diff --git a/.github/workflows/secrets-sdk.yml b/.github/workflows/secrets-sdk.yml index 830638ed..2cd40371 100644 --- a/.github/workflows/secrets-sdk.yml +++ b/.github/workflows/secrets-sdk.yml @@ -17,7 +17,7 @@ on: defaults: run: - working-directory: packages/secrets + working-directory: packages/secrets/src/keyring permissions: contents: read diff --git a/src/secrets/CHANGELOG.md b/src/secrets/CHANGELOG.md deleted file mode 100644 index 054df8ce..00000000 --- a/src/secrets/CHANGELOG.md +++ /dev/null @@ -1,31 +0,0 @@ -# Change Log - -All notable changes to the Zowe Secrets SDK package will be documented in this file. - -## `7.18.6` - -- BugFix: Use `core-foundation-rs` instead of `security-framework` for macOS logic, as `security-framework` is now archived. [#1802](https://github.com/zowe/zowe-cli/issues/1802) -- BugFix: Resolve bug where `findCredentials` scenarios with one match causes a segmentation fault on Linux. - -## `7.18.5` - -- BugFix: Enable `KeyringError::Library` enum variant to fix building on FreeBSD targets. - -## `7.18.4` - -- BugFix: Separated module resolution logic during installation; added more error handling to provide a more graceful installation process. -- BugFix: Add static CRT when compiling Windows builds. -- Added OVERVIEW document to package: provides context on the Secrets SDK transition and how it affects Zowe CLI and Zowe Explorer. - -## `7.18.2` - -- BugFix: Adds logic to allow the `keyring` module to locate the current package directory for the `prebuilds/` folder. - -## `7.18.1` - -- Added README to package w/ description, instructions and examples of using the `keyring` module. - -## `7.18.0` - -- Initial release. -- `keyring` module added for interacting with OS-specific keyring/credential vaults. See [src/keyring](src/keyring/README.md) for information on this native module and how it can be used. \ No newline at end of file diff --git a/src/secrets/LICENSE b/src/secrets/LICENSE deleted file mode 100644 index d3087e4c..00000000 --- a/src/secrets/LICENSE +++ /dev/null @@ -1,277 +0,0 @@ -Eclipse Public License - v 2.0 - - THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE - PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION - OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. - -1. DEFINITIONS - -"Contribution" means: - - a) in the case of the initial Contributor, the initial content - Distributed under this Agreement, and - - b) in the case of each subsequent Contributor: - i) changes to the Program, and - ii) additions to the Program; - where such changes and/or additions to the Program originate from - and are Distributed by that particular Contributor. A Contribution - "originates" from a Contributor if it was added to the Program by - such Contributor itself or anyone acting on such Contributor's behalf. - Contributions do not include changes or additions to the Program that - are not Modified Works. - -"Contributor" means any person or entity that Distributes the Program. - -"Licensed Patents" mean patent claims licensable by a Contributor which -are necessarily infringed by the use or sale of its Contribution alone -or when combined with the Program. - -"Program" means the Contributions Distributed in accordance with this -Agreement. - -"Recipient" means anyone who receives the Program under this Agreement -or any Secondary License (as applicable), including Contributors. - -"Derivative Works" shall mean any work, whether in Source Code or other -form, that is based on (or derived from) the Program and for which the -editorial revisions, annotations, elaborations, or other modifications -represent, as a whole, an original work of authorship. - -"Modified Works" shall mean any work in Source Code or other form that -results from an addition to, deletion from, or modification of the -contents of the Program, including, for purposes of clarity any new file -in Source Code form that contains any contents of the Program. Modified -Works shall not include works that contain only declarations, -interfaces, types, classes, structures, or files of the Program solely -in each case in order to link to, bind by name, or subclass the Program -or Modified Works thereof. - -"Distribute" means the acts of a) distributing or b) making available -in any manner that enables the transfer of a copy. - -"Source Code" means the form of a Program preferred for making -modifications, including but not limited to software source code, -documentation source, and configuration files. - -"Secondary License" means either the GNU General Public License, -Version 2.0, or any later versions of that license, including any -exceptions or additional permissions as identified by the initial -Contributor. - -2. GRANT OF RIGHTS - - a) Subject to the terms of this Agreement, each Contributor hereby - grants Recipient a non-exclusive, worldwide, royalty-free copyright - license to reproduce, prepare Derivative Works of, publicly display, - publicly perform, Distribute and sublicense the Contribution of such - Contributor, if any, and such Derivative Works. - - b) Subject to the terms of this Agreement, each Contributor hereby - grants Recipient a non-exclusive, worldwide, royalty-free patent - license under Licensed Patents to make, use, sell, offer to sell, - import and otherwise transfer the Contribution of such Contributor, - if any, in Source Code or other form. This patent license shall - apply to the combination of the Contribution and the Program if, at - the time the Contribution is added by the Contributor, such addition - of the Contribution causes such combination to be covered by the - Licensed Patents. The patent license shall not apply to any other - combinations which include the Contribution. No hardware per se is - licensed hereunder. - - c) Recipient understands that although each Contributor grants the - licenses to its Contributions set forth herein, no assurances are - provided by any Contributor that the Program does not infringe the - patent or other intellectual property rights of any other entity. - Each Contributor disclaims any liability to Recipient for claims - brought by any other entity based on infringement of intellectual - property rights or otherwise. As a condition to exercising the - rights and licenses granted hereunder, each Recipient hereby - assumes sole responsibility to secure any other intellectual - property rights needed, if any. For example, if a third party - patent license is required to allow Recipient to Distribute the - Program, it is Recipient's responsibility to acquire that license - before distributing the Program. - - d) Each Contributor represents that to its knowledge it has - sufficient copyright rights in its Contribution, if any, to grant - the copyright license set forth in this Agreement. - - e) Notwithstanding the terms of any Secondary License, no - Contributor makes additional grants to any Recipient (other than - those set forth in this Agreement) as a result of such Recipient's - receipt of the Program under the terms of a Secondary License - (if permitted under the terms of Section 3). - -3. REQUIREMENTS - -3.1 If a Contributor Distributes the Program in any form, then: - - a) the Program must also be made available as Source Code, in - accordance with section 3.2, and the Contributor must accompany - the Program with a statement that the Source Code for the Program - is available under this Agreement, and informs Recipients how to - obtain it in a reasonable manner on or through a medium customarily - used for software exchange; and - - b) the Contributor may Distribute the Program under a license - different than this Agreement, provided that such license: - i) effectively disclaims on behalf of all other Contributors all - warranties and conditions, express and implied, including - warranties or conditions of title and non-infringement, and - implied warranties or conditions of merchantability and fitness - for a particular purpose; - - ii) effectively excludes on behalf of all other Contributors all - liability for damages, including direct, indirect, special, - incidental and consequential damages, such as lost profits; - - iii) does not attempt to limit or alter the recipients' rights - in the Source Code under section 3.2; and - - iv) requires any subsequent distribution of the Program by any - party to be under a license that satisfies the requirements - of this section 3. - -3.2 When the Program is Distributed as Source Code: - - a) it must be made available under this Agreement, or if the - Program (i) is combined with other material in a separate file or - files made available under a Secondary License, and (ii) the initial - Contributor attached to the Source Code the notice described in - Exhibit A of this Agreement, then the Program may be made available - under the terms of such Secondary Licenses, and - - b) a copy of this Agreement must be included with each copy of - the Program. - -3.3 Contributors may not remove or alter any copyright, patent, -trademark, attribution notices, disclaimers of warranty, or limitations -of liability ("notices") contained within the Program from any copy of -the Program which they Distribute, provided that Contributors may add -their own appropriate notices. - -4. COMMERCIAL DISTRIBUTION - -Commercial distributors of software may accept certain responsibilities -with respect to end users, business partners and the like. While this -license is intended to facilitate the commercial use of the Program, -the Contributor who includes the Program in a commercial product -offering should do so in a manner which does not create potential -liability for other Contributors. Therefore, if a Contributor includes -the Program in a commercial product offering, such Contributor -("Commercial Contributor") hereby agrees to defend and indemnify every -other Contributor ("Indemnified Contributor") against any losses, -damages and costs (collectively "Losses") arising from claims, lawsuits -and other legal actions brought by a third party against the Indemnified -Contributor to the extent caused by the acts or omissions of such -Commercial Contributor in connection with its distribution of the Program -in a commercial product offering. The obligations in this section do not -apply to any claims or Losses relating to any actual or alleged -intellectual property infringement. In order to qualify, an Indemnified -Contributor must: a) promptly notify the Commercial Contributor in -writing of such claim, and b) allow the Commercial Contributor to control, -and cooperate with the Commercial Contributor in, the defense and any -related settlement negotiations. The Indemnified Contributor may -participate in any such claim at its own expense. - -For example, a Contributor might include the Program in a commercial -product