]> git.saurik.com Git - apple/security.git/blob - keychain/ot/OTDetermineHSA2AccountStatusOperation.m
Security-59754.80.3.tar.gz
[apple/security.git] / keychain / ot / OTDetermineHSA2AccountStatusOperation.m
1
2 #if OCTAGON
3
4 #import "utilities/debugging.h"
5
6 #import "keychain/ot/OTConstants.h"
7 #import "keychain/ot/OTDetermineHSA2AccountStatusOperation.h"
8 #import "keychain/ot/OTStates.h"
9 #import "keychain/ckks/CKKSAccountStateTracker.h"
10
11 #import "keychain/ot/categories/OTAccountMetadataClassC+KeychainSupport.h"
12 #import "keychain/TrustedPeersHelper/TrustedPeersHelperProtocol.h"
13 #import "keychain/ot/ObjCImprovements.h"
14
15 @interface OTDetermineHSA2AccountStatusOperation ()
16 @property OTOperationDependencies* deps;
17
18 @property OctagonState* stateIfNotHSA2;
19 @property OctagonState* stateIfNoAccount;
20 @property NSOperation* finishedOp;
21 @end
22
23 @implementation OTDetermineHSA2AccountStatusOperation
24 @synthesize intendedState = _intendedState;
25
26 - (instancetype)initWithDependencies:(OTOperationDependencies*)dependencies
27 stateIfHSA2:(OctagonState*)stateIfHSA2
28 stateIfNotHSA2:(OctagonState*)stateIfNotHSA2
29 stateIfNoAccount:(OctagonState*)stateIfNoAccount
30 errorState:(OctagonState*)errorState
31 {
32 if((self = [super init])) {
33 _deps = dependencies;
34
35 _intendedState = stateIfHSA2;
36 _stateIfNotHSA2 = stateIfNotHSA2;
37 _stateIfNoAccount = stateIfNoAccount;
38 _nextState = errorState;
39 }
40 return self;
41 }
42
43 - (void)groupStart
44 {
45 self.finishedOp = [[NSOperation alloc] init];
46 [self dependOnBeforeGroupFinished:self.finishedOp];
47
48 NSError *error = nil;
49 NSString* primaryAccountAltDSID = [self.deps.authKitAdapter primaryiCloudAccountAltDSID:&error];
50
51
52 if(primaryAccountAltDSID != nil) {
53 secnotice("octagon", "iCloud account is present; checking HSA2 status");
54
55 bool hsa2 = [self.deps.authKitAdapter accountIsHSA2ByAltDSID:primaryAccountAltDSID];
56 secnotice("octagon", "HSA2 is %@", hsa2 ? @"enabled" : @"disabled");
57
58 [self.deps.stateHolder persistAccountChanges:^OTAccountMetadataClassC *(OTAccountMetadataClassC * metadata) {
59 if(hsa2) {
60 metadata.icloudAccountState = OTAccountMetadataClassC_AccountState_ACCOUNT_AVAILABLE;
61 } else {
62 metadata.icloudAccountState = OTAccountMetadataClassC_AccountState_NO_ACCOUNT;
63 }
64 metadata.altDSID = primaryAccountAltDSID;
65 return metadata;
66 } error:&error];
67
68 // If there's an HSA2 account, return to 'initializing' here, as we want to centralize decisions on what to do next
69 if(hsa2) {
70 self.nextState = self.intendedState;
71 } else {
72 //[self.deps.accountStateTracker setHSA2iCloudAccountStatus:CKKSAccountStatusNoAccount];
73 self.nextState = self.stateIfNotHSA2;
74 }
75
76 } else {
77 secnotice("octagon", "iCloud account is not present: %@", error);
78
79 [self.deps.stateHolder persistAccountChanges:^OTAccountMetadataClassC *(OTAccountMetadataClassC * metadata) {
80 metadata.icloudAccountState = OTAccountMetadataClassC_AccountState_NO_ACCOUNT;
81 metadata.altDSID = nil;
82 return metadata;
83 } error:&error];
84
85 self.nextState = self.stateIfNoAccount;
86 }
87
88 if(error) {
89 secerror("octagon: unable to save new account state: %@", error);
90 }
91
92 [self runBeforeGroupFinished:self.finishedOp];
93 }
94
95 @end
96
97 #endif // OCTAGON