public async Task <bool> RemoveKeyPair(CancellationToken ct, string name)
{
if (this.Log().IsEnabled(LogLevel.Debug))
{
this.Log().Debug($"Removing the key pair (name: '{name}').");
}
name.Validation().NotNullOrEmpty(nameof(name));
await AssertTouchIdIsEnabled(ct);
using (await _asyncLock.LockAsync(ct))
{
var status = SecKeyChain.Remove(new SecRecord(SecKind.Key)
{
ApplicationTag = $"{name}_priv"
});
if (this.Log().IsEnabled(LogLevel.Information))
{
this.Log().Info($"Successfully removed the key pair (name: '{name}').");
}
return(status == SecStatusCode.Success);
}
}
/// <summary>
/// Removes the record.
/// </summary>
/// <returns>The record.</returns>
/// <param name="key">Key.</param>
private SecStatusCode RemoveRecord(string key)
{
SecStatusCode ssc;
SecRecord found = GetRecord(key, out ssc);
// if it exists, delete it
if (ssc == SecStatusCode.Success)
{
// this has to be different that the one queried
var sr = new SecRecord(StoreSecKind);
sr.Account = key;
sr.ValueData = found.ValueData;
if (DefaultAccessible != SecAccessible.Invalid)
{
sr.Accessible = DefaultAccessible;
}
if (UseCloud)
{
sr.Synchronizable = true;
}
return(SecKeyChain.Remove(sr));
}
return(SecStatusCode.NoSuchKeyChain);
}
/// <summary>
/// Delete the specified credential based on user ID and SSO group key.
/// </summary>
/// <param name="userID">User identifier.</param>
/// <param name="ssoGroupKey">SSO Group Key.</param>
override public void Delete(string userID, string ssoGroupKey)
{
var nativeCredEnumeration = FindCredentialsForOrg(ssoGroupKey);
foreach (var nc in nativeCredEnumeration)
{
//if (nc.UserID.Equals(userID))
//{
//query.Account = nc.UserID;
//break;
//}
SecRecord query = new SecRecord(SecKind.GenericPassword);
query.Service = ssoGroupKey;
query.Account = nc.UserID;
var statusCode = SecKeyChain.Remove(query);
if (statusCode != SecStatusCode.Success &&
statusCode != SecStatusCode.ItemNotFound)
{
throw new KinveyException(EnumErrorCategory.ERROR_USER, EnumErrorCode.ERROR_MIC_CREDENTIAL_DELETE, statusCode.ToString());
}
}
}
public void ServiceCallBack(ServiceCallbackHelper data)
{
if (data.Status == "error")
{
UIAlertView error = new UIAlertView("Ошибка", "Вы неправильно ввели логин или пароль.Попробуйте снова.", null, "Закрыть", null);
error.Show();
btnLogin.Enabled = true;
}
else
{
var record = new SecRecord(SecKind.GenericPassword)
{
Description = KeyChain.Description,
Comment = KeyChain.Comment,
Service = KeyChain.Service,
Label = KeyChain.Label,
Account = txtLogin.Text,
ValueData = NSData.FromString(txtPassword.Text),
Generic = NSData.FromString(KeyChain.Generic),
Accessible = SecAccessible.Always
};
SecStatusCode code = SecKeyChain.Add(record);
if (code == SecStatusCode.DuplicateItem)
{
code = SecKeyChain.Remove(existingRec);
}
if (code == SecStatusCode.Success)
{
code = SecKeyChain.Add(record);
}
PerformSegue("autherication", this);
}
}
void Accessible(SecAccessible access)
{
var rec = new SecRecord(SecKind.GenericPassword)
{
Account = "Username"
};
SecKeyChain.Remove(rec); // it might already exists (or not)
rec = new SecRecord(SecKind.GenericPassword)
{
Account = "Username",
ValueData = NSData.FromString("Password"),
Accessible = access
};
Assert.That(SecKeyChain.Add(rec), Is.EqualTo(SecStatusCode.Success), "Add");
SecStatusCode code;
var match = SecKeyChain.QueryAsRecord(rec, out code);
Assert.That(code, Is.EqualTo(SecStatusCode.Success), "QueryAsRecord");
Assert.That(match.Accessible, Is.EqualTo(access), "Accessible");
}
public void Add_Certificate()
{
#if MONOMAC && !NET
Stream certStream = typeof(KeyChainTest).Assembly.GetManifestResourceStream("xammac_tests.Security.openssl_crt.der");
#else
Stream certStream = typeof(KeyChainTest).Assembly.GetManifestResourceStream("monotouchtest.Security.openssl_crt.der");
#endif
NSData data = NSData.FromStream(certStream);
var query = new SecRecord(SecKind.Certificate)
{
Label = $"Internet Widgits Pty Ltd",
};
var rec = query.Clone();
rec.SetValueRef(new SecCertificate(data));
try {
// delete any existing certificates first.
