ruby-keychain 0.1.0

data/lib/keychain/protocols.rb

@@ -0,0 +1,43 @@
+
+# Procotol constants for use when creating/finding a Keychain::Item of type internet password
+#
+#
+module Keychain::Protocols
+  # @private
+  def self.attach_protocol name
+    Sec.send :attach_variable, name, :pointer
+    constant_name = name.to_s.gsub('kSecAttrProtocol', '').upcase
+    const_set constant_name, CF::Base.typecast(Sec.send(name))
+  end
+  attach_protocol :kSecAttrProtocolFTP
+  attach_protocol :kSecAttrProtocolFTPAccount
+  attach_protocol :kSecAttrProtocolHTTP
+  attach_protocol :kSecAttrProtocolIRC
+  attach_protocol :kSecAttrProtocolNNTP
+  attach_protocol :kSecAttrProtocolPOP3
+  attach_protocol :kSecAttrProtocolSMTP
+  attach_protocol :kSecAttrProtocolSOCKS
+  attach_protocol :kSecAttrProtocolIMAP
+  attach_protocol :kSecAttrProtocolLDAP
+  attach_protocol :kSecAttrProtocolAppleTalk
+  attach_protocol :kSecAttrProtocolAFP
+  attach_protocol :kSecAttrProtocolTelnet
+  attach_protocol :kSecAttrProtocolSSH
+  attach_protocol :kSecAttrProtocolFTPS
+  attach_protocol :kSecAttrProtocolHTTPS
+  attach_protocol :kSecAttrProtocolHTTPProxy
+  attach_protocol :kSecAttrProtocolHTTPSProxy
+  attach_protocol :kSecAttrProtocolFTPProxy
+  attach_protocol :kSecAttrProtocolSMB
+  attach_protocol :kSecAttrProtocolRTSP
+  attach_protocol :kSecAttrProtocolRTSPProxy
+  attach_protocol :kSecAttrProtocolDAAP
+  attach_protocol :kSecAttrProtocolEPPC
+  attach_protocol :kSecAttrProtocolIPP
+  attach_protocol :kSecAttrProtocolNNTPS
+  attach_protocol :kSecAttrProtocolLDAPS
+  attach_protocol :kSecAttrProtocolTelnetS
+  attach_protocol :kSecAttrProtocolIMAPS
+  attach_protocol :kSecAttrProtocolIRCS
+  attach_protocol :kSecAttrProtocolPOP3S
+end

