]> git.saurik.com Git - apple/security.git/blob - keychain/KeychainSettings/KeychainSettings.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-59306.11.20.tar.gz
[apple/security.git] / keychain / KeychainSettings / KeychainSettings.m
1 //
2 // KeychainSettings.m
3 // Security
4 //
5
6 #import "KeychainSettings.h"
7 #import <Security/Security.h>
8 #import <Security/OTControl.h>
9 #import <Security/CKKSControl.h>
10 #import <os/log.h>
11 #import <AppleAccount/AppleAccount.h>
12 #import <AppleAccount/AppleAccount_Private.h>
13 #import <AuthKit/AuthKit.h>
14 #import <AuthKit/AuthKit_Private.h>
15 #import <AuthKit/AKDeviceListDeltaMessagePayload.h>
16 #import <Foundation/NSDistributedNotificationCenter.h>
17
18 #import <AppleAccount/ACAccount+AppleAccount.h>
19 #import <Accounts/ACAccountStore.h>
20 #import <UIKit/UIKit.h>
21 #import <utilities/debugging.h>
22
23 #import "keychain/ot/categories/OTAccountMetadataClassC+KeychainSupport.h"
24
25
26 @interface KeychainSettings ()
27 @property (strong) OTControl* control;
28 @property (strong) NSDictionary* status;
29 @property (strong) NSString *statusError;
30
31 + (OTControl *)sharedOTControl;
32 + (CKKSControl *)sharedCKKSControl;
33 @end
34
35 @implementation KeychainSettings
36
37 - (id)init {
38 if ((self = [super init]) != nil) {
39 [self updateCircleStatus];
40 }
41 return self;
42 }
43
44 + (OTControl *)sharedOTControl
45 {
46 static OTControl *control;
47 static dispatch_once_t onceToken;
48 dispatch_once(&onceToken, ^{
49 NSError *error = nil;
50
51 control = [OTControl controlObject:true error:&error];
52 if(error || !control) {
53 os_log(OS_LOG_DEFAULT, "no OTControl, failed: %@", error);
54 }
55 });
56 return control;
57 }
58
59 + (CKKSControl *)sharedCKKSControl
60 {
61 static CKKSControl *control;
62 static dispatch_once_t onceToken;
63 dispatch_once(&onceToken, ^{
64 NSError *error = nil;
65
66 // Use a synchronous control object
67 control = [CKKSControl CKKSControlObject:true error:&error];
68 if(error || !control) {
69 os_log(OS_LOG_DEFAULT, "no CKKSControl, failed: %@", error);
70 }
71 });
72 return control;
73
74 }
75
76
77 - (void)updateCircleStatus
78 {
79 [[KeychainSettings sharedOTControl] status:NULL
80 context:OTDefaultContext
81 reply:^(NSDictionary* result, NSError* _Nullable error) {
82 @synchronized (self) {
83 self.statusError = nil;
84 if (error) {
85 self.status = nil;
86 self.statusError = [error description];
87 } else {
88 self.status = result;
89 self.statusError = nil;
90 }
91 }
92 }];
93 }
94
95 - (NSArray *)specifiers {
96 if (!_specifiers) {
97 _specifiers = [self loadSpecifiersFromPlistName:@"KeychainSettings" target:self];
98 }
99 return _specifiers;
100 }
101
102 - (NSString *)octagonStatusString:(NSString *)key
103 {
104 __block id status = nil;
105 @synchronized (self) {
106 if (self.status) {
107 id value = self.status[key];
108 if ([value isKindOfClass:[NSString class]]) {
109 status = value;
110 } else if ([value isKindOfClass:[NSNumber class]]) {
111 NSNumber *number = value;
112 status = [number stringValue];
113 } else {
114 status = [key description];
115 }
116 }
117 if (status == nil && self.statusError) {
118 status = self.statusError;
119 }
120 }
121 if (status == nil) {
122 status = @"<unset>";
123 }
