public string GetUniqueHashedId() { // Get unique device ID var query = new SecRecord(SecKind.GenericPassword); query.Service = NSBundle.MainBundle.BundleIdentifier; query.Account = "UniqueID"; NSData uniqueId = SecKeyChain.QueryAsData(query); if (uniqueId != null) { // Get it hashed var hashedId = GetSha256HashForId(uniqueId.ToString()); return(hashedId); } else { query.ValueData = NSData.FromString(System.Guid.NewGuid().ToString()); var err = SecKeyChain.Add(query); if (err != SecStatusCode.Success && err != SecStatusCode.DuplicateItem) { throw new Exception("Cannot store Unique ID"); } var hashedValueData = GetSha256HashForId(query.ValueData.ToString()); return(hashedValueData); } }
public override Task <SecureFingerprintAuthenticationResult> NativeSecureAuthenticateAsync(AuthenticationRequestConfiguration authRequestConfig, string key, CancellationToken cancellationToken) { TaskCompletionSource <SecureFingerprintAuthenticationResult> response = new TaskCompletionSource <SecureFingerprintAuthenticationResult>(); var securityRecord = new SecRecord(SecKind.GenericPassword) { Service = key }; DispatchQueue.MainQueue.DispatchAsync(() => { SecStatusCode status; NSData resultData = SecKeyChain.QueryAsData(securityRecord, false, out status); var result = resultData != null ? new NSString(resultData, NSStringEncoding.UTF8) : ""; var secResponse = new SecureFingerprintAuthenticationResult() { ErrorMessage = "", SecureData = new Dictionary <string, string> { { key, result } }, Status = MapStatus(status) }; if (status == SecStatusCode.VerifyFailed) { //Todo: check if this is the correct status code when a finger print has been added or removed throw new FingerprintStoreInvalidatedException(); } }); return(response.Task); }
public string GetIdentifier() { var query = new SecRecord(SecKind.GenericPassword); query.Service = NSBundle.MainBundle.BundleIdentifier; query.Account = "UniqueID"; NSData uniqueId = SecKeyChain.QueryAsData(query); if (uniqueId == null) { query.ValueData = NSData.FromString(System.Guid.NewGuid().ToString()); var err = SecKeyChain.Add(query); if (err != SecStatusCode.Success && err != SecStatusCode.DuplicateItem) { throw new Exception("Cannot store Unique ID"); } return(query.ValueData.ToString()); } else { return(uniqueId.ToString()); } }
static Epitech.Intra.SharedApp.Security.Credit GetItem() { var securityRecord = new SecRecord(SecKind.GenericPassword) { Service = "com.Epitech.uIntra", UseOperationPrompt = "Authentifier pour vous connecter à l'Intranet" }; SecStatusCode status; NSData resultData = null; UIApplication.SharedApplication.InvokeOnMainThread(() => { resultData = SecKeyChain.QueryAsData(securityRecord, false, out status); }); var result = resultData != null ? new NSString(resultData, NSStringEncoding.UTF8) : null; if (result == null) { return(null); } else { char[] sep = { '|' }; string[] credit = ((string)result).Split(sep); return(new Epitech.Intra.SharedApp.Security.Credit { Login = credit [0], Password = credit [1] }); } }
public static string RetrieveKeychain(string message) { if (IsiPhone4Or4S()) { message = ""; } var query = new SecRecord(SecKind.GenericPassword) { Service = NSBundle.MainBundle.BundleIdentifier, Account = "SecurityViewAccount", AccessControl = new SecAccessControl(SecAccessible.WhenPasscodeSetThisDeviceOnly, SecAccessControlCreateFlags.UserPresence), UseOperationPrompt = message, }; SecStatusCode status; var res = SecKeyChain.QueryAsData(query, false, out status); if (res != null) { return(NSString.FromData(res, NSStringEncoding.Unicode).ToString()); } return(null); }
