diff --git a/MASFoundation/Classes/_private_/models/MASDevice+MASPrivate.h b/MASFoundation/Classes/_private_/models/MASDevice+MASPrivate.h index 0b5c0fa9..ecbb5815 100644 --- a/MASFoundation/Classes/_private_/models/MASDevice+MASPrivate.h +++ b/MASFoundation/Classes/_private_/models/MASDevice+MASPrivate.h @@ -81,4 +81,13 @@ */ + (NSString *)deviceNameBase64Encoded; + +/** + * Retrieves the device vendor identifier that is uniquely generated for the + * specific device the framework is running upon. + * + * @return Returns the unique NSString device vendor identifier. + */ ++ (NSString *)deviceVendorId; + @end diff --git a/MASFoundation/Classes/_private_/models/MASDevice+MASPrivate.m b/MASFoundation/Classes/_private_/models/MASDevice+MASPrivate.m index 3ca228cf..48dab8cf 100644 --- a/MASFoundation/Classes/_private_/models/MASDevice+MASPrivate.m +++ b/MASFoundation/Classes/_private_/models/MASDevice+MASPrivate.m @@ -145,6 +145,15 @@ - (void)saveWithUpdatedInfo:(NSDictionary *)info [accessService setAccessValueNumber:[NSNumber numberWithDouble:[expirationDate timeIntervalSince1970]] withAccessValueType:MASAccessValueTypeSignedPublicCertificateExpirationDate]; } + // + // Device Vendor Id + // + NSString *deviceVendorId = [MASDevice deviceVendorId]; + if (deviceVendorId) + { + [accessService setAccessValueString:deviceVendorId withAccessValueType:MASAccessValueTypeDeviceVendorId]; + } + // // Reload MASAccess object after storing id-token and type // @@ -183,7 +192,7 @@ - (BOOL)isClientCertificateExpired + (NSString *)deviceIdBase64Encoded { - NSString *deviceId = [[[UIDevice currentDevice] identifierForVendor] UUIDString]; + NSString *deviceId = [MASDevice deviceVendorId]; // // If the sso is disabled, generate unique device id to differentiate the application's registration record from others. @@ -215,4 +224,11 @@ + (NSString *)deviceNameBase64Encoded; return [deviceNameData base64EncodedStringWithOptions:0]; } + ++ (NSString *)deviceVendorId +{ + return [[[UIDevice currentDevice] identifierForVendor] UUIDString]; +} + + @end diff --git a/MASFoundation/Classes/_private_/services/access/MASAccessService.h b/MASFoundation/Classes/_private_/services/access/MASAccessService.h index 7ab122e0..077e6038 100644 --- a/MASFoundation/Classes/_private_/services/access/MASAccessService.h +++ b/MASFoundation/Classes/_private_/services/access/MASAccessService.h @@ -51,6 +51,7 @@ typedef NS_ENUM(NSInteger, MASAccessValueType) MASAccessValueTypeTrustedServerCertificate, MASAccessValueTypeCurrentAuthCredentialsGrantType, MASAccessValueTypeMASUserObjectData, + MASAccessValueTypeDeviceVendorId, }; diff --git a/MASFoundation/Classes/_private_/services/access/MASAccessService.m b/MASFoundation/Classes/_private_/services/access/MASAccessService.m index efdb6e80..a03e0d4b 100644 --- a/MASFoundation/Classes/_private_/services/access/MASAccessService.m +++ b/MASFoundation/Classes/_private_/services/access/MASAccessService.m @@ -745,6 +745,9 @@ - (NSString *)getStorageKeyWithAccessValueType:(MASAccessValueType)type case MASAccessValueTypeMASUserObjectData: storageKey = kMASAccessSharedStorageKey; break; + case MASAccessValueTypeDeviceVendorId: + storageKey = kMASAccessSharedStorageKey; + break; default: // // MASAccessValueTypeUknonw @@ -857,24 +860,33 @@ - (NSString *)convertAccessTypeToString:(MASAccessValueType)type case MASAccessValueTypeSignedPublicCertificateExpirationDate: accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASAccessValueTypeSignedPublicCertificateExpirationDate"]; break; + //AuthenticatedTimestamp case MASAccessValueTypeAuthenticatedTimestamp: accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASAccessValueTypeAuthenticatedTimestamp"]; break; + //IsDeviceLocked: case MASAccessValueTypeIsDeviceLocked: accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASAccessValueTypeIsDeviceLocked"]; break; + //CurrentAuthCredentialsGrantType case MASAccessValueTypeCurrentAuthCredentialsGrantType: accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASAccessValueTypeCurrentAuthCredentialsGrantType"]; break; + //MASUserObjectData case MASAccessValueTypeMASUserObjectData: accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayHostName, @"kMASAccessValueTypeMASUserObjectData"]; + break; + //DeviceVendorId + case MASAccessValueTypeDeviceVendorId: + accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayHostName, @"kMASKeyChainDeviceVendorId"]; + break; default: // // MASAccessValueTypeUknonw // break; } - + if (![self isAccessGroupAccessible]) { accessTypeToString = [NSString stringWithFormat:@"_%@", accessTypeToString]; diff --git a/MASFoundation/Classes/models/MASDevice.m b/MASFoundation/Classes/models/MASDevice.m index 645399ce..0cfbfd28 100644 --- a/MASFoundation/Classes/models/MASDevice.m +++ b/MASFoundation/Classes/models/MASDevice.m @@ -50,15 +50,26 @@ + (void)setProximityLoginDelegate:(id)delegate - (BOOL)isRegistered { + _isRegistered = NO; + // // Obtain key chain items to determine registration status // MASAccessService *accessService = [MASAccessService sharedService]; - NSString *magIdentifier = [accessService getAccessValueStringWithType:MASAccessValueTypeMAGIdentifier]; - NSData *certificateData = [accessService getAccessValueCertificateWithType:MASAccessValueTypeSignedPublicCertificate]; - - _isRegistered = (magIdentifier && certificateData); + NSString *vendorIdFromKeychain = [accessService getAccessValueStringWithType:MASAccessValueTypeDeviceVendorId]; + NSString *vendorIdCurrent = [MASDevice deviceVendorId]; + + // + // Check if the vendorId in Keychain macth with current vendorId + // + if([vendorIdCurrent isEqualToString:vendorIdFromKeychain]) + { + NSString *magIdentifier = [accessService getAccessValueStringWithType:MASAccessValueTypeMAGIdentifier]; + NSData *certificateData = [accessService getAccessValueCertificateWithType:MASAccessValueTypeSignedPublicCertificate]; + + _isRegistered = (magIdentifier && certificateData); + } return _isRegistered; } @@ -122,7 +133,6 @@ - (void)resetLocally } - # pragma mark - Lifecycle - (id)init