keyring 0.3.1 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6a8467d964ad1c788df7e31c7ed552042ac376fa
-  data.tar.gz: 758fe7b413d3b898ddac9d3213e1f7d6cd9f7dfd
+  metadata.gz: d59fdf205915208c45349154db548ac71a6162f5
+  data.tar.gz: 2715a0cbc8bf7f24a2f11322af70d2ee70857dc6
 SHA512:
-  metadata.gz: fd42453e514c5ed351dfaa6311d94bd4f2ca53a239a16d7f40f5503856b9b361cdb7278c26f62bcacbb06c7c91c276b7dce76cdb79fd6e8cd383636283c22fc2
-  data.tar.gz: 7ee748c39df64d23c801aba72c9c4d48bc4a7fc793edfa25f7ad194f905cd1c18d8eac725c72a5800e5ad965e0f178b407df8661e4a50646d200be444a011708
+  metadata.gz: ab83ae87c6128614d1a47581d4ea725479bcf719a1644c6ac20dbcfa9164d7ac6e5ea357d5b2262fea75df9179c91bc2418cdd81e57664ca8d2a1e6fe6bc5473
+  data.tar.gz: bdb3d3d9a482b9f5a2b463685ad430f673078ce59813f096d1fd81cec3e06c1d1b2a9021404a120459ae87a15f911c44cd16b604ba9088f2d612238e8732f8c5

data/Gemfile

@@ -5,3 +5,13 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in keyring.gemspec
 gemspec
+
+# Duplicated contents of ext/mkrf_conf.rb here - afaict, the
+# spec.extensions stuff in the gemspec file doesn't run on a 
+# bundle install
+
+gem 'ruby-keychain', '~> 0.3.2'
+
+group :test, :development do
+  gem 'test-unit'
+end

data/README.md

@@ -20,33 +20,43 @@ Additional keyring services we'd like to support:
 
 Add this line to your application's Gemfile:
 
-    gem 'keyring'
+```ruby
+gem 'keyring'
+```
 
 And then execute:
 
-    $ bundle
+```shell
+$ bundle
+```
 
 Or install it yourself as:
 
-    $ gem install keyring
+```shell
+$ gem install keyring
+```
 
 ## Usage
 
-The basic usage of keyring is simple: just call Keyring#set_password and
-Keyring#get_password:
+The basic usage of keyring is simple: just call `Keyring#set_password` and
+`Keyring#get_password`:
 
-    require 'keyring'
-    keyring = Keyring.new
-    keyring.set_password('service', 'username', 'password')
-    password = keyring.get_password('service', 'username')
-    keyring.delete_password('service', 'username')
+```ruby
+require 'keyring'
+keyring = Keyring.new
+keyring.set_password('service', 'username', 'password')
+password = keyring.get_password('service', 'username')
+keyring.delete_password('service', 'username')
+```
 
-'service' is an arbitrary string identifying your application.
+`'service'` is an arbitrary string identifying your application.
 
 By default keyring will attempt to pick the best backend supported on your system.  You can specify a particular backend:
 
-    require 'keyring'
-    keyring = Keyring.new(Keyring::Backend::Memory.new)
+```ruby
+require 'keyring'
+keyring = Keyring.new(Keyring::Backend::Memory.new)
+```
 
 ## Platform notes
 
@@ -56,7 +66,7 @@ requires the introspection bindings to be installed (as well as gnome-keyring).
 
 ## Credits
 
-Copyright 2013-2014, Jason Heiss, wvengen
+Copyright 2013-2016, Jason Heiss, wvengen, jtopper
 
 Inspired by the keyring library for Python:
 https://bitbucket.org/kang/python-keyring-lib

data/ext/mkrf_conf.rb

@@ -9,10 +9,17 @@ rescue NoMethodError
 end 
 inst = Gem::DependencyInstaller.new
 begin
+
   if RUBY_PLATFORM =~ /linux/
     warn "*linux: installing gir_ffi-gnome_keyring..."
     inst.install "gir_ffi-gnome_keyring", '~> 0.0.3'
   end
+
+  if RUBY_PLATFORM =~ /darwin10/
+    warn '*osx: installing ruby-keychain'
+    inst.install 'ruby-keychain', '~> 0.3.2'
+  end
+
 rescue
   exit(1)
 end 

data/keyring.gemspec

@@ -27,7 +27,5 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'slop', "< 4.0"
 
   spec.extensions = %w[ext/mkrf_conf.rb]
-  # if RUBY_PLATFORM =~ /linux/
-  #   spec.add_dependency 'gir_ffi-gnome_keyring', '~> 0.0.3'
-  # end
+
 end

data/lib/keyring/backends/macosx_keychain.rb

@@ -4,92 +4,70 @@
 # This is a keyring backend for the Apple Keychain
 # http://en.wikipedia.org/wiki/Keychain_(Apple)
 
