keychain

package module
v0.0.0-...-9cf53c8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 5, 2016 License: MIT Imports: 7 Imported by: 0

README

Go Keychain

A library for accessing the Keychain for OSX and iOS in Go (golang).

Requires OS X 10.9 or greater and iOS 8 or greater.

Usage

The API is meant to mirror the Keychain API and is not necessarily idiomatic go.

Add Item
item := keychain.NewItem()
item.SetSecClass(keychain.SecClassGenericPassword)
item.SetService("MyService")
item.SetAccount("gabriel")
item.SetLabel("A label")
item.SetAccessGroup("A123456789.group.com.mycorp")
item.SetData([]byte("toomanysecrets"))
item.SetSynchronizable(keychain.SynchronizableNo)
item.SetAccessible(keychain.AccessibleWhenUnlocked)
err := keychain.AddItem(item)

if err == keychain.ErrorDuplicateItem {
  // Duplicate
}
Query Item

Query for multiple results, returning attributes:

query := keychain.NewItem()
query.SetSecClass(keychain.SecClassGenericPassword)
query.SetService(service)
query.SetAccount(account)
query.SetAccessGroup(accessGroup)
query.SetMatchLimit(keychain.MatchLimitAll)
query.SetReturnAttributes(true)
results, err := keychain.QueryItem(query)
if err != nil {
  // Error
} else {
  for _, r := range results {
    fmt.Printf("%#v\n", r)
  }
}

Query for a single result, returning data:

query := keychain.NewItem()
query.SetSecClass(keychain.SecClassGenericPassword)
query.SetService(service)
query.SetAccount(account)
query.SetAccessGroup(accessGroup)
query.SetMatchLimit(keychain.MatchLimitOne)
query.SetReturnData(true)
results, err := keychain.QueryItem(query)
if err != nil {
  // Error
} else if len(results) != 1 {
  // Not found
} else {
  password := string(results[0].Data)
}
Delete Item

Delete a generic password item with service and account:

item := keychain.NewItem()
item.SetSecClass(keychain.SecClassGenericPassword)
item.SetService(service)
item.SetAccount(account)
err := keychain.DeleteItem(item)
Other

There are some convenience methods for generic password:

// Create generic password item with service, account, label, password, access group
item := keychain.NewGenericPassword("MyService", "gabriel", "A label", []byte("toomanysecrets"), "A123456789.group.com.mycorp")
item.SetSynchronizable(keychain.SynchronizableNo)
item.SetAccessible(keychain.AccessibleWhenUnlocked)
err := keychain.AddItem(item)
if err == keychain.ErrorDuplicateItem {
  // Duplicate
}

accounts, err := keychain.GetGenericPasswordAccounts("MyService")
// Should have 1 account == "gabriel"

err := keychain.DeleteGenericPasswordItem("MyService", "gabriel")
if err == keychain.ErrorNotFound {
  // Not found
}
OS X

Set a trusted applications for item (OS X only):

item := keychain.NewGenericPassword("MyService", "gabriel", "A label", []byte("toomanysecrets"), "A123456789.group.com.mycorp")
trustedApplications := []string{"/Applications/Mail.app"}
item.SetAccess(&keychain.Access{Label: "Mail", TrustedApplications: trustedApplications})
err := keychain.AddItem(item)

iOS

Bindable package in bind. iOS project in ios. Run that project to test iOS.

To re-generate framework (in bind dir):

gomobile bind -target=ios -o ../ios/bind.framework

Documentation

Rendered for darwin/amd64

Index

Constants

View Source 
const (
	SynchronizableDefault Synchronizable = 0
	SynchronizableAny                    = 1
	SynchronizableYes                    = 2
	SynchronizableNo                     = 3
)
View Source 
const (
	AccessibleDefault                        Accessible = 0
	AccessibleWhenUnlocked                              = 1
	AccessibleAfterFirstUnlock                          = 2
	AccessibleAlways                                    = 3
	AccessibleWhenPasscodeSetThisDeviceOnly             = 4
	AccessibleWhenUnlockedThisDeviceOnly                = 5
	AccessibleAfterFirstUnlockThisDeviceOnly            = 6
	AccessibleAccessibleAlwaysThisDeviceOnly            = 7
)
View Source 
const (
	MatchLimitDefault MatchLimit = 0
	MatchLimitOne                = 1
	MatchLimitAll                = 2
)