SecKeyChain.Remove(query);
// add the new certificate
var rc = SecKeyChain.Add(rec);
Assert.That(rc, Is.EqualTo(SecStatusCode.Success), "Add_Certificate");
} finally {
// clean up after ourselves
SecKeyChain.Remove(query);
}
}
public void GenerateKeyPairTest()
{
NSError error;
SecKey private_key;
SecKey public_key;
var att = new SecPublicPrivateKeyAttrs();
att.Label = $"{CFBundle.GetMain ().Identifier}-{GetType ().FullName}-{Process.GetCurrentProcess ().Id}";
att.IsPermanent = false;
att.ApplicationTag = new NSData();
att.EffectiveKeySize = 1024;
att.CanEncrypt = false;
att.CanDecrypt = false;
att.CanDerive = false;
att.CanSign = false;
att.CanVerify = false;
att.CanUnwrap = false;
try {
Assert.That(SecKey.GenerateKeyPair(SecKeyType.RSA, 1024, att, out public_key, out private_key), Is.EqualTo(SecStatusCode.Success), "GenerateKeyPair");
Assert.Throws <ArgumentException> (() => { SecKey.GenerateKeyPair(SecKeyType.Invalid, -1, null, out _, out _); }, "GenerateKeyPair - Invalid");
Assert.That(SecKey.GenerateKeyPair(SecKeyType.RSA, -1, null, out _, out _), Is.EqualTo(SecStatusCode.Param), "GenerateKeyPair - Param issue, invalid RSA key size");
Assert.That(SecKey.GenerateKeyPair(SecKeyType.RSA, 1024, null, out _, out _), Is.EqualTo(SecStatusCode.Success), "GenerateKeyPair - Null optional params, success");
#if IOS
var att2 = new SecPublicPrivateKeyAttrs();
att2.IsPermanent = false;
att2.EffectiveKeySize = 1024;
att2.CanEncrypt = true;
att2.CanDecrypt = true;
att2.CanDerive = true;
att2.CanSign = true;
att2.CanVerify = true;
att2.CanUnwrap = true;
Assert.That(SecKey.GenerateKeyPair(SecKeyType.RSA, 1024, att, att2, out public_key, out private_key), Is.EqualTo(SecStatusCode.Success), "GenerateKeyPair - iOS Only API");
#endif
if (TestRuntime.CheckXcodeVersion(8, 0))
{
using (var attrs = public_key.GetAttributes()) {
Assert.That(attrs.Count, Is.GreaterThan((nuint)0), "public/GetAttributes");
}
using (var attrs = private_key.GetAttributes()) {
Assert.That(attrs.Count, Is.GreaterThan((nuint)0), "private/GetAttributes");
}
}
} finally {
var query = new SecRecord(SecKind.Key)
{
Label = att.Label,
};
SecStatusCode code;
do
{
// For some reason each call to SecKeyChain will only remove a single key, so do a loop.
