Marle
/
iOS
Watch 1
Star 1
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
No Description
12 Commits
2 Branches
Tree: 08f4289f11
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '08f4289f11'
${ noResults }
iOS/Pods/FirebaseInstanceID/Firebase/InstanceID/FIRInstanceIDKeychain.m

FIRInstanceIDKeychain.m 6.5KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174 
  1. /*

  2.  * Copyright 2019 Google

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *      http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. 

  17. #import "FIRInstanceIDKeychain.h"

  18. 

  19. #import "FIRInstanceIDKeyPair.h"

  20. #import "FIRInstanceIDKeyPairUtilities.h"

  21. #import "FIRInstanceIDLogger.h"

  22. 

  23. NSString *const kFIRInstanceIDKeychainErrorDomain = @"com.google.iid";

  24. 

  25. static const NSUInteger kRSA2048KeyPairSize = 2048;

  26. 

  27. @interface FIRInstanceIDKeychain () {

  28.   dispatch_queue_t _keychainOperationQueue;

  29. }

  30. 

  31. @end

  32. 

  33. @implementation FIRInstanceIDKeychain

  34. 

  35. + (instancetype)sharedInstance {

  36.   static FIRInstanceIDKeychain *sharedInstance;

  37.   static dispatch_once_t onceToken;

  38.   dispatch_once(&onceToken, ^{

  39.     sharedInstance = [[FIRInstanceIDKeychain alloc] init];

  40.   });

  41.   return sharedInstance;

  42. }

  43. 

  44. - (instancetype)init {

  45.   self = [super init];

  46.   if (self) {

  47.     _keychainOperationQueue =

  48.         dispatch_queue_create("com.google.FirebaseInstanceID.Keychain", DISPATCH_QUEUE_SERIAL);

  49.   }

  50.   return self;

  51. }

  52. 

  53. - (CFTypeRef)itemWithQuery:(NSDictionary *)keychainQuery {

  54.   __block SecKeyRef keyRef = NULL;

  55.   dispatch_sync(_keychainOperationQueue, ^{

  56.     OSStatus status =

  57.         SecItemCopyMatching((__bridge CFDictionaryRef)keychainQuery, (CFTypeRef *)&keyRef);

  58. 

  59.     if (status != noErr) {

  60.       if (keyRef) {

  61.         CFRelease(keyRef);

  62.       }

  63.       FIRInstanceIDLoggerDebug(kFIRInstanceIDKeychainReadItemError,

  64.                                @"Info is not found in Keychain. OSStatus: %d. Keychain query: %@",

  65.                                (int)status, keychainQuery);

  66.     }

  67.   });

  68.   return keyRef;

  69. }

  70. 

  71. - (void)removeItemWithQuery:(NSDictionary *)keychainQuery

  72.                     handler:(void (^)(NSError *error))handler {

  73.   dispatch_async(_keychainOperationQueue, ^{

  74.     OSStatus status = SecItemDelete((__bridge CFDictionaryRef)keychainQuery);

  75.     if (status != noErr) {

  76.       FIRInstanceIDLoggerDebug(

  77.           kFIRInstanceIDKeychainDeleteItemError,

  78.           @"Couldn't delete item from Keychain OSStatus: %d with the keychain query %@",

  79.           (int)status, keychainQuery);

  80.     }

  81. 

  82.     if (handler) {

  83.       NSError *error;

  84.       // When item is not found, it should NOT be considered as an error. The operation should

  85.       // continue.

  86.       if (status != noErr && status != errSecItemNotFound) {

  87.         error = [NSError errorWithDomain:kFIRInstanceIDKeychainErrorDomain

  88.                                     code:status

  89.                                 userInfo:nil];

  90.       }

  91.       dispatch_async(dispatch_get_main_queue(), ^{

  92.         handler(error);

  93.       });

  94.     }

  95.   });

  96. }

  97. 

  98. - (void)addItemWithQuery:(NSDictionary *)keychainQuery handler:(void (^)(NSError *))handler {

  99.   dispatch_async(_keychainOperationQueue, ^{

  100.     OSStatus status = SecItemAdd((__bridge CFDictionaryRef)keychainQuery, NULL);

  101. 