Variables

View Source 
var (
	ErrorUnimplemented         Error = Error(C.errSecUnimplemented)
	ErrorParam                       = Error(C.errSecParam)
	ErrorAllocate                    = Error(C.errSecAllocate)
	ErrorNotAvailable                = Error(C.errSecNotAvailable)
	ErrorAuthFailed                  = Error(C.errSecAuthFailed)
	ErrorDuplicateItem               = Error(C.errSecDuplicateItem)
	ErrorItemNotFound                = Error(C.errSecItemNotFound)
	ErrorInteractionNotAllowed       = Error(C.errSecInteractionNotAllowed)
	ErrorDecode                      = Error(C.errSecDecode)
)
View Source 
var (
	ServiceKey     = attrKey(C.CFTypeRef(C.kSecAttrService))
	LabelKey       = attrKey(C.CFTypeRef(C.kSecAttrLabel))
	AccountKey     = attrKey(C.CFTypeRef(C.kSecAttrAccount))
	AccessGroupKey = attrKey(C.CFTypeRef(C.kSecAttrAccessGroup))
	DataKey        = attrKey(C.CFTypeRef(C.kSecValueData))
)
View Source 
var (
	AccessKey = attrKey(C.CFTypeRef(C.kSecAttrAccess))
)
View Source 
var AccessibleKey = attrKey(C.CFTypeRef(C.kSecAttrAccessible))
View Source 
var MatchLimitKey = attrKey(C.CFTypeRef(C.kSecMatchLimit))
View Source 
var ReturnAttributesKey = attrKey(C.CFTypeRef(C.kSecReturnAttributes))
View Source 
var ReturnDataKey = attrKey(C.CFTypeRef(C.kSecReturnData))
View Source 
var ReturnRefKey = attrKey(C.CFTypeRef(C.kSecReturnRef))
View Source 
var SecClassKey = attrKey(C.CFTypeRef(C.kSecClass))
View Source 
var SynchronizableKey = attrKey(C.CFTypeRef(C.kSecAttrSynchronizable))

Functions

func AddItem 

func AddItem(item Item) error

AddItem adds a Item

func ArrayToCFArray 

func ArrayToCFArray(a []C.CFTypeRef) C.CFArrayRef

ArrayToCFArray will return a CFArrayRef and if non-nil, must be released with Release(ref).

func BytesToCFData 

func BytesToCFData(b []byte) (C.CFDataRef, error)

BytesToCFData will return a CFDataRef and if non-nil, must be released with Release(ref).

func CFArrayToArray 

func CFArrayToArray(cfArray C.CFArrayRef) (a []C.CFTypeRef)

CFArrayToArray converts a CFArrayRef to an array of CFTypes.

func CFDataToBytes 

func CFDataToBytes(cfData C.CFDataRef) ([]byte, error)

CFDataToBytes converts CFData to bytes.

func CFDictionaryToMap 

func CFDictionaryToMap(cfDict C.CFDictionaryRef) (m map[C.CFTypeRef]C.CFTypeRef)

CFDictionaryToMap converts CFDictionaryRef to a map.

func CFNumberToInterface 

func CFNumberToInterface(cfNumber C.CFNumberRef) interface{}

CFNumberToInterface converts the CFNumberRef to the most appropriate numeric type. This code is from github.com/kballard/go-osx-plist.

func CFStringToString 

func CFStringToString(s C.CFStringRef) string

CFStringToString converts a CFStringRef to a string.

func CFTypeDescription 

func CFTypeDescription(ref C.CFTypeRef) string

CFTypeDescription returns type string for CFTypeRef.

func Convert 

func Convert(ref C.CFTypeRef) (interface{}, error)

Convert converts a CFTypeRef to a go instance.

func ConvertCFDictionary 

func ConvertCFDictionary(d C.CFDictionaryRef) (map[interface{}]interface{}, error)

ConvertCFDictionary converts a CFDictionary to map (deep).

func ConvertMapToCFDictionary 

func ConvertMapToCFDictionary(attr map[string]interface{}) (C.CFDictionaryRef, error)

ConvertMapToCFDictionary converts a map to a CFDictionary and if non-nil, must be released with Release(ref).

func DeleteGenericPasswordItem 

func DeleteGenericPasswordItem(service string, account string) error

DeleteGenericPasswordItem removes a generic password item.

