From 98bacbac8b283a44d26b9e72c86591fcd4840fc3 Mon Sep 17 00:00:00 2001 From: Maxwell Swadling Date: Sun, 12 Mar 2023 11:00:27 +1000 Subject: [PATCH 1/6] Fixed arg labels --- Sources/Secretive/Preview Content/PreviewStore.swift | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Sources/Secretive/Preview Content/PreviewStore.swift b/Sources/Secretive/Preview Content/PreviewStore.swift index 8006d6c0..9480c88f 100644 --- a/Sources/Secretive/Preview Content/PreviewStore.swift +++ b/Sources/Secretive/Preview Content/PreviewStore.swift @@ -40,7 +40,7 @@ extension Preview { return data } - func verify(data: Data, signature: Data, with secret: Preview.Secret) throws -> Bool { + func verify(signature data: Data, for signature: Data, with secret: Preview.Secret) throws -> Bool { true } From 22fb6255e54a9efcf0f36bc5c9d20ddede0c3adf Mon Sep 17 00:00:00 2001 From: Maxwell Swadling Date: Sun, 12 Mar 2023 12:23:15 +1000 Subject: [PATCH 2/6] Fixed bug with empty store views hash collision --- Sources/Secretive/Views/EmptyStoreView.swift | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Sources/Secretive/Views/EmptyStoreView.swift b/Sources/Secretive/Views/EmptyStoreView.swift index 5bd48c1a..34126133 100644 --- a/Sources/Secretive/Views/EmptyStoreView.swift +++ b/Sources/Secretive/Views/EmptyStoreView.swift @@ -8,11 +8,11 @@ struct EmptyStoreView: View { var body: some View { if store is AnySecretStoreModifiable { - NavigationLink(destination: EmptyStoreModifiableView(), tag: Constants.emptyStoreModifiableTag, selection: $activeSecret) { + NavigationLink(destination: EmptyStoreModifiableView(), tag: Constants.emptyStoreModifiableTag + store.name, selection: $activeSecret) { Text("No Secrets") } } else { - NavigationLink(destination: EmptyStoreImmutableView(), tag: Constants.emptyStoreTag, selection: $activeSecret) { + NavigationLink(destination: EmptyStoreImmutableView(), tag: Constants.emptyStoreTag + store.name, selection: $activeSecret) { Text("No Secrets") } } @@ -22,8 +22,8 @@ struct EmptyStoreView: View { extension EmptyStoreView { enum Constants { - static let emptyStoreModifiableTag: AnyHashable = "emptyStoreModifiableTag" - static let emptyStoreTag: AnyHashable = "emptyStoreModifiableTag" + static let emptyStoreModifiableTag = "emptyStoreModifiableTag" + static let emptyStoreTag = "emptyStoreModifiableTag" } } From 12a8f1698bfd1610ee5034aa097454dd4636f3a2 Mon Sep 17 00:00:00 2001 From: Maxwell Swadling Date: Sun, 12 Mar 2023 14:59:35 +1000 Subject: [PATCH 3/6] Turn Okay into OK! --- Sources/Secretive/Views/SetupView.swift | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Sources/Secretive/Views/SetupView.swift b/Sources/Secretive/Views/SetupView.swift index 90f18965..ecc2ac51 100644 --- a/Sources/Secretive/Views/SetupView.swift +++ b/Sources/Secretive/Views/SetupView.swift @@ -217,7 +217,7 @@ struct UpdaterExplainerView: View { SetupStepView(title: "Updates", image: Image(systemName: "dot.radiowaves.left.and.right"), bodyText: "Secretive will periodically check with GitHub to see if there's a new release. If you see any network requests to GitHub, that's why.", - buttonTitle: "Okay", + buttonTitle: "OK", buttonAction: buttonAction) { Link("Read more about this here.", destination: SetupView.Constants.updaterFAQURL) } From 1bd724c8bf87df01d2898c6a34405fad12ba722f Mon Sep 17 00:00:00 2001 From: Maxwell Swadling Date: Sun, 12 Mar 2023 15:01:45 +1000 Subject: [PATCH 4/6] Abstracted bundle prefix --- Sources/Config/Config.xcconfig | 1 + Sources/Config/ConfigBridging.m | 12 ++++ Sources/Packages/Sources/Brief/Updater.swift | 7 ++- .../Sources/SecretAgentKit/Agent.swift | 5 +- .../SmartCardSecretKit/SmartCardStore.swift | 3 + Sources/SecretAgent/AppDelegate.swift | 4 +- Sources/SecretAgent/Notifier.swift | 18 +++--- .../SecretAgent/SecretAgent-Bridging-Header.h | 7 +++ Sources/SecretAgent/SecretAgent.entitlements | 2 +- Sources/Secretive.xcodeproj/project.pbxproj | 59 +++++++++++++++---- .../contents.xcworkspacedata | 2 +- Sources/Secretive/App.swift | 2 +- .../Controllers/JustUpdatedChecker.swift | 2 +- .../Helpers/Secretive-Bridging-Header.h | 7 +++ Sources/Secretive/Secretive.entitlements | 2 +- 15 files changed, 100 insertions(+), 33 deletions(-) create mode 100644 Sources/Config/ConfigBridging.m create mode 100644 Sources/SecretAgent/SecretAgent-Bridging-Header.h create mode 100644 Sources/Secretive/Helpers/Secretive-Bridging-Header.h diff --git a/Sources/Config/Config.xcconfig b/Sources/Config/Config.xcconfig index 9c18c35f..7ed9f5c6 100644 --- a/Sources/Config/Config.xcconfig +++ b/Sources/Config/Config.xcconfig @@ -1,2 +1,3 @@ CI_VERSION = GITHUB_CI_VERSION CI_BUILD_NUMBER = GITHUB_BUILD_NUMBER +BUNDLE_PREFIX = town.max.Secretive diff --git a/Sources/Config/ConfigBridging.m b/Sources/Config/ConfigBridging.m new file mode 100644 index 00000000..2bced80d --- /dev/null +++ b/Sources/Config/ConfigBridging.m @@ -0,0 +1,12 @@ +// +// Bridging.m +// Secretive +// +// Created by Maxwell (Smudge) on 12/03/23. +// Copyright © 2023 Max Goedjen. All rights reserved. +// + +#import + +#define MakeString(x) #x +NSString *const BundlePrefix = @MakeString(BUNDLE_PREFIX); diff --git a/Sources/Packages/Sources/Brief/Updater.swift b/Sources/Packages/Sources/Brief/Updater.swift index c71e5381..5242f0e9 100644 --- a/Sources/Packages/Sources/Brief/Updater.swift +++ b/Sources/Packages/Sources/Brief/Updater.swift @@ -11,6 +11,8 @@ public class Updater: ObservableObject, UpdaterProtocol { private let osVersion: SemVer /// The current version of the app that is running. private let currentVersion: SemVer + /// The current bundle prefix. + private let bundlePreifx: String /// Initializes an Updater. /// - Parameters: @@ -18,9 +20,10 @@ public class Updater: ObservableObject, UpdaterProtocol { /// - checkFrequency: The interval at which the Updater should check for updates. Subject to a tolerance of 1 hour. /// - osVersion: The current OS version. /// - currentVersion: The current version of the app that is running. - public init(checkOnLaunch: Bool, checkFrequency: TimeInterval = Measurement(value: 24, unit: UnitDuration.hours).converted(to: .seconds).value, osVersion: SemVer = SemVer(ProcessInfo.processInfo.operatingSystemVersion), currentVersion: SemVer = SemVer(Bundle.main.infoDictionary?["CFBundleShortVersionString"] as? String ?? "0.0.0")) { + public init(checkOnLaunch: Bool, bundlePrefix: String, checkFrequency: TimeInterval = Measurement(value: 24, unit: UnitDuration.hours).converted(to: .seconds).value, osVersion: SemVer = SemVer(ProcessInfo.processInfo.operatingSystemVersion), currentVersion: SemVer = SemVer(Bundle.main.infoDictionary?["CFBundleShortVersionString"] as? String ?? "0.0.0")) { self.osVersion = osVersion self.currentVersion = currentVersion + self.bundlePreifx = bundlePrefix testBuild = currentVersion == SemVer("0.0.0") if checkOnLaunch { // Don't do a launch check if the user hasn't seen the setup prompt explaining updater yet. @@ -83,7 +86,7 @@ extension Updater { /// The user defaults used to store user ignore state. var defaults: UserDefaults { - UserDefaults(suiteName: "com.maxgoedjen.Secretive.updater.ignorelist")! + UserDefaults(suiteName: "\(bundlePreifx).updater.ignorelist")! } } diff --git a/Sources/Packages/Sources/SecretAgentKit/Agent.swift b/Sources/Packages/Sources/SecretAgentKit/Agent.swift index 84cd2385..e89488ee 100644 --- a/Sources/Packages/Sources/SecretAgentKit/Agent.swift +++ b/Sources/Packages/Sources/SecretAgentKit/Agent.swift @@ -12,13 +12,14 @@ public class Agent { private let writer = OpenSSHKeyWriter() private let requestTracer = SigningRequestTracer() private let certificateHandler = OpenSSHCertificateHandler() - private let logger = Logger(subsystem: "com.maxgoedjen.secretive.secretagent.agent", category: "") + private let logger: Logger /// Initializes an agent with a store list and a witness. /// - Parameters: /// - storeList: The `SecretStoreList` to make available. /// - witness: A witness to notify of requests. - public init(storeList: SecretStoreList, witness: SigningWitness? = nil) { + public init(storeList: SecretStoreList, bundlePrefix: String, witness: SigningWitness? = nil) { + logger = Logger(subsystem: "\(bundlePrefix).secretagent.agent", category: "") logger.debug("Agent is running") self.storeList = storeList self.witness = witness diff --git a/Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift b/Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift index 156bc991..0d06cbc5 100644 --- a/Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift +++ b/Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift @@ -196,6 +196,9 @@ extension SmartCard.Store { let publicKeyAttributes = SecKeyCopyAttributes(publicKeySecRef) as! [CFString: Any] let publicKey = publicKeyAttributes[kSecValueData] as! Data return SmartCard.Secret(id: tokenID, name: name, algorithm: algorithm, keySize: keySize, publicKey: publicKey) + }.filter { key in + // We should exclude keys you can't use for signing to not confuse users. + return includeEncryptionKeys || key.name.hasPrefix("Key For Digital Signature") } secrets.append(contentsOf: wrapped) } diff --git a/Sources/SecretAgent/AppDelegate.swift b/Sources/SecretAgent/AppDelegate.swift index e21587f6..22a20a4d 100644 --- a/Sources/SecretAgent/AppDelegate.swift +++ b/Sources/SecretAgent/AppDelegate.swift @@ -16,11 +16,11 @@ class AppDelegate: NSObject, NSApplicationDelegate { list.add(store: SmartCard.Store()) return list }() - private let updater = Updater(checkOnLaunch: false) + private let updater = Updater(checkOnLaunch: false, bundlePrefix: BundlePrefix) private let notifier = Notifier() private let publicKeyFileStoreController = PublicKeyFileStoreController(homeDirectory: NSHomeDirectory()) private lazy var agent: Agent = { - Agent(storeList: storeList, witness: notifier) + Agent(storeList: storeList, bundlePrefix: BundlePrefix, witness: notifier) }() private lazy var socketController: SocketController = { let path = (NSHomeDirectory() as NSString).appendingPathComponent("socket.ssh") as String diff --git a/Sources/SecretAgent/Notifier.swift b/Sources/SecretAgent/Notifier.swift index 83207848..fc25814f 100644 --- a/Sources/SecretAgent/Notifier.swift +++ b/Sources/SecretAgent/Notifier.swift @@ -117,18 +117,18 @@ extension Notifier { enum Constants { // Update notifications - static let updateCategoryIdentitifier = "com.maxgoedjen.Secretive.SecretAgent.update" - static let criticalUpdateCategoryIdentitifier = "com.maxgoedjen.Secretive.SecretAgent.update.critical" - static let updateActionIdentitifier = "com.maxgoedjen.Secretive.SecretAgent.update.updateaction" - static let ignoreActionIdentitifier = "com.maxgoedjen.Secretive.SecretAgent.update.ignoreaction" + static let updateCategoryIdentitifier = BundlePrefix + ".SecretAgent.update" + static let criticalUpdateCategoryIdentitifier = BundlePrefix + ".SecretAgent.update.critical" + static let updateActionIdentitifier = BundlePrefix + ".SecretAgent.update.updateaction" + static let ignoreActionIdentitifier = BundlePrefix + ".SecretAgent.update.ignoreaction" // Authorization persistence notificatoins - static let persistAuthenticationCategoryIdentitifier = "com.maxgoedjen.Secretive.SecretAgent.persistauthentication" - static let doNotPersistActionIdentitifier = "com.maxgoedjen.Secretive.SecretAgent.persistauthentication.donotpersist" - static let persistForActionIdentitifierPrefix = "com.maxgoedjen.Secretive.SecretAgent.persistauthentication.persist." + static let persistAuthenticationCategoryIdentitifier = BundlePrefix + ".SecretAgent.persistauthentication" + static let doNotPersistActionIdentitifier = BundlePrefix + ".SecretAgent.persistauthentication.donotpersist" + static let persistForActionIdentitifierPrefix = BundlePrefix + ".SecretAgent.persistauthentication.persist." - static let persistSecretIDKey = "com.maxgoedjen.Secretive.SecretAgent.persistauthentication.secretidkey" - static let persistStoreIDKey = "com.maxgoedjen.Secretive.SecretAgent.persistauthentication.storeidkey" + static let persistSecretIDKey = BundlePrefix + ".SecretAgent.persistauthentication.secretidkey" + static let persistStoreIDKey = BundlePrefix + ".SecretAgent.persistauthentication.storeidkey" } } diff --git a/Sources/SecretAgent/SecretAgent-Bridging-Header.h