[apple/security.git] / KeychainSyncAccountNotification / KeychainSyncAccountNotification.m

//
//  KeychainSyncAccountNotification.m
//  Security
//
//  Created by keith on 5/2/13.
//
//

#import "KeychainSyncAccountNotification.h"
#import <Accounts/ACLogging.h>
#import <Accounts/Accounts.h>
#import <Accounts/Accounts_Private.h>
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wnewline-eof"
#import <AppleAccount/ACAccount+AppleAccount.h>
#pragma clang diagnostic pop
#import <AccountsDaemon/ACDAccountStore.h>
#import <AccountsDaemon/ACDClientAuthorizationManager.h>
#import <AccountsDaemon/ACDClientAuthorization.h>
#import <Security/SOSCloudCircle.h>

@implementation KeychainSyncAccountNotification

- (BOOL)account:(ACAccount *)account willChangeWithType:(ACAccountChangeType)changeType inStore:(ACDAccountStore *)store oldAccount:(ACAccount *)oldAccount {
    if ((changeType == kACAccountChangeTypeDeleted) && [oldAccount.accountType.identifier isEqualToString:ACAccountTypeIdentifierAppleAccount]) {
        if ([account aa_isPrimaryAccount]) {
            
            CFErrorRef removalError = NULL;
            
            ACLogDebug(@"Performing SOS circle credential removal for account %@: %@", oldAccount.identifier, oldAccount.username);
            
            if (!SOSCCRemoveThisDeviceFromCircle(&removalError)) {
                ACLogError(@"Account %@ could not leave the SOS circle: %@", oldAccount.identifier, removalError);
            }
        } else {
            ACLogDebug(@"NOT performing SOS circle credential removal for secondary account %@: %@", account.identifier, account.username);
        }
    }
    
    return YES;
}

- (void)account:(ACAccount *)account didChangeWithType:(ACAccountChangeType)changeType inStore:(ACDAccountStore *)store oldAccount:(ACAccount *)oldAccount {
    if ((changeType == kACAccountChangeTypeAdded || changeType == kACAccountChangeTypeModified) && [account.accountType.identifier isEqualToString:ACAccountTypeIdentifierAppleAccount]) {
        if ([account aa_isPrimaryAccount]) {
            NSError *errObject;
            ACAccountCredential *accountCred = [store credentialForAccount:account error:&errObject];
            if (accountCred != NULL) {
                CFErrorRef authenticateError = NULL;
                if (accountCred.password != NULL) {
                    const char *accountPassword = [accountCred.password cStringUsingEncoding:NSUTF8StringEncoding];
                    CFDataRef passwordData = CFDataCreate(kCFAllocatorDefault, (const uint8_t *)accountPassword, strlen(accountPassword));
                    if (NULL != passwordData) {
                        ACLogDebug(@"Performing SOS circle credential set for account %@: %@", account.identifier, account.username);
                        if (!SOSCCSetUserCredentials((__bridge CFStringRef)(account.username), passwordData, &authenticateError)) {
                            ACLogError(@"Unable to set SOS circle credentials for account %@: %@", account.identifier, authenticateError);
                            if (NULL != authenticateError) {
                                CFRelease(authenticateError);
                            }
                        }
                        CFRelease(passwordData);
                    }
                } else {
                    if (!SOSCCCanAuthenticate(&authenticateError)) {
                        ACLogError(@"Account %@ did not present a password and we could not authenticate the SOS circle: %@", account.identifier, authenticateError);
                        if (NULL != authenticateError) {
                            CFRelease(authenticateError);
                        }
                    }
                }
            } else {
                ACLogError(@"Account %@ did not present a credential for SOS circle: %@", account.identifier, errObject);
            }
        } else {
            ACLogDebug(@"NOT performing SOS circle credential set for secondary account %@: %@", account.identifier, account.username);
        }
    }
}

