00F55094 /* SecretStoreList.swift */; };
|
||||
506838A12415EA5600F55094 /* AnySecret.swift in Sources */ = {isa = PBXBuildFile; fileRef = 506838A02415EA5600F55094 /* AnySecret.swift */; };
|
||||
506838A32415EA5D00F55094 /* AnySecretStore.swift in Sources */ = {isa = PBXBuildFile; fileRef = 506838A22415EA5D00F55094 /* AnySecretStore.swift */; };
|
||||
@ -200,7 +199,6 @@
|
||||
50617DCD23FCECFA0099B055 /* SecureEnclaveSecret.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecureEnclaveSecret.swift; sourceTree = "<group>"; };
|
||||
50617DCF23FCED2C0099B055 /* SecureEnclave.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecureEnclave.swift; sourceTree = "<group>"; };
|
||||
50617DD123FCEFA90099B055 /* PreviewStore.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PreviewStore.swift; sourceTree = "<group>"; };
|
||||
506772C62424784600034DED /* Credits.rtf */ = {isa = PBXFileReference; lastKnownFileType = text.rtf; path = Credits.rtf; sourceTree = "<group>"; };
|
||||
5068389D241471CD00F55094 /* SecretStoreList.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecretStoreList.swift; sourceTree = "<group>"; };
|
||||
506838A02415EA5600F55094 /* AnySecret.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AnySecret.swift; sourceTree = "<group>"; };
|
||||
506838A22415EA5D00F55094 /* AnySecretStore.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AnySecretStore.swift; sourceTree = "<group>"; };
|
||||
@ -339,7 +337,6 @@
|
||||
50617D8B23FCE48E0099B055 /* Main.storyboard */,
|
||||
50617D8E23FCE48E0099B055 /* Info.plist */,
|
||||
50617D8F23FCE48E0099B055 /* Secretive.entitlements */,
|
||||
506772C62424784600034DED /* Credits.rtf */,
|
||||
50617D8823FCE48E0099B055 /* Preview Content */,
|
||||
);
|
||||
path = Secretive;
|
||||
@ -744,7 +741,6 @@
|
||||
50617D8D23FCE48E0099B055 /* Main.storyboard in Resources */,
|
||||
50617D8A23FCE48E0099B055 /* Preview Assets.xcassets in Resources */,
|
||||
50617D8723FCE48E0099B055 /* Assets.xcassets in Resources */,
|
||||
506772C72424784600034DED /* Credits.rtf in Resources */,
|
||||
);
|
||||
runOnlyForDeploymentPostprocessing = 0;
|
||||
};
|
||||
|
||||
@ -67,7 +67,7 @@
|
||||
</Testables>
|
||||
</TestAction>
|
||||
<LaunchAction
|
||||
buildConfiguration = "Debug"
|
||||
buildConfiguration = "Test"
|
||||
selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
|
||||
selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
|
||||
launchStyle = "0"
|
||||
|
||||
@ -1,23 +0,0 @@
|
||||
{\rtf1\ansi\ansicpg1252\cocoartf2511
|
||||
\cocoatextscaling0\cocoaplatform0{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
|
||||
{\colortbl;\red255\green255\blue255;}
|
||||
{\*\expandedcolortbl;;}
|
||||
\margl1440\margr1440\vieww9000\viewh8400\viewkind0
|
||||
\pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6119\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0
|
||||
{\field{\*\fldinst{HYPERLINK "https://github.com/maxgoedjen/secretive"}}{\fldrslt
|
||||
\f0\fs24 \cf0 https://github.com/maxgoedjen/secretive}}
|
||||
\f0\fs24 \
|
||||
\pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0
|
||||
\cf0 \
|
||||
GITHUB_BUILD_URL\
|
||||
\
|
||||
Special Thanks To:\
|
||||
https://github.com/bdash\
|
||||
https://github.com/danielctull\
|
||||
https://github.com/davedelong\
|
||||
https://github.com/esttorhe\
|
||||
https://github.com/joeblau\
|
||||
https://github.com/marksands\
|
||||
https://github.com/mergesort\
|
||||
https://github.com/phillco\
|
||||
https://github.com/zackdotcomputer}
|
||||
Reference in New Issue
Block a user