b/Sources/SecretAgent/SecretAgent-Bridging-Header.h new file mode 100644 index 00000000..89161458 --- /dev/null +++ b/Sources/SecretAgent/SecretAgent-Bridging-Header.h @@ -0,0 +1,7 @@ +// +// Use this file to import your target's public headers that you would like to expose to Swift. +// + +#import + +extern NSString *const BundlePrefix; diff --git a/Sources/SecretAgent/SecretAgent.entitlements b/Sources/SecretAgent/SecretAgent.entitlements index 895fc777..8678459b 100644 --- a/Sources/SecretAgent/SecretAgent.entitlements +++ b/Sources/SecretAgent/SecretAgent.entitlements @@ -10,7 +10,7 @@ keychain-access-groups - $(AppIdentifierPrefix)com.maxgoedjen.Secretive + $(AppIdentifierPrefix)$(BUNDLE_PREFIX) diff --git a/Sources/Secretive.xcodeproj/project.pbxproj b/Sources/Secretive.xcodeproj/project.pbxproj index fe781513..c492134d 100644 --- a/Sources/Secretive.xcodeproj/project.pbxproj +++ b/Sources/Secretive.xcodeproj/project.pbxproj @@ -8,6 +8,8 @@ /* Begin PBXBuildFile section */ 2C4A9D2F2636FFD3008CC8E2 /* RenameSecretView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 2C4A9D2E2636FFD3008CC8E2 /* RenameSecretView.swift */; }; + 4683BED329BD567B00A4832D /* ConfigBridging.m in Sources */ = {isa = PBXBuildFile; fileRef = 4683BED229BD567B00A4832D /* ConfigBridging.m */; }; + 4683BED429BD567B00A4832D /* ConfigBridging.m in Sources */ = {isa = PBXBuildFile; fileRef = 4683BED229BD567B00A4832D /* ConfigBridging.m */; }; 50020BB024064869003D4025 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50020BAF24064869003D4025 /* AppDelegate.swift */; }; 50033AC327813F1700253856 /* BundleIDs.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50033AC227813F1700253856 /* BundleIDs.swift */; }; 5003EF3B278005E800DF2006 /* SecretKit in Frameworks */ = {isa = PBXBuildFile; productRef = 5003EF3A278005E800DF2006 /* SecretKit */; }; @@ -105,6 +107,9 @@ /* Begin PBXFileReference section */ 2C4A9D2E2636FFD3008CC8E2 /* RenameSecretView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = RenameSecretView.swift; sourceTree = ""; }; + 4683BED029BD567B00A4832D /* Secretive-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "Secretive-Bridging-Header.h"; sourceTree = ""; }; + 4683BED129BD567B00A4832D /* SecretAgent-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "SecretAgent-Bridging-Header.h"; sourceTree = ""; }; + 4683BED229BD567B00A4832D /* ConfigBridging.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = ConfigBridging.m; sourceTree = ""; }; 50020BAF24064869003D4025 /* AppDelegate.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = ""; }; 50033AC227813F1700253856 /* BundleIDs.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = BundleIDs.swift; sourceTree = ""; }; 5003EF39278005C800DF2006 /* Packages */ = {isa = PBXFileReference; lastKnownFileType = wrapper; path = Packages; sourceTree = ""; }; @@ -189,6 +194,7 @@ isa = PBXGroup; children = ( 50033AC227813F1700253856 /* BundleIDs.swift */, + 4683BED029BD567B00A4832D /* Secretive-Bridging-Header.h */, ); path = Helpers; sourceTree = ""; @@ -257,6 +263,7 @@ isa = PBXGroup; children = ( 508A590F241EEF6D0069DC07 /* Secretive.xctestplan */, + 4683BED229BD567B00A4832D /* ConfigBridging.m */, 508A58AB241E121B0069DC07 /* Config.xcconfig */, ); path = Config; @@ -306,6 +313,7 @@ children = ( 50020BAF24064869003D4025 /* AppDelegate.swift */, 5018F54E24064786002EB505 /* Notifier.swift */, + 4683BED129BD567B00A4832D /* SecretAgent-Bridging-Header.h */, 50A3B79024026B7600D209EA /* Assets.xcassets */, 50A3B79524026B7600D209EA /* Main.storyboard */, 50A3B79824026B7600D209EA /* Info.plist */, @@ -408,6 +416,7 @@ TargetAttributes = { 50617D7E23FCE48D0099B055 = { CreatedOnToolsVersion = 11.3; + LastSwiftMigration = 1420; }; 50617D9323FCE48E0099B055 = { CreatedOnToolsVersion = 11.3; @@ -415,6 +424,7 @@ }; 50A3B78924026B7500D209EA = { CreatedOnToolsVersion = 11.4; + LastSwiftMigration = 1420; }; }; }; @@ -427,6 +437,8 @@ Base, ); mainGroup = 50617D7623FCE48D0099B055; + packageReferences = ( + ); productRefGroup = 50617D8023FCE48E0099B055 /* Products */; projectDirPath = ""; projectRoot = ""; @@ -478,6 +490,7 @@ 