Closed legal90 closed 9 years ago
I left some comments, but overall looks sane. I'd split up a little though (e.g. a method to create trusted apps, a method to create an access) to improve readability & for future reuse. (And obviously some spec coverage would be nice!)
@fcheung Thanks a lot for recommendations! I've rebased my changeset, so no it looks better.
But I found a bug with duplicated item. If we try to import the same item twice(or more), then we will get an exception...
...
irb(main):005:0> item = kc.import(key, ['/usr/bin/security', '/usr/bin/codesign']).first
=> <SecKey 0x7fe885309230 [0x7fff7968bed0]>
irb(main):006:0> item = kc.import(key, ['/usr/bin/security', '/usr/bin/codesign']).first
Keychain::DuplicateItemError: The specified item already exists in the keychain. (-25299)
from /path/to/ruby-keychain/lib/keychain/sec.rb:181:in `check_osstatus'
from /path/to/ruby-keychain/lib/keychain/keychain.rb:149:in `import'
from (irb):6
from /Users/username/.rbenv/versions/2.1.0/bin/irb:11:in `<main>'
But item has been imported with some strange new label:
irb(main):007:0> Keychain::Scope.new(Sec::Classes::KEY, kc).all.each {|k| puts k.attributes}
{:can_sign=>true, :key_class=>"1", :can_encrypt=>true, :can_decrypt=>true, :can_wrap=>true, :key_type=>"42", :can_unwrap=>true, :can_verify=>true, :is_permanent=>true, :can_derive=>true, :application_label=>"\x91T\x13o\xB4\x90\xEB\xB2h\x8Ej\xD7\xB0\x1D\xD9\x0E\x18\x8F\xD9\xB3", :effective_key_size=>2048, :size_in_bites=>2048, :label=>"Imported Private Key"}
{:can_sign=>true, :key_class=>"1", :can_encrypt=>true, :can_decrypt=>true, :can_wrap=>true, :key_type=>"42", :can_unwrap=>true, :can_verify=>true, :is_permanent=>true, :can_derive=>true, :application_label=>"DC22122C04816637", :effective_key_size=>2048, :size_in_bites=>2048, :label=>"DC22122C04816637"}
=> [<SecKey 0x7fe885309230 [0x7fff7968bed0]>, <SecKey 0x7fe885305480 [0x7fff7968bed0]>]
I've double checked the lib documentation, but I don't see that I do something wrong. May be, it is a bug of "Security" library?
That is odd. That inspect output looks like you've got multiple ruby objects wrapping the same pointer (0x7fff7968bed0) which is odd. If you look at the keychain with the keychain access app do you see the duplicate entries?
When I look at the Kaychain Access GUI, I see only the one item labeled "Imported Private Key". But if I delete this item, than all clones appear there too. In the example above it will be an item with label "DC22122C04816637"
Hmm. I don't really know much about this area of the keychain API, so not sure what is happening
I've noticed the same behavior with security import
(on OS X 10.10.3):
$ security import /path/to/some.key -k /tmp/test.keychain
1 key imported.
$ security import /path/to/some.key -k /tmp/test.keychain
security: SecKeychainItemImport: The specified item already exists in the keychain.
$ security import /path/to/some.key -k /tmp/test.keychain
security: SecKeychainItemImport: The specified item already exists in the keychain.
$ security dump-keychain /tmp/test.keychain
keychain: "/private/tmp/test.keychain"
class: 0x00000010
attributes:
0x00000000 <uint32>=0x00000010
0x00000001 <blob>="Imported Private Key"
0x00000002 <blob>=<NULL>
<...>
keychain: "/private/tmp/test.keychain"
class: 0x00000010
attributes:
0x00000000 <uint32>=0x00000010
0x00000001 <blob>="D9FF37113EB731A4"
0x00000002 <blob>=<NULL>
<...>
keychain: "/private/tmp/test.keychain"
class: 0x00000010
attributes:
0x00000000 <uint32>=0x00000010
0x00000001 <blob>="20047CA1D93A9DFC"
0x00000002 <blob>=<NULL>
<...>
In that case maybe it's just what the api does & we can ignore that problem
Anyway, looks good to me now, will merge when you're ready
I've tried to implement import of Keychain Items from both the row
File
andString
instances. I'm very new to this stuff and I haven't managed to allow trusting to all applications yet.@fcheung Please, review this code and give recommendations what I have to change here. I would be grateful if you could help me with that.
Currently it is working for me this way: