首页 发现 帮助
注册 登录
alqindi
/
AppBuilderiOS
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: 091c1e9f9c
分支列表 标签列表
AppBuilderiOS
/
appbuilder-ios
/
NexilisLite
/
NexilisLite
/
Source
/
MasterKeyUtil.swift

MasterKeyUtil.swift 6.1 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177 
  1. //
    2. 

  2. //  SecureStorage.swift
    3. 

  3. //  Pods
    4. 

  4. //
    5. 

  5. //  Created by Qindi on 02/12/24.
    6. 

  6. //
    7. 

  7. 

  8. import CryptoKit
    9. 

  9. import LocalAuthentication
    10. 

  10. 

  11. 

  12. public class MasterKeyUtil {
    13. 

  13.     static let shared = MasterKeyUtil()
    14. 

  14.     private let keyAlias = "_iosx_security_master_key"
    15. 

  15.     private let prefsKeyAlias = "_iosx_security_master_key_easysoft_"
    16. 

  16. 

  17.     private init() {}
    18. 

  18.     
    19. 

  19.     func generateAndStoreKey() throws {
    20. 

  20.         if try isKeyExists(keyAliasCode: keyAlias) {
    21. 

  21. //            print("Master Key already exists, skipping generation.")
    22. 

  22.             return
    23. 

  23.         }
    24. 

  24.         let key = SymmetricKey(size: .bits256)
    25. 

  25.         let keyData = key.withUnsafeBytes { Data($0) }
    26. 

  26.         
    27. 

  27.         let query: [String: Any] = [
    28. 

  28.             kSecClass as String: kSecClassKey,
    29. 

  29.             kSecAttrApplicationTag as String: keyAlias,
    30. 

  30.             kSecValueData as String: keyData,
    31. 

  31.             kSecAttrAccessible as String: kSecAttrAccessibleAfterFirstUnlock
    32. 

  32.         ]
    33. 

  33.         
    34. 

  34.         SecItemDelete(query as CFDictionary) // Remove if it exists
    35. 

  35.         let status = SecItemAdd(query as CFDictionary, nil)
    36. 

  36.         guard status == errSecSuccess else {
    37. 

  37.             throw NSError(domain: "KeychainError", code: Int(status), userInfo: nil)
    38. 

  38.         }
    39. 

  39.     }
    40. 

  40.     
    41. 

  41.     func generateAndStorePrefsKey() throws {
    42. 

  42.         if try isKeyExists(keyAliasCode: prefsKeyAlias) {
    43. 

  43. //            print("Prefs Key already exists, skipping generation.")
    44. 

  44.             return
    45. 

  45.         }
    46. 

  46.         let key = SymmetricKey(size: .bits256)
    47. 

  47.         let keyData = key.withUnsafeBytes { Data($0) }
    48. 

  48.         
    49. 

  49.         let query: [String: Any] = [
    50. 

  50.             kSecClass as String: kSecClassKey,
    51. 

  51.             kSecAttrApplicationTag as String: prefsKeyAlias,
    52. 

  52.             kSecValueData as String: keyData,
    53. 

  53.             kSecAttrAccessible as String: kSecAttrAccessibleAfterFirstUnlock
    54. 

  54.         ]
    55. 

  55.         
    56. 

  56.         SecItemDelete(query as CFDictionary) // Remove if it exists
    57. 

  57.         let status = SecItemAdd(query as CFDictionary, nil)
    58. 

  58.         guard status == errSecSuccess else {
    59. 

  59.             throw NSError(domain: "KeychainError", code: Int(status), userInfo: nil)
    60. 

  60.         }
    61. 

  61.     }
    62. 

  62.     
    63. 

  63.     func isDeviceNotSecure() -> Bool {
    64. 

  64.         let context = LAContext()
    65. 

  65.         var error: NSError?
    66. 

  66.         
    67. 

  67.         if !context.canEvaluatePolicy(.deviceOwnerAuthentication, error: &error) || Utils.shouldRequestAuthentication() {
    68. 

  68.             return true
    69. 

  69.         } else {
    70. 

  70.             return false
    71. 

  71.         }
    72. 

  72.     }
    73. 

  73.     
    74. 

  74.     func isKeyExists(keyAliasCode: String) throws -> Bool {
    75. 

  75.         let query: [String: Any] = [
    76. 

  76.             kSecClass as String: kSecClassKey,
    77. 

  77.             kSecAttrApplicationTag as String: keyAliasCode,
    78. 

  78.             kSecReturnData as String: false // We only check existence, not retrieve data
    79. 

  79.         ]
    80. 

  80. 

  81.         let status = SecItemCopyMatching(query as CFDictionary, nil)
    82. 

  82.         if status == errSecItemNotFound {
    83. 

  83.             return false
    84. 

  84.         } else if status == errSecSuccess {
    85. 

  85.             return true
    86. 

  86.         } else {
    87. 

  87.             throw NSError(domain: "KeychainError", code: Int(status), userInfo: nil)
    88. 