2C4A9D2F2636FFD3008CC8E2 /* RenameSecretView.swift in Sources */, 5091D2BC25183B830049FD9B /* ApplicationDirectoryController.swift in Sources */, 5066A6C22516F303004B5A36 /* SetupView.swift in Sources */, + 4683BED329BD567B00A4832D /* ConfigBridging.m in Sources */, 5065E313295517C500E16645 /* ToolbarButtonStyle.swift in Sources */, 50617D8523FCE48E0099B055 /* ContentView.swift in Sources */, 50571E0324393C2600F76F6C /* JustUpdatedChecker.swift in Sources */, @@ -513,6 +526,7 @@ isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( + 4683BED429BD567B00A4832D /* ConfigBridging.m in Sources */, 50020BB024064869003D4025 /* AppDelegate.swift in Sources */, 5018F54F24064786002EB505 /* Notifier.swift in Sources */, ); @@ -588,6 +602,7 @@ GCC_NO_COMMON_BLOCKS = YES; GCC_OPTIMIZATION_LEVEL = 0; GCC_PREPROCESSOR_DEFINITIONS = ( + "BUNDLE_PREFIX=$(BUNDLE_PREFIX)", "DEBUG=1", "$(inherited)", ); @@ -650,6 +665,7 @@ ENABLE_STRICT_OBJC_MSGSEND = YES; GCC_C_LANGUAGE_STANDARD = gnu11; GCC_NO_COMMON_BLOCKS = YES; + GCC_PREPROCESSOR_DEFINITIONS = "BUNDLE_PREFIX=$(BUNDLE_PREFIX)"; GCC_WARN_64_TO_32_BIT_CONVERSION = YES; GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; GCC_WARN_UNDECLARED_SELECTOR = YES; @@ -673,13 +689,14 @@ buildSettings = { ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + CLANG_ENABLE_MODULES = YES; CODE_SIGN_ENTITLEMENTS = Secretive/Secretive.entitlements; CODE_SIGN_IDENTITY = "Apple Development"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 1; DEVELOPMENT_ASSET_PATHS = "\"Secretive/Preview Content\""; - DEVELOPMENT_TEAM = Z72PRUAWF6; + DEVELOPMENT_TEAM = Y6S72U574H; ENABLE_HARDENED_RUNTIME = YES; ENABLE_PREVIEWS = YES; INFOPLIST_FILE = Secretive/Info.plist; @@ -688,9 +705,11 @@ "@executable_path/../Frameworks", ); MARKETING_VERSION = 1; - PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.Host; + PRODUCT_BUNDLE_IDENTIFIER = "$(BUNDLE_PREFIX).Host"; PRODUCT_NAME = "$(TARGET_NAME)"; PROVISIONING_PROFILE_SPECIFIER = ""; + SWIFT_OBJC_BRIDGING_HEADER = "Secretive/Helpers/Secretive-Bridging-Header.h"; + SWIFT_OPTIMIZATION_LEVEL = "-Onone"; SWIFT_VERSION = 5.0; }; name = Debug; @@ -700,6 +719,7 @@ buildSettings = { ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + CLANG_ENABLE_MODULES = YES; CODE_SIGN_ENTITLEMENTS = Secretive/Secretive.entitlements; CODE_SIGN_IDENTITY = "Developer ID Application"; CODE_SIGN_STYLE = Manual; @@ -715,9 +735,10 @@ "@executable_path/../Frameworks", ); MARKETING_VERSION = 1; - PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.Host; + PRODUCT_BUNDLE_IDENTIFIER = "$(BUNDLE_PREFIX).Host"; PRODUCT_NAME = "$(TARGET_NAME)"; PROVISIONING_PROFILE_SPECIFIER = "Secretive - Host"; + SWIFT_OBJC_BRIDGING_HEADER = "Secretive/Helpers/Secretive-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; @@ -729,14 +750,14 @@ BUNDLE_LOADER = "$(TEST_HOST)"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; - DEVELOPMENT_TEAM = Z72PRUAWF6; + DEVELOPMENT_TEAM = Y6S72U574H; INFOPLIST_FILE = SecretiveTests/Info.plist; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", "@loader_path/../Frameworks", ); - PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.SecretiveTests; + PRODUCT_BUNDLE_IDENTIFIER = "$(BUNDLE_PREFIX)Tests"; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_VERSION = 5.0; TEST_HOST = "$(BUILT_PRODUCTS_DIR)/Secretive.app/Contents/MacOS/Secretive"; @@ -750,14 +771,14 @@ BUNDLE_LOADER = "$(TEST_HOST)"; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; - DEVELOPMENT_TEAM = Z72PRUAWF6; + DEVELOPMENT_TEAM = Y6S72U574H; INFOPLIST_FILE = SecretiveTests/Info.plist; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/../Frameworks", "@loader_path/../Frameworks", ); - PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.SecretiveTests; + PRODUCT_BUNDLE_IDENTIFIER = "$(BUNDLE_PREFIX)Tests"; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_VERSION = 5.0; TEST_HOST = "$(BUILT_PRODUCTS_DIR)/Secretive.app/Contents/MacOS/Secretive"; @@ -807,6 +828,7 @@ GCC_NO_COMMON_BLOCKS = YES; GCC_OPTIMIZATION_LEVEL = 0; GCC_PREPROCESSOR_DEFINITIONS = ( + "BUNDLE_PREFIX=$(BUNDLE_PREFIX)", "DEBUG=1", "$(inherited)", ); @@ -834,6 +856,7 @@ buildSettings = { ALWAYS_EMBED_SWIFT_STANDARD_LIBRARIES = YES; ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + CLANG_ENABLE_MODULES = YES; CODE_SIGN_STYLE = Manual; COMBINE_HIDPI_IMAGES = YES; CURRENT_PROJECT_VERSION = 1; @@ -846,8 +869,10 @@ "@executable_path/../Frameworks", ); MARKETING_VERSION = 1; - PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.Host; + PRODUCT_BUNDLE_IDENTIFIER = "$(BUNDLE_PREFIX).Host"; PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_OBJC_BRIDGING_HEADER = "Secretive/Helpers/Secretive-Bridging-Header.h"; + SWIFT_OPTIMIZATION_LEVEL = "-Onone"; SWIFT_VERSION = 5.0; }; name = Test; @@ -866,7 +891,7 @@ "@executable_path/../Frameworks", "@loader_path/../Frameworks", ); - PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.SecretiveTests; + PRODUCT_BUNDLE_IDENTIFIER = "$(BUNDLE_PREFIX)Tests"; PRODUCT_NAME = "$(TARGET_NAME)"; PROVISIONING_PROFILE_SPECIFIER = ""; SWIFT_VERSION = 5.0; @@ -878,6 +903,7 @@ isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + CLANG_ENABLE_MODULES = YES; CODE_SIGN_STYLE = Manual; COMBINE_HIDPI_IMAGES = YES; DEVELOPMENT_ASSET_PATHS = "\"SecretAgent/Preview Content\""; @@ -889,8 +915,10 @@ "@executable_path/../Frameworks", ); MARKETING_VERSION = 1; - PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent; + PRODUCT_BUNDLE_IDENTIFIER = "$(BUNDLE_PREFIX).SecretAgent"; PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_OBJC_BRIDGING_HEADER = "SecretAgent/SecretAgent-Bridging-Header.h"; + SWIFT_OPTIMIZATION_LEVEL = "-Onone"; SWIFT_VERSION = 5.0; }; name = Test; @@ -899,11 +927,12 @@ isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + CLANG_ENABLE_MODULES = YES; CODE_SIGN_ENTITLEMENTS = SecretAgent/SecretAgent.entitlements; CODE_SIGN_STYLE = Automatic; COMBINE_HIDPI_IMAGES = YES; DEVELOPMENT_ASSET_PATHS = "\"SecretAgent/Preview Content\""; - DEVELOPMENT_TEAM = Z72PRUAWF6; + DEVELOPMENT_TEAM = Y6S72U574H; ENABLE_HARDENED_RUNTIME = YES; ENABLE_PREVIEWS = YES; INFOPLIST_FILE = SecretAgent/Info.plist; @@ -912,8 +941,10 @@ "@executable_path/../Frameworks", ); MARKETING_VERSION = 1; - PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent; + PRODUCT_BUNDLE_IDENTIFIER = "$(BUNDLE_PREFIX).SecretAgent"; PRODUCT_NAME = "$(TARGET_NAME)"; + SWIFT_OBJC_BRIDGING_HEADER = "SecretAgent/SecretAgent-Bridging-Header.h"; + SWIFT_OPTIMIZATION_LEVEL = "-Onone"; SWIFT_VERSION = 5.0; }; name = Debug; @@ -922,6 +953,7 @@ isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; + CLANG_ENABLE_MODULES = YES; CODE_SIGN_ENTITLEMENTS = SecretAgent/SecretAgent.entitlements; CODE_SIGN_IDENTITY = "Developer ID Application"; CODE_SIGN_STYLE = Manual; @@ -936,9 +968,10 @@ "@executable_path/../Frameworks", ); MARKETING_VERSION = 1; - PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Secretive.SecretAgent; + PRODUCT_BUNDLE_IDENTIFIER = "$(BUNDLE_PREFIX).SecretAgent"; PRODUCT_NAME = "$(TARGET_NAME)"; PROVISIONING_PROFILE_SPECIFIER = "Secretive - Secret Agent"; + SWIFT_OBJC_BRIDGING_HEADER = "SecretAgent/SecretAgent-Bridging-Header.h"; SWIFT_VERSION = 5.0; }; name = Release; diff --git a/Sources/Secretive.xcodeproj/project.xcworkspace/contents.xcworkspacedata b/Sources/Secretive.xcodeproj/project.xcworkspace/contents.xcworkspacedata index 3ef0425d..919434a6 100644 --- a/Sources/Secretive.xcodeproj/project.xcworkspace/contents.xcworkspacedata +++ b/Sources/Secretive.xcodeproj/project.xcworkspace/contents.xcworkspacedata @@ -2,6 +2,6 @@ + location = "self:"> diff --git a/Sources/Secretive/App.swift b/Sources/Secretive/App.swift index 52faacc2..fbd530b4 100644 --- a/Sources/Secretive/App.swift +++ b/Sources/Secretive/App.swift @@ -25,7 +25,7 @@ struct Secretive: App { WindowGroup { ContentView(showingCreation: $showingCreation, runningSetup: $showingSetup, hasRunSetup: $hasRunSetup) .environmentObject(storeList) - .environmentObject(Updater(checkOnLaunch: hasRunSetup)) + .environmentObject(Updater(checkOnLaunch: hasRunSetup, bundlePrefix: BundlePrefix)) .environmentObject(agentStatusChecker) .onAppear { if !hasRunSetup { diff --git