void Accessible(SecAccessible access)
{
var rec = new SecRecord(SecKind.GenericPassword)
{
Account = "Username"
};
SecKeyChain.Remove(rec); // it might already exists (or not)
rec = new SecRecord(SecKind.GenericPassword)
{
Account = "Username",
ValueData = NSData.FromString("Password"),
Accessible = access
};
Assert.That(SecKeyChain.Add(rec), Is.EqualTo(SecStatusCode.Success), "Add");
SecStatusCode code;
var match = SecKeyChain.QueryAsRecord(rec, out code);
Assert.That(code, Is.EqualTo(SecStatusCode.Success), "QueryAsRecord");
Assert.That(match.Accessible, Is.EqualTo(access), "Accessible");
}
public static Task <string> GetAsync(string key, SecAccessible accessible)
{
if (string.IsNullOrWhiteSpace(key))
{
throw new ArgumentNullException(nameof(key));
}
var kc = new KeyChain(accessible);
return(Task.FromResult(kc.ValueForKey(key, Alias)));
}
public KeyChainHelper(string serviceId, bool syncWithICloud, SecAccessible accessibilityPolicy)
{
if (string.IsNullOrEmpty(serviceId))
{
throw new ArgumentNullException("ServiceId cannot be null");
}
_myServiceId = serviceId;
_defaultSyncSetting = syncWithICloud;
_accessiblityPolicy = accessibilityPolicy;
}
public Task SetAsync(string key, string value, SecAccessible accessible)
{
if (string.IsNullOrWhiteSpace(key))
{
throw new ArgumentNullException(nameof(key));
}
if (value == null)
{
throw new ArgumentNullException(nameof(value));
}
var kc = new KeyChain(accessible);
kc.SetValueForKey(value, key, Alias);
return(Task.CompletedTask);
}
private void saveXamarinAuthAccountInternal(Xamarin.Auth.Account account, SecAccessible access)
{
var accountStore = AccountStore.Create();
var serviceId = NSBundle.MainBundle.InfoDictionary["CFBundleName"].ToString();
var statusCode = SecStatusCode.Success;
var serializedAccount = account.Serialize();
var data = NSData.FromString(serializedAccount, NSStringEncoding.UTF8);
// Remove any existing record
var existing = accountStore.FindAccountsForService(serviceId);
if (existing.Any())
{
var query = new SecRecord(SecKind.GenericPassword)
{
Service = serviceId,
Account = account.Username
};
statusCode = SecKeyChain.Remove(query);
if (statusCode != SecStatusCode.Success)
{
throw new Exception("Could not save account to KeyChain: " + statusCode);
}
}
// Add this record
var record = new SecRecord(SecKind.GenericPassword)
{
Service = serviceId,
Account = account.Username,
Generic = data,
Accessible = access
};
statusCode = SecKeyChain.Add(record);
if (statusCode != SecStatusCode.Success)
{
throw new Exception("Could not save account to KeyChain: " + statusCode);
}
}
/// <summary>
/// Sets a password for a specific username.
/// </summary>
/// <param name="username">the username to add the password for. Not case sensitive. May not be NULL.</param>
/// <param name="password">the password to associate with the record. May not be NULL.</param>
/// <param name="serviceId">the service description to use. Not case sensitive. May not be NULL.</param>
/// <param name="secAccessible">defines how the keychain record is protected</param>
/// <param name="synchronizable">
/// Defines if keychain record can by synced via iCloud keychain.
/// Note that using the same username and service ID but different synchronization settings will result in two keychain entries.
/// </param>
/// <returns>SecStatusCode.Success if everything went fine, otherwise some other status</returns>
public static SecStatusCode SetPasswordForUsername(string username, string password, string serviceId,
SecAccessible secAccessible, bool synchronizable)
{
if (username == null)
{
throw new ArgumentNullException("userName");
}
if (serviceId == null)
{
throw new ArgumentNullException("serviceId");
}
if (password == null)
{
throw new ArgumentNullException("password");
}
// Querying is case sesitive - we don't want that.
username = username.ToLower();
serviceId = serviceId.ToLower();
// Don't bother updating. Delete existing record and create a new one.
