Created
July 26, 2012 23:19
-
-
Save dhoerl/3185191 to your computer and use it in GitHub Desktop.
Keychain Wrapper for dictionary (NSData) not a single NSString
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
A modified Keychain wrapper based on Apple's sample code. This category saves on chunk of data (an archived NSDictionary) in the KeyChain using the current email address as the key. The benefit of this is that you can use an arbitrarily large dictionary to save as much stuff as you want without having to deal with the key chain directly. | |
Usage: | |
Provide a mutable dictionary keychainDict | |
Init the item with keychainInit, which loads any old values. | |
Set values using updateKeychainItem:(id)item forKey:(NSString *)key | |
Retrieve values using - (id)keychainItemForKey:(NSString *)key | |
The saveKeychain method is local and used every time a value is updated. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
static NSString *kcIdentifier = @"MyApp"; | |
@implementation LTAppDelegate (KeyChain) | |
- (void)keychainInit | |
{ | |
self.keychainDict = [NSMutableDictionary dictionaryWithCapacity:7]; | |
KeychainItemWrapper *item = [[KeychainItemWrapper alloc] initWithIdentifier:kcIdentifier accessGroup:nil]; | |
[self.keychainDict setObject:@"" forKey:kcEmailAddress]; | |
[self.keychainDict setObject:@"" forKey:kcPassword]; | |
NSString *emailAddr = [item objectForKey:(__bridge id)kSecAttrAccount]; | |
if([emailAddr length]) { | |
[self.keychainDict setObject:emailAddr forKey:kcEmailAddress]; | |
} | |
NSData *data = [item objectForKey:(__bridge id)kSecValueData]; | |
if([data length]) { | |
NSKeyedUnarchiver *kua = [[NSKeyedUnarchiver alloc] initForReadingWithData:data]; | |
NSDictionary *dict = [kua decodeObject]; | |
[kua finishDecoding]; | |
[self.keychainDict addEntriesFromDictionary:dict]; | |
for(NSString *key in dict) { | |
id obj = [dict objectForKey:key]; | |
// cache the data in app somewhere | |
} | |
} | |
//NSLog(@"KEYCHAIN DICT: %@", self.keychainDict); | |
} | |
- (void)updateKeychainItem:(id)item forKey:(NSString *)key | |
{ | |
// don't update it if its the same value | |
if(![item isEqual:[self.keychainDict objectForKey:key]]) { | |
// LTLog(@"update keychain item:%@ forKey:%@", item, key); | |
[self.keychainDict setObject:item forKey:key]; | |
self.keyChainNeedsSaving = YES; | |
dispatch_async(dispatch_get_main_queue(), ^{ [self saveKeychain]; }); | |
} | |
// update local cache item forKey:key]; | |
} | |
- (id)keychainItemForKey:(NSString *)key | |
{ | |
return [self.keychainDict objectForKey:key]; | |
} | |
- (void)saveKeychain | |
{ | |
if(self.keyChainNeedsSaving) { | |
self.keyChainNeedsSaving = NO; | |
NSMutableData *tmpData = [NSMutableData dataWithCapacity:256]; | |
NSKeyedArchiver *ka = [[NSKeyedArchiver alloc] initForWritingWithMutableData:tmpData]; | |
[ka encodeObject:self.keychainDict]; | |
[ka finishEncoding]; | |
KeychainItemWrapper *item = [[KeychainItemWrapper alloc] initWithIdentifier:kcIdentifier accessGroup:nil]; | |
// NSLog(@"save keychain email %@", [self.keychainDict objectForKey:kcEmailAddress]); | |
[item setObject:[self.keychainDict objectForKey:kcEmailAddress] forKey:(__bridge id)kSecAttrAccount]; | |
// NSLog(@"save keychain data %@", tmpData); | |
[item setObject:tmpData forKey:(__bridge id)kSecValueData]; | |
} | |
} | |
- (void)eraseKeychain | |
{ | |
KeychainItemWrapper *item = [[KeychainItemWrapper alloc] initWithIdentifier:kcIdentifier accessGroup:nil]; | |
[item resetKeychainItem]; | |
[self keychainInit]; | |
} | |
- (void)erasePassword | |
{ | |
[self updateKeychainItem:@"" forKey:kcPassword]; | |
} | |
@end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
File: KeychainItemWrapper.h | |
Abstract: | |
Objective-C wrapper for accessing a single keychain item. | |
Version: 1.2 - ARCified | |
Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple | |
Inc. ("Apple") in consideration of your agreement to the following | |
terms, and your use, installation, modification or redistribution of | |
this Apple software constitutes acceptance of these terms. If you do | |
not agree with these terms, please do not use, install, modify or | |
redistribute this Apple software. | |
In consideration of your agreement to abide by the following terms, and | |
subject to these terms, Apple grants you a personal, non-exclusive | |
license, under Apple's copyrights in this original Apple software (the | |
"Apple Software"), to use, reproduce, modify and redistribute the Apple | |
Software, with or without modifications, in source and/or binary forms; | |
provided that if you redistribute the Apple Software in its entirety and | |
without modifications, you must retain this notice and the following | |
text and disclaimers in all such redistributions of the Apple Software. | |
Neither the name, trademarks, service marks or logos of Apple Inc. may | |
be used to endorse or promote products derived from the Apple Software | |
without specific prior written permission from Apple. Except as | |
expressly stated in this notice, no other rights or licenses, express or | |
implied, are granted by Apple herein, including but not limited to any | |
patent rights that may be infringed by your derivative works or by other | |
works in which the Apple Software may be incorporated. | |
The Apple Software is provided by Apple on an "AS IS" basis. APPLE | |
MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION | |
THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS | |
FOR A PARTICULAR PURPOSE, REGARDING THE APPLE SOFTWARE OR ITS USE AND | |
OPERATION ALONE OR IN COMBINATION WITH YOUR PRODUCTS. | |
IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL | |
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
INTERRUPTION) ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, | |
MODIFICATION AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED | |
AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING NEGLIGENCE), | |
STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE HAS BEEN ADVISED OF THE | |
POSSIBILITY OF SUCH DAMAGE. | |
Copyright (C) 2010 Apple Inc. All Rights Reserved. | |
*/ | |
#import <UIKit/UIKit.h> | |
/* | |
The KeychainItemWrapper class is an abstraction layer for the iPhone Keychain communication. It is merely a | |
simple wrapper to provide a distinct barrier between all the idiosyncracies involved with the Keychain | |
CF/NS container objects. | |
*/ | |
@interface KeychainItemWrapper : NSObject | |
// Designated initializer. | |
- (id)initWithIdentifier: (NSString *)identifier accessGroup:(NSString *)accessGroup; | |
- (void)setObject:(id)inObject forKey:(id)key; | |
- (id)objectForKey:(id)key; | |
// Initializes and resets the default generic keychain item data. | |
- (void)resetKeychainItem; | |
@end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
File: KeychainItemWrapper.m | |
Abstract: | |
Objective-C wrapper for accessing a single keychain item. | |
Version: 1.2 - ARCified | |
Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple | |
Inc. ("Apple") in consideration of your agreement to the following | |
terms, and your use, installation, modification or redistribution of | |
this Apple software constitutes acceptance of these terms. If you do | |
not agree with these terms, please do not use, install, modify or | |
redistribute this Apple software. | |
In consideration of your agreement to abide by the following terms, and | |
subject to these terms, Apple grants you a personal, non-exclusive | |
license, under Apple's copyrights in this original Apple software (the | |
"Apple Software"), to use, reproduce, modify and redistribute the Apple | |
Software, with or without modifications, in source and/or binary forms; | |
provided that if you redistribute the Apple Software in its entirety and | |
without modifications, you must retain this notice and the following | |
text and disclaimers in all such redistributions of the Apple Software. | |
Neither the name, trademarks, service marks or logos of Apple Inc. may | |
be used to endorse or promote products derived from the Apple Software | |
without specific prior written permission from Apple. Except as | |
expressly stated in this notice, no other rights or licenses, express or | |
implied, are granted by Apple herein, including but not limited to any | |
patent rights that may be infringed by your derivative works or by other | |