-# Consider switching to ruby-keychain gem to avoid password in command line
-# https://rubygems.org/gems/ruby-keychain
-# https://github.com/fcheung/keychain
-
-require 'open3'
-
 class Keyring::Backend::MacosxKeychain < Keyring::Backend
+
   register_implementation(self)
-  
-  attr_accessor :security
+
   def initialize
-    @security = '/usr/bin/security'
+    require 'keychain'
+  rescue LoadError
   end
+
   def supported?
-    File.exist?(@security) && `#{@security} -h`.include?('find-generic-password')
+    defined?(::Keychain) && true
   end
+
   def priority
     1
   end
-  
-  def security_command(operation)
-    "#{operation}-generic-password"
-  end
+
+  # NB: Uses default keychain for everything.
+  # This is consistent with the GnomeKeyring implementation
+  # No mechanism is provided in the API to support alternative
+  # keyring files.
   
   def set_password(service, username, password)
-    cmd = [
-      @security,
-      security_command('add'),
-      '-s', service,
-      '-a', username,
-      # FIXME: password in command line, sad panda!
-      '-w', password,
-      '-U',
-    ]
-    system(*cmd)
-    if !$?.success?
-      raise
-    end
+
+    Keychain.generic_passwords.create(
+      :service  => service,
+      :password => password,
+      :account  => username,
+    )
+
+    return true
+
+  rescue Keychain::Error
+    return false
+  rescue KeychainDuplicateItemError
+    return true
   end
+
   def get_password(service, username)
-    password = nil
-    cmd = [
-      @security,
-      security_command('find'),
-      '-s', service,
-      '-a', username,
-      '-g',
-      # '-w',
-    ]
-    Open3.popen3(*cmd) do |stdin, stdout, stderr, wait_thr|
-      stderr.each do |line|
-        if line =~ /\Apassword: (.*)/
-          pw = $1
-          if pw == ''
-            password = pw
-          elsif pw =~ /\A"(.*)"\z/
-            password = $1
-          elsif pw =~ /\A0x(\h+)/
-            password = [$1].pack("H*")
-          end
-        end
-      end
-      # security exits with 44 if the entry does not exist.  We just want to return
-      # nil rather than raise an exception in that case.
-      if ![0,44].include?(wait_thr.value.exitstatus)
-        raise
-      end
-    end
-    password
+
+    scope = Keychain.generic_passwords.where( 
+      :service  => service, 
+      :account  => username,
+    )
+
+    return false if scope.nil?
+    return false if scope.first.nil?
+
+    scope.first.password
+
   end
+
   def delete_password(service, username)
-    cmd = [
-      @security,
-      security_command('delete'),
-      '-s', service,
-      '-a', username,
-    ]
-    Open3.popen3(*cmd) do |stdin, stdout, stderr, wait_thr|
-      case wait_thr.value.exitstatus
-      when 0
-        return true
-      when 44
-        return false
-      else
-        raise
-      end
-    end
+
+    scope = Keychain.generic_passwords.where(
+      :service  => service,
+      :account  => username,
+    )
+
+    return false if scope.nil?
+    return false if scope.first.nil?
+
+    scope.first.delete
+
   end
+
 end

data/lib/keyring/version.rb

@@ -2,5 +2,5 @@
 # License: MIT (http://www.opensource.org/licenses/mit-license.php)
 
 class Keyring
-  VERSION = "0.3.1"
+  VERSION = "0.4.0"
 end

data/test/test_backend_macosx_keychain.rb

@@ -1,73 +1,56 @@
 # keyring:  System keyring abstraction library
 # License: MIT (http://www.opensource.org/licenses/mit-license.php)
 
-require File.expand_path('keyring_tests', File.dirname(__FILE__))
+# These tests require Gnome Keyring to be installed and are skipped otherwise
+
 require 'test/unit'
 require 'mocha/setup'
 require 'keyring'
 
