def get_class_inheritance(io_object):
classes = []
cls = IOObjectCopyClass(io_object)
while cls:
# yield cls
classes.append(cls)
CFRelease(cls)
cls = IOObjectCopySuperclassForClass(cls)
return classes
def delete(self):
"""Removes this item from the keychain"""
rc = Security.lib.SecKeychainItemDelete(self.keychain_item)
if rc != 0:
raise RuntimeError("Unable to delete %s: rc=%d" % (self, rc))
from CoreFoundation import CFRelease
CFRelease(self.keychain_item)
self.keychain_item = None
self.service_name = None
self.account_name = None
self.password = None
def corefoundation_to_native(collection):
if collection is None: # nullptr
return None
native = Conversion.pythonCollectionFromPropertyList(collection)
CFRelease(collection)
return native
attr = SecKeychainAttribute(tag, 1, plabel)
attrList = SecKeychainAttributeList(1, attr)
# http://developer.apple.com/DOCUMENTATION/Security/Reference/keychainservices/Reference/reference.html#//apple_ref/c/tdef/SecItemClass
searchRef = ctypes.c_void_p()
itemRef = ctypes.c_void_p()
try:
Security.SecKeychainSearchCreateFromAttributes(
None,
kSecCertificateItemClass,
ctypes.byref(attrList),
ctypes.pointer(searchRef)
)
Security.SecKeychainSearchCopyNext(
searchRef,
ctypes.byref(itemRef)
)
if searchRef:
CFRelease(searchRef)
Security.SecKeychainItemDelete(itemRef)
if itemRef:
CFRelease(itemRef)
except RuntimeError, e:
print >>sys.stderr, "ERROR: %s" % e
sys.exit(1)
def corefoundation_to_native(collection):
native = Conversion.pythonCollectionFromPropertyList(collection)
CFRelease(collection)
return native
def set_password(
self, service: str, username: str, password: Union[str, bytes, None]
):
"""
Inserts the given key to keychain, or generates a new one if password is blank.
Key generation is only supported for RSA & Elliptic-Curve assymetric keys, due to keychain's API limitations.
Meaning, DSA and symmetric keys are not supported for generation - only for existing key import.
:param service: Will be used as the kSecAttrLabel attribute.
:param username: Will be used as the kSecAttrApplicationTag attribute.
:param password: If blank, a key is generated, if non-blank - should be either a path to a key-file,
or key-data, encoded in some known format (e.g. PEM).
:return: A reference to a python-wrapped private or public key, if is_extractable is set; else, None.
"""
assert isinstance(
service, str
), f'Expected service to be of type str, but got: {type(service)}'
assert isinstance(
username, str
), f'Expected username to be of type str, but got: {type(username)}'
assert isinstance(password, (str, bytes, type(None))), (
'Expected password to be one of: str, bytes, None, '
f'but got: {type(password)}'
)
params = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, None, None)
private_key_params = CFDictionaryCreateMutable(
kCFAllocatorDefault, 0, None, None
)
access_control = self._get_access_control()
try:
self._populate_private_key_params(
private_key_params, service, username, access_control
)
self._populate_key_params(params, private_key_params, password)
if password:
error, key = SecItemAdd(params, None)
key = key[-1] if key else key
elif self.key_class_type == OSXKeychainKeyType.DSA:
raise PasswordSetError(
'Generating asymmetric keys is only supported for RSA and Elliptic-Curve algorithms'
)
elif self.key_class_type == OSXKeyChainKeyClassType.Symmetric.value:
raise PasswordSetError(
'Generating symmetric keys is not supported by the keychain API'
)
else:
key, error = SecKeyCreateRandomKey(params, None)
if key and self.key_class_type == OSXKeyChainKeyClassType.Public.value:
key = SecKeyCopyPublicKey(key)
if error or not key:
raise PasswordSetError(f'Failed creating private key: {error}')
if self.is_extractable:
return self._pythonify_key(key)
finally:
if access_control:
CFRelease(access_control)
CFRelease(private_key_params)
CFRelease(params)