DeletePasswordForUsername(username, serviceId, synchronizable);
// Create a new record.
// Store password UTF8 encoded.
var code = SecKeyChain.Add(new SecRecord(SecKind.GenericPassword)
{
Service = serviceId,
Label = serviceId,
Account = username,
Generic = NSData.FromString(password, NSStringEncoding.UTF8),
Accessible = secAccessible,
Synchronizable = synchronizable
});
return code;
}
private bool storeRecordInKeychainInternal(string key, string value, SecAccessible access)
{
try
{
var secRecord = new SecRecord(SecKind.GenericPassword)
{
ValueData = NSData.FromString(value),
Account = key,
Service = "PlayOnCloudServiceID",
Accessible = access
};
var error = SecKeyChain.Add(secRecord);
if (error == SecStatusCode.DuplicateItem)
{
if (SecKeyChain.Remove(secRecord) == SecStatusCode.ItemNotFound)
{
var oldSecRecord = new SecRecord(SecKind.GenericPassword)
{
ValueData = NSData.FromString(value),
Account = key,
Service = "PlayOnCloudServiceID"
};
SecKeyChain.Remove(oldSecRecord);
}
error = SecKeyChain.Add(secRecord);
}
return(error == SecStatusCode.Success);
}
catch (Exception ex)
{
Logger.Log("ERROR: StoreRecordInKeychain: " + ex);
}
return(false);
}
internal KeyChain(SecAccessible accessible) => this.accessible = accessible;
public SecAccessControl(SecAccessible accessible, SecAccessControlCreateFlags flags = SecAccessControlCreateFlags.UserPresence)
: base(SecAccessControlCreateWithFlags(IntPtr.Zero, KeysAccessible.FromSecAccessible(accessible), (nint)(long) flags, out var _), true)
{
Accessible = accessible;
Flags = flags;
}
internal KeyChain(SecAccessControl control)
{
this.accessible = control.Accessible;
this.control = control;
}
//------------------------------------------------------------------------------
public KeyChainSerializer(SecAccessible secAccessible, bool synchronizable)
{
m_serviceName = SettingsBaseConfiguration.EncryptionServiceID;
m_secAccessible = secAccessible;
m_synchronizable = synchronizable;
}
public KeychainServiceConfig(string prefix, string service, SecAccessible accesible)
{
Prefix = prefix;
Service = service;
Accessible = accesible;
}
internal KeyChain(SecAccessControl control)
{
_accessible = control.Accessible;
_control = control;
}
internal KeyChain(SecAccessible accessible)
{
_accessible = accessible;
}
public static IntPtr FromSecAccessible(SecAccessible accessible)
{
switch (accessible){
case SecAccessible.WhenUnlocked:
return WhenUnlocked;
case SecAccessible.AfterFirstUnlock:
return AfterFirstUnlock;
case SecAccessible.Always:
return Always;
case SecAccessible.WhenUnlockedThisDeviceOnly:
return WhenUnlockedThisDeviceOnly;
case SecAccessible.AfterFirstUnlockThisDeviceOnly:
return AfterFirstUnlockThisDeviceOnly;
case SecAccessible.AlwaysThisDeviceOnly:
return AlwaysThisDeviceOnly;
default:
throw new ArgumentException ("accessible");
}
}
public SecAccessControl (SecAccessible accessible, SecAccessControlCreateFlags flags = SecAccessControlCreateFlags.UserPresence)
{
Accessible = accessible;
Flags = flags;
}
/// <summary>
/// Sets a password for a specific username.