124 return status;
125
126 }
127
128 - (NSNumber *)octagonStatusNumber:(NSString *)key
129 {
130 __block NSNumber *status = nil;
131 @synchronized (self) {
132 NSNumber *value = self.status[key];
133 if ([value isKindOfClass:[NSNumber class]]) {
134 status = value;
135 }
136
137 }
138 return status;
139
140 }
141
142 - (NSString *)octagonStateMachine:(PSSpecifier *)specifier
143 {
144 return [self octagonStatusString:@"state"];
145 }
146
147 - (NSString *)prettyifyProtobufString:(NSString *)string
148 {
149 return [string.capitalizedString stringByReplacingOccurrencesOfString:@"_" withString:@" "];
150 }
151
152 - (NSString *)octagonTrustState:(PSSpecifier *)specifier
153 {
154 return [self prettyifyProtobufString:OTAccountMetadataClassC_TrustStateAsString([[self octagonStatusNumber:@"memoizedTrustState"] intValue])];
155 }
156
157 - (NSString *)octagonAccountState:(PSSpecifier *)specifier
158 {
159 return [self prettyifyProtobufString:OTAccountMetadataClassC_AccountStateAsString([[self octagonStatusNumber:@"memoizedAccountState"] intValue])];
160 }
161
162 - (NSString *)ckksAggregateStatus:(PSSpecifier *)specifier
163 {
164 __block NSString *status = NULL;
165 __block bool foundNonReady = false;
166 __block bool foundOne = false;
167
168 void (^replyBlock)(NSArray<NSDictionary *> * _Nullable result, NSError * _Nullable error) = ^(NSArray<NSDictionary *>* result, NSError* _Nullable error){
169 if (error) {
170 status = [NSString stringWithFormat:@"error: %@", error];
171 }
172 for(NSDictionary* view in result) {
173 NSString* viewName = view[@"view"];
174 if (viewName == NULL || [viewName isEqualToString:@"global"]) {
175 return;
176 }
177 foundOne = true;
178 NSString *viewStatus = view[@"keystate"];
179
180 if (![viewStatus isKindOfClass:[NSString class]] ||
181 !([viewStatus isEqualToString:@"ready"] || [viewStatus isEqualToString:@"readypendingunlock"])) {
182 foundNonReady = true;
183 }
184 }
185 };
186
187 [[KeychainSettings sharedCKKSControl] rpcFastStatus:NULL reply: replyBlock];
188
189 if (status) {
190 /* something already provided status */
191 } else if (foundNonReady) {
192 status = @"not ready";
193 } else if (foundOne) {
194 status = @"ready";
195 } else {
196 status = @"no status";
197 }
198
199 return status;
200 }
201
202 - (NSString* _Nullable)primaryiCloudAccountAltDSID
203 {
204 ACAccountStore *store = [[ACAccountStore alloc] init];
205 ACAccount* primaryAccount = [store aa_primaryAppleAccount];
206 if(!primaryAccount) {
207 return nil;
208 }
209
210 return [primaryAccount aa_altDSID];
211 }
212
213 - (void) resetOctagon:(PSSpecifier *)specifier
214 {
215 dispatch_semaphore_t sema = dispatch_semaphore_create(0);
216
217 [[KeychainSettings sharedOTControl] resetAndEstablish:nil
218 context:OTDefaultContext
219 altDSID:[self primaryiCloudAccountAltDSID]
220 reply:^(NSError * _Nullable error) {
221 if(error) {
222
223 }
224 dispatch_semaphore_signal(sema);
225
226 }];
227 if(dispatch_semaphore_wait(sema, dispatch_time(DISPATCH_TIME_NOW, NSEC_PER_SEC * 60)) != 0) {
228 secerror("timed out attempting to reset octagon");
229 }
230 }
231
232 @end
233
234
235 @implementation KeychainSettingsOctagonPeers
236
237 - (void)addPeerIDs:(NSArray<NSString*>*)peerIDs
238 peers:(NSMutableDictionary<NSString*, NSDictionary*>*)peers