  88.         }
    89. 

  89.     }
    90. 

  90.     
    91. 

  91.     func getMasterKey() throws -> SymmetricKey {
    92. 

  92.         if (Nexilis.checkingAccess(key: "authentication") && isDeviceNotSecure()) {
    93. 

  93.             var result = false
    94. 

  94.             Nexilis.dispatch = DispatchGroup()
    95. 

  95.             Nexilis.dispatch?.enter()
    96. 

  96.             Utils.authenticateWithBiometrics { success, errorMessage in
    97. 

  97.                 if success {
    98. 

  98.                     print("Access granted!")
    99. 

  99.                     result = true
    100. 

  100.                 } else {
    101. 

  101.                     print("Access denied: \(errorMessage ?? "Unknown error")")
    102. 

  102.                 }
    103. 

  103.                 if let dispatch = Nexilis.dispatch {
    104. 

  104.                     dispatch.leave()
    105. 

  105.                 }
    106. 

  106.             }
    107. 

  107.             Nexilis.dispatch?.wait()
    108. 

  108.             Nexilis.dispatch = nil
    109. 

  109.             if !result {
    110. 

  110.                 Utils.showAlert(title: "Failed to get Master Key".localized(), message: "Biometric authentication hasn't been set up/Biometric invalid.".localized())
    111. 

  111.                 throw NSError(domain: "KeychainError", code: -99, userInfo: nil)
    112. 

  112.             }
    113. 

  113.         }
    114. 

  114.         let query: [String: Any] = [
    115. 

  115.             kSecClass as String: kSecClassKey,
    116. 

  116.             kSecAttrApplicationTag as String: keyAlias,
    117. 

  117.             kSecReturnData as String: true
    118. 

  118.         ]
    119. 

  119.         
    120. 

  120.         var item: CFTypeRef?
    121. 

  121.         let status = SecItemCopyMatching(query as CFDictionary, &item)
    122. 

  122.         guard status == errSecSuccess else {
    123. 

  123.             throw NSError(domain: "KeychainError", code: Int(status), userInfo: nil)
    124. 

  124.         }
    125. 

  125.         
    126. 

  126.         guard let keyData = item as? Data else {
    127. 

  127.             throw NSError(domain: "KeyRetrievalError", code: -1, userInfo: nil)
    128. 

  128.         }
    129. 

  129.         
    130. 

  130.         return SymmetricKey(data: keyData)
    131. 

  131.     }
    132. 

  132.     
    133. 

  133.     func getPrefsKey() throws -> SymmetricKey {
    134. 

  134.         let query: [String: Any] = [
    135. 

  135.             kSecClass as String: kSecClassKey,
    136. 

  136.             kSecAttrApplicationTag as String: prefsKeyAlias,
    137. 

  137.             kSecReturnData as String: true
    138. 

  138.         ]
    139. 

  139.         
    140. 

  140.         var item: CFTypeRef?
    141. 

  141.         let status = SecItemCopyMatching(query as CFDictionary, &item)
    142. 

  142.         guard status == errSecSuccess else {
    143. 

  143.             throw NSError(domain: "KeychainError", code: Int(status), userInfo: nil)
    144. 

  144.         }
    145. 

  145.         
    146. 

  146.         guard let keyData = item as? Data else {
    147. 

  147.             throw NSError(domain: "KeyRetrievalError", code: -1, userInfo: nil)
    148. 

  148.         }
    149. 

  149.         
    150. 

  150.         return SymmetricKey(data: keyData)
    151. 

  151.     }
    152. 

  152.     
    153. 

  153.     func encryptP(data: Data) throws -> Data {
    154. 

  154.         let key = try getPrefsKey()
    155. 

  155.         let sealedBox = try AES.GCM.seal(data, using: key)
    156. 

  156.         return sealedBox.combined!
    157. 

  157.     }
    158. 

  158.     
    159. 

  159.     func decryptP(data: Data) throws -> Data {
    160. 

  160.         let key = try getPrefsKey()
    161. 

  161.         let sealedBox = try AES.GCM.SealedBox(combined: data)
    162. 

  162.         return try AES.GCM.open(sealedBox, using: key)
    163. 

  163.     }
    164. 

  164.     
    165. 

  165.     func encryptD(data: Data) throws -> Data {
    166. 

  166.         let key = try getMasterKey()
    167. 

  167.         let sealedBox = try AES.GCM.seal(data, using: key)
    168. 

  168.         return sealedBox.combined!
    169. 

  169.     }
    170. 

  170.     
    171. 

  171.     // Decrypt data
    172. 

  172.     func decryptD(data: Data) throws -> Data {
    173. 

  173.         let key = try getMasterKey()
    174. 

  174.         let sealedBox = try AES.GCM.SealedBox(combined: data)
    175. 

  175.         return try AES.GCM.open(sealedBox, using: key)
    176. 

  176.     }
    177. 

  177. }
    178.