MasterPassword/MasterPassword/MPAppDelegate_Key.m

//
//  MPAppDelegate.m
//  MasterPassword
//
//  Created by Maarten Billemont on 24/11/11.
//  Copyright (c) 2011 Lyndir. All rights reserved.
//

#import <Crashlytics/Crashlytics.h>
#import "MPAppDelegate_Key.h"
#import "MPAppDelegate_Store.h"
#import "LocalyticsSession.h"

@implementation MPAppDelegate_Shared (Key)

static NSDictionary *keyQuery(MPUserEntity *user) {

    return [PearlKeyChain createQueryForClass:kSecClassGenericPassword
                                   attributes:[NSDictionary dictionaryWithObjectsAndKeys:
                                                             @"Saved Master Password", (__bridge id)kSecAttrService,
                                                             user.name, (__bridge id)kSecAttrAccount,
                                                             nil]
                                   matches:nil];
}

- (NSData *)loadSavedKeyFor:(MPUserEntity *)user {

    NSData *key = [PearlKeyChain dataOfItemForQuery:keyQuery(user)];
    if (key)
    inf(@"Found key in keychain for: %@", user.userID);

    else {
        user.saveKey = NO;
        inf(@"No key found in keychain for: %@", user.userID);
    }

    return key;
}

- (void)storeSavedKeyFor:(MPUserEntity *)user {

    if (user.saveKey) {
        NSData *existingKey = [PearlKeyChain dataOfItemForQuery:keyQuery(user)];

        if (![existingKey isEqualToData:self.key]) {
            inf(@"Saving key in keychain for: %@", user.userID);

            [PearlKeyChain addOrUpdateItemForQuery:keyQuery(user)
                                    withAttributes:[NSDictionary dictionaryWithObjectsAndKeys:
                                                                  self.key, (__bridge id)kSecValueData,
                                                                  #if TARGET_OS_IPHONE
                                                                  kSecAttrAccessibleWhenUnlockedThisDeviceOnly, (__bridge id)kSecAttrAccessible,
                                                                  #endif
                                                                  nil]];
        }
    }
}

- (void)forgetSavedKeyFor:(MPUserEntity *)user {

    OSStatus result = [PearlKeyChain deleteItemForQuery:keyQuery(user)];
    if (result == noErr || result == errSecItemNotFound) {
        user.saveKey = NO;

        if (result == noErr) {
            inf(@"Removed key from keychain for: %@", user.userID);

            [[NSNotificationCenter defaultCenter] postNotificationName:MPNotificationKeyForgotten object:self];
#ifdef TESTFLIGHT_SDK_VERSION
            [TestFlight passCheckpoint:MPCheckpointForgetSavedKey];
#endif
        }
    }
}

- (void)signOut {

    self.key        = nil;
    self.activeUser = nil;

    [[NSNotificationCenter defaultCenter] postNotificationName:MPNotificationSignedOut object:self];
}

- (BOOL)signInAsUser:(MPUserEntity *)user usingMasterPassword:(NSString *)password {

    NSData *tryKey = nil;

    // Method 1: When the user has no keyID set, set a new key from the given master password.
    if (!user.keyID) {
        if ([password length])
            if ((tryKey = keyForPassword(password, user.name))) {
                user.keyID = keyIDForKey(tryKey);
                [[MPAppDelegate_Shared get] saveContext];
            }
    }

    // Method 2: Depending on the user's saveKey, load or remove the key from the keychain.
    if (!user.saveKey)
     // Key should not be stored in keychain.  Delete it.
        [self forgetSavedKeyFor:user];

    else
        if (!tryKey) {
            // Key should be saved in keychain.  Load it.
            if ((tryKey = [self loadSavedKeyFor:user]))
                if (![user.keyID isEqual:keyIDForKey(tryKey)]) {
                    // Loaded password doesn't match user's keyID.  Forget saved password: it is incorrect.
                    inf(@"Saved password doesn't match keyID for: %@", user.userID);
                    
                    tryKey = nil;
                    [self forgetSavedKeyFor:user];
                }
        }

    // Method 3: Check the given master password string.
    if (!tryKey) {
        if ([password length])
            if ((tryKey = keyForPassword(password, user.name)))
                if (![user.keyID isEqual:keyIDForKey(tryKey)]) {
                    inf(@"Key derived from password doesn't match keyID for: %@", user.userID);

                    tryKey = nil;
                }
    }

    // No more methods left, fail if key still not known.
    if (!tryKey) {
        inf(@"Login failed for: %@", user.userID);

#ifdef TESTFLIGHT_SDK_VERSION
        [TestFlight passCheckpoint:MPCheckpointSignInFailed];
#endif
        [[LocalyticsSession sharedLocalyticsSession] tagEvent:MPCheckpointSignInFailed attributes:nil];

        return NO;
    }
    inf(@"Logged in: %@", user.userID);

    if (![self.key isEqualToData:tryKey]) {
        self.key = tryKey;
        [self storeSavedKeyFor:user];
    }

    @try {
        if ([[MPiOSConfig get].sendInfo boolValue]) {
            [TestFlight addCustomEnvironmentInformation:user.userID forKey:@"username"];
            [[Crashlytics sharedInstance] setObjectValue:user.userID forKey:@"username"];
        }
    }
    @catch (id exception) {
        err(@"While setting username: %@", exception);
    }


    user.lastUsed   = [NSDate date];
    self.activeUser = user;
    [[MPAppDelegate_Shared get] saveContext];

    [[NSNotificationCenter defaultCenter] postNotificationName:MPNotificationSignedIn object:self];
#ifdef TESTFLIGHT_SDK_VERSION
    [TestFlight passCheckpoint:MPCheckpointSignedIn];
#endif
    [[LocalyticsSession sharedLocalyticsSession] tagEvent:MPCheckpointSignedIn
                                               attributes:nil];

    return YES;
}

- (NSData *)keyWithLength:(NSUInteger)keyLength {

    return [self.key subdataWithRange:NSMakeRange(0, MIN(keyLength, self.key.length))];
}

@end