aboutsummaryrefslogtreecommitdiffstats
path: root/Source/SPKeychain.m
diff options
context:
space:
mode:
Diffstat (limited to 'Source/SPKeychain.m')
-rw-r--r--Source/SPKeychain.m261
1 files changed, 261 insertions, 0 deletions
diff --git a/Source/SPKeychain.m b/Source/SPKeychain.m
new file mode 100644
index 00000000..9aea5248
--- /dev/null
+++ b/Source/SPKeychain.m
@@ -0,0 +1,261 @@
+//
+// $Id$
+//
+// SPKeychain.m
+// sequel-pro
+//
+// Created by lorenz textor (lorenz@textor.ch) on Wed Dec 25 2002.
+// Copyright (c) 2002-2003 Lorenz Textor. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; either version 2 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program; if not, write to the Free Software
+// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+//
+// More info at <http://code.google.com/p/sequel-pro/>
+
+#import "SPKeychain.h"
+
+#import <CoreFoundation/CoreFoundation.h>
+#import <Security/Security.h>
+
+@implementation SPKeychain
+
+/**
+ * Add the supplied password to the user's Keychain using the supplied name and account.
+ */
+- (void)addPassword:(NSString *)password forName:(NSString *)name account:(NSString *)account
+{
+ [self addPassword:password forName:name account:account withLabel:name];
+}
+
+/**
+ * Add the supplied password to the user's Keychain using the supplied name, account, and label.
+ */
+- (void)addPassword:(NSString *)password forName:(NSString *)name account:(NSString *)account withLabel:(NSString *)label;
+{
+ OSStatus status;
+ SecTrustedApplicationRef sequelProRef, sequelProHelperRef;
+ SecAccessRef passwordAccessRef;
+ SecKeychainAttribute attributes[4];
+ SecKeychainAttributeList attList;
+
+ // Check if password already exists before adding
+ if (![self passwordExistsForName:name account:account]) {
+
+ // Create a trusted access list with two items - ourselves and the SSH pass app.
+ NSString *helperPath = [[[NSBundle mainBundle] resourcePath] stringByAppendingPathComponent:@"SequelProTunnelAssistant"];
+ if ((SecTrustedApplicationCreateFromPath(NULL, &sequelProRef) == noErr) &&
+ (SecTrustedApplicationCreateFromPath([helperPath UTF8String], &sequelProHelperRef) == noErr)) {
+
+ NSArray *trustedApps = [NSArray arrayWithObjects:(id)sequelProRef, (id)sequelProHelperRef, nil];
+ status = SecAccessCreate((CFStringRef)name, (CFArrayRef)trustedApps, &passwordAccessRef);
+ if (status != noErr) {
+ NSLog(@"Error (%i) while trying to create access list for name: %@ account: %@", status, name, account);
+ passwordAccessRef = NULL;
+ }
+ }
+
+ // Set up the item attributes
+ attributes[0].tag = kSecGenericItemAttr;
+ attributes[0].data = "application password";
+ attributes[0].length = 20;
+ attributes[1].tag = kSecLabelItemAttr;
+ attributes[1].data = (unichar *)[label UTF8String];
+ attributes[1].length = strlen([label UTF8String]);
+ attributes[2].tag = kSecAccountItemAttr;
+ attributes[2].data = (unichar *)[account UTF8String];
+ attributes[2].length = strlen([account UTF8String]);
+ attributes[3].tag = kSecServiceItemAttr;
+ attributes[3].data = (unichar *)[name UTF8String];
+ attributes[3].length = strlen([name UTF8String]);
+ attList.count = 4;
+ attList.attr = attributes;
+
+ // Create the keychain item
+ status = SecKeychainItemCreateFromContent(
+ kSecGenericPasswordItemClass, // Generic password type
+ &attList, // The attribute list created for the keychain item
+ strlen([password UTF8String]), // Length of password
+ [password UTF8String], // Password data
+ NULL, // Default keychain
+ passwordAccessRef, // Access list for this keychain
+ NULL); // The item reference
+
+ if (passwordAccessRef) CFRelease(passwordAccessRef);
+ if (status != noErr) {
+ NSLog(@"Error (%i) while trying to add password for name: %@ account: %@", status, name, account);
+ }
+ }
+}
+
+/**
+ * Get a password from the user's Keychain for the supplied name and account.
