Allow Updating Keys and Certificates in a KeyChain #9
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 23 commits
February 16, 2017 20:13
…ored in a key chain. It does this by moving access to SecItemUpdate to the Sec::Base class. This was inspired by the section “Adding, Removing, and Working With Keys and Certificates” in the Key Services Programming Guide which mentions SecItemAdd, SecItemUpdate and SecItemCopyMatching as base functions that should be used on keys and certificates stored in the KeyChain. This patch does make it possible for example to change a key’s name as stored in the keychain (my particular use case).
…for certificate start and finish times.
…ptions in Scope class.
|
Any chance this could get merged? |
fcheung
requested changes
Jan 5, 2019
| access_buffer = FFI::MemoryPointer.new(:pointer) | ||
| status = Sec.SecKeychainItemCopyAccess(self, access_buffer) | ||
| Sec.check_osstatus status | ||
| Access.new(access_buffer.read_pointer) |
There was a problem hiding this comment.
Do you need a release_on_gc here (to eventually release the result of SecKeychainItemCopyAccess?)
| access_buffer = FFI::MemoryPointer.new(:pointer) | ||
| status = Sec.SecAccessCreate(description.to_cf, trusted_apps.to_cf, access_buffer) | ||
| Sec.check_osstatus status | ||
| self.new(access_buffer.read_pointer) |
| unless applications_ref.read_pointer.null? | ||
| applications_cf = CF::Base.typecast(applications_ref.read_pointer).release_on_gc | ||
| @applications = applications_cf.to_ruby | ||
| applications_cf.release |
There was a problem hiding this comment.
I think this is releaseing applications_ref a second time
| self | ||
| else | ||
| pointer = Sec.SecKeyCopyPublicKey(self) | ||
| self.class.new(pointer) |
| @conditions.each do |key, value| | ||
| key_cf = inverse_attributes[key] || INVERSE_ATTR_MAP[key] | ||
| if key_cf.nil? | ||
| raise "Unknown search key: #{key}. Type: #{@kind}. Please look at the class's ATTR_MAP constant for accepted keys" |
There was a problem hiding this comment.
raise ArgumentError rather than runtime error for these?
| Sec.check_osstatus(status) | ||
| CF::Base.new(out.read_pointer).release_on_gc | ||
| end | ||
|
|
||
| # Removes the item from the associated keychain | ||
| def delete |
There was a problem hiding this comment.
I think this only makes sense if some of the things that inherit from Sec::Base cease to do so (Access, TrustedApplication, ACL, maybe more), since those aren't (If I understand correctly) keychain items
| query = build_refresh_query | ||
| status = Sec.SecItemCopyMatching(query, result) | ||
| Sec.check_osstatus(status) | ||
| cf_dict = CF::Base.typecast(result.read_pointer) |
There was a problem hiding this comment.
I think this is another missing release (although it looks like this was in the original code too)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The goal of this patch is to enable updating keys and certificates stored in a key chain. It does this by moving access to SecItemUpdate to the Sec::Base class. This was inspired by the section “Adding, Removing, and Working With Keys and Certificates” in the Key Services Programming Guide which mentions SecItemAdd, SecItemUpdate and SecItemCopyMatching as base functions that should be used on keys and certificates stored in the KeyChain. This patch does make it possible for example to change a key’s name as stored in the keychain (my particular use case).