dwayne
/
elpha-ios
1
0
Fork 0
Code Releases Activity
[ABANDONED] Mastodon iOS client.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
99 Commits
1 Branch
0 Tags
581 KiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
elpha-ios/elpha-ios/KeychainWrapper.swift

445 lines
21 KiB
Raw Permalink Normal View History

Initial commit
6 years ago
  1. //
  2. // KeychainWrapper.swift
  3. // KeychainWrapper
  4. //
  5. // Created by Jason Rendel on 9/23/14.
  6. // Copyright (c) 2014 Jason Rendel. All rights reserved.
  7. //
  8. // The MIT License (MIT)
  9. //
  10. // Permission is hereby granted, free of charge, to any person obtaining a copy
  11. // of this software and associated documentation files (the "Software"), to deal
  12. // in the Software without restriction, including without limitation the rights
  13. // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
  14. // copies of the Software, and to permit persons to whom the Software is
  15. // furnished to do so, subject to the following conditions:
  16. //
  17. // The above copyright notice and this permission notice shall be included in all
  18. // copies or substantial portions of the Software.
  19. //
  20. // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
  21. // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
  22. // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
  23. // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  24. // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  25. // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  26. // SOFTWARE.
  28. import Foundation
  31. private let SecMatchLimit: String! = kSecMatchLimit as String
  32. private let SecReturnData: String! = kSecReturnData as String
  33. private let SecReturnPersistentRef: String! = kSecReturnPersistentRef as String
  34. private let SecValueData: String! = kSecValueData as String
  35. private let SecAttrAccessible: String! = kSecAttrAccessible as String
  36. private let SecClass: String! = kSecClass as String
  37. private let SecAttrService: String! = kSecAttrService as String
  38. private let SecAttrGeneric: String! = kSecAttrGeneric as String
  39. private let SecAttrAccount: String! = kSecAttrAccount as String
  40. private let SecAttrAccessGroup: String! = kSecAttrAccessGroup as String
  41. private let SecReturnAttributes: String = kSecReturnAttributes as String
  43. /// KeychainWrapper is a class to help make Keychain access in Swift more straightforward. It is designed to make accessing the Keychain services more like using NSUserDefaults, which is much more familiar to people.
  44. open class KeychainWrapper {
  46. @available(*, deprecated: 2.2.1, message: "KeychainWrapper.defaultKeychainWrapper is deprecated, use KeychainWrapper.standard instead")
  47. public static let defaultKeychainWrapper = KeychainWrapper.standard
  49. /// Default keychain wrapper access
  50. public static let standard = KeychainWrapper()
  52. /// ServiceName is used for the kSecAttrService property to uniquely identify this keychain accessor. If no service name is specified, KeychainWrapper will default to using the bundleIdentifier.
  53. private (set) public var serviceName: String
  55. /// AccessGroup is used for the kSecAttrAccessGroup property to identify which Keychain Access Group this entry belongs to. This allows you to use the KeychainWrapper with shared keychain access between different applications.
  56. private (set) public var accessGroup: String?
  58. private static let defaultServiceName: String = {
  59. return Bundle.main.bundleIdentifier ?? "SwiftKeychainWrapper"
  60. }()
  62. private convenience init() {
  63. self.init(serviceName: KeychainWrapper.defaultServiceName)
  64. }
  66. /// Create a custom instance of KeychainWrapper with a custom Service Name and optional custom access group.
  67. ///
  68. /// - parameter serviceName: The ServiceName for this instance. Used to uniquely identify all keys stored using this keychain wrapper instance.
  69. /// - parameter accessGroup: Optional unique AccessGroup for this instance. Use a matching AccessGroup between applications to allow shared keychain access.
  70. public init(serviceName: String, accessGroup: String? = nil) {
  71. self.serviceName = serviceName
  72. self.accessGroup = accessGroup
  73. }
  75. // MARK:- Public Methods
  77. /// Checks if keychain data exists for a specified key.
  78. ///
  79. /// - parameter forKey: The key to check for.
  80. /// - parameter withAccessibility: Optional accessibility to use when retrieving the keychain item.
  81. /// - returns: True if a value exists for the key. False otherwise.
