-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathchromium_decryptor_darwin.go
More file actions
46 lines (40 loc) · 1.37 KB
/
chromium_decryptor_darwin.go
File metadata and controls
46 lines (40 loc) · 1.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
//go:build darwin && !ios
package sweetcookie
import (
"context"
"fmt"
"strings"
"time"
)
func chromiumDecryptor(vendor chromiumVendor, _ []chromiumStore, timeout time.Duration) (chromiumDecryptFunc, []string) {
password, err := macosReadKeychainPassword(timeout, vendor.safeStorageService, vendor.safeStorageAccount)
if err != nil {
return nil, []string{fmt.Sprintf("sweetcookie: macOS keychain read failed (%s): %v", vendor.safeStorageService, err)}
}
password = strings.TrimSpace(password)
if password == "" {
return nil, []string{fmt.Sprintf("sweetcookie: macOS keychain returned an empty %s password", vendor.safeStorageService)}
}
key := chromiumDeriveAESCBCKey(password, chromiumAESCBCIterationsMacOS)
return func(encrypted []byte, metaVersion int64) ([]byte, bool) {
plain, err := chromiumDecryptAESCBC(encrypted, key, metaVersion, true)
return plain, err == nil
}, nil
}
func macosReadKeychainPassword(timeout time.Duration, service string, account string) (string, error) {
ctx, cancel := context.WithTimeout(context.Background(), timeout)
defer cancel()
stdout, stderr, err := execCapture(ctx, "security", []string{
"find-generic-password",
"-w",
"-a", account,
"-s", service,
})
if err != nil {
if stderr != "" {
return "", fmt.Errorf("%w: %s", err, strings.TrimSpace(stderr))
}
return "", err
}
return strings.TrimSpace(stdout), nil
}