diff --git a/MASFoundation.xcodeproj/project.pbxproj b/MASFoundation.xcodeproj/project.pbxproj index aab8da93..cac3bf9e 100644 --- a/MASFoundation.xcodeproj/project.pbxproj +++ b/MASFoundation.xcodeproj/project.pbxproj @@ -310,6 +310,8 @@ CB1907F91C17950700A5EF16 /* MASAccessService.m in Sources */ = {isa = PBXBuildFile; fileRef = CB1907F71C17950700A5EF16 /* MASAccessService.m */; }; CB1C151E1E450109002B31A5 /* NSURL+MASPrivate.h in Headers */ = {isa = PBXBuildFile; fileRef = CB1C151C1E450109002B31A5 /* NSURL+MASPrivate.h */; }; CB1C151F1E450109002B31A5 /* NSURL+MASPrivate.m in Sources */ = {isa = PBXBuildFile; fileRef = CB1C151D1E450109002B31A5 /* NSURL+MASPrivate.m */; }; + CB1FD14B1FB23701000AFA25 /* MASSharedStorage.h in Headers */ = {isa = PBXBuildFile; fileRef = CB1FD1491FB23701000AFA25 /* MASSharedStorage.h */; settings = {ATTRIBUTES = (Public, ); }; }; + CB1FD14C1FB23701000AFA25 /* MASSharedStorage.m in Sources */ = {isa = PBXBuildFile; fileRef = CB1FD14A1FB23701000AFA25 /* MASSharedStorage.m */; }; CB2357921F0EF53600D4C420 /* MASURLSessionManager.h in Headers */ = {isa = PBXBuildFile; fileRef = CB2357901F0EF53600D4C420 /* MASURLSessionManager.h */; }; CB2357931F0EF53600D4C420 /* MASURLSessionManager.m in Sources */ = {isa = PBXBuildFile; fileRef = CB2357911F0EF53600D4C420 /* MASURLSessionManager.m */; }; CB2357961F0EFDEA00D4C420 /* MASSessionTaskOperation.h in Headers */ = {isa = PBXBuildFile; fileRef = CB2357941F0EFDEA00D4C420 /* MASSessionTaskOperation.h */; }; @@ -735,6 +737,8 @@ CB1907F71C17950700A5EF16 /* MASAccessService.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MASAccessService.m; sourceTree = ""; }; CB1C151C1E450109002B31A5 /* NSURL+MASPrivate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = "NSURL+MASPrivate.h"; sourceTree = ""; }; CB1C151D1E450109002B31A5 /* NSURL+MASPrivate.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = "NSURL+MASPrivate.m"; sourceTree = ""; }; + CB1FD1491FB23701000AFA25 /* MASSharedStorage.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MASSharedStorage.h; sourceTree = ""; }; + CB1FD14A1FB23701000AFA25 /* MASSharedStorage.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MASSharedStorage.m; sourceTree = ""; }; CB2357901F0EF53600D4C420 /* MASURLSessionManager.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MASURLSessionManager.h; sourceTree = ""; }; CB2357911F0EF53600D4C420 /* MASURLSessionManager.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MASURLSessionManager.m; sourceTree = ""; }; CB2357941F0EFDEA00D4C420 /* MASSessionTaskOperation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MASSessionTaskOperation.h; sourceTree = ""; }; @@ -1342,6 +1346,8 @@ CB14D2181D02266D004F772E /* MASProximityLoginQRCode.m */, CBA3EB2C1E945F2400E64D9D /* MASClaims.h */, CBA3EB2D1E945F2400E64D9D /* MASClaims.m */, + CB1FD1491FB23701000AFA25 /* MASSharedStorage.h */, + CB1FD14A1FB23701000AFA25 /* MASSharedStorage.m */, ); path = models; sourceTree = ""; @@ -1677,6 +1683,7 @@ isa = PBXHeadersBuildPhase; buildActionMask = 2147483647; files = ( + CB1FD14B1FB23701000AFA25 /* MASSharedStorage.h in Headers */, 69B7DF6A1F9675600056DD3A /* MASRequestBuilder.h in Headers */, 69B7DF681F9675600056DD3A /* MASRequest.h in Headers */, CBAFD24C1F2BD46C0034DF02 /* MASSecurityConfiguration.h in Headers */, @@ -2091,6 +2098,7 @@ CBA3EB2F1E945F2400E64D9D /* MASClaims.m in Sources */, CBD25B151E7A0A9200DFB47F /* MF_Base64Additions.m in Sources */, 10738A3B1C711C2F00B7E87E /* util_mosq.c in Sources */, + CB1FD14C1FB23701000AFA25 /* MASSharedStorage.m in Sources */, 10E027A71F72B10100EAB103 /* RNEncryptor.m in Sources */, 10738A2F1C711C2F00B7E87E /* read_handle.c in Sources */, CB9975571EDF5986006CEBB1 /* MASAuthCredentialsClientCredentials.m in Sources */, diff --git a/MASFoundation/Classes/MAS.m b/MASFoundation/Classes/MAS.m index db17fbab..6f470ced 100644 --- a/MASFoundation/Classes/MAS.m +++ b/MASFoundation/Classes/MAS.m @@ -206,7 +206,7 @@ + (void)start:(MASCompletionErrorBlock)completion // // If the device is registered, and id_token exists, which means MSSO can be used for this application // - else if ([MASDevice currentDevice].isRegistered && [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeIdToken]) + else if ([MASDevice currentDevice].isRegistered && [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyIdToken]) { // // Make sure to register the client (application) @@ -1641,7 +1641,7 @@ + (NSString * _Nullable)signWithClaims:(MASClaims *_Nonnull)claims error:(NSErro // // Retrieve private key from registered device's client certificate // - SecKeyRef pemPrivateRef = [[MASAccessService sharedService] getAccessValueCryptoKeyWithType:MASAccessValueTypePrivateKey]; + SecKeyRef pemPrivateRef = [[MASAccessService sharedService] getAccessValueCryptoKeyWithStorageKey:MASKeychainStorageKeyPrivateKey]; NSData *privateKeyData = [NSData converKeyRefToNSData:pemPrivateRef]; return [self signWithClaims:claims privateKey:privateKeyData error:error]; diff --git a/MASFoundation/Classes/MASConstants.h b/MASFoundation/Classes/MASConstants.h index 003e0284..2505b83e 100644 --- a/MASFoundation/Classes/MASConstants.h +++ b/MASFoundation/Classes/MASConstants.h @@ -459,6 +459,11 @@ typedef NS_ENUM(NSInteger, MASFoundationErrorCode) MASFoundationErrorCodeJWTUnexpectedClassType = 170002, MASFoundationErrorCodeJWTSerializationError = 170003, + // + // SharedStorage + // + MASFoundationErrorCodeSharedStorageNotNilKey = 180001, + MASFoundationErrorCodeCount = -999999 }; diff --git a/MASFoundation/Classes/MQTT/MASMQTTHelper.m b/MASFoundation/Classes/MQTT/MASMQTTHelper.m index cbe88579..56a5acb1 100644 --- a/MASFoundation/Classes/MQTT/MASMQTTHelper.m +++ b/MASFoundation/Classes/MQTT/MASMQTTHelper.m @@ -29,7 +29,7 @@ + (void)showLogMessage:(NSString *)message debugMode:(BOOL)debugMode + (NSString *)mqttClientId { - NSString *magIdentifier = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeMAGIdentifier]; + NSString *magIdentifier = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyMAGIdentifier]; //MQTT ClientId is: :::: NSString *clientId = [NSString stringWithFormat:@"%@::%@::%@",magIdentifier,[MASApplication currentApplication].identifier,[MASUser currentUser].objectId]; diff --git a/MASFoundation/Classes/_private_/MASConstantsPrivate.h b/MASFoundation/Classes/_private_/MASConstantsPrivate.h index 3e0ff215..b0c98fe9 100644 --- a/MASFoundation/Classes/_private_/MASConstantsPrivate.h +++ b/MASFoundation/Classes/_private_/MASConstantsPrivate.h @@ -212,6 +212,11 @@ static NSString *_Nonnull const MASGrantTypeRefreshToken = @"refresh_token"; // static int const MASExceptionErrorCodeInvalidCertificate = 9999; // integer +# pragma mark - MASSharedStorage custom prefix + +static NSString *_Nonnull const MASSharedStorageCustomPrefix = @"MAS.customSharedStorage"; + + ///-------------------------------------- /// @name Location Monitoring Constants ///-------------------------------------- diff --git a/MASFoundation/Classes/_private_/categories/NSError+MASPrivate.m b/MASFoundation/Classes/_private_/categories/NSError+MASPrivate.m index cfd4c0e4..51ecb6bc 100644 --- a/MASFoundation/Classes/_private_/categories/NSError+MASPrivate.m +++ b/MASFoundation/Classes/_private_/categories/NSError+MASPrivate.m @@ -1102,6 +1102,11 @@ + (NSString *)descriptionForFoundationErrorCode:(MASFoundationErrorCode)errorCod case MASFoundationErrorCodeJWTInvalidClaims: return @"MASClaims cannot be nil."; case MASFoundationErrorCodeJWTUnexpectedClassType: return @"Mis-match of reserved JWT claim value's type (%@)"; case MASFoundationErrorCodeJWTSerializationError: return @"Claim value (%@) cannot be serialized"; + + // + // Shared Storage + // + case MASFoundationErrorCodeSharedStorageNotNilKey: return @"Data key cannot be nil or empty string."; // // Default diff --git a/MASFoundation/Classes/_private_/models/AuthCredentials/MASAuthCredentials+MASPrivate.m b/MASFoundation/Classes/_private_/models/AuthCredentials/MASAuthCredentials+MASPrivate.m index 8673246c..79067d7f 100644 --- a/MASFoundation/Classes/_private_/models/AuthCredentials/MASAuthCredentials+MASPrivate.m +++ b/MASFoundation/Classes/_private_/models/AuthCredentials/MASAuthCredentials+MASPrivate.m @@ -333,7 +333,7 @@ - (void)loginWithCredential:(MASCompletionErrorBlock)completion { NSError *idTokenValidationError = nil; BOOL isIdTokenValid = [MASAccessService validateIdToken:[bodyInfo objectForKey:MASIdTokenBodyRequestResponseKey] - magIdentifier:[[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeMAGIdentifier] + magIdentifier:[[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyMAGIdentifier] error:&idTokenValidationError]; if (!isIdTokenValid && idTokenValidationError) @@ -355,7 +355,7 @@ - (void)loginWithCredential:(MASCompletionErrorBlock)completion // // Persist current authCredentials type // - [[MASAccessService sharedService] setAccessValueString:self.credentialsType withAccessValueType:MASAccessValueTypeCurrentAuthCredentialsGrantType]; + [[MASAccessService sharedService] setAccessValueString:self.credentialsType storageKey:MASKeychainStorageKeyCurrentAuthCredentialsGrantType]; // // Create a new instance of MASUser if not client credentials @@ -371,7 +371,7 @@ - (void)loginWithCredential:(MASCompletionErrorBlock)completion // set authenticated timestamp // NSNumber *authenticatedTimestamp = [NSNumber numberWithDouble:[[NSDate date] timeIntervalSince1970]]; - [[MASAccessService sharedService] setAccessValueNumber:authenticatedTimestamp withAccessValueType:MASAccessValueTypeAuthenticatedTimestamp]; + [[MASAccessService sharedService] setAccessValueNumber:authenticatedTimestamp storageKey:MASKeychainStorageKeyAuthenticatedTimestamp]; // // Store credential information into keychain diff --git a/MASFoundation/Classes/_private_/models/AuthCredentials/MASAuthCredentialsClientCredentials.m b/MASFoundation/Classes/_private_/models/AuthCredentials/MASAuthCredentialsClientCredentials.m index 305ce1e2..b6d85197 100644 --- a/MASFoundation/Classes/_private_/models/AuthCredentials/MASAuthCredentialsClientCredentials.m +++ b/MASFoundation/Classes/_private_/models/AuthCredentials/MASAuthCredentialsClientCredentials.m @@ -109,14 +109,14 @@ - (NSDictionary *)getParameters else { // ClientId - NSString *clientId = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeClientId]; + NSString *clientId = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyClientId]; if (clientId) { parameterInfo[MASClientIdentifierRequestResponseKey] = clientId; } // ClientSecret - NSString *clientSecret = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeClientSecret]; + NSString *clientSecret = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyClientSecret]; if (clientSecret) { parameterInfo[MASClientSecretRequestResponseKey] = clientSecret; diff --git a/MASFoundation/Classes/_private_/models/MASAccess.m b/MASFoundation/Classes/_private_/models/MASAccess.m index 3401a4e9..a3b7457b 100644 --- a/MASFoundation/Classes/_private_/models/MASAccess.m +++ b/MASFoundation/Classes/_private_/models/MASAccess.m @@ -60,14 +60,14 @@ + (MASAccess *)instanceFromStorage // // retrieve all values from keychain and initialize with dictionary as those values shouold be read only. // - NSString *accessToken = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeAccessToken]; - NSString *tokenType = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeTokenType]; - NSString *refreshToken = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeRefreshToken]; - NSString *idToken = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeIdToken]; - NSString *idTokenType = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeIdTokenType]; - NSNumber *expiresIn = [[MASAccessService sharedService] getAccessValueNumberWithType:MASAccessValueTypeExpiresIn]; - NSString *scopeAsString = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeScope]; - NSString *authCredentialsType = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeCurrentAuthCredentialsGrantType]; + NSString *accessToken = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyAccessToken]; + NSString *tokenType = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyTokenType]; + NSString *refreshToken = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyRefreshToken]; + NSString *idToken = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyIdToken]; + NSString *idTokenType = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyIdTokenType]; + NSNumber *expiresIn = [[MASAccessService sharedService] getAccessValueNumberWithStorageKey:MASKeychainStorageKeyExpiresIn]; + NSString *scopeAsString = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyScope]; + NSString *authCredentialsType = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyCurrentAuthCredentialsGrantType]; NSMutableDictionary *accessDictionary = [NSMutableDictionary dictionary]; @@ -149,14 +149,14 @@ - (void)saveToStorage // // Save to the keychain // - [[MASAccessService sharedService] setAccessValueString:self.accessToken withAccessValueType:MASAccessValueTypeAccessToken]; - [[MASAccessService sharedService] setAccessValueString:self.tokenType withAccessValueType:MASAccessValueTypeTokenType]; - [[MASAccessService sharedService] setAccessValueString:self.refreshToken withAccessValueType:MASAccessValueTypeRefreshToken]; - [[MASAccessService sharedService] setAccessValueString:self.idToken withAccessValueType:MASAccessValueTypeIdToken]; - [[MASAccessService sharedService] setAccessValueString:self.idTokenType withAccessValueType:MASAccessValueTypeIdTokenType]; - [[MASAccessService sharedService] setAccessValueNumber:self.expiresIn withAccessValueType:MASAccessValueTypeExpiresIn]; - [[MASAccessService sharedService] setAccessValueString:self.scopeAsString withAccessValueType:MASAccessValueTypeScope]; - [[MASAccessService sharedService] setAccessValueString:self.authCredentialsType withAccessValueType:MASAccessValueTypeCurrentAuthCredentialsGrantType]; + [[MASAccessService sharedService] setAccessValueString:self.accessToken storageKey:MASKeychainStorageKeyAccessToken]; + [[MASAccessService sharedService] setAccessValueString:self.tokenType storageKey:MASKeychainStorageKeyTokenType]; + [[MASAccessService sharedService] setAccessValueString:self.refreshToken storageKey:MASKeychainStorageKeyRefreshToken]; + [[MASAccessService sharedService] setAccessValueString:self.idToken storageKey:MASKeychainStorageKeyIdToken]; + [[MASAccessService sharedService] setAccessValueString:self.idTokenType storageKey:MASKeychainStorageKeyIdTokenType]; + [[MASAccessService sharedService] setAccessValueNumber:self.expiresIn storageKey:MASKeychainStorageKeyExpiresIn]; + [[MASAccessService sharedService] setAccessValueString:self.scopeAsString storageKey:MASKeychainStorageKeyScope]; + [[MASAccessService sharedService] setAccessValueString:self.authCredentialsType storageKey:MASKeychainStorageKeyCurrentAuthCredentialsGrantType]; } @@ -262,7 +262,7 @@ - (void)saveWithUpdatedInfo:(NSDictionary *)info // // authCredentialsType // - NSString *authCredentialsType = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeCurrentAuthCredentialsGrantType]; + NSString *authCredentialsType = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyCurrentAuthCredentialsGrantType]; if (authCredentialsType) { _authCredentialsType = authCredentialsType; @@ -278,29 +278,29 @@ - (void)saveWithUpdatedInfo:(NSDictionary *)info - (void)refresh { _accessToken = nil; - _accessToken = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeAccessToken]; + _accessToken = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyAccessToken]; _tokenType = nil; - _tokenType = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeTokenType]; + _tokenType = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyTokenType]; _refreshToken = nil; - _refreshToken = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeRefreshToken]; + _refreshToken = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyRefreshToken]; _idToken = nil; - _idToken = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeIdToken]; + _idToken = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyIdToken]; _idTokenType = nil; - _idTokenType = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeIdTokenType]; + _idTokenType = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyIdTokenType]; _expiresIn = nil; - _expiresIn = [[MASAccessService sharedService] getAccessValueNumberWithType:MASAccessValueTypeExpiresIn]; + _expiresIn = [[MASAccessService sharedService] getAccessValueNumberWithStorageKey:MASKeychainStorageKeyExpiresIn]; _scope = nil; _scopeAsString = nil; - _scopeAsString = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeScope]; + _scopeAsString = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyScope]; _authCredentialsType = nil; - _authCredentialsType = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeCurrentAuthCredentialsGrantType]; + _authCredentialsType = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyCurrentAuthCredentialsGrantType]; } @@ -328,7 +328,6 @@ - (void)reset } - - (void)deleteAll { @@ -336,40 +335,39 @@ - (void)deleteAll // remove all data from the keychain // _accessToken = nil; - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeAccessToken]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyAccessToken]; - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeAuthenticatedUserObjectId]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyAuthenticatedUserObjectId]; - [[MASAccessService sharedService] setAccessValueNumber:nil withAccessValueType:MASAccessValueTypeAuthenticatedTimestamp]; + [[MASAccessService sharedService] setAccessValueNumber:nil storageKey:MASKeychainStorageKeyAuthenticatedTimestamp]; _tokenType = nil; - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeTokenType]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyTokenType]; _refreshToken = nil; - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeRefreshToken]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyRefreshToken]; _idToken = nil; - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeIdToken]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyIdToken]; _idTokenType = nil; - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeIdTokenType]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyIdTokenType]; _expiresIn = nil; - [[MASAccessService sharedService] setAccessValueNumber:nil withAccessValueType:MASAccessValueTypeExpiresIn]; + [[MASAccessService sharedService] setAccessValueNumber:nil storageKey:MASKeychainStorageKeyExpiresIn]; _scope = nil; _scopeAsString = nil; - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeScope]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyScope]; // // Clena up the tokens from Local Authentication protected keychain storage // - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeSecuredIdToken]; - [[MASAccessService sharedService] setAccessValueNumber:nil withAccessValueType:MASAccessValueTypeIsDeviceLocked]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeySecuredIdToken]; + [[MASAccessService sharedService] setAccessValueNumber:nil storageKey:MASKeychainStorageKeyIsDeviceLocked]; } - - (void)deleteForLogOff { @@ -377,24 +375,24 @@ - (void)deleteForLogOff // remove all data from the keychain // _accessToken = nil; - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeAccessToken]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyAccessToken]; - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeAuthenticatedUserObjectId]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyAuthenticatedUserObjectId]; - [[MASAccessService sharedService] setAccessValueNumber:nil withAccessValueType:MASAccessValueTypeAuthenticatedTimestamp]; + [[MASAccessService sharedService] setAccessValueNumber:nil storageKey:MASKeychainStorageKeyAuthenticatedTimestamp]; _tokenType = nil; - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeTokenType]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyTokenType]; _refreshToken = nil; - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeRefreshToken]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyRefreshToken]; _expiresIn = nil; - [[MASAccessService sharedService] setAccessValueNumber:nil withAccessValueType:MASAccessValueTypeExpiresIn]; + [[MASAccessService sharedService] setAccessValueNumber:nil storageKey:MASKeychainStorageKeyExpiresIn]; _scope = nil; _scopeAsString = nil; - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeScope]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyScope]; } @@ -404,19 +402,19 @@ - (void)deleteForTokenExpiration // remove all data from the keychain // _accessToken = nil; - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeAccessToken]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyAccessToken]; - [[MASAccessService sharedService] setAccessValueNumber:nil withAccessValueType:MASAccessValueTypeAuthenticatedTimestamp]; + [[MASAccessService sharedService] setAccessValueNumber:nil storageKey:MASKeychainStorageKeyAuthenticatedTimestamp]; _tokenType = nil; - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeTokenType]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyTokenType]; _expiresIn = nil; - [[MASAccessService sharedService] setAccessValueNumber:nil withAccessValueType:MASAccessValueTypeExpiresIn]; + [[MASAccessService sharedService] setAccessValueNumber:nil storageKey:MASKeychainStorageKeyExpiresIn]; _scope = nil; _scopeAsString = nil; - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeScope]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyScope]; } @@ -491,7 +489,7 @@ - (BOOL)isSessionLocked // MASAccessService *accessService = [MASAccessService sharedService]; - NSNumber *isLocked = [accessService getAccessValueNumberWithType:MASAccessValueTypeIsDeviceLocked]; + NSNumber *isLocked = [accessService getAccessValueNumberWithStorageKey:MASKeychainStorageKeyIsDeviceLocked]; return [isLocked boolValue]; } @@ -576,7 +574,7 @@ - (NSDate *)expiresInDate } // Authentication timestamp - NSNumber *authenticatedTimestamp = [[MASAccessService sharedService] getAccessValueNumberWithType:MASAccessValueTypeAuthenticatedTimestamp]; + NSNumber *authenticatedTimestamp = [[MASAccessService sharedService] getAccessValueNumberWithStorageKey:MASKeychainStorageKeyAuthenticatedTimestamp]; double expiresInDateNumber = [authenticatedTimestamp doubleValue] + [_expiresIn doubleValue]; NSDate *expiresInDate = [NSDate dateWithTimeIntervalSince1970:expiresInDateNumber]; @@ -589,7 +587,7 @@ - (NSDate *)clientCertificateExpirationDate { if (!_clientCertificateExpirationDate) { - NSNumber *clientCertExpTimestamp = [[MASAccessService sharedService] getAccessValueNumberWithType:MASAccessValueTypeSignedPublicCertificateExpirationDate]; + NSNumber *clientCertExpTimestamp = [[MASAccessService sharedService] getAccessValueNumberWithStorageKey:MASKeychainStorageKeyPublicCertificateExpirationDate]; if (clientCertExpTimestamp) { @@ -600,7 +598,7 @@ - (NSDate *)clientCertificateExpirationDate // // Extracting signed client certificate expiration date // - NSArray * cert = [[MASAccessService sharedService] getAccessValueCertificateWithType:MASAccessValueTypeSignedPublicCertificate]; + NSArray * cert = [[MASAccessService sharedService] getAccessValueCertificateWithStorageKey:MASKeychainStorageKeySignedPublicCertificate]; SecCertificateRef certificate = (__bridge SecCertificateRef)([cert objectAtIndex:0]); // @@ -608,7 +606,7 @@ - (NSDate *)clientCertificateExpirationDate // _clientCertificateExpirationDate = [[MASAccessService sharedService] extractExpirationDateFromCertificate:certificate]; [[MASAccessService sharedService] setAccessValueNumber:[NSNumber numberWithDouble:[_clientCertificateExpirationDate timeIntervalSince1970]] - withAccessValueType:MASAccessValueTypeSignedPublicCertificateExpirationDate]; + storageKey:MASKeychainStorageKeyPublicCertificateExpirationDate]; } } diff --git a/MASFoundation/Classes/_private_/models/MASApplication+MASPrivate.m b/MASFoundation/Classes/_private_/models/MASApplication+MASPrivate.m index 2c2291d3..8c4a9d2f 100644 --- a/MASFoundation/Classes/_private_/models/MASApplication+MASPrivate.m +++ b/MASFoundation/Classes/_private_/models/MASApplication+MASPrivate.m @@ -56,25 +56,24 @@ - (id)initWithConfiguration nil) forKey:@"redirectUri"]; MASAccessService *accessService = [MASAccessService sharedService]; - - NSData *trustedServerCertificate = [accessService getAccessValueDataWithType:MASAccessValueTypeTrustedServerCertificate]; - if(!trustedServerCertificate) + NSData *trustedServerCertificate = [accessService getAccessValueDataWithStorageKey:MASKeychainStorageKeyTrustedServerCertificate]; + if (!trustedServerCertificate) { // // Trusted Server Certificate (not sure if this really belongs here, think about that) // NSArray *certificates = [MASConfiguration currentConfiguration].gatewayCertificatesAsPEMData; - if(certificates && certificates.count > 0) + if (certificates && certificates.count > 0) { trustedServerCertificate = certificates[0]; - [accessService setAccessValueData:trustedServerCertificate withAccessValueType:MASAccessValueTypeTrustedServerCertificate]; + [accessService setAccessValueData:trustedServerCertificate storageKey:MASKeychainStorageKeyTrustedServerCertificate]; } } // // If the credentials are NOT dynamic set them here // - if(!configuration.applicationCredentialsAreDynamic) + if (!configuration.applicationCredentialsAreDynamic) { NSDictionary *credentialsFromConfiguration = @ { @@ -108,7 +107,7 @@ + (MASApplication *)instanceFromStorage // Attempt to retrieve from keychain // NSData *data = [[MASIKeyChainStore keyChainStoreWithService:[MASConfiguration currentConfiguration].gatewayUrl.absoluteString] dataForKey:[MASApplication.class description]]; - if(data) + if (data) { application = (MASApplication *)[NSKeyedUnarchiver unarchiveObjectWithData:data]; } @@ -160,14 +159,14 @@ - (void)saveToStorage // Save to the keychain // NSData *data = [NSKeyedArchiver archivedDataWithRootObject:self]; - if(data) + if (data) { NSError *error; [[MASIKeyChainStore keyChainStoreWithService:[MASConfiguration currentConfiguration].gatewayUrl.absoluteString] setData:data forKey:[MASApplication.class description] error:&error]; - if(error) + if (error) { DLog(@"Error attempting to save data: %@", [error localizedDescription]); return; @@ -198,27 +197,27 @@ - (void)saveWithUpdatedInfo:(NSDictionary *)info // Client Expiration // NSNumber *clientExpiration = bodyInfo[MASClientExpirationRequestResponseKey]; - if(clientExpiration) + if (clientExpiration) { - [accessService setAccessValueNumber:clientExpiration withAccessValueType:MASAccessValueTypeClientExpiration]; + [accessService setAccessValueNumber:clientExpiration storageKey:MASKeychainStorageKeyClientExpiration]; } // // Client Key // NSString *clientId = bodyInfo[MASClientKeyRequestResponseKey]; - if(clientId) + if (clientId) { - [accessService setAccessValueString:clientId withAccessValueType:MASAccessValueTypeClientId]; + [accessService setAccessValueString:clientId storageKey:MASKeychainStorageKeyClientId]; } // // Client Secret // NSString *clientSecret = bodyInfo[MASClientSecretRequestResponseKey]; - if(clientSecret) + if (clientSecret) { - [accessService setAccessValueString:clientSecret withAccessValueType:MASAccessValueTypeClientSecret]; + [accessService setAccessValueString:clientSecret storageKey:MASKeychainStorageKeyClientSecret]; } // @@ -232,9 +231,9 @@ - (void)reset { MASAccessService *accessService = [MASAccessService sharedService]; - [accessService setAccessValueString:nil withAccessValueType:MASAccessValueTypeClientId]; - [accessService setAccessValueString:nil withAccessValueType:MASAccessValueTypeClientSecret]; - [accessService setAccessValueNumber:nil withAccessValueType:MASAccessValueTypeClientExpiration]; + [accessService setAccessValueString:nil storageKey:MASKeychainStorageKeyClientId]; + [accessService setAccessValueString:nil storageKey:MASKeychainStorageKeyClientSecret]; + [accessService setAccessValueNumber:nil storageKey:MASKeychainStorageKeyClientExpiration]; [[MASIKeyChainStore keyChainStoreWithService:[MASConfiguration currentConfiguration].gatewayUrl.absoluteString] removeItemForKey:[MASApplication.class description]]; } @@ -245,7 +244,7 @@ - (id)initWithEnterpriseInfo:(NSDictionary *)info //DLog(@"\n\ncalled with info: %@\n\n", info); self = [super init]; - if(self) + if (self) { [self setValue:info[MASApplicationIdRequestResponseKey] forKey:@"identifier"]; [self setValue:info[MASApplicationNameRequestResponseKey] forKey:@"name"]; @@ -268,8 +267,8 @@ + (NSDate *)expirationAsDate // MASAccessService *accessService = [MASAccessService sharedService]; - NSNumber *clientExpiration = [accessService getAccessValueNumberWithType:MASAccessValueTypeClientExpiration]; - if(!clientExpiration) + NSNumber *clientExpiration = [accessService getAccessValueNumberWithStorageKey:MASKeychainStorageKeyClientExpiration]; + if (!clientExpiration) { return nil; } @@ -291,8 +290,8 @@ - (NSString *)clientAuthorizationBasicHeaderValue // MASAccessService *accessService = [MASAccessService sharedService]; - NSString *clientId = [accessService getAccessValueStringWithType:MASAccessValueTypeClientId]; - NSString *clientSecret = [accessService getAccessValueStringWithType:MASAccessValueTypeClientSecret]; + NSString *clientId = [accessService getAccessValueStringWithStorageKey:MASKeychainStorageKeyClientId]; + NSString *clientSecret = [accessService getAccessValueStringWithStorageKey:MASKeychainStorageKeyClientSecret]; NSString *clientAuthStr = [NSString stringWithFormat:@"%@:%@", clientId, clientSecret]; NSData *clientAuthData = [clientAuthStr dataUsingEncoding:NSUTF8StringEncoding]; @@ -310,14 +309,14 @@ - (BOOL)isExpired // MASAccessService *accessService = [MASAccessService sharedService]; - NSNumber *clientExpiration = [accessService getAccessValueNumberWithType:MASAccessValueTypeClientExpiration]; - NSString *clientId = [accessService getAccessValueStringWithType:MASAccessValueTypeClientId]; - NSString *clientSecret = [accessService getAccessValueStringWithType:MASAccessValueTypeClientSecret]; + NSNumber *clientExpiration = [accessService getAccessValueNumberWithStorageKey:MASKeychainStorageKeyClientExpiration]; + NSString *clientId = [accessService getAccessValueStringWithStorageKey:MASKeychainStorageKeyClientId]; + NSString *clientSecret = [accessService getAccessValueStringWithStorageKey:MASKeychainStorageKeyClientSecret]; // // Expiration is nil, then it is considered expired // - if(!clientExpiration) + if (!clientExpiration) { isExpired = YES; } @@ -326,7 +325,7 @@ - (BOOL)isExpired // If the value is zero AND both the client id and secret are set then it is not expired and // the expiry is actually infinite // - else if([clientExpiration doubleValue] == 0 && clientId && clientSecret) + else if ([clientExpiration doubleValue] == 0 && clientId && clientSecret) { isExpired = NO; } @@ -334,7 +333,7 @@ - (BOOL)isExpired // // If a positive time interval remains compared to the current time and date then it is not expired // - else if([[MASApplication expirationAsDate] timeIntervalSinceNow] > 0) + else if ([[MASApplication expirationAsDate] timeIntervalSinceNow] > 0) { isExpired = NO; } @@ -349,7 +348,7 @@ - (NSString *)authenticationStatusAsString // // Detect status and respond appropriately // - switch([self authenticationStatus]) + switch ([self authenticationStatus]) { // // Not Logged In @@ -382,7 +381,7 @@ - (NSString *)scopeTypeToString:(MASScopeType)scopeType // // Detect type and respond appropriately // - switch(scopeType) + switch (scopeType) { // // OpenId diff --git a/MASFoundation/Classes/_private_/models/MASClaims+MASPrivate.m b/MASFoundation/Classes/_private_/models/MASClaims+MASPrivate.m index da45ebad..ccb5e2c8 100644 --- a/MASFoundation/Classes/_private_/models/MASClaims+MASPrivate.m +++ b/MASFoundation/Classes/_private_/models/MASClaims+MASPrivate.m @@ -48,8 +48,8 @@ - (NSString * __nullable)buildWithPrivateKey:(NSData * __nonnull)privateKey erro // If iss was not prepare upon MASClaims object construction which most likley happened due to registration status of the client, // re-prepare iss with registered client id // - NSString *magIdentifier = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeMAGIdentifier]; - NSString *clientId = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeClientId]; + NSString *magIdentifier = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyMAGIdentifier]; + NSString *clientId = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyClientId]; if (magIdentifier && clientId) { diff --git a/MASFoundation/Classes/_private_/models/MASDevice+MASPrivate.m b/MASFoundation/Classes/_private_/models/MASDevice+MASPrivate.m index 48dab8cf..5972031a 100644 --- a/MASFoundation/Classes/_private_/models/MASDevice+MASPrivate.m +++ b/MASFoundation/Classes/_private_/models/MASDevice+MASPrivate.m @@ -96,28 +96,28 @@ - (void)saveWithUpdatedInfo:(NSDictionary *)info NSString *jwt = headerInfo[MASJwtRequestResponseKey]; if (jwt) { - [accessService setAccessValueString:jwt withAccessValueType:MASAccessValueTypeJWT]; + [accessService setAccessValueString:jwt storageKey:MASKeychainStorageKeyJWT]; } // Mag Identifier NSString *magIdentifier = headerInfo[MASMagIdentifierRequestResponseKey]; if (magIdentifier) { - [accessService setAccessValueString:magIdentifier withAccessValueType:MASAccessValueTypeMAGIdentifier]; + [accessService setAccessValueString:magIdentifier storageKey:MASKeychainStorageKeyMAGIdentifier]; } // Id token NSString *idToken = headerInfo[MASIdTokenHeaderRequestResponseKey]; if (idToken) { - [accessService setAccessValueString:idToken withAccessValueType:MASAccessValueTypeIdToken]; + [accessService setAccessValueString:idToken storageKey:MASKeychainStorageKeyIdToken]; } // Id token type NSString *idTokenType = headerInfo[MASIdTokenTypeHeaderRequestResponseKey]; if (idTokenType) { - [accessService setAccessValueString:idTokenType withAccessValueType:MASAccessValueTypeIdTokenType]; + [accessService setAccessValueString:idTokenType storageKey:MASKeychainStorageKeyIdTokenType]; } // @@ -129,20 +129,20 @@ - (void)saveWithUpdatedInfo:(NSDictionary *)info if (certificateData) { - [accessService setAccessValueCertificate:certificateData withAccessValueType:MASAccessValueTypeSignedPublicCertificate]; - [accessService setAccessValueData:certificateData withAccessValueType:MASAccessValueTypeSignedPublicCertificateData]; + [accessService setAccessValueCertificate:certificateData storageKey:MASKeychainStorageKeySignedPublicCertificate]; + [accessService setAccessValueData:certificateData storageKey:MASKeychainStorageKeyPublicCertificateData]; // // Extracting signed client certificate expiration date // - NSArray * cert = [accessService getAccessValueCertificateWithType:MASAccessValueTypeSignedPublicCertificate]; + NSArray * cert = [accessService getAccessValueCertificateWithStorageKey:MASKeychainStorageKeySignedPublicCertificate]; SecCertificateRef certificate = (__bridge SecCertificateRef)([cert objectAtIndex:0]); // // Store client certificate expiration date into shared keychain storage // NSDate *expirationDate = [accessService extractExpirationDateFromCertificate:certificate]; - [accessService setAccessValueNumber:[NSNumber numberWithDouble:[expirationDate timeIntervalSince1970]] withAccessValueType:MASAccessValueTypeSignedPublicCertificateExpirationDate]; + [accessService setAccessValueNumber:[NSNumber numberWithDouble:[expirationDate timeIntervalSince1970]] storageKey:MASKeychainStorageKeyPublicCertificateExpirationDate]; } // @@ -151,7 +151,7 @@ - (void)saveWithUpdatedInfo:(NSDictionary *)info NSString *deviceVendorId = [MASDevice deviceVendorId]; if (deviceVendorId) { - [accessService setAccessValueString:deviceVendorId withAccessValueType:MASAccessValueTypeDeviceVendorId]; + [accessService setAccessValueString:deviceVendorId storageKey:MASKeychainStorageKeyDeviceVendorId]; } // diff --git a/MASFoundation/Classes/_private_/models/MASUser+MASPrivate.m b/MASFoundation/Classes/_private_/models/MASUser+MASPrivate.m index 630acfcd..567efc1f 100644 --- a/MASFoundation/Classes/_private_/models/MASUser+MASPrivate.m +++ b/MASFoundation/Classes/_private_/models/MASUser+MASPrivate.m @@ -29,7 +29,7 @@ @implementation MASUser (MASPrivate) - (id)initWithInfo:(NSDictionary *)info { self = [super init]; - if(self) + if (self) { [self saveWithUpdatedInfo:info]; } @@ -46,9 +46,9 @@ + (MASUser *)instanceFromStorage // Attempt to retrieve from keychain // - NSData *data = [[MASAccessService sharedService] getAccessValueDataWithType:MASAccessValueTypeMASUserObjectData]; + NSData *data = [[MASAccessService sharedService] getAccessValueDataWithStorageKey:MASKeychainStorageKeyMASUserObjectData]; - if(data) + if (data) { user = (MASUser *)[NSKeyedUnarchiver unarchiveObjectWithData:data]; } @@ -63,9 +63,9 @@ - (void)saveToStorage // Save to the keychain // NSData *data = [NSKeyedArchiver archivedDataWithRootObject:self]; - if(data) + if (data) { - [[MASAccessService sharedService] setAccessValueData:data withAccessValueType:MASAccessValueTypeMASUserObjectData]; + [[MASAccessService sharedService] setAccessValueData:data storageKey:MASKeychainStorageKeyMASUserObjectData]; } } @@ -88,13 +88,19 @@ - (void)saveWithUpdatedInfo:(NSDictionary *)info // Uid --> ObjectId // NSString *uid = bodyInfo[MASUserPreferredNameRequestResponseKey]; - if(uid && ![uid isKindOfClass:[NSNull class]]) [self setValue:uid forKey:@"objectId"]; + if (uid && ![uid isKindOfClass:[NSNull class]]) + { + [self setValue:uid forKey:@"objectId"]; + } // // Preferred UserName // NSString *userName = bodyInfo[MASUserPreferredNameRequestResponseKey]; - if(userName && ![userName isKindOfClass:[NSNull class]]) [self setValue:userName forKey:@"userName"]; + if (userName && ![userName isKindOfClass:[NSNull class]]) + { + [self setValue:userName forKey:@"userName"]; + } // // Family Name @@ -116,24 +122,33 @@ - (void)saveWithUpdatedInfo:(NSDictionary *)info NSMutableString *mutableCopy = [NSMutableString new]; // Given name, if any - if(self.givenName && ![self.givenName isKindOfClass:[NSNull class]]) [mutableCopy appendString:self.givenName]; + if (self.givenName && ![self.givenName isKindOfClass:[NSNull class]]) + { + [mutableCopy appendString:self.givenName]; + } // Family name, if any - if(self.familyName && ![self.familyName isKindOfClass:[NSNull class]]) + if (self.familyName && ![self.familyName isKindOfClass:[NSNull class]]) { // Check if there was a given name first, if so add a space - if(mutableCopy.length > 0) [mutableCopy appendString:MASDefaultEmptySpace]; + if (mutableCopy.length > 0) + { + [mutableCopy appendString:MASDefaultEmptySpace]; + } [mutableCopy appendString:self.familyName]; } - if(mutableCopy.length > 0) [self setValue:mutableCopy forKey:@"formattedName"]; + if (mutableCopy.length > 0) + { + [self setValue:mutableCopy forKey:@"formattedName"]; + } // // Email Addresses // NSString *emailValue = bodyInfo[MASUserEmailRequestResponseKey]; - if(emailValue && ![emailValue isKindOfClass:[NSNull class]]) + if (emailValue && ![emailValue isKindOfClass:[NSNull class]]) { [self setValue:@{ MASInfoTypeWork : emailValue } forKey:@"emailAddresses"]; } @@ -142,7 +157,7 @@ - (void)saveWithUpdatedInfo:(NSDictionary *)info // Phone Numbers // NSString *phoneValue = bodyInfo[MASUserPhoneRequestResponseKey]; - if(phoneValue && ![phoneValue isKindOfClass:[NSNull class]]) + if (phoneValue && ![phoneValue isKindOfClass:[NSNull class]]) { [self setValue:@{ MASInfoTypeWork : phoneValue } forKey:@"phoneNumbers"]; } @@ -151,7 +166,7 @@ - (void)saveWithUpdatedInfo:(NSDictionary *)info // Addresses // NSDictionary *addressInfo = bodyInfo[MASUserAddressRequestResponseKey]; - if(addressInfo && ![addressInfo isKindOfClass:[NSNull class]]) + if (addressInfo && ![addressInfo isKindOfClass:[NSNull class]]) { [self setValue:@{ MASInfoTypeWork : addressInfo } forKey:@"addresses"]; } @@ -160,7 +175,7 @@ - (void)saveWithUpdatedInfo:(NSDictionary *)info // Picture // NSString *imageUriAsString = bodyInfo[MASUserPictureRequestResponseKey]; - if(imageUriAsString && ![imageUriAsString isKindOfClass:[NSNull class]]) + if (imageUriAsString && ![imageUriAsString isKindOfClass:[NSNull class]]) { NSURL *imageUrl = [NSURL URLWithString:imageUriAsString]; NSData *imageData = [NSData dataWithContentsOfURL:imageUrl]; @@ -172,12 +187,12 @@ - (void)saveWithUpdatedInfo:(NSDictionary *)info // set authenticated timestamp // NSNumber *authenticatedTimestamp = [NSNumber numberWithDouble:[[NSDate date] timeIntervalSince1970]]; - [accessService setAccessValueNumber:authenticatedTimestamp withAccessValueType:MASAccessValueTypeAuthenticatedTimestamp]; + [accessService setAccessValueNumber:authenticatedTimestamp storageKey:MASKeychainStorageKeyAuthenticatedTimestamp]; // // set authenticated user's objectId // - [accessService setAccessValueString:self.objectId withAccessValueType:MASAccessValueTypeAuthenticatedUserObjectId]; + [accessService setAccessValueString:self.objectId storageKey:MASKeychainStorageKeyAuthenticatedUserObjectId]; // // storing access information into keychain @@ -203,7 +218,7 @@ - (void)reset { [self resetPartial]; - [[MASAccessService sharedService] setAccessValueData:nil withAccessValueType:MASAccessValueTypeMASUserObjectData]; + [[MASAccessService sharedService] setAccessValueData:nil storageKey:MASKeychainStorageKeyMASUserObjectData]; } - (void)resetPartial @@ -223,7 +238,10 @@ - (void)setWasLoggedOffAndSave:(BOOL)wasLoggedOff // // If was logged off remove the keychain stored values // - if(wasLoggedOff) [self resetPartial]; + if (wasLoggedOff) + { + [self resetPartial]; + } // // Save diff --git a/MASFoundation/Classes/_private_/services/access/MASAccessService.h b/MASFoundation/Classes/_private_/services/access/MASAccessService.h index 077e6038..a498a5e2 100644 --- a/MASFoundation/Classes/_private_/services/access/MASAccessService.h +++ b/MASFoundation/Classes/_private_/services/access/MASAccessService.h @@ -16,43 +16,38 @@ @class MASIKeyChainStore; - -/** - * The enumerated MASAccessValueType - */ -typedef NS_ENUM(NSInteger, MASAccessValueType) -{ - MASAccessValueTypeUknonw = -1, - MASAccessValueTypeAccessToken, - MASAccessValueTypeAuthenticatedTimestamp, - MASAccessValueTypeAuthenticatedUserObjectId, - MASAccessValueTypeConfiguration, - MASAccessValueTypeClientExpiration, - MASAccessValueTypeClientId, - MASAccessValueTypeClientSecret, - MASAccessValueTypeExpiresIn, - MASAccessValueTypeIdToken, - MASAccessValueTypeIdTokenType, - MASAccessValueTypeIsDeviceLocked, - MASAccessValueTypeJWT, - MASAccessValueTypeMAGIdentifier, - MASAccessValueTypeMSSOEnabled, - MASAccessValueTypePrivateKey, - MASAccessValueTypePrivateKeyBits, - MASAccessValueTypePublicKey, - MASAccessValueTypeRefreshToken, - MASAccessValueTypeScope, - MASAccessValueTypeSecuredIdToken, - MASAccessValueTypeSignedPublicCertificate, - MASAccessValueTypeSignedPublicCertificateData, - MASAccessValueTypeSignedPublicCertificateExpirationDate, - MASAccessValueTypeTokenExpiration, - MASAccessValueTypeTokenType, - MASAccessValueTypeTrustedServerCertificate, - MASAccessValueTypeCurrentAuthCredentialsGrantType, - MASAccessValueTypeMASUserObjectData, - MASAccessValueTypeDeviceVendorId, -}; +// +// List of constant NSString values for reserved storage keys +// +extern NSString * const MASKeychainStorageKeyConfiguration; +extern NSString * const MASKeychainStorageKeyAccessToken; +extern NSString * const MASKeychainStorageKeyAuthenticatedUserObjectId; +extern NSString * const MASKeychainStorageKeyRefreshToken; +extern NSString * const MASKeychainStorageKeyScope; +extern NSString * const MASKeychainStorageKeyTokenType; +extern NSString * const MASKeychainStorageKeyExpiresIn; +extern NSString * const MASKeychainStorageKeyTokenExpiration; +extern NSString * const MASKeychainStorageKeySecuredIdToken; +extern NSString * const MASKeychainStorageKeyIdToken; +extern NSString * const MASKeychainStorageKeyIdTokenType; +extern NSString * const MASKeychainStorageKeyClientExpiration; +extern NSString * const MASKeychainStorageKeyClientId; +extern NSString * const MASKeychainStorageKeyClientSecret; +extern NSString * const MASKeychainStorageKeyJWT; +extern NSString * const MASKeychainStorageKeyMAGIdentifier; +extern NSString * const MASKeychainStorageKeyMSSOEnabled; +extern NSString * const MASKeychainStorageKeyPrivateKey; +extern NSString * const MASKeychainStorageKeyPrivateKeyBits; +extern NSString * const MASKeychainStorageKeyPublicKey; +extern NSString * const MASKeychainStorageKeyTrustedServerCertificate; +extern NSString * const MASKeychainStorageKeySignedPublicCertificate; +extern NSString * const MASKeychainStorageKeyPublicCertificateData; +extern NSString * const MASKeychainStorageKeyPublicCertificateExpirationDate; +extern NSString * const MASKeychainStorageKeyAuthenticatedTimestamp; +extern NSString * const MASKeychainStorageKeyIsDeviceLocked; +extern NSString * const MASKeychainStorageKeyCurrentAuthCredentialsGrantType; +extern NSString * const MASKeychainStorageKeyMASUserObjectData; +extern NSString * const MASKeychainStorageKeyDeviceVendorId; /** @@ -133,6 +128,10 @@ typedef NS_ENUM(NSInteger, MASAccessValueType) +///-------------------------------------- +/// @name MASAccess object +///-------------------------------------- + # pragma mark - MASAccess object /** @@ -145,9 +144,11 @@ typedef NS_ENUM(NSInteger, MASAccessValueType) -# pragma mark - Storage methods - +///-------------------------------------- +/// @name Storage methods +///-------------------------------------- +# pragma mark - Storage methods /** * Retrieve list of identities in keychain @@ -162,41 +163,65 @@ typedef NS_ENUM(NSInteger, MASAccessValueType) * Store the certificate as data format into keychain * * @param certificate NSData form of certificate - * @param type MASAccessValueType enum specifying the value key + * @param storageKey NSString value for the data key */ -- (void)setAccessValueCertificate:(NSData *)certificate withAccessValueType:(MASAccessValueType)type; +- (void)setAccessValueCertificate:(NSData *)certificate storageKey:(NSString *)storageKey; /** * Retrieve the certificate data by the value key * - * @param type MASAccessValueType enum value for key + * @param storageKey NSString value for the data key * * @return Certificate value by the specified value key */ -- (id)getAccessValueCertificateWithType:(MASAccessValueType)type; +- (id)getAccessValueCertificateWithStorageKey:(NSString *)storageKey; /** - * Store NSData of access value into keychain - * - * @param data NSData to store into keychain - * @param type MASAccessValueType enum value for the value key + Store NSData of access value into keychain + + @param