metatext/Keychain/Sources/Keychain/Keychain.swift

// Copyright © 2020 Metabolist. All rights reserved.

import Foundation

public protocol Keychain {
    static func setGenericPassword(data: Data, forAccount key: String, service: String) throws
    static func deleteGenericPassword(account: String, service: String) throws
    static func getGenericPassword(account: String, service: String) throws -> Data?
    static func generateKeyAndReturnPublicKey(applicationTag: String, attributes: [String: Any]) throws -> Data
    static func getPrivateKey(applicationTag: String, attributes: [String: Any]) throws -> Data?
    static func deleteKey(applicationTag: String) throws
}

public struct LiveKeychain {}

extension LiveKeychain: Keychain {
    public static func setGenericPassword(data: Data, forAccount account: String, service: String) throws {
        var query = genericPasswordQueryDictionary(account: account, service: service)

        query[kSecValueData as String] = data
        query[kSecAttrAccessible as String] = kSecAttrAccessibleAfterFirstUnlock

        var status = SecItemAdd(query as CFDictionary, nil)

        if status == errSecDuplicateItem {
            status = SecItemUpdate(
                genericPasswordQueryDictionary(account: account, service: service) as CFDictionary,
                [kSecValueData as String: data] as CFDictionary)
        }

        if status != errSecSuccess {
            throw NSError(status: status)
        }
    }

    public static func deleteGenericPassword(account: String, service: String) throws {
        let status = SecItemDelete(genericPasswordQueryDictionary(account: account, service: service) as CFDictionary)

        if status != errSecSuccess {
            throw NSError(status: status)
        }
    }

    public static func getGenericPassword(account: String, service: String) throws -> Data? {
        var result: AnyObject?
        var query = genericPasswordQueryDictionary(account: account, service: service)

        query[kSecMatchLimit as String] = kSecMatchLimitOne
        query[kSecReturnData as String] = kCFBooleanTrue

        let status = SecItemCopyMatching(query as CFDictionary, &result)

        switch status {
        case errSecSuccess:
            return result as? Data
        case errSecItemNotFound:
            return nil
        default:
            throw NSError(status: status)
        }
    }

    public static func generateKeyAndReturnPublicKey(applicationTag: String, attributes: [String: Any]) throws -> Data {
        try? deleteKey(applicationTag: applicationTag)

        var attributes = attributes
        var error: Unmanaged<CFError>?

        guard let accessControl = SecAccessControlCreateWithFlags(
                kCFAllocatorDefault,
                kSecAttrAccessibleAfterFirstUnlock,
                [],
                &error)
        else { throw error?.takeRetainedValue() ?? NSError() }

        attributes[kSecPrivateKeyAttrs as String] = [
            kSecAttrIsPermanent as String: true,
            kSecAttrApplicationTag as String: Data(applicationTag.utf8),
            kSecAttrAccessControl as String: accessControl]

        guard
            let key = SecKeyCreateRandomKey(attributes as CFDictionary, &error),
            let publicKey = SecKeyCopyPublicKey(key),
            let publicKeyData = SecKeyCopyExternalRepresentation(publicKey, &error) as Data?
            else { throw error?.takeRetainedValue() ?? NSError() }

        return publicKeyData
    }

    public static func getPrivateKey(applicationTag: String, attributes: [String: Any]) throws -> Data? {
        var result: AnyObject?
        var error: Unmanaged<CFError>?
        var query = keyQueryDictionary(applicationTag: applicationTag)

        query.merge(attributes, uniquingKeysWith: { $1 })
        query[kSecMatchLimit as String] = kSecMatchLimitOne
        query[kSecReturnRef as String] = kCFBooleanTrue

        let status = SecItemCopyMatching(query as CFDictionary, &result)

        switch status {
        case errSecSuccess:
            // swiftlint:disable force_cast
            let secKey = result as! SecKey
            // swiftlint:enable force_cast
            guard let data = SecKeyCopyExternalRepresentation(secKey, &error) else {
                throw error?.takeRetainedValue() ?? NSError()
            }

            return data as Data
        case errSecItemNotFound:
            return nil
        default:
            throw NSError(status: status)
        }
    }

