Marle
/
iOS
Watch 1
Star 1
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
No Description
7 Commits
2 Branches
Tree: 5cb2db297c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5cb2db297c'
${ noResults }
iOS/Pods/FirebaseAuth/Firebase/Auth/Source/FIRAuthKeychain.m

FIRAuthKeychain.m 8.5KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260 
  1. /*

  2.  * Copyright 2017 Google

  3.  *

  4.  * Licensed under the Apache License, Version 2.0 (the "License");

  5.  * you may not use this file except in compliance with the License.

  6.  * You may obtain a copy of the License at

  7.  *

  8.  *      http://www.apache.org/licenses/LICENSE-2.0

  9.  *

  10.  * Unless required by applicable law or agreed to in writing, software

  11.  * distributed under the License is distributed on an "AS IS" BASIS,

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13.  * See the License for the specific language governing permissions and

  14.  * limitations under the License.

  15.  */

  16. 

  17. #import "FIRAuthKeychain.h"

  18. 

  19. #import <Security/Security.h>

  20. 

  21. #import "FIRAuthErrorUtils.h"

  22. #import "FIRAuthUserDefaultsStorage.h"

  23. 

  24. #if FIRAUTH_USER_DEFAULTS_STORAGE_AVAILABLE

  25. #import <UIKit/UIKit.h>

  26. 

  27. /** @var kOSVersionMatcherForUsingUserDefaults

  28.     @brief The regular expression to match all OS versions that @c FIRAuthUserDefaultsStorage is

  29.         used instead if available.

  30.  */

  31. static NSString *const kOSVersionMatcherForUsingUserDefaults = @"^10\\.[01](\\..*)?$";

  32. 

  33. #endif  // FIRAUTH_USER_DEFAULTS_STORAGE_AVAILABLE

  34. 

  35. /** @var kAccountPrefix

  36.     @brief The prefix string for keychain item account attribute before the key.

  37.     @remarks A number "1" is encoded in the prefix in case we need to upgrade the scheme in future.

  38.  */

  39. static NSString *const kAccountPrefix = @"firebase_auth_1_";

  40. 

  41. NS_ASSUME_NONNULL_BEGIN

  42. 

  43. @implementation FIRAuthKeychain {

  44.   /** @var _service

  45.       @brief The name of the keychain service.

  46.    */

  47.   NSString *_service;

  48. 

  49.   /** @var _legacyItemDeletedForKey

  50.       @brief Indicates whether or not this class knows that the legacy item for a particular key has

  51.           been deleted.

  52.       @remarks This dictionary is to avoid unecessary keychain operations against legacy items.

  53.    */

  54.   NSMutableDictionary *_legacyEntryDeletedForKey;

  55. }

  56. 

  57. - (id<FIRAuthStorage>)initWithService:(NSString *)service {

  58. 

  59. #if FIRAUTH_USER_DEFAULTS_STORAGE_AVAILABLE

  60. 

  61.   NSString *OSVersion = [UIDevice currentDevice].systemVersion;

  62.   NSRegularExpression *regex =

  63.       [NSRegularExpression regularExpressionWithPattern:kOSVersionMatcherForUsingUserDefaults

  64.                                                 options:0

  65.                                                   error:NULL];

  66.   if ([regex numberOfMatchesInString:OSVersion options:0 range:NSMakeRange(0, OSVersion.length)]) {

  67.     return (id<FIRAuthStorage>)[[FIRAuthUserDefaultsStorage alloc] initWithService:service];

  68.   }

  69. 

  70. #endif  // FIRAUTH_USER_DEFAULTS_STORAGE_AVAILABLE

  71. 

  72.   self = [super init];

  73.   if (self) {

  74.     _service = [service copy];

  75.     _legacyEntryDeletedForKey = [[NSMutableDictionary alloc] init];

  76.   }

  77.   return self;

  78. }

  79. 