data NSData to be stored into keychain + @param storageKey NSString value for the data key + @return BOOL result of operation */ -- (void)setAccessValueData:(NSData *)data withAccessValueType:(MASAccessValueType)type; +- (BOOL)setAccessValueData:(NSData *)data storageKey:(NSString *)storageKey; + + + +/** + Store NSData of access value into keychain + + @param data NSData to be stored into keychain + @param storageKey NSString value for the data key + @param error NSError reference object to notify if there is any error while keychain operation + @return BOOL result of operation + */ +- (BOOL)setAccessValueData:(NSData *)data storageKey:(NSString *)storageKey error:(NSError **)error; /** * Retrieve NSData of access value from keychain * - * @param type MASAccessValueType enum value for the value key + * @param storageKey NSString value for the data key * * @return NSData of the access data by the specified value key */ -- (NSData *)getAccessValueDataWithType:(MASAccessValueType)type; +- (NSData *)getAccessValueDataWithStorageKey:(NSString *)storageKey; + + + +/** + Retrieve NSData of access value from keychain + + @param storageKey NSString value for the data key + @param error NSError reference object to notify if there is any error while keychain operation + @return NSData of the access data by the specified value key + */ +- (NSData *)getAccessValueDataWithStorageKey:(NSString *)storageKey error:(NSError **)error; @@ -204,20 +229,44 @@ typedef NS_ENUM(NSInteger, MASAccessValueType) * Store NSString of access value into keychain * * @param string NSString to store into keychain - * @param type MASAccessValueType enum value for the value key + * @param storageKey NSString value for the data key + * @return BOOL result of operation */ -- (void)setAccessValueString:(NSString *)string withAccessValueType:(MASAccessValueType)type; +- (BOOL)setAccessValueString:(NSString *)string storageKey:(NSString *)storageKey; + + + +/** + Store NSString of access value into keychain + + @param string NSString to store into keychain + @param storageKey NSString value for the data key + @param error NSError reference object to notify if there is any error while keychain operation + @return BOOL result of operation + */ +- (BOOL)setAccessValueString:(NSString *)string storageKey:(NSString *)storageKey error:(NSError **)error; /** * Retrieve NSString of access value from keychain * - * @param type MASAccessValueType enum value for the value key + * @param storageKey NSString value for the data key * * @return NSString of the access data by the specified value key */ -- (NSString *)getAccessValueStringWithType:(MASAccessValueType)type; +- (NSString *)getAccessValueStringWithStorageKey:(NSString *)storageKey; + + + +/** + Retrieve NSString of access value from keychain + + @param storageKey NSString value for the data key + @param error NSError reference object to notify if there is any error while keychain operation + @return NSString of the access data by the specified value key + */ +- (NSString *)getAccessValueStringWithStorageKey:(NSString *)storageKey error:(NSError **)error; @@ -225,20 +274,20 @@ typedef NS_ENUM(NSInteger, MASAccessValueType) * Store NSDictionary of access value into keychain * * @param dictionary NSDictionary to store into keychain - * @param type MASAccessValueType enum value for the value key + * @param storageKey NSString value for the data key */ -- (void)setAccessValueDictionary:(NSDictionary *)dictionary withAccessValueType:(MASAccessValueType)type; +- (BOOL)setAccessValueDictionary:(NSDictionary *)dictionary storageKey:(NSString *)storageKey; /** * Retrieve NSDictionary of access value from keychain * - * @param type MASAccessValueType enum value for the value key + * @param storageKey NSString value for the data key * * @return NSDictionary of the access data by the specified value key */ -- (NSDictionary *)getAccessValueDictionaryWithType:(MASAccessValueType)type; +- (NSDictionary *)getAccessValueDictionaryWithStorageKey:(NSString *)storageKey; @@ -246,20 +295,20 @@ typedef NS_ENUM(NSInteger, MASAccessValueType) * Store NSNumber of access value into keychain * * @param number NSNumber to store into keychain - * @param type MASAccessValueType enum value for the value key + * @param storageKey NSString value for the data key */ -- (void)setAccessValueNumber:(NSNumber *)number withAccessValueType:(MASAccessValueType)type; +- (BOOL)setAccessValueNumber:(NSNumber *)number storageKey:(NSString *)storageKey; /** * Retrieve NSNumber of access value from keychain * - * @param type MASAccessValueType enum value for the value key + * @param storageKey NSString value for the data key * * @return NSNumber of the access data by the specified value key */ -- (NSNumber *)getAccessValueNumberWithType:(MASAccessValueType)type; +- (NSNumber *)getAccessValueNumberWithStorageKey:(NSString *)storageKey; @@ -271,9 +320,9 @@ typedef NS_ENUM(NSInteger, MASAccessValueType) * Other access type value will not be stored. * * @param cryptoKey SecKeyRef to store into keychain - * @param type MASAccessValueType enum value for the value key + * @param storageKey NSString value for the data key */ -- (void)setAccessValueCryptoKey:(SecKeyRef)cryptoKey withAccessValueType:(MASAccessValueType)type; +- (void)setAccessValueCryptoKey:(SecKeyRef)cryptoKey storageKey:(NSString *)storageKey; @@ -284,13 +333,18 @@ typedef NS_ENUM(NSInteger, MASAccessValueType) * MASAccessValueTypePublicKey and MASAccessValueTypePrivateKey. * Other access type value will not be retrieved. * - * @param type MASAccessValueType enum value for the value key + * @param storageKey NSString value for the data key * * @return SecKeyRef of the access data by the specified value key */ -- (SecKeyRef)getAccessValueCryptoKeyWithType:(MASAccessValueType)type; +- (SecKeyRef)getAccessValueCryptoKeyWithStorageKey:(NSString *)storageKey; + +///-------------------------------------- +/// @name Public +///-------------------------------------- + # pragma mark - Public /** @@ -303,6 +357,8 @@ typedef NS_ENUM(NSInteger, MASAccessValueType) */ + (BOOL)validateIdToken:(NSString *)idToken magIdentifier:(NSString *)magIdentifier error:(NSError *__autoreleasing *)error; + + /** * Validate the expiration date in id_token * @@ -313,6 +369,13 @@ typedef NS_ENUM(NSInteger, MASAccessValueType) + (BOOL)isIdTokenExpired:(NSString *)idToken error:(NSError *__autoreleasing *)error; + +/** + Extracts the expiration date from the SecCertificateRef + + @param certificate SecCertificateRef of the certificate + @return NSDate of the expiration date from SecCertificateRef + */ - (NSDate *)extractExpirationDateFromCertificate:(SecCertificateRef)certificate; @@ -328,7 +391,6 @@ typedef NS_ENUM(NSInteger, MASAccessValueType) - /** Unlock id_token, access_token, and refresh_token from secure keychain storage protected by device's local authentication (passcode and/or fingerprint) @@ -348,6 +410,16 @@ typedef NS_ENUM(NSInteger, MASAccessValueType) +/** + Internal method to determine whether the key is reserved for internal system data or not + + @param storageKey NSString of key to be stored + @return BOOL result of whether the key is reserved or not by internal system data + */ +- (BOOL)isInternalDataForStorageKey:(NSString *)storageKey; + + + # pragma mark - Debug only - (void)clearLocal; diff --git a/MASFoundation/Classes/_private_/services/access/MASAccessService.m b/MASFoundation/Classes/_private_/services/access/MASAccessService.m index a03e0d4b..503b067b 100644 --- a/MASFoundation/Classes/_private_/services/access/MASAccessService.m +++ b/MASFoundation/Classes/_private_/services/access/MASAccessService.m @@ -25,9 +25,43 @@ static NSString *const kMASAccessSharedStorageKey = @"sharedStorage"; static NSString *const kMASAccessLocalStorageKey = @"localStorage"; +static NSString *const kMASAccessCustomSharedStorageKey = @"customSharedStorage"; static NSString *const kMASAccessIsNotFreshInstallFlag = @"isNotFreshInstall"; +# pragma mark - Keychain Storage Key + +NSString * const MASKeychainStorageKeyConfiguration = @"kMASKeyChainConfiguration"; +NSString * const MASKeychainStorageKeyAccessToken = @"kMASKeyChainAccessToken"; +NSString * const MASKeychainStorageKeyAuthenticatedUserObjectId = @"MASAccessValueTypeAuthenticatedUserObjectId"; +NSString * const MASKeychainStorageKeyRefreshToken = @"kMASKeyChainRefreshToken"; +NSString * const MASKeychainStorageKeyScope = @"kMASKeyChainScope"; +NSString * const MASKeychainStorageKeyTokenType = @"kMASKeyChainTokenType"; +NSString * const MASKeychainStorageKeyExpiresIn = @"kMASKeyChainExpiresIn"; +NSString * const MASKeychainStorageKeyTokenExpiration = @"kMASKeyChainTokenExpiration"; +NSString * const MASKeychainStorageKeySecuredIdToken = @"kMASKeyChainSecuredIdToken"; +NSString * const MASKeychainStorageKeyIdToken = @"kMASKeyChainIdToken"; +NSString * const MASKeychainStorageKeyIdTokenType = @"kMASKeyChainIdTokenType"; +NSString * const MASKeychainStorageKeyClientExpiration = @"kMASKeyChainClientExpiration"; +NSString * const MASKeychainStorageKeyClientId = @"kMASKeyChainClientId"; +NSString * const MASKeychainStorageKeyClientSecret = @"kMASKeyChainClientSecret"; +NSString * const MASKeychainStorageKeyJWT = @"kMASKeyChainJwt"; +NSString * const MASKeychainStorageKeyMAGIdentifier = @"kMASKeyChainMagIdentifier"; +NSString * const MASKeychainStorageKeyMSSOEnabled = @"kMASAccessValueTypeMSSOEnabled"; +NSString * const MASKeychainStorageKeyPrivateKey = @"kMASKeyChainPrivateKey"; +NSString * const MASKeychainStorageKeyPrivateKeyBits = @"kMASKeyChainPrivateKeyBits"; +NSString * const MASKeychainStorageKeyPublicKey = @"kMASKeyChainPublicKey"; +NSString * const MASKeychainStorageKeyTrustedServerCertificate = @"kMASKeyChainTrustedServerCertificate"; +NSString * const MASKeychainStorageKeySignedPublicCertificate = @"kMASKeyChainSignedPublicCertificate"; +NSString * const MASKeychainStorageKeyPublicCertificateData = @"kMASKeyChainSignedPublicCertificateData"; +NSString * const MASKeychainStorageKeyPublicCertificateExpirationDate = @"kMASAccessValueTypeSignedPublicCertificateExpirationDate"; +NSString * const MASKeychainStorageKeyAuthenticatedTimestamp = @"kMASAccessValueTypeAuthenticatedTimestamp"; +NSString * const MASKeychainStorageKeyIsDeviceLocked = @"kMASAccessValueTypeIsDeviceLocked"; +NSString * const MASKeychainStorageKeyCurrentAuthCredentialsGrantType = @"kMASAccessValueTypeCurrentAuthCredentialsGrantType"; +NSString * const MASKeychainStorageKeyMASUserObjectData = @"kMASAccessValueTypeMASUserObjectData"; +NSString * const MASKeychainStorageKeyDeviceVendorId = @"kMASKeyChainDeviceVendorId"; + + @interface MASAccessService () # pragma mark - Properties @@ -36,12 +70,17 @@ @interface MASAccessService () @property (strong, nonatomic, readwrite) NSString *sharedStorageServiceName; @property (strong, nonatomic, readwrite) NSString *localStorageServiceName; +@property (strong, nonatomic, readwrite) NSString *customSharedStorageServiceName; @property (strong, nonatomic, readwrite) NSString *gatewayHostName; @property (strong, nonatomic, readwrite) NSString *gatewayIdentifier; @property (assign) BOOL isSharedKeychainEnabled; +@property (strong, nonatomic, readwrite) NSArray *sharedStorageKeys; +@property (strong, nonatomic, readwrite) NSArray *localStorageKeys; +@property (strong, nonatomic, readwrite) NSArray *secureStorageKeys; + @end @@ -102,13 +141,54 @@ + (NSString *)serviceUUID - (void)serviceDidLoad { - [super serviceDidLoad]; } - (void)serviceWillStart { + // + // Define a list of keys for secured storage + // + _secureStorageKeys = @[MASKeychainStorageKeySecuredIdToken]; + + // + // Define a list of keys to be stored in local keychain storage + // + _localStorageKeys = @[MASKeychainStorageKeyConfiguration, + MASKeychainStorageKeyAccessToken, + MASKeychainStorageKeyRefreshToken, + MASKeychainStorageKeyScope, + MASKeychainStorageKeyTokenType, + MASKeychainStorageKeyExpiresIn, + MASKeychainStorageKeyTokenExpiration, + MASKeychainStorageKeyClientExpiration, + MASKeychainStorageKeyClientId, + MASKeychainStorageKeyClientSecret, + MASKeychainStorageKeyAuthenticatedTimestamp]; + + // + // Define a list of keys to be stored in shared keychain storage + // + _sharedStorageKeys = @[MASKeychainStorageKeyAuthenticatedUserObjectId, + MASKeychainStorageKeySecuredIdToken, + MASKeychainStorageKeyIdToken, + MASKeychainStorageKeyIdTokenType, + MASKeychainStorageKeyJWT, + MASKeychainStorageKeyMAGIdentifier, + MASKeychainStorageKeyMSSOEnabled, + MASKeychainStorageKeyPrivateKey, + MASKeychainStorageKeyPrivateKeyBits, + MASKeychainStorageKeyPublicKey, + MASKeychainStorageKeyTrustedServerCertificate, + MASKeychainStorageKeySignedPublicCertificate, + MASKeychainStorageKeyPublicCertificateData, + MASKeychainStorageKeyPublicCertificateExpirationDate, + MASKeychainStorageKeyCurrentAuthCredentialsGrantType, + MASKeychainStorageKeyIsDeviceLocked, + MASKeychainStorageKeyMASUserObjectData, + MASKeychainStorageKeyDeviceVendorId]; + // // Retrieve gatewayUrl which is combination of hostname, port number, and prefix of the gateway. // The gatewayUrl can be unique identifier for each server. @@ -116,8 +196,14 @@ - (void)serviceWillStart _gatewayIdentifier = [MASConfiguration currentConfiguration].gatewayUrl.absoluteString; _localStorageServiceName = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, kMASAccessLocalStorageServiceName]; - _sharedStorageServiceName = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, kMASAccessSharedStorageServiceName]; + _customSharedStorageServiceName = [NSString stringWithFormat:@"MAS.