ruby-keychain 0.2.1 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7aa43e0604719f92cc6fbb6384cbd834d676e2f0
-  data.tar.gz: 44f35722ea27e51690af50eaa7ac39fbc47ac299
+  metadata.gz: f322cf88ad0e198a1c6a869188ae692bae81af38
+  data.tar.gz: c26a017ef9ed99821844d0943b697367b10caff6
 SHA512:
-  metadata.gz: 74e1561b0e7484444dcba43867552aab54fa050d5751dafdd4c342d1b946358df987bc4d22413825e939e7381b9e8711828f668618ce039d68e15b55f810a815
-  data.tar.gz: 8c1fe492ea5bd3ec6e1188a7d0a9635949545e4d0972684f470cace3bda273004a10a468875fc423bbd248b94144130821c65e91481036cf553049c1899cc85a
+  metadata.gz: 7c3375d692838ca66ed6b89cccae65e93ee738ead6371bac4b32e9facd7407f157189f3288d75f19c91719dc5f62a44eba5f3e4d5da223e605b775591fe89ae5
+  data.tar.gz: f309869ceeeb3b9f9a3294089ba1f40c3c80fda4c41a6ffaab997f5274391a383f02325992107b65af2ffe0f8467b4ccdde40eab81f10651a1b8407ca7dcd018

data/lib/keychain/certificate.rb

@@ -18,8 +18,7 @@ end
 class Keychain::Certificate < Sec::Base
   register_type 'SecCertificate'
 
-  ATTR_MAP = {CF::Base.typecast(Sec::kSecAttrAccessible) => :accessible,
-              CF::Base.typecast(Sec::kSecAttrAccessGroup) => :access_group,
+  ATTR_MAP = {CF::Base.typecast(Sec::kSecAttrAccessGroup) => :access_group,
               CF::Base.typecast(Sec::kSecAttrCertificateType) => :certificate_type,
               CF::Base.typecast(Sec::kSecAttrCertificateEncoding) => :certificate_encoding,
               CF::Base.typecast(Sec::kSecAttrLabel) => :label,
@@ -29,6 +28,7 @@ class Keychain::Certificate < Sec::Base
               CF::Base.typecast(Sec::kSecAttrSubjectKeyID) => :subject_key_id,
               CF::Base.typecast(Sec::kSecAttrPublicKeyHash) => :public_key_hash}
 
+  ATTR_MAP[CF::Base.typecast(Sec::kSecAttrAccessible)] = :accessible if defined?(Sec::kSecAttrAccessible)
   ATTR_MAP[CF::Base.typecast(Sec::kSecAttrAccessControl)] = :access_control if defined?(Sec::kSecAttrAccessControl)
 
   INVERSE_ATTR_MAP = ATTR_MAP.invert
@@ -43,7 +43,7 @@ class Keychain::Certificate < Sec::Base
     status = Sec.SecCertificateCopyPublicKey(self, key_ref)
     Sec.check_osstatus(status)
 
-    Keychain::Key.new(key_ref.read_pointer)
+    Keychain::Key.new(key_ref.read_pointer).release_on_gc
   end
 
   def x509

data/lib/keychain/identity.rb

@@ -25,7 +25,7 @@ class Keychain::Identity < Sec::Base
     status = Sec.SecIdentityCopyCertificate(self, certificate_ref)
     Sec.check_osstatus(status)
 
-    Keychain::Certificate.new(certificate_ref.read_pointer)
+    Keychain::Certificate.new(certificate_ref.read_pointer).release_on_gc
   end
 
   def private_key
@@ -33,7 +33,7 @@ class Keychain::Identity < Sec::Base
     status = Sec.SecIdentityCopyPrivateKey(self, key_ref)
     Sec.check_osstatus(status)
 
-    Keychain::Key.new(key_ref.read_pointer)
+    Keychain::Key.new(key_ref.read_pointer).release_on_gc
   end
 
   def pkcs12(passphrase='')

data/lib/keychain/item.rb

@@ -84,7 +84,7 @@ class Keychain::Item < Sec::Base
                                       Sec::Query::CLASS => self.klass,
                                       Sec::Query::RETURN_DATA => true}.to_cf, out_buffer)
     Sec.check_osstatus(status)
-    CF::Base.typecast(out_buffer.read_pointer).to_s
+    CF::Base.typecast(out_buffer.read_pointer).release_on_gc.to_s
   end
 
