ruby-keychain 0.3.2 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/README.markdown +52 -23
- data/lib/keychain/identity.rb +3 -3
- data/lib/keychain/keychain.rb +1 -1
- data/lib/keychain/version.rb +1 -1
- data/spec/key_spec.rb +1 -1
- data/spec/keychain_spec.rb +10 -3
- metadata +10 -18
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 975d6235851fe0cd963efc71e15fd9d6f0211c02bf915d54ea1cabad53540bab
|
4
|
+
data.tar.gz: 4a224ad5e1b4bd9672f3a52ec9881a13911b3f349971183c53adc72514ae5efd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 92c752ba4a0c6927ae5cc5f0c13f88bae3b0844f439a60378e16b9ce61dd7241c30dd82051a9d9715f54c87816af53664a5d3503886a0188411209eb864eaa80
|
7
|
+
data.tar.gz: 250445e3577cb88179ba7033948e576c0ff65950f13bd84c97524da539a71a6e62be7022da2e5c54b3763e71a16bd782662d89b46d54c2a6e6abca931b2be88b
|
data/README.markdown
CHANGED
@@ -1,16 +1,19 @@
|
|
1
|
-
[![Build Status](https://travis-ci.org/fcheung/keychain.
|
1
|
+
[![Build Status](https://travis-ci.org/fcheung/keychain.svg?branch=master)](https://travis-ci.org/fcheung/keychain)
|
2
2
|
|
3
|
-
A set of ruby bindings for the OS X keychain, written using ffi
|
3
|
+
A set of ruby bindings for the OS X keychain, written using ffi.
|
4
4
|
|
5
5
|
Installation
|
6
6
|
============
|
7
7
|
|
8
|
-
|
8
|
+
```
|
9
|
+
$ gem install ruby-keychain
|
10
|
+
```
|
9
11
|
|
10
|
-
or in your
|
11
|
-
|
12
|
-
gem 'ruby-keychain', :require => 'keychain'
|
12
|
+
or in your `Gemfile`:
|
13
13
|
|
14
|
+
```ruby
|
15
|
+
gem 'ruby-keychain', :require => 'keychain'
|
16
|
+
```
|
14
17
|
|
15
18
|
Introduction
|
16
19
|
============
|
@@ -23,26 +26,33 @@ Working with keychains
|
|
23
26
|
|
24
27
|
Most operations will act on either the default keychain, or the default keychain search list. You can obtain specific keychains with
|
25
28
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
29
|
+
```ruby
|
30
|
+
Keychain.default # the default keychain, usually /Users/<username>/Library/Keychains/<username>.keychain
|
31
|
+
Keychain.open(path) # opens a keychain file
|
32
|
+
Keychain.create(path, password) # creates a new keychain at the specified path, with the specified password
|
33
|
+
# omit the password to make the keychain prompt the user
|
34
|
+
```
|
31
35
|
|
32
36
|
Searching for Keychain Items
|
33
37
|
=============================
|
34
38
|
|
35
39
|
The top level constant `Keychain` as well as individual keychain objects have two methods `internet_passwords` and `generic_passwords` that return scope like objects. You can do
|
36
40
|
|
37
|
-
|
41
|
+
```ruby
|
42
|
+
Keychain.internet_passwords.where(server: 'example.com').all
|
43
|
+
```
|
38
44
|
|
39
45
|
to return Keychain::Item objects for that server
|
40
46
|
|
41
|
-
|
47
|
+
```ruby
|
48
|
+
Keychain.internet_passwords.where(server: 'example.com').first
|
49
|
+
```
|
42
50
|
|
43
51
|
to return the first Keychain::Item for that server or
|
44
52
|
|
45
|
-
|
53
|
+
```ruby
|
54
|
+
Keychain.internet_passwords.where(server: 'example.com').limit(4).all
|
55
|
+
```
|
46
56
|
|
47
57
|
to return up to 4 Keychain::Item for that server.
|
48
58
|
|
@@ -50,14 +60,17 @@ to return up to 4 Keychain::Item for that server.
|
|
50
60
|
|
51
61
|
You can restrict the search to a specific keychain with
|
52
62
|
|
53
|
-
|
63
|
+
```ruby
|
64
|
+
some_keychain.internet_passwords.where(server: 'example.com').all
|
65
|
+
```
|
54
66
|
|
55
67
|
returns matching `Keychain::Item` from the specified keychain.
|
56
68
|
|
57
69
|
or to an arbitrary list of keychains with
|
58
70
|
|
59
|
-
|
60
|
-
|
71
|
+
```ruby
|
72
|
+
Keychain.internet_passwords.in(keychain_1, keychain2).all
|
73
|
+
```
|
61
74
|
|
62
75
|
Finding a Keychain::Item won't prompt the user for a password if the keychain is unlocked. Calling the password accessor method of the item may prompt the user for their password depending on the keychain item access settings.