func DeleteItem 

func DeleteItem(item Item) error

DeleteItem removes a Item

func DeleteItemRef 

func DeleteItemRef(ref C.CFTypeRef) error

DeleteItemRef deletes a keychain item reference.

func GetAccountsForService 

func GetAccountsForService(service string) ([]string, error)

Deprecated

func GetGenericPassword 

func GetGenericPassword(service string, account string, label string, accessGroup string) ([]byte, error)

GetGenericPassword returns password data for service and account. This is a convenience method. If item is not found returns nil, nil.

func GetGenericPasswordAccounts 

func GetGenericPasswordAccounts(service string) ([]string, error)

GetGenericPasswordAccounts returns generic password accounts for service. This is a convenience method.

func MapToCFDictionary 

func MapToCFDictionary(m map[C.CFTypeRef]C.CFTypeRef) (C.CFDictionaryRef, error)

MapToCFDictionary will return a CFDictionaryRef and if non-nil, must be released with Release(ref).

func QueryItemRef 

func QueryItemRef(item Item) (C.CFTypeRef, error)

QueryItemRef returns query result as CFTypeRef. You must release it when you are done.

func Release 

func Release(ref C.CFTypeRef)

func StringToCFString 

func StringToCFString(s string) (C.CFStringRef, error)

StringToCFString will return a CFStringRef and if non-nil, must be released with Release(ref).

Types

type Access 

type Access struct {
	Label               string
	TrustedApplications []string
}

func (Access) Convert 

func (a Access) Convert() (C.CFTypeRef, error)

type Accessible 

type Accessible int

type Convertable 

type Convertable interface {
	Convert() (C.CFTypeRef, error)
}

Convertable knows how to convert an instance to a CFTypeRef.

type Error 

type Error int

func (Error) Error 

func (k Error) Error() string

type Item 

type Item struct {
	// contains filtered or unexported fields
}

Item for adding, querying or deleting.

func NewGenericPassword 

func NewGenericPassword(service string, account string, label string, data []byte, accessGroup string) Item

NewGenericPassword creates a generic password item. This is a convenience method.

func NewItem 

func NewItem() Item

NewItem is a new empty keychain item.

func (*Item) SetAccess 

func (k *Item) SetAccess(a *Access)

func (*Item) SetAccessGroup 

func (k *Item) SetAccessGroup(ag string)

func (*Item) SetAccessible 

func (k *Item) SetAccessible(accessible Accessible)

func (*Item) SetAccount 

func (k *Item) SetAccount(a string)

func (*Item) SetData 

func (k *Item) SetData(b []byte)

func (*Item) SetLabel 

func (k *Item) SetLabel(l string)

func (*Item) SetMatchLimit 

func (k *Item) SetMatchLimit(matchLimit MatchLimit)

func (*Item) SetReturnAttributes 

func (k *Item) SetReturnAttributes(b bool)

func (*Item) SetReturnData 

func (k *Item) SetReturnData(b bool)

func (*Item) SetReturnRef 

func (k *Item) SetReturnRef(b bool)

func (*Item) SetSecClass 

func (k *Item) SetSecClass(sc SecClass)

func (*Item) SetService 

func (k *Item) SetService(s string)

func (*Item) SetString 

func (k *Item) SetString(key string, s string)

func (*Item) SetSynchronizable 

func (k *Item) SetSynchronizable(sync Synchronizable)

type MatchLimit 

type MatchLimit int

type QueryResult 

type QueryResult struct {
	Service     string
	Account     string
	AccessGroup string
	Label       string
	Data        []byte
}

QueryResult stores all possible results from queries. Not all fields are applicable all the time. Results depend on query.

func QueryItem 

func QueryItem(item Item) ([]QueryResult, error)

QueryItem returns a list of query results.

type SecClass 

type SecClass int
var (
	/*
		kSecClassGenericPassword item attributes:
		 kSecAttrAccess (OS X only)
		 kSecAttrAccessGroup (iOS; also OS X if kSecAttrSynchronizable specified)
		 kSecAttrAccessible (iOS; also OS X if kSecAttrSynchronizable specified)
		 kSecAttrAccount
		 kSecAttrService
	*/
	SecClassGenericPassword SecClass = 1
)

Keychain Item Classes

type Synchronizable 

type Synchronizable int

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.