code = SecKeyChain.Remove(query);
} while (code == SecStatusCode.Success);
}
}
private void SaveRecord()
{
var record = new SecRecord(SecKind.GenericPassword)
{
Label = "交易密碼",
Description = "用於xxx服務",
Account = "*****@*****.**",
Service = "Transcation",
Comment = "Demo",
ValueData = NSData.FromString("P@ssw0rd"),
Generic = NSData.FromString("SecurityChainDemo")
};
var status = SecKeyChain.Add(record);
if (SecStatusCode.Success == status)
{
Debug.WriteLine("Keychain Saved!");
}
else if (SecStatusCode.DuplicateItem == status || SecStatusCode.DuplicateKeyChain == status)
{
Debug.WriteLine("Duplicate !");
SecKeyChain.Remove(record);
}
else
{
Debug.WriteLine($"{ status }");
}
}
void Protocol(SecProtocol protocol)
{
var rec = new SecRecord(SecKind.InternetPassword)
{
Account = "Protocol"
};
SecKeyChain.Remove(rec); // it might already exists (or not)
rec = new SecRecord(SecKind.InternetPassword)
{
Account = "Protocol",
ValueData = NSData.FromString("Password"),
Protocol = protocol,
Server = "www.xamarin.com"
};
Assert.That(SecKeyChain.Add(rec), Is.EqualTo(SecStatusCode.Success), "Add");
SecStatusCode code;
var match = SecKeyChain.QueryAsRecord(rec, out code);
Assert.That(code, Is.EqualTo(SecStatusCode.Success), "QueryAsRecord");
Assert.That(match.Protocol, Is.EqualTo(protocol), "Protocol");
}
public bool TryRemove(KeyType key)
{
var result = SecKeyChain.Remove(GetQuery(config.Prefix + key));
Logger.Shared.Debug($"KeychainService.TryRemove: {result} => {key}");
return(result.Equals(SecStatusCode.Success));
}
public void AfterAccess(TokenCacheNotificationArgs args)
{
if (args.TokenCache.HasStateChanged)
{
try
{
var s = new SecRecord(SecKind.GenericPassword)
{
Generic = NSData.FromString(LocalSettingsContainerName),
Accessible = SecAccessible.Always,
Service = "ADAL.PCL.iOS Service",
Account = "ADAL.PCL.iOS cache",
Label = "ADAL.PCL.iOS Label",
Comment = "ADAL.PCL.iOS Cache",
Description = "Storage for cache"
};
var err = SecKeyChain.Remove(s);
if (args.TokenCache.Count > 0)
{
s.ValueData = NSData.FromArray(args.TokenCache.Serialize());
err = SecKeyChain.Add(s);
}
args.TokenCache.HasStateChanged = false;
}
catch (Exception ex)
{
PlatformPlugin.Logger.Warning(null, "Failed to save cache: " + ex);
}
}
}
public override void RemoveStoredKeyValuePairs(string[] keynames)
{
string sAccessGroup = KeyChainAccessGroup;
List <string> successfullKeyPairs = new List <string>();
List <string> failedKeyPairs = new List <string>();
UIApplication.SharedApplication.InvokeOnMainThread(delegate {
foreach (string keyname in keynames)
{
SecRecord srDeleteEntry = new SecRecord(SecKind.GenericPassword)
{
Account = keyname
};
if (sAccessGroup != null)
{
srDeleteEntry.AccessGroup = sAccessGroup;
}
SecStatusCode code = SecKeyChain.Remove(srDeleteEntry);
if (code == SecStatusCode.Success)
{
successfullKeyPairs.Add(keyname);
}
else
{
failedKeyPairs.Add(keyname);
}
}
SystemLogger.Log(SystemLogger.Module.PLATFORM, "RemoveStoredKeyValuePair - Success: " + successfullKeyPairs.Count + ", Failed: " + failedKeyPairs.Count);
IPhoneUtils.GetInstance().FireUnityJavascriptEvent("Appverse.OnKeyValuePairsRemoveCompleted", new object[] { successfullKeyPairs, failedKeyPairs });
});
}
public void SetSecured(string key, string value, string clientId, string service, string sharedGroupId)
{
var s = new SecRecord(SecKind.GenericPassword)
{
Service = $"{clientId}-{key}-{service}",
};
SecStatusCode res;
var match = SecKeyChain.QueryAsRecord(s, out res);
if (res == SecStatusCode.Success)
{
var remStatus = SecKeyChain.Remove(s);
}
s.ValueData = NSData.FromString(value);
if (!string.IsNullOrWhiteSpace(sharedGroupId))
{
s.AccessGroup = sharedGroupId;
}
var err = SecKeyChain.Add(s);
Console.WriteLine(err);
}
/// <summary>
/// Adds an entry into key chain. If a duplicate is found, it is removed & re-added.
