KeychainCoordinator.swift 6.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159
  1. /*****************************************************************************
  2. * KeychainCoordinator.m
  3. * VLC for iOS
  4. *****************************************************************************
  5. * Copyright (c) 2017 VideoLAN. All rights reserved.
  6. * $Id$
  7. *
  8. * Authors:Carola Nitz <caro # videolan.org>
  9. *
  10. * Refer to the COPYING file of the official project for license.
  11. *****************************************************************************/
  12. import Foundation
  13. import LocalAuthentication
  14. @objc(VLCKeychainCoordinator)
  15. class KeychainCoordinator: NSObject, PAPasscodeViewControllerDelegate {
  16. @objc class var passcodeLockEnabled: Bool {
  17. return UserDefaults.standard.bool(forKey:kVLCSettingPasscodeOnKey)
  18. }
  19. //Since FaceID and TouchID are both set to 1 when the defaults are registered
  20. //we have to double check for the biometry type to not return true even though the setting is not visible
  21. //and that type is not supported by the device
  22. private var touchIDEnabled: Bool {
  23. var touchIDEnabled = UserDefaults.standard.bool(forKey:kVLCSettingPasscodeAllowTouchID)
  24. let laContext = LAContext()
  25. if #available(iOS 11.0.1, *), laContext.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: nil) {
  26. touchIDEnabled = touchIDEnabled && laContext.biometryType == .touchID
  27. }
  28. return touchIDEnabled
  29. }
  30. private var faceIDEnabled: Bool {
  31. var faceIDEnabled = UserDefaults.standard.bool(forKey:kVLCSettingPasscodeAllowFaceID)
  32. let laContext = LAContext()
  33. if #available(iOS 11.0.1, *), laContext.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: nil) {
  34. faceIDEnabled = faceIDEnabled && laContext.biometryType == .faceID
  35. }
  36. return faceIDEnabled
  37. }
  38. static let passcodeService = "org.videolan.vlc-ios.passcode"
  39. var completion: (() -> Void)? = nil
  40. private var avoidPromptingTouchOrFaceID = false
  41. private lazy var passcodeLockController: PAPasscodeViewController = {
  42. let passcodeController = PAPasscodeViewController(for: PasscodeActionEnter)
  43. passcodeController!.delegate = self
  44. return passcodeController!
  45. }()
  46. override init() {
  47. super.init()
  48. NotificationCenter.default.addObserver(self, selector: #selector(appInForeground), name: .UIApplicationDidBecomeActive, object: nil)
  49. }
  50. @objc class func setPasscode(passcode: String?) throws {
  51. guard let passcode = passcode else {
  52. do {
  53. try XKKeychainGenericPasswordItem.removeItems(forService: passcodeService)
  54. } catch let error {
  55. throw error
  56. }
  57. return
  58. }
  59. let keychainItem = XKKeychainGenericPasswordItem()
  60. keychainItem.service = passcodeService
  61. keychainItem.account = passcodeService
  62. keychainItem.secret.stringValue = passcode
  63. do {
  64. try keychainItem.save()
  65. } catch let error {
  66. throw error
  67. }
  68. }
  69. @objc func validatePasscode(completion: @escaping () -> Void) {
  70. passcodeLockController.passcode = passcodeFromKeychain()
  71. self.completion = completion
  72. guard let rootViewController = UIApplication.shared.delegate?.window??.rootViewController, passcodeLockController.passcode != "" else {
  73. self.completion?()
  74. self.completion = nil
  75. return
  76. }
  77. if rootViewController.presentedViewController != nil {
  78. rootViewController.dismiss(animated: false, completion: nil)
  79. }
  80. let navigationController = UINavigationController(rootViewController: passcodeLockController)
  81. navigationController.modalPresentationStyle = .fullScreen
  82. navigationController.modalTransitionStyle = .crossDissolve
  83. rootViewController.present(navigationController, animated: true) {
  84. [weak self] in
  85. if self?.touchIDEnabled == true || self?.faceIDEnabled == true {
  86. self?.touchOrFaceIDQuery()
  87. }
  88. }
  89. }
  90. @objc private func appInForeground(notification: Notification) {
  91. if let navigationController = UIApplication.shared.delegate?.window??.rootViewController?.presentedViewController as? UINavigationController, navigationController.topViewController is PAPasscodeViewController,
  92. touchIDEnabled || faceIDEnabled {
  93. touchOrFaceIDQuery()
  94. }
  95. }
  96. private func touchOrFaceIDQuery() {
  97. if avoidPromptingTouchOrFaceID || UIApplication.shared.applicationState != .active {
  98. return
  99. }
  100. let laContext = LAContext()
  101. if laContext.canEvaluatePolicy(.deviceOwnerAuthenticationWithBiometrics, error: nil) {
  102. avoidPromptingTouchOrFaceID = true
  103. laContext.evaluatePolicy(.deviceOwnerAuthenticationWithBiometrics,
  104. localizedReason: NSLocalizedString("BIOMETRIC_UNLOCK", comment: ""),
  105. reply: { [weak self ] success, _ in
  106. DispatchQueue.main.async {
  107. if success {
  108. UIApplication.shared.delegate?.window??.rootViewController?.dismiss(animated: true, completion: {
  109. self?.completion?()
  110. self?.completion = nil
  111. self?.avoidPromptingTouchOrFaceID = false
  112. })
  113. } else {
  114. //user hit cancel and wants to enter the passcode
  115. self?.avoidPromptingTouchOrFaceID = true
  116. }
  117. }
  118. })
  119. }
  120. }
  121. private func passcodeFromKeychain() -> String {
  122. if let item = try? XKKeychainGenericPasswordItem(forService: KeychainCoordinator.passcodeService, account: KeychainCoordinator.passcodeService) {
  123. return item.secret.stringValue
  124. }
  125. assert(false, "Couldn't retrieve item from Keychain! If passcodeLockEnabled we should have an item and secret")
  126. return ""
  127. }
  128. // MARK: PAPassCodeDelegate
  129. func paPasscodeViewControllerDidEnterPasscode(_ controller: PAPasscodeViewController!) {
  130. avoidPromptingTouchOrFaceID = false
  131. UIApplication.shared.delegate?.window??.rootViewController?.dismiss(animated: true, completion: {
  132. self.completion?()
  133. self.completion = nil
  134. })
  135. }
  136. }