IME-LONDON
/
LONDON-IOS
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1563 Commits
3 Branches
2 Tags
339 MiB
Tree: 044de7c3c3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '044de7c3c3'
${ noResults }
LONDON-IOS/Pods/FirebaseAuth/Firebase/Auth/Source/Storage/FIRAuthKeychain.m

327 lines
10 KiB
Raw Normal View History

git init
6 years ago
pod update as latest version
5 years ago
git init
6 years ago
pod update as latest version
5 years ago
git init
6 years ago
pod update as latest version
5 years ago
git init
6 years ago
pod update as latest version
5 years ago
git init
6 years ago
pod update as latest version
5 years ago
git init
6 years ago
pod update as latest version
5 years ago
git init
6 years ago
pod update as latest version
5 years ago
  1. /*
  2. * Copyright 2017 Google
  3. *
  4. * Licensed under the Apache License, Version 2.0 (the "License");
  5. * you may not use this file except in compliance with the License.
  6. * You may obtain a copy of the License at
  7. *
  8. * http://www.apache.org/licenses/LICENSE-2.0
  9. *
  10. * Unless required by applicable law or agreed to in writing, software
  11. * distributed under the License is distributed on an "AS IS" BASIS,
  12. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13. * See the License for the specific language governing permissions and
  14. * limitations under the License.
  15. */
  17. #import "FIRAuthKeychain.h"
  19. #import <Security/Security.h>
  21. #import "FIRAuthErrorUtils.h"
  22. #import "FIRAuthUserDefaultsStorage.h"
  24. /** @var kAccountPrefix
  25. @brief The prefix string for keychain item account attribute before the key.
  26. @remarks A number "1" is encoded in the prefix in case we need to upgrade the scheme in future.
  27. */
  28. static NSString *const kAccountPrefix = @"firebase_auth_1_";
  30. NS_ASSUME_NONNULL_BEGIN
  32. @implementation FIRAuthKeychain {
  33. /** @var _service
  34. @brief The name of the keychain service.
  35. */
  36. NSString *_service;
  38. /** @var _legacyItemDeletedForKey
  39. @brief Indicates whether or not this class knows that the legacy item for a particular key has
  40. been deleted.
  41. @remarks This dictionary is to avoid unecessary keychain operations against legacy items.
  42. */
  43. NSMutableDictionary *_legacyEntryDeletedForKey;
  44. }
  46. - (id<FIRAuthStorage>)initWithService:(NSString *)service {
  48. self = [super init];
  49. if (self) {
  50. _service = [service copy];
  51. _legacyEntryDeletedForKey = [[NSMutableDictionary alloc] init];
  52. }
  53. return self;
  54. }
  56. - (nullable NSData *)dataForKey:(NSString *)key error:(NSError **_Nullable)error {
  57. if (!key.length) {
  58. [NSException raise:NSInvalidArgumentException
  59. format:@"%@", @"The key cannot be nil or empty."];
  60. return nil;
  61. }
  62. NSData *data = [self itemWithQuery:[self genericPasswordQueryWithKey:key] error:error];
  63. if (error && *error) {
  64. return nil;
  65. }
  66. if (data) {
  67. return data;
  68. }
  69. // Check for legacy form.
  70. if (_legacyEntryDeletedForKey[key]) {
  71. return nil;
  72. }
  73. data = [self itemWithQuery:[self legacyGenericPasswordQueryWithKey:key] error:error];
  74. if (error && *error) {
  75. return nil;
  76. }
  77. if (!data) {
  78. // Mark legacy data as non-existing so we don't have to query it again.
  79. _legacyEntryDeletedForKey[key] = @YES;
  80. return nil;
  81. }
  82. // Move the data to current form.
  83. if (![self setData:data forKey:key error:error]) {
  84. return nil;
  85. }
  86. [self deleteLegacyItemWithKey:key];
  87. return data;
  88. }
  90. - (BOOL)setData:(NSData *)data forKey:(NSString *)key error:(NSError **_Nullable)error {
  91. if (!key.length) {
  92. [NSException raise:NSInvalidArgumentException
  93. format:@"%@", @"The key cannot be nil or empty."];
  94. return NO;
  95. }
  96. NSDictionary *attributes = @{
  97. (__bridge id)kSecValueData : data,
  98. (__bridge id)kSecAttrAccessible : (__bridge id)kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly,
  99. };
  100. return [self setItemWithQuery:[self genericPasswordQueryWithKey:key]
  101. attributes:attributes
  102. error:error];
  103. }
  105. - (BOOL)removeDataForKey:(NSString *)key error:(NSError **_Nullable)error {
  106. if (!key.length) {
  107. [NSException raise:NSInvalidArgumentException
  108. format:@"%@", @"The key cannot be nil or empty."];
  109. return NO;
  110. }
  111. if (![self deleteItemWithQuery:[self genericPasswordQueryWithKey:key] error:error]) {
  112. return NO;
  113. }
  114. // Legacy form item, if exists, also needs to be removed, otherwise it will be exposed when
  115. // current form item is removed, leading to incorrect semantics.
