verdnatura-chat/ios/NotificationService/SecureStorage.m

288 lines
9.6 KiB
Objective-C

//
// SecureStorage.m
// NotificationService
//
// https://github.com/ammarahm-ed/react-native-mmkv-storage/blob/master/ios/SecureStorage.m
// Refer to /patches/react-native-mmkv-storage+0.3.5.patch
#if __has_include("RCTBridgeModule.h")
#import "RCTBridgeModule.h"
#else
#import <React/RCTBridgeModule.h>
#endif
#import "SecureStorage.h"
@implementation SecureStorage : NSObject
NSString *serviceName;
- (void) setSecureKey: (NSString *)key value:(NSString *)value
options: (NSDictionary *)options
callback:(RCTResponseSenderBlock)callback
{
@try {
[self handleAppUninstallation];
BOOL status = [self createKeychainValue: value forIdentifier: key options: options];
if (status) {
callback(@[[NSNull null],@"Key updated successfully" ]);
} else {
BOOL status = [self updateKeychainValue: value forIdentifier: key options: options];
if (status) {
callback(@[[NSNull null],@"Key updated successfully" ]);
} else {
callback(@[@"An error occurred", [NSNull null]]);
}
}
}
@catch (NSException *exception) {
callback(@[exception.reason, [NSNull null]]);
}
}
- (NSString *) getSecureKey:(NSString *)key
callback:(RCTResponseSenderBlock)callback
{
@try {
[self handleAppUninstallation];
NSString *value = [self searchKeychainCopyMatching:key];
if (value == nil) {
NSString* errorMessage = @"key does not present";
if (callback != NULL) {
callback(@[errorMessage, [NSNull null]]);
}
return NULL;
} else {
if (callback != NULL) {
callback(@[[NSNull null], value]);
}
return value;
}
}
@catch (NSException *exception) {
if (callback != NULL) {
callback(@[exception.reason, [NSNull null]]);
}
return NULL;
}
}
- (bool) secureKeyExists:(NSString *)key
callback:(RCTResponseSenderBlock)callback
{
@try {
[self handleAppUninstallation];
BOOL exists = [self searchKeychainCopyMatchingExists:key];
if (exists) {
if (callback != NULL) {
callback(@[[NSNull null], @true]);
}
return true;
} else {
if (callback != NULL) {
callback(@[[NSNull null], @false]);
}
return false;
}
}
@catch(NSException *exception) {
if (callback != NULL) {
callback(@[exception.reason, [NSNull null]]);
}
return NULL;
}
}
- (void) removeSecureKey:(NSString *)key
callback:(RCTResponseSenderBlock)callback
{
@try {
BOOL status = [self deleteKeychainValue:key];
if (status) {
callback(@[[NSNull null], @"key removed successfully"]);
} else {
NSString* errorMessage = @"Could not find the key to delete.";
callback(@[errorMessage, [NSNull null]]);
}
}
@catch(NSException *exception) {
callback(@[exception.reason, [NSNull null]]);
}
}
- (NSMutableDictionary *)newSearchDictionary:(NSString *)identifier {
NSMutableDictionary *searchDictionary = [[NSMutableDictionary alloc] init];
// this value is shared by main app and extensions, so, is the best to be used here
serviceName = [[NSBundle mainBundle] objectForInfoDictionaryKey:@"AppGroup"];
[searchDictionary setObject:(id)kSecClassGenericPassword forKey:(id)kSecClass];
NSData *encodedIdentifier = [identifier dataUsingEncoding:NSUTF8StringEncoding];
[searchDictionary setObject:encodedIdentifier forKey:(id)kSecAttrGeneric];
[searchDictionary setObject:encodedIdentifier forKey:(id)kSecAttrAccount];
[searchDictionary setObject:serviceName forKey:(id)kSecAttrService];
NSString *keychainGroup = [[NSBundle mainBundle] objectForInfoDictionaryKey:@"KeychainGroup"];
[searchDictionary setObject:keychainGroup forKey:(id)kSecAttrAccessGroup];
return searchDictionary;
}
- (NSString *)searchKeychainCopyMatching:(NSString *)identifier {
NSMutableDictionary *searchDictionary = [self newSearchDictionary:identifier];
// Add search attributes
[searchDictionary setObject:(id)kSecMatchLimitOne forKey:(id)kSecMatchLimit];
// Add search return types
[searchDictionary setObject:(id)kCFBooleanTrue forKey:(id)kSecReturnData];
NSDictionary *found = nil;
CFTypeRef result = NULL;
OSStatus status = SecItemCopyMatching((CFDictionaryRef)searchDictionary,
(CFTypeRef *)&result);
NSString *value = nil;
found = (__bridge NSDictionary*)(result);
if (found) {
value = [[NSString alloc] initWithData:found encoding:NSUTF8StringEncoding];
