feat(BRIDGE-116): add command-line switches to enable/disable keychain check on macOS.

internal/vault/helper.go

@@ -19,53 +19,57 @@ package vault
 
 import (
 	"encoding/base64"
-	"encoding/json"
-	"errors"
 	"fmt"
-	"io/fs"
-	"os"
-	"path/filepath"
 
 	"github.com/ProtonMail/gopenpgp/v2/crypto"
 	"github.com/ProtonMail/proton-bridge/v3/pkg/keychain"
+	"github.com/sirupsen/logrus"
 )
 
 const vaultSecretName = "bridge-vault-key"
 
-type Keychain struct {
-	Helper string
-}
-
-func getKeychainPrefPath(vaultDir string) string {
-	return filepath.Clean(filepath.Join(vaultDir, "keychain.json"))
-}
-
-func GetHelper(vaultDir string) (string, error) {
-	if _, err := os.Stat(getKeychainPrefPath(vaultDir)); errors.Is(err, fs.ErrNotExist) {
-		return "", nil
-	}
-
-	b, err := os.ReadFile(getKeychainPrefPath(vaultDir))
+func GetShouldSkipKeychainTest(vaultDir string) (bool, error) {
+	settings, err := LoadKeychainSettings(vaultDir)
 	if err != nil {
-		return "", err
+		return false, err
 	}
 
-	var keychain Keychain
-
-	if err := json.Unmarshal(b, &keychain); err != nil {
-		return "", err
-	}
-
-	return keychain.Helper, nil
+	return settings.DisableTest, nil
 }
 
-func SetHelper(vaultDir, helper string) error {
-	b, err := json.MarshalIndent(Keychain{Helper: helper}, "", "  ")
+func SetShouldSkipKeychainTest(vaultDir string, skip bool) error {
+	settings, err := LoadKeychainSettings(vaultDir)
 	if err != nil {
 		return err
 	}
 
-	return os.WriteFile(getKeychainPrefPath(vaultDir), b, 0o600)
+	log := logrus.WithFields(logrus.Fields{"pkg": "vault", "skipKeychainTest": skip})
+	if skip == settings.DisableTest {
+		log.Info("Skipping change of keychain test setting as value is not modified")
+		return nil
+	}
+
+	logrus.WithFields(logrus.Fields{"pkg": "vault", "skipKeychainTest": skip}).Info("Setting keychain test skip option")
+	settings.DisableTest = skip
+	return settings.Save(vaultDir)
+}
+
+func GetHelper(vaultDir string) (string, error) {
+	settings, err := LoadKeychainSettings(vaultDir)
+	if err != nil {
+		return "", err
+	}
+	return settings.Helper, nil
+}
+
+func SetHelper(vaultDir, helper string) error {
+	settings, err := LoadKeychainSettings(vaultDir)
+	if err != nil {
+		return err
+	}
+
+	settings.Helper = helper
+	return settings.Save(vaultDir)
 }
 
 func GetVaultKey(kc *keychain.Keychain) ([]byte, error) {

internal/vault/helper_test.go

@@ -0,0 +1,46 @@
+// Copyright (c) 2024 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
+
+package vault
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestShouldSkipKeychainTestAccessors(t *testing.T) {
+	dir := t.TempDir()
+	skip, err := GetShouldSkipKeychainTest(dir)
+	require.NoError(t, err)
+	require.False(t, skip)
+	require.NoError(t, SetShouldSkipKeychainTest(dir, true))
+	skip, err = GetShouldSkipKeychainTest(dir)
+	require.NoError(t, err)
+	require.True(t, skip)
+}
+
+func TestHelperAccessors(t *testing.T) {
+	dir := t.TempDir()
+	helper, err := GetHelper(dir)
+	require.NoError(t, err)
+	require.Zero(t, len(helper))
+	require.NoError(t, SetHelper(dir, "keychain"))
+	helper, err = GetHelper(dir)
+	require.NoError(t, err)
+	require.Equal(t, "keychain", helper)
+}

internal/vault/keychain_settings.go

@@ -0,0 +1,74 @@
+// Copyright (c) 2024 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
+
+package vault
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/sirupsen/logrus"
+)
+
+const keychainSettingsFileName = "keychain.json"
+
+// KeychainSettings holds settings related to the keychain. It is serialized in the vault directory.
+type KeychainSettings struct {
+	Helper      string // The helper used for keychain.
+	DisableTest bool   // Is the keychain test on startup disabled?
+}
+
+// LoadKeychainSettings load keychain settings from the vaultDir folder, or returns a default one if the file
+// does not exists or is invalid.
+func LoadKeychainSettings(vaultDir string) (KeychainSettings, error) {
+	path := filepath.Join(vaultDir, keychainSettingsFileName)
+	bytes, err := os.ReadFile(path) //nolint:gosec
+	if err != nil {
+		if errors.Is(err, os.ErrNotExist) {
+			logrus.
+				WithFields(logrus.Fields{"pkg": "vault", "path": path}).
+				Trace("Keychain settings file does not exists, default values will be used")
+			return KeychainSettings{}, nil
+		}
+		return KeychainSettings{}, err
+	}
+
+	var result KeychainSettings
+	if err := json.Unmarshal(bytes, &result); err != nil {
+		return KeychainSettings{}, fmt.Errorf("keychain settings file is invalid settings: %w", err)
+	}
+
+	return result, nil
+}
+
+// Save saves the keychain settings in a file in the vaultDir folder.
+func (k KeychainSettings) Save(vaultDir string) error {
+	bytes, err := json.MarshalIndent(k, "", "  ")
+	if err != nil {
+		return err
+	}
+
+	if err = os.MkdirAll(vaultDir, 0o700); err != nil {
+		return err
+	}
+
+	path := filepath.Join(vaultDir, keychainSettingsFileName)
+	return os.WriteFile(path, bytes, 0o600)
+}

internal/vault/keychain_settings_test.go

@@ -0,0 +1,58 @@
+// Copyright (c) 2024 Proton AG
+//
+// This file is part of Proton Mail Bridge.
+//
+// Proton Mail Bridge is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Proton Mail Bridge is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Proton Mail Bridge. If not, see <https://www.gnu.org/licenses/>.
+
+package vault
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestKeychainSettingsIO(t *testing.T) {
+	dir := t.TempDir()
+
+	// test loading non existing file. no error but loads defaults.
+	settings, err := LoadKeychainSettings(dir)
+	require.NoError(t, err)
+	require.Equal(t, settings, KeychainSettings{})
+
+	// test file creation
+	settings.Helper = "dummy1"
+	settings.DisableTest = true
+	require.NoError(t, settings.Save(dir))
+
+	// test reading existing file
+	readBack, err := LoadKeychainSettings(dir)
+	require.NoError(t, err)
+	require.Equal(t, settings, readBack)
+
+	// test file overwrite and read back
+	settings.Helper = "dummy2"
+	require.NoError(t, settings.Save(dir))
+	readBack, err = LoadKeychainSettings(dir)
+	require.NoError(t, err)
+	require.Equal(t, settings, readBack)
+
+	// test error on invalid content
+	settingsFilePath := filepath.Join(dir, keychainSettingsFileName)
+	require.NoError(t, os.WriteFile(settingsFilePath, []byte("][INVALID"), 0o600))
+	_, err = LoadKeychainSettings(dir)
+	require.Error(t, err)
+}