Use random password

kazk · kazk · commit 658800ee8ea2 · 2022-01-03T12:01:58.000-08:00
diff --git a/src/imp/security_framework.rs b/src/imp/security_framework.rs
@@ -7,6 +7,7 @@ use self::security_framework::base;
 use self::security_framework::certificate::SecCertificate;
 use self::security_framework::identity::SecIdentity;
 use self::security_framework::import_export::{ImportedIdentity, Pkcs12ImportOptions};
+use self::security_framework::random::SecRandom;
 use self::security_framework::secure_transport::{
     self, ClientBuilder, SslConnectionType, SslContext, SslProtocol, SslProtocolSide,
 };
@@ -91,7 +92,7 @@ impl Identity {
 
         let dir = TempDir::new().map_err(|_| Error(base::Error::from(errSecIO)))?;
         let keychain = keychain::CreateOptions::new()
-            .password("password")
+            .password(&random_password()?)
             .create(dir.path().join("identity.keychain"))?;
 
         let mut items = SecItems::default();
@@ -180,6 +181,19 @@ impl Identity {
     }
 }
 
+fn random_password() -> Result<String, Error> {
+    use std::fmt::Write;
+    let mut bytes = [0_u8; 10];
+    SecRandom::default()
+        .copy_bytes(&mut bytes)
+        .map_err(|_| Error(base::Error::from(errSecIO)))?;
+    let mut s = String::with_capacity(2 * bytes.len());
+    for byte in bytes {
+        write!(s, "{:02X}", byte).map_err(|_| Error(base::Error::from(errSecIO)))?;
+    }
+    Ok(s)
+}
+
 #[derive(Clone)]
 pub struct Certificate(SecCertificate);
 