  82. open func hasValue(forKey key: String, withAccessibility accessibility: KeychainItemAccessibility? = nil) -> Bool {
  83. if let _ = data(forKey: key, withAccessibility: accessibility) {
  84. return true
  85. } else {
  86. return false
  87. }
  88. }
  90. open func accessibilityOfKey(_ key: String) -> KeychainItemAccessibility? {
  91. var keychainQueryDictionary = setupKeychainQueryDictionary(forKey: key)
  93. // Remove accessibility attribute
  94. keychainQueryDictionary.removeValue(forKey: SecAttrAccessible)
  96. // Limit search results to one
  97. keychainQueryDictionary[SecMatchLimit] = kSecMatchLimitOne
  99. // Specify we want SecAttrAccessible returned
  100. keychainQueryDictionary[SecReturnAttributes] = kCFBooleanTrue
  102. // Search
  103. var result: AnyObject?
  104. let status = SecItemCopyMatching(keychainQueryDictionary as CFDictionary, &result)
  106. guard status == noErr, let resultsDictionary = result as? [String:AnyObject], let accessibilityAttrValue = resultsDictionary[SecAttrAccessible] as? String else {
  107. return nil
  108. }
  110. return KeychainItemAccessibility.accessibilityForAttributeValue(accessibilityAttrValue as CFString)
  111. }
  113. /// Get the keys of all keychain entries matching the current ServiceName and AccessGroup if one is set.
  114. open func allKeys() -> Set<String> {
  115. var keychainQueryDictionary: [String:Any] = [
  116. SecClass: kSecClassGenericPassword,
  117. SecAttrService: serviceName,
  118. SecReturnAttributes: kCFBooleanTrue,
  119. SecMatchLimit: kSecMatchLimitAll,
  120. ]
  122. if let accessGroup = self.accessGroup {
  123. keychainQueryDictionary[SecAttrAccessGroup] = accessGroup
  124. }
  126. var result: AnyObject?
  127. let status = SecItemCopyMatching(keychainQueryDictionary as CFDictionary, &result)
  129. guard status == errSecSuccess else { return [] }
  131. var keys = Set<String>()
  132. if let results = result as? [[AnyHashable: Any]] {
  133. for attributes in results {
  134. if let accountData = attributes[SecAttrAccount] as? Data,
  135. let account = String(data: accountData, encoding: String.Encoding.utf8) {
  136. keys.insert(account)
  137. }
  138. }
  139. }
  140. return keys
  141. }
  143. // MARK: Public Getters
  145. open func integer(forKey key: String, withAccessibility accessibility: KeychainItemAccessibility? = nil) -> Int? {
  146. guard let numberValue = object(forKey: key, withAccessibility: accessibility) as? NSNumber else {
  147. return nil
  148. }
  150. return numberValue.intValue
  151. }
  153. open func float(forKey key: String, withAccessibility accessibility: KeychainItemAccessibility? = nil) -> Float? {
  154. guard let numberValue = object(forKey: key, withAccessibility: accessibility) as? NSNumber else {
  155. return nil
  156. }
  158. return numberValue.floatValue
  159. }
  161. open func double(forKey key: String, withAccessibility accessibility: KeychainItemAccessibility? = nil) -> Double? {
  162. guard let numberValue = object(forKey: key, withAccessibility: accessibility) as? NSNumber else {
  163. return nil
  164. }
  166. return numberValue.doubleValue
  167. }
  169. open func bool(forKey key: String, withAccessibility accessibility: KeychainItemAccessibility? = nil) -> Bool? {
  170. guard let numberValue = object(forKey: key, withAccessibility: accessibility) as? NSNumber else {
  171. return nil
  172. }
  174. return numberValue.boolValue
  175. }
  177. /// Returns a string value for a specified key.
  178. ///
  179. /// - parameter forKey: The key to lookup data for.
  180. /// - parameter withAccessibility: Optional accessibility to use when retrieving the keychain item.
  181. /// - returns: The String associated with the key if it exists. If no data exists, or the data found cannot be encoded as a string, returns nil.
  182. open func string(forKey key: String, withAccessibility accessibility: KeychainItemAccessibility? = nil) -> String? {
  183. guard let keychainData = data(forKey: key, withAccessibility: accessibility) else {
  184. return nil
  185. }
  187. return String(data: keychainData, encoding: String.Encoding.utf8) as String?
