Hello there. I'm trying to create VPN app for macos. I'm using ikev2 protocol, with NEVPNIKEAuthenticationMethod.none, but with extendedAuth. So to establish VPN I need to add my password to keychain and obtaint password reference. And I want to skip prompt for password, that neagent is asking for, when VPN connection is established for the first time.
I've created SecAccess instance, and added 'neagent' app as trsuted for my keychain item. And I can see 'neagent' app in access list for just created item. But 'neagent' is still asking for password.
https://photos.app.goo.gl/YSN6KTFGPsEAVqTS7
static func createAccess() -> SecAccess {
var app: SecTrustedApplication?
var status = SecTrustedApplicationCreateFromPath("/usr/libexec/neagent", &app)
var myApp: SecTrustedApplication?
status = SecTrustedApplicationCreateFromPath(nil, &myApp)
var access: SecAccess?
status = SecAccessCreate("description" as CFString, [app, myApp] as CFArray, &access)
return access!
}
static func savePassword(pass: String, account: String = "default_account") {
guard let passData = pass.data(using: String.Encoding.utf8, allowLossyConversion: false) else {
return
}
//Delete previous value if exists
if updatePassword(pass, account: account) { return }
let access = createAccess()
let keychainQuery = [kSecAttrAccess: access,
kSecAttrService: service,
kSecClass: kSecClassGenericPassword,
kSecAttrLabel: "App label",
kSecAttrAccount: account,
kSecValueData: passData] as [CFString : Any]
let status = SecItemAdd(keychainQuery as CFDictionary, nil)
if (status != errSecSuccess),
let err = SecCopyErrorMessageString(status, nil) {
print("Write failed: \(err)")
}
}