Us406920 device registration enhancement

MASFoundation/Classes/_private_/models/MASDevice+MASPrivate.h

@@ -81,4 +81,13 @@
  */
 + (NSString *)deviceNameBase64Encoded;
 
+
+/**
+ * Retrieves the device vendor identifier that is uniquely generated for the
+ * specific device the framework is running upon.
+ *
+ * @return Returns the unique NSString device vendor identifier.
+ */
++ (NSString *)deviceVendorId;
+
 @end

MASFoundation/Classes/_private_/models/MASDevice+MASPrivate.m

@@ -145,6 +145,15 @@ - (void)saveWithUpdatedInfo:(NSDictionary *)info
         [accessService setAccessValueNumber:[NSNumber numberWithDouble:[expirationDate timeIntervalSince1970]] withAccessValueType:MASAccessValueTypeSignedPublicCertificateExpirationDate];
     }
 
+    //
+    // Device Vendor Id
+    //
+    NSString *deviceVendorId = [MASDevice deviceVendorId];    
+    if (deviceVendorId)
+    {
+        [accessService setAccessValueString:deviceVendorId withAccessValueType:MASAccessValueTypeDeviceVendorId];
+    }
+
     //
     // Reload MASAccess object after storing id-token and type
     //
@@ -183,7 +192,7 @@ - (BOOL)isClientCertificateExpired
 
 + (NSString *)deviceIdBase64Encoded
 {
-    NSString *deviceId = [[[UIDevice currentDevice] identifierForVendor] UUIDString];
+    NSString *deviceId = [MASDevice deviceVendorId];
 
     //
     //  If the sso is disabled, generate unique device id to differentiate the application's registration record from others.
@@ -215,4 +224,11 @@ + (NSString *)deviceNameBase64Encoded;
     return [deviceNameData base64EncodedStringWithOptions:0];
 }
 
+
++ (NSString *)deviceVendorId
+{
+    return [[[UIDevice currentDevice] identifierForVendor] UUIDString];
+}
+
+
 @end

MASFoundation/Classes/_private_/services/access/MASAccessService.h

@@ -51,6 +51,7 @@ typedef NS_ENUM(NSInteger, MASAccessValueType)
     MASAccessValueTypeTrustedServerCertificate,
     MASAccessValueTypeCurrentAuthCredentialsGrantType,
     MASAccessValueTypeMASUserObjectData,
+    MASAccessValueTypeDeviceVendorId,
 };
 
 

MASFoundation/Classes/_private_/services/access/MASAccessService.m

@@ -745,6 +745,9 @@ - (NSString *)getStorageKeyWithAccessValueType:(MASAccessValueType)type
         case MASAccessValueTypeMASUserObjectData:
             storageKey = kMASAccessSharedStorageKey;
             break;
+        case MASAccessValueTypeDeviceVendorId:
+            storageKey = kMASAccessSharedStorageKey;
+            break;
         default:
             //
             // MASAccessValueTypeUknonw
@@ -857,24 +860,33 @@ - (NSString *)convertAccessTypeToString:(MASAccessValueType)type
         case MASAccessValueTypeSignedPublicCertificateExpirationDate:
             accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASAccessValueTypeSignedPublicCertificateExpirationDate"];
             break;
+            //AuthenticatedTimestamp
         case MASAccessValueTypeAuthenticatedTimestamp:
             accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASAccessValueTypeAuthenticatedTimestamp"];
             break;
+            //IsDeviceLocked:
         case MASAccessValueTypeIsDeviceLocked:
             accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASAccessValueTypeIsDeviceLocked"];
             break;
+            //CurrentAuthCredentialsGrantType
         case MASAccessValueTypeCurrentAuthCredentialsGrantType:
             accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayIdentifier, @"kMASAccessValueTypeCurrentAuthCredentialsGrantType"];
             break;
+            //MASUserObjectData
         case MASAccessValueTypeMASUserObjectData:
             accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayHostName, @"kMASAccessValueTypeMASUserObjectData"];
+            break;
+            //DeviceVendorId
+        case MASAccessValueTypeDeviceVendorId:
+            accessTypeToString = [NSString stringWithFormat:@"%@.%@", _gatewayHostName, @"kMASKeyChainDeviceVendorId"];
+            break;
         default:
             //
             // MASAccessValueTypeUknonw
             //
             break;
     }
-    
+
     if (![self isAccessGroupAccessible])
     {
         accessTypeToString = [NSString stringWithFormat:@"_%@", accessTypeToString];

MASFoundation/Classes/models/MASDevice.m

@@ -50,15 +50,26 @@ + (void)setProximityLoginDelegate:(id<MASProximityLoginDelegate>)delegate
 
 - (BOOL)isRegistered
 {
+    _isRegistered = NO;
+
     //
     // Obtain key chain items to determine registration status
     //
     MASAccessService *accessService = [MASAccessService sharedService];
 
-    NSString *magIdentifier = [accessService getAccessValueStringWithType:MASAccessValueTypeMAGIdentifier];
-    NSData *certificateData = [accessService getAccessValueCertificateWithType:MASAccessValueTypeSignedPublicCertificate];
-
-    _isRegistered = (magIdentifier && certificateData);
+    NSString *vendorIdFromKeychain = [accessService getAccessValueStringWithType:MASAccessValueTypeDeviceVendorId];
+    NSString *vendorIdCurrent = [MASDevice deviceVendorId];
+
+    //
+    // Check if the vendorId in Keychain macth with current vendorId
+    //
+    if([vendorIdCurrent isEqualToString:vendorIdFromKeychain])
+    {
+        NSString *magIdentifier = [accessService getAccessValueStringWithType:MASAccessValueTypeMAGIdentifier];
+        NSData *certificateData = [accessService getAccessValueCertificateWithType:MASAccessValueTypeSignedPublicCertificate];
+
+        _isRegistered = (magIdentifier && certificateData);
+    }
 
     return _isRegistered;
 }
@@ -122,7 +133,6 @@ - (void)resetLocally
 }
 
 
-
 # pragma mark - Lifecycle
 
 - (id)init