IME-LONDON
/
LONDON-IOS
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
250 Commits
3 Branches
2 Tags
339 MiB
Tree: 64637eab09
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '64637eab09'
${ noResults }
LONDON-IOS/Pods/FirebaseAuth/Firebase/Auth/Source/FIRAuthKeychain.m

256 lines
8.4 KiB
Raw Normal View History

git init
6 years ago
  1. /*
  2. * Copyright 2017 Google
  3. *
  4. * Licensed under the Apache License, Version 2.0 (the "License");
  5. * you may not use this file except in compliance with the License.
  6. * You may obtain a copy of the License at
  7. *
  8. * http://www.apache.org/licenses/LICENSE-2.0
  9. *
  10. * Unless required by applicable law or agreed to in writing, software
  11. * distributed under the License is distributed on an "AS IS" BASIS,
  12. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13. * See the License for the specific language governing permissions and
  14. * limitations under the License.
  15. */
  17. #import "FIRAuthKeychain.h"
  19. #import <Security/Security.h>
  21. #import "FIRAuthErrorUtils.h"
  22. #import "FIRAuthUserDefaultsStorage.h"
  24. #if FIRAUTH_USER_DEFAULTS_STORAGE_AVAILABLE
  25. #import <UIKit/UIKit.h>
  27. /** @var kOSVersionMatcherForUsingUserDefaults
  28. @brief The regular expression to match all OS versions that @c FIRAuthUserDefaultsStorage is
  29. used instead if available.
  30. */
  31. static NSString *const kOSVersionMatcherForUsingUserDefaults = @"^10\\.[01](\\..*)?$";
  33. #endif // FIRAUTH_USER_DEFAULTS_STORAGE_AVAILABLE
  35. /** @var kAccountPrefix
  36. @brief The prefix string for keychain item account attribute before the key.
  37. @remarks A number "1" is encoded in the prefix in case we need to upgrade the scheme in future.
  38. */
  39. static NSString *const kAccountPrefix = @"firebase_auth_1_";
  41. @implementation FIRAuthKeychain {
  42. /** @var _service
  43. @brief The name of the keychain service.
  44. */
  45. NSString *_service;
  47. /** @var _legacyItemDeletedForKey
  48. @brief Indicates whether or not this class knows that the legacy item for a particular key has
  49. been deleted.
  50. @remarks This dictionary is to avoid unecessary keychain operations against legacy items.
  51. */
  52. NSMutableDictionary *_legacyEntryDeletedForKey;
  53. }
  55. - (id<FIRAuthStorage>)initWithService:(NSString *)service {
  57. #if FIRAUTH_USER_DEFAULTS_STORAGE_AVAILABLE
  59. NSString *OSVersion = [UIDevice currentDevice].systemVersion;
  60. NSRegularExpression *regex =
  61. [NSRegularExpression regularExpressionWithPattern:kOSVersionMatcherForUsingUserDefaults
  62. options:0
  63. error:NULL];
  64. if ([regex numberOfMatchesInString:OSVersion options:0 range:NSMakeRange(0, OSVersion.length)]) {
  65. return (id<FIRAuthStorage>)[[FIRAuthUserDefaultsStorage alloc] initWithService:service];
  66. }
  68. #endif // FIRAUTH_USER_DEFAULTS_STORAGE_AVAILABLE
  70. self = [super init];
  71. if (self) {
  72. _service = [service copy];
  73. _legacyEntryDeletedForKey = [[NSMutableDictionary alloc] init];
  74. }
  75. return self;
  76. }
  78. - (NSData *)dataForKey:(NSString *)key error:(NSError **_Nullable)error {
  79. if (!key.length) {
  80. [NSException raise:NSInvalidArgumentException
  81. format:@"%@", @"The key cannot be nil or empty."];
  82. return nil;
  83. }
  84. NSData *data = [self itemWithQuery:[self genericPasswordQueryWithKey:key] error:error];
  85. if (error && *error) {
  86. return nil;
  87. }
  88. if (data) {
  89. return data;
  90. }
  91. // Check for legacy form.
  92. if (_legacyEntryDeletedForKey[key]) {
  93. return nil;
  94. }
  95. data = [self itemWithQuery:[self legacyGenericPasswordQueryWithKey:key] error:error];
  96. if (error && *error) {
  97. return nil;
  98. }
  99. if (!data) {
  100. // Mark legacy data as non-existing so we don't have to query it again.
  101. _legacyEntryDeletedForKey[key] = @YES;
  102. return nil;
  103. }
  104. // Move the data to current form.
  105. if (![self setData:data forKey:key error:error]) {
  106. return nil;
  107. }
  108. [self deleteLegacyItemWithKey:key];
  109. return data;
  110. }
  112. - (BOOL)setData:(NSData *)data forKey:(NSString *)key error:(NSError **_Nullable)error {
  113. if (!key.length) {
  114. [NSException raise:NSInvalidArgumentException
  115. format:@"%@", @"The key cannot be nil or empty."];
  116. return NO;
  117. }
  118. NSDictionary *attributes = @{
  119. (__bridge id)kSecValueData : data,
  120. (__bridge id)kSecAttrAccessible : (__bridge id)kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly,
  121. };
  122. return [self setItemWithQuery:[self genericPasswordQueryWithKey:key]
  123. attributes:attributes
  124. error:error];
  125. }
  127. - (BOOL)removeDataForKey:(NSString *)key error:(NSError **_Nullable)error {
  128. if (!key.length) {
  129. [NSException raise:NSInvalidArgumentException
  130. format:@"%@", @"The key cannot be nil or empty."];
  131. return NO;
  132. }
  133. if (![self deleteItemWithQuery:[self genericPasswordQueryWithKey:key] error:error]) {
  134. return NO;
  135. }
  136. // Legacy form item, if exists, also needs to be removed, otherwise it will be exposed when
  137. // current form item is removed, leading to incorrect semantics.