works in which the Apple Software may be incorporated. | |
The Apple Software is provided by Apple on an "AS IS" basis. APPLE | |
MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION | |
THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY AND FITNESS | |
FOR A PARTICULAR PURPOSE, REGARDING THE APPLE SOFTWARE OR ITS USE AND | |
OPERATION ALONE OR IN COMBINATION WITH YOUR PRODUCTS. | |
IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL | |
OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF | |
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS | |
INTERRUPTION) ARISING IN ANY WAY OUT OF THE USE, REPRODUCTION, | |
MODIFICATION AND/OR DISTRIBUTION OF THE APPLE SOFTWARE, HOWEVER CAUSED | |
AND WHETHER UNDER THEORY OF CONTRACT, TORT (INCLUDING NEGLIGENCE), | |
STRICT LIABILITY OR OTHERWISE, EVEN IF APPLE HAS BEEN ADVISED OF THE | |
POSSIBILITY OF SUCH DAMAGE. | |
Copyright (C) 2010 Apple Inc. All Rights Reserved. | |
*/ | |
#define PASSWORD_USES_DATA | |
#import "KeychainItemWrapper.h" | |
#import <Security/Security.h> | |
/* | |
These are the default constants and their respective types, | |
available for the kSecClassGenericPassword Keychain Item class: | |
kSecAttrAccessGroup - CFStringRef | |
kSecAttrCreationDate - CFDateRef | |
kSecAttrModificationDate - CFDateRef | |
kSecAttrDescription - CFStringRef | |
kSecAttrComment - CFStringRef | |
kSecAttrCreator - CFNumberRef | |
kSecAttrType - CFNumberRef | |
kSecAttrLabel - CFStringRef | |
kSecAttrIsInvisible - CFBooleanRef | |
kSecAttrIsNegative - CFBooleanRef | |
kSecAttrAccount - CFStringRef | |
kSecAttrService - CFStringRef | |
kSecAttrGeneric - CFDataRef | |
See the header file Security/SecItem.h for more details. | |
*/ | |
@interface KeychainItemWrapper (PrivateMethods) | |
/* | |
The decision behind the following two methods (secItemFormatToDictionary and dictionaryToSecItemFormat) was | |
to encapsulate the transition between what the detail view controller was expecting (NSString *) and what the | |
Keychain API expects as a validly constructed container class. | |
*/ | |
- (NSMutableDictionary *)secItemFormatToDictionary:(NSDictionary *)dictionaryToConvert; | |
- (NSMutableDictionary *)dictionaryToSecItemFormat:(NSDictionary *)dictionaryToConvert; | |
// Updates the item in the keychain, or adds it if it doesn't exist. | |
- (void)writeToKeychain; | |
@end | |
@implementation KeychainItemWrapper | |
{ | |
NSMutableDictionary *keychainItemData; // The actual keychain item data backing store. | |
NSMutableDictionary *genericPasswordQuery; // A placeholder for the generic keychain item query used to locate the item. | |
} | |
- (id)initWithIdentifier: (NSString *)identifier accessGroup:(NSString *) accessGroup; | |
{ | |
if (self = [super init]) | |
{ | |
// Begin Keychain search setup. The genericPasswordQuery leverages the special user | |
// defined attribute kSecAttrGeneric to distinguish itself between other generic Keychain | |
// items which may be included by the same application. | |
genericPasswordQuery = [[NSMutableDictionary alloc] init]; | |
[genericPasswordQuery setObject:(__bridge id)kSecClassGenericPassword forKey:(__bridge id)kSecClass]; | |
[genericPasswordQuery setObject:identifier forKey:(__bridge id)kSecAttrGeneric]; | |
// The keychain access group attribute determines if this item can be shared | |
// amongst multiple apps whose code signing entitlements contain the same keychain access group. | |
if (accessGroup != nil) | |
{ | |
#if TARGET_IPHONE_SIMULATOR | |
// Ignore the access group if running on the iPhone simulator. | |
// | |
// Apps that are built for the simulator aren't signed, so there's no keychain access group | |
// for the simulator to check. This means that all apps can see all keychain items when run | |
// on the simulator. | |
// | |
// If a SecItem contains an access group attribute, SecItemAdd and SecItemUpdate on the | |
// simulator will return -25243 (errSecNoAccessForItem). | |
#else | |
[genericPasswordQuery setObject:accessGroup forKey:(__bridge id)kSecAttrAccessGroup]; | |
#endif | |
} | |
// Use the proper search constants, return only the attributes of the first match. | |