  80. - (nullable NSData *)dataForKey:(NSString *)key error:(NSError **_Nullable)error {

  81.   if (!key.length) {

  82.     [NSException raise:NSInvalidArgumentException

  83.                 format:@"%@", @"The key cannot be nil or empty."];

  84.     return nil;

  85.   }

  86.   NSData *data = [self itemWithQuery:[self genericPasswordQueryWithKey:key] error:error];

  87.   if (error && *error) {

  88.     return nil;

  89.   }

  90.   if (data) {

  91.     return data;

  92.   }

  93.   // Check for legacy form.

  94.   if (_legacyEntryDeletedForKey[key]) {

  95.     return nil;

  96.   }

  97.   data = [self itemWithQuery:[self legacyGenericPasswordQueryWithKey:key] error:error];

  98.   if (error && *error) {

  99.     return nil;

  100.   }

  101.   if (!data) {

  102.     // Mark legacy data as non-existing so we don't have to query it again.

  103.     _legacyEntryDeletedForKey[key] = @YES;

  104.     return nil;

  105.   }

  106.   // Move the data to current form.

  107.   if (![self setData:data forKey:key error:error]) {

  108.     return nil;

  109.   }

  110.   [self deleteLegacyItemWithKey:key];

  111.   return data;

  112. }

  113. 

  114. - (BOOL)setData:(NSData *)data forKey:(NSString *)key error:(NSError **_Nullable)error {

  115.   if (!key.length) {

  116.     [NSException raise:NSInvalidArgumentException

  117.                 format:@"%@", @"The key cannot be nil or empty."];

  118.     return NO;

  119.   }

  120.   NSDictionary *attributes = @{

  121.     (__bridge id)kSecValueData : data,

  122.     (__bridge id)kSecAttrAccessible : (__bridge id)kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly,

  123.   };

  124.   return [self setItemWithQuery:[self genericPasswordQueryWithKey:key]

  125.                      attributes:attributes

  126.                           error:error];

  127. }

  128. 

  129. - (BOOL)removeDataForKey:(NSString *)key error:(NSError **_Nullable)error {

  130.   if (!key.length) {

  131.     [NSException raise:NSInvalidArgumentException

  132.                 format:@"%@", @"The key cannot be nil or empty."];

  133.     return NO;

  134.   }

  135.   if (![self deleteItemWithQuery:[self genericPasswordQueryWithKey:key] error:error]) {

  136.     return NO;

  137.   }

  138.   // Legacy form item, if exists, also needs to be removed, otherwise it will be exposed when

  139.   // current form item is removed, leading to incorrect semantics.

  140.   [self deleteLegacyItemWithKey:key];

  141.   return YES;

  142. }

  143. 

  144. #pragma mark - Private

  145. 

  146. - (NSData *)itemWithQuery:(NSDictionary *)query error:(NSError **_Nullable)error {

  147.   NSMutableDictionary *returningQuery = [query mutableCopy];

  148.   returningQuery[(__bridge id)kSecReturnData] = @YES;

  149.   returningQuery[(__bridge id)kSecReturnAttributes] = @YES;

  150.   // Using a match limit of 2 means that we can check whether there is more than one item.

  151.   // If we used a match limit of 1 we would never find out.

  152.   returningQuery[(__bridge id)kSecMatchLimit] = @2;

  153. 

  154.   CFArrayRef result = NULL;

  155.   OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)returningQuery,

  156.                                         (CFTypeRef *)&result);

  157. 

  158.   if (status == noErr && result != NULL) {

  159.    NSArray *items = (__bridge_transfer NSArray *)result;

  160.     if (items.count != 1) {

  161.       if (error) {

  162.         *error = [FIRAuthErrorUtils keychainErrorWithFunction:@"SecItemCopyMatching"

  163.                                                        status:status];

  164.       }

  165.       return nil;

  166.     }

  167. 

  168.     if (error) {

  169.       *error = nil;

  170.     }

  171.     NSDictionary *item = items[0];

  172.     return item[(__bridge id)kSecValueData];

  173.   }

  174. 