  116. [self deleteLegacyItemWithKey:key];
  117. return YES;
  118. }
  120. #pragma mark - Private methods for non-sharing keychain operations
  122. - (nullable NSData *)itemWithQuery:(NSDictionary *)query error:(NSError **_Nullable)error {
  123. NSMutableDictionary *returningQuery = [query mutableCopy];
  124. returningQuery[(__bridge id)kSecReturnData] = @YES;
  125. returningQuery[(__bridge id)kSecReturnAttributes] = @YES;
  126. // Using a match limit of 2 means that we can check whether there is more than one item.
  127. // If we used a match limit of 1 we would never find out.
  128. returningQuery[(__bridge id)kSecMatchLimit] = @2;
  130. CFArrayRef result = NULL;
  131. OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)returningQuery,
  132. (CFTypeRef *)&result);
  134. if (status == noErr && result != NULL) {
  135. NSArray *items = (__bridge_transfer NSArray *)result;
  136. if (items.count != 1) {
  137. if (error) {
  138. *error = [FIRAuthErrorUtils keychainErrorWithFunction:@"SecItemCopyMatching"
  139. status:status];
  140. }
  141. return nil;
  142. }
  144. if (error) {
  145. *error = nil;
  146. }
  147. NSDictionary *item = items[0];
  148. return item[(__bridge id)kSecValueData];
  149. }
  151. if (status == errSecItemNotFound) {
  152. if (error) {
  153. *error = nil;
  154. }
  155. } else {
  156. if (error) {
  157. *error = [FIRAuthErrorUtils keychainErrorWithFunction:@"SecItemCopyMatching" status:status];
  158. }
  159. }
  160. return nil;
  161. }
  163. - (BOOL)setItemWithQuery:(NSDictionary *)query
  164. attributes:(NSDictionary *)attributes
  165. error:(NSError **_Nullable)error {
  166. NSMutableDictionary *combined = [attributes mutableCopy];
  167. [combined addEntriesFromDictionary:query];
  168. BOOL hasItem = NO;
  169. OSStatus status = SecItemAdd((__bridge CFDictionaryRef)combined, NULL);
  171. if (status == errSecDuplicateItem) {
  172. hasItem = YES;
  173. status = SecItemUpdate((__bridge CFDictionaryRef)query, (__bridge CFDictionaryRef)attributes);
  174. }
  176. if (status == noErr) {
  177. return YES;
  178. }
  179. if (error) {
  180. NSString *function = hasItem ? @"SecItemUpdate" : @"SecItemAdd";
  181. *error = [FIRAuthErrorUtils keychainErrorWithFunction:function status:status];
  182. }
  183. return NO;
  184. }
  186. - (BOOL)deleteItemWithQuery:(NSDictionary *)query error:(NSError **_Nullable)error {
  187. OSStatus status = SecItemDelete((__bridge CFDictionaryRef)query);
  188. if (status == noErr || status == errSecItemNotFound) {
  189. return YES;
  190. }
  191. if (error) {
  192. *error = [FIRAuthErrorUtils keychainErrorWithFunction:@"SecItemDelete" status:status];
  193. }
  194. return NO;
  195. }
  197. /** @fn deleteLegacyItemsWithKey:
  198. @brief Deletes legacy item from the keychain if it is not already known to be deleted.
  199. @param key The key for the item.
  200. */
  201. - (void)deleteLegacyItemWithKey:(NSString *)key {
  202. if (_legacyEntryDeletedForKey[key]) {
  203. return;
  204. }
  205. NSDictionary *query = [self legacyGenericPasswordQueryWithKey:key];
  206. SecItemDelete((__bridge CFDictionaryRef)query);
  207. _legacyEntryDeletedForKey[key] = @YES;
  208. }
  210. /** @fn genericPasswordQueryWithKey:
  211. @brief Returns a keychain query of generic password to be used to manipulate key'ed value.
