Move Keychain to its own package, remove KeychainAccess

Author: intitni

Copilot for Xcode.xcworkspace/xcshareddata/swiftpm/Package.resolved

@@ -45,7 +45,6 @@ let package = Package(
         .package(url: "https://github.com/apple/swift-async-algorithms", from: "0.1.0"),
         .package(url: "https://github.com/gonzalezreal/swift-markdown-ui", from: "2.1.0"),
         .package(url: "https://github.com/sparkle-project/Sparkle", from: "2.0.0"),
-        .package(url: "https://github.com/kishikawakatsumi/KeychainAccess", from: "4.2.2"),
         .package(url: "https://github.com/pointfreeco/swift-parsing", from: "0.12.1"),
         .package(url: "https://github.com/pointfreeco/swift-dependencies", from: "0.5.1"),
         .package(
@@ -297,7 +296,7 @@ let package = Package(
             name: "CodeiumService",
             dependencies: [
                 "LanguageClient",
-                "KeychainAccess",
+                .product(name: "Keychain", package: "Tool"),
                 .product(name: "SuggestionModel", package: "Tool"),
                 .product(name: "AppMonitoring", package: "Tool"),
                 .product(name: "Preferences", package: "Tool"),

Core/Package.swift

@@ -1,25 +1,19 @@
 import Configs
 import Foundation
-import KeychainAccess
+import Keychain
 
 public final class CodeiumAuthService {
     public init() {}
     let codeiumKeyKey = "codeiumAuthKey"
-    let keychain: Keychain = {
-        let info = Bundle.main.infoDictionary
-        return Keychain(service: keychainService, accessGroup: keychainAccessGroup)
-            .attributes([
-                kSecUseDataProtectionKeychain as String: true,
-            ])
-    }()
+    let keychain = Keychain()
 
-    var key: String? { try? keychain.getString(codeiumKeyKey) }
+    var key: String? { try? keychain.get(codeiumKeyKey) }
 
     public var isSignedIn: Bool { return key != nil }
 
     public func signIn(token: String) async throws {
         let key = try await generate(token: token)
-        try keychain.set(key, key: codeiumKeyKey)
+        try keychain.update(key, key: codeiumKeyKey)
     }
 
     public func signOut() async throws {

Core/Sources/CodeiumService/CodeiumAuthService.swift

@@ -1,7 +1,6 @@
 import Configs
 import Foundation
 import GitHubCopilotService
-import KeychainAccess
 import Preferences
 
 extension UserDefaultPreferenceKeys {
@@ -28,10 +27,6 @@ public struct ServiceUpdateMigrator {
         if old <= 135 {
             try migrateFromLowerThanOrEqualToVersion135()
         }
-
-        if old < 170 {
-            try migrateFromLowerThanOrEqualToVersion170()
-        }
     }
 }
 
@@ -79,16 +74,3 @@ func migrateFromLowerThanOrEqualToVersion135() throws {
     )
 }
 
-func migrateFromLowerThanOrEqualToVersion170() throws {
-    let oldKeychain = Keychain(service: keychainService, accessGroup: keychainAccessGroup)
-    let newKeychain = oldKeychain.attributes([
-        kSecUseDataProtectionKeychain as String: true,
-    ])
-
-    if (try? oldKeychain.contains("codeiumKey")) ?? false,
-       let key = try? oldKeychain.getString("codeiumKey")
-    {
-        try newKeychain.set(key, key: "codeiumAuthKey")
-    }
-}
-

Core/Sources/ServiceUpdateMigration/ServiceUpdateMigrator.swift

@@ -17,6 +17,7 @@ let package = Package(
         .library(name: "Environment", targets: ["Environment"]),
         .library(name: "SuggestionModel", targets: ["SuggestionModel"]),
         .library(name: "Toast", targets: ["Toast"]),
+        .library(name: "Keychain", targets: ["Keychain"]),
         .library(name: "SharedUIComponents", targets: ["SharedUIComponents"]),
         .library(
             name: "AppMonitoring",
@@ -57,6 +58,11 @@ let package = Package(
 
         .target(name: "ObjectiveCExceptionHandling"),
 
+        .target(
+            name: "Keychain",
+            dependencies: ["Configs"]
+        ),
+
         .target(
             name: "Toast",
             dependencies: [.product(

Pro

@@ -0,0 +1,89 @@
+import Configs
+import Foundation
+import Security
+
+public struct Keychain {
+    let service = keychainService
+    let accessGroup = keychainAccessGroup
+
+    public enum Error: Swift.Error {
+        case failedToDeleteFromKeyChain
+        case failedToUpdateOrSetItem
+    }
+
+    public init() {}
+    
+    func query(_ key: String) -> [String: Any] {
+        [
+            kSecClass as String: kSecClassGenericPassword as String,
+            kSecAttrService as String: service,
+            kSecAttrAccessGroup as String: accessGroup,
+            kSecAttrAccount as String: key,
+            kSecUseDataProtectionKeychain as String: true,
+        ]
+    }
+
+    func set(_ value: String, key: String) throws {
+        let query = query(key).merging([
+            kSecValueData as String: value.data(using: .utf8) ?? Data(),
+        ], uniquingKeysWith: { _, b in b })
+
+        let result = SecItemAdd(query as CFDictionary, nil)
+
+        switch result {
+        case noErr:
+            return
+        default:
+            throw Error.failedToUpdateOrSetItem
+        }
+    }
+
+    public func update(_ value: String, key: String) throws {
+        let query = query(key).merging([
+            kSecMatchLimit as String: kSecMatchLimitOne,
+            kSecReturnData as String: true,
+        ], uniquingKeysWith: { _, b in b })
+
+        let attributes: [String: Any] =
+            [kSecValueData as String: value.data(using: .utf8) ?? Data()]
+
+        let result = SecItemUpdate(query as CFDictionary, attributes as CFDictionary)
+
+        switch result {
+        case noErr:
+            return
+        case errSecItemNotFound:
+            try set(value, key: key)
+        default:
+            throw Error.failedToUpdateOrSetItem
+        }
+    }
+
+    public func get(_ key: String) throws -> String? {
+        let query = query(key).merging([
+            kSecMatchLimit as String: kSecMatchLimitOne,
+            kSecReturnData as String: true,
+            kSecReturnAttributes as String: true,
+        ], uniquingKeysWith: { _, b in b })
+
+        var item: CFTypeRef?
+        if SecItemCopyMatching(query as CFDictionary, &item) == noErr {
+            if let existingItem = item as? [String: Any],
+               let passwordData = existingItem[kSecValueData as String] as? Data,
+               let password = String(data: passwordData, encoding: .utf8)
+            {
+                return password
+            }
+            return nil
+        } else {
+            return nil
+        }
+    }
+
+    public func remove(_ key: String) throws {
+        if SecItemDelete(query(key) as CFDictionary) == noErr {
+            return
+        }
+        throw Error.failedToDeleteFromKeyChain
+    }
+}