  188. }
  190. /// Returns an object that conforms to NSCoding for a specified key.
  191. ///
  192. /// - parameter forKey: The key to lookup data for.
  193. /// - parameter withAccessibility: Optional accessibility to use when retrieving the keychain item.
  194. /// - returns: The decoded object associated with the key if it exists. If no data exists, or the data found cannot be decoded, returns nil.
  195. open func object(forKey key: String, withAccessibility accessibility: KeychainItemAccessibility? = nil) -> NSCoding? {
  196. guard let keychainData = data(forKey: key, withAccessibility: accessibility) else {
  197. return nil
  198. }
  200. return NSKeyedUnarchiver.unarchiveObject(with: keychainData) as? NSCoding
  201. }
  204. /// Returns a Data object for a specified key.
  205. ///
  206. /// - parameter forKey: The key to lookup data for.
  207. /// - parameter withAccessibility: Optional accessibility to use when retrieving the keychain item.
  208. /// - returns: The Data object associated with the key if it exists. If no data exists, returns nil.
  209. open func data(forKey key: String, withAccessibility accessibility: KeychainItemAccessibility? = nil) -> Data? {
  210. var keychainQueryDictionary = setupKeychainQueryDictionary(forKey: key, withAccessibility: accessibility)
  212. // Limit search results to one
  213. keychainQueryDictionary[SecMatchLimit] = kSecMatchLimitOne
  215. // Specify we want Data/CFData returned
  216. keychainQueryDictionary[SecReturnData] = kCFBooleanTrue
  218. // Search
  219. var result: AnyObject?
  220. let status = SecItemCopyMatching(keychainQueryDictionary as CFDictionary, &result)
  222. return status == noErr ? result as? Data : nil
  223. }
  226. /// Returns a persistent data reference object for a specified key.
  227. ///
  228. /// - parameter forKey: The key to lookup data for.
  229. /// - parameter withAccessibility: Optional accessibility to use when retrieving the keychain item.
  230. /// - returns: The persistent data reference object associated with the key if it exists. If no data exists, returns nil.
  231. open func dataRef(forKey key: String, withAccessibility accessibility: KeychainItemAccessibility? = nil) -> Data? {
  232. var keychainQueryDictionary = setupKeychainQueryDictionary(forKey: key, withAccessibility: accessibility)
  234. // Limit search results to one
  235. keychainQueryDictionary[SecMatchLimit] = kSecMatchLimitOne
  237. // Specify we want persistent Data/CFData reference returned
  238. keychainQueryDictionary[SecReturnPersistentRef] = kCFBooleanTrue
  240. // Search
  241. var result: AnyObject?
  242. let status = SecItemCopyMatching(keychainQueryDictionary as CFDictionary, &result)
  244. return status == noErr ? result as? Data : nil
  245. }
  247. // MARK: Public Setters
  249. @discardableResult open func set(_ value: Int, forKey key: String, withAccessibility accessibility: KeychainItemAccessibility? = nil) -> Bool {
  250. return set(NSNumber(value: value), forKey: key, withAccessibility: accessibility)
  251. }
  253. @discardableResult open func set(_ value: Float, forKey key: String, withAccessibility accessibility: KeychainItemAccessibility? = nil) -> Bool {
  254. return set(NSNumber(value: value), forKey: key, withAccessibility: accessibility)
  255. }
  257. @discardableResult open func set(_ value: Double, forKey key: String, withAccessibility accessibility: KeychainItemAccessibility? = nil) -> Bool {
  258. return set(NSNumber(value: value), forKey: key, withAccessibility: accessibility)
  259. }
  261. @discardableResult open func set(_ value: Bool, forKey key: String, withAccessibility accessibility: KeychainItemAccessibility? = nil) -> Bool {
  262. return set(NSNumber(value: value), forKey: key, withAccessibility: accessibility)
  263. }
  265. /// Save a String value to the keychain associated with a specified key. If a String value already exists for the given key, the string will be overwritten with the new value.
  266. ///
  267. /// - parameter value: The String value to save.
  268. /// - parameter forKey: The key to save the String under.
  269. /// - parameter withAccessibility: Optional accessibility to use when setting the keychain item.