//a simple way to generate and persist unique id for ios device using keychain. This unique id won't change even if app is uninstalled and re-installed. //only for devices pre ios 6 (from here: http://david-smith.org/iosversionstats/, only < 5% devices) private string UniqueID() { var query = new SecRecord(SecKind.GenericPassword); query.Service = NSBundle.MainBundle.BundleIdentifier; query.Account = "UniqueID"; NSData uniqueId = SecKeyChain.QueryAsData(query); if (uniqueId == null) { query.ValueData = NSData.FromString(System.Guid.NewGuid().ToString()); var err = SecKeyChain.Add(query); if (err != SecStatusCode.Success && err != SecStatusCode.DuplicateItem) { logger.i("IOSDeviceService", "Failed to save unique id", null); } return(query.ValueData.ToString()); } else { return(uniqueId.ToString()); } }
/// <summary> /// Real KeyChain Method /// </summary> /// <returns>The key chain password.</returns> /// <param name="account">Account.</param> public string GetKeyChainPassword(string account) { var query = new SecRecord(SecKind.InternetPassword) { Server = "com.crosshelper.cycbis", Service = "com.crosshelper.cycbis", Account = account, ApplicationLabel = "Cycbis" }; var password = SecKeyChain.QueryAsData(query).ToString(); return(password); }
public void QueryAsDataArray() { SecStatusCode code; SecRecord queryRec = new SecRecord(SecKind.GenericPassword) { Service = RecordService, Account = RecordAccount, }; var data = SecKeyChain.QueryAsData(queryRec, true, 1, out code); if (code == SecStatusCode.Success && queryRec != null) { Assert.NotNull(data [0].Bytes); } }
public void QueryAsDataArray() { SecStatusCode code; SecRecord queryRec = new SecRecord(SecKind.GenericPassword) { Service = "KEYCHAIN_SERVICE", Label = "KEYCHAIN_SERVICE", Account = "KEYCHAIN_ACCOUNT" }; var data = SecKeyChain.QueryAsData(queryRec, true, 1, out code); if (code == SecStatusCode.Success && queryRec != null) { Assert.NotNull(data [0].Bytes); } }
internal static byte[] GetRawBrokerKey(ICoreLogger logger) { byte[] brokerKey = null; SecRecord record = new SecRecord(SecKind.GenericPassword) { Generic = NSData.FromString(iOSBrokerConstants.LocalSettingsContainerName), Service = iOSBrokerConstants.BrokerKeyService, Account = iOSBrokerConstants.BrokerKeyAccount, Label = iOSBrokerConstants.BrokerKeyLabel, Comment = iOSBrokerConstants.BrokerKeyComment, Description = iOSBrokerConstants.BrokerKeyStorageDescription }; NSData key = SecKeyChain.QueryAsData(record); if (key == null) { AesManaged algo = new AesManaged(); algo.GenerateKey(); byte[] rawBytes = algo.Key; NSData byteData = NSData.FromArray(rawBytes); record = new SecRecord(SecKind.GenericPassword) { Generic = NSData.FromString(iOSBrokerConstants.LocalSettingsContainerName), Service = iOSBrokerConstants.BrokerKeyService, Account = iOSBrokerConstants.BrokerKeyAccount, Label = iOSBrokerConstants.BrokerKeyLabel, Comment = iOSBrokerConstants.BrokerKeyComment, Description = iOSBrokerConstants.BrokerKeyStorageDescription, ValueData = byteData }; var result = SecKeyChain.Add(record); if (result != SecStatusCode.Success) { logger.Info(iOSBrokerConstants.FailedToSaveBrokerKey + result); } brokerKey = byteData.ToArray(); } else { brokerKey = key.ToArray(); } return(brokerKey); }
internal static byte[] GetRawBrokerKey() { byte[] brokerKey = null; SecRecord record = new SecRecord(SecKind.GenericPassword) { Generic = NSData.FromString(LocalSettingsContainerName), Service = "Broker Key Service", Account = "Broker Key Account", Label = "Broker Key Label", Comment = "Broker Key Comment", Description = "Storage for broker key" }; NSData key = SecKeyChain.QueryAsData(record); if (key == null) { AesManaged algo = new AesManaged(); algo.GenerateKey(); byte[] rawBytes = algo.Key; NSData byteData = NSData.FromArray(rawBytes); record = new SecRecord(SecKind.GenericPassword) { Generic = NSData.FromString(LocalSettingsContainerName), Service = "Broker Key Service", Account = "Broker Key Account", Label = "Broker Key Label", Comment = "Broker Key Comment", Description = "Storage for broker key", ValueData = byteData }; var result = SecKeyChain.Add(record); if (result != SecStatusCode.Success) { CallState.Default.Logger.Warning(null, "Failed to save broker key: " + result); } brokerKey = byteData.ToArray(); } else { brokerKey = key.ToArray(); } return(brokerKey); }