   # Attempts to update the keychain with any changes made to the item

data/lib/keychain/key.rb

@@ -1,5 +1,8 @@
 module Sec
-  attach_variable 'kSecAttrAccessible', :pointer
+  begin
+    attach_variable 'kSecAttrAccessible', :pointer
+  rescue FFI::NotFoundError #Only available in 10.9
+  end
 
   begin
     attach_variable 'kSecAttrAccessControl', :pointer
@@ -56,13 +59,18 @@ module Sec
   end
 
   attach_function 'SecItemExport', [:pointer, :SecExternalFormat, :SecItemImportExportFlags, :pointer, :pointer], :osstatus
+  attach_function 'SecItemImport', [:pointer, :pointer,
+                                    :SecExternalFormat,
+                                    :SecExternalItemType,
+                                    :SecItemImportExportFlags,
+                                    :pointer, :pointer, :pointer], :osstatus
+
 end
 
 class Keychain::Key < Sec::Base
   register_type 'SecKey'
 
-  ATTR_MAP = {CF::Base.typecast(Sec::kSecAttrAccessible) => :accessible,
-              CF::Base.typecast(Sec::kSecAttrAccessGroup) => :access_group,
+  ATTR_MAP = {CF::Base.typecast(Sec::kSecAttrAccessGroup) => :access_group,
               CF::Base.typecast(Sec::kSecAttrKeyClass) => :key_class,
               CF::Base.typecast(Sec::kSecAttrLabel) => :label,
               CF::Base.typecast(Sec::kSecAttrApplicationLabel) => :application_label,
@@ -79,6 +87,7 @@ class Keychain::Key < Sec::Base
               CF::Base.typecast(Sec::kSecAttrCanWrap) => :can_wrap,
               CF::Base.typecast(Sec::kSecAttrCanUnwrap) => :can_unwrap}
 
+  ATTR_MAP[CF::Base.typecast(Sec::kSecAttrAccessible)] = :accessible if defined?(Sec::kSecAttrAccessible)
   ATTR_MAP[CF::Base.typecast(Sec::kSecAttrAccessControl)] = :access_control if defined?(Sec::kSecAttrAccessControl)
 
   INVERSE_ATTR_MAP = ATTR_MAP.invert

data/lib/keychain/keychain.rb

@@ -1,5 +1,15 @@
 
 module Sec
+  enum :SecExternalItemType, [:kSecItemTypeUnknown ,
+                              :kSecItemTypePrivateKey,
+                              :kSecItemTypePublicKey,
+                              :kSecItemTypeSessionKey,
+                              :kSecItemTypeCertificate,
+                              :kSecItemTypeAggregate]
+
+  attach_function 'SecAccessCreate', [:pointer, :pointer, :pointer], :osstatus
+  attach_function 'SecTrustedApplicationCreateFromPath', [:string, :pointer], :osstatus
+
   attach_function 'SecKeychainCopyDefault', [:pointer], :osstatus
   attach_function 'SecKeychainDelete', [:keychainref], :osstatus
   attach_function 'SecKeychainOpen', [:string, :pointer], :osstatus
@@ -19,6 +29,14 @@ module Sec
             :lock_interval, :uint32
   end
 
+  class Keychain::TrustedApplication < Sec::Base
+    register_type 'SecTrustedApplication'
+  end
+
+  class Keychain::Access < Sec::Base
+    register_type 'SecAccess'
+  end
+
   attach_function 'SecKeychainSetSettings', [:keychainref, KeychainSettings], :osstatus
   attach_function 'SecKeychainCopySettings', [:keychainref, KeychainSettings], :osstatus
 
@@ -50,7 +68,7 @@ module Keychain
       list = FFI::MemoryPointer.new(:pointer)
       status = Sec.SecKeychainCopySearchList(list)
       Sec.check_osstatus(status)
-      ruby_list = CF::Base.typecast(list.read_pointer).to_ruby
+      ruby_list = CF::Base.typecast(list.read_pointer).release_on_gc.to_ruby
       ruby_list << self unless ruby_list.include?(self)
       status = Sec.SecKeychainSetSearchList(CF::Array.immutable(ruby_list))
       Sec.check_osstatus(status)
@@ -102,6 +120,39 @@ module Keychain
       Scope.new(Sec::Classes::GENERIC, self)
     end
 