/// </summary>
/// <param name="secureValues">Object containing secure values</param>
/// <returns>Whether the key chain entry was added successfully.</returns>
public static bool StoreSecureDataInKeychain(KeyStoreModel secureValues)
{
var success = false;
var s = new SecRecord(SecKind.GenericPassword)
{
ValueData = NSData.FromString(JsonConvert.SerializeObject(secureValues)),
Generic = NSData.FromString(KEY),
AccessGroup = "H29ZBDYNSU.com.andculture.boilerplate" // TODO: Change to your app's bundle id
};
var err = SecKeyChain.Add(s);
if (err == SecStatusCode.DuplicateItem)
{
err = SecKeyChain.Remove(s);
if (err == SecStatusCode.Success)
{
return(StoreSecureDataInKeychain(secureValues));
}
}
else if (err == SecStatusCode.Success)
{
success = true;
}
return(success);
}
public void SaveUserInfo(string userId, string userName, string password)
{
var rec = new SecRecord(SecKind.GenericPassword)
{
Generic = NSData.FromString("password")
};
SecStatusCode res;
var match = SecKeyChain.QueryAsRecord(rec, out res);
if (res == SecStatusCode.Success)
{
res = SecKeyChain.Remove(rec);
}
var s = new SecRecord(SecKind.GenericPassword)
{
Service = "BodyReportUserInfo",
Account = userId + (char)3 + userName,
ValueData = NSData.FromString(password),
Generic = NSData.FromString("password")
};
res = SecKeyChain.Add(s);
}
public void Save(string pin, string serviceId)
{
var statusCode = SecStatusCode.Success;
var serializedAccount = pin;
var data = NSData.FromString(serializedAccount, NSStringEncoding.UTF8);
//
// Remove any existing record
//
var existing = FindAccount(serviceId);
if (existing != null)
{
var query = new SecRecord(SecKind.GenericPassword);
query.Service = serviceId;
statusCode = SecKeyChain.Remove(query);
if (statusCode != SecStatusCode.Success)
{
throw new Exception("Could not save account to KeyChain: " + statusCode);
}
}
//
// Add this record
//
var record = new SecRecord(SecKind.GenericPassword);
record.Service = serviceId;
record.Generic = data;
record.Accessible = SecAccessible.WhenUnlocked;
statusCode = SecKeyChain.Add(record);
if (statusCode != SecStatusCode.Success)
{
throw new Exception("Could not save account to KeyChain: " + statusCode);
}
}
void AuthenticationType(SecAuthenticationType type)
{
var rec = new SecRecord(SecKind.InternetPassword)
{
Account = "AuthenticationType"
};
SecKeyChain.Remove(rec); // it might already exists (or not)
rec = new SecRecord(SecKind.InternetPassword)
{
Account = "AuthenticationType",
ValueData = NSData.FromString("Password"),
AuthenticationType = type,
Server = "www.xamarin.com"
};
Assert.That(SecKeyChain.Add(rec), Is.EqualTo(SecStatusCode.Success), "Add");
SecStatusCode code;
var match = SecKeyChain.QueryAsRecord(rec, out code);
Assert.That(code, Is.EqualTo(SecStatusCode.Success), "QueryAsRecord");
Assert.That(match.AuthenticationType, Is.EqualTo(type), "AuthenticationType");
}
void AuthenticationType(SecAuthenticationType type)
{
var rec = new SecRecord(SecKind.InternetPassword)
{
Account = "AuthenticationType"
};
SecKeyChain.Remove(rec); // it might already exists (or not)
rec = new SecRecord(SecKind.InternetPassword)
{
Account = $"{CFBundle.GetMain ().Identifier}-{GetType ().FullName}-{Process.GetCurrentProcess ().Id}",
ValueData = NSData.FromString("Password"),
AuthenticationType = type,
Server = "www.xamarin.com"
};
Assert.That(SecKeyChain.Add(rec), Is.EqualTo(SecStatusCode.Success), "Add");
var query = new SecRecord(SecKind.InternetPassword)
{
Account = rec.Account,
AuthenticationType = rec.AuthenticationType,
Server = rec.Server,
};
SecStatusCode code;