// // EXPERIMENTAL // Needs some more testing before we can make this public. // AppleTls does not actually use this API, so it may be removed again. // internal NSData GetPublicKey() { if (handle == IntPtr.Zero) { throw new ObjectDisposedException("SecCertificate"); } var policy = SecPolicy.CreateBasicX509Policy(); var trust = new SecTrust(this, policy); trust.Evaluate(); SecStatusCode status; using (var key = trust.GetPublicKey()) using (var query = new SecRecord(SecKind.Key)) { query.SetValueRef(key); status = SecKeyChain.Add(query); if (status != SecStatusCode.Success && status != SecStatusCode.DuplicateItem) { throw new InvalidOperationException(status.ToString()); } bool added = status == SecStatusCode.Success; try { var data = SecKeyChain.QueryAsData(query, false, out status); if (status != SecStatusCode.Success) { throw new InvalidOperationException(status.ToString()); } return(data); } finally { if (added) { status = SecKeyChain.Remove(query); if (status != SecStatusCode.Success) { throw new InvalidOperationException(status.ToString()); } } } } }
private static bool TryGetBrokerKey(out byte[] brokerKey) { SecRecord record = new SecRecord(SecKind.GenericPassword) { Generic = NSData.FromString(iOSBrokerConstants.LocalSettingsContainerName), Account = iOSBrokerConstants.BrokerKeyAccount, Service = iOSBrokerConstants.BrokerKeyService }; NSData key = SecKeyChain.QueryAsData(record); if (key != null) { brokerKey = key.ToArray(); return(true); } brokerKey = null; return(false); }
void CopyMatchingAsync() { var securityRecord = new SecRecord(SecKind.GenericPassword) { Service = Text.SERVICE_NAME, UseOperationPrompt = Text.AUTHENTICATE_TO_ACCESS_SERVICE_PASSWORD }; DispatchQueue.MainQueue.DispatchAsync(() => { SecStatusCode status; NSData resultData = SecKeyChain.QueryAsData(securityRecord, false, out status); var result = resultData != null ? new NSString(resultData, NSStringEncoding.UTF8) : Text.USER_CANCELED_ACTION; var sb = new StringBuilder(); sb.AppendFormat(Text.SEC_ITEM_COPY_MATCHING_STATUS, status.GetDescription()); sb.AppendFormat(Text.RESULT, result); PrintResult(textView, sb.ToString()); }); }
public string Unprotect(string key) { var existingRecord = new SecRecord(SecKind.GenericPassword) { Account = key, Service = NSBundle.MainBundle.BundleIdentifier }; // Locate the entry in the keychain, using the label, service and account information. // The result code will tell us the outcome of the operation. SecStatusCode resultCode; string str = null; NSData find = SecKeyChain.QueryAsData(existingRecord); if (find != null) { str = find.ToString(); } return(str); }
public byte[] GetBytes(string key) { byte[] result = null; var record = new SecRecord(SecKind.GenericPassword) { Account = key, Service = Service }; var loadedData = SecKeyChain.QueryAsData(record, false, out var status); if (status == SecStatusCode.Success) { result = loadedData.ToArray(); } else if (status != SecStatusCode.ItemNotFound) { throw new InvalidOperationException($"Failed to get from keychain. (status={status})"); } return(result); }
private bool IsExists(SecRecord record) { var data = SecKeyChain.QueryAsData(record, false, out var status); return(status == SecStatusCode.Success && data.Length > 0); }