  175.   if (status == errSecItemNotFound) {

  176.     if (error) {

  177.       *error = nil;

  178.     }

  179.   } else {

  180.     if (error) {

  181.       *error = [FIRAuthErrorUtils keychainErrorWithFunction:@"SecItemCopyMatching" status:status];

  182.     }

  183.   }

  184.   return nil;

  185. }

  186. 

  187. - (BOOL)setItemWithQuery:(NSDictionary *)query

  188.               attributes:(NSDictionary *)attributes

  189.                    error:(NSError **_Nullable)error {

  190.   NSMutableDictionary *combined = [attributes mutableCopy];

  191.   [combined addEntriesFromDictionary:query];

  192.   BOOL hasItem = NO;

  193.   OSStatus status = SecItemAdd((__bridge CFDictionaryRef)combined, NULL);

  194. 

  195.   if (status == errSecDuplicateItem) {

  196.     hasItem = YES;

  197.     status = SecItemUpdate((__bridge CFDictionaryRef)query, (__bridge CFDictionaryRef)attributes);

  198.   }

  199. 

  200.   if (status == noErr) {

  201.     return YES;

  202.   }

  203.   if (error) {

  204.     NSString *function = hasItem ? @"SecItemUpdate" : @"SecItemAdd";

  205.     *error = [FIRAuthErrorUtils keychainErrorWithFunction:function status:status];

  206.   }

  207.   return NO;

  208. }

  209. 

  210. - (BOOL)deleteItemWithQuery:(NSDictionary *)query error:(NSError **_Nullable)error {

  211.   OSStatus status = SecItemDelete((__bridge CFDictionaryRef)query);

  212.   if (status == noErr || status == errSecItemNotFound) {

  213.     return YES;

  214.   }

  215.   if (error) {

  216.     *error = [FIRAuthErrorUtils keychainErrorWithFunction:@"SecItemDelete" status:status];

  217.   }

  218.   return NO;

  219. }

  220. 

  221. /** @fn deleteLegacyItemsWithKey:

  222.     @brief Deletes legacy item from the keychain if it is not already known to be deleted.

  223.     @param key The key for the item.

  224.  */

  225. - (void)deleteLegacyItemWithKey:(NSString *)key {

  226.   if (_legacyEntryDeletedForKey[key]) {

  227.     return;

  228.   }

  229.   NSDictionary *query = [self legacyGenericPasswordQueryWithKey:key];

  230.   SecItemDelete((__bridge CFDictionaryRef)query);

  231.   _legacyEntryDeletedForKey[key] = @YES;

  232. }

  233. 

  234. /** @fn genericPasswordQueryWithKey:

  235.     @brief Returns a keychain query of generic password to be used to manipulate key'ed value.

  236.     @param key The key for the value being manipulated, used as the account field in the query.

  237.  */

  238. - (NSDictionary *)genericPasswordQueryWithKey:(NSString *)key {

  239.   return @{

  240.     (__bridge id)kSecClass : (__bridge id)kSecClassGenericPassword,

  241.     (__bridge id)kSecAttrAccount : [kAccountPrefix stringByAppendingString:key],

  242.     (__bridge id)kSecAttrService : _service,

  243.   };

  244. }

  245. 

  246. /** @fn legacyGenericPasswordQueryWithKey:

  247.     @brief Returns a keychain query of generic password without service field, which is used by

  248.         previous version of this class.

  249.     @param key The key for the value being manipulated, used as the account field in the query.

  250.  */

  251. - (NSDictionary *)legacyGenericPasswordQueryWithKey:(NSString *)key {

  252.   return @{

  253.     (__bridge id)kSecClass : (__bridge id)kSecClassGenericPassword,

  254.     (__bridge id)kSecAttrAccount : key,

  255.   };

  256. }

  257. 

  258. @end

  259. 

  260. NS_ASSUME_NONNULL_END