  212. @param key The key for the value being manipulated, used as the account field in the query.
  213. */
  214. - (NSDictionary *)genericPasswordQueryWithKey:(NSString *)key {
  215. return @{
  216. (__bridge id)kSecClass : (__bridge id)kSecClassGenericPassword,
  217. (__bridge id)kSecAttrAccount : [kAccountPrefix stringByAppendingString:key],
  218. (__bridge id)kSecAttrService : _service,
  219. };
  220. }
  222. /** @fn legacyGenericPasswordQueryWithKey:
  223. @brief Returns a keychain query of generic password without service field, which is used by
  224. previous version of this class.
  225. @param key The key for the value being manipulated, used as the account field in the query.
  226. */
  227. - (NSDictionary *)legacyGenericPasswordQueryWithKey:(NSString *)key {
  228. return @{
  229. (__bridge id)kSecClass : (__bridge id)kSecClassGenericPassword,
  230. (__bridge id)kSecAttrAccount : key,
  231. };
  232. }
  234. #pragma mark - Private methods for shared keychain operations
  236. - (nullable NSData *)getItemWithQuery:(NSDictionary *)query
  237. error:(NSError *_Nullable *_Nullable)outError {
  238. NSMutableDictionary *mutableQuery = [query mutableCopy];
  240. mutableQuery[(__bridge id)kSecReturnData] = @YES;
  241. mutableQuery[(__bridge id)kSecReturnAttributes] = @YES;
  242. mutableQuery[(__bridge id)kSecMatchLimit] = @2;
  244. CFArrayRef result = NULL;
  245. OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)mutableQuery,
  246. (CFTypeRef *)&result);
  248. if (status == noErr && result != NULL) {
  249. NSArray *items = (__bridge_transfer NSArray *)result;
  250. if (items.count != 1) {
  251. if (outError) {
  252. *outError = [FIRAuthErrorUtils keychainErrorWithFunction:@"SecItemCopyMatching"
  253. status:status];
  254. }
  255. return nil;
  256. }
  258. if (outError) {
  259. *outError = nil;
  260. }
  261. NSDictionary *item = items[0];
  262. return item[(__bridge id)kSecValueData];
  263. }
  265. if (status == errSecItemNotFound) {
  266. if (outError) {
  267. *outError = nil;
  268. }
  269. } else {
  270. if (outError) {
  271. *outError = [FIRAuthErrorUtils keychainErrorWithFunction:@"SecItemCopyMatching" status:status];
  272. }
  273. }
  274. return nil;
  275. }
  277. - (BOOL)setItem:(NSData *)item
  278. withQuery:(NSDictionary *)query
  279. error:(NSError *_Nullable *_Nullable)outError {
  280. NSData *existingItem = [self getItemWithQuery:query error:outError];
  281. if (outError && *outError) {
  282. return NO;
  283. }
  285. OSStatus status;
  286. if (!existingItem) {
  287. NSMutableDictionary *queryWithItem = [query mutableCopy];
  288. [queryWithItem setObject:item forKey:(__bridge id)kSecValueData];
  289. status = SecItemAdd((__bridge CFDictionaryRef)queryWithItem, NULL);
  290. } else {
  291. NSDictionary *attributes = @{(__bridge id)kSecValueData: item};
  292. status = SecItemUpdate((__bridge CFDictionaryRef)query, (__bridge CFDictionaryRef)attributes);
  293. }
  295. if (status == noErr) {
  296. if (outError) {
  297. *outError = nil;
  298. }
  299. return YES;
  300. }
  302. NSString *function = existingItem ? @"SecItemUpdate" : @"SecItemAdd";
  303. if (outError) {
  304. *outError = [FIRAuthErrorUtils keychainErrorWithFunction:function status:status];
  305. }
  306. return NO;
  307. }
  309. - (BOOL)removeItemWithQuery:(NSDictionary *)query error:(NSError *_Nullable *_Nullable)outError {
  310. OSStatus status = SecItemDelete((__bridge CFDictionaryRef)query);
  312. if (status == noErr || status == errSecItemNotFound) {
  313. if (outError) {
  314. *outError = nil;
  315. }
  316. return YES;
  317. }
  319. if (outError) {
  320. *outError = [FIRAuthErrorUtils keychainErrorWithFunction:@"SecItemDelete" status:status];
  321. }
  322. return NO;
  323. }
  325. @end
  327. NS_ASSUME_NONNULL_END