offering, Product X. That Contributor is then a Commercial -Contributor. If that Commercial Contributor then makes performance -claims, or offers warranties related to Product X, those performance -claims and warranties are such Commercial Contributor's responsibility -alone. Under this section, the Commercial Contributor would have to -defend claims against the other Contributors related to those performance -claims and warranties, and if a court requires any other Contributor to -pay any damages as a result, the Commercial Contributor must pay -those damages. - -5. NO WARRANTY - -EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT -PERMITTED BY APPLICABLE LAW, THE PROGRAM IS PROVIDED ON AN "AS IS" -BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR -IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF -TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR -PURPOSE. Each Recipient is solely responsible for determining the -appropriateness of using and distributing the Program and assumes all -risks associated with its exercise of rights under this Agreement, -including but not limited to the risks and costs of program errors, -compliance with applicable laws, damage to or loss of data, programs -or equipment, and unavailability or interruption of operations. - -6. DISCLAIMER OF LIABILITY - -EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT -PERMITTED BY APPLICABLE LAW, NEITHER RECIPIENT NOR ANY CONTRIBUTORS -SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST -PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE -EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - -7. GENERAL - -If any provision of this Agreement is invalid or unenforceable under -applicable law, it shall not affect the validity or enforceability of -the remainder of the terms of this Agreement, and without further -action by the parties hereto, such provision shall be reformed to the -minimum extent necessary to make such provision valid and enforceable. - -If Recipient institutes patent litigation against any entity -(including a cross-claim or counterclaim in a lawsuit) alleging that the -Program itself (excluding combinations of the Program with other software -or hardware) infringes such Recipient's patent(s), then such Recipient's -rights granted under Section 2(b) shall terminate as of the date such -litigation is filed. - -All Recipient's rights under this Agreement shall terminate if it -fails to comply with any of the material terms or conditions of this -Agreement and does not cure such failure in a reasonable period of -time after becoming aware of such noncompliance. If all Recipient's -rights under this Agreement terminate, Recipient agrees to cease use -and distribution of the Program as soon as reasonably practicable. -However, Recipient's obligations under this Agreement and any licenses -granted by Recipient relating to the Program shall continue and survive. - -Everyone is permitted to copy and distribute copies of this Agreement, -but in order to avoid inconsistency the Agreement is copyrighted and -may only be modified in the following manner. The Agreement Steward -reserves the right to publish new versions (including revisions) of -this Agreement from time to time. No one other than the Agreement -Steward has the right to modify this Agreement. The Eclipse Foundation -is the initial Agreement Steward. The Eclipse Foundation may assign the -responsibility to serve as the Agreement Steward to a suitable separate -entity. Each new version of the Agreement will be given a distinguishing -version number. The Program (including Contributions) may always be -Distributed subject to the version of the Agreement under which it was -received. In addition, after a new version of the Agreement is published, -Contributor may elect to Distribute the Program (including its -Contributions) under the new version. - -Except as expressly stated in Sections 2(a) and 2(b) above, Recipient -receives no rights or licenses to the intellectual property of any -Contributor under this Agreement, whether expressly, by implication, -estoppel or otherwise. All rights in the Program not expressly granted -under this Agreement are reserved. Nothing in this Agreement is intended -to be enforceable by any entity that is not a Contributor or Recipient. -No third-party beneficiary rights are created under this Agreement. - -Exhibit A - Form of Secondary Licenses Notice - -"This Source Code may also be made available under the following -Secondary Licenses when the conditions for such availability set forth -in the Eclipse Public License, v. 2.0 are satisfied: {name license(s), -version(s), and exceptions or additional permissions here}." - - Simply including a copy of this Agreement, including this Exhibit A - is not sufficient to license the Source Code under Secondary Licenses. - - If it is not possible or desirable to put the notice in a particular - file, then You may include the notice in a location (such as a LICENSE - file in a relevant directory) where a recipient would be likely to - look for such a notice. - - You may add additional accurate notices of copyright ownership. diff --git a/src/secrets/OVERVIEW.md b/src/secrets/OVERVIEW.md deleted file mode 100644 index 33968e61..00000000 --- a/src/secrets/OVERVIEW.md +++ /dev/null @@ -1,48 +0,0 @@ -# Secrets SDK - -Secrets for Zowe SDK is a new development package used in the following Zowe releases: -- Zowe CLI - - v7.18.0 and above from the NPM package - - Bundle v2.11.0 and above from [Zowe.org](https://www.zowe.org/download#download-v2) -- Zowe Explorer and Zowe Explorer API - - v2.10.0 and above (v2 LTS) - - v1.22.5 and above (v1 LTS) - -The `keyring` module in this package replaces node-keytar. Node-keytar was developed by Atom, and is no longer maintained as of December 15th, 2022. - -## Impact on End Users - -### Zowe CLI - -CLI users should not be affected by this change. It is intended to be a drop-in replacement for node-keytar, so existing credentials will still be accessible. - -### Zowe Explorer - -- **Most** Zowe Explorer users should not be affected by this change. -- Some Zowe Explorer users may be affected by this change. Specifically, users connecting over remote environments with Zowe Explorer are required to re-enter credentials. - - Since keytar has been removed from VS Code for the next release, Zowe Explorer cannot access the local credential vault while the extension is running through a remote server. - - "Remote environments" include: - - Remote SSH - - Remote Tunnel - - Remote Docker - - [Click here](https://github.com/zowe/vscode-extension-for-zowe/wiki/Usage-in-Remote-Environments) for more information. - -## Impact on Extenders - -**CAUTION:** Regardless of whether you extend Zowe CLI or Zowe Explorer, developers that directly reference `keytar` as a dependency or dev dependency must use the new `keyring` module in `@zowe/secrets-for-zowe-sdk`. - -### Zowe CLI - -- Developers can continue using the credential manager utilities from Imperative. -- Developers that indirectly use Zowe CLI to store and load secure credentials are not affected. - -### Zowe Explorer - -- Extenders that leverage Zowe Explorer API and Webpack (or another bundler) are required to update their extensions to provide prebuilds for the Secrets SDK. - - This involves providing a folder named `prebuilds` with the Secrets SDK binaries alongside their extension root directory (same level as `package.json`). - - [Click here](https://github.com/zowe/zowe-cli/blob/master/packages/secrets/src/keyring/EXTENDERS.md#webpackingbundling-alongside-your-project) for more information on this process. -- Extenders that do not use a bundler can continue using the credential manager utilities from Zowe Explorer API. These extensions are not affected by this change. - ---- - -For more information on how to use the Secrets SDK, visit the [README for the `keyring` module](/packages/secrets/src/keyring/README.md). \ No newline at end of file diff --git a/src/secrets/README.md b/src/secrets/README.md deleted file mode 100644 index 70eac693..00000000 --- a/src/secrets/README.md +++ /dev/null @@ -1,49 +0,0 @@ -# Secrets Package - -Contains APIs for secure credential management. - -## `keyring` API Examples - -Developers that reference the dependency `keytar` directly in their code need to use the new `keyring` module from this package. - -Use the `keyring` module in the same fashion as `keytar`. - -### Storing and loading credentials - -```js -const { keyring } = require("@zowe/secrets-for-zowe-sdk"); -await keyring.setPassword("ServiceName", "AccountName", "SomePassword"); - -const password = await keyring.getPassword("ServiceName", "AccountName"); -// password should equal "SomePassword" -``` - -### Finding a credential - -```js -const { keyring } = require("@zowe/secrets-for-zowe-sdk"); -const password = await keyring.findPassword("ServiceName/AccountName"); -// password should equal "SomePassword" -``` - -### Finding all credentials matching service - -```js -const { keyring } = require("@zowe/secrets-for-zowe-sdk"); -const matchingCredentials = await keyring.findCredentials("ServiceName"); -// returns: -// [ -// { account: "AccountName", password: "SomePassword" }, -// ... -// ] -``` - -### Deleting a credential - -```js -const { keyring } = require("@zowe/secrets-for-zowe-sdk"); -const wasDeleted = await keyring.deletePassword("ServiceName", "AccountName"); -// wasDeleted should be true; ServiceName/AccountName removed from credential vault -``` - -For more detailed information, see [src/keyring/EXTENDERS.md](/packages/secrets/src/keyring/EXTENDERS.md). \ No newline at end of file diff --git a/src/secrets/package.json b/src/secrets/package.json deleted file mode 100644 index d265ccde..00000000 --- a/src/secrets/package.json +++ /dev/null @@ -1,51 +0,0 @@ -{ - "name": "@zowe/secrets-for-zowe-sdk", - "description": "Credential management facilities for Imperative, Zowe CLI, and extenders.", - "repository": "https://github.com/zowe/zowe-cli.git", - "author": "Zowe", - "version": "7.18.6", - "homepage": "https://github.com/zowe/zowe-cli/tree/master/packages/secrets#readme", - "bugs": { - "url": "https://github.com/zowe/zowe-cli/issues" - }, - "private": true, - "main": "lib/index.js", - "types": "lib/index.d.ts", - "files": [ - "lib", - "prebuilds/*.node", - "src/keyring", - "src/keyring/.cargo", - "index.d.ts", - "index.js", - "scripts/*.js" - ], - "publishConfig": { - "registry": "https://zowe.jfrog.io/zowe/api/npm/npm-local-release/" - }, - "license": "EPL-2.0", - "devDependencies": { - "@napi-rs/cli": "^2.16.2", - "@types/node": "^14.18.28", - "ava": "^4.3.3", - "typescript": "^4.0.0" - }, - "ava": { - "timeout": "3m" - }, - "engines": { - "node": ">= 14" - }, - "scripts": { - "artifacts": "napi artifacts", - "build": "npm run build:ts && cd src/keyring && napi build --config napi.json --js false --platform --release", - "build:debug": "cd src/keyring && napi build --config napi.json --js false --platform", - "build:ts": "tsc --pretty", - "install": "node scripts/prebuildCheck.js || npm run rebuild", - "prepack": "node ../../scripts/prepareLicenses.js", - "prepublishOnly": "bash scripts/prebuildify.sh", - "rebuild": "npx --yes --package=@napi-rs/cli@2.16.2 -- napi build --config src/keyring/napi.json --cargo-cwd src/keyring --platform --release --js=false src/keyring", - "test": "ava", - "version": "napi version" - } -} diff --git a/src/secrets/scripts/configure-cross.sh b/src/secrets/scripts/configure-cross.sh deleted file mode 100644 index a1263a8b..00000000 --- a/src/secrets/scripts/configure-cross.