Class: Aspera::Keychain::MacosSecurity::Keychain

Inherits:

Object

• Object
• Aspera::Keychain::MacosSecurity::Keychain

Defined in:

lib/aspera/keychain/macos_security.rb

Overview

keychain based on macOS keychain, using ‘security` command line

Constant Summary

SECURITY_UTILITY =

www.unix.com/man-page/osx/1/security/

'security'

DOMAINS =

%i[user system common dynamic].freeze

LIST_OPTIONS =

{
  domain: :c
}

ADD_PASS_OPTIONS =

{
  account:  :a,
  creator:  :c,
  type:     :C,
  domain:   :d,
  kind:     :D,
  value:    :G,
  comment:  :j,
  label:    :l,
  path:     :p,
  port:     :P,
  protocol: :r,
  server:   :s,
  service:  :s,
  auth:     :t,
  password: :w,
  getpass:  :g
}.freeze

Instance Attribute Summary

• #path ⇒ Object readonly

  Returns the value of attribute path.

Class Method Summary

• .by_name(name) ⇒ Object
• .default ⇒ Object
• .execute(command, options = nil, supported = nil, last_opt = nil) ⇒ Object
• .key_chains(output) ⇒ Object
• .list(options = {}) ⇒ Object
• .login ⇒ Object

Instance Method Summary

• #decode_hex_blob(string) ⇒ Object
• #initialize(path) ⇒ Keychain constructor

  A new instance of Keychain.

• #password(operation, pass_type, options) ⇒ Object

Constructor Details

#initialize(path) ⇒ Keychain

Returns a new instance of Keychain.

# File 'lib/aspera/keychain/macos_security.rb', line 90

def initialize(path)
  @path = path
end

Instance Attribute Details

#path ⇒ Object (readonly)

Returns the value of attribute path.

# File 'lib/aspera/keychain/macos_security.rb', line 88

def path
  @path
end

Class Method Details

.by_name(name) ⇒ Object

# File 'lib/aspera/keychain/macos_security.rb', line 84

def by_name(name)
  list.find{|kc|kc.path.end_with?("/#{name}.keychain-db")}
end

.default ⇒ Object

# File 'lib/aspera/keychain/macos_security.rb', line 71

def default
  key_chains(execute('default-keychain')).first
end

.execute(command, options = nil, supported = nil, last_opt = nil) ⇒ Object

# File 'lib/aspera/keychain/macos_security.rb', line 40

def execute(command, options=nil, supported=nil, last_opt=nil)
  url = options&.delete(:url)
  if !url.nil?
    uri = URI.parse(url)
    Aspera.assert(uri.scheme.eql?('https')){'only https'}
    options[:protocol] = 'htps' # cspell: disable-line
    raise 'host required in URL' if uri.host.nil?
    options[:server] = uri.host
    options[:path] = uri.path unless ['', '/'].include?(uri.path)
    options[:port] = uri.port unless uri.port.eql?(443) && !url.include?(':443/')
  end
  command_line = [SECURITY_UTILITY, command]
  options&.each do |k, v|
    Aspera.assert(supported.key?(k)){"unknown option: #{k}"}
    next if v.nil?
    command_line.push("-#{supported[k]}")
    command_line.push(v.shellescape) unless v.empty?
  end
  command_line.push(last_opt) unless last_opt.nil?
  Log.log.debug{"executing>>#{command_line.join(' ')}"}
  stdout, stderr, status = Open3.capture3(*command_line)
  Log.log.debug{"status=#{status}, stderr=#{stderr}"}
  Log.log.trace1{"stdout=#{stdout}"}
  raise "#{SECURITY_UTILITY} failed: #{status.exitstatus} : #{stderr}" unless status.success?
  return stdout
end

.key_chains(output) ⇒ Object

# File 'lib/aspera/keychain/macos_security.rb', line 67

def key_chains(output)
  output.split("\n").collect { |line| new(line.strip.gsub(/^"|"$/, '')) }
end

.list(options = {}) ⇒ Object

# File 'lib/aspera/keychain/macos_security.rb', line 79

def list(options={})
  Aspera.assert_values(options[:domain], DOMAINS, exception_class: ArgumentError){'domain'} unless options[:domain].nil?
  key_chains(execute('list-key_chains', options, LIST_OPTIONS))
end

.login ⇒ Object

# File 'lib/aspera/keychain/macos_security.rb', line 75

def login
  key_chains(execute('login-keychain')).first
end

Instance Method Details

#decode_hex_blob(string) ⇒ Object

# File 'lib/aspera/keychain/macos_security.rb', line 94

def decode_hex_blob(string)
  [string].pack('H*').force_encoding('UTF-8')
end

#password(operation, pass_type, options) ⇒ Object

# File 'lib/aspera/keychain/macos_security.rb', line 98

def password(operation, pass_type, options)
  Aspera.assert_values(operation, %i[add find delete]){'operation'}
  Aspera.assert_values(pass_type, %i[generic internet]){'pass_type'}
  Aspera.assert_type(options, Hash)
  missing = (operation.eql?(:add) ? %i[account service password] : %i[label]) - options.keys
  Aspera.assert(missing.empty?){"missing options: #{missing}"}
  options[:getpass] = '' if operation.eql?(:find)
  output = self.class.execute("#{operation}-#{pass_type}-password", options, ADD_PASS_OPTIONS, @path)
  raise output.gsub(/^.*: /, '') if output.start_with?('security: ')
  return unless operation.eql?(:find)
  attributes = {}
  output.split("\n").each do |line|
    case line
    when /^keychain: "(.+)"/
      # ignore
    when /0x00000007 .+="(.+)"/
      attributes['label'] = Regexp.last_match(1)
    when /"(\w{4})".+="(.+)"/
      attributes[Regexp.last_match(1)] = Regexp.last_match(2)
    when /"(\w{4})"<blob>=0x([[:xdigit:]]+)/
      attributes[Regexp.last_match(1)] = decode_hex_blob(Regexp.last_match(2))
    when /^password: "(.+)"/
      attributes['password'] = Regexp.last_match(1)
    when /^password: 0x([[:xdigit:]]+)/
      attributes['password'] = decode_hex_blob(Regexp.last_match(1))
    end
  end
  return attributes
end