var match = SecKeyChain.QueryAsRecord(query, out code);
Assert.That(code, Is.EqualTo(SecStatusCode.Success), "QueryAsRecord");
Assert.That(match.AuthenticationType, Is.EqualTo(type), "AuthenticationType");
}
/// <summary>
/// Deletes a username/password record.
/// </summary>
/// <param name="username">the username to query. Not case sensitive. May not be NULL.</param>
/// <param name="serviceId">the service description to query. Not case sensitive. May not be NULL.</param>
/// <param name="synchronizable">
/// Defines if the record you want to delete is syncable via iCloud keychain or not. Note that using the same username and service ID
/// but different synchronization settings will result in two keychain entries.
/// </param>
/// <returns>Status code</returns>
public static SecStatusCode DeletePasswordForUsername(string username, string serviceId, bool synchronizable)
{
if (username == null)
{
throw new ArgumentNullException("userName");
}
if (serviceId == null)
{
throw new ArgumentNullException("serviceId");
}
// Querying is case sesitive - we don't want that.
username = username.ToLower();
serviceId = serviceId.ToLower();
// Query and remove.
SecRecord queryRec = new SecRecord(SecKind.GenericPassword)
{
Service = serviceId,
Label = serviceId,
Account = username,
Synchronizable = synchronizable
};
SecStatusCode code = SecKeyChain.Remove(queryRec);
return(code);
}
public void AddQueryRemove_Identity()
{
using (SecRecord rec = new SecRecord(SecKind.Identity))
using (var id = IdentityTest.GetIdentity()) {
rec.SetValueRef(id);
SecStatusCode code = SecKeyChain.Add(rec);
Assert.True(code == SecStatusCode.DuplicateItem || code == SecStatusCode.Success);
}
if (!TestRuntime.CheckXcodeVersion(5, 0))
{
Assert.Inconclusive("QueryAsConcreteType does not work before iOS7");
}
using (SecRecord rec = new SecRecord(SecKind.Identity)) {
SecStatusCode code;
var match = SecKeyChain.QueryAsConcreteType(rec, out code);
if ((match == null) && (code == SecStatusCode.ItemNotFound))
{
Assert.Inconclusive("Test randomly fails (race condition between addtion/commit/query?");
}
Assert.That(code, Is.EqualTo(SecStatusCode.Success), "QueryAsRecord-2");
Assert.NotNull(match, "match-2");
code = SecKeyChain.Remove(rec);
Assert.That(code, Is.EqualTo(SecStatusCode.Success), "Remove");
match = SecKeyChain.QueryAsConcreteType(rec, out code);
Assert.That(code, Is.EqualTo(SecStatusCode.ItemNotFound), "QueryAsRecord-3");
Assert.Null(match, "match-3");
}
}
void Protocol(SecProtocol protocol)
{
var rec = new SecRecord(SecKind.InternetPassword)
{
Account = $"Protocol-{protocol}-{CFBundle.GetMain ().Identifier}-{GetType ().FullName}-{Process.GetCurrentProcess ().Id}",
};
try {
SecKeyChain.Remove(rec); // it might already exists (or not)
rec = new SecRecord(SecKind.InternetPassword)
{
Account = "Protocol",
ValueData = NSData.FromString("Password"),
Protocol = protocol,
Server = "www.xamarin.com"
};
Assert.That(SecKeyChain.Add(rec), Is.EqualTo(SecStatusCode.Success), "Add");
SecStatusCode code;
var match = SecKeyChain.QueryAsRecord(rec, out code);
Assert.That(code, Is.EqualTo(SecStatusCode.Success), "QueryAsRecord");
Assert.That(match.Protocol, Is.EqualTo(protocol), "Protocol");
} finally {
// Clean up after us
SecKeyChain.Remove(rec);
}
}
protected override Task <SecureValueResult> NativeRemoveSecureValue(SecureValueRequestConfiguration secureValueRequestConfig, CancellationToken cancellationToken)
{
#if __MAC__
return(Task.FromResult(new SecureValueResult
{
Status = FingerprintAuthenticationResultStatus.NotAvailable,
ErrorMessage = "Not implemented for the current platform."
