Comments (9)
@kishikawakatsumi would something like this be acceptable? Keeping in mind the below code is just a generic keychain query for example purposes, also the code below is specific to something we know is locked behind TouchID in the keychain. We currently use this to solve that problem. I'd def like to be using this as part of the framework.
public func contains(_ key: String) -> Bool {
// We spcify kSecUseAuthenticationUIFail so that the error
// errSecInteractionNotAllowed will be returned if an item needs
// to authenticate with UI and the authentication UI will not be presented.
let keychainQuery: [AnyHashable: Any] = [
kSecClass as AnyHashable: kSecClassGenericPassword,
kSecAttrService as AnyHashable: Bundle.main.bundleIdentifier!,
kSecAttrAccount as AnyHashable: key,
kSecUseAuthenticationUI as AnyHashable: kSecUseAuthenticationUIFail
]
var result: AnyObject?
let status = SecItemCopyMatching(keychainQuery as CFDictionary, &result)
// If that status is errSecInteractionNotAllowed, then
// we know that the key is present, but you cannot interact with
// it without authentication. Otherwise, we assume the key is not present.
return status == errSecInteractionNotAllowed
}
Maybe something like this in Keychain
public func contains(_ key: String) throws -> Bool {
var query = options.query()
query[AttributeAccount] = key
query[UseAuthenticationUI] = UseAuthenticationUIFail
let status = SecItemCopyMatching(query as CFDictionary, nil)
switch status {
case errSecSuccess, errSecInteractionNotAllowed:
return true
case errSecItemNotFound:
return false
default:
throw securityError(status: status)
}
}
from keychainaccess.
@ChristopherCarranza Great thinking! This was an amazing workaround!
from keychainaccess.
Noting that UseAuthenticationUIFail is deprecated as of iOS 14.
I'm using something like the following...
func has(service: String, account: String, options: [Options] = []) -> Bool {
var query = self.query(service: service, account: account, options: options)
query[kSecUseAuthenticationContext as String] = internalContext
var secItemResult: CFTypeRef?
status = SecItemCopyMatching(query as CFDictionary, &secItemResult)
if status == errSecSuccess || status == errSecInteractionNotAllowed {
return true
}
return false
}
private var internalContext: LAContext? = {
let context = LAContext()
context.interactionNotAllowed = true
return context
}()
from keychainaccess.
@kylejm I've tried a various way of that, there is no way to check whether the value exists or not, I think 😢 . If there is a possibility that the value would be protected with Touch ID, you should always execute keychain method asynchronously.
from keychainaccess.
Ah that's lame. No worries, I've worked around the problem by storing a flag to mark that the credential is stored. I hate this solution! 😩. Thanks for the reply :)
from keychainaccess.
@hmlongco
Thanks for your example.
I have this comment above query setup.
// specify kSecUseAuthenticationUIFail so that the error
// errSecInteractionNotAllowed will be returned if an item needs
// to authenticate with UI and the authentication UI will not be presented.
Will this behavior persist if I change query to LAContext-based query with context.interactionNotAllowed = true
?
from keychainaccess.
The code from @ChristopherCarranza above works, but you should also check for errSecSuccess
:
private func checkForKeychainItemExistence(itemName: String, completion: @escaping (Bool) -> Void) {
let keychainQuery: [AnyHashable: Any] = [
kSecClass as AnyHashable: kSecClassGenericPassword,
kSecAttrService as AnyHashable: "KEYCHAIN_SERVICE_NAME_HERE",
kSecAttrAccount as AnyHashable: itemName,
kSecUseAuthenticationUI as AnyHashable: kSecUseAuthenticationUIFail
]
var result: AnyObject?
let status = SecItemCopyMatching(keychainQuery as CFDictionary, &result)
// also check for errSecSuccess here!
completion(status == errSecInteractionNotAllowed || status == errSecSuccess)
}
from keychainaccess.
After playing around with it a lot I noticed some inconsistent behaviour of the SecItemCopyMatching
status response.
Sometimes, it returns 0
, meaning errSecSuccess
. So to truly check if an item is there, you should also check for that code.
from keychainaccess.
The code from @ChristopherCarranza above works, but you should also check for
errSecSuccess
:private func checkForKeychainItemExistence(itemName: String, completion: @escaping (Bool) -> Void) { let keychainQuery: [AnyHashable: Any] = [ kSecClass as AnyHashable: kSecClassGenericPassword, kSecAttrService as AnyHashable: "KEYCHAIN_SERVICE_NAME_HERE", kSecAttrAccount as AnyHashable: itemName, kSecUseAuthenticationUI as AnyHashable: kSecUseAuthenticationUIFail ] var result: AnyObject? let status = SecItemCopyMatching(keychainQuery as CFDictionary, &result) // also check for errSecSuccess here! completion(status == errSecInteractionNotAllowed || status == errSecSuccess) }
KEYCHAIN_SERVICE_NAME_HERE what that ?, I can't find service name
from keychainaccess.
Related Issues (20)
- No Build in XCODE 14.1 HOT 1
- First write doesn't trigger Face ID authentication
- Cash
- Edit swift code
- Entitlements error while tests HOT 2
- Warning Unnecessary check for macOS
- Keychain
- keychain access
- Purple Error in Xcode 14.3 (14E222b) HOT 1
- brew install pipx pipx ensurepath
- Is there an update on this? This is affecting our production apps.
- update 3.2.3 to 4.2.0,it is crashed ,when play animation
- iCloud
- I can not upload my app due to this issue,
- how to pass items from Keychain between iOS project and watchOS extension app HOT 4
- Does not compile under Xcode 15 and Sonoma HOT 1
- 835706d8afdaf5c437056136ccf38dace4cc13e6
- Any support of Privacy Manifest? HOT 2
- About Privacy Manifest Update Plan HOT 15
- Support App Privacy Manifest HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from keychainaccess.