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# Set environment variables needed for cross-compilation in current shell -set_env() { - export PKG_CONFIG_SYSROOT_DIR="${CHROOT:-/}" - export RUSTFLAGS="-L $CHROOT$1 $RUSTFLAGS" - export PKG_CONFIG_PATH="$CHROOT$1/pkgconfig" -} - -case "$1" in - "aarch64-unknown-linux-gnu") - set_env "/usr/lib/aarch64-linux-gnu" - ;; - "aarch64-unknown-linux-musl") - CHROOT="/aarch64-linux-musl-cross" - RUSTFLAGS="-C linker=$CHROOT/bin/aarch64-linux-musl-gcc" - set_env "/usr/lib" - ;; - "armv7-unknown-linux-gnueabihf") - set_env "/usr/lib/arm-linux-gnueabihf" - ;; - "i686-unknown-linux-gnu") - set_env "/usr/lib/i386-linux-gnu" - ;; - "x86_64-unknown-linux-gnu") - set_env "/usr/lib/x86_64-linux-gnu" - ;; - *) - ;; -esac diff --git a/src/secrets/scripts/linux-test.sh b/src/secrets/scripts/linux-test.sh deleted file mode 100644 index 3af4397f..00000000 --- a/src/secrets/scripts/linux-test.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/env bash -rm -f $HOME/.local/share/keyrings/* -echo -n "test" | gnome-keyring-daemon --unlock -yarn test diff --git a/src/secrets/scripts/prebuildCheck.js b/src/secrets/scripts/prebuildCheck.js deleted file mode 100644 index 5410f65e..00000000 --- a/src/secrets/scripts/prebuildCheck.js +++ /dev/null @@ -1,22 +0,0 @@ -/* -* This program and the accompanying materials are made available under the terms of the -* Eclipse Public License v2.0 which accompanies this distribution, and is available at -* https://www.eclipse.org/legal/epl-v20.html -* -* SPDX-License-Identifier: EPL-2.0 -* -* Copyright Contributors to the Zowe Project. -* -*/ - -const { join } = require("path"); - -try { - require(join("..", "lib", "index.js")); -} catch (err) { - if (err.code === "ERR_MODULE_NOT_FOUND" || err.code === "MODULE_NOT_FOUND") { - throw new Error(`Unable to find prebuilds for Secrets SDK keyring module: ${err.message}`); - } else { - console.error(err.message); - } -} \ No newline at end of file diff --git a/src/secrets/scripts/prebuildify.sh b/src/secrets/scripts/prebuildify.sh deleted file mode 100644 index 9342d770..00000000 --- a/src/secrets/scripts/prebuildify.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -set -ex -rm -rf prebuilds && mkdir -p prebuilds -SECRETS_BRANCH="${SECRETS_BRANCH:-master}" -SECRETS_WORKFLOW_ID=$(gh run list -b $SECRETS_BRANCH --limit 1 --status success --workflow "Secrets SDK CI" --json databaseId --jq ".[0].databaseId") -echo "Downloading Secrets SDK prebuilds from $SECRETS_BRANCH branch..." -gh run download $SECRETS_WORKFLOW_ID --dir prebuilds --pattern "bindings-*" -mv prebuilds/*/* prebuilds && rm -r prebuilds/*/ \ No newline at end of file diff --git a/src/secrets/src/core/Cargo.lock b/src/secrets/src/core/Cargo.lock deleted file mode 100644 index fa08d203..00000000 --- a/src/secrets/src/core/Cargo.lock +++ /dev/null @@ -1,622 +0,0 @@ -# This file is automatically @generated by Cargo. -# It is not intended for manual editing. -version = 3 - -[[package]] -name = "autocfg" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" - -[[package]] -name = "bitflags" -version = "2.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" - -[[package]] -name = "cfg-expr" -version = "0.15.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03915af431787e6ffdcc74c645077518c6b6e01f80b761e0fbbfa288536311b3" -dependencies = [ - "smallvec", - "target-lexicon", -] - -[[package]] -name = "cfg-if" -version = "1.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" - -[[package]] -name = "core-foundation" -version = "0.9.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "194a7a9e6de53fa55116934067c844d9d749312f75c6f6d0980e8c252f8c2146" -dependencies = [ - "core-foundation-sys", - "libc", -] - -[[package]] -name = "core-foundation-sys" -version = "0.8.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e496a50fda8aacccc86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa" - -[[package]] -name = "equivalent" -version = "1.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" - -[[package]] -name = "futures-channel" -version = "0.3.29" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ff4dd66668b557604244583e3e1e1eada8c5c2e96a6d0d6653ede395b78bbacb" -dependencies = [ - "futures-core", -] - -[[package]] -name = "futures-core" -version = "0.3.29" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "eb1d22c66e66d9d72e1758f0bd7d4fd0bee04cad842ee34587d68c07e45d088c" - -[[package]] -name = "futures-executor" -version = "0.3.29" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f4fb8693db0cf099eadcca0efe2a5a22e4550f98ed16aba6c48700da29597bc" -dependencies = [ - "futures-core", - "futures-task", - "futures-util", -] - -[[package]] -name = "futures-io" -version = "0.3.29" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8bf34a163b5c4c52d0478a4d757da8fb65cabef42ba90515efee0f6f9fa45aaa" - -[[package]] -name = "futures-macro" -version = "0.3.29" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53b153fd91e4b0147f4aced87be237c98248656bb01050b96bf3ee89220a8ddb" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.38", -] - -[[package]] -name = "futures-task" -version = "0.3.29" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "efd193069b0ddadc69c46389b740bbccdd97203899b48d09c5f7969591d6bae2" - -[[package]] -name = "futures-util" -version = "0.3.29" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a19526d624e703a3179b3d322efec918b6246ea0fa51d41124525f00f1cc8104" -dependencies = [ - "futures-core", - "futures-macro", - "futures-task", - "pin-project-lite", - "pin-utils", - "slab", -] - -[[package]] -name = "gio" -version = "0.18.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57052f84e8e5999b258e8adf8f5f2af0ac69033864936b8b6838321db2f759b1" -dependencies = [ - "futures-channel", - "futures-core", - "futures-io", - "futures-util", - "gio-sys", - "glib", - "libc", - "once_cell", - "pin-project-lite", - "smallvec", - "thiserror", -] - -[[package]] -name = "gio-sys" -version = "0.18.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "37566df850baf5e4cb0dfb78af2e4b9898d817ed9263d1090a2df958c64737d2" -dependencies = [ - "glib-sys", - "gobject-sys", - "libc", - "system-deps", - "winapi", -] - -[[package]] -name = "glib" -version = "0.18.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c316afb01ce8067c5eaab1fc4f2cd47dc21ce7b6296358605e2ffab23ccbd19" -dependencies = [ - "bitflags", - "futures-channel", - "futures-core", - "futures-executor", - "futures-task", - "futures-util", - "gio-sys", - "glib-macros", - "glib-sys", - "gobject-sys", - "libc", - "memchr", - "once_cell", - "smallvec", - "thiserror", -] - -[[package]] -name = "glib-macros" -version = "0.18.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8da903822b136d42360518653fcf154455defc437d3e7a81475bf9a95ff1e47" -dependencies = [ - "heck", - "proc-macro-crate", - "proc-macro-error", - "proc-macro2", - "quote", - "syn 2.0.38", -] - -[[package]] -name = "glib-sys" -version = "0.18.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "063ce2eb6a8d0ea93d2bf8ba1957e78dbab6be1c2220dd3daca57d5a9d869898" -dependencies = [ - "libc", - "system-deps", -] - -[[package]] -name = "gobject-sys" -version = "0.18.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0850127b514d1c4a4654ead6dedadb18198999985908e6ffe4436f53c785ce44" -dependencies = [ - "glib-sys", - "libc", - "system-deps", -] - -[[package]] -name = "hashbrown" -version = "0.14.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f93e7192158dbcda357bdec5fb5788eebf8bbac027f3f33e719d29135ae84156" - -[[package]] -name = "heck" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" - -[[package]] -name = "indexmap" -version = "2.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8adf3ddd720272c6ea8bf59463c04e0f93d0bbf7c5439b691bca2987e0270897" -dependencies = [ - "equivalent", - "hashbrown", -] - -[[package]] -name = "libc" -version = "0.2.149" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a08173bc88b7955d1b3145aa561539096c421ac8debde8cbc3612ec635fee29b" - -[[package]] -name = "libsecret" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac6fae6ebe590e06ef9d01b125e46b7d4c05ccbd5961f12b4aefe2ecd010220f" -dependencies = [ - "gio", - "glib", - "libc", - "libsecret-sys", -] - -[[package]] -name = "libsecret-sys" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b716fc5e1c82eb0d28665882628382ab0e0a156a6d73580e33f0ac6ac8d2540" -dependencies = [ - "gio-sys", - "glib-sys", - "gobject-sys", - "libc", - "pkg-config", - "system-deps", -] - -[[package]] -name = "memchr" -version = "2.6.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167" - -[[package]] -name = "once_cell" -version = "1.18.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" - -[[package]] -name = "pin-project-lite" -version = "0.2.13" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58" - -[[package]] -name = "pin-utils" -version = "0.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" - -[[package]] -name = "pkg-config" -version = "0.3.27" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964" - -[[package]] -name = "proc-macro-crate" -version = "1.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f4c021e1093a56626774e81216a4ce732a735e5bad4868a03f3ed65ca0c3919" -dependencies = [ - "once_cell", - "toml_edit 0.19.15", -] - -[[package]] -name = "proc-macro-error" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c" -dependencies = [ - "proc-macro-error-attr", - "proc-macro2", - "quote", - "syn 1.0.109", - "version_check", -] - -[[package]] -name = "proc-macro-error-attr" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869" -dependencies = [ - "proc-macro2", - "quote", - "version_check", -] - -[[package]] -name = "proc-macro2" -version = "1.0.69" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "134c189feb4956b20f6f547d2cf727d4c0fe06722b20a0eec87ed445a97f92da" -dependencies = [ - "unicode-ident", -] - -[[package]] -name = "quote" -version = "1.0.33" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" -dependencies = [ - "proc-macro2", -] - -[[package]] -name = "secrets_core" -version = "0.1.0" -dependencies = [ - "cfg-if", - "core-foundation", - "core-foundation-sys", - "gio", - "glib", - "glib-sys", - "libsecret", - "libsecret-sys", - "thiserror", - "windows-sys", -] - -[[package]] -name = "serde" -version = "1.0.190" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91d3c334ca1ee894a2c6f6ad698fe8c435b76d504b13d436f0685d648d6d96f7" -dependencies = [ - "serde_derive", -] - -[[package]] -name = "serde_derive" -version = "1.0.190" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67c5609f394e5c2bd7fc51efda478004ea80ef42fee983d5c67a65e34f32c0e3" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.38", -] - -[[package]] -name = "serde_spanned" -version = "0.6.