+    # Imports item from string or file to this keychain
+    #
+    # @param [IO, String] input IO object or String with raw data to import
+    # @param [Array <String>] app_list List of applications which will be
+    # permitted to access imported items
+    # @return [Array <SecKeychainItem>] List of imported keychain objects,
+    # each of which may be a SecCertificate, SecKey, or SecIdentity instance
+    def import(input, app_list=[])
+      input = input.read if input.is_a? IO
+
+      # Create array of TrustedApplication objects
+      trusted_apps = get_trusted_apps(app_list)
+
+      # Create an Access object
+      access_buffer = FFI::MemoryPointer.new(:pointer)
+      status = Sec.SecAccessCreate(path.to_cf, trusted_apps, access_buffer)
+      Sec.check_osstatus status
+      access = CF::Base.typecast(access_buffer.read_pointer)
+
+      key_params = Sec::SecItemImportExportKeyParameters.new
+      key_params[:accessRef] = access
+
+      # Import item to the keychain
+      cf_data = CF::Data.from_string(input).release_on_gc
+      cf_array = FFI::MemoryPointer.new(:pointer)
+      status = Sec.SecItemImport(cf_data, nil, :kSecFormatUnknown, :kSecItemTypeUnknown, :kSecItemPemArmour, key_params, self, cf_array)
+      access.release
+      Sec.check_osstatus status
+      item_array = CF::Base.typecast(cf_array.read_pointer).release_on_gc
+
+      item_array.to_ruby
+    end
+
     # returns a description of the keychain
     # @return [String]
     def inspect
@@ -198,6 +249,17 @@ module Keychain
       settings
     end
 
+    def get_trusted_apps apps
+      trusted_app_array = apps.map do |path|
+        trusted_app_buffer = FFI::MemoryPointer.new(:pointer)
+        status = Sec.SecTrustedApplicationCreateFromPath(
+          path.encode(Encoding::UTF_8), trusted_app_buffer)
+        Sec.check_osstatus(status)
+        CF::Base.typecast(trusted_app_buffer.read_pointer).release_on_gc
+      end
+      trusted_app_array.to_cf
+    end
+
     def put_settings settings
       status = Sec.SecKeychainSetSettings(self, settings)
       Sec.check_osstatus status

data/lib/keychain/sec.rb

@@ -163,7 +163,7 @@ module Sec
                                         Sec::Query::RETURN_REF => false}.to_cf, result)
       Sec.check_osstatus(status)
 
-      cf_dict = CF::Base.typecast(result.read_pointer)
+      cf_dict = CF::Base.typecast(result.read_pointer).release_on_gc
       update_self_from_dictionary(cf_dict)
     end
   end

data/lib/keychain/version.rb

@@ -1,4 +1,4 @@
 module Keychain
   # The current version string
-  VERSION = '0.2.1'
+  VERSION = '0.3.0'
 end

data/spec/keychain_spec.rb

@@ -57,6 +57,28 @@ describe Keychain do
     end
   end
 
+  describe 'import' do
+    before(:all) do
+      @keychain = Keychain.create(File.join(Dir.tmpdir, "keychain_spec_#{Time.now.to_i}_#{Time.now.usec}_#{rand(1000)}.keychain"), 'pass')
+      @rsa_key = OpenSSL::PKey::RSA.new(2048).to_s
+    end
+
+    it 'should import item to the keychain' do
+      imported_key = @keychain.import(@rsa_key, ['/usr/bin/codesign']).first
+      imported_key.load_attributes
+      found_key = Keychain::Scope.new(Sec::Classes::KEY, @keychain).all.first
+      expect(imported_key.attributes).to eq(found_key.attributes)
+    end
+
+    it 'should raise an exception for duplicated item' do
+      expect { @keychain.import(@rsa_key) }.to raise_error(Keychain::DuplicateItemError)
+    end
+
+    after(:all) do
+      @keychain.delete
+    end
+  end
+
   describe 'exists?' do
     context 'the keychain exists' do
       it 'should return true' do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby-keychain
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Frederick Cheung
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-04-15 00:00:00.000000000 Z
+date: 2015-07-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -44,20 +44,20 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.1'
+        version: '3.3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: 3.3.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.1'
+        version: '3.3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.1.0
+        version: 3.3.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement