Widen API to allow storing keychain entries for an authenticated user

[purejava]

Belongs to cryptomator/cryptomator#3311

[coderabbitai]

Walkthrough

The changes enhance password management within the Mac Keychain by introducing a new parameter for OS authentication in the storePassword method. This update involves modifications to the JNI interface, Java classes, and native code to improve security through Local Authentication. Additionally, the API dependency version has been updated to a newer version, indicating ongoing development.

Changes

Files	Change Summary
pom.xml	Updated <api.version> from 1.3.1 to 1.4.0, indicating an upgrade to a newer version of the API.
src/main/java/org/cryptomator/macos/keychain/MacKeychain.java, src/main/native/org_cryptomator_macos_keychain_MacKeychain_Native.m	Modified storePassword method to include a boolean parameter for OS authentication, affecting method signatures and enhancing security features.

Possibly related PRs

• Replace the deprecated SecKeychain with SecItem #46: The changes in this PR involve modifications to the org_cryptomator_macos_keychain_MacKeychain_Native.m file, which also includes updates to the storePassword function, similar to the main PR's changes in the MacKeychain class.

Suggested reviewers

• purejava
• infeo

🐇 In a world so bright,
A password stored with delight.
For users authenticated,
Security celebrated!
With changes made and hopes anew,
Hop along, adventures too! 🌟

---

Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 49e62f6 and 851965a.

Files selected for processing (1)

• pom.xml (1 hunks)

Additional comments not posted (1)

pom.xml (1)

33-33: API dependency updated to version 1.4.0.

Upgrading dependencies is a good practice to benefit from new features, bug fixes, and performance improvements. However, it's crucial to thoroughly test the application to ensure it remains functional and stable with the updated API version.

Are there any known breaking changes or necessary code adaptations related to this API upgrade? Please share any relevant details to help validate the integration.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  -- I pushed a fix in commit <commit_id>, please review it.
  -- Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  -- @coderabbitai generate unit testing code for this file.
  -- @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  -- @coderabbitai generate interesting stats about this repository and render them as a table.
  -- @coderabbitai read src/utils.ts and generate unit testing code.
  -- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  -- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 7393780 and 84c93b6.

Files selected for processing (5)

• pom.xml (1 hunks)
• src/main/headers/org_cryptomator_macos_keychain_MacKeychain_Native.h (1 hunks)
• src/main/java/org/cryptomator/macos/keychain/MacKeychain.java (2 hunks)
• src/main/java/org/cryptomator/macos/keychain/MacSystemKeychainAccess.java (1 hunks)
• src/main/native/org_cryptomator_macos_keychain_MacKeychain_Native.m (3 hunks)

Additional comments not posted (10)

src/main/headers/org_cryptomator_macos_keychain_MacKeychain_Native.h (1)

18-24: New JNI method declaration added.

The new method storePasswordForAuthenticatedUser has been correctly added following the JNI conventions. Ensure that the corresponding implementation is correctly defined in the native code.

src/main/java/org/cryptomator/macos/keychain/MacSystemKeychainAccess.java (1)

42-45: New method storePassphraseForAuthenticatedUser added.

The new method storePassphraseForAuthenticatedUser integrates well with the existing code. It correctly calls the corresponding method in the MacKeychain class and throws a KeychainAccessException if an error occurs.

src/main/java/org/cryptomator/macos/keychain/MacKeychain.java (2)

37-47: New method storePassphraseForAuthenticatedUser added.

The new method storePassphraseForAuthenticatedUser is well-integrated with the existing code. It correctly handles the conversion of the password to a byte array, calls the native method, and handles potential errors by throwing a KeychainAccessException. The use of Arrays.fill to clear sensitive data from memory is a good security practice.

---

128-129: New native method declaration added.

The new native method storePasswordForAuthenticatedUser has been correctly added. Ensure that the corresponding implementation is correctly defined in the native code.

src/main/native/org_cryptomator_macos_keychain_MacKeychain_Native.m (5)

16-22: LGTM! Singleton pattern for LAContext.

The getSharedLAContext function correctly implements a singleton pattern for LAContext, ensuring that only one instance is created and reused.

---

24-35: LGTM! Access control creation.

The createAccessControl function correctly creates a SecAccessControlRef with the kSecAccessControlUserPresence flag, ensuring that user presence is required for accessing the stored password.

---

124-139: LGTM! Secure password loading with authentication.

The Java_org_cryptomator_macos_keychain_MacKeychain_00024Native_loadPassword function correctly includes kSecUseAuthenticationContext in the query dictionary, ensuring that authentication is required for loading passwords.

---

163-173: LGTM! Secure password deletion with authentication.

The Java_org_cryptomator_macos_keychain_MacKeychain_00024Native_deletePassword function correctly includes kSecUseAuthenticationContext in the query dictionary, ensuring that authentication is required for deleting passwords.