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "12022b835073e5b11e90a14f86838ceb1c8fb0325b72416845c487ac0fa95e80" -dependencies = [ - "serde", -] - -[[package]] -name = "slab" -version = "0.4.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f92a496fb766b417c996b9c5e57daf2f7ad3b0bebe1ccfca4856390e3d3bb67" -dependencies = [ - "autocfg", -] - -[[package]] -name = "smallvec" -version = "1.11.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "942b4a808e05215192e39f4ab80813e599068285906cc91aa64f923db842bd5a" - -[[package]] -name = "syn" -version = "1.0.109" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" -dependencies = [ - "proc-macro2", - "unicode-ident", -] - -[[package]] -name = "syn" -version = "2.0.38" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e96b79aaa137db8f61e26363a0c9b47d8b4ec75da28b7d1d614c2303e232408b" -dependencies = [ - "proc-macro2", - "quote", - "unicode-ident", -] - -[[package]] -name = "system-deps" -version = "6.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94af52f9402f94aac4948a2518b43359be8d9ce6cd9efc1c4de3b2f7b7e897d6" -dependencies = [ - "cfg-expr", - "heck", - "pkg-config", - "toml", - "version-compare", -] - -[[package]] -name = "target-lexicon" -version = "0.12.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14c39fd04924ca3a864207c66fc2cd7d22d7c016007f9ce846cbb9326331930a" - -[[package]] -name = "thiserror" -version = "1.0.50" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9a7210f5c9a7156bb50aa36aed4c95afb51df0df00713949448cf9e97d382d2" -dependencies = [ - "thiserror-impl", -] - -[[package]] -name = "thiserror-impl" -version = "1.0.50" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "266b2e40bc00e5a6c09c3584011e08b06f123c00362c92b975ba9843aaaa14b8" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.38", -] - -[[package]] -name = "toml" -version = "0.8.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ff9e3abce27ee2c9a37f9ad37238c1bdd4e789c84ba37df76aa4d528f5072cc" -dependencies = [ - "serde", - "serde_spanned", - "toml_datetime", - "toml_edit 0.20.7", -] - -[[package]] -name = "toml_datetime" -version = "0.6.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3550f4e9685620ac18a50ed434eb3aec30db8ba93b0287467bca5826ea25baf1" -dependencies = [ - "serde", -] - -[[package]] -name = "toml_edit" -version = "0.19.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1b5bb770da30e5cbfde35a2d7b9b8a2c4b8ef89548a7a6aeab5c9a576e3e7421" -dependencies = [ - "indexmap", - "toml_datetime", - "winnow", -] - -[[package]] -name = "toml_edit" -version = "0.20.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70f427fce4d84c72b5b732388bf4a9f4531b53f74e2887e3ecb2481f68f66d81" -dependencies = [ - "indexmap", - "serde", - "serde_spanned", - "toml_datetime", - "winnow", -] - -[[package]] -name = "unicode-ident" -version = "1.0.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" - -[[package]] -name = "version-compare" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "579a42fc0b8e0c63b76519a339be31bed574929511fa53c1a3acae26eb258f29" - -[[package]] -name = "version_check" -version = "0.9.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" - -[[package]] -name = "winapi" -version = "0.3.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" -dependencies = [ - "winapi-i686-pc-windows-gnu", - "winapi-x86_64-pc-windows-gnu", -] - -[[package]] -name = "winapi-i686-pc-windows-gnu" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" - -[[package]] -name = "winapi-x86_64-pc-windows-gnu" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" - -[[package]] -name = "windows-sys" -version = "0.48.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" -dependencies = [ - "windows-targets", -] - -[[package]] -name = "windows-targets" -version = "0.48.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a2fa6e2155d7247be68c096456083145c183cbbbc2764150dda45a87197940c" -dependencies = [ - "windows_aarch64_gnullvm", - "windows_aarch64_msvc", - "windows_i686_gnu", - "windows_i686_msvc", - "windows_x86_64_gnu", - "windows_x86_64_gnullvm", - "windows_x86_64_msvc", -] - -[[package]] -name = "windows_aarch64_gnullvm" -version = "0.48.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" - -[[package]] -name = "windows_aarch64_msvc" -version = "0.48.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" - -[[package]] -name = "windows_i686_gnu" -version = "0.48.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" - -[[package]] -name = "windows_i686_msvc" -version = "0.48.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" - -[[package]] -name = "windows_x86_64_gnu" -version = "0.48.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" - -[[package]] -name = "windows_x86_64_gnullvm" -version = "0.48.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" - -[[package]] -name = "windows_x86_64_msvc" -version = "0.48.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" - -[[package]] -name = "winnow" -version = "0.5.17" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3b801d0e0a6726477cc207f60162da452f3a95adb368399bef20a946e06f65c" -dependencies = [ - "memchr", -] diff --git a/src/secrets/src/core/Cargo.toml b/src/secrets/src/core/Cargo.toml deleted file mode 100644 index b178909c..00000000 --- a/src/secrets/src/core/Cargo.toml +++ /dev/null @@ -1,31 +0,0 @@ -[package] -name = "secrets_core" -version = "0.1.0" -edition = "2021" - -# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html - -[dependencies] -cfg-if = "1.0" -thiserror = "1.0.38" - -[target.'cfg(target_os = "windows")'.dependencies.windows-sys] -features = [ - "Win32_Foundation", - "Win32_Security_Credentials", - "Win32_System_Diagnostics_Debug", - "Win32_System_Memory", - "Win32_System_WindowsProgramming", -] -version = "0.48.0" - -[target.'cfg(target_os = "macos")'.dependencies] -core-foundation = "0.9.3" -core-foundation-sys = "0.8.4" - -[target.'cfg(any(target_os = "freebsd", target_os = "linux"))'.dependencies] -glib = "0.18.2" -glib-sys = "0.18.1" -gio = "0.18.2" -libsecret = "0.4.0" -libsecret-sys = "0.4.0" \ No newline at end of file diff --git a/src/secrets/src/core/src/lib.rs b/src/secrets/src/core/src/lib.rs deleted file mode 100644 index dda20c34..00000000 --- a/src/secrets/src/core/src/lib.rs +++ /dev/null @@ -1 +0,0 @@ -pub mod os; \ No newline at end of file diff --git a/src/secrets/src/core/src/os/error.rs b/src/secrets/src/core/src/os/error.rs deleted file mode 100644 index 7d7c251d..00000000 --- a/src/secrets/src/core/src/os/error.rs +++ /dev/null @@ -1,41 +0,0 @@ -use std::{str::Utf8Error, string::FromUtf16Error, string::FromUtf8Error}; -use thiserror::Error; - -#[derive(Error, Debug)] -pub enum KeyringError { - #[cfg(target_os = "macos")] - #[error("[keyring] Invalid parameter provided for '{argument:?}'. Details:\n\n{details:?}")] - InvalidArg { argument: String, details: String }, - - #[cfg(any(target_os = "macos", target_os = "linux", target_os = "freebsd"))] - #[error("[keyring] {name:?} library returned an error:\n\n{details:?}")] - Library { name: String, details: String }, - - #[cfg(not(target_os = "macos"))] - #[error("[keyring] An OS error has occurred:\n\n{0}")] - Os(String), - - #[error("[keyring] A UTF-8 error has occurred:\n\n{0}")] - Utf8(String), - - #[error("[keyring] A UTF-16 error has occurred:\n\n{0}")] - Utf16(String), -} - -impl From for KeyringError { - fn from(error: FromUtf8Error) -> Self { - KeyringError::Utf8(format!("{:?}", error)) - } -} - -impl From for KeyringError { - fn from(error: FromUtf16Error) -> Self { - KeyringError::Utf16(format!("{:?}", error)) - } -} - -impl From for KeyringError { - fn from(error: Utf8Error) -> Self { - KeyringError::Utf8(format!("{:?}", error)) - } -} diff --git a/src/secrets/src/core/src/os/mac/error.rs b/src/secrets/src/core/src/os/mac/error.rs deleted file mode 100644 index 980527b0..00000000 --- a/src/secrets/src/core/src/os/mac/error.rs +++ /dev/null @@ -1,66 +0,0 @@ -use crate::os::mac::ffi::SecCopyErrorMessageString; -use core_foundation::base::TCFType; -use core_foundation::string::CFString; -use core_foundation_sys::base::OSStatus; -use std::fmt::{Debug, Display, Formatter}; -use std::num::NonZeroI32; - -#[derive(Copy, Clone)] -pub struct Error(NonZeroI32); - -/// errSecItemNotFound -pub const ERR_SEC_ITEM_NOT_FOUND: i32 = -25300; - -impl Error { - #[inline] - #[must_use] - pub fn from_code(code: OSStatus) -> Self { - Self(NonZeroI32::new(code).unwrap_or_else(|| NonZeroI32::new(1).unwrap())) - } - - pub fn code(self) -> i32 { - self.0.get() as _ - } - - /// Gets the message matching an OSStatus error code, if one exists. - pub fn message(&self) -> Option { - unsafe { - let s = SecCopyErrorMessageString(self.code(), std::ptr::null_mut()); - if s.is_null() { - None - } else { - Some(CFString::wrap_under_create_rule(s).to_string()) - } - } - } -} - -impl Debug for Error { - fn fmt(&self, fmt: &mut Formatter<'_>) -> std::fmt::Result { - let mut builder = fmt.debug_struct("Error"); - builder.field("code", &self.0); - if let Some(message) = self.message() { - builder.field("message", &message); - } - builder.finish() - } -} - -impl Display for Error { - fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result { - match self.message() { - Some(msg) => write!(f, "{}", msg), - None => write!