  270. /// - returns: True if the save was successful, false otherwise.
  271. @discardableResult open func set(_ value: String, forKey key: String, withAccessibility accessibility: KeychainItemAccessibility? = nil) -> Bool {
  272. if let data = value.data(using: .utf8) {
  273. return set(data, forKey: key, withAccessibility: accessibility)
  274. } else {
  275. return false
  276. }
  277. }
  279. /// Save an NSCoding compliant object to the keychain associated with a specified key. If an object already exists for the given key, the object will be overwritten with the new value.
  280. ///
  281. /// - parameter value: The NSCoding compliant object to save.
  282. /// - parameter forKey: The key to save the object under.
  283. /// - parameter withAccessibility: Optional accessibility to use when setting the keychain item.
  284. /// - returns: True if the save was successful, false otherwise.
  285. @discardableResult open func set(_ value: NSCoding, forKey key: String, withAccessibility accessibility: KeychainItemAccessibility? = nil) -> Bool {
  286. let data = NSKeyedArchiver.archivedData(withRootObject: value)
  288. return set(data, forKey: key, withAccessibility: accessibility)
  289. }
  291. /// Save a Data object to the keychain associated with a specified key. If data already exists for the given key, the data will be overwritten with the new value.
  292. ///
  293. /// - parameter value: The Data object to save.
  294. /// - parameter forKey: The key to save the object under.
  295. /// - parameter withAccessibility: Optional accessibility to use when setting the keychain item.
  296. /// - returns: True if the save was successful, false otherwise.
  297. @discardableResult open func set(_ value: Data, forKey key: String, withAccessibility accessibility: KeychainItemAccessibility? = nil) -> Bool {
  298. var keychainQueryDictionary: [String:Any] = setupKeychainQueryDictionary(forKey: key, withAccessibility: accessibility)
  300. keychainQueryDictionary[SecValueData] = value
  302. if let accessibility = accessibility {
  303. keychainQueryDictionary[SecAttrAccessible] = accessibility.keychainAttrValue
  304. } else {
  305. // Assign default protection - Protect the keychain entry so it's only valid when the device is unlocked
  306. keychainQueryDictionary[SecAttrAccessible] = KeychainItemAccessibility.whenUnlocked.keychainAttrValue
  307. }
  309. let status: OSStatus = SecItemAdd(keychainQueryDictionary as CFDictionary, nil)
  311. if status == errSecSuccess {
  312. return true
  313. } else if status == errSecDuplicateItem {
  314. return update(value, forKey: key, withAccessibility: accessibility)
  315. } else {
  316. return false
  317. }
  318. }
  320. @available(*, deprecated: 2.2.1, message: "remove is deprecated, use removeObject instead")
  321. @discardableResult open func remove(key: String, withAccessibility accessibility: KeychainItemAccessibility? = nil) -> Bool {
  322. return removeObject(forKey: key, withAccessibility: accessibility)
  323. }
  325. /// Remove an object associated with a specified key. If re-using a key but with a different accessibility, first remove the previous key value using removeObjectForKey(:withAccessibility) using the same accessibilty it was saved with.
  326. ///
  327. /// - parameter forKey: The key value to remove data for.
  328. /// - parameter withAccessibility: Optional accessibility level to use when looking up the keychain item.
  329. /// - returns: True if successful, false otherwise.
  330. @discardableResult open func removeObject(forKey key: String, withAccessibility accessibility: KeychainItemAccessibility? = nil) -> Bool {
  331. let keychainQueryDictionary: [String:Any] = setupKeychainQueryDictionary(forKey: key, withAccessibility: accessibility)
  333. // Delete
  334. let status: OSStatus = SecItemDelete(keychainQueryDictionary as CFDictionary)
  336. if status == errSecSuccess {
  337. return true
  338. } else {
  339. return false
  340. }
  341. }
  343. /// Remove all keychain data added through KeychainWrapper. This will only delete items matching the currnt ServiceName and AccessGroup if one is set.