  138. [self deleteLegacyItemWithKey:key];
  139. return YES;
  140. }
  142. #pragma mark - Private
  144. - (NSData *)itemWithQuery:(NSDictionary *)query error:(NSError **_Nullable)error {
  145. NSMutableDictionary *returningQuery = [query mutableCopy];
  146. returningQuery[(__bridge id)kSecReturnData] = @YES;
  147. returningQuery[(__bridge id)kSecReturnAttributes] = @YES;
  148. // Using a match limit of 2 means that we can check whether there is more than one item.
  149. // If we used a match limit of 1 we would never find out.
  150. returningQuery[(__bridge id)kSecMatchLimit] = @2;
  152. CFArrayRef result = NULL;
  153. OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)returningQuery,
  154. (CFTypeRef *)&result);
  156. if (status == noErr && result != NULL) {
  157. NSArray *items = (__bridge_transfer NSArray *)result;
  158. if (items.count != 1) {
  159. if (error) {
  160. *error = [FIRAuthErrorUtils keychainErrorWithFunction:@"SecItemCopyMatching"
  161. status:status];
  162. }
  163. return nil;
  164. }
  166. if (error) {
  167. *error = nil;
  168. }
  169. NSDictionary *item = items[0];
  170. return item[(__bridge id)kSecValueData];
  171. }
  173. if (status == errSecItemNotFound) {
  174. if (error) {
  175. *error = nil;
  176. }
  177. } else {
  178. if (error) {
  179. *error = [FIRAuthErrorUtils keychainErrorWithFunction:@"SecItemCopyMatching" status:status];
  180. }
  181. }
  182. return nil;
  183. }
  185. - (BOOL)setItemWithQuery:(NSDictionary *)query
  186. attributes:(NSDictionary *)attributes
  187. error:(NSError **_Nullable)error {
  188. NSMutableDictionary *combined = [attributes mutableCopy];
  189. [combined addEntriesFromDictionary:query];
  190. BOOL hasItem = NO;
  191. OSStatus status = SecItemAdd((__bridge CFDictionaryRef)combined, NULL);
  193. if (status == errSecDuplicateItem) {
  194. hasItem = YES;
  195. status = SecItemUpdate((__bridge CFDictionaryRef)query, (__bridge CFDictionaryRef)attributes);
  196. }
  198. if (status == noErr) {
  199. return YES;
  200. }
  201. if (error) {
  202. NSString *function = hasItem ? @"SecItemUpdate" : @"SecItemAdd";
  203. *error = [FIRAuthErrorUtils keychainErrorWithFunction:function status:status];
  204. }
  205. return NO;
  206. }
  208. - (BOOL)deleteItemWithQuery:(NSDictionary *)query error:(NSError **_Nullable)error {
  209. OSStatus status = SecItemDelete((__bridge CFDictionaryRef)query);
  210. if (status == noErr || status == errSecItemNotFound) {
  211. return YES;
  212. }
  213. if (error) {
  214. *error = [FIRAuthErrorUtils keychainErrorWithFunction:@"SecItemDelete" status:status];
  215. }
  216. return NO;
  217. }
  219. /** @fn deleteLegacyItemsWithKey:
  220. @brief Deletes legacy item from the keychain if it is not already known to be deleted.
  221. @param key The key for the item.
  222. */
  223. - (void)deleteLegacyItemWithKey:(NSString *)key {
  224. if (_legacyEntryDeletedForKey[key]) {
  225. return;
  226. }
  227. NSDictionary *query = [self legacyGenericPasswordQueryWithKey:key];
  228. SecItemDelete((__bridge CFDictionaryRef)query);
  229. _legacyEntryDeletedForKey[key] = @YES;
  230. }
  232. /** @fn genericPasswordQueryWithKey:
  233. @brief Returns a keychain query of generic password to be used to manipulate key'ed value.
  234. @param key The key for the value being manipulated, used as the account field in the query.
  235. */
  236. - (NSDictionary *)genericPasswordQueryWithKey:(NSString *)key {
  237. return @{
  238. (__bridge id)kSecClass : (__bridge id)kSecClassGenericPassword,
  239. (__bridge id)kSecAttrAccount : [kAccountPrefix stringByAppendingString:key],
  240. (__bridge id)kSecAttrService : _service,
  241. };
  242. }
  244. /** @fn legacyGenericPasswordQueryWithKey:
  245. @brief Returns a keychain query of generic password without service field, which is used by
  246. previous version of this class.
  247. @param key The key for the value being manipulated, used as the account field in the query.
  248. */
  249. - (NSDictionary *)legacyGenericPasswordQueryWithKey:(NSString *)key {
  250. return @{
  251. (__bridge id)kSecClass : (__bridge id)kSecClassGenericPassword,
  252. (__bridge id)kSecAttrAccount : key,
  253. };
  254. }
  256. @end