/// </summary>
/// <param name="username">the username to add the password for. Not case sensitive. May not be NULL.</param>
/// <param name="password">the password to associate with the record. May not be NULL.</param>
/// <param name="serviceId">the service description to use. Not case sensitive. May not be NULL.</param>
/// <param name="secAccessible">defines how the keychain record is protected</param>
/// <param name="synchronizable">
/// Defines if keychain record can by synced via iCloud keychain.
/// Note that using the same username and service ID but different synchronization settings will result in two keychain entries.
/// </param>
/// <returns>SecStatusCode.Success if everything went fine, otherwise some other status</returns>
public static SecStatusCode SetPasswordForUsername(string username, string password, string serviceId, SecAccessible secAccessible, bool synchronizable)
{
if (username == null)
{
throw new ArgumentNullException("userName");
}
if (serviceId == null)
{
throw new ArgumentNullException("serviceId");
}
if (password == null)
{
throw new ArgumentNullException("password");
}
// Querying is case sesitive - we don't want that.
username = username.ToLower();
serviceId = serviceId.ToLower();
// Don't bother updating. Delete existing record and create a new one.
DeletePasswordForUsername(username, serviceId, synchronizable);
// Create a new record.
// Store password UTF8 encoded.
SecStatusCode code = SecKeyChain.Add(new SecRecord(SecKind.GenericPassword)
{
Service = serviceId,
Label = serviceId,
Account = username,
Generic = NSData.FromString(password, NSStringEncoding.UTF8),
Accessible = secAccessible,
Synchronizable = synchronizable
});
return(code);
}
public SecAccessControl(SecAccessible accessible, SecAccessControlCreateFlags flags = SecAccessControlCreateFlags.UserPresence)
{
Accessible = accessible;
Flags = flags;
}
/// <summary>
/// Sets a password for a specific username.
/// </summary>
/// <param name="sUsername">the username to add the password for. May not be NULL.</param>
/// <param name="sPassword">the password to associate with the record. May not be NULL.</param>
/// <param name="sService">the service description to use. May not be NULL.</param>
/// <param name="eSecAccessible">defines how the keychain record is protected</param>
/// <returns>SecStatusCode.Success if everything went fine, otherwise some other status</returns>
//------------------------------------------------------------------------------
public static SecStatusCode SetPasswordForUsername(string sUsername, string sPassword, string sService, SecAccessible eSecAccessible, bool bSynchronizable)
{
if (sUsername == null)
{
throw new ArgumentNullException(nameof(sUsername));
}
if (sService == null)
{
throw new ArgumentNullException(nameof(sService));
}
if (sPassword == null)
{
throw new ArgumentNullException(nameof(sPassword));
}
// Don't bother updating. Delete existing record and create a new one.
DeletePasswordForUsername(sUsername, sService, bSynchronizable);
// Create a new record.
// Store password UTF8 encoded.
SecStatusCode eCode = SecKeyChain.Add(new SecRecord(SecKind.GenericPassword)
{
Service = sService,
Label = sService,
Account = sUsername,
Generic = NSData.FromString(sPassword, NSStringEncoding.UTF8),
Accessible = eSecAccessible,
Synchronizable = bSynchronizable
});
return(eCode);
}
/// <summary>
/// Set the password in the Keychain.
/// </summary>
/// <returns><see cref="SecStatusCode"/>.</returns>
/// <param name="service">Service.</param>
/// <param name="username">Username associated with the password.</param>
/// <param name="password">Password to store.</param>
/// <param name="accessible"><see cref="SecAccessible"/>.</param>
/// <param name="synchronizable">Whether the item is synchronizable through iCloud.</param>
private SecStatusCode SetPassword(string service, string username, string password, SecAccessible accessible, bool synchronizable)
{
NonNull(service, "service");
NonNull(username, "username");
NonNull(password, "password");
SecRecord secRecord = new SecRecord(SecKind.GenericPassword)
{
Service = service,
Label = service,
Account = username,
Generic = NSData.FromString(password, NSStringEncoding.UTF8),
Accessible = accessible,
Synchronizable = synchronizable
};
return(SecKeyChain.Add(secRecord));
}