data/lib/keychain/scope.rb

@@ -0,0 +1,131 @@
+# A scope that represents the search for a keychain item
+#
+#
+class Keychain::Scope
+  def initialize(kind, keychain=nil)
+    @kind = kind
+    @limit = nil
+    @keychains = [keychain]
+    @conditions = {}
+  end
+
+  # Adds conditions to the scope. Conditions are merged with any previously defined conditions.
+  #
+  # The set of possible keys for conditions is given by Sec::ATTR_MAP.values. The legal values for the :protocol key are the constants in
+  # Keychain::Protocols
+  #
+  # @param [Hash] conditions options to create the item with
+  # @option conditions [String] :account The account (user name)
+  # @option conditions [String] :comment A free text comment about the item
+  # @option conditions [Integer] :creator the item's creator, as the unsigned integer representation of a 4 char code
+  # @option conditions [String] :generic generic passwords can have a generic data attribute
+  # @option conditions [String] :invisible whether the item should be invisible
+  # @option conditions [String] :negative A negative item records that the user decided to never save a password
+  # @option conditions [String] :label A label for the item (Shown in keychain access)
+  # @option conditions [String] :path The path the password is associated with (internet passwords only)
+  # @option conditions [String] :port The path the password is associated with (internet passwords only)
+  # @option conditions [String] :port The protocol the password is associated with (internet passwords only)
+  #   Should be one of the constants at Keychain::Protocols  
+  # @option conditions [String] :domain the domain the password is associated with (internet passwords only)
+  # @option conditions [String] :server the host name the password is associated with (internet passwords only)
+  # @option conditions [String] :service the service the password is associated with (generic passwords only)
+  # @option conditions [Integer] :type the item's type, as the unsigned integer representation of a 4 char code
+  #
+  # @return [Keychain::Scope] Returns self as a convenience. The scope is modified in place
+  def where(conditions)
+    @conditions.merge! conditions
+    self
+  end
+
+  # Sets the number of items returned by the scope
+  #
+  # @param [Integer] value The maximum number of items to return
+  # @return [Keychain::Scope] Returns self as a convenience. The scope is modified in place
+  def limit value
+    @limit = value
+    self
+  end
+
+  # Set the list of keychains to search
+  #
+  # @param [Array<Keychain::Keychain>] keychains The maximum number of items to return
+  # @return [Keychain::Scope] Returns self as a convenience. The scope is modified in place
+  def in *keychains
+    @keychains = keychains.flatten
+    self
+  end
+
+  # Returns the first matching item in the scope 
+  #
+  # @return [Keychain::Item, nil]
+  def first
+    query = to_query
+    execute(query).first
+  end
+
+  # Returns an array containing all of the matching items
+  #
+  # @return [Array] The matching items. May be empty
+  def all
+    query = to_query
+    query[Sec::Search::LIMIT] = @limit ? @limit.to_cf : Sec::Search::ALL
+    execute query
+  end
+
+  # Creates a new keychain item
+  #
+  # @param [Hash] attributes options to create the item with
+  # @option attributes [String] :account The account (user name)
+  # @option attributes [String] :comment A free text comment about the item
+  # @option attributes [Integer] :creator the item's creator, as the unsigned integer representation of a 4 char code
+  # @option attributes [String] :generic generic passwords can have a generic data attribute
+  # @option attributes [String] :invisible whether the item should be invisible
+  # @option attributes [String] :negative A negative item records that the user decided to never save a password
+  # @option attributes [String] :label A label for the item (Shown in keychain access)
+  # @option attributes [String] :path The path the password is associated with (internet passwords only)
+  # @option attributes [String] :port The path the password is associated with (internet passwords only)
+  # @option attributes [String] :port The protocol the password is associated with (internet passwords only)
+  #   Should be one of the constants at Keychain::Protocols  
+  # @option attributes [String] :domain the domain the password is associated with (internet passwords only)
+  # @option attributes [String] :server the host name the password is associated with (internet passwords only)
+  # @option attributes [String] :service the service the password is associated with (generic passwords only)
+  # @option attributes [Integer] :type the item's type, as the unsigned integer representation of a 4 char code
+  #
+  # @return [Keychain::Item]
+  def create(attributes)
+    raise "You must specify a password" unless attributes[:password]
+
+    Keychain::Item.new(attributes.merge(:klass => @kind)).save!(:keychain => @keychains.first)
+  end
+
+  private
+
+  def execute query
+    result = FFI::MemoryPointer.new :pointer
+    status = Sec.SecItemCopyMatching(query, result)
+    if status == Sec.enum_value( :errSecItemNotFound)
+      return []
+    end
+    Sec.check_osstatus(status)
+    result = CF::Base.typecast(result.read_pointer).release_on_gc
+    unless result.is_a?(CF::Array)
+      result = CF::Array.immutable([result])
+    end
+    result.collect {|dictionary_of_attributes| Keychain::Item.from_dictionary_of_attributes(dictionary_of_attributes)}
+  end
+
+
+  def to_query
+    query = CF::Dictionary.mutable
+    @conditions.each do |k,v|
+      k = Sec::INVERSE_ATTR_MAP[k]
+      query[k] = v.to_cf
+    end
+
+    query[Sec::Query::CLASS] = @kind
+    query[Sec::Query::SEARCH_LIST] = CF::Array.immutable(@keychains) if @keychains && @keychains.any?
+    query[Sec::Query::RETURN_ATTRIBUTES] = CF::Boolean::TRUE
+    query[Sec::Query::RETURN_REF] = CF::Boolean::TRUE
+    query
+  end
+end