(f, "code: {}", self.code()), - } - } -} - -/// Handles the OSStatus code from macOS FFI calls (error handling helper fn) -#[inline(always)] -pub fn handle_os_status(err: OSStatus) -> Result<(), Error> { - match err { - // errSecSuccess - 0 => Ok(()), - err => Err(Error::from_code(err)), - } -} diff --git a/src/secrets/src/core/src/os/mac/ffi.rs b/src/secrets/src/core/src/os/mac/ffi.rs deleted file mode 100644 index e76e92c0..00000000 --- a/src/secrets/src/core/src/os/mac/ffi.rs +++ /dev/null @@ -1,118 +0,0 @@ -use core_foundation_sys::base::{CFTypeID, CFTypeRef, OSStatus}; -use core_foundation_sys::dictionary::CFDictionaryRef; -use core_foundation_sys::string::CFStringRef; -use std::ffi::{c_char, c_void}; - -/// -/// Keychain item reference types. -/// -/// See lib/SecBase.h here: -/// https://opensource.apple.com/source/libsecurity_keychain/libsecurity_keychain-55050.2/ -/// -pub enum OpaqueSecKeychainItemRef {} -pub enum OpaqueSecKeychainRef {} -pub type SecKeychainItemRef = *mut OpaqueSecKeychainItemRef; -pub type SecKeychainRef = *mut OpaqueSecKeychainRef; - -/// -/// Certificate item reference types. -/// https://developer.apple.com/documentation/security/opaqueseccertificateref -/// -pub enum OpaqueSecCertificateRef {} -pub type SecCertificateRef = *mut OpaqueSecCertificateRef; - -/// -/// Identity reference types. -/// https://developer.apple.com/documentation/security/opaquesecidentityref -/// -pub enum OpaqueSecIdentityRef {} -pub type SecIdentityRef = *mut OpaqueSecIdentityRef; - -/// -/// Key reference types. -/// https://developer.apple.com/documentation/security/seckeyref -/// -pub enum OpaqueSecKeyRef {} -pub type SecKeyRef = *mut OpaqueSecKeyRef; - -/// -/// Keychain attribute structure for searching items. -/// https://developer.apple.com/documentation/security/seckeychainattribute, -/// https://developer.apple.com/documentation/security/seckeychainattributelist -/// -#[repr(C)] -#[derive(Copy, Clone)] -pub struct SecKeychainAttribute { - pub tag: u32, - pub length: u32, - pub data: *mut c_void, -} -#[repr(C)] -#[derive(Copy, Clone)] -pub struct SecKeychainAttributeList { - pub count: u32, - pub attr: *mut SecKeychainAttribute, -} - -/* - * Defined below are the C functions that the Rust logic - * uses to interact with macOS's Security.framework. - * - * Since we can call C functions directly using Rust FFI, we just need to define - * the function prototypes ahead of time, and link them to the Security.framework library. - * Rust will evaluate these symbols during compile time. - */ -#[link(name = "Security", kind = "framework")] -extern "C" { - // keychain.rs: - pub fn SecCopyErrorMessageString(status: OSStatus, reserved: *mut c_void) -> CFStringRef; - pub fn SecKeychainAddGenericPassword( - keychain: SecKeychainRef, - service_name_length: u32, - service_name: *const c_char, - account_name_length: u32, - account_name: *const c_char, - password_length: u32, - password_data: *const c_void, - item_ref: *mut SecKeychainItemRef, - ) -> OSStatus; - pub fn SecKeychainCopyDefault(keychain: *mut SecKeychainRef) -> OSStatus; - pub fn SecKeychainFindGenericPassword( - keychain_or_array: CFTypeRef, - service_name_len: u32, - service_name: *const c_char, - account_name_len: u32, - account_name: *const c_char, - password_len: *mut u32, - password: *mut *mut c_void, - item_ref: *mut SecKeychainItemRef, - ) -> OSStatus; - pub fn SecKeychainGetTypeID() -> CFTypeID; - - // keychain_item.rs: - pub fn SecKeychainItemDelete(item_ref: SecKeychainItemRef) -> OSStatus; - pub fn SecKeychainItemGetTypeID() -> CFTypeID; - pub fn SecKeychainItemModifyAttributesAndData( - item_ref: SecKeychainItemRef, - attr_list: *const SecKeychainAttributeList, - length: u32, - data: *const c_void, - ) -> OSStatus; - - // keychain_search.rs: - pub fn SecItemCopyMatching(query: CFDictionaryRef, result: *mut CFTypeRef) -> OSStatus; - pub static kSecAttrAccount: CFStringRef; - pub static kSecAttrLabel: CFStringRef; - pub static kSecAttrService: CFStringRef; - pub static kSecClass: CFStringRef; - pub static kSecClassGenericPassword: CFStringRef; - pub static kSecMatchLimit: CFStringRef; - pub static kSecReturnAttributes: CFStringRef; - pub static kSecReturnData: CFStringRef; - pub static kSecReturnRef: CFStringRef; - - // misc.rs: - pub fn SecCertificateGetTypeID() -> CFTypeID; - pub fn SecIdentityGetTypeID() -> CFTypeID; - pub fn SecKeyGetTypeID() -> CFTypeID; -} diff --git a/src/secrets/src/core/src/os/mac/keychain.rs b/src/secrets/src/core/src/os/mac/keychain.rs deleted file mode 100644 index 250b7c25..00000000 --- a/src/secrets/src/core/src/os/mac/keychain.rs +++ /dev/null @@ -1,114 +0,0 @@ -use crate::os::mac::error::{handle_os_status, Error}; -use crate::os::mac::ffi::{ - SecKeychainAddGenericPassword, SecKeychainCopyDefault, SecKeychainFindGenericPassword, - SecKeychainGetTypeID, SecKeychainRef, -}; -use crate::os::mac::keychain_item::SecKeychainItem; -use core_foundation::{base::TCFType, declare_TCFType, impl_TCFType}; -use std::ops::Deref; - -/* - * SecKeychain: https://developer.apple.com/documentation/security/seckeychain - * SecKeychainRef: https://developer.apple.com/documentation/security/seckeychainref - */ -declare_TCFType! { - SecKeychain, SecKeychainRef -} -impl_TCFType!(SecKeychain, SecKeychainRef, SecKeychainGetTypeID); - -/* Wrapper struct for handling passwords within SecKeychainItem objects. */ -pub struct KeychainItemPassword { - pub data: *const u8, - pub data_len: usize, -} - -impl AsRef<[u8]> for KeychainItemPassword { - #[inline] - fn as_ref(&self) -> &[u8] { - unsafe { std::slice::from_raw_parts(self.data, self.data_len) } - } -} - -impl Deref for KeychainItemPassword { - type Target = [u8]; - #[inline] - fn deref(&self) -> &Self::Target { - self.as_ref() - } -} - -impl SecKeychain { - pub fn default() -> Result { - let mut keychain = std::ptr::null_mut(); - unsafe { - handle_os_status(SecKeychainCopyDefault(&mut keychain))?; - } - unsafe { Ok(Self::wrap_under_create_rule(keychain)) } - } - - /// - /// set_password - /// Attempts to set the password within the keychain for a given service and account. - /// - /// Returns: - /// - Nothing if the password was set successfully, or - /// - An `Error` object if an error was encountered - /// - pub fn set_password(&self, service: &str, account: &str, password: &[u8]) -> Result<(), Error> { - match self.find_password(service, account) { - Ok((_, mut item)) => item.set_password(password), - _ => unsafe { - handle_os_status(SecKeychainAddGenericPassword( - self.as_CFTypeRef() as *mut _, - service.len() as u32, - service.as_ptr().cast(), - account.len() as u32, - account.as_ptr().cast(), - password.len() as u32, - password.as_ptr().cast(), - std::ptr::null_mut(), - )) - }, - } - } - - /// - /// find_password - /// Attempts to find a password within the keychain matching a given service and account. - /// - /// Returns: - /// - A pair containing the KeychainItem object with its password data if the password was found, or - /// - An `Error` object if an error was encountered - /// - pub fn find_password( - &self, - service: &str, - account: &str, - ) -> Result<(KeychainItemPassword, SecKeychainItem), Error> { - let keychain_ref = self.as_CFTypeRef(); - - let mut len = 0; - let mut data = std::ptr::null_mut(); - let mut item = std::ptr::null_mut(); - - unsafe { - handle_os_status(SecKeychainFindGenericPassword( - keychain_ref, - service.len() as u32, - service.as_ptr().cast(), - account.len() as u32, - account.as_ptr().cast(), - &mut len, - &mut data, - &mut item, - ))?; - Ok(( - KeychainItemPassword { - data: data as *const _, - data_len: len as usize, - }, - SecKeychainItem::wrap_under_create_rule(item), - )) - } - } -} diff --git a/src/secrets/src/core/src/os/mac/keychain_item.rs b/src/secrets/src/core/src/os/mac/keychain_item.rs deleted file mode 100644 index 8008e278..00000000 --- a/src/secrets/src/core/src/os/mac/keychain_item.rs +++ /dev/null @@ -1,56 +0,0 @@ -use crate::os::mac::error::{handle_os_status, Error}; -use crate::os::mac::ffi::{ - SecKeychainItemDelete, SecKeychainItemGetTypeID, SecKeychainItemModifyAttributesAndData, - SecKeychainItemRef, -}; -use core_foundation::base::TCFType; -use core_foundation::{declare_TCFType, impl_TCFType}; - -/* - * SecKeychainItem: https://developer.apple.com/documentation/security/seckeychainitem - * SecKeychainItemRef: https://developer.apple.com/documentation/security/seckeychainitemref - */ -declare_TCFType! { - SecKeychainItem, SecKeychainItemRef -} -impl_TCFType! { - SecKeychainItem, - SecKeychainItemRef, - SecKeychainItemGetTypeID -} - -impl SecKeychainItem { - /// - /// delete - /// Attempts to delete this keychain item from the keychain. - /// - /// Returns: - /// - Nothing if the deletion request was successful, or - /// - An `Error` object if an error was encountered - /// - #[inline] - pub fn delete(self) -> Result<(), Error> { - unsafe { handle_os_status(SecKeychainItemDelete(self.as_CFTypeRef() as *mut _)) } - } - - /// - /// set_password - /// Attempts to set the password for this keychain item. - /// - /// Returns: - /// - Nothing if the password was set successfully, or - /// - An `Error` object if an error was encountered - /// - pub fn set_password(&mut self, password: &[u8]) -> Result<(), Error> { - unsafe { - handle_os_status(SecKeychainItemModifyAttributesAndData( - self.as_CFTypeRef() as *mut _, - std::ptr::null(), - password.len() as u32, - password.as_ptr().cast(), - ))?; - } - - Ok(()) - } -} diff --git a/src/secrets/src/core/src/os/mac/keychain_search.rs b/src/secrets/src/core/src/os/mac/keychain_search.rs deleted file mode 100644 index 8de998df..00000000 --- a/src/secrets/src/core/src/os/mac/keychain_search.rs +++ /dev/null @@ -1,249 +0,0 @@ -use crate::os::mac::error::{handle_os_status, Error}; -use crate::os::mac::ffi::{ - kSecAttrAccount, kSecAttrLabel, kSecAttrService, kSecClass, kSecClassGenericPassword, - kSecMatchLimit, kSecReturnAttributes, kSecReturnData, kSecReturnRef, SecItemCopyMatching, -}; -use crate::os::mac::keychain_item::SecKeychainItem; -use crate::os::mac::misc::{SecCertificate, SecIdentity, SecKey}; -use core_foundation::array::CFArray; -use core_foundation::base::{CFType, TCFType}; -use core_foundation::boolean::CFBoolean; -use core_foundation::data::CFData; -use core_foundation::date::CFDate; -use core_foundation::dictionary::CFDictionary; -use core_foundation::number::CFNumber; -use core_foundation::string::CFString; -use core_foundation_sys::base::{CFCopyDescription, CFGetTypeID, CFRelease, CFTypeRef}; -use std::collections::HashMap; - -/// Keychain Search structure to reference when making searches within the keychain. -#[derive(Default)] -pub struct KeychainSearch { - label: Option, - service: Option, - account: Option, - load_attrs: bool, - load_data: bool, - load_refs: bool, -} - -/// Reference enum for categorizing search results based on item type. -pub enum Reference { - Identity(SecIdentity), - Certificate(SecCertificate), - Key(SecKey), - KeychainItem(SecKeychainItem), -} - -/// Enum for organizing types of items found during the keychain search operation. -pub enum SearchResult { - Ref(Reference), - Dict(CFDictionary), - Data(Vec), -} - -impl SearchResult { - /// - /// parse_dict - /// Tries to parse a CFDictionary object into a hashmap of string pairs. - /// - /// Returns: - /// - `Some(hash_map)` containing the attribute keys/values if parsed successfully - /// - `None` otherwise - #[must_use] - pub fn parse_dict(&self) -> Option> { - match *self { - Self::Dict(ref d) => unsafe { - // build map of attributes to return for this search result - let mut retmap = HashMap::new(); - let (keys, values) = d.get_keys_and_values(); - for (k, v) in keys.iter().zip(values.iter()) { - // get key as CFString from pointer - let key_cfstr = CFString::wrap_under_get_rule((*k).cast()); - - // get value based on CFType - let val: String = match CFGetTypeID(*v) { - cfstring if cfstring == CFString::type_id() => { - format!