}));
#else
var key = secureValueRequestConfig.Key.ToLower();
var serviceId = secureValueRequestConfig.ServiceId.ToLower();
var secureRecord = new SecRecord(SecKind.GenericPassword)
{
Service = serviceId,
Label = serviceId,
Account = key,
};
var statusCode = SecKeyChain.Remove(secureRecord);
if (statusCode == SecStatusCode.Success)
{
return(Task.FromResult(new SecureValueResult
{
Status = FingerprintAuthenticationResultStatus.Succeeded,
}));
}
return(Task.FromResult(new SecureValueResult
{
Status = FingerprintAuthenticationResultStatus.UnknownError,
}));
#endif
}
public bool Remove(string key)
{
key = KeyPrefix + key;
SecRecord record = new SecRecord(SecKind.GenericPassword)
{
Account = key,
Service = Service
};
using (record)
using (SecRecord match = SecKeyChain.QueryAsRecord(record, out SecStatusCode result))
{
if (result == SecStatusCode.Success)
{
result = SecKeyChain.Remove(record);
if (result != SecStatusCode.Success && result != SecStatusCode.ItemNotFound)
{
throw new Exception($"Error removing record: {result}");
}
return(true);
}
}
return(false);
}
/// <summary>
/// Deletes any account credentials that are stored.
/// </summary>
public void DeleteAccountCredentials()
{
SecRecord recordToDelete = new SecRecord(SecKind.GenericPassword);
recordToDelete.Service = this.applicationId;
SecKeyChain.Remove(recordToDelete);
}
public bool Delete(string key)
{
var query = strategy.KeyToQuery(key);
var code = SecKeyChain.Remove(query);
SecureStoreStrategyExtensions.AssertOk(code);
return(code != SecStatusCode.ItemNotFound);
}
public void Clear()
{
using (var query = new SecRecord(SecKind.GenericPassword)
{
Service = this.Service
})
SecKeyChain.Remove(query);
}
public void Remove(string key)
{
var rec = new SecRecord(SecKind.GenericPassword)
{
Generic = NSData.FromString(key)
};
SecKeyChain.Remove(rec);
}
public void Remove(string key)
{
var existingRecord = new SecRecord(SecKind.GenericPassword)
{
Account = key,
Service = NSBundle.MainBundle.BundleIdentifier
};
var code = SecKeyChain.Remove(existingRecord);
}
public static void RemoveTokenKeyChain( )
{
SecRecord secRecord = GetTokenKeyChain(out SecRecord tokenQuery);
if (secRecord != null)
{
SecKeyChain.Remove(secRecord);
}
}
/// <summary>
/// Deletes data.
/// </summary>
/// <param name="key">Key for the data to be deleted.</param>
public void Delete(string key)
{
using (var record = GetExistingRecord(key))
{
if (record != null)
{
CheckError(SecKeyChain.Remove(record));
}
}
}