public void AddConfig() { // The password for the VPN connection, add this to Keychain var password = new SecRecord(SecKind.GenericPassword) { Service = "Password Service", ValueData = NSData.FromString("MY_PASSWORD", NSStringEncoding.UTF8), Generic = NSData.FromString("VPNPas", NSStringEncoding.UTF8), }; // The query for the VPN password. Use this to find the password in Keychain var queryPassword = new SecRecord(SecKind.GenericPassword) { Service = "Password Service", Generic = NSData.FromString("VPNPas", NSStringEncoding.UTF8), }; // The shared secret for the VPN connection, add this to Keychain var secret = new SecRecord(SecKind.GenericPassword) { Service = "Secret Service", ValueData = NSData.FromString("hide.io", NSStringEncoding.UTF8), Generic = NSData.FromString("secret", NSStringEncoding.UTF8), }; // The query for the VPN shared secret. Use this to find the shared secret in Keychain var querySecret = new SecRecord(SecKind.GenericPassword) { Service = "Secret Service", Generic = NSData.FromString("secret", NSStringEncoding.UTF8), }; // First remove old Keychain entries, then add the new ones // Just for testing purposes: this is to make sure the keychain entries are correct var err = SecKeyChain.Remove(queryPassword); Console.WriteLine("Password remove: " + err); err = SecKeyChain.Remove(querySecret); Console.WriteLine("Secret remove: " + err); err = SecKeyChain.Add(password); Console.WriteLine("Password add: " + err); err = SecKeyChain.Add(secret); Console.WriteLine("Secret add: " + err); manager.LoadFromPreferences(error => { if (error != null) { Console.WriteLine("Error loading preferences: "); Console.WriteLine(error); } else { NEVpnProtocol p = null; // IKEv2 Protocol NEVpnProtocolIke2 ike2 = new NEVpnProtocolIke2(); ike2.AuthenticationMethod = NEVpnIkeAuthenticationMethod.None; // ike2.LocalIdentifier = ""; ike2.RemoteIdentifier = "hide.me"; ike2.UseExtendedAuthentication = true; ike2.DisconnectOnSleep = false; // ipSec Protocol NEVpnProtocolIpSec ipSec = new NEVpnProtocolIpSec(); ipSec.AuthenticationMethod = NEVpnIkeAuthenticationMethod.SharedSecret; ipSec.UseExtendedAuthentication = true; ipSec.DisconnectOnSleep = false; SecStatusCode res; // Set the shared secret reference for ipSec: // 1) Search for the secret in keychain and retrieve it as a persistent reference // 2) Set the found secret to SharedSecretReference if the secret was found var match = SecKeyChain.QueryAsData(querySecret, true, out res); if (res == SecStatusCode.Success) { Console.WriteLine("Secret found, setting secret..."); ipSec.SharedSecretReference = match; } else { Console.WriteLine("Could not set secret:"); Console.WriteLine(res); } // Set the protocol to IKEv2 or ipSec // p = ike2; p = ipSec; // Set Accountname, Servername and description p.Username = "******"; p.ServerAddress = "free-nl.hide.me"; manager.LocalizedDescription = "hide.me VPN"; // Set the password reference for the protocol: // 1) Search for the password in keychain and retrieve it as a persistent reference // 2) Set the found password to PasswordReference if the secret was found match = SecKeyChain.QueryAsData(queryPassword, true, out res); if (res == SecStatusCode.Success) { Console.WriteLine("Password found, setting password..."); p.PasswordReference = match; } else { Console.WriteLine(res); } manager.OnDemandEnabled = false; // Set the managers protocol and save it to the iOS custom VPN preferences manager.ProtocolConfiguration = p; manager.SaveToPreferences(error2 => { if (error2 != null) { Console.WriteLine("Could not save VPN preferences"); Console.WriteLine(error2.DebugDescription); } }); } }); }