-class KeyringBackendMacosxKeychainTests < Test::Unit::TestCase
-  include KeyringTestConstants
-  
-  def setup
-    @backend = Keyring::Backend::MacosxKeychain.new
-  end
-  
-  def test_supported
-    @backend.security = File.join(TESTCMDDIR, 'macosx/security-wronghelp')
-    refute @backend.supported?
-    @backend.security = File.join(TESTCMDDIR, 'macosx/bogus')
-    refute @backend.supported?
-    @backend.security = File.join(TESTCMDDIR, 'macosx/security-righthelp')
-    assert @backend.supported?
-  end
-  def test_priority
-    assert_equal 1, @backend.priority
-  end
-  
-  def test_security_command
-    assert_equal 'add-generic-password', @backend.security_command('add')
-    assert_equal 'find-generic-password', @backend.security_command('find')
-    assert_equal 'delete-generic-password', @backend.security_command('delete')
-  end
-  
-  def test_set_password
-    @backend.expects(:system).with(
-      '/usr/bin/security', 'add-generic-password', '-s', 'service', '-a', 'username', '-w', 'password', '-U')
-    # We need to set $? to make up for the fact that system was not actually run
-    # FIXME: surely there's a better way?
-    `true`
-    @backend.set_password('service', 'username', 'password')
-  end
-  
-  def test_get_password
-    @backend.security = File.join(TESTCMDDIR, 'macosx/security-find')
-    assert_equal 'password', @backend.get_password('service', 'username')
-  end
-  def test_get_password_hex
-    @backend.security = File.join(TESTCMDDIR, 'macosx/security-findhex')
-    assert_equal "\0100\0101\0100\0101\0100\0101\0100\0101", @backend.get_password('service', 'hexuser')
-  end
-  def test_get_password_empty
-    @backend.security = File.join(TESTCMDDIR, 'macosx/security-findempty')
-    assert_equal '', @backend.get_password('service', 'emptyuser')
-  end
-  def test_get_password_notfound
-    @backend.security = File.join(TESTCMDDIR, 'macosx/security-notfound')
-    assert_nil @backend.get_password('bogus', 'bogus')
-  end
-  
-  def test_delete_password_options
-    Open3.expects(:popen3).with(
-      '/usr/bin/security', 'delete-generic-password', '-s', 'service', '-a', 'username')
-    @backend.delete_password('service', 'username')
-  end
-  def test_delete_password_output
-    @backend.security = File.join(TESTCMDDIR, 'macosx/security-delete')
-    assert @backend.delete_password('service', 'gooduser')
-  end
-  def test_delete_password_errors
-    @backend.security = File.join(TESTCMDDIR, 'macosx/security-notfound')
-    refute @backend.delete_password('bogus', 'bogus')
+begin
+  require 'keychain'
+
+  class KeyringBackendMacosxKeychainTests < Test::Unit::TestCase  
+
+    def setup
+      @backend = Keyring::Backend::MacosxKeychain.new
+      @backend.delete_password('KeyringBackendMacosxKeychainTests', 'username')
+    end
+
+    def teardown
+      @backend.delete_password('KeyringBackendMacosxKeychainTests', 'username')
+    end
+
+    def test_supported
+      assert @backend.supported?
+    end
+
+    def test_priority
+      assert_equal 1, @backend.priority
+    end
+
+    def test_no_default_password
+      refute @backend.get_password('KeyringBackendMacosxKeychainTests', 'username')
+    end
+
+    def test_set_password
+      @backend.set_password('KeyringBackendMacosxKeychainTests', 'username', 'password')
+      assert_equal 'password', @backend.get_password('KeyringBackendMacosxKeychainTests', 'username')
+    end
+
+    def test_delete_nonexistent_password
+      refute @backend.delete_password('KeyringBackendMacosxKeychainTests', 'username')
+    end
+
+    def test_delete_existing_password
+      @backend.set_password('KeyringBackendMacosxKeychainTests', 'username', 'password')
+      @backend.delete_password('KeyringBackendMacosxKeychainTests', 'username')
+      refute @backend.get_password('KeyringBackendMacosxKeychainTests', 'username')
+    end
+
   end
+
+
+rescue LoadError
+  puts "Skipping MacosxKeychain tests because the native bindings could not be loaded."
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: keyring
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.4.0
 platform: ruby
 authors:
 - Jason Heiss
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-09 00:00:00.000000000 Z
+date: 2016-09-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -99,16 +99,6 @@ files:
 - test/test_backend_memory.rb
 - test/test_cli.rb
 - test/test_keyring.rb
-- test/testcmds/macosx/binary
-- test/testcmds/macosx/emptything
-- test/testcmds/macosx/random
-- test/testcmds/macosx/security-delete
-- test/testcmds/macosx/security-find
-- test/testcmds/macosx/security-findempty
-- test/testcmds/macosx/security-findhex
-- test/testcmds/macosx/security-notfound
-- test/testcmds/macosx/security-righthelp
-- test/testcmds/macosx/security-wronghelp
 homepage: https://github.com/jheiss/keyring
 licenses:
 - MIT
@@ -141,13 +131,3 @@ test_files:
 - test/test_backend_memory.rb
 - test/test_cli.rb
 - test/test_keyring.rb
-- test/testcmds/macosx/binary
-- test/testcmds/macosx/emptything
-- test/testcmds/macosx/random
-- test/testcmds/macosx/security-delete
-- test/testcmds/macosx/security-find
-- test/testcmds/macosx/security-findempty
-- test/testcmds/macosx/security-findhex
-- test/testcmds/macosx/security-notfound
-- test/testcmds/macosx/security-righthelp
-- test/testcmds/macosx/security-wronghelp

