osx: only update keychain entries when needed

mjcheetham · mjcheetham · commit 43b5c5133780 · 2022-06-13T15:45:45.000+01:00
Only update keychain entries when the password/secret is different to
what is already stored.
diff --git a/src/shared/Core/Interop/InteropUtils.cs b/src/shared/Core/Interop/InteropUtils.cs
@@ -1,4 +1,5 @@
 using System;
+using System.Linq;
 using System.Runtime.InteropServices;
 
 namespace GitCredentialManager.Interop
@@ -11,5 +12,21 @@ public static byte[] ToByteArray(IntPtr ptr, long count)
             Marshal.Copy(ptr, destination, 0, destination.Length);
             return destination;
         }
+
+        public static bool AreEqual(byte[] bytes, IntPtr ptr, uint length)
+        {
+            if (bytes.Length == 0 && (ptr == IntPtr.Zero || length == 0))
+            {
+                return true;
+            }
+
+            if (bytes.Length != length)
+            {
+                return false;
+            }
+
+            byte[] ptrBytes = ToByteArray(ptr, length);
+            return bytes.SequenceEqual(ptrBytes);
+        }
     }
 }
diff --git a/src/shared/Core/Interop/MacOS/MacOSKeychain.cs b/src/shared/Core/Interop/MacOS/MacOSKeychain.cs
@@ -103,7 +103,6 @@ public void AddOrUpdate(string service, string account, string secret)
 
             string serviceName = CreateServiceName(service);
 
-
             uint serviceNameLength = (uint) serviceName.Length;
             uint accountLength = (uint) (account?.Length ?? 0);
 
@@ -112,12 +111,12 @@ public void AddOrUpdate(string service, string account, string secret)
                 // Check if an entry already exists in the keychain
                 int findResult = SecKeychainFindGenericPassword(
                     IntPtr.Zero, serviceNameLength, serviceName, accountLength, account,
-                    out uint _, out passwordData, out itemRef);
+                    out uint passwordDataLength, out passwordData, out itemRef);
 
                 switch (findResult)
                 {
-                    // Update existing entry
-                    case OK:
+                    // Update existing entry only if the password/secret is different
+                    case OK when !InteropUtils.AreEqual(secretBytes, passwordData, passwordDataLength):
                         ThrowIfError(
                             SecKeychainItemModifyAttributesAndData(itemRef, IntPtr.Zero, (uint) secretBytes.Length, secretBytes),
                             "Could not update existing item"