a/Sources/Secretive/Controllers/JustUpdatedChecker.swift b/Sources/Secretive/Controllers/JustUpdatedChecker.swift index 4c86f68a..86b9ed3d 100644 --- a/Sources/Secretive/Controllers/JustUpdatedChecker.swift +++ b/Sources/Secretive/Controllers/JustUpdatedChecker.swift @@ -28,7 +28,7 @@ class JustUpdatedChecker: ObservableObject, JustUpdatedCheckerProtocol { extension JustUpdatedChecker { enum Constants { - static let previousVersionUserDefaultsKey = "com.maxgoedjen.Secretive.lastBuild" + static let previousVersionUserDefaultsKey = BundlePrefix + ".lastBuild" } } diff --git a/Sources/Secretive/Helpers/Secretive-Bridging-Header.h b/Sources/Secretive/Helpers/Secretive-Bridging-Header.h new file mode 100644 index 00000000..89161458 --- /dev/null +++ b/Sources/Secretive/Helpers/Secretive-Bridging-Header.h @@ -0,0 +1,7 @@ +// +// Use this file to import your target's public headers that you would like to expose to Swift. +// + +#import + +extern NSString *const BundlePrefix; diff --git a/Sources/Secretive/Secretive.entitlements b/Sources/Secretive/Secretive.entitlements index c1bb5e0e..4459f8b7 100644 --- a/Sources/Secretive/Secretive.entitlements +++ b/Sources/Secretive/Secretive.entitlements @@ -12,7 +12,7 @@ keychain-access-groups - $(AppIdentifierPrefix)com.maxgoedjen.Secretive + $(AppIdentifierPrefix)$(BUNDLE_PREFIX) From 12408834250ed458fa80149658fbb6a6688ac729 Mon Sep 17 00:00:00 2001 From: Maxwell Swadling Date: Sun, 12 Mar 2023 15:03:37 +1000 Subject: [PATCH 5/6] Attempt to fix ssh signing with rsa keys --- .../Packages/Sources/SecretAgentKit/Agent.swift | 17 +++++++++++++++-- .../SecretKit/OpenSSH/OpenSSHKeyWriter.swift | 12 +++++++++++- .../SmartCardSecretKit/SmartCardStore.swift | 8 ++++---- Sources/SecretAgent/AppDelegate.swift | 2 +- Sources/Secretive/App.swift | 2 +- Sources/Secretive/Views/ContentView.swift | 2 +- 6 files changed, 33 insertions(+), 10 deletions(-) diff --git a/Sources/Packages/Sources/SecretAgentKit/Agent.swift b/Sources/Packages/Sources/SecretAgentKit/Agent.swift index e89488ee..95faa9bd 100644 --- a/Sources/Packages/Sources/SecretAgentKit/Agent.swift +++ b/Sources/Packages/Sources/SecretAgentKit/Agent.swift @@ -150,11 +150,24 @@ extension Agent { rawRepresentation = try CryptoKit.P256.Signing.ECDSASignature(derRepresentation: derSignature).rawRepresentation case (.ellipticCurve, 384): rawRepresentation = try CryptoKit.P384.Signing.ECDSASignature(derRepresentation: derSignature).rawRepresentation + case (.rsa, 1024), (.rsa, 2048): + var signedData = Data() + var sub = Data() + sub.append(writer.lengthAndData(of: curveData)) + sub.append(writer.lengthAndData(of: signed)) + signedData.append(writer.lengthAndData(of: sub)) + + if let witness = witness { + try witness.witness(accessTo: secret, from: store, by: provenance) + } + + logger.debug("Agent signed request") + + return signedData default: throw AgentError.unsupportedKeyType } - let rawLength = rawRepresentation.count/2 // Check if we need to pad with 0x00 to prevent certain // ssh servers from thinking r or s is negative @@ -207,7 +220,7 @@ extension Agent { func secret(matching hash: Data) -> (AnySecretStore, AnySecret)? { storeList.stores.compactMap { store -> (AnySecretStore, AnySecret)? in let allMatching = store.secrets.filter { secret in - hash == writer.data(secret: secret) + hash == writer.matchingHashData(secret: secret) } if let matching = allMatching.first { return (store, matching) diff --git a/Sources/Packages/Sources/SecretKit/OpenSSH/OpenSSHKeyWriter.swift b/Sources/Packages/Sources/SecretKit/OpenSSH/OpenSSHKeyWriter.swift index da8c4b19..877fff27 100644 --- a/Sources/Packages/Sources/SecretKit/OpenSSH/OpenSSHKeyWriter.swift +++ b/Sources/Packages/Sources/SecretKit/OpenSSH/OpenSSHKeyWriter.swift @@ -11,9 +11,19 @@ public struct OpenSSHKeyWriter { /// Generates an OpenSSH data payload identifying the secret. /// - Returns: OpenSSH data payload identifying the secret. public func data(secret: SecretType) -> Data { - lengthAndData(of: curveType(for: secret.algorithm, length: secret.keySize).data(using: .utf8)!) + + return lengthAndData(of: curveType(for: secret.algorithm, length: secret.keySize).data(using: .utf8)!) + + lengthAndData(of: curveIdentifier(for: secret.algorithm, length: secret.keySize).data(using: .utf8)!) + + lengthAndData(of: secret.publicKey) + } + + public func matchingHashData(secret: SecretType) -> Data { + if secret.algorithm == .ellipticCurve { + return data(secret: secret) + } else { + return lengthAndData(of: "ssh-rsa".data(using: .utf8)!) + lengthAndData(of: curveIdentifier(for: secret.algorithm, length: secret.keySize).data(using: .utf8)!) + lengthAndData(of: secret.publicKey) + } } /// Generates an OpenSSH string representation of the secret. diff --git a/Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift b/Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift index 0d06cbc5..0d5f2de4 100644 --- a/Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift +++ b/Sources/Packages/Sources/SmartCardSecretKit/SmartCardStore.swift @@ -16,9 +16,11 @@ extension SmartCard { @Published public private(set) var secrets: [Secret] = [] private let watcher = TKTokenWatcher() private var tokenID: String? + private let includeEncryptionKeys: Bool /// Initializes a Store. - public init() { + public init(includeEncryptionKeys: Bool) { + self.includeEncryptionKeys = includeEncryptionKeys tokenID = watcher.nonSecureEnclaveTokens.first watcher.setInsertionHandler { string in guard self.tokenID == nil else { return } @@ -237,9 +239,7 @@ extension SmartCard.Store { signatureAlgorithm = .eciesEncryptionCofactorVariableIVX963SHA256AESGCM case (.ellipticCurve, 384): signatureAlgorithm = .eciesEncryptionCofactorVariableIVX963SHA256AESGCM - case (.rsa, 1024): - signatureAlgorithm = .rsaEncryptionOAEPSHA512AESGCM - case (.rsa, 2048): + case (.rsa, 1024), (.rsa, 2048): signatureAlgorithm = .rsaEncryptionOAEPSHA512AESGCM default: fatalError() diff --git a/Sources/SecretAgent/AppDelegate.swift b/Sources/SecretAgent/AppDelegate.swift index 22a20a4d..f9d11b8d 100644 --- a/Sources/SecretAgent/AppDelegate.swift +++ b/Sources/SecretAgent/AppDelegate.swift @@ -13,7 +13,7 @@ class AppDelegate: NSObject, NSApplicationDelegate { private let storeList: SecretStoreList = { let list = SecretStoreList() list.add(store: SecureEnclave.Store()) - list.add(store: SmartCard.Store()) + list.add(store: SmartCard.Store(includeEncryptionKeys: false)) return list }() private let updater = Updater(checkOnLaunch: false, bundlePrefix: BundlePrefix) diff --git a/Sources/Secretive/App.swift b/Sources/Secretive/App.swift index fbd530b4..eb187393 100644 --- a/Sources/Secretive/App.swift +++ b/Sources/Secretive/App.swift @@ -11,7 +11,7 @@ struct Secretive: App { private let storeList: SecretStoreList = { let list = SecretStoreList() list.add(store: SecureEnclave.Store()) - list.add(store: SmartCard.Store()) + list.add(store: SmartCard.Store(includeEncryptionKeys: false)) return list }() private let agentStatusChecker = AgentStatusChecker() diff --git a/Sources/Secretive/Views/ContentView.swift b/Sources/Secretive/Views/ContentView.swift index 461db2d7..204b063f 100644 --- a/Sources/Secretive/Views/ContentView.swift +++ b/Sources/Secretive/Views/ContentView.swift @@ -195,7 +195,7 @@ struct ContentView_Previews: PreviewProvider { private static let storeList: SecretStoreList = { let list = SecretStoreList() list.add(store: SecureEnclave.Store()) - list.add(store: SmartCard.Store()) + list.add(store: SmartCard.Store(includeEncryptionKeys: false)) return list }() private static let agentStatusChecker = AgentStatusChecker() From 1cfd423ad1f4d514107b6976b851689af61115bc Mon Sep 17 00:00:00 2001 From: Maxwell Swadling Date: Sun, 12 Mar 2023 15:07:18 +1000 Subject: [PATCH 6/6] Changed bundle ID back --- Sources/Config/Config.xcconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Sources/Config/Config.xcconfig b/Sources/Config/Config.xcconfig index 7ed9f5c6..95b922fe 100644 --- a/Sources/Config/Config.xcconfig +++ b/Sources/Config/Config.xcconfig @@ -1,3 +1,3 @@ CI_VERSION = GITHUB_CI_VERSION CI_BUILD_NUMBER = GITHUB_BUILD_NUMBER -BUNDLE_PREFIX = town.max.Secretive +BUNDLE_PREFIX = com.maxgoedjen.Secretive