---

79-123: LGTM! Secure password storage with authentication.

The Java_org_cryptomator_macos_keychain_MacKeychain_00024Native_storePasswordForAuthenticatedUser function correctly integrates local authentication using sharedContext and handles both updating existing entries and adding new ones in the keychain.

Ensure that the function is used correctly in the codebase.

pom.xml (1)

33-33: Verify the compatibility and stability of the new API version.

The API version has been updated from 1.3.1 to 1.4.0-SNAPSHOT. Snapshot versions may introduce new features or fixes but could also be unstable. Ensure compatibility and stability with the rest of the codebase.

[coderabbitai]

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (3)

src/main/headers/org_cryptomator_macos_keychain_MacKeychain_Native.h (1)

13-16: Missing JNI Implementation for storePassword Method

The JNI method Java_org_cryptomator_macos_keychain_MacKeychain_00024Native_storePassword is declared in the header file but lacks an implementation in the C source files. This needs to be addressed to ensure the method functions correctly. On the Java side, all invocations of storePassword have been correctly updated to pass the new jboolean parameter.

• Ensure the JNI method is implemented in the C source files.

Analysis chain

Verify JNI implementation and calling code.

The storePassword method signature has been updated to include a jboolean parameter. Ensure that the JNI implementation is updated accordingly and that all Java code invoking this method is adjusted to pass the new parameter.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify JNI implementation and calling code for `storePassword`.

# Test: Search for the JNI implementation. Expect: Implementation matches the new signature.
rg --type c 'Java_org_cryptomator_macos_keychain_MacKeychain_00024Native_storePassword'

# Test: Search for Java code invoking `storePassword`. Expect: All invocations pass the new parameter.
rg --type java 'storePassword('

Length of output: 366

---

Script:

#!/bin/bash
# Corrected script to verify JNI implementation and calling code for `storePassword`.

# Test: Search for the JNI implementation. Expect: Implementation matches the new signature.
rg --type c 'Java_org_cryptomator_macos_keychain_MacKeychain_00024Native_storePassword' --context 5

# Test: Search for Java code invoking `storePassword`. Expect: All invocations pass the new parameter.
rg --type java 'storePassword\(' --context 2

Length of output: 7585

src/test/java/org/cryptomator/macos/keychain/MacKeychainTest.java (1)

20-20: Add test cases for storePassword with true parameter.

Currently, all test cases for storePassword use false as the boolean parameter. To ensure comprehensive testing, add test cases that cover scenarios with true for the boolean parameter.

• src/test/java/org/cryptomator/macos/keychain/MacKeychainTest.java
• src/test/java/org/cryptomator/macos/keychain/MacSystemKeychainAccessTest.java

Analysis chain

Ensure test coverage for new functionality.

The storePassword method now includes a false parameter. Verify that test cases cover scenarios with different values for this parameter to ensure comprehensive testing of the new functionality.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify test coverage for `storePassword` with different boolean parameter values.

# Test: Search for test cases invoking `storePassword`. Expect: Test cases cover different boolean values.
rg --type java 'storePassword('

Length of output: 112

---

Script:

#!/bin/bash
# Description: Verify test coverage for `storePassword` with different boolean parameter values.

# Test: Search for test cases invoking `storePassword`. Expect: Test cases cover different boolean values.
rg --type java 'storePassword\('

Length of output: 1917

src/main/java/org/cryptomator/macos/keychain/MacSystemKeychainAccess.java (1)

65-65: Clarify changePassphrase behavior.

The changePassphrase method now explicitly passes false for requireOsAuthentication. Ensure this behavior is documented and aligns with the intended security requirements.

Consider adding documentation to clarify the behavior and rationale for not requiring OS authentication during passphrase changes.

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 84c93b6 and 6ea3ddc.

Files selected for processing (6)

• src/main/headers/org_cryptomator_macos_keychain_MacKeychain_Native.h (1 hunks)
• src/main/java/org/cryptomator/macos/keychain/MacKeychain.java (3 hunks)
• src/main/java/org/cryptomator/macos/keychain/MacSystemKeychainAccess.java (2 hunks)
• src/main/native/org_cryptomator_macos_keychain_MacKeychain_Native.m (4 hunks)
• src/test/java/org/cryptomator/macos/keychain/MacKeychainTest.java (1 hunks)
• src/test/java/org/cryptomator/macos/keychain/MacSystemKeychainAccessTest.java (3 hunks)

Additional comments not posted (10)

src/main/java/org/cryptomator/macos/keychain/MacSystemKeychainAccess.java (1)

38-39: Verify logic for requireOsAuthentication.

The storePassphrase method now includes a requireOsAuthentication parameter. Ensure that the logic correctly handles this parameter and aligns with the intended functionality.

Verification successful

---

Logic for requireOsAuthentication is correctly implemented.