|
63
76
|
|
@@ -69,22 +82,39 @@ Creating keychain items
|
|
69
82
|
|
70
83
|
In the default keychain:
|
71
84
|
|
72
|
-
|
85
|
+
```ruby
|
86
|
+
Keychain.internet_passwords.create(server: 'example.com', protocol: Keychain::Protocols::HTTP, password: 'secret', account: 'bob')
|
73
87
|
|
74
|
-
|
88
|
+
# or
|
75
89
|
|
76
|
-
|
90
|
+
Keychain.generic_passwords.create(service: 'AWS', password: 'secret', account: 'bob')
|
91
|
+
```
|
77
92
|
|
78
93
|
In a specific keychain
|
79
94
|
|
80
|
-
|
95
|
+
```ruby
|
96
|
+
some_keychain.internet_passwords.create(...)
|
97
|
+
```
|
81
98
|
|
82
99
|
by default keychain items are only readable by the application that created them, however when running a ruby script the application is ruby: by default other ruby scripts will be able to read the items (if the keychain is unlocked).
|
83
100
|
|
101
|
+
Updating keychain items
|
102
|
+
=========================
|
103
|
+
|
104
|
+
Example:
|
105
|
+
```
|
106
|
+
Keychain.generic_passwords.create(service: 'AWS', password: 'secret', account: 'bob')
|
107
|
+
item = Keychain.generic_passwords.where(service: 'AWS')
|
108
|
+
item.password # outputs 'secret'
|
109
|
+
item.password = 'better_secret'
|
110
|
+
item.save!
|
111
|
+
item.password # outputs 'better_secret'
|
112
|
+
```
|
113
|
+
|
84
114
|
Using keychain items
|
85
115
|
=====================
|
86
116
|
|
87
|
-
The `Keychain::Item` class has accessors for all its attributes, for the full list of attributes see `
|
117
|
+
The `Keychain::Item` class has accessors for all its attributes, for the full list of attributes see [`Keychain::Item::ATTR_MAP`](https://github.com/fcheung/keychain/blob/master/lib/keychain/item.rb)
|
88
118
|
|
89
119
|
All strings returned are utf-8 encoded. Be careful not to set attribute values to strings with the ASCII_8BIT encoding as this will cause them to be treated as raw data rather than string. The exception to this is password data which the keychain api defines as being arbitrary binary data. When storing an actual password it is customary to use utf-8. The password data will always be returned as raw binary data
|
90
120
|
|
@@ -99,4 +129,3 @@ Compatibility
|
|
99
129
|
=============
|
100
130
|
Requires ruby 1.9 due to use of encoding related methods. Should work in MRI and jruby. Not compatible with rubinius due to rubinius' ffi implemenation
|
101
131
|
not supporting certain features
|
102
|
-
|
data/lib/keychain/identity.rb
CHANGED
@@ -37,7 +37,7 @@ module Keychain
|
|
37
37
|
Key.new(key_ref.read_pointer).release_on_gc
|
38
38
|
end
|
39
39
|
|
40
|
-
def pkcs12(passphrase='')
|
40
|
+
def pkcs12(passphrase = '')
|
41
41
|
flags = Sec::SecItemImportExportKeyParameters.new
|
42
42
|
flags[:version] = Sec::SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION
|
43
43
|
flags[:passphrase] = CF::String.from_string(passphrase).to_ptr
|
@@ -47,9 +47,9 @@ module Keychain
|
|
47
47
|
Sec.check_osstatus(status)
|
48
48
|
|
49
49
|
data = CF::Data.new(data_ptr.read_pointer)
|
50
|
-
result = OpenSSL::PKCS12.new(data.to_s)
|
50
|
+
result = OpenSSL::PKCS12.new(data.to_s, passphrase)
|
51
51
|
data.release
|
52
52
|
result
|
53
53
|
end
|
54
54
|
end
|
55
|
-
end
|
55
|
+
end
|
data/lib/keychain/keychain.rb
CHANGED
@@ -136,7 +136,7 @@ module Keychain
|
|
136
136
|
key_params[:accessRef] = access
|
137
137
|
|
138
138
|
# Import item to the keychain
|
139
|
-
cf_data = CF::Data.from_string(input)
|
139
|
+
cf_data = CF::Data.from_string(input)
|
140
140
|
cf_array = FFI::MemoryPointer.new(:pointer)
|
141
141
|
status = Sec.SecItemImport(cf_data, nil, :kSecFormatUnknown, :kSecItemTypeUnknown, :kSecItemPemArmour, key_params, self, cf_array)
|
142
142
|
access.release
|
data/lib/keychain/version.rb
CHANGED
data/spec/key_spec.rb
CHANGED
@@ -11,7 +11,7 @@ describe Keychain::Key do
|
|
11
11
|
end
|
12
12
|
|
13
13
|
describe 'identify' do
|
14
|
-
|
14
|
+
pending 'should be exportable to a string' do
|
15
15
|
scope = Keychain::Scope.new(Sec::Classes::KEY)
|
16
16
|
key = scope.first