data/lib/keychain/sec.rb

@@ -0,0 +1,165 @@
+# The module to which FFI attaches constants
+module Sec
+  extend FFI::Library
+  ffi_lib '/System/Library/Frameworks/Security.framework/Security'
+
+  typedef :int32, :osstatus
+  typedef :pointer, :keychainref
+
+  enum [
+      :errSecItemNotFound, -25300,
+      :errSecDuplicateItem, -25299,
+      :errSecAuthFailed, -25293,
+      :errSecNoSuchKeychain, -25294,
+      :errCancelled, -128
+  ]
+
+  attach_variable 'kSecClassInternetPassword', :pointer
+  attach_variable 'kSecClassGenericPassword', :pointer
+
+  attach_variable 'kSecClass', :pointer
+
+  attach_variable 'kSecAttrAccess', :pointer
+  attach_variable 'kSecAttrAccount', :pointer
+  attach_variable 'kSecAttrAuthenticationType', :pointer
+  attach_variable 'kSecAttrComment', :pointer
+  attach_variable 'kSecAttrCreationDate', :pointer
+  attach_variable 'kSecAttrCreator', :pointer
+  attach_variable 'kSecAttrDescription', :pointer
+  attach_variable 'kSecAttrGeneric', :pointer
+  attach_variable 'kSecAttrIsInvisible', :pointer
+  attach_variable 'kSecAttrIsNegative', :pointer
+  attach_variable 'kSecAttrLabel', :pointer
+  attach_variable 'kSecAttrModificationDate', :pointer
+  attach_variable 'kSecAttrPath', :pointer
+  attach_variable 'kSecAttrPort', :pointer
+  attach_variable 'kSecAttrProtocol', :pointer
+  attach_variable 'kSecAttrSecurityDomain', :pointer
+  attach_variable 'kSecAttrServer', :pointer
+  attach_variable 'kSecAttrService', :pointer
+  attach_variable 'kSecAttrType', :pointer
+
+  attach_variable 'kSecMatchSearchList', :pointer
+
+  attach_variable 'kSecMatchLimit', :pointer
+  attach_variable 'kSecMatchLimitOne', :pointer
+  attach_variable 'kSecMatchLimitAll', :pointer
+  attach_variable 'kSecMatchItemList', :pointer
+  attach_variable 'kSecReturnAttributes', :pointer
+  attach_variable 'kSecReturnRef', :pointer
+  attach_variable 'kSecReturnData', :pointer
+
+  attach_variable 'kSecValueRef', :pointer
+  attach_variable 'kSecValueData', :pointer
+  attach_variable 'kSecUseKeychain', :pointer
+
+  
+
+  # map of kSecAttr* constants to the corresponding ruby name for the attribute
+  # Used in {Keychain::Item#attributes}}
+  ATTR_MAP = {
+    CF::Base.typecast(kSecAttrAccess) => :access,
+    CF::Base.typecast(kSecAttrAccount) => :account,
+    CF::Base.typecast(kSecAttrAuthenticationType) => :authentication_type,
+    CF::Base.typecast(kSecAttrComment) => :comment,
+    CF::Base.typecast(kSecAttrCreationDate) => :created_at,
+    CF::Base.typecast(kSecAttrCreator) => :creator,
+    CF::Base.typecast(kSecAttrDescription) => :description,
+    CF::Base.typecast(kSecAttrGeneric) => :generic,
+    CF::Base.typecast(kSecAttrIsInvisible) => :invisible,
+    CF::Base.typecast(kSecAttrIsNegative) => :negative,
+    CF::Base.typecast(kSecAttrLabel) => :label,
+    CF::Base.typecast(kSecAttrModificationDate) => :updated_at,
+    CF::Base.typecast(kSecAttrPath) => :path,
+    CF::Base.typecast(kSecAttrPort) => :port,
+    CF::Base.typecast(kSecAttrProtocol) => :protocol,
+    CF::Base.typecast(kSecAttrSecurityDomain) => :security_domain,
+    CF::Base.typecast(kSecAttrServer) => :server,
+    CF::Base.typecast(kSecAttrService) => :service,
+    CF::Base.typecast(kSecAttrType) => :type,
+    CF::Base.typecast(kSecClass)    => :klass
+  }
+
+  # Inverse of {ATTR_MAP}
+  INVERSE_ATTR_MAP = ATTR_MAP.invert
+
+  # Query options for use with SecCopyMatching, SecItemUpdate
+  #
+  module Query
+    #key identifying the class of an item (kSecClass)
+    CLASS = CF::Base.typecast(Sec.kSecClass)
+    #key speciying the list of keychains to search (kSecMatchSearchList)
+    SEARCH_LIST = CF::Base.typecast(Sec.kSecMatchSearchList)
+    #key indicating the list of specific keychain items to the scope the search to
+    ITEM_LIST = CF::Base.typecast(Sec.kSecMatchItemList)
+    #key indicating whether to return attributes (kSecReturnAttributes)
+    RETURN_ATTRIBUTES = CF::Base.typecast(Sec.kSecReturnAttributes)
+    #key indicating whether to return the SecKeychainItemRef (kSecReturnRef)
+    RETURN_REF = CF::Base.typecast(Sec.kSecReturnRef)
+    #key indicating whether to return the password data (kSecReturnData)
+    RETURN_DATA = CF::Base.typecast(Sec.kSecReturnData)
+    #key indicating which keychain to use for the operation (kSecUseKeychain)
+    KEYCHAIN = CF::Base.typecast(Sec.kSecUseKeychain)
+  end
+
+  # defines constants for use as the class of an item
+  module Classes
+    # constant identifiying generic passwords (kSecClassGenericPassword)
+    GENERIC =   CF::Base.typecast(Sec.kSecClassGenericPassword)
+    # constant identifying internet passwords (kSecClassInternetPassword)
+    INTERNET = CF::Base.typecast(Sec.kSecClassInternetPassword)
+  end
+
+  # Search match types for use with SecCopyMatching
+  module Search
+    #meta value for {Sec::Search::LIMIT} indicating that all items be returned (kSecMatchLimitAll)
+    ALL = CF::Base.typecast(Sec.kSecMatchLimitAll)
+    # hash key indicating the maximum number of items (kSecMatchLimit)
+    LIMIT = CF::Base.typecast(Sec.kSecMatchLimit)
+  end
+
+  # Constants for use with SecItemAdd/SecItemUpdate
+  module Value
+    # The hash key for the SecKeychainItemRef (in the dictionary returned by SecCopyMatching) (kSecValueRef)
+    REF = CF::Base.typecast(Sec.kSecValueRef)
+    # The hash key for the password data (in the dictionary returned by SecCopyMatching) (kSecValueData)
+    DATA = CF::Base.typecast(Sec.kSecValueData)
+  end
+
+
+  # The base class of all CF types from the security framework
+  #
+  # @abstract
+  class Base < CF::Base
+    #@private
+    def self.register_type(type_name)
+      Sec.attach_function "#{type_name}GetTypeID", [], CF.find_type(:cftypeid)
+      @@type_map[Sec.send("#{type_name}GetTypeID")] = self
+    end
+  end
+
+  # If the result is non-zero raises an exception.
+  #
+  # The exception will have the result code as well as a human readable description
+  # 
+  # @param [Integer] result the status code to check
+  # @raise [Keychain::Error] is the result is non zero
+  def self.check_osstatus result
+    if result != 0
+      case result
+      when Sec.enum_value(:errSecDuplicateItem)
+        raise Keychain::DuplicateItemError.new(result)
+      when Sec.enum_value(:errCancelled)
+        raise Keychain::UserCancelledError.new(result)
+      when Sec.enum_value(:errSecAuthFailed)
+        raise Keychain::AuthFailedError.new(result)
+      when Sec.enum_value(:errSecNoSuchKeychain)
+        raise Keychain::NoSuchKeychainError.new(result)
+      else
+        raise Keychain::Error.new(result)
+      end
+    end
+  end
+
+
+end

data/lib/keychain/version.rb

@@ -0,0 +1,4 @@
+module Keychain
+  # The current version string
+  VERSION = '0.1.0'
+end

data/spec/keychain_item_spec.rb

@@ -0,0 +1,67 @@
+require 'spec_helper'
+
+describe Keychain::Item do 
+  before(:each) do
+    @keychain = Keychain.create(File.join(Dir.tmpdir, "keychain_spec_#{Time.now.to_i}_#{Time.now.usec}_#{rand(1000)}.keychain"), 'pass')
+    @keychain.generic_passwords.create :service => 'some-service', :account => 'some-account', :password => 'some-password'
+  end
+
+  after(:each) do
+    @keychain.delete
+  end
+
+  def find_item
+    @keychain.generic_passwords.where(:service => 'some-service').first
+  end
+
+  subject {find_item}
+
+  describe 'keychain' do
+    it 'should return the keychain containing the item' do
+      subject.keychain.should == @keychain
+    end
+  end
+  
+  describe 'password' do
+    it 'should retrieve the password' do
+      subject.password.should == 'some-password'
+    end
+  end
+
+  describe 'service' do
+    it 'should retrieve the service' do
+      subject.service.should == 'some-service'
+    end
+  end
+
+  describe 'account' do
+    it 'should retrieve the account' do
+      subject.account.should == 'some-account'
+    end
+  end
+
+  describe 'created_at' do
+    it 'should retrieve the item creation date' do
+      subject.created_at.should be_within(2).of(Time.now)
+    end
+  end
+
+  describe 'save' do
+    it 'should update attributes and password' do
+      subject.password = 'new-password'
+      subject.account = 'new-account'
+      subject.save!
+
+      fresh = find_item
+      fresh.password.should == 'new-password'
+      fresh.account.should == 'new-account'
+    end
+  end
+
+  describe 'delete' do
+    it 'should remove the item from the keychain' do
+      subject.delete
+      find_item.should be_nil
+    end
+  end
+end

data/spec/keychain_spec.rb

@@ -0,0 +1,220 @@
+require 'spec_helper'
+
+describe Keychain do
+  describe 'default' do
+    it "should return the login keychain" do
+      Keychain.default.path.should == File.expand_path(File.join(ENV['HOME'], 'Library','Keychains', 'login.keychain'))
+    end
+  end
+
+  describe 'open' do
+    it 'should create a keychain reference to a path' do
+      keychain = Keychain.open(File.join(ENV['HOME'], 'Library','Keychains', 'login.keychain'))
+      keychain.path.should == Keychain.default.path
+    end
+  end
+
+  describe 'new' do
+    it 'should create the keychain' do
+      begin
+        keychain = Keychain.create(File.join(Dir.tmpdir, "other_keychain_spec_#{Time.now.to_i}_#{Time.now.usec}_#{rand(1000)}.keychain"),
+                            'password');
+        File.exists?(keychain.path).should be_true
+      ensure
+       keychain.delete
+      end
+    end
+  end
+
+  describe 'exists?' do
+    context 'the keychain exists' do
+      it 'should return true' do
+        Keychain.default.exists?.should be_true
+      end
+    end 
+
+    context 'the keychain does not exist' do
+      it 'should return false' do
+        k = Keychain.open('/some/path/that/does/not/exist')
+        k.exists?.should be_false
+      end
+    end
+  end
+
+  describe 'settings' do
+    before(:all) do
+      @keychain = Keychain.create(File.join(Dir.tmpdir, "keychain_spec_#{Time.now.to_i}_#{Time.now.usec}_#{rand(1000)}.keychain"), 'pass')
+    end
+
+    it 'should read/write lock_on_sleep' do
+      @keychain.lock_on_sleep = true
+      @keychain.lock_on_sleep?.should == true
+      @keychain.lock_on_sleep = false
+      @keychain.lock_on_sleep?.should == false
+    end
+
+    it 'should read/write lock_interval' do
+      @keychain.lock_interval = 12345
+      @keychain.lock_interval.should == 12345
+    end
+
+    after(:all) do
+      @keychain.delete
+    end
+  end
+
+  describe 'locking' do
+    context 'with a locked keychain' do
+      before :each do
+        @keychain = Keychain.create(File.join(Dir.tmpdir, "keychain_spec_#{Time.now.to_i}_#{Time.now.usec}_#{rand(1000)}.keychain"), 'pass')
+        @keychain.lock!
+      end
+
+      it 'should raise on invalid password' do
+        expect {@keychain.unlock! 'badpassword'}.to raise_error(Keychain::AuthFailedError)
+      end
+
+      it 'should unlock on valid password' do
+        @keychain.unlock! 'pass'
+        @keychain.should_not be_locked
+      end
+    end
+  end
+
+  shared_examples_for 'item collection' do
+
+    before(:each) do
+      @keychain_1 = Keychain.create(File.join(Dir.tmpdir, "other_keychain_spec_#{Time.now.to_i}_#{Time.now.usec}_#{rand(1000)}.keychain"), 'pass')
+      @keychain_2 = Keychain.create(File.join(Dir.tmpdir, "keychain_2_#{Time.now.to_i}_#{Time.now.usec}_#{rand(1000)}.keychain"), 'pass')
+      @keychain_3 = Keychain.create(File.join(Dir.tmpdir, "keychain_3_#{Time.now.to_i}_#{Time.now.usec}_#{rand(1000)}.keychain"), 'pass')
+
+      add_fixtures
+    end
+
+    after(:each) do
+      @keychain_1.delete
+      @keychain_2.delete
+      @keychain_3.delete
+    end
+    
+    describe('create') do
+      it 'should add a password' do
+        item =  @keychain_1.send(subject).create(create_arguments)
+        item.should be_a(Keychain::Item)
+        item.klass.should == expected_kind
+        item.password.should == 'some-password'
+      end
+
+      it 'should be findable' do        
+        @keychain_1.send(subject).create(create_arguments)
+        item = @keychain_1.send(subject).where(search_for_created_arguments).first
+        item.password.should == 'some-password'
+      end
+
+      context 'when a duplicate item exists' do
+        before(:each) do
+          @keychain_1.send(subject).create(create_arguments)
+        end
+
+        it 'should raise Keychain::DuplicateItemError' do
+          expect {@keychain_1.send(subject).create(create_arguments)}.to raise_error(Keychain::DuplicateItemError)
+        end
+      end
+    end
+
+    describe('all') do
+
+      context 'when the keychain does not contains a matching item' do
+        it 'should return []' do
+          @keychain_1.send(subject).where(search_arguments_with_no_results).all.should == []
+        end
+      end
+
+      it 'should return an array of results' do
+        item = @keychain_1.send(subject).where(search_arguments).all.first
+        item.should be_a(Keychain::Item)
+        item.password.should == 'some-password-1'
+      end
+
+      context 'searching all keychains' do
+        context 'when the keychain does contains matching items' do
+          it 'should return all of them' do
+            Keychain.send(subject).where(search_arguments_with_multiple_results).all.length.should == 3
+          end
+        end
+
+        context 'when the limit is option is set' do
+          it 'should limit the return set' do
+            Keychain.send(subject).where(search_arguments_with_multiple_results).limit(1).all.length.should == 1
+          end
+        end
+
+        context 'when a subset of keychains is specified' do
+          it 'should return items from those keychains' do
+            Keychain.send(subject).where(search_arguments_with_multiple_results).in(@keychain_1, @keychain_2).all.length.should == 2
+          end
+        end
+      end
+    end
+    describe 'first' do
+      context 'when the keychain does not contain a matching item' do
+        it 'should return nil' do
+          item = @keychain_1.send(subject).where(search_arguments_with_no_results).first.should be_nil
+        end
+      end
+
+      context 'when the keychain does contain a matching item' do
+        it 'should find it' do
+          item = @keychain_1.send(subject).where(search_arguments).first
+          item.should be_a(Keychain::Item)
+          item.password.should == 'some-password-1'
+        end
+      end
+
+      context 'when a different keychain contains a matching item' do
+        before(:each) do
+          item = @keychain_1.send(subject).create(create_arguments)
+        end
+
+        it 'should not find it' do
+          @keychain_2.send(subject).where(search_arguments).first.should be_nil
+        end
+      end
+    end
+  end
+
+  describe 'generic_passwords' do
+    subject { :generic_passwords }
+    let(:create_arguments){{:service => 'aservice', :account => 'anaccount-foo', :password =>'some-password'}}
+    let(:search_for_created_arguments){{:service => 'aservice'}}
+
+    let(:search_arguments){{:service => 'aservice-1'}}
+    let(:search_arguments_with_no_results){{:service => 'doesntexist'}}
+    let(:search_arguments_with_multiple_results){{:account => 'anaccount'}}
+    let(:expected_kind) {'genp'}
+
+    def add_fixtures
+      @keychain_1.generic_passwords.create(:service => 'aservice-1', :account => 'anaccount', :password => 'some-password-1')
+      @keychain_2.generic_passwords.create(:service => 'aservice-2', :account => 'anaccount', :password => 'some-password-2')
+      @keychain_3.generic_passwords.create(:service => 'aservice-2', :account => 'anaccount', :password => 'some-password-3')
+    end
+    it_behaves_like 'item collection'
+  end
+
+  describe 'internet_passwords' do
+    subject { :internet_passwords }
+    let(:create_arguments){{:server => 'dressipi.example.com', :account => 'anaccount-foo', :password =>'some-password', :protocol => Keychain::Protocols::HTTP}}
+    let(:search_for_created_arguments){{:server => 'dressipi.example.com', :protocol => Keychain::Protocols::HTTP}}
+    let(:search_arguments){{:server => 'dressipi-1.example.com', :protocol => Keychain::Protocols::HTTP}}
+    let(:search_arguments_with_no_results){{:server => 'dressipi.example.com'}}
+    let(:search_arguments_with_multiple_results){{:account => 'anaccount'}}
+    let(:expected_kind) {'inet'}
+
+    def add_fixtures
+      @keychain_1.internet_passwords.create(:server => 'dressipi-1.example.com', :account => 'anaccount', :password => 'some-password-1', :protocol => Keychain::Protocols::HTTP)
+      @keychain_2.internet_passwords.create(:server => 'dressipi-2.example.com', :account => 'anaccount', :password => 'some-password-2', :protocol => Keychain::Protocols::HTTP)
+      @keychain_3.internet_passwords.create(:server => 'dressipi-3.example.com', :account => 'anaccount', :password => 'some-password-3', :protocol => Keychain::Protocols::HTTP)
+    end
+    it_behaves_like 'item collection'
+  end
+end