    public static func deleteKey(applicationTag: String) throws {
        let status = SecItemDelete(keyQueryDictionary(applicationTag: applicationTag) as CFDictionary)

        if status != errSecSuccess {
            throw NSError(status: status)
        }
    }
}

private extension LiveKeychain {
    static func genericPasswordQueryDictionary(account: String, service: String) -> [String: Any] {
        [kSecAttrService as String: service,
         kSecAttrAccount as String: account,
         kSecClass as String: kSecClassGenericPassword]
    }

    static func keyQueryDictionary(applicationTag: String) -> [String: Any] {
        [kSecClass as String: kSecClassKey,
         kSecAttrKeyClass as String: kSecAttrKeyClassPrivate,
         kSecAttrApplicationTag as String: applicationTag,
         kSecReturnRef as String: true]
    }
}
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00			`// Copyright © 2020 Metabolist. All rights reserved.`

			`import Foundation`

Modularize Keychain and Secrets 2020-09-04 00:54:05 +00:00			`public protocol Keychain {`
Push notifications 2020-08-12 07:24:39 +00:00			`static func setGenericPassword(data: Data, forAccount key: String, service: String) throws`
			`static func deleteGenericPassword(account: String, service: String) throws`
			`static func getGenericPassword(account: String, service: String) throws -> Data?`
Add push notification service extension 2020-08-13 10:18:21 +00:00			`static func generateKeyAndReturnPublicKey(applicationTag: String, attributes: [String: Any]) throws -> Data`
			`static func getPrivateKey(applicationTag: String, attributes: [String: Any]) throws -> Data?`
Refactoring 2020-08-14 01:59:17 +00:00			`static func deleteKey(applicationTag: String) throws`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00			`}`

Modularize Keychain and Secrets 2020-09-04 00:54:05 +00:00			`public struct LiveKeychain {}`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00
Modularize Keychain and Secrets 2020-09-04 00:54:05 +00:00			`extension LiveKeychain: Keychain {`
wip 2020-08-31 10:21:01 +00:00			`public static func setGenericPassword(data: Data, forAccount account: String, service: String) throws {`
Push notifications 2020-08-12 07:24:39 +00:00			`var query = genericPasswordQueryDictionary(account: account, service: service)`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00
			`query[kSecValueData as String] = data`
Keychain items accessible after first unlock 2021-01-05 23:39:03 +00:00			`query[kSecAttrAccessible as String] = kSecAttrAccessibleAfterFirstUnlock`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00
Fix push issues 2020-11-21 23:21:04 +00:00			`var status = SecItemAdd(query as CFDictionary, nil)`

			`if status == errSecDuplicateItem {`
			`status = SecItemUpdate(`
			`genericPasswordQueryDictionary(account: account, service: service) as CFDictionary,`
			`[kSecValueData as String: data] as CFDictionary)`
			`}`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00
			`if status != errSecSuccess {`
			`throw NSError(status: status)`
			`}`
			`}`

wip 2020-08-31 10:21:01 +00:00			`public static func deleteGenericPassword(account: String, service: String) throws {`
Push notifications 2020-08-12 07:24:39 +00:00			`let status = SecItemDelete(genericPasswordQueryDictionary(account: account, service: service) as CFDictionary)`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00
			`if status != errSecSuccess {`
			`throw NSError(status: status)`
			`}`
			`}`

wip 2020-08-31 10:21:01 +00:00			`public static func getGenericPassword(account: String, service: String) throws -> Data? {`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00			`var result: AnyObject?`
Push notifications 2020-08-12 07:24:39 +00:00			`var query = genericPasswordQueryDictionary(account: account, service: service)`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00
			`query[kSecMatchLimit as String] = kSecMatchLimitOne`
			`query[kSecReturnData as String] = kCFBooleanTrue`

			`let status = SecItemCopyMatching(query as CFDictionary, &result)`

			`switch status {`
			`case errSecSuccess:`
			`return result as? Data`
			`case errSecItemNotFound:`
			`return nil`
			`default:`
			`throw NSError(status: status)`
			`}`
			`}`
Push notifications 2020-08-12 07:24:39 +00:00
wip 2020-08-31 10:21:01 +00:00			`public static func generateKeyAndReturnPublicKey(applicationTag: String, attributes: [String: Any]) throws -> Data {`
Fix push issues 2020-11-21 23:21:04 +00:00			`try? deleteKey(applicationTag: applicationTag)`