|
17
17
|
expect(key.export).to be_kind_of(String)
|
data/spec/keychain_spec.rb
CHANGED
@@ -17,7 +17,7 @@ describe Keychain do
|
|
17
17
|
|
18
18
|
describe 'default' do
|
19
19
|
it "should return the login keychain" do
|
20
|
-
expect(Keychain.default.path).to eq(File.expand_path(File.join(ENV['HOME'], 'Library','Keychains', 'login.keychain')))
|
20
|
+
expect(Keychain.default.path).to eq(File.expand_path(File.join(ENV['HOME'], 'Library','Keychains', 'login.keychain-db')))
|
21
21
|
end
|
22
22
|
end
|
23
23
|
|
@@ -45,14 +45,21 @@ describe Keychain do
|
|
45
45
|
|
46
46
|
context 'no password supplied' do
|
47
47
|
#we have to stub this out as it would trigger a dialog box prompting for a password
|
48
|
+
let(:result) do
|
49
|
+
instance_double(Keychain::Keychain)
|
50
|
+
end
|
51
|
+
|
48
52
|
it 'should create a keychain by prompting the user' do
|
49
53
|
#we can't just use a kind_of matcher becaue FFI::Pointer#== raises an exception
|
50
54
|
#when compared to non pointer values
|
51
|
-
mock_pointer = double(FFI::MemoryPointer, :read_pointer =>
|
55
|
+
mock_pointer = double(FFI::MemoryPointer, :read_pointer => 123456)
|
52
56
|
allow(FFI::MemoryPointer).to receive(:new).with(:pointer).and_return(mock_pointer)
|
53
57
|
|
54
58
|
expect(Sec).to receive('SecKeychainCreate').with('akeychain', 0, nil, 1, nil,mock_pointer).and_return(0)
|
55
|
-
|
59
|
+
|
60
|
+
expect(Keychain::Keychain).to receive(:new).with(mock_pointer.read_pointer).and_return(result)
|
61
|
+
expect(result).to receive(:release_on_gc).and_return(result)
|
62
|
+
expect(Keychain.create('akeychain')).to eq(result)
|
56
63
|
end
|
57
64
|
end
|
58
65
|
end
|
metadata
CHANGED
@@ -1,11 +1,11 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ruby-keychain
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Frederick Cheung
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
date: 2015-07-09 00:00:00.000000000 Z
|
@@ -25,7 +25,7 @@ dependencies:
|
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '0'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
|
-
name: corefoundation
|
28
|
+
name: og-corefoundation
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - "~>"
|
@@ -64,34 +64,28 @@ dependencies:
|
|
64
64
|
requirements:
|
65
65
|
- - "~>"
|
66
66
|
- !ruby/object:Gem::Version
|
67
|
-
version: '
|
68
|
-
- - ">="
|
69
|
-
- !ruby/object:Gem::Version
|
70
|
-
version: 10.4.2
|
67
|
+
version: '13'
|
71
68
|
type: :development
|
72
69
|
prerelease: false
|
73
70
|
version_requirements: !ruby/object:Gem::Requirement
|
74
71
|
requirements:
|
75
72
|
- - "~>"
|
76
73
|
- !ruby/object:Gem::Version
|
77
|
-
version: '
|
78
|
-
- - ">="
|
79
|
-
- !ruby/object:Gem::Version
|
80
|
-
version: 10.4.2
|
74
|
+
version: '13'
|
81
75
|
- !ruby/object:Gem::Dependency
|
82
76
|
name: yard
|
83
77
|
requirement: !ruby/object:Gem::Requirement
|
84
78
|
requirements:
|
85
79
|
- - "~>"
|
86
80
|
- !ruby/object:Gem::Version
|
87
|
-
version: 0.
|
81
|
+
version: 0.9.11
|
88
82
|
type: :development
|
89
83
|
prerelease: false
|
90
84
|
version_requirements: !ruby/object:Gem::Requirement
|
91
85
|
requirements:
|
92
86
|
- - "~>"
|
93
87
|
- !ruby/object:Gem::Version
|
94
|
-
version: 0.
|
88
|
+
version: 0.9.11
|
95
89
|
- !ruby/object:Gem::Dependency
|
96
90
|
name: redcarpet
|
97
91
|
requirement: !ruby/object:Gem::Requirement
|
@@ -144,7 +138,7 @@ homepage: http://github.com/fcheung/keychain
|
|
144
138
|
licenses:
|
145
139
|
- MIT
|
146
140
|
metadata: {}
|
147
|
-
post_install_message:
|
141
|
+
post_install_message:
|
148
142
|
rdoc_options: []
|
149
143
|
require_paths:
|
150
144
|
- lib
|
@@ -159,10 +153,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
159
153
|
- !ruby/object:Gem::Version
|
160
154
|
version: '0'
|
161
155
|
requirements: []
|
162
|
-
|
163
|
-
|
164
|
-
signing_key:
|
156
|
+
rubygems_version: 3.2.22
|
157
|
+
signing_key:
|
165
158
|
specification_version: 4
|
166
159
|
summary: Ruby wrapper for OS X's keychain
|
167
160
|
test_files: []
|
168
|
-
has_rdoc:
|