data/test/testcmds/macosx/binary

@@ -1 +0,0 @@
-01010101

data/test/testcmds/macosx/emptything

@@ -1 +0,0 @@
-password: 

data/test/testcmds/macosx/random

@@ -1 +0,0 @@
-ô%A���t;.	u�@r

data/test/testcmds/macosx/security-delete

@@ -1,27 +0,0 @@
-#!/bin/sh
-# keyring:  System keyring abstraction library
-# License: MIT (http://www.opensource.org/licenses/mit-license.php)
-
-cat <<-EOF
-keychain: "/Users/jheiss/Library/Keychains/login.keychain"
-class: "genp"
-attributes:
-    0x00000007 <blob>="service"
-    0x00000008 <blob>=<NULL>
-    "acct"<blob>="username"
-    "cdat"<timedate>=0x32303133313132303233353532395A00  "20131120235529Z\000"
-    "crtr"<uint32>=<NULL>
-    "cusi"<sint32>=<NULL>
-    "desc"<blob>=<NULL>
-    "gena"<blob>=<NULL>
-    "icmt"<blob>=<NULL>
-    "invi"<sint32>=<NULL>
-    "mdat"<timedate>=0x32303133313132313232353534395A00  "20131121225549Z\000"
-    "nega"<sint32>=<NULL>
-    "prot"<blob>=<NULL>
-    "scrp"<sint32>=<NULL>
-    "svce"<blob>="service"
-    "type"<uint32>=<NULL>
-EOF
-
-printf "password has been deleted.\n" >&2

data/test/testcmds/macosx/security-find

@@ -1,26 +0,0 @@
-#!/bin/sh
-# keyring:  System keyring abstraction library
-# License: MIT (http://www.opensource.org/licenses/mit-license.php)
-
-cat <<-EOF
-keychain: "/Users/example/Library/Keychains/login.keychain"
-class: "genp"
-attributes:
-    0x00000007 <blob>="service"
-    0x00000008 <blob>=<NULL>
-    "acct"<blob>="username"
-    "cdat"<timedate>=0x32303133313132303233353532395A00  "20131120235529Z\000"
-    "crtr"<uint32>=<NULL>
-    "cusi"<sint32>=<NULL>
-    "desc"<blob>=<NULL>
-    "gena"<blob>=<NULL>
-    "icmt"<blob>=<NULL>
-    "invi"<sint32>=<NULL>
-    "mdat"<timedate>=0x32303133313132313132343834315A00  "20131121124841Z\000"
-    "nega"<sint32>=<NULL>
-    "prot"<blob>=<NULL>
-    "scrp"<sint32>=<NULL>
-    "svce"<blob>="service"
-    "type"<uint32>=<NULL>
-EOF
-printf "password: \"password\"\n" >&2

data/test/testcmds/macosx/security-findempty

@@ -1,26 +0,0 @@
-#!/bin/sh
-# keyring:  System keyring abstraction library
-# License: MIT (http://www.opensource.org/licenses/mit-license.php)
-
-cat <<-EOF
-keychain: "/Users/example/Library/Keychains/login.keychain"
-class: "genp"
-attributes:
-    0x00000007 <blob>="service"
-    0x00000008 <blob>=<NULL>
-    "acct"<blob>="emptyuser"
-    "cdat"<timedate>=0x32303133313132303233353532395A00  "20131120235529Z\000"
-    "crtr"<uint32>=<NULL>
-    "cusi"<sint32>=<NULL>
-    "desc"<blob>=<NULL>
-    "gena"<blob>=<NULL>
-    "icmt"<blob>=<NULL>
-    "invi"<sint32>=<NULL>
-    "mdat"<timedate>=0x32303133313132313132343834315A00  "20131121124841Z\000"
-    "nega"<sint32>=<NULL>
-    "prot"<blob>=<NULL>
-    "scrp"<sint32>=<NULL>
-    "svce"<blob>="service"
-    "type"<uint32>=<NULL>
-EOF
-printf "password: \n" >&2

data/test/testcmds/macosx/security-findhex

@@ -1,26 +0,0 @@
-#!/bin/sh
-# keyring:  System keyring abstraction library
-# License: MIT (http://www.opensource.org/licenses/mit-license.php)
-
-cat <<-EOF
-keychain: "/Users/example/Library/Keychains/login.keychain"
-class: "genp"
-attributes:
-    0x00000007 <blob>="service"
-    0x00000008 <blob>=<NULL>
-    "acct"<blob>="hexuser"
-    "cdat"<timedate>=0x32303133313132303233353532395A00  "20131120235529Z\000"
-    "crtr"<uint32>=<NULL>
-    "cusi"<sint32>=<NULL>
-    "desc"<blob>=<NULL>
-    "gena"<blob>=<NULL>
-    "icmt"<blob>=<NULL>
-    "invi"<sint32>=<NULL>
-    "mdat"<timedate>=0x32303133313132313132343834315A00  "20131121124841Z\000"
-    "nega"<sint32>=<NULL>
-    "prot"<blob>=<NULL>
-    "scrp"<sint32>=<NULL>
-    "svce"<blob>="service"
-    "type"<uint32>=<NULL>
-EOF
-printf "password: 0x08300831083008310830083108300831  \"\0100\0101\0100\0101\0100\0101\0100\0101\"\n" >&2

data/test/testcmds/macosx/security-notfound

@@ -1,6 +0,0 @@
-#!/bin/sh
-# keyring:  System keyring abstraction library
-# License: MIT (http://www.opensource.org/licenses/mit-license.php)
-
-printf "security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.\n" >&2
-exit 44

data/test/testcmds/macosx/security-righthelp

@@ -1,51 +0,0 @@
-#!/bin/sh
-# keyring:  System keyring abstraction library
-# License: MIT (http://www.opensource.org/licenses/mit-license.php)
-
-# The help output really is indented with spaces like this
-cat <<-EOF
-    help              Show all commands, or show usage for a command.
-    list-keychains    Display or manipulate the keychain search list.
-    default-keychain  Display or set the default keychain.
-    login-keychain    Display or set the login keychain.
-    create-keychain   Create keychains and add them to the search list.
-    delete-keychain   Delete keychains and remove them from the search list.
-    lock-keychain     Lock the specified keychain.
-    unlock-keychain   Unlock the specified keychain.
-    set-keychain-settings Set settings for a keychain.
-    set-keychain-password Set password for a keychain.
-    show-keychain-info Show the settings for keychain.
-    dump-keychain     Dump the contents of one or more keychains.
-    create-keypair    Create an asymmetric key pair.
-    add-generic-password Add a generic password item.
-    add-internet-password Add an internet password item.
-    add-certificates  Add certificates to a keychain.
-    find-generic-password Find a generic password item.
-    delete-generic-password Delete a generic password item.
-    find-internet-password Find an internet password item.
-    delete-internet-password Delete an internet password item.
-    find-certificate  Find a certificate item.
-    find-identity     Find an identity (certificate + private key).
-    delete-certificate Delete a certificate from a keychain.
-    set-identity-preference Set the preferred identity to use for a service.
-    get-identity-preference Get the preferred identity to use for a service.
-    create-db         Create a db using the DL.
-    export            Export items from a keychain.
-    import            Import items into a keychain.
-    cms               Encode or decode CMS messages.
-    install-mds       Install (or re-install) the MDS database.
-    add-trusted-cert  Add trusted certificate(s).
-    remove-trusted-cert Remove trusted certificate(s).
-    dump-trust-settings Display contents of trust settings.
-    user-trust-settings-enable Display or manipulate user-level trust settings.
-    trust-settings-export Export trust settings.
-    trust-settings-import Import trust settings.
-    verify-cert       Verify certificate(s).
-    authorize         Perform authorization operations.
-    authorizationdb   Make changes to the authorization policy database.
-
-    execute-with-privileges Execute tool with privileges.
-    leaks             Run /usr/bin/leaks on this process.
-    error             Display a descriptive message for the given error code(s).
-    create-filevaultmaster-keychain Create a keychain containing a key pair for FileVault recovery use.
-EOF

data/test/testcmds/macosx/security-wronghelp

@@ -1,7 +0,0 @@
-#!/bin/sh
-# keyring:  System keyring abstraction library
-# License: MIT (http://www.opensource.org/licenses/mit-license.php)
-
-cat <<-EOF
-This is help output for a different command
-EOF