Add push notification service extension 2020-08-13 10:18:21 +00:00			`var attributes = attributes`
Push notifications 2020-08-12 07:24:39 +00:00			`var error: Unmanaged<CFError>?`

Add push notification service extension 2020-08-13 10:18:21 +00:00			`guard let accessControl = SecAccessControlCreateWithFlags(`
			`kCFAllocatorDefault,`
			`kSecAttrAccessibleAfterFirstUnlock,`
			`[],`
			`&error)`
			`else { throw error?.takeRetainedValue() ?? NSError() }`

Push notifications 2020-08-12 07:24:39 +00:00			`attributes[kSecPrivateKeyAttrs as String] = [`
			`kSecAttrIsPermanent as String: true,`
Add push notification service extension 2020-08-13 10:18:21 +00:00			`kSecAttrApplicationTag as String: Data(applicationTag.utf8),`
			`kSecAttrAccessControl as String: accessControl]`
Push notifications 2020-08-12 07:24:39 +00:00
			`guard`
			`let key = SecKeyCreateRandomKey(attributes as CFDictionary, &error),`
			`let publicKey = SecKeyCopyPublicKey(key),`
			`let publicKeyData = SecKeyCopyExternalRepresentation(publicKey, &error) as Data?`
			`else { throw error?.takeRetainedValue() ?? NSError() }`

			`return publicKeyData`
			`}`

wip 2020-08-31 10:21:01 +00:00			`public static func getPrivateKey(applicationTag: String, attributes: [String: Any]) throws -> Data? {`
Push notifications 2020-08-12 07:24:39 +00:00			`var result: AnyObject?`
Add push notification service extension 2020-08-13 10:18:21 +00:00			`var error: Unmanaged<CFError>?`
			`var query = keyQueryDictionary(applicationTag: applicationTag)`

			`query.merge(attributes, uniquingKeysWith: { $1 })`
			`query[kSecMatchLimit as String] = kSecMatchLimitOne`
			`query[kSecReturnRef as String] = kCFBooleanTrue`

			`let status = SecItemCopyMatching(query as CFDictionary, &result)`
Push notifications 2020-08-12 07:24:39 +00:00
			`switch status {`
			`case errSecSuccess:`
Add push notification service extension 2020-08-13 10:18:21 +00:00			`// swiftlint:disable force_cast`
			`let secKey = result as! SecKey`
			`// swiftlint:enable force_cast`
			`guard let data = SecKeyCopyExternalRepresentation(secKey, &error) else {`
			`throw error?.takeRetainedValue() ?? NSError()`
			`}`

			`return data as Data`
Push notifications 2020-08-12 07:24:39 +00:00			`case errSecItemNotFound:`
			`return nil`
			`default:`
			`throw NSError(status: status)`
			`}`
			`}`
Refactoring 2020-08-14 01:59:17 +00:00
wip 2020-08-31 10:21:01 +00:00			`public static func deleteKey(applicationTag: String) throws {`
Refactoring 2020-08-14 01:59:17 +00:00			`let status = SecItemDelete(keyQueryDictionary(applicationTag: applicationTag) as CFDictionary)`

			`if status != errSecSuccess {`
			`throw NSError(status: status)`
			`}`
			`}`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00			`}`

Modularize Keychain and Secrets 2020-09-04 00:54:05 +00:00			`private extension LiveKeychain {`
Push notifications 2020-08-12 07:24:39 +00:00			`static func genericPasswordQueryDictionary(account: String, service: String) -> [String: Any] {`
			`[kSecAttrService as String: service,`
			`kSecAttrAccount as String: account,`
			`kSecClass as String: kSecClassGenericPassword]`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00			`}`
Push notifications 2020-08-12 07:24:39 +00:00
			`static func keyQueryDictionary(applicationTag: String) -> [String: Any] {`
			`[kSecClass as String: kSecClassKey,`
			`kSecAttrKeyClass as String: kSecAttrKeyClassPrivate,`
			`kSecAttrApplicationTag as String: applicationTag,`
			`kSecReturnRef as String: true]`
			`}`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00			`}`