("{}", CFString::wrap_under_get_rule((*v).cast())) - } - cfdata if cfdata == CFData::type_id() => { - let buf = CFData::wrap_under_get_rule((*v).cast()); - let mut vec = Vec::new(); - vec.extend_from_slice(buf.bytes()); - format!("{}", String::from_utf8_lossy(&vec)) - } - cfdate if cfdate == CFDate::type_id() => format!( - "{}", - CFString::wrap_under_create_rule(CFCopyDescription(*v)) - ), - _ => String::from("unknown"), - }; - retmap.insert(format!("{}", key_cfstr), val); - } - Some(retmap) - }, - _ => None, - } - } -} - -/// -/// get_item -/// -/// item: The item reference to convert to a SearchResult -/// Returns: -/// - a SearchResult enum variant based on the item reference provided. -/// -unsafe fn get_item(item: CFTypeRef) -> SearchResult { - let type_id = CFGetTypeID(item); - - // if type is a raw buffer, return Vec of bytes based on item size - if type_id == CFData::type_id() { - let data = CFData::wrap_under_get_rule(item as *mut _); - let mut buf = Vec::new(); - buf.extend_from_slice(data.bytes()); - return SearchResult::Data(buf); - } - - // if type is dictionary of items, cast as CFDictionary object - if type_id == CFDictionary::<*const u8, *const u8>::type_id() { - return SearchResult::Dict(CFDictionary::wrap_under_get_rule(item as *mut _)); - } - - // if type is a single Keychain item, return it as a reference - if type_id == SecKeychainItem::type_id() { - return SearchResult::Ref(Reference::KeychainItem( - SecKeychainItem::wrap_under_get_rule(item as *mut _), - )); - } - - // handle certificate, cryptographic key, and identity types as - // they can also appear in search results for the keychain - let reference = match type_id { - r if r == SecCertificate::type_id() => { - Reference::Certificate(SecCertificate::wrap_under_get_rule(item as *mut _)) - } - r if r == SecKey::type_id() => Reference::Key(SecKey::wrap_under_get_rule(item as *mut _)), - r if r == SecIdentity::type_id() => { - Reference::Identity(SecIdentity::wrap_under_get_rule(item as *mut _)) - } - _ => panic!("Bad type received from SecItemCopyMatching: {}", type_id), - }; - - SearchResult::Ref(reference) -} - -impl KeychainSearch { - #[inline(always)] - #[must_use] - pub fn new() -> Self { - Self::default() - } - - pub fn label(&mut self, label: &str) -> &mut Self { - self.label = Some(CFString::new(label)); - self - } - - pub fn with_attrs(&mut self) -> &mut Self { - self.load_attrs = true; - self - } - - pub fn with_data(&mut self) -> &mut Self { - self.load_data = true; - self - } - - pub fn with_refs(&mut self) -> &mut Self { - self.load_refs = true; - self - } - - /// Executes a search within the keychain, factoring in the set search options. - /// - /// Returns: - /// - If successful, a `Vec` containing a list of search results - /// - an `Error` object otherwise - pub fn execute(&self) -> Result, Error> { - let mut params = vec![]; - - unsafe { - params.push(( - CFString::wrap_under_get_rule(kSecClass), - CFType::wrap_under_get_rule(kSecClassGenericPassword.cast()), - )); - - // Handle any parameters that were configured before execution (label, service, account) - if let Some(ref label) = self.label { - params.push(( - CFString::wrap_under_get_rule(kSecAttrLabel), - label.as_CFType(), - )); - } - if let Some(ref service) = self.service { - params.push(( - CFString::wrap_under_get_rule(kSecAttrService), - service.as_CFType(), - )); - } - if let Some(ref acc) = self.account { - params.push(( - CFString::wrap_under_get_rule(kSecAttrAccount), - acc.as_CFType(), - )); - } - - // Add params to fetch data, attributes, and/or refs if requested from search options - if self.load_data { - params.push(( - CFString::wrap_under_get_rule(kSecReturnData), - CFBoolean::true_value().into_CFType(), - )); - } - if self.load_attrs { - params.push(( - CFString::wrap_under_get_rule(kSecReturnAttributes), - CFBoolean::true_value().into_CFType(), - )); - } - if self.load_refs { - params.push(( - CFString::wrap_under_get_rule(kSecReturnRef), - CFBoolean::true_value().into_CFType(), - )); - } - - // Remove the default limit of 0 by requesting all items that match the search - params.push(( - CFString::wrap_under_get_rule(kSecMatchLimit), - CFNumber::from(i32::MAX).into_CFType(), - )); - - let params = CFDictionary::from_CFType_pairs(¶ms); - let mut ret = std::ptr::null(); - - // handle copy operation status and get type ID based on return value - handle_os_status(SecItemCopyMatching(params.as_concrete_TypeRef(), &mut ret))?; - if ret.is_null() { - return Ok(vec![]); - } - let type_id = CFGetTypeID(ret); - - // Build vector of items based on return reference type - let mut items = vec![]; - if type_id == CFArray::::type_id() { - let array: CFArray = CFArray::wrap_under_create_rule(ret as *mut _); - for item in array.iter() { - items.push(get_item(item.as_CFTypeRef())); - } - } else { - items.push(get_item(ret)); - - CFRelease(ret); - } - - Ok(items) - } - } -} diff --git a/src/secrets/src/core/src/os/mac/misc.rs b/src/secrets/src/core/src/os/mac/misc.rs deleted file mode 100644 index 1af69da4..00000000 --- a/src/secrets/src/core/src/os/mac/misc.rs +++ /dev/null @@ -1,21 +0,0 @@ -use crate::os::mac::ffi::{ - SecCertificateGetTypeID, SecCertificateRef, SecIdentityGetTypeID, SecIdentityRef, - SecKeyGetTypeID, SecKeyRef, -}; -use core_foundation::base::TCFType; -use core_foundation::{declare_TCFType, impl_TCFType}; - -// Structure that represents identities within the keychain -// https://developer.apple.com/documentation/security/secidentity -declare_TCFType!(SecIdentity, SecIdentityRef); -impl_TCFType!(SecIdentity, SecIdentityRef, SecIdentityGetTypeID); - -// Structure that represents certificates within the keychain -// https://developer.apple.com/documentation/security/seccertificate -declare_TCFType!(SecCertificate, SecCertificateRef); -impl_TCFType!(SecCertificate, SecCertificateRef, SecCertificateGetTypeID); - -// Structure that represents cryptographic keys within the keychain -// https://developer.apple.com/documentation/security/seckey -declare_TCFType!(SecKey, SecKeyRef); -impl_TCFType!(SecKey, SecKeyRef, SecKeyGetTypeID); diff --git a/src/secrets/src/core/src/os/mac/mod.rs b/src/secrets/src/core/src/os/mac/mod.rs deleted file mode 100644 index 3ff76377..00000000 --- a/src/secrets/src/core/src/os/mac/mod.rs +++ /dev/null @@ -1,160 +0,0 @@ -use super::error::KeyringError; - -mod error; -mod ffi; -mod keychain; -mod keychain_item; -mod keychain_search; -mod misc; - -use error::Error; - -use crate::os::mac::error::ERR_SEC_ITEM_NOT_FOUND; -use crate::os::mac::keychain_search::{KeychainSearch, SearchResult}; -use keychain::SecKeychain; - -impl From for KeyringError { - fn from(error: Error) -> Self { - KeyringError::Library { - name: "macOS Security.framework".to_owned(), - details: format!("{:?}", error.message()), - } - } -} - -/// -/// Attempts to set a password for a given service and account. -/// -/// - `service`: The service name for the new credential -/// - `account`: The account name for the new credential -/// -/// Returns: -/// - `true` if the credential was stored successfully -/// - A `KeyringError` if there were any issues interacting with the credential vault -/// -pub fn set_password( - service: &String, - account: &String, - password: &mut String, -) -> Result { - let keychain = SecKeychain::default().unwrap(); - match keychain.set_password(service.as_str(), account.as_str(), password.as_bytes()) { - Ok(()) => Ok(true), - Err(err) => Err(KeyringError::from(err)), - } -} - -/// -/// Returns a password contained in the given service and account, if found. -/// -/// - `service`: The service name that matches the credential of interest -/// - `account`: The account name that matches the credential of interest -/// -/// Returns: -/// - `Some(password)` if a matching credential was found; `None` otherwise -/// - A `KeyringError` if there were any issues interacting with the credential vault -/// -pub fn get_password(service: &String, account: &String) -> Result, KeyringError> { - let keychain = SecKeychain::default().unwrap(); - match keychain.find_password(service.as_str(), account.as_str()) { - Ok((pw, _)) => Ok(Some(String::from_utf8(pw.to_owned())?)), - Err(err) if err.code() == ERR_SEC_ITEM_NOT_FOUND => Ok(None), - Err(err) => Err(KeyringError::from(err)), - } -} - -/// -/// Returns the first password (if any) that matches the given service pattern. -/// -/// - `service`: The service pattern that matches the credential of interest -/// -/// Returns: -/// - `Some(password)` if a matching credential was found; `None` otherwise -/// - A `KeyringError` if there were any issues interacting with the credential vault -/// -pub fn find_password(service: &String) -> Result, KeyringError> { - let cred_attrs: Vec<&str> = service.split("/").collect(); - if cred_attrs.len() < 2 { - return Err(KeyringError::InvalidArg { - argument: "service".to_owned(), - details: "Invalid format for service string; must be in format 'SERVICE/ACCOUNT'" - .to_owned(), - }); - } - - let keychain = SecKeychain::default().unwrap(); - match keychain.find_password(cred_attrs[0], cred_attrs[1]) { - Ok((pw, _)) => { - let pw_str = String::from_utf8(pw.to_owned())?; - return Ok(Some(pw_str)); - } - Err(err) => Err(KeyringError::from(err)), - } -} - -/// -/// Attempts to delete the password associated with a given service and account. -/// -/// - `service`: The service name of the credential to delete -/// - `account`: The account name of the credential to delete -/// -/// Returns: -/// - `true` if a matching credential was deleted; `false` otherwise -/// - A `KeyringError` if there were any issues interacting with the credential vault -/// -pub fn delete_password(service: &String, account: &String) -> Result { - let keychain = SecKeychain::default().unwrap(); - match keychain.find_password(service.as_str(), account.as_str()) { - Ok((_, item)) => { - item.delete()?; - return Ok(true); - } - Err(err) if err.code() == ERR_SEC_ITEM_NOT_FOUND => Ok(false), - Err(err) => Err(KeyringError::from(err)), - } -} - -/// -/// Builds a vector of all credentials matching the given service pattern. -/// -/// - `service`: The service pattern that matches the credential(s) of interest -/// - `credentials`: The vector consisting of (username, password) pairs for each credential that matches -/// -/// Returns: -/// - `true` if at least 1 credential was found, `false` otherwise -/// - A `KeyringError` if there were any issues interacting with the credential vault -/// -pub fn find_credentials( - service: &String, - credentials: &mut Vec<(String, String)>, -) -> Result { - match KeychainSearch::new() - .label(service.as_str()) - .with_attrs() - .with_data() - .with_refs() - .execute() - { - Ok(search_results) => { - *credentials = search_results - .iter() - .filter_map(|result| match result { - SearchResult::Dict(_) => { - return match result.parse_dict() { - Some(attrs) => Some(( - attrs.get("acct").unwrap().to_owned(), - attrs.get("v_Data").unwrap().to_owned(), - )), - None => None, - }; - } - _ => None, - }) - .collect(); - - Ok(!credentials.is_empty()) - } - Err(err) if err.code() == ERR_SEC_ITEM_NOT_FOUND => Ok(false), - Err(err) => Err(KeyringError::from(err)), - } -} diff --git a/src/secrets/src/core/src/os/mod.rs b/src/secrets/src/core/src/os/mod.rs deleted file mode 100644 index 640ee83f..00000000 --- a/src/secrets/src/core/src/os/mod.rs +++ /dev/null @@ -1,14 +0,0 @@ -pub mod error; - -cfg_if::cfg_if! { - if #[cfg(target_os = "windows")] { - pub mod win; - pub use win::{delete_password, find_credentials, find_password, get_password, set_password}; - } else if #[cfg(target_os = "macos")] { - pub mod mac; - pub use mac::{delete_password, find_credentials, find_password, get_password, set_password}; - } else if #[cfg(any(target_os = "freebsd", target_os = "linux"))] { - pub mod unix; - pub use unix::{delete_password, find_credentials, find_password, get_password, set_password}; - } -} diff --git a/src/secrets/src/core/src/os/unix.rs b/src/secrets/src/core/src/os/unix.rs deleted file mode 100644 index 723817a7..00000000 --- a/src/secrets/src/core/src/os/unix.rs +++ /dev/null @@ -1,221 +0,0 @@ -extern crate glib_sys; -extern crate libsecret; -use glib::translate::{FromGlibPtrContainer, ToGlibPtr}; -use glib_sys::g_hash_table_unref; -use libsecret::{ - prelude::CollectionExtManual, traits::ItemExt, SearchFlags, Service, ServiceFlags, -}; -use std::collections::HashMap; - -use super::error::KeyringError; - -impl From for KeyringError { - fn from(err: glib::error::Error) -> Self { - KeyringError::Library { - name: "glib".to_owned(), - details: format!("{:?}", err.message().to_owned()), - } - } -} - -/// -/// Returns the libsecret schema that corresponds to service and account attributes. -/// -fn get_schema() -> libsecret::Schema { - libsecret::Schema::new( - "org.freedesktop.Secret.Generic", - libsecret::SchemaFlags::NONE, - HashMap::from([ - ("service", libsecret::SchemaAttributeType::String), - ("account", libsecret::SchemaAttributeType::String), - ]), - ) -} - -/// -/// Builds an attribute map with the given service and account names. -/// -/// Returns: -/// - A `HashMap` built with the `service` and `account` values provided. Used for attribute functions. -/// -fn get_attribute_map<'a>(service: &'a str, account: &'a str) -> HashMap<&'a str, &'a str> { - HashMap::from([("service", service), ("account", account)]) -} - -/// -/// Attempts to set a password for a given service and account. -/// -/// - `service`: The service name for the new credential -/// - `account`: The account name for the new credential -/// -/// Returns: -/// - `true` if the credential was stored successfully -/// - A `KeyringError` if there were any issues interacting with the credential vault -/// -pub fn set_password( - service: &String, - account: &String, - password: &String, -) -> Result { - let attributes = get_attribute_map(service.as_str(), account.as_str()); - - let collection = libsecret::COLLECTION_DEFAULT; - match libsecret::password_store_sync( - Some(&get_schema()), - attributes, - Some(collection), - format!("{}/{}", service, account).as_str(), - password.as_str(), - gio::Cancellable::NONE, - ) { - Ok(_) => Ok(true), - Err(err) => Err(KeyringError::from(err)), - } -} - -/// -/// Returns a password contained in the given service and account, if found. -/// -/// - `service`: The service name that matches the credential of interest -/// - `account`: The account name that matches the credential of interest -/// -/// Returns: -/// - `Some(password)` if a matching credential was found; `None` otherwise -/// - A `KeyringError` if there were any issues interacting with the credential vault -/// -pub fn get_password(service: &String, account: &String) -> Result, KeyringError> { - let attributes = get_attribute_map(service.as_str(), account.as_str()); - - match libsecret::password_lookup_sync(Some(&get_schema()), attributes, gio::Cancellable::NONE) { - Ok(pw) => match pw { - Some(pass) => Ok(Some(pass.to_string())), - None => Ok(None), - }, - Err(err) => Err(KeyringError::from(err)), - } -} - -/// -/// Returns the first password (if any) that matches the given service pattern. -/// -/// - `service`: The service pattern that matches the credential of interest -/// -/// Returns: -/// - `Some(password)` if a matching credential was found; `None` otherwise -/// - A `KeyringError` if there were any issues interacting with the credential vault -/// -pub fn find_password(service: &String) -> Result, KeyringError> { - let attributes = if service.contains("/") && service.len() > 1 { - // In format "service/account" - let values: Vec<&str> = service.split("/").collect(); - get_attribute_map(values[0], values[1]) - } else { - HashMap::from([("service", service.as_str())]) - }; - - match libsecret::password_lookup_sync(Some(&get_schema()), attributes, gio::Cancellable::NONE) { - Ok(pw) => match pw { - Some(pass) => Ok(Some(pass.to_string())), - None => Ok(None), - }, - Err(err) => Err(KeyringError::from(err)), - } -} - -/// -/// Attempts to delete the password associated with a given service and account. -/// -/// - `service`: The service name of the credential to delete -/// - `account`: The account name of the credential to delete -/// -/// Returns: -/// - `true` if a matching credential was deleted; `false` otherwise -/// - A `KeyringError` if there were any issues interacting with the credential vault -/// -pub fn delete_password(service: &String, account: &String) -> Result { - match libsecret::password_clear_sync( - Some(&get_schema()), - get_attribute_map(service.as_str(), account.as_str()), - gio::Cancellable::NONE, - ) { - Ok(_) => Ok(true), - Err(err) => match err.kind() { - Some(glib::KeyFileError::NotFound) => Ok(false), - _ => Err(KeyringError::from(err)), - }, - } -} - -/// -/// Builds a vector of all credentials matching the given service pattern. -/// -/// - `service`: The service pattern that matches the credential(s) of interest -/// - `credentials`: The vector consisting of (username, password) pairs for each credential that matches -/// -/// Returns: -/// - `true` if at least 1 credential was found, `false` otherwise -/// - A `KeyringError` if there were any issues interacting with the credential vault -/// -pub fn find_credentials( - service: &String, - credentials: &mut Vec<(String, String)>, -) -> Result { - let secret_service = Service::sync( - ServiceFlags::OPEN_SESSION | ServiceFlags::LOAD_COLLECTIONS, - gio::Cancellable::NONE, - )?; - let collection = match libsecret::Collection::for_alias_sync( - Some(&secret_service), - "default", - libsecret::CollectionFlags::LOAD_ITEMS, - gio::Cancellable::NONE, - )? { - Some(col) => col, - None => { - return Err(KeyringError::Os( - "Unable to open libsecret collection".to_owned(), - )) - } - }; - - match collection.search_sync( - Some(&get_schema()), - HashMap::from([("service", service.as_str())]), - SearchFlags::ALL | SearchFlags::UNLOCK | SearchFlags::LOAD_SECRETS, - gio::Cancellable::NONE, - ) { - Ok(vec) => { - let valid_creds: Vec<(String, String)> = vec - .iter() - .filter_map(|item| match item.secret() { - Some(secret) => { - let attrs: HashMap = unsafe { - let attrs = - libsecret_sys::secret_item_get_attributes(item.to_glib_none().0); - FromGlibPtrContainer::from_glib_full(attrs) - }; - let bytes = secret.get(); - let pw = String::from_utf8(bytes).unwrap_or("".to_string()); - - let acc = attrs.get("account").unwrap().clone(); - unsafe { - g_hash_table_unref(attrs.to_glib_full()); - } - Some((acc, pw)) - } - None => None, - }) - .collect(); - *credentials = valid_creds; - - Ok(true) - } - Err(err) => { - if err.message().contains("No such secret item at path") { - Ok(false) - } else { - Err(KeyringError::Os(err.message().to_owned())) - } - } - } -} diff --git a/src/secrets/src/core/src/os/win.rs b/src/secrets/src/core/src/os/win.rs deleted file mode 100644 index a66b03ab..00000000 --- a/src/secrets/src/core/src/os/win.rs +++ /dev/null @@ -1,340 +0,0 @@ -use super::error::KeyringError; -use std::ffi::c_void; -use std::result::Result; -use windows_sys::{ - core::{PCWSTR, PWSTR}, - Win32::Foundation::*, - Win32::Security::Credentials::*, - Win32::System::{ - Diagnostics::Debug::{ - FormatMessageW, FORMAT_MESSAGE_ALLOCATE_BUFFER, FORMAT_MESSAGE_FROM_SYSTEM, - FORMAT_MESSAGE_IGNORE_INSERTS, - }, - Memory::LocalFree, - }, -}; - -impl From for KeyringError { - fn from(error: WIN32_ERROR) -> Self { - KeyringError::Os(win32_error_as_string(error)) - } -} - -/// -/// Helper function to convert the last Win32 error into a human-readable error message. -/// -/// Returns: -/// A `String` object containing the error message -/// -fn win32_error_as_string(error: WIN32_ERROR) -> String { - let buffer: PWSTR = std::ptr::null_mut(); - - // https://github.com/microsoft/windows-rs/blob/master/crates/libs/core/src/hresult.rs#L96 - let as_hresult = if error == 0 { - 0 - } else { - (error & 0x0000_FFFF) | (7 << 16) | 0x8000_0000 - } as _; - let mut str = "No error details available.".to_owned(); - unsafe { - let size = FormatMessageW( - FORMAT_MESSAGE_ALLOCATE_BUFFER - | FORMAT_MESSAGE_FROM_SYSTEM - | FORMAT_MESSAGE_IGNORE_INSERTS, - as_hresult as *const c_void, - as_hresult, - 0, - buffer, - 0, - std::ptr::null(), - ); - - if buffer.is_null() { - return str; - } - - str = String::from_utf16(std::slice::from_raw_parts(buffer, size as usize)).unwrap_or(str); - LocalFree(buffer as isize); - } - - str -} - -/// -/// Helper function to encode a string as a null-terminated UTF-16 string for use w/ credential APIs. -/// -/// Returns: -/// - `Some(val)` if the string was successfully converted to UTF-16, or `None` otherwise. -/// -fn encode_utf16(str: &str) -> Vec { - let mut chars: Vec = str.encode_utf16().collect(); - chars.push(0); - chars -} - -/// -/// Attempts to set a password for a given service and account. -/// -/// - `service`: The service name for the new credential -/// - `account`: The account name for the new credential -/// -/// Returns: -/// - `true` if the credential was stored successfully -/// - A `KeyringError` if there were any issues interacting with the credential vault -/// -pub fn set_password( - service: &String, - account: &String, - password: &String, -) -> Result { - // Build WinAPI strings and object parameters from arguments - let target_bytes = encode_utf16(format!