%@", kMASAccessCustomSharedStorageKey]; + + // + // Custom shared storage + // + MASIKeyChainStore *customSharedStorage = [MASIKeyChainStore keyChainStoreWithService:_customSharedStorageServiceName accessGroup:self.accessGroup]; + customSharedStorage.synchronizable = _isKeychainSynchronizable_; // // Local storage @@ -136,13 +222,13 @@ - (void)serviceWillStart // // storage dictionary property // - _storages = [NSDictionary dictionaryWithObjectsAndKeys:localStorage, kMASAccessLocalStorageKey, sharedStorage, kMASAccessSharedStorageKey, nil]; + _storages = [NSDictionary dictionaryWithObjectsAndKeys:localStorage, kMASAccessLocalStorageKey, sharedStorage, kMASAccessSharedStorageKey, customSharedStorage, kMASAccessCustomSharedStorageKey, nil]; } else { // // storage dictionary property // - _storages = [NSDictionary dictionaryWithObjectsAndKeys:localStorage, kMASAccessLocalStorageKey, localStorage, kMASAccessSharedStorageKey, nil]; + _storages = [NSDictionary dictionaryWithObjectsAndKeys:localStorage, kMASAccessLocalStorageKey, localStorage, kMASAccessSharedStorageKey, customSharedStorage, kMASAccessCustomSharedStorageKey, nil]; } @@ -215,7 +301,7 @@ - (void)saveAccessValuesWithDictionary:(NSDictionary *)dictionary forceToOverwri // // if the user chooses to overwite whatever SDK contains with the provided dictionary, reset the object // - if(forceToOverwrite) + if (forceToOverwrite) { [_currentAccessObj reset]; _currentAccessObj = nil; @@ -240,11 +326,22 @@ - (void)saveAccessValuesWithDictionary:(NSDictionary *)dictionary forceToOverwri # pragma mark - Storage methods -- (void)setAccessValueCertificate:(NSData *)certificate withAccessValueType:(MASAccessValueType)type +- (id)getAccessValueIdentities { - NSString *storageKey = [self getStorageKeyWithAccessValueType:type]; - NSString *accessValueAsString = [self convertAccessTypeToString:type]; - MASIKeyChainStore *destinationStorage = _storages[storageKey]; + //DLog(@"\n\ncalled\n\n"); + + MASIKeyChainStore *keychainStore = [MASIKeyChainStore keyChainStore]; + NSArray *identities = [keychainStore identitiesWithCertificateLabel:[self convertKeyString:MASKeychainStorageKeySignedPublicCertificate]]; + + return identities; +} + + +- (void)setAccessValueCertificate:(NSData *)certificate storageKey:(NSString *)storageKey +{ + NSString *storageType = [self getStorageTypeWithKey:storageKey]; + NSString *accessValueAsString = [self convertKeyString:storageKey]; + MASIKeyChainStore *destinationStorage = _storages[storageType]; NSData * certData = nil; @@ -269,35 +366,31 @@ - (void)setAccessValueCertificate:(NSData *)certificate withAccessValueType:(MAS } -- (id)getAccessValueCertificateWithType:(MASAccessValueType)type +- (id)getAccessValueCertificateWithStorageKey:(NSString *)storageKey { - NSString *storageKey = [self getStorageKeyWithAccessValueType:type]; - NSString *accessValueAsString = [self convertAccessTypeToString:type]; - MASIKeyChainStore *destinationStorage = _storages[storageKey]; + NSString *storageType = [self getStorageTypeWithKey:storageKey]; + NSString *accessValueAsString = [self convertKeyString:storageKey]; + MASIKeyChainStore *destinationStorage = _storages[storageType]; return [destinationStorage certificateForKey:accessValueAsString]; } -- (id)getAccessValueIdentities +- (BOOL)setAccessValueData:(NSData *)data storageKey:(NSString *)storageKey { - //DLog(@"\n\ncalled\n\n"); - - MASIKeyChainStore *keychainStore = [MASIKeyChainStore keyChainStore]; - NSArray *identities = [keychainStore identitiesWithCertificateLabel:[self convertAccessTypeToString:MASAccessValueTypeSignedPublicCertificate]]; - - return identities; + return [self setAccessValueData:data storageKey:storageKey error:nil]; } -- (void)setAccessValueData:(NSData *)data withAccessValueType:(MASAccessValueType)type +- (BOOL)setAccessValueData:(NSData *)data storageKey:(NSString *)storageKey error:(NSError **)error { + NSString *storageType = [self getStorageTypeWithKey:storageKey]; + NSString *accessValueAsString = [self convertKeyString:storageKey]; + MASIKeyChainStore *destinationStorage = _storages[storageType]; + NSError *operationError = nil; - NSString *storageKey = [self getStorageKeyWithAccessValueType:type]; - NSString *accessValueAsString = [self convertAccessTypeToString:type]; - MASIKeyChainStore *destinationStorage = _storages[storageKey]; - - BOOL isSecuredData = [self isSecuredData:type]; + BOOL isSecuredData = [self isSecureData:storageKey]; + BOOL result = NO; if (isSecuredData) { @@ -309,50 +402,70 @@ - (void)setAccessValueData:(NSData *)data withAccessValueType:(MASAccessValueTyp // if (data) { - [destinationStorage setData:data forKey:accessValueAsString]; + result = [destinationStorage setData:data forKey:accessValueAsString error:&operationError]; } // // Removal // else { - [destinationStorage removeItemForKey:accessValueAsString]; + result = [destinationStorage removeItemForKey:accessValueAsString error:&operationError]; } if (isSecuredData) { [destinationStorage setAccessibility:MASIKeyChainStoreAccessibilityAfterFirstUnlock authenticationPolicy:0]; } + + if (error) + { + *error = operationError; + } + + return result; } -- (NSData *)getAccessValueDataWithType:(MASAccessValueType)type +- (NSData *)getAccessValueDataWithStorageKey:(NSString *)storageKey { + return [self getAccessValueDataWithStorageKey:storageKey error:nil]; +} + + +- (NSData *)getAccessValueDataWithStorageKey:(NSString *)storageKey error:(NSError **)error +{ + NSString *storageType = [self getStorageTypeWithKey:storageKey]; + NSString *accessValueAsString = [self convertKeyString:storageKey]; + MASIKeyChainStore *destinationStorage = _storages[storageType]; + NSError *operationError = nil; - NSString *storageKey = [self getStorageKeyWithAccessValueType:type]; - NSString *accessValueAsString = [self convertAccessTypeToString:type]; - MASIKeyChainStore *destinationStorage = _storages[storageKey]; + NSData *keychainData = [destinationStorage dataForKey:accessValueAsString error:&operationError]; + + if (error) + { + *error = operationError; + } - NSData *keychainData = [destinationStorage dataForKey:accessValueAsString]; - return keychainData; } -- (void)setAccessValueString:(NSString *)string withAccessValueType:(MASAccessValueType)type +- (BOOL)setAccessValueString:(NSString *)string storageKey:(NSString *)storageKey { - [self setAccessValueString:string withAccessValueType:type error:nil]; + return [self setAccessValueString:string storageKey:storageKey error:nil]; } -- (BOOL)setAccessValueString:(NSString *)string withAccessValueType:(MASAccessValueType)type error:(NSError * __nullable __autoreleasing * __nullable)error +- (BOOL)setAccessValueString:(NSString *)string storageKey:(NSString *)storageKey error:(NSError **)error { - NSString *storageKey = [self getStorageKeyWithAccessValueType:type]; - NSString *accessValueAsString = [self convertAccessTypeToString:type]; - MASIKeyChainStore *destinationStorage = _storages[storageKey]; + NSString *storageType = [self getStorageTypeWithKey:storageKey]; + NSString *accessValueAsString = [self convertKeyString:storageKey]; + MASIKeyChainStore *destinationStorage = _storages[storageType]; + NSError *operationError = nil; - BOOL isSecuredData = [self isSecuredData:type]; + BOOL result = NO; + BOOL isSecuredData = [self isSecureData:storageKey]; if (isSecuredData) { @@ -364,14 +477,14 @@ - (BOOL)setAccessValueString:(NSString *)string withAccessValueType:(MASAccessVa // if (string) { - [destinationStorage setString:string forKey:accessValueAsString error:error]; + result = [destinationStorage setString:string forKey:accessValueAsString error:&operationError]; } // // Removal // else { - [destinationStorage removeItemForKey:accessValueAsString error:error]; + result = [destinationStorage removeItemForKey:accessValueAsString error:&operationError]; } if (isSecuredData) @@ -381,70 +494,82 @@ - (BOOL)setAccessValueString:(NSString *)string withAccessValueType:(MASAccessVa if (error) { - return NO; - } - else { - return YES; + *error = operationError; } + + return result; } -- (NSString *)getAccessValueStringWithType:(MASAccessValueType)type +- (NSString *)getAccessValueStringWithStorageKey:(NSString *)storageKey { - - return [self getAccessValueStringWithType:type error:nil]; + return [self getAccessValueStringWithStorageKey:storageKey error:nil]; } -- (NSString *)getAccessValueStringWithType:(MASAccessValueType)type userOperationPrompt:(NSString *)userOperationPrompt error:(NSError * __nullable __autoreleasing * __nullable)error +- (NSString *)getAccessValueStringWithStorageKey:(NSString *)storageKey userOperationPrompt:(NSString *)userOperationPrompt error:(NSError **)error { - NSString *storageKey = [self getStorageKeyWithAccessValueType:type]; - NSString *accessValueAsString = [self convertAccessTypeToString:type]; - MASIKeyChainStore *destinationStorage = _storages[storageKey]; + NSString *storageType = [self getStorageTypeWithKey:storageKey]; + NSString *accessValueAsString = [self convertKeyString:storageKey]; + MASIKeyChainStore *destinationStorage = _storages[storageType]; + NSError *operationError = nil; - NSString *securedString = [destinationStorage stringForKey:accessValueAsString userOperationPrompt:userOperationPrompt error:error]; + NSString *securedString = [destinationStorage stringForKey:accessValueAsString userOperationPrompt:userOperationPrompt error:&operationError]; + + if (error) + { + *error = operationError; + } return securedString; } -- (NSString *)getAccessValueStringWithType:(MASAccessValueType)type error:(NSError * __nullable __autoreleasing * __nullable)error +- (NSString *)getAccessValueStringWithStorageKey:(NSString *)storageKey error:(NSError **)error { + NSString *storageType = [self getStorageTypeWithKey:storageKey]; + NSString *accessValueAsString = [self convertKeyString:storageKey]; + MASIKeyChainStore *destinationStorage = _storages[storageType]; + NSError *operationError = nil; - NSString *storageKey = [self getStorageKeyWithAccessValueType:type]; - NSString *accessValueAsString = [self convertAccessTypeToString:type]; - MASIKeyChainStore *destinationStorage = _storages[storageKey]; + NSString *securedString = [destinationStorage stringForKey:accessValueAsString error:&operationError]; - NSString *securedString = [destinationStorage stringForKey:accessValueAsString error:error]; + if (error) + { + *error = operationError; + } return securedString; } -- (void)setAccessValueDictionary:(NSDictionary *)dictionary withAccessValueType:(MASAccessValueType)type +- (BOOL)setAccessValueDictionary:(NSDictionary *)dictionary storageKey:(NSString *)storageKey { // // convert dictionary to data // NSData *thisData = [NSKeyedArchiver archivedDataWithRootObject:dictionary]; + BOOL result = NO; // // make sure the data exists // - if(thisData) + if (thisData) { - [self setAccessValueData:thisData withAccessValueType:type]; + result = [self setAccessValueData:thisData storageKey:storageKey]; } + + return result; } -- (NSDictionary *)getAccessValueDictionaryWithType:(MASAccessValueType)type +- (NSDictionary *)getAccessValueDictionaryWithStorageKey:(NSString *)storageKey { // // get data from keychain as NSData first // - NSData *thisData = [self getAccessValueDataWithType:type]; + NSData *thisData = [self getAccessValueDataWithStorageKey:storageKey]; // // return nil if NSData is nil @@ -453,28 +578,31 @@ - (NSDictionary *)getAccessValueDictionaryWithType:(MASAccessValueType)type } -- (void)setAccessValueNumber:(NSNumber *)number withAccessValueType:(MASAccessValueType)type +- (BOOL)setAccessValueNumber:(NSNumber *)number storageKey:(NSString *)storageKey { // convert dictionary to data // NSData *thisData = [NSKeyedArchiver archivedDataWithRootObject:number]; + BOOL result = NO; // // make sure the data exists // - if(thisData) + if (thisData) { - [self setAccessValueData:thisData withAccessValueType:type]; + result = [self setAccessValueData:thisData storageKey:storageKey]; } + + return result; } -- (NSNumber *)getAccessValueNumberWithType:(MASAccessValueType)type +- (NSNumber *)getAccessValueNumberWithStorageKey:(NSString *)storageKey { // // get data from keychain as NSData first // - NSData *thisData = [self getAccessValueDataWithType:type]; + NSData *thisData = [self getAccessValueDataWithStorageKey:storageKey]; // // return nil if NSData is nil @@ -483,19 +611,20 @@ - (NSNumber *)getAccessValueNumberWithType:(MASAccessValueType)type } -- (void)setAccessValueCryptoKey:(SecKeyRef)cryptoKey withAccessValueType:(MASAccessValueType)type +- (void)setAccessValueCryptoKey:(SecKeyRef)cryptoKey storageKey:(NSString *)storageKey { - NSString *storageKey = [self getStorageKeyWithAccessValueType:type]; + NSString *storageType = [self getStorageTypeWithKey:storageKey]; - MASIKeyChainStore *destinationStorage = _storages[storageKey]; + MASIKeyChainStore *destinationStorage = _storages[storageType]; NSString *keyIdentifierStr = nil; - if (type == MASAccessValueTypePublicKey) + + if ([storageKey isEqualToString:MASKeychainStorageKeyPublicKey]) { keyIdentifierStr = [NSString stringWithFormat:@"%@.%@", [MASConfiguration currentConfiguration].gatewayUrl.absoluteString, @"publicKey"]; } - else if (type == MASAccessValueTypePrivateKey) + else if ([storageKey isEqualToString:MASKeychainStorageKeyPrivateKey]) { keyIdentifierStr = [NSString stringWithFormat:@"%@.%@", [MASConfiguration currentConfiguration].gatewayUrl.absoluteString, @"privateKey"]; } @@ -510,20 +639,20 @@ - (void)setAccessValueCryptoKey:(SecKeyRef)cryptoKey withAccessValueType:(MASAcc } -- (SecKeyRef)getAccessValueCryptoKeyWithType:(MASAccessValueType)type +- (SecKeyRef)getAccessValueCryptoKeyWithStorageKey:(NSString *)storageKey { - NSString *storageKey = [self getStorageKeyWithAccessValueType:type]; - MASIKeyChainStore *destinationStorage = _storages[storageKey]; + NSString *storageType = [self getStorageTypeWithKey:storageKey]; + MASIKeyChainStore *destinationStorage = _storages[storageType]; NSString *keyIdentifierStr = nil; - if (type == MASAccessValueTypePublicKey) + if ([storageKey isEqualToString:MASKeychainStorageKeyPublicKey]) { keyIdentifierStr = [NSString stringWithFormat:@"%@.%@", [MASConfiguration currentConfiguration].gatewayUrl.absoluteString, @"publicKey"]; } - else if (type == MASAccessValueTypePrivateKey) + else if ([storageKey isEqualToString:MASKeychainStorageKeyPrivateKey]) { keyIdentifierStr = [NSString stringWithFormat:@"%@.%@", [MASConfiguration currentConfiguration].gatewayUrl.absoluteString, @"privateKey"]; } @@ -544,7 +673,7 @@ - (SecKeyRef)getAccessValueCryptoKeyWithType:(MASAccessValueType)type #pragma mark - Private -+ (NSString *)padding: (NSString *) encodedString{ ++ (NSString *)padding:(NSString *)encodedString{ unsigned long lengthtRequired = (int)(4 * ceil((float)[encodedString length] / 4.0)); long numPaddings = lengthtRequired - [encodedString length]; @@ -562,6 +691,7 @@ + (NSString *)padding: (NSString *) encodedString{ return encodedString; } + + (NSDictionary *)getIdTokenSegments:(NSString *)idToken error:(NSError *__autoreleasing *)error { NSDictionary *segmentsDict = nil; @@ -598,6 +728,7 @@ + (NSDictionary *)getIdTokenSegments:(NSString *)idToken error:(NSError *__autor return segmentsDict; } + + (NSDictionary *)unwrap:(NSString *)data { NSDictionary *dictionary = nil; @@ -615,284 +746,59 @@ + (NSDictionary *)unwrap:(NSString *)data return dictionary; } -- (BOOL)isSecuredData:(MASAccessValueType)type + +- (NSString *)convertKeyString:(NSString *)key { - BOOL isSecuredData = NO; + NSString *accessTypeToString = nil; - switch (type) { - case MASAccessValueTypeSecuredIdToken: - isSecuredData = YES; - break; + // + // Internal system data + // + if ([_sharedStorageKeys containsObject:key] || [_localStorageKeys containsObject:key]) + { + accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, key]; - default: - isSecuredData = NO; - break; + // + // When access gruop is not accessiable, differentiate the key to make sure there is no conflict of device registration record in the future + // + if (![self isAccessGroupAccessible]) + { + accessTypeToString = [NSString stringWithFormat:@"_%@", accessTypeToString]; + } + } + // + // External custom data in shared keychain storage + // + else { + accessTypeToString = key; } - return isSecuredData; + return accessTypeToString; } -- (NSString *)getStorageKeyWithAccessValueType:(MASAccessValueType)type +- (BOOL)isSecureData:(NSString *)key { - NSString *storageKey = @""; - - switch (type) { - //Configuration - case MASAccessValueTypeConfiguration: - storageKey = kMASAccessLocalStorageKey; - break; - //AccessToken - case MASAccessValueTypeAccessToken: - storageKey = kMASAccessLocalStorageKey; - break; - //Authenticated username - case MASAccessValueTypeAuthenticatedUserObjectId: - storageKey = kMASAccessSharedStorageKey; - break; - //RefreshToken - case MASAccessValueTypeRefreshToken: - storageKey = kMASAccessLocalStorageKey; - break; - //Scope - case MASAccessValueTypeScope: - storageKey = kMASAccessLocalStorageKey; - break; - //TokenType - case MASAccessValueTypeTokenType: - storageKey = kMASAccessLocalStorageKey; - break; - //ExpiresIn - case MASAccessValueTypeExpiresIn: - storageKey = kMASAccessLocalStorageKey; - break; - //TokenExpiration - case MASAccessValueTypeTokenExpiration: - storageKey = kMASAccessLocalStorageKey; - break; - //IdToken with secured local authentication - case MASAccessValueTypeSecuredIdToken: - storageKey = kMASAccessSharedStorageKey; - break; - //IdToken - case MASAccessValueTypeIdToken: - storageKey = kMASAccessSharedStorageKey; - break; - //IdTokenType - case MASAccessValueTypeIdTokenType: - storageKey = kMASAccessSharedStorageKey; - break; - //ClientExpiration - case MASAccessValueTypeClientExpiration: - storageKey = kMASAccessLocalStorageKey; - break; - //ClientId - case MASAccessValueTypeClientId: - storageKey = kMASAccessLocalStorageKey; - break; - //ClientSecret - case MASAccessValueTypeClientSecret: - storageKey = kMASAccessLocalStorageKey; - break; - //JWT - case MASAccessValueTypeJWT: - storageKey = kMASAccessSharedStorageKey; - break; - //MAGIdentifier - case MASAccessValueTypeMAGIdentifier: - storageKey = kMASAccessSharedStorageKey; - break; - case MASAccessValueTypeMSSOEnabled: - storageKey = kMASAccessSharedStorageKey; - break; - //PrivateKey - case MASAccessValueTypePrivateKey: - storageKey = kMASAccessSharedStorageKey; - break; - case MASAccessValueTypePrivateKeyBits: - storageKey = kMASAccessSharedStorageKey; - break; - //PublicKey - case MASAccessValueTypePublicKey: - storageKey = kMASAccessSharedStorageKey; - break; - //TrustedServerCertificate - case MASAccessValueTypeTrustedServerCertificate: - storageKey = kMASAccessSharedStorageKey; - break; - //PublicCertificate - case MASAccessValueTypeSignedPublicCertificate: - storageKey = kMASAccessSharedStorageKey; - break; - //PublicCertificate as NSData - case MASAccessValueTypeSignedPublicCertificateData: - storageKey = kMASAccessSharedStorageKey; - break; - //PublicCertificate Expiration Date - case MASAccessValueTypeSignedPublicCertificateExpirationDate: - storageKey = kMASAccessSharedStorageKey; - break; - //authentication timestamp - case MASAccessValueTypeAuthenticatedTimestamp: - storageKey = kMASAccessLocalStorageKey; - break; - case MASAccessValueTypeCurrentAuthCredentialsGrantType: - storageKey = kMASAccessSharedStorageKey; - break; - case MASAccessValueTypeIsDeviceLocked: - storageKey = kMASAccessSharedStorageKey; - break; - case MASAccessValueTypeMASUserObjectData: - storageKey = kMASAccessSharedStorageKey; - break; - case MASAccessValueTypeDeviceVendorId: - storageKey = kMASAccessSharedStorageKey; - break; - default: - // - // MASAccessValueTypeUknonw - // - break; - } - - return storageKey; + return [_secureStorageKeys containsObject:key]; } -- (NSString *)convertAccessTypeToString:(MASAccessValueType)type +- (NSString *)getStorageTypeWithKey:(NSString *)key { - - NSString *accessTypeToString = @""; - - switch (type) { - //Configuration - case MASAccessValueTypeConfiguration: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASKeyChainConfiguration"]; - break; - //AccessToken - case MASAccessValueTypeAccessToken: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASKeyChainAccessToken"]; - break; - //Authenticated username - case MASAccessValueTypeAuthenticatedUserObjectId: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"MASAccessValueTypeAuthenticatedUserObjectId"]; - break; - //RefreshToken - case MASAccessValueTypeRefreshToken: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASKeyChainRefreshToken"]; - break; - //Scope - case MASAccessValueTypeScope: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASKeyChainScope"]; - break; - //TokenType - case MASAccessValueTypeTokenType: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASKeyChainTokenType"]; - break; - //ExpiresIn - case MASAccessValueTypeExpiresIn: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASKeyChainExpiresIn"]; - break; - //TokenExpiration - case MASAccessValueTypeTokenExpiration: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASKeyChainTokenExpiration"]; - break; - //IdToken with secured local authentication - case MASAccessValueTypeSecuredIdToken: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASKeyChainSecuredIdToken"]; - break; - //IdToken - case MASAccessValueTypeIdToken: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASKeyChainIdToken"]; - break; - //IdTokenType - case MASAccessValueTypeIdTokenType: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASKeyChainIdTokenType"]; - break; - //ClientExpiration - case MASAccessValueTypeClientExpiration: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASKeyChainClientExpiration"]; - break; - //ClientId - case MASAccessValueTypeClientId: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASKeyChainClientId"]; - break; - //ClientSecret - case MASAccessValueTypeClientSecret: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASKeyChainClientSecret"]; - break; - //JWT - case MASAccessValueTypeJWT: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASKeyChainJwt"]; - break; - //MAGIdentifier - case MASAccessValueTypeMAGIdentifier: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASKeyChainMagIdentifier"]; - break; - case MASAccessValueTypeMSSOEnabled: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASAccessValueTypeMSSOEnabled"]; - break; - //PrivateKey - case MASAccessValueTypePrivateKey: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASKeyChainPrivateKey"]; - break; - //PrivateKeyBits - case MASAccessValueTypePrivateKeyBits: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASKeyChainPrivateKeyBits"]; - break; - //PublicKey - case MASAccessValueTypePublicKey: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASKeyChainPublicKey"]; - break; - //TrustedServerCertificate - case MASAccessValueTypeTrustedServerCertificate: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASKeyChainTrustedServerCertificate"]; - break; - //PublicCertificate - case MASAccessValueTypeSignedPublicCertificate: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASKeyChainSignedPublicCertificate"]; - break; - //PublicCertificate as NSData - case MASAccessValueTypeSignedPublicCertificateData: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASKeyChainSignedPublicCertificateData"]; - break; - //PublicCertificate Expiration Date - case MASAccessValueTypeSignedPublicCertificateExpirationDate: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASAccessValueTypeSignedPublicCertificateExpirationDate"]; - break; - //AuthenticatedTimestamp - case MASAccessValueTypeAuthenticatedTimestamp: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASAccessValueTypeAuthenticatedTimestamp"]; - break; - //IsDeviceLocked: - case MASAccessValueTypeIsDeviceLocked: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASAccessValueTypeIsDeviceLocked"]; - break; - //CurrentAuthCredentialsGrantType - case MASAccessValueTypeCurrentAuthCredentialsGrantType: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASAccessValueTypeCurrentAuthCredentialsGrantType"]; - break; - //MASUserObjectData - case MASAccessValueTypeMASUserObjectData: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayHostName, @"kMASAccessValueTypeMASUserObjectData"]; - break; - //DeviceVendorId - case MASAccessValueTypeDeviceVendorId: - accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayHostName, @"kMASKeyChainDeviceVendorId"]; - break; - default: - // - // MASAccessValueTypeUknonw - // - break; + if ([_sharedStorageKeys containsObject:key]) + { + return kMASAccessSharedStorageKey; } - - if (![self isAccessGroupAccessible]) + else if ([_localStorageKeys containsObject:key]) { - accessTypeToString = [NSString stringWithFormat:@"_%@", accessTypeToString]; + return kMASAccessLocalStorageKey; + } + // + // If the key is not defined in either of shared nor local storage, the key must be custom data which will always be stored in shared + // + else { + return kMASAccessCustomSharedStorageKey; } - - return accessTypeToString; } @@ -931,7 +837,7 @@ - (NSString *)accessGroup // // if accessGroup is not defined // - if(!_accessGroup) + if (!_accessGroup) { NSString *groupSuffix = [[NSBundle mainBundle] objectForInfoDictionaryKey:@"MSSOSDKKeychainGroup"]; @@ -1034,7 +940,7 @@ - (BOOL)lockSession:(NSError * __nullable __autoreleasing * __nullable)error // if (!localError) { - [self setAccessValueString:idToken withAccessValueType:MASAccessValueTypeSecuredIdToken error:&localError]; + [self setAccessValueString:idToken storageKey:MASKeychainStorageKeySecuredIdToken error:&localError]; } } @@ -1048,7 +954,7 @@ - (BOOL)lockSession:(NSError * __nullable __autoreleasing * __nullable)error // if (![MASUser currentUser].isSessionLocked) { - [self setAccessValueString:nil withAccessValueType:MASAccessValueTypeSecuredIdToken]; + [self setAccessValueString:nil storageKey:MASKeychainStorageKeySecuredIdToken]; } if (error != NULL) @@ -1061,10 +967,10 @@ - (BOOL)lockSession:(NSError * __nullable __autoreleasing * __nullable)error // else { - [self setAccessValueString:nil withAccessValueType:MASAccessValueTypeAccessToken]; - [self setAccessValueString:nil withAccessValueType:MASAccessValueTypeRefreshToken]; - [self setAccessValueString:nil withAccessValueType:MASAccessValueTypeIdToken]; - [self setAccessValueNumber:[NSNumber numberWithBool:YES] withAccessValueType:MASAccessValueTypeIsDeviceLocked]; + [self setAccessValueString:nil storageKey:MASKeychainStorageKeyAccessToken]; + [self setAccessValueString:nil storageKey:MASKeychainStorageKeyRefreshToken]; + [self setAccessValueString:nil storageKey:MASKeychainStorageKeyIdToken]; + [self setAccessValueNumber:[NSNumber numberWithBool:YES] storageKey:MASKeychainStorageKeyIsDeviceLocked]; // // Refresh the currentAccessObj to reflect the current status @@ -1120,7 +1026,7 @@ - (BOOL)unlockSessionWithUserOperationPromptMessage:(NSString *)userOperationPro // if (!localError) { - idToken = [self getAccessValueStringWithType:MASAccessValueTypeSecuredIdToken userOperationPrompt:userOperationPrompt error:&localError]; + idToken = [self getAccessValueStringWithStorageKey:MASKeychainStorageKeySecuredIdToken userOperationPrompt:userOperationPrompt error:&localError]; } if (idToken) @@ -1129,7 +1035,7 @@ - (BOOL)unlockSessionWithUserOperationPromptMessage:(NSString *)userOperationPro // Validate id_token whether it is valid or not // BOOL isIdTokenValid = [MASAccessService validateIdToken:idToken - magIdentifier:[[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeMAGIdentifier] + magIdentifier:[[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyMAGIdentifier] error:&localError]; if (localError && localError.code != MASFoundationErrorCodeTokenIdTokenExpired) @@ -1151,9 +1057,9 @@ - (BOOL)unlockSessionWithUserOperationPromptMessage:(NSString *)userOperationPro // if (!localError) { - [self setAccessValueString:idToken withAccessValueType:MASAccessValueTypeIdToken]; - [self setAccessValueString:nil withAccessValueType:MASAccessValueTypeSecuredIdToken]; - [self setAccessValueNumber:[NSNumber numberWithBool:NO] withAccessValueType:MASAccessValueTypeIsDeviceLocked]; + [self setAccessValueString:idToken storageKey:MASKeychainStorageKeyIdToken]; + [self setAccessValueString:nil storageKey:MASKeychainStorageKeySecuredIdToken]; + [self setAccessValueNumber:[NSNumber numberWithBool:NO] storageKey:MASKeychainStorageKeyIsDeviceLocked]; // // Refresh the currentAccessObj to reflect the current status @@ -1175,8 +1081,8 @@ - (BOOL)unlockSessionWithUserOperationPromptMessage:(NSString *)userOperationPro - (void)removeSessionLock { - [self setAccessValueString:nil withAccessValueType:MASAccessValueTypeSecuredIdToken]; - [self setAccessValueNumber:[NSNumber numberWithBool:NO] withAccessValueType:MASAccessValueTypeIsDeviceLocked]; + [self setAccessValueString:nil storageKey:MASKeychainStorageKeySecuredIdToken]; + [self setAccessValueNumber:[NSNumber numberWithBool:NO] storageKey:MASKeychainStorageKeyIsDeviceLocked]; // // Refresh the currentAccessObj to reflect the current status @@ -1213,7 +1119,8 @@ + (BOOL)validateIdToken:(NSString *)idToken magIdentifier:(NSString *)magIdentif // NSDictionary *headerDisctionary = [MASAccessService unwrap:headerString]; - if ([[headerDisctionary objectForKey:@"alg"] isEqualToString:@"HS256"]){ + if ([[headerDisctionary objectForKey:@"alg"] isEqualToString:@"HS256"]) + { // // check signature @@ -1223,7 +1130,7 @@ + (BOOL)validateIdToken:(NSString *)idToken magIdentifier:(NSString *)magIdentif [signatureSegments addObject:payload]; NSString *signingInput = [signatureSegments componentsJoinedByString:@"."]; - NSString *clientSecret = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeClientSecret]; + NSString *clientSecret = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyClientSecret]; NSData *signedInput = [NSData sign:signingInput key:clientSecret]; NSString *encodedSignedInput = [signedInput base64Encoding]; @@ -1249,7 +1156,8 @@ + (BOOL)validateIdToken:(NSString *)idToken magIdentifier:(NSString *)magIdentif NSString *azp = [payloadDictionary valueForKey:@"azp"]; NSDate *exp = [NSDate dateWithTimeIntervalSince1970:[[payloadDictionary valueForKey:@"exp"] floatValue]]; - if (!aud || !azp || !exp){ + if (!aud || !azp || !exp) + { if (error) { @@ -1261,7 +1169,8 @@ + (BOOL)validateIdToken:(NSString *)idToken magIdentifier:(NSString *)magIdentif // // case 2: aud doesn't match with clientId // - if (![aud isEqualToString:[[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeClientId]]){ + if (![aud isEqualToString:[[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyClientId]]) + { if (error) { @@ -1273,7 +1182,8 @@ + (BOOL)validateIdToken:(NSString *)idToken magIdentifier:(NSString *)magIdentif // // case 3: azp doesn't match with mag-identifier // - if (![azp isEqualToString:magIdentifier]){ + if (![azp isEqualToString:magIdentifier]) + { if (error) { @@ -1285,7 +1195,8 @@ + (BOOL)validateIdToken:(NSString *)idToken magIdentifier:(NSString *)magIdentif // // case 4: JWT expired // - if ([exp timeIntervalSinceNow] < 0){ + if ([exp timeIntervalSinceNow] < 0) + { if (error) { @@ -1358,9 +1269,11 @@ - (NSDate *)extractExpirationDateFromCertificate:(SecCertificateRef)certificate if (certificateX509 != NULL) { ASN1_TIME *certificateExpiryASN1 = X509_get_notAfter(certificateX509); - if (certificateExpiryASN1 != NULL) { + if (certificateExpiryASN1 != NULL) + { ASN1_GENERALIZEDTIME *certificateExpiryASN1Generalized = ASN1_TIME_to_generalizedtime(certificateExpiryASN1, NULL); - if (certificateExpiryASN1Generalized != NULL) { + if (certificateExpiryASN1Generalized != NULL) + { unsigned char *certificateExpiryData = ASN1_STRING_data(certificateExpiryASN1Generalized); // ASN1 generalized times look like this: "20131114230046Z" @@ -1393,6 +1306,19 @@ - (NSDate *)extractExpirationDateFromCertificate:(SecCertificateRef)certificate } +- (BOOL)isInternalDataForStorageKey:(NSString *)storageKey +{ + BOOL isInternalData = NO; + + if ([_localStorageKeys containsObject:storageKey] || [_sharedStorageKeys containsObject:storageKey]) + { + isInternalData = YES; + } + + return isInternalData; +} + + # pragma mark - Debug only - (void)clearLocal @@ -1405,13 +1331,13 @@ - (void)clearLocal - (void)clearShared; { - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeMAGIdentifier]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyMAGIdentifier]; [_storages[kMASAccessSharedStorageKey] removeAllItems]; // // Retrieve the key for certificate // - NSString *certificateKey = [self convertAccessTypeToString:MASAccessValueTypeSignedPublicCertificate]; + NSString *certificateKey = [self convertKeyString:MASKeychainStorageKeySignedPublicCertificate]; [[MASIKeyChainStore keyChainStore] clearCertificatesAndIdentitiesWithCertificateLabelKey:certificateKey]; // @@ -1431,7 +1357,7 @@ - (NSString *)debugSecuredDescription NSString *value = [NSString stringWithFormat:@"\n\n(MASAccessService)\n\n Local (%@):\n", kMASAccessLocalStorageServiceName]; NSMutableString *keychainDescription = [[NSMutableString alloc] initWithString:value]; - for(NSString *key in [_storages[kMASAccessLocalStorageKey] allKeys]) + for (NSString *key in [_storages[kMASAccessLocalStorageKey] allKeys]) { [keychainDescription appendString:[NSString stringWithFormat:@"\n key: %@", key]]; } @@ -1442,7 +1368,18 @@ - (NSString *)debugSecuredDescription value = [NSString stringWithFormat:@"\n\n Shared (%@):\n", kMASAccessSharedStorageServiceName]; [keychainDescription appendString:value]; - for(NSString *key in [_storages[kMASAccessSharedStorageKey] allKeys]) + for (NSString *key in [_storages[kMASAccessSharedStorageKey] allKeys]) + { + [keychainDescription appendString:[NSString stringWithFormat:@"\n key: %@", key]]; + } + + // + // Custom + // + value = [NSString stringWithFormat:@"\n\n Custom (%@):\n", kMASAccessCustomSharedStorageKey]; + [keychainDescription appendString:value]; + + for (NSString *key in [_storages[kMASAccessCustomSharedStorageKey] allKeys]) { [keychainDescription appendString:[NSString stringWithFormat:@"\n key: %@", key]]; } diff --git a/MASFoundation/Classes/_private_/services/model/MASModelService.m b/MASFoundation/Classes/_private_/services/model/MASModelService.m index 0aa71154..e89189f2 100644 --- a/MASFoundation/Classes/_private_/services/model/MASModelService.m +++ b/MASFoundation/Classes/_private_/services/model/MASModelService.m @@ -155,9 +155,9 @@ - (void)serviceWillStart // if (![keychainApplication.identifier isEqualToString:_currentApplication.identifier]) { - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeClientId]; - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeClientSecret]; - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeClientExpiration]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyClientId]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyClientSecret]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyClientExpiration]; [[MASModelService sharedService] clearCurrentUserForLogout]; } @@ -396,7 +396,7 @@ - (void)retrieveAuthenticationProviders:(MASObjectResponseErrorBlock)completion MASIMutableOrderedDictionary *parameterInfo = [MASIMutableOrderedDictionary new]; // ClientId - parameterInfo[MASClientKeyRequestResponseKey] = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeClientId]; + parameterInfo[MASClientKeyRequestResponseKey] = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyClientId]; // RedirectUri parameterInfo[MASRedirectUriRequestResponseKey] = [[MASApplication currentApplication].redirectUri absoluteString]; @@ -1308,9 +1308,9 @@ - (void)renewClientCertificateWithCompletion:(MASCompletionErrorBlock)completion // // Remove signed client certificate from the keychain storage // - [[MASAccessService sharedService] setAccessValueData:nil withAccessValueType:MASAccessValueTypeSignedPublicCertificateData]; - [[MASAccessService sharedService] setAccessValueCertificate:nil withAccessValueType:MASAccessValueTypeSignedPublicCertificate]; - [[MASAccessService sharedService] setAccessValueNumber:[NSNumber numberWithInt:0] withAccessValueType:MASAccessValueTypeSignedPublicCertificateExpirationDate]; + [[MASAccessService sharedService] setAccessValueData:nil storageKey:MASKeychainStorageKeyPublicCertificateData]; + [[MASAccessService sharedService] setAccessValueCertificate:nil storageKey:MASKeychainStorageKeySignedPublicCertificate]; + [[MASAccessService sharedService] setAccessValueNumber:[NSNumber numberWithInt:0] storageKey:MASKeychainStorageKeyPublicCertificateExpirationDate]; // // Remove device's client MASFile for re-generation @@ -1406,7 +1406,7 @@ - (void)logOutDeviceAndClearLocalAccessToken:(BOOL)clearLocal completion:(MASCom // // Detect if device is already logged out (which is basically checking if id_token exists), if so stop here // - if(![accessService getAccessValueStringWithType:MASAccessValueTypeIdToken]) + if(![accessService getAccessValueStringWithStorageKey:MASKeychainStorageKeyIdToken]) { // // Notify @@ -1444,14 +1444,14 @@ - (void)logOutDeviceAndClearLocalAccessToken:(BOOL)clearLocal completion:(MASCom parameterInfo[MASDeviceLogoutAppRequestResponseKey] = [MASConfiguration currentConfiguration].ssoEnabled ? @"true" : @"false"; // IdToken - NSString *idToken = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeIdToken]; + NSString *idToken = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyIdToken]; if (idToken) { parameterInfo[MASIdTokenBodyRequestResponseKey] = idToken; } // IdTokenType - NSString *idTokenType = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeIdTokenType]; + NSString *idTokenType = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyIdTokenType]; if (idTokenType) { parameterInfo[MASIdTokenTypeBodyRequestResponseKey]= idTokenType; @@ -1508,8 +1508,8 @@ - (void)logOutDeviceAndClearLocalAccessToken:(BOOL)clearLocal completion:(MASCom // // Set id_token and id_token_type to nil // - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeIdToken]; - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeIdTokenType]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyIdToken]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyIdTokenType]; [[MASAccessService sharedService].currentAccessObj refresh]; // @@ -1946,7 +1946,7 @@ - (void)loginAsRefreshTokenWithCompletion:(MASCompletionErrorBlock)completion if(clientAuthorization) headerInfo[MASAuthorizationRequestResponseKey] = clientAuthorization; // MAG Identifier - NSString *magIdentifier = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeMAGIdentifier]; + NSString *magIdentifier = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyMAGIdentifier]; if(magIdentifier) headerInfo[MASMagIdentifierRequestResponseKey] = magIdentifier; // @@ -2015,7 +2015,7 @@ - (void)loginAsRefreshTokenWithCompletion:(MASCompletionErrorBlock)completion // // If authenticate user with refresh_token, we should invalidate local refresh_token, and re-validate the user's session with alternative method. // - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeRefreshToken]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyRefreshToken]; [[MASAccessService sharedService].currentAccessObj refresh]; [blockSelf validateCurrentUserSession:completion]; @@ -2039,7 +2039,7 @@ - (void)loginAsRefreshTokenWithCompletion:(MASCompletionErrorBlock)completion { NSError *idTokenValidationError = nil; BOOL isIdTokenValid = [MASAccessService validateIdToken:[bodayInfo objectForKey:MASIdTokenBodyRequestResponseKey] - magIdentifier:[[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeMAGIdentifier] + magIdentifier:[[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyMAGIdentifier] error:&idTokenValidationError]; if (!isIdTokenValid && idTokenValidationError) diff --git a/MASFoundation/Classes/_private_/services/network/MASNetworkingService.m b/MASFoundation/Classes/_private_/services/network/MASNetworkingService.m index 209a8a61..c4415cac 100644 --- a/MASFoundation/Classes/_private_/services/network/MASNetworkingService.m +++ b/MASFoundation/Classes/_private_/services/network/MASNetworkingService.m @@ -603,9 +603,9 @@ - (MASSessionDataTaskCompletionBlock)sessionDataTaskCompletionBlockWithEndPoint: // // Remove slave client_id and client_secret from keychain // - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeClientId]; - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeClientSecret]; - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeClientExpiration]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyClientId]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyClientSecret]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyClientExpiration]; // // Remove access_token from keychain diff --git a/MASFoundation/Classes/_private_/services/network/internal/MASSessionDataTaskOperation.m b/MASFoundation/Classes/_private_/services/network/internal/MASSessionDataTaskOperation.m index 371b3e13..0329c917 100644 --- a/MASFoundation/Classes/_private_/services/network/internal/MASSessionDataTaskOperation.m +++ b/MASFoundation/Classes/_private_/services/network/internal/MASSessionDataTaskOperation.m @@ -75,9 +75,9 @@ - (void)start { NSMutableDictionary *mutableHeader = [self.request.headerInfo mutableCopy]; - if (![[self.request.headerInfo allKeys] containsObject:MASMagIdentifierRequestResponseKey] && [MASDevice currentDevice].isRegistered && [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeMAGIdentifier]) + if (![[self.request.headerInfo allKeys] containsObject:MASMagIdentifierRequestResponseKey] && [MASDevice currentDevice].isRegistered && [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyMAGIdentifier]) { - [mutableHeader setObject:[[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeMAGIdentifier] forKey:MASMagIdentifierRequestResponseKey]; + [mutableHeader setObject:[[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyMAGIdentifier] forKey:MASMagIdentifierRequestResponseKey]; } if (![[self.request.headerInfo allKeys] containsObject:MASAuthorizationRequestResponseKey] && [MASAccessService sharedService].currentAccessObj.accessToken) diff --git a/MASFoundation/Classes/_private_/services/security/MASSecurityService.m b/MASFoundation/Classes/_private_/services/security/MASSecurityService.m index c3d46a1d..465c5404 100644 --- a/MASFoundation/Classes/_private_/services/security/MASSecurityService.m +++ b/MASFoundation/Classes/_private_/services/security/MASSecurityService.m @@ -102,7 +102,7 @@ - (void)serviceDidReset - (NSURLCredential *)createUrlCredential { NSArray *identities = [[MASAccessService sharedService] getAccessValueIdentities]; - NSArray *certificates = [[MASAccessService sharedService] getAccessValueCertificateWithType:MASAccessValueTypeSignedPublicCertificate]; + NSArray *certificates = [[MASAccessService sharedService] getAccessValueCertificateWithStorageKey:MASKeychainStorageKeySignedPublicCertificate]; //DLog(@"\n\ncalled and identities is: %@ and certificates is: %@", identities, certificates); @@ -140,7 +140,7 @@ - (void)deleteAsymmetricKeys // Delete the private key // sanityCheck = SecItemDelete((__bridge CFDictionaryRef)queryPrivateKey); - if(!(sanityCheck == noErr || sanityCheck == errSecItemNotFound)) + if (!(sanityCheck == noErr || sanityCheck == errSecItemNotFound)) { DLog(@"Error removing private key, OSStatus == %d.", (int)sanityCheck ); } @@ -149,7 +149,7 @@ - (void)deleteAsymmetricKeys // Delete the public key // sanityCheck = SecItemDelete((__bridge CFDictionaryRef)queryPublicKey); - if(!(sanityCheck == noErr || sanityCheck == errSecItemNotFound)) + if (!(sanityCheck == noErr || sanityCheck == errSecItemNotFound)) { DLog(@"Error removing public key, OSStatus == %d.", (int)sanityCheck ); } @@ -226,7 +226,7 @@ - (NSString *)generateCSRWithUsername:(NSString *)userName // // Store new value in keychain // - if(privateKeyBits) + if (privateKeyBits) { NSString *keyContents = [self evpKeyToString:privatekey]; @@ -235,7 +235,7 @@ - (NSString *)generateCSRWithUsername:(NSString *)userName // // Store private key bits into keychain // - [[MASAccessService sharedService] setAccessValueString:keyContents withAccessValueType:MASAccessValueTypePrivateKeyBits]; + [[MASAccessService sharedService] setAccessValueString:keyContents storageKey:MASKeychainStorageKeyPrivateKeyBits]; } if (!X509_REQ_sign(req, privatekey, EVP_sha1())) @@ -327,7 +327,7 @@ - (void)generateKeypair [keyPairAttr setObject:publicKeyAttr forKey:(__bridge id)kSecPublicKeyAttrs]; sanityCheck = SecKeyGeneratePair((__bridge CFDictionaryRef)keyPairAttr, &publicKeyRef, &privateKeyRef); - if(!( sanityCheck == noErr && publicKeyRef != NULL && privateKeyRef != NULL)) + if (!( sanityCheck == noErr && publicKeyRef != NULL && privateKeyRef != NULL)) { DLog(@"Error with something really bad went wrong with generating the key pair"); } @@ -335,14 +335,14 @@ - (void)generateKeypair // // Storing privateKey and publicKey into keychain // - if(privateKeyRef) + if (privateKeyRef) { - [[MASAccessService sharedService] setAccessValueCryptoKey:privateKeyRef withAccessValueType:MASAccessValueTypePrivateKey]; + [[MASAccessService sharedService] setAccessValueCryptoKey:privateKeyRef storageKey:MASKeychainStorageKeyPrivateKey]; } - if(publicKeyRef) + if (publicKeyRef) { - [[MASAccessService sharedService] setAccessValueCryptoKey:publicKeyRef withAccessValueType:MASAccessValueTypePublicKey]; + [[MASAccessService sharedService] setAccessValueCryptoKey:publicKeyRef storageKey:MASKeychainStorageKeyPublicKey]; } privateKeyRef = NULL; @@ -422,7 +422,7 @@ - (MASFile *)getDeviceClientCertificate if (!signedCert) { - NSData *signedCertificateData = [[MASAccessService sharedService] getAccessValueDataWithType:MASAccessValueTypeSignedPublicCertificateData]; + NSData *signedCertificateData = [[MASAccessService sharedService] getAccessValueDataWithStorageKey:MASKeychainStorageKeyPublicCertificateData]; if (signedCertificateData) { @@ -478,7 +478,7 @@ - (MASFile *)getPrivateKey // // Retrieve privateKeyBits from keychain. // - NSString *privateKeyBits = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypePrivateKeyBits]; + NSString *privateKeyBits = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyPrivateKeyBits]; if (privateKeyBits) { diff --git a/MASFoundation/Classes/models/AuthCredentials/MASAuthCredentialsAuthorizationCode.m b/MASFoundation/Classes/models/AuthCredentials/MASAuthCredentialsAuthorizationCode.m index bc75b7f9..277d3cf1 100644 --- a/MASFoundation/Classes/models/AuthCredentials/MASAuthCredentialsAuthorizationCode.m +++ b/MASFoundation/Classes/models/AuthCredentials/MASAuthCredentialsAuthorizationCode.m @@ -142,13 +142,13 @@ - (NSDictionary *)getParameters MASAccessService *accessService = [MASAccessService sharedService]; // ClientId - NSString *clientId = [accessService getAccessValueStringWithType:MASAccessValueTypeClientId]; + NSString *clientId = [accessService getAccessValueStringWithStorageKey:MASKeychainStorageKeyClientId]; if (clientId) { parameterInfo[MASClientIdentifierRequestResponseKey] = clientId; } - NSString *clientSecret = [accessService getAccessValueStringWithType:MASAccessValueTypeClientSecret]; + NSString *clientSecret = [accessService getAccessValueStringWithStorageKey:MASKeychainStorageKeyClientSecret]; if (clientSecret) { parameterInfo[MASClientSecretRequestResponseKey] = clientSecret; diff --git a/MASFoundation/Classes/models/AuthCredentials/MASAuthCredentialsJWT.m b/MASFoundation/Classes/models/AuthCredentials/MASAuthCredentialsJWT.m index 5c07a31b..93777227 100644 --- a/MASFoundation/Classes/models/AuthCredentials/MASAuthCredentialsJWT.m +++ b/MASFoundation/Classes/models/AuthCredentials/MASAuthCredentialsJWT.m @@ -79,8 +79,8 @@ - (void)loginWithCredential:(MASCompletionErrorBlock)completion // If there is an error from the server complaining about invalid token, // invalidate local id_token and id_token_type and revalidate the user's session. // - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeIdToken]; - [[MASAccessService sharedService] setAccessValueString:nil withAccessValueType:MASAccessValueTypeIdTokenType]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyIdToken]; + [[MASAccessService sharedService] setAccessValueString:nil storageKey:MASKeychainStorageKeyIdTokenType]; [[MASAccessService sharedService].currentAccessObj refresh]; } diff --git a/MASFoundation/Classes/models/MASApplication.m b/MASFoundation/Classes/models/MASApplication.m index 15d7d480..43923b77 100644 --- a/MASFoundation/Classes/models/MASApplication.m +++ b/MASFoundation/Classes/models/MASApplication.m @@ -108,9 +108,9 @@ - (BOOL)isRegistered // MASAccessService *accessService = [MASAccessService sharedService]; - NSNumber *clientExpiration = [accessService