+ */
+- (NSString *)getPasswordForName:(NSString *)name account:(NSString *)account
+{
+ OSStatus status;
+
+ void *passwordData;
+ UInt32 passwordLength;
+ SecKeychainItemRef itemRef;
+ NSString *password = @"";
+
+ status = SecKeychainFindGenericPassword(
+ NULL, // default keychain
+ strlen([name UTF8String]), // length of service name (bytes)
+ [name UTF8String], // service name
+ strlen([account UTF8String]), // length of account name (bytes)
+ [account UTF8String], // account name
+ &passwordLength, // length of password
+ &passwordData, // pointer to password data
+ &itemRef // the item reference
+ );
+
+ if (status == noErr) {
+ password = [NSString stringWithCString:passwordData length:passwordLength];
+
+ // Free the data allocated by SecKeychainFindGenericPassword:
+ SecKeychainItemFreeContent(
+ NULL, // No attribute data to release
+ passwordData // Release data
+ );
+ }
+
+ return password;
+}
+
+/**
+ * Delete a password from the user's Keychain for the supplied name and account.
+ */
+- (void)deletePasswordForName:(NSString *)name account:(NSString *)account
+{
+ OSStatus status;
+ SecKeychainItemRef itemRef = nil;
+
+ // Check if password already exists before deleting
+ if ([self passwordExistsForName:name account:account]) {
+ status = SecKeychainFindGenericPassword(
+ NULL, // default keychain
+ strlen([name UTF8String]), // length of service name
+ [name UTF8String], // service name
+ strlen([account UTF8String]), // length of account name
+ [account UTF8String], // account name
+ nil, // length of password
+ nil, // pointer to password data
+ &itemRef // the item reference
+ );
+
+ if (status == noErr) {
+ status = SecKeychainItemDelete(itemRef);
+
+ if (status != noErr) {
+ NSLog(@"Error (%i) while trying to delete password for name: %@ account: %@", status, name, account);
+ }
+ }
+
+ if (itemRef) CFRelease(itemRef);
+ }
+}
+
+/**
+ * Checks the user's Keychain to see if a password for the supplied name and account exists.
+ */
+- (BOOL)passwordExistsForName:(NSString *)name account:(NSString *)account
+{
+ SecKeychainItemRef item;
+ SecKeychainSearchRef search = NULL;
+ int numberOfItemsFound = 0;
+ SecKeychainAttributeList list;
+ SecKeychainAttribute attributes[2];
+
+ attributes[0].tag = kSecAccountItemAttr;
+ attributes[0].data = (void *)[account UTF8String]; // Account name
+ attributes[0].length = strlen([account UTF8String]); // Length of account name (bytes)
+
+ attributes[1].tag = kSecServiceItemAttr;
+ attributes[1].data = (void *)[name UTF8String]; // Service name
+ attributes[1].length = strlen([name UTF8String]); // Length of service name (bytes)
+
+ list.count = 2;
+ list.attr = attributes;
+
+ if (SecKeychainSearchCreateFromAttributes(NULL, kSecGenericPasswordItemClass, &list, &search) == noErr) {
+ while (SecKeychainSearchCopyNext(search, &item) == noErr) {
+ CFRelease(item);
+ numberOfItemsFound++;
+ }
+ }
+
+ if (search) CFRelease(search);
+
+ return (numberOfItemsFound > 0);
+}
+
+/**
+ * Retrieve the keychain item name for a supplied name and id.
+ */
+- (NSString *)nameForFavoriteName:(NSString *)theName id:(NSString *)theID
+{
+ NSString *keychainItemName;
+
+ keychainItemName = [NSString stringWithFormat:@"Sequel Pro : %@ (%i)",
+ theName,
+ [theID intValue]];
+
+ return keychainItemName;
+}
+
+/**
+ * Retrieve the keychain item account for a supplied user, host, and database - which can be nil.
+ */
+- (NSString *)accountForUser:(NSString *)theUser host:(NSString *)theHost database:(NSString *)theDatabase
+{
+ NSString *keychainItemAccount;
+
+ keychainItemAccount = [NSString stringWithFormat:@"%@@%@/%@",
+ theUser?theUser:@"",
+ theHost?theHost:@"",
+ theDatabase?theDatabase:@""];
+
+ return keychainItemAccount;
+}
+
+/**
+ * Retrieve the keychain SSH item name for a supplied name and id.
+ */
+- (NSString *)nameForSSHForFavoriteName:(NSString *)theName id:(NSString *)theID
+{
+ NSString *sshKeychainItemName;
+
+ sshKeychainItemName = [NSString stringWithFormat:@"Sequel Pro SSHTunnel : %@ (%i)",
+ theName,
+ [theID intValue]];
+
+ return sshKeychainItemName;
+}
+
+/**
+ * Retrieve the keychain SSH item account for a supplied SSH user and host - which can be nil.
+ */
+- (NSString *)accountForSSHUser:(NSString *)theSSHUser sshHost:(NSString *)theSSHHost
+{
+ NSString *sshKeychainItemAccount;
+
+ sshKeychainItemAccount = [NSString stringWithFormat:@"%@@%@",
+ theSSHUser?theSSHUser:@"",
+ theSSHHost?theSSHHost:@""];
+
+ return sshKeychainItemAccount;
+}
+
+@end