("{}/{}", service, account).as_str()); - let username_bytes = encode_utf16(account.as_str()); - - let cred = CREDENTIALW { - Flags: 0, - Type: CRED_TYPE_GENERIC, - TargetName: target_bytes.as_ptr() as PWSTR, - Comment: std::ptr::null_mut(), - LastWritten: FILETIME { - dwLowDateTime: 0, - dwHighDateTime: 0, - }, - Persist: CRED_PERSIST_ENTERPRISE, - CredentialBlobSize: password.len() as u32, - CredentialBlob: password.as_ptr() as *mut u8, - AttributeCount: 0, - Attributes: std::ptr::null_mut(), - TargetAlias: std::ptr::null_mut(), - UserName: username_bytes.as_ptr() as PWSTR, - }; - - // Save credential to user's credential set - let write_result = unsafe { CredWriteW(&cred, 0) }; - - if write_result != TRUE { - let error_code = unsafe { GetLastError() }; - return Err(KeyringError::from(error_code)); - } - - Ok(true) -} - -/// -/// Returns a password contained in the given service and account, if found. -/// -/// - `service`: The service name that matches the credential of interest -/// - `account`: The account name that matches the credential of interest -/// -/// Returns: -/// - `Some(password)` if a matching credential was found; `None` otherwise -/// - A `KeyringError` if there were any issues interacting with the credential vault -/// -pub fn get_password(service: &String, account: &String) -> Result, KeyringError> { - let mut cred: *mut CREDENTIALW = std::ptr::null_mut::(); - let target_name = encode_utf16(format!("{}/{}", service, account).as_str()); - - // Attempt to read credential from user's credential set - let read_result = unsafe { - CredReadW( - target_name.as_ptr() as PCWSTR, - CRED_TYPE_GENERIC, - 0, - &mut cred, - ) - }; - - if read_result != TRUE { - let error_code = unsafe { GetLastError() }; - if cred != std::ptr::null_mut() { - unsafe { - CredFree(cred as *const c_void); - } - } - return match error_code { - ERROR_NOT_FOUND => Ok(None), - _ => Err(KeyringError::from(error_code)), - }; - } - - // Build buffer for credential secret and return as UTF-8 string - unsafe { - let bytes = - std::slice::from_raw_parts((*cred).CredentialBlob, (*cred).CredentialBlobSize as usize); - - let result = match String::from_utf8(bytes.to_vec()) { - Ok(string) => Ok(Some(string)), - Err(err) => Err(KeyringError::Utf8( - format!("Failed to convert credential to UTF-8: {}", err).to_owned(), - )), - }; - CredFree(cred as *const c_void); - result - } -} - -/// -/// Attempts to delete the password associated with a given service and account. -/// -/// - `service`: The service name of the credential to delete -/// - `account`: The account name of the credential to delete -/// -/// Returns: -/// - `true` if a matching credential was deleted; `false` otherwise -/// - A `KeyringError` if there were any issues interacting with the credential vault -/// -pub fn delete_password(service: &String, account: &String) -> Result { - let target_name = encode_utf16(format!("{}/{}", service, account).as_str()); - - // Attempt to delete credential from user's credential set - let delete_result = - unsafe { CredDeleteW(target_name.as_ptr() as PCWSTR, CRED_TYPE_GENERIC, 0) }; - - if delete_result != TRUE { - let error_code = unsafe { GetLastError() }; - - return match error_code { - // If we are trying to delete a credential that doesn't exist, - // we didn't actually delete the password - ERROR_NOT_FOUND => Ok(false), - _ => Err(KeyringError::from(error_code)), - }; - } - - Ok(true) -} - -/// -/// Returns the first password (if any) that matches the given service pattern. -/// -/// - `service`: The service pattern that matches the credential of interest -/// -/// Returns: -/// - `Some(password)` if a matching credential was found; `None` otherwise -/// - A `KeyringError` if there were any issues interacting with the credential vault -/// -pub fn find_password(service: &String) -> Result, KeyringError> { - let filter = encode_utf16(format!("{}*", service).as_str()); - - let mut count: u32 = 0; - let mut creds: *mut *mut CREDENTIALW = std::ptr::null_mut::<*mut CREDENTIALW>(); - - // Attempt to find matching credential from user's credential set - let find_result = unsafe { - CredEnumerateW( - filter.as_ptr() as PCWSTR, - 0u32, - &mut count, - &mut creds as *mut *mut *mut CREDENTIALW, - ) - }; - - if find_result != TRUE { - let error_code = unsafe { GetLastError() }; - if creds != std::ptr::null_mut() { - unsafe { - CredFree(creds as *const c_void); - } - } - return match error_code { - ERROR_NOT_FOUND => Ok(None), - _ => Err(KeyringError::from(error_code)), - }; - } - - // Convert credential data into a valid String object and return. - unsafe { - let cred = *creds.offset(0); - let bytes = - std::slice::from_raw_parts((*cred).CredentialBlob, (*cred).CredentialBlobSize as usize); - - let result = match String::from_utf8(bytes.to_vec()) { - Ok(string) => Ok(Some(string)), - Err(err) => Err(KeyringError::from(err)), - }; - CredFree(creds as *const c_void); - result - } -} - -/// -/// Builds a vector of all credentials matching the given service pattern. -/// -/// - `service`: The service pattern that matches the credential(s) of interest -/// - `credentials`: The vector consisting of (username, password) pairs for each credential that matches -/// -/// Returns: -/// - `true` if at least 1 credential was found, `false` otherwise -/// - A `KeyringError` if there were any issues interacting with the credential vault -/// -pub fn find_credentials( - service: &String, - credentials: &mut Vec<(String, String)>, -) -> Result { - let filter_bytes: Vec = encode_utf16(format!("{}*", service).as_str()); - let filter = filter_bytes.as_ptr() as PCWSTR; - - let mut count: u32 = 0; - let mut creds: *mut *mut CREDENTIALW = std::ptr::null_mut::<*mut CREDENTIALW>(); - - // Attempt to fetch user's credential set - let find_result = unsafe { - CredEnumerateW( - filter, - 0u32, - &mut count, - &mut creds as *mut *mut *mut CREDENTIALW, - ) - }; - - if find_result != TRUE { - let error_code = unsafe { GetLastError() }; - if creds != std::ptr::null_mut() { - unsafe { - CredFree(creds as *const c_void); - } - } - return match error_code { - ERROR_NOT_FOUND => Ok(false), - _ => Err(KeyringError::from(error_code)), - }; - } - - // Find and build matching credential list from user's credential set - for i in 0..count { - let cred: &CREDENTIALW = unsafe { &**creds.offset(i as isize) }; - - if cred.UserName.is_null() || cred.CredentialBlobSize == 0 { - continue; - } - - // Build a valid String from the raw *u8 credential data. - let pw_bytes = unsafe { - std::slice::from_raw_parts((*cred).CredentialBlob, (*cred).CredentialBlobSize as usize) - }; - let password_result = match String::from_utf8(pw_bytes.to_vec()) { - Ok(string) => Ok(string), - Err(err) => Err(KeyringError::from(err)), - }; - if password_result.is_err() { - unsafe { - CredFree(creds as *const c_void); - } - return Err(password_result.unwrap_err()); - } - - // Decode the raw wchar_t* username data as a UTF-16 String - let username: String; - unsafe { - let size = (0..).take_while(|&i| *cred.UserName.offset(i) != 0).count(); - username = String::from_utf16(std::slice::from_raw_parts(cred.UserName, size))?; - } - credentials.push((username, password_result.unwrap())); - } - - unsafe { - CredFree(creds as *const c_void); - } - - Ok(true) -} diff --git a/src/secrets/src/index.ts b/src/secrets/src/index.ts deleted file mode 100644 index a4287b3f..00000000 --- a/src/secrets/src/index.ts +++ /dev/null @@ -1,12 +0,0 @@ -/* -* This program and the accompanying materials are made available under the terms of the -* Eclipse Public License v2.0 which accompanies this distribution, and is available at -* https://www.eclipse.org/legal/epl-v20.html -* -* SPDX-License-Identifier: EPL-2.0 -* -* Copyright Contributors to the Zowe Project. -* -*/ - -export * as keyring from "../src/keyring"; diff --git a/src/secrets/src/keyring-test/.gitignore b/src/secrets/src/keyring/.gitignore similarity index 100% rename from src/secrets/src/keyring-test/.gitignore rename to src/secrets/src/keyring/.gitignore diff --git a/src/secrets/src/keyring-test/Cargo.lock b/src/secrets/src/keyring/Cargo.lock similarity index 99% rename from src/secrets/src/keyring-test/Cargo.lock rename to src/secrets/src/keyring/Cargo.lock index 482d67cc..5bfb7e31 100644 --- a/src/secrets/src/keyring-test/Cargo.lock +++ b/src/secrets/src/keyring/Cargo.lock @@ -240,7 +240,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bfa799dd5ed20a7e349f3b4639aa80d74549c81716d9ec4f994c9b5815598306" [[package]] -name = "keyring-test" +name = "keyring" version = "0.1.0" dependencies = [ "pyo3", @@ -481,6 +481,7 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" [[package]] name = "secrets_core" version = "0.1.0" +source = "git+https://github.com/zowe/zowe-cli.git?branch=feat/secrets/core-crate#a56f4c616c85cdf07a629ad1bf11b8c501f77b82" dependencies = [ "cfg-if", "core-foundation", diff --git a/src/secrets/src/keyring-test/Cargo.toml b/src/secrets/src/keyring/Cargo.toml similarity index 60% rename from src/secrets/src/keyring-test/Cargo.toml rename to src/secrets/src/keyring/Cargo.toml index bfb2b113..e150bd4a 100644 --- a/src/secrets/src/keyring-test/Cargo.toml +++ b/src/secrets/src/keyring/Cargo.toml @@ -1,13 +1,13 @@ [package] -name = "keyring-test" +name = "keyring" version = "0.1.0" edition = "2021" # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [lib] -name = "keyring_test" +name = "keyring" crate-type = ["cdylib"] [dependencies] pyo3 = "0.19.0" -secrets_core = { path = "../core" } +secrets_core = { git = "https://github.com/zowe/zowe-cli.git", branch = "feat/secrets/core-crate" } diff --git a/src/secrets/src/keyring-test/pyproject.toml b/src/secrets/src/keyring/pyproject.toml similarity index 94% rename from src/secrets/src/keyring-test/pyproject.toml rename to src/secrets/src/keyring/pyproject.toml index 6bb30ff7..f765b5b6 100644 --- a/src/secrets/src/keyring-test/pyproject.toml +++ b/src/secrets/src/keyring/pyproject.toml @@ -3,7 +3,7 @@ requires = ["maturin>=1.3,<2.0"] build-backend = "maturin" [project] -name = "keyring-test" +name = "keyring" requires-python = ">=3.8" classifiers = [ "Programming Language :: Rust", diff --git a/src/secrets/src/keyring-test/src/lib.rs b/src/secrets/src/keyring/src/lib.rs similarity index 100% rename from src/secrets/src/keyring-test/src/lib.rs rename to src/secrets/src/keyring/src/lib.rs diff --git a/src/secrets/tsconfig.json b/src/secrets/tsconfig.json deleted file mode 100644 index 0b4bd5f7..00000000 --- a/src/secrets/tsconfig.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "extends": "../../tsconfig.json", - "compilerOptions": { - "outDir": "./lib", - "types": [ - "node", - ] - }, - "include": [ - "./src" - ], - "exclude": [ - "./src/keyring" - ] -} \ No newline at end of file diff --git a/src/secrets/zowe/secrets_for_zowe_sdk/__init__.py b/src/secrets/zowe/secrets_for_zowe_sdk/__init__.py new file mode 100644 index 00000000..e69de29b