The storePassphrase method correctly handles the requireOsAuthentication parameter by passing it to the storePassword method. This logic is thoroughly tested in the MacSystemKeychainAccessTest class, ensuring it functions as intended. No issues were found.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify logic for handling `requireOsAuthentication` in `storePassphrase`.

# Test: Search for logic handling `requireOsAuthentication`. Expect: Logic aligns with intended functionality.
rg --type java 'storePassphrase('

Length of output: 118

---

Script:

#!/bin/bash
# Description: Verify logic for handling `requireOsAuthentication` in `storePassphrase`.

# Test: Search for logic handling `requireOsAuthentication`. Expect: Logic aligns with intended functionality.
rg --type java 'storePassphrase\(' -A 5

Length of output: 3102

src/test/java/org/cryptomator/macos/keychain/MacSystemKeychainAccessTest.java (4)

34-34: LGTM! Test method updated correctly.

The storePassword method now includes the overwrite parameter, and the test reflects this change accurately.

---

41-44: LGTM! Exception handling updated correctly.

The test method now verifies the updated storePassword signature, ensuring proper exception handling.

---

96-96: LGTM! Test method updated correctly.

The storePassword method now includes the overwrite parameter, and the test reflects this change accurately.

---

106-106: LGTM! Test method updated correctly.

The test ensures that storePassword is not called when the password is not found, reflecting the updated method signature.

src/main/java/org/cryptomator/macos/keychain/MacKeychain.java (2)

79-79: LGTM! Migration logic updated correctly.

The storePassword call now includes false for requireOsAuthentication, ensuring no authentication is required during migration.

---

20-30: LGTM! Method signature and documentation updated correctly.

The storePassword method now includes the requireOsAuthentication parameter, and the documentation accurately reflects this change. The parameter is correctly passed to the native method.

Ensure that the native method implementation handles this parameter correctly.

Verification successful

---

Native Method Correctly Handles requireOsAuthentication Parameter

The native method storePassword in src/main/native/org_cryptomator_macos_keychain_MacKeychain_Native.m properly utilizes the requireOsAuthentication parameter. It is used in a conditional block to manage authentication logic, confirming its correct integration into the method.

• File: src/main/native/org_cryptomator_macos_keychain_MacKeychain_Native.m
• Line: Conditional use of requireOsAuthentication found.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify that the native method implementation handles the `requireOsAuthentication` parameter correctly.

# Test: Search for the native method implementation. Expect: Correct handling of the new parameter.
ast-grep --lang objc --pattern $'JNIEXPORT jint JNICALL Java_org_cryptomator_macos_keychain_MacKeychain_00024Native_storePassword(JNIEnv *env, jobject thisObj, jbyteArray service, jbyteArray key, jbyteArray password, jboolean requireOsAuthentication) {
  $$$
}'

Length of output: 371

---

Script:

#!/bin/bash
# Search for the native method implementation in C/C++ or Objective-C files
rg 'JNIEXPORT jint JNICALL Java_org_cryptomator_macos_keychain_MacKeychain_00024Native_storePassword' --type c --type cpp --type objc -A 10

Length of output: 2692

src/main/native/org_cryptomator_macos_keychain_MacKeychain_Native.m (3)

16-22: LGTM! Efficient initialization of LAContext.

The getSharedLAContext function uses dispatch_once for thread-safe, one-time initialization of LAContext.

---

24-35: LGTM! Access control setup enhances security.

The createAccessControl function correctly sets up access control to require user presence, enhancing security.

---

Line range hint 37-95:
LGTM! Native method updated for OS-level authentication.

The storePassword native method correctly integrates LAContext to handle the requireOsAuthentication parameter, ensuring authentication is required when specified.

[infeo]

@purejava I released integrations-api:1.4.0-beta3. Can you update your branch, such that we can run it on the CI?

[purejava]

@infeo Sure. Done.

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 6ea3ddc and 6d24562.

Files selected for processing (1)

• pom.xml (1 hunks)

Additional comments not posted (1)

pom.xml (1)

33-33: Consider verifying compatibility with the beta API version.

The api.version has been updated to 1.4.0-beta3, which is a beta release. While this may introduce new features or fixes, it could also imply potential instability. Ensure that the application is compatible with this version and thoroughly tested.

[tobihagemann]

Looking good! To be honest, I just did some reformattings and refactorings to keep the diff small. I'm not sure if I've introduced any bugs. Please re-test before merging. 😉

[infeo]

Please re-test before merging

@purejava Do you want to do the honor?

[purejava]

Looking good! To be honest, I just did some reformattings and refactorings to keep the diff small. I'm not sure if I've introduced any bugs. Please re-test before merging. 😉

Thanks for the overhaul @tobihagemann. I made a review reading the refactorings and tested the new commits. LGTM!

[purejava]

Please re-test before merging

@purejava Do you want to do the honor?

😄 Definitely! Done. LGTM.