refactor: rename keys package to masterkey

"keys" was too generic — it collided with the keys local var, the keys.MasterKeys field, and the CLI keys subcommand. Folds in PickOptions→DiscoverOptions and browser/ comment cleanup.
This commit is contained in:
moonD4rk
2026-06-01 15:41:40 +08:00
parent c951d7ac16
commit 75b15c6fc4
44 changed files with 210 additions and 262 deletions
+4 -12
View File
@@ -45,16 +45,9 @@ func countPasswords(keychainPassword string) (int, error) {
return len(passwords), nil
}
// getInternetPasswords reads InternetPassword records directly from the
// macOS login keychain. See rfcs/006-key-retrieval-mechanisms.md §7 for why
// Safari owns this path instead of routing through the keys package.
//
// TryUnlock is always invoked — with the user-supplied password when one is
// available, otherwise with no options — to enable keychainbreaker's partial
// extraction mode. With a valid password we get fully decrypted entries; with
// empty or wrong password we still get metadata records (URL, account,
// timestamps) and PlainPassword left blank, which Safari can export as
// metadata-only output instead of failing with ErrLocked.
// getInternetPasswords reads InternetPassword records straight from the macOS login keychain (Safari owns its own key
// path, separate from the masterkey package). TryUnlock always runs — even without a password — so a locked keychain
// still yields metadata-only records (URL, account, blank password) instead of failing with ErrLocked.
func getInternetPasswords(keychainPassword string) ([]keychainbreaker.InternetPassword, error) {
kc, err := keychainbreaker.Open()
if err != nil {
@@ -82,8 +75,7 @@ func buildURL(protocol, server string, port uint32, path string) string {
return ""
}
// Convert macOS Keychain FourCC protocol code to URL scheme.
// Only "htps" needs special mapping; others just need space trimming.
// macOS Keychain stores the protocol as a FourCC code; only "htps" needs remapping, others just trim padding.
scheme := strings.TrimRight(protocol, " ")
if scheme == "" || scheme == "htps" {
scheme = "https"