[genericPasswordQuery setObject:(__bridge id)kSecMatchLimitOne forKey:(__bridge id)kSecMatchLimit]; | |
[genericPasswordQuery setObject:(__bridge id)kCFBooleanTrue forKey:(__bridge id)kSecReturnAttributes]; | |
NSDictionary *tempQuery = [NSDictionary dictionaryWithDictionary:genericPasswordQuery]; | |
CFMutableDictionaryRef outDictionary = NULL; | |
if (!SecItemCopyMatching((__bridge CFDictionaryRef)tempQuery, (CFTypeRef *)&outDictionary) == noErr) | |
{ | |
// Stick these default values into keychain item if nothing found. | |
[self resetKeychainItem]; | |
// Add the generic attribute and the keychain access group. | |
[keychainItemData setObject:identifier forKey:(__bridge id)kSecAttrGeneric]; | |
if (accessGroup != nil) | |
{ | |
#if TARGET_IPHONE_SIMULATOR | |
// Ignore the access group if running on the iPhone simulator. | |
// | |
// Apps that are built for the simulator aren't signed, so there's no keychain access group | |
// for the simulator to check. This means that all apps can see all keychain items when run | |
// on the simulator. | |
// | |
// If a SecItem contains an access group attribute, SecItemAdd and SecItemUpdate on the | |
// simulator will return -25243 (errSecNoAccessForItem). | |
#else | |
[keychainItemData setObject:accessGroup forKey:(__bridge id)kSecAttrAccessGroup]; | |
#endif | |
} | |
} | |
else | |
{ | |
// load the saved data from Keychain. | |
keychainItemData = [self secItemFormatToDictionary:(__bridge NSDictionary *)outDictionary]; | |
} | |
if(outDictionary) CFRelease(outDictionary); | |
} | |
return self; | |
} | |
- (void)setObject:(id)inObject forKey:(id)key | |
{ | |
if (inObject == nil) return; | |
id currentObject = [keychainItemData objectForKey:key]; | |
if (![currentObject isEqual:inObject]) | |
{ | |
[keychainItemData setObject:inObject forKey:key]; | |
[self writeToKeychain]; | |
} | |
} | |
- (id)objectForKey:(id)key | |
{ | |
return [keychainItemData objectForKey:key]; | |
} | |
- (void)resetKeychainItem | |
{ | |
if (!keychainItemData) | |
{ | |
keychainItemData = [[NSMutableDictionary alloc] init]; | |
} | |
else if (keychainItemData) | |
{ | |
NSMutableDictionary *tempDictionary = [self dictionaryToSecItemFormat:keychainItemData]; | |
#ifndef NDEBUG | |
OSStatus junk = | |
#endif | |
SecItemDelete((__bridge CFDictionaryRef)tempDictionary); | |
NSAssert( junk == noErr || junk == errSecItemNotFound, @"Problem deleting current dictionary." ); | |
} | |
// Default attributes for keychain item. | |
[keychainItemData setObject:@"" forKey:(__bridge id)kSecAttrAccount]; | |
[keychainItemData setObject:@"" forKey:(__bridge id)kSecAttrLabel]; | |
[keychainItemData setObject:@"" forKey:(__bridge id)kSecAttrDescription]; | |
// Default data for keychain item. | |
#ifndef PASSWORD_USES_DATA | |
[keychainItemData setObject:@"" forKey:(__bridge id)kSecValueData]; | |
#else | |
[keychainItemData setObject:[NSData data] forKey:(__bridge id)kSecValueData]; | |
#endif | |
} | |
- (NSMutableDictionary *)dictionaryToSecItemFormat:(NSDictionary *)dictionaryToConvert | |
{ | |
// The assumption is that this method will be called with a properly populated dictionary | |
// containing all the right key/value pairs for a SecItem. | |
// Create a dictionary to return populated with the attributes and data. | |
NSMutableDictionary *returnDictionary = [NSMutableDictionary dictionaryWithDictionary:dictionaryToConvert]; | |
// Add the Generic Password keychain item class attribute. | |
[returnDictionary setObject:(__bridge id)kSecClassGenericPassword forKey:(__bridge id)kSecClass]; | |
// Convert the NSString to NSData to meet the requirements for the value type kSecValueData. | |
// This is where to store sensitive data that should be encrypted. | |
#ifndef PASSWORD_USES_DATA | |
// orig | |
NSString *passwordString = [dictionaryToConvert objectForKey:(__bridge id)kSecValueData]; | |
[returnDictionary setObject:[passwordString dataUsingEncoding:NSUTF8StringEncoding] forKey:(__bridge id)kSecValueData]; | |
#else | |
// DFH | |
id val = [dictionaryToConvert objectForKey:(__bridge id)kSecValueData]; | |
if([val isKindOfClass:[NSString class]]) { | |
val = [(NSString *)val dataUsingEncoding:NSUTF8StringEncoding]; | |
} | |
[returnDictionary setObject:val forKey:(__bridge id)kSecValueData]; | |
#endif | |
return returnDictionary; | |
} | |
- (NSMutableDictionary *)secItemFormatToDictionary:(NSDictionary *)dictionaryToConvert | |
{ | |
// The assumption is that this method will be called with a properly populated dictionary | |
// containing all the right key/value pairs for the UI element. | |
// Create a dictionary to return populated with the attributes and data. | |
NSMutableDictionary *returnDictionary = [NSMutableDictionary dictionaryWithDictionary:dictionaryToConvert]; | |
// Add the proper search key and class attribute. | |
[returnDictionary setObject:(__bridge id)kCFBooleanTrue forKey:(__bridge id)kSecReturnData]; | |
[returnDictionary setObject:(__bridge id)kSecClassGenericPassword forKey:(__bridge id)kSecClass]; | |
// Acquire the password data from the attributes. | |
CFDataRef passwordData = NULL; | |
if (SecItemCopyMatching((__bridge CFDictionaryRef)returnDictionary, (CFTypeRef *)&passwordData) == noErr) | |
{ | |
// Remove the search, class, and identifier key/value, we don't need them anymore. | |
[returnDictionary removeObjectForKey:(__bridge id)kSecReturnData]; | |
#ifndef PASSWORD_USES_DATA | |
// Add the password to the dictionary, converting from NSData to NSString. | |
NSString *password = [[NSString alloc] initWithBytes:[(__bridge NSData *)passwordData bytes] length:[(__bridge NSData *)passwordData length] | |
encoding:NSUTF8StringEncoding]; | |
#else | |
NSData *password = (__bridge_transfer NSData *)passwordData; | |
passwordData = NULL; | |
#endif | |
[returnDictionary setObject:password forKey:(__bridge id)kSecValueData]; | |
} | |
else | |
{ | |
// Don't do anything if nothing is found. | |
NSAssert(NO, @"Serious error, no matching item found in the keychain.\n"); | |
} | |
if(passwordData) CFRelease(passwordData); | |
return returnDictionary; | |
} | |
- (void)writeToKeychain | |
{ | |
CFDictionaryRef attributes = NULL; | |
NSMutableDictionary *updateItem = nil; | |
OSStatus result; | |
if (SecItemCopyMatching((__bridge CFDictionaryRef)genericPasswordQuery, (CFTypeRef *)&attributes) == noErr) | |
{ | |
// First we need the attributes from the Keychain. | |
updateItem = [NSMutableDictionary dictionaryWithDictionary:(__bridge NSDictionary *)attributes]; | |
// Second we need to add the appropriate search key/values. | |
[updateItem setObject:[genericPasswordQuery objectForKey:(__bridge id)kSecClass] forKey:(__bridge id)kSecClass]; | |
// Lastly, we need to set up the updated attribute list being careful to remove the class. | |
NSMutableDictionary *tempCheck = [self dictionaryToSecItemFormat:keychainItemData]; | |
[tempCheck removeObjectForKey:(__bridge id)kSecClass]; | |
#if TARGET_IPHONE_SIMULATOR | |
// Remove the access group if running on the iPhone simulator. | |
// | |
// Apps that are built for the simulator aren't signed, so there's no keychain access group | |
// for the simulator to check. This means that all apps can see all keychain items when run | |
// on the simulator. | |
// | |
// If a SecItem contains an access group attribute, SecItemAdd and SecItemUpdate on the | |
// simulator will return -25243 (errSecNoAccessForItem). | |
// | |
// The access group attribute will be included in items returned by SecItemCopyMatching, | |
// which is why we need to remove it before updating the item. | |
[tempCheck removeObjectForKey:(__bridge id)kSecAttrAccessGroup]; | |
#endif | |
// An implicit assumption is that you can only update a single item at a time. | |
#ifndef NDEBUG | |
result = | |
#endif | |
SecItemUpdate((__bridge CFDictionaryRef)updateItem, (__bridge CFDictionaryRef)tempCheck); | |
NSAssert( result == noErr, @"Couldn't update the Keychain Item." ); | |
} | |
else | |
{ | |
// No previous item found; add the new one. | |
result = SecItemAdd((__bridge CFDictionaryRef)[self dictionaryToSecItemFormat:keychainItemData], NULL); | |
NSAssert( result == noErr, @"Couldn't add the Keychain Item." ); | |
} | |
if(attributes) CFRelease(attributes); | |
} | |
@end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Apologies but I can't work out how to use your dictionary wrapper - what do I do with the additional AppDelegate(category).m file - how do I use it?
Thanks.