}
return value;
}
- (BOOL)searchKeychainCopyMatchingExists:(NSString *)identifier {
NSMutableDictionary *searchDictionary = [self newSearchDictionary:identifier];
// Add search attributes
[searchDictionary setObject:(id)kSecMatchLimitOne forKey:(id)kSecMatchLimit];
// Add search return types
[searchDictionary setObject:(id)kCFBooleanTrue forKey:(id)kSecReturnData];
CFTypeRef result = NULL;
OSStatus status = SecItemCopyMatching((CFDictionaryRef)searchDictionary,
(CFTypeRef *)&result);
if (status != errSecItemNotFound) {
return YES;
}
return NO;
}
- (BOOL)createKeychainValue:(NSString *)value forIdentifier:(NSString *)identifier options: (NSDictionary * __nullable)options {
CFStringRef accessible = accessibleValue(options);
NSMutableDictionary *dictionary = [self newSearchDictionary:identifier];
NSData *valueData = [value dataUsingEncoding:NSUTF8StringEncoding];
[dictionary setObject:valueData forKey:(id)kSecValueData];
dictionary[(__bridge NSString *)kSecAttrAccessible] = (__bridge id)accessible;
OSStatus status = SecItemAdd((CFDictionaryRef)dictionary, NULL);
if (status == errSecSuccess) {
return YES;
}
return NO;
}
- (BOOL)updateKeychainValue:(NSString *)password forIdentifier:(NSString *)identifier options:(NSDictionary * __nullable)options {
CFStringRef accessible = accessibleValue(options);
NSMutableDictionary *searchDictionary = [self newSearchDictionary:identifier];
NSMutableDictionary *updateDictionary = [[NSMutableDictionary alloc] init];
NSData *passwordData = [password dataUsingEncoding:NSUTF8StringEncoding];
[updateDictionary setObject:passwordData forKey:(id)kSecValueData];
updateDictionary[(__bridge NSString *)kSecAttrAccessible] = (__bridge id)accessible;
OSStatus status = SecItemUpdate((CFDictionaryRef)searchDictionary,
(CFDictionaryRef)updateDictionary);
if (status == errSecSuccess) {
return YES;
}
return NO;
}
- (BOOL)deleteKeychainValue:(NSString *)identifier {
NSMutableDictionary *searchDictionary = [self newSearchDictionary:identifier];
OSStatus status = SecItemDelete((CFDictionaryRef)searchDictionary);
if (status == errSecSuccess) {
return YES;
}
return NO;
}
- (void)clearSecureKeyStore
{
NSArray *secItemClasses = @[(__bridge id)kSecClassGenericPassword,
(__bridge id)kSecAttrGeneric,
(__bridge id)kSecAttrAccount,
(__bridge id)kSecClassKey,
(__bridge id)kSecAttrService];
for (id secItemClass in secItemClasses) {
NSDictionary *spec = @{(__bridge id)kSecClass: secItemClass};
SecItemDelete((__bridge CFDictionaryRef)spec);
}
}
- (void)handleAppUninstallation
{
// use app group user defaults to prevent clear when it's share extension
NSString *suiteName = [[NSBundle mainBundle] objectForInfoDictionaryKey:@"AppGroup"];
NSUserDefaults *userDefaults = [[NSUserDefaults alloc] initWithSuiteName:suiteName];
if (![userDefaults boolForKey:@"RnSksIsAppInstalled"]) {
[self clearSecureKeyStore];
[userDefaults setBool:YES forKey:@"RnSksIsAppInstalled"];
[userDefaults synchronize];
}
}
NSError * secureKeyStoreError(NSString *errMsg)
{
NSError *error = [NSError errorWithDomain:serviceName code:200 userInfo:@{@"reason": errMsg}];
return error;
}
CFStringRef accessibleValue(NSDictionary *options)
{
if (options && options[@"accessible"] != nil) {
NSDictionary *keyMap = @{
@"AccessibleWhenUnlocked": (__bridge NSString *)kSecAttrAccessibleWhenUnlocked,
@"AccessibleAfterFirstUnlock": (__bridge NSString *)kSecAttrAccessibleAfterFirstUnlock,
@"AccessibleAlways": (__bridge NSString *)kSecAttrAccessibleAlways,
@"AccessibleWhenPasscodeSetThisDeviceOnly": (__bridge NSString *)kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly,
@"AccessibleWhenUnlockedThisDeviceOnly": (__bridge NSString *)kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
@"AccessibleAfterFirstUnlockThisDeviceOnly": (__bridge NSString *)kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly,
@"AccessibleAlwaysThisDeviceOnly": (__bridge NSString *)kSecAttrAccessibleAlwaysThisDeviceOnly
};
NSString *result = keyMap[options[@"accessible"]];
if (result) {
return (__bridge CFStringRef)result;
}
}
return kSecAttrAccessibleAfterFirstUnlock;
}
@end