Pick tunnel password reference from existing item

Assume that credentials already exist elsewhere for reuse as password reference. Avoids a redundant keychain entry.
passepartoutvpn · Jan 27, 2021 · 4490f0c · 4490f0c
1 parent 4b3f3de
commit 4490f0c
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 11 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Handle `--data-ciphers` and `data-ciphers-fallback` from OpenVPN 2.5
 - Support DNS over HTTPS (DoH) and TLS (DoT).
 
+### Changed
+
+- Pick tunnel password reference from an existing keychain item context.
+
 ### Fixed
 
 - Do not override network DNS settings when not provided by VPN. [#197](https://github.com/passepartoutvpn/tunnelkit/issues/197)

diff --git a/TunnelKit/Sources/Protocols/OpenVPN/AppExtension/OpenVPNTunnelProvider+Configuration.swift b/TunnelKit/Sources/Protocols/OpenVPN/AppExtension/OpenVPNTunnelProvider+Configuration.swift
@@ -273,24 +273,25 @@ extension OpenVPNTunnelProvider {
          
          - Parameter bundleIdentifier: The provider bundle identifier required to locate the tunnel extension.
          - Parameter appGroup: The name of the app group in which the tunnel extension lives in.
-         - Parameter credentials: The optional credentials to authenticate with.
+         - Parameter context: The keychain context where to look for the password reference.
+         - Parameter username: The username to authenticate with.
          - Returns: The generated `NETunnelProviderProtocol` object.
          - Throws: `ProviderError.credentials` if unable to store `credentials.password` to the `appGroup` keychain.
          */
-        public func generatedTunnelProtocol(withBundleIdentifier bundleIdentifier: String, appGroup: String, credentials: OpenVPN.Credentials? = nil) throws -> NETunnelProviderProtocol {
-            let protocolConfiguration = NETunnelProviderProtocol()
+        public func generatedTunnelProtocol(
+            withBundleIdentifier bundleIdentifier: String,
+            appGroup: String,
+            context: String,
+            username: String?) throws -> NETunnelProviderProtocol {
 
+            let protocolConfiguration = NETunnelProviderProtocol()
+            let keychain = Keychain(group: appGroup)
+
             protocolConfiguration.providerBundleIdentifier = bundleIdentifier
             protocolConfiguration.serverAddress = sessionConfiguration.hostname ?? resolvedAddresses?.first
-            if let username = credentials?.username, let password = credentials?.password {
-                let keychain = Keychain(group: appGroup)
-                do {
-                    try keychain.set(password: password, for: username, context: bundleIdentifier)
-                } catch _ {
-                    throw ProviderConfigurationError.credentials(details: "keychain.set()")
-                }
+            if let username = username {
                 protocolConfiguration.username = username
-                protocolConfiguration.passwordReference = try? keychain.passwordReference(for: username, context: bundleIdentifier)
+                protocolConfiguration.passwordReference = try? keychain.passwordReference(for: username, context: context)
             }
             protocolConfiguration.providerConfiguration = generatedProviderConfiguration(appGroup: appGroup)