1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
//
// SSKeychainQuery.h
// SSKeychain
//
// Created by Caleb Davenport on 3/19/13.
// Copyright (c) 2013-2014 Sam Soffes. All rights reserved.
//
#if __has_feature(modules)
@import Foundation;
@import Security;
#else
#import <Foundation/Foundation.h>
#import <Security/Security.h>
#endif
#if __IPHONE_7_0 || __MAC_10_9
// Keychain synchronization available at compile time
#define SSKEYCHAIN_SYNCHRONIZATION_AVAILABLE 1
#endif
#if __IPHONE_3_0 || __MAC_10_9
// Keychain access group available at compile time
#define SSKEYCHAIN_ACCESS_GROUP_AVAILABLE 1
#endif
#ifdef SSKEYCHAIN_SYNCHRONIZATION_AVAILABLE
typedef NS_ENUM(NSUInteger, SSKeychainQuerySynchronizationMode) {
SSKeychainQuerySynchronizationModeAny,
SSKeychainQuerySynchronizationModeNo,
SSKeychainQuerySynchronizationModeYes
};
#endif
/**
Simple interface for querying or modifying keychain items.
*/
@interface SSKeychainQuery : NSObject
/** kSecAttrAccount */
@property (nonatomic, copy) NSString *account;
/** kSecAttrService */
@property (nonatomic, copy) NSString *service;
/** kSecAttrLabel */
@property (nonatomic, copy) NSString *label;
#ifdef SSKEYCHAIN_ACCESS_GROUP_AVAILABLE
/** kSecAttrAccessGroup (only used on iOS) */
@property (nonatomic, copy) NSString *accessGroup;
#endif
#ifdef SSKEYCHAIN_SYNCHRONIZATION_AVAILABLE
/** kSecAttrSynchronizable */
@property (nonatomic) SSKeychainQuerySynchronizationMode synchronizationMode;
#endif
/** Root storage for password information */
@property (nonatomic, copy) NSData *passwordData;
/**
This property automatically transitions between an object and the value of
`passwordData` using NSKeyedArchiver and NSKeyedUnarchiver.
*/
@property (nonatomic, copy) id<NSCoding> passwordObject;
/**
Convenience accessor for setting and getting a password string. Passes through
to `passwordData` using UTF-8 string encoding.
*/
@property (nonatomic, copy) NSString *password;
///------------------------
/// @name Saving & Deleting
///------------------------
/**
Save the receiver's attributes as a keychain item. Existing items with the
given account, service, and access group will first be deleted.
@param error Populated should an error occur.
@return `YES` if saving was successful, `NO` otherwise.
*/
- (BOOL)save:(NSError **)error;
/**
Delete keychain items that match the given account, service, and access group.
@param error Populated should an error occur.
@return `YES` if saving was successful, `NO` otherwise.
*/
- (BOOL)deleteItem:(NSError **)error;
///---------------
/// @name Fetching
///---------------
/**
Fetch all keychain items that match the given account, service, and access
group. The values of `password` and `passwordData` are ignored when fetching.
@param error Populated should an error occur.
@return An array of dictionaries that represent all matching keychain items or
`nil` should an error occur.
The order of the items is not determined.
*/
- (NSArray<NSDictionary<NSString *, id> *> *)fetchAll:(NSError **)error;
/**
Fetch the keychain item that matches the given account, service, and access
group. The `password` and `passwordData` properties will be populated unless
an error occurs. The values of `password` and `passwordData` are ignored when
fetching.
@param error Populated should an error occur.
@return `YES` if fetching was successful, `NO` otherwise.
*/
- (BOOL)fetch:(NSError **)error;
///-----------------------------
/// @name Synchronization Status
///-----------------------------
#ifdef SSKEYCHAIN_SYNCHRONIZATION_AVAILABLE
/**
Returns a boolean indicating if keychain synchronization is available on the device at runtime. The #define
SSKEYCHAIN_SYNCHRONIZATION_AVAILABLE is only for compile time. If you are checking for the presence of synchronization,
you should use this method.
@return A value indicating if keychain synchronization is available
*/
+ (BOOL)isSynchronizationAvailable;
#endif
@end