  344. open func removeAllKeys() -> Bool {
  345. // Setup dictionary to access keychain and specify we are using a generic password (rather than a certificate, internet password, etc)
  346. var keychainQueryDictionary: [String:Any] = [SecClass:kSecClassGenericPassword]
  348. // Uniquely identify this keychain accessor
  349. keychainQueryDictionary[SecAttrService] = serviceName
  351. // Set the keychain access group if defined
  352. if let accessGroup = self.accessGroup {
  353. keychainQueryDictionary[SecAttrAccessGroup] = accessGroup
  354. }
  356. let status: OSStatus = SecItemDelete(keychainQueryDictionary as CFDictionary)
  358. if status == errSecSuccess {
  359. return true
  360. } else {
  361. return false
  362. }
  363. }
  365. /// Remove all keychain data, including data not added through keychain wrapper.
  366. ///
  367. /// - Warning: This may remove custom keychain entries you did not add via SwiftKeychainWrapper.
  368. ///
  369. open class func wipeKeychain() {
  370. deleteKeychainSecClass(kSecClassGenericPassword) // Generic password items
  371. deleteKeychainSecClass(kSecClassInternetPassword) // Internet password items
  372. deleteKeychainSecClass(kSecClassCertificate) // Certificate items
  373. deleteKeychainSecClass(kSecClassKey) // Cryptographic key items
  374. deleteKeychainSecClass(kSecClassIdentity) // Identity items
  375. }
  377. // MARK:- Private Methods
  379. /// Remove all items for a given Keychain Item Class
  380. ///
  381. ///
  382. @discardableResult private class func deleteKeychainSecClass(_ secClass: AnyObject) -> Bool {
  383. let query = [SecClass: secClass]
  384. let status: OSStatus = SecItemDelete(query as CFDictionary)
  386. if status == errSecSuccess {
  387. return true
  388. } else {
  389. return false
  390. }
  391. }
  393. /// Update existing data associated with a specified key name. The existing data will be overwritten by the new data.
  394. private func update(_ value: Data, forKey key: String, withAccessibility accessibility: KeychainItemAccessibility? = nil) -> Bool {
  395. var keychainQueryDictionary: [String:Any] = setupKeychainQueryDictionary(forKey: key, withAccessibility: accessibility)
  396. let updateDictionary = [SecValueData:value]
  398. // on update, only set accessibility if passed in
  399. if let accessibility = accessibility {
  400. keychainQueryDictionary[SecAttrAccessible] = accessibility.keychainAttrValue
  401. }
  403. // Update
  404. let status: OSStatus = SecItemUpdate(keychainQueryDictionary as CFDictionary, updateDictionary as CFDictionary)
  406. if status == errSecSuccess {
  407. return true
  408. } else {
  409. return false
  410. }
  411. }
  413. /// Setup the keychain query dictionary used to access the keychain on iOS for a specified key name. Takes into account the Service Name and Access Group if one is set.
  414. ///
  415. /// - parameter forKey: The key this query is for
  416. /// - parameter withAccessibility: Optional accessibility to use when setting the keychain item. If none is provided, will default to .WhenUnlocked
  417. /// - returns: A dictionary with all the needed properties setup to access the keychain on iOS
  418. private func setupKeychainQueryDictionary(forKey key: String, withAccessibility accessibility: KeychainItemAccessibility? = nil) -> [String:Any] {
  419. // Setup default access as generic password (rather than a certificate, internet password, etc)
  420. var keychainQueryDictionary: [String:Any] = [SecClass:kSecClassGenericPassword]
  422. // Uniquely identify this keychain accessor
  423. keychainQueryDictionary[SecAttrService] = serviceName
  425. // Only set accessibiilty if its passed in, we don't want to default it here in case the user didn't want it set
  426. if let accessibility = accessibility {
  427. keychainQueryDictionary[SecAttrAccessible] = accessibility.keychainAttrValue
  428. }
  430. // Set the keychain access group if defined
  431. if let accessGroup = self.accessGroup {
  432. keychainQueryDictionary[SecAttrAccessGroup] = accessGroup
  433. }
  435. // Uniquely identify the account who will be accessing the keychain
  436. let encodedIdentifier: Data? = key.data(using: String.Encoding.utf8)
  438. keychainQueryDictionary[SecAttrGeneric] = encodedIdentifier
  440. keychainQueryDictionary[SecAttrAccount] = encodedIdentifier
  442. return keychainQueryDictionary
  443. }
  444. }