@end
Commit	Line	Data
d8f41ccd A	1	//
	2	// KeychainSyncAccountNotification.m
	3	// Security
	4	//
	5	// Created by keith on 5/2/13.
	6	//
	7	//
	8
	9	#import "KeychainSyncAccountNotification.h"
	10	#import <Accounts/ACLogging.h>
	11	#import <Accounts/Accounts.h>
	12	#import <Accounts/Accounts_Private.h>
	13	#pragma clang diagnostic push
	14	#pragma clang diagnostic ignored "-Wnewline-eof"
	15	#import <AppleAccount/ACAccount+AppleAccount.h>
	16	#pragma clang diagnostic pop
	17	#import <AccountsDaemon/ACDAccountStore.h>
	18	#import <AccountsDaemon/ACDClientAuthorizationManager.h>
	19	#import <AccountsDaemon/ACDClientAuthorization.h>
	20	#import <Security/SOSCloudCircle.h>
	21
	22	@implementation KeychainSyncAccountNotification
	23
	24	- (BOOL)account:(ACAccount )account willChangeWithType:(ACAccountChangeType)changeType inStore:(ACDAccountStore )store oldAccount:(ACAccount *)oldAccount {
	25	if ((changeType == kACAccountChangeTypeDeleted) && [oldAccount.accountType.identifier isEqualToString:ACAccountTypeIdentifierAppleAccount]) {
	26	if ([account aa_isPrimaryAccount]) {
	27
	28	CFErrorRef removalError = NULL;
	29
	30	ACLogDebug(@"Performing SOS circle credential removal for account %@: %@", oldAccount.identifier, oldAccount.username);
	31
	32	if (!SOSCCRemoveThisDeviceFromCircle(&removalError)) {
	33	ACLogError(@"Account %@ could not leave the SOS circle: %@", oldAccount.identifier, removalError);
	34	}
	35	} else {
	36	ACLogDebug(@"NOT performing SOS circle credential removal for secondary account %@: %@", account.identifier, account.username);
	37	}
	38	}
	39
	40	return YES;
	41	}
	42
	43	- (void)account:(ACAccount )account didChangeWithType:(ACAccountChangeType)changeType inStore:(ACDAccountStore )store oldAccount:(ACAccount *)oldAccount {
	44	if ((changeType == kACAccountChangeTypeAdded \|\| changeType == kACAccountChangeTypeModified) && [account.accountType.identifier isEqualToString:ACAccountTypeIdentifierAppleAccount]) {
	45	if ([account aa_isPrimaryAccount]) {
	46	NSError *errObject;
	47	ACAccountCredential *accountCred = [store credentialForAccount:account error:&errObject];
	48	if (accountCred != NULL) {
	49	CFErrorRef authenticateError = NULL;
	50	if (accountCred.password != NULL) {
	51	const char *accountPassword = [accountCred.password cStringUsingEncoding:NSUTF8StringEncoding];
	52	CFDataRef passwordData = CFDataCreate(kCFAllocatorDefault, (const uint8_t *)accountPassword, strlen(accountPassword));
	53	if (NULL != passwordData) {
	54	ACLogDebug(@"Performing SOS circle credential set for account %@: %@", account.identifier, account.username);
	55	if (!SOSCCSetUserCredentials((__bridge CFStringRef)(account.username), passwordData, &authenticateError)) {
	56	ACLogError(@"Unable to set SOS circle credentials for account %@: %@", account.identifier, authenticateError);
	57	if (NULL != authenticateError) {
	58	CFRelease(authenticateError);
	59	}
	60	}
	61	CFRelease(passwordData);
	62	}
	63	} else {
	64	if (!SOSCCCanAuthenticate(&authenticateError)) {
65	ACLogError(@"Account %@ did not present a password and we could not authenticate the SOS circle: %@", account.identifier, authenticateError);
66	if (NULL != authenticateError) {
67	CFRelease(authenticateError);
68	}
69	}
70	}
71	} else {
72	ACLogError(@"Account %@ did not present a credential for SOS circle: %@", account.identifier, errObject);
73	}
74	} else {
75	ACLogDebug(@"NOT performing SOS circle credential set for secondary account %@: %@", account.identifier, account.username);
76	}
77	}
78	}
79
80	@end