getAccessValueNumberWithType:MASAccessValueTypeClientExpiration]; - NSString *clientId = [accessService getAccessValueStringWithType:MASAccessValueTypeClientId]; - NSString *clientSecret = [accessService getAccessValueStringWithType:MASAccessValueTypeClientSecret]; + NSNumber *clientExpiration = [accessService getAccessValueNumberWithStorageKey:MASKeychainStorageKeyClientExpiration]; + NSString *clientId = [accessService getAccessValueStringWithStorageKey:MASKeychainStorageKeyClientId]; + NSString *clientSecret = [accessService getAccessValueStringWithStorageKey:MASKeychainStorageKeyClientSecret]; _isRegistered = (clientExpiration && clientId && clientSecret && !self.isExpired); return _isRegistered; diff --git a/MASFoundation/Classes/models/MASClaims.m b/MASFoundation/Classes/models/MASClaims.m index 2b5d550b..54557475 100644 --- a/MASFoundation/Classes/models/MASClaims.m +++ b/MASFoundation/Classes/models/MASClaims.m @@ -68,8 +68,8 @@ - (id)initPrivate // // Prepare iss // - NSString *magIdentifier = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeMAGIdentifier]; - NSString *clientId = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeClientId]; + NSString *magIdentifier = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyMAGIdentifier]; + NSString *clientId = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyClientId]; if (magIdentifier && clientId) { diff --git a/MASFoundation/Classes/models/MASConfiguration.m b/MASFoundation/Classes/models/MASConfiguration.m index 29cea4b4..268b55d7 100644 --- a/MASFoundation/Classes/models/MASConfiguration.m +++ b/MASFoundation/Classes/models/MASConfiguration.m @@ -774,7 +774,7 @@ - (BOOL)enabledTrustedPublicPKI - (BOOL)ssoEnabled { MASAccessService *accessService = [MASAccessService sharedService]; - NSString *ssoEnabledString = [accessService getAccessValueStringWithType:MASAccessValueTypeMSSOEnabled]; + NSString *ssoEnabledString = [accessService getAccessValueStringWithStorageKey:MASKeychainStorageKeyMSSOEnabled]; if (ssoEnabledString) { @@ -793,7 +793,7 @@ - (void)setSsoEnabled:(BOOL)ssoEnabled { MASAccessService *accessService = [MASAccessService sharedService]; - [accessService setAccessValueString:(ssoEnabled ? @"true":@"false") withAccessValueType:MASAccessValueTypeMSSOEnabled]; + [accessService setAccessValueString:(ssoEnabled ? @"true":@"false") storageKey:MASKeychainStorageKeyMSSOEnabled]; } diff --git a/MASFoundation/Classes/models/MASDevice.m b/MASFoundation/Classes/models/MASDevice.m index ab9e1aee..2c1c1414 100644 --- a/MASFoundation/Classes/models/MASDevice.m +++ b/MASFoundation/Classes/models/MASDevice.m @@ -57,16 +57,16 @@ - (BOOL)isRegistered // MASAccessService *accessService = [MASAccessService sharedService]; - NSString *vendorIdFromKeychain = [accessService getAccessValueStringWithType:MASAccessValueTypeDeviceVendorId]; + NSString *vendorIdFromKeychain = [accessService getAccessValueStringWithStorageKey:MASKeychainStorageKeyDeviceVendorId]; NSString *vendorIdCurrent = [MASDevice deviceVendorId]; // // Check if the vendorId in Keychain macth with current vendorId // - if([vendorIdCurrent isEqualToString:vendorIdFromKeychain]) + if ([vendorIdCurrent isEqualToString:vendorIdFromKeychain]) { - NSString *magIdentifier = [accessService getAccessValueStringWithType:MASAccessValueTypeMAGIdentifier]; - NSData *certificateData = [accessService getAccessValueCertificateWithType:MASAccessValueTypeSignedPublicCertificate]; + NSString *magIdentifier = [accessService getAccessValueStringWithStorageKey:MASKeychainStorageKeyMAGIdentifier]; + NSData *certificateData = [accessService getAccessValueCertificateWithStorageKey:MASKeychainStorageKeySignedPublicCertificate]; _isRegistered = (magIdentifier && certificateData); } @@ -215,7 +215,7 @@ - (void)encodeWithCoder:(NSCoder *)aCoder - (id)initWithCoder:(NSCoder *)aDecoder { - if(self = [super initWithCoder:aDecoder]) + if (self = [super initWithCoder:aDecoder]) { [self setValue:[aDecoder decodeObjectForKey:MASDeviceIdentifierPropertyKey] forKey:@"identifier"]; [self setValue:[aDecoder decodeObjectForKey:MASDeviceNamePropertyKey] forKey:@"name"]; diff --git a/MASFoundation/Classes/models/MASSharedStorage.h b/MASFoundation/Classes/models/MASSharedStorage.h new file mode 100644 index 00000000..69867a73 --- /dev/null +++ b/MASFoundation/Classes/models/MASSharedStorage.h @@ -0,0 +1,77 @@ +// +// MASSharedStorage.h +// MASFoundation +// +// Copyright (c) 2017 CA. All rights reserved. +// +// This software may be modified and distributed under the terms +// of the MIT license. See the LICENSE file for details. +// + +#import + + +/** + MASSharedStorage class is designed for developers to write, read, and delete NSString or NSData data into shared keychain storage, + so that multiple applications with same keychain sharing group in the same device can share data between applications. + + @warning *Important:* MASSharedStorage will not be available if MASFoundation framework is not initialized; the framework should be initialized prior to write/read/delete any data into MASSharedStorage. + */ +@interface MASSharedStorage : MASObject + + + +///-------------------------------------- +/// @name Public +///-------------------------------------- + +# pragma mark - Public + + +/** + Finds NSString data stored with the key from shared keychain storage. + + @param key NSString of the key used to store the NSString data + @param error NSError object reference that would notify if there was any error while retrieving the data + @return NSString of data found with the key + */ ++ (NSString *_Nullable)findStringUsingKey:(NSString *_Nonnull)key error:(NSError * __nullable __autoreleasing * __nullable)error; + + + +/** + Finds NSData object stored with the key from shared keychain storage. + + @param key NSString of the key used to store the NSData object + @param error NSError object reference that would notify if there was any error while retrieving the data + @return NSData of data found with the key + */ ++ (NSData *_Nullable)findDataUsingKey:(NSString *_Nonnull)key error:(NSError * __nullable __autoreleasing * __nullable)error; + + + +/** + Saves NSString data with the specified key into shared keychain storage. + Save method can also be used to delete the data from the shared keychain storage by passing nil in string parameter with the key. + + @param string NSString data to be stored + @param key NSString of the key used to store the NSString data + @param error NSError object reference that would notify if there was any error while storing the data + @return BOOL result of saving operation + */ ++ (BOOL)saveString:(NSString *_Nonnull)string key:(NSString *_Nonnull)key error:(NSError * __nullable __autoreleasing * __nullable)error; + + + +/** + Saves NSData object with the specified key into shared keychain storage. + Save method can also be used to delete the data from the shared keychain storage by passing nil in data parameter with the key. + + @param data NSData object to be stored + @param key NSString of the key used to store the NSData object + @param error NSError object reference that would notify if there was any error while storing the data + @return BOOL result of saving operation + */ ++ (BOOL)saveData:(NSData *_Nonnull)data key:(NSString *_Nonnull)key error:(NSError * __nullable __autoreleasing * __nullable)error; + +@end diff --git a/MASFoundation/Classes/models/MASSharedStorage.m b/MASFoundation/Classes/models/MASSharedStorage.m new file mode 100644 index 00000000..c7d0916d --- /dev/null +++ b/MASFoundation/Classes/models/MASSharedStorage.m @@ -0,0 +1,218 @@ +// +// MASSharedStorage.m +// MASFoundation +// +// Copyright (c) 2017 CA. All rights reserved. +// +// This software may be modified and distributed under the terms +// of the MIT license. See the LICENSE file for details. +// + +#import "MASSharedStorage.h" + +#import "MASAccessService.h" +#import "MASConstantsPrivate.h" + +@implementation MASSharedStorage + ++ (NSString *)findStringUsingKey:(NSString *)key error:(NSError **)error +{ + // + // Check if SDK was initialized + // + if ([MAS MASState] != MASStateDidStart) + { + if (error) + { + *error = [NSError errorMASIsNotStarted]; + } + + return nil; + } + + // + // Check for data key + // + if (key == nil || [key length] <= 0) + { + if (error) + { + *error = [NSError errorForFoundationCode:MASFoundationErrorCodeSharedStorageNotNilKey errorDomain:MASFoundationErrorDomainLocal]; + } + + return nil; + } + + // + // Retrieve NSString from shared keychain storage + // + NSError *operationError = nil; + NSString *resultString = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:[NSString stringWithFormat:@"%@.%@", MASSharedStorageCustomPrefix, key] error:&operationError]; + + // + // If an error occurred while keychain operation, convert it into MASFoundationErrorDomainLocal error object + // + if (operationError) + { + NSError *thisError = [NSError errorWithDomain:MASFoundationErrorDomainLocal code:operationError.code userInfo:@{NSLocalizedDescriptionKey : operationError.localizedDescription}]; + + if (error) + { + *error = thisError; + } + } + + return resultString; +} + + ++ (NSData *)findDataUsingKey:(NSString *)key error:(NSError **)error +{ + // + // Check if SDK was initialized + // + if ([MAS MASState] != MASStateDidStart) + { + if (error) + { + *error = [NSError errorMASIsNotStarted]; + } + + return nil; + } + + // + // Check for data key + // + if (key == nil || [key length] <= 0) + { + if (error) + { + *error = [NSError errorForFoundationCode:MASFoundationErrorCodeSharedStorageNotNilKey errorDomain:MASFoundationErrorDomainLocal]; + } + + return nil; + } + + // + // Retrieve NSData from shared keychain storage + // + NSError *operationError = nil; + NSData *resultData = [[MASAccessService sharedService] getAccessValueDataWithStorageKey:[NSString stringWithFormat:@"%@.%@", MASSharedStorageCustomPrefix, key] error:&operationError]; + + // + // If an error occurred while keychain operation, convert it into MASFoundationErrorDomainLocal error object + // + if (operationError) + { + NSError *thisError = [NSError errorWithDomain:MASFoundationErrorDomainLocal code:operationError.code userInfo:@{NSLocalizedDescriptionKey : operationError.localizedDescription}]; + + if (error) + { + *error = thisError; + } + } + + return resultData; +} + + ++ (BOOL)saveString:(NSString *)string key:(NSString *)key error:(NSError **)error +{ + // + // Check if SDK was initialized + // + if ([MAS MASState] != MASStateDidStart) + { + if (error) + { + *error = [NSError errorMASIsNotStarted]; + } + + return NO; + } + + // + // Check for data key + // + if (key == nil || [key length] <= 0) + { + if (error) + { + *error = [NSError errorForFoundationCode:MASFoundationErrorCodeSharedStorageNotNilKey errorDomain:MASFoundationErrorDomainLocal]; + } + + return NO; + } + + // + // Store NSString into shared keychain storage + // + NSError *operationError = nil; + BOOL result = [[MASAccessService sharedService] setAccessValueString:string storageKey:[NSString stringWithFormat:@"%@.%@", MASSharedStorageCustomPrefix, key] error:&operationError]; + + // + // If an error occurred while keychain operation, convert it into MASFoundationErrorDomainLocal error object + // + if (operationError) + { + NSError *thisError = [NSError errorWithDomain:MASFoundationErrorDomainLocal code:operationError.code userInfo:@{NSLocalizedDescriptionKey : operationError.localizedDescription}]; + + if (error) + { + *error = thisError; + } + } + + return result; +} + + ++ (BOOL)saveData:(NSData *)data key:(NSString *)key error:(NSError **)error +{ + // + // Check if SDK was initialized + // + if ([MAS MASState] != MASStateDidStart) + { + if (error) + { + *error = [NSError errorMASIsNotStarted]; + } + + return NO; + } + + // + // Check for data key + // + if (key == nil || [key length] <= 0) + { + if (error) + { + *error = [NSError errorForFoundationCode:MASFoundationErrorCodeSharedStorageNotNilKey errorDomain:MASFoundationErrorDomainLocal]; + } + + return NO; + } + + NSError *operationError = nil; + BOOL result = [[MASAccessService sharedService] setAccessValueData:data storageKey:[NSString stringWithFormat:@"%@.%@", MASSharedStorageCustomPrefix, key] error:&operationError]; + + // + // If an error occurred while keychain operation, convert it into MASFoundationErrorDomainLocal error object + // + if (operationError) + { + NSError *thisError = [NSError errorWithDomain:MASFoundationErrorDomainLocal code:operationError.code userInfo:@{NSLocalizedDescriptionKey : operationError.localizedDescription}]; + + if (error) + { + *error = thisError; + } + } + + return result; +} + +@end diff --git a/MASFoundation/Classes/models/MASUser.m b/MASFoundation/Classes/models/MASUser.m index da2b3d3b..9cc8fc67 100644 --- a/MASFoundation/Classes/models/MASUser.m +++ b/MASFoundation/Classes/models/MASUser.m @@ -42,7 +42,7 @@ + (MASUser *)currentUser + (NSString *_Nullable)authCredentialsType { - NSString *authCredentialsType = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeCurrentAuthCredentialsGrantType]; + NSString *authCredentialsType = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyCurrentAuthCredentialsGrantType]; return authCredentialsType; } @@ -142,7 +142,7 @@ - (BOOL)isCurrentUser // // Get currently authenticated user's object id to make sure that isCurrentUser flag can be determined properly for other users // - NSString *currentlyAuthenticatedUserObjectId = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeAuthenticatedUserObjectId]; + NSString *currentlyAuthenticatedUserObjectId = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyAuthenticatedUserObjectId]; return [self.objectId isEqualToString:currentlyAuthenticatedUserObjectId]; } @@ -154,7 +154,7 @@ - (BOOL)isAuthenticated // // Get currently authenticated user's object id to make sure that isAuthenticated flag can be determined properly for other users // - NSString *currentlyAuthenticatedUserObjectId = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeAuthenticatedUserObjectId]; + NSString *currentlyAuthenticatedUserObjectId = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyAuthenticatedUserObjectId]; // // if the user status is not MASUserStatusNotLoggedIn, @@ -169,7 +169,7 @@ - (BOOL)isSessionLocked // // Get currently authenticated user's object id to make sure that isAuthenticated flag can be determined properly for other users // - NSString *currentlyAuthenticatedUserObjectId = [[MASAccessService sharedService] getAccessValueStringWithType:MASAccessValueTypeAuthenticatedUserObjectId]; + NSString *currentlyAuthenticatedUserObjectId = [[MASAccessService sharedService] getAccessValueStringWithStorageKey:MASKeychainStorageKeyAuthenticatedUserObjectId]; if ([self.objectId isEqualToString:currentlyAuthenticatedUserObjectId]) { @@ -287,7 +287,7 @@ - (void)logoutWithCompletion:(MASCompletionErrorBlock)completion // // Detect if there is id_token // - if([accessService getAccessValueStringWithType:MASAccessValueTypeIdToken]) + if ([accessService getAccessValueStringWithStorageKey:MASKeychainStorageKeyIdToken]) { [[MASModelService sharedService] logOutDeviceAndClearLocalAccessToken:YES completion:completion]; } diff --git a/MASFoundation/MASFoundation.h b/MASFoundation/MASFoundation.h index 268dec54..10a69f8c 100644 --- a/MASFoundation/MASFoundation.h +++ b/MASFoundation/MASFoundation.h @@ -47,12 +47,13 @@ FOUNDATION_EXPORT const unsigned char MASFoundationVersionString[]; #import #import #import -#import -#import #import #import #import #import +#import +#import +#import // // AuthCredentials Models