  102.     if (handler) {

  103.       NSError *error;

  104.       if (status != noErr) {

  105.         FIRInstanceIDLoggerWarning(kFIRInstanceIDKeychainAddItemError,

  106.                                    @"Couldn't add item to Keychain OSStatus: %d", (int)status);

  107.         error = [NSError errorWithDomain:kFIRInstanceIDKeychainErrorDomain

  108.                                     code:status

  109.                                 userInfo:nil];

  110.       }

  111.       dispatch_async(dispatch_get_main_queue(), ^{

  112.         handler(error);

  113.       });

  114.     }

  115.   });

  116. }

  117. 

  118. - (FIRInstanceIDKeyPair *)generateKeyPairWithPrivateTag:(NSString *)privateTag

  119.                                               publicTag:(NSString *)publicTag {

  120.   // TODO(chliangGoogle) this is called by appInstanceID, which is an internal API used by other

  121.   // Firebase teams, will see if we can make it async.

  122.   NSData *publicTagData = [publicTag dataUsingEncoding:NSUTF8StringEncoding];

  123.   NSData *privateTagData = [privateTag dataUsingEncoding:NSUTF8StringEncoding];

  124. 

  125.   NSDictionary *privateKeyAttr = @{

  126.     (__bridge id)kSecAttrIsPermanent : @YES,

  127.     (__bridge id)kSecAttrApplicationTag : privateTagData,

  128.     (__bridge id)kSecAttrLabel : @"Firebase InstanceID Key Pair Private Key",

  129.     (__bridge id)kSecAttrAccessible : (__bridge id)kSecAttrAccessibleAlwaysThisDeviceOnly,

  130.   };

  131. 

  132.   NSDictionary *publicKeyAttr = @{

  133.     (__bridge id)kSecAttrIsPermanent : @YES,

  134.     (__bridge id)kSecAttrApplicationTag : publicTagData,

  135.     (__bridge id)kSecAttrLabel : @"Firebase InstanceID Key Pair Public Key",

  136.     (__bridge id)kSecAttrAccessible : (__bridge id)kSecAttrAccessibleAlwaysThisDeviceOnly,

  137.   };

  138. 

  139.   NSDictionary *keyPairAttributes = @{

  140.     (__bridge id)kSecAttrKeyType : (__bridge id)kSecAttrKeyTypeRSA,

  141.     (__bridge id)kSecAttrLabel : @"Firebase InstanceID Key Pair",

  142.     (__bridge id)kSecAttrKeySizeInBits : @(kRSA2048KeyPairSize),

  143.     (__bridge id)kSecPrivateKeyAttrs : privateKeyAttr,

  144.     (__bridge id)kSecPublicKeyAttrs : publicKeyAttr,

  145.   };

  146. 

  147.   __block SecKeyRef privateKey = NULL;

  148.   __block SecKeyRef publicKey = NULL;

  149.   dispatch_sync(_keychainOperationQueue, ^{

  150.     // SecKeyGeneratePair does not allow you to set kSetAttrAccessible on the keys. We need the keys

  151.     // to be accessible even when the device is locked (i.e. app is woken up during a push

  152.     // notification, or some background refresh).

  153.     OSStatus status =

  154.         SecKeyGeneratePair((__bridge CFDictionaryRef)keyPairAttributes, &publicKey, &privateKey);

  155.     if (status != noErr || publicKey == NULL || privateKey == NULL) {

  156.       FIRInstanceIDLoggerWarning(kFIRInstanceIDKeychainCreateKeyPairError,

  157.                                  @"Couldn't create keypair from Keychain OSStatus: %d",

  158.                                  (int)status);

  159.     }

  160.   });

  161.   // Extract the actual public and private key data from the Keychain

  162.   NSDictionary *publicKeyDataQuery = FIRInstanceIDKeyPairQuery(publicTag, YES, YES);

  163.   NSDictionary *privateKeyDataQuery = FIRInstanceIDKeyPairQuery(privateTag, YES, YES);

  164. 

  165.   NSData *publicKeyData = (__bridge NSData *)[self itemWithQuery:publicKeyDataQuery];

  166.   NSData *privateKeyData = (__bridge NSData *)[self itemWithQuery:privateKeyDataQuery];

  167. 

  168.   return [[FIRInstanceIDKeyPair alloc] initWithPrivateKey:privateKey

  169.                                                 publicKey:publicKey

  170.                                             publicKeyData:publicKeyData

  171.                                            privateKeyData:privateKeyData];

  172. }

  173. 

  174. @end