239 toSpecifiers:(NSMutableArray*)specifiers
240 {
241 NSMutableArray<NSDictionary*>* selectedPeers = [NSMutableArray array];
242
243 for (NSString *peerID in peerIDs) {
244 NSDictionary *peer = peers[peerID];
245 if (peer) {
246 [selectedPeers addObject:peer];
247 }
248 }
249
250 [selectedPeers sortUsingComparator:^NSComparisonResult(NSDictionary *_Nonnull obj1, NSDictionary *_Nonnull obj2) {
251 return [obj1[@"stableInfo"][@"device_name"] compare: obj2[@"stableInfo"][@"device_name"]];
252 }];
253
254 for (NSDictionary *peer in selectedPeers) {
255 PSSpecifier* spec = [PSSpecifier preferenceSpecifierNamed:peer[@"stableInfo"][@"device_name"] target:self set:nil get:nil detail:nil cell:PSTitleValueCell edit:nil];
256
257 [specifiers addObject:spec];
258 }
259
260 }
261
262 - (PSSpecifier *)groupSpecifier:(NSString *)name
263 {
264 return [PSSpecifier preferenceSpecifierNamed:name target:self set:nil get:nil detail:nil cell:PSGroupCell edit:nil];
265 }
266
267 - (NSArray *)specifiers {
268
269 if (!_specifiers) {
270 NSMutableArray* specifiers = [NSMutableArray array];
271
272 [specifiers addObjectsFromArray: [self loadSpecifiersFromPlistName:@"KeychainSettingsOctagonPeers" target:self]];
273
274 void (^replyBlock)(NSDictionary* result, NSError* _Nullable error) = ^(NSDictionary* result, NSError* _Nullable error) {
275 NSDictionary* contextDump = result[@"contextDump"];
276
277 // Make it easy to find peer information
278 NSMutableDictionary<NSString*, NSDictionary*>* peers = [NSMutableDictionary dictionary];
279 NSMutableArray<NSString*>* allPeerIDs = [NSMutableArray array];
280 for(NSDictionary* peerInformation in contextDump[@"peers"]) {
281 NSString* peerID = peerInformation[@"peerID"];
282 if(peerID) {
283 peers[peerID] = peerInformation;
284 [allPeerIDs addObject:peerID];
285 }
286 }
287
288 NSDictionary* egoInformation = contextDump[@"self"];
289 NSString* egoPeerID = egoInformation[@"peerID"];
290 NSDictionary* egoDynamicInfo = egoInformation[@"dynamicInfo"];
291
292 if(egoPeerID && egoInformation && egoDynamicInfo) {
293
294 peers[egoPeerID] = egoInformation;
295
296 [specifiers addObject:[self groupSpecifier:@"Me"]];
297 [self addPeerIDs:@[egoPeerID] peers:peers toSpecifiers:specifiers];
298
299 NSArray<NSString*>* included = egoDynamicInfo[@"included"];
300 [specifiers addObject:[self groupSpecifier:@"Included"]];
301 [self addPeerIDs:included peers:peers toSpecifiers:specifiers];
302 [peers removeObjectsForKeys:included];
303
304 NSArray<NSString*>* excluded = egoDynamicInfo[@"excluded"];
305 [specifiers addObject:[self groupSpecifier:@"Excluded"]];
306 [self addPeerIDs:excluded peers:peers toSpecifiers:specifiers];
307 [peers removeObjectsForKeys:excluded];
308
309 } else {
310 [specifiers addObject:[self groupSpecifier:@"Me (untrusted)"]];
311 }
312
313 if (peers.count) {
314 [specifiers addObject:[self groupSpecifier:@"Other peers"]];
315 [self addPeerIDs:peers.allKeys peers:peers toSpecifiers:specifiers];
316 }
317
318 };
319
320 [[KeychainSettings sharedOTControl] status:NULL context:OTDefaultContext reply:replyBlock];
321
322 _specifiers = specifiers;
323 }
324
325 return _specifiers;
326 }
327
328 @end
329
330 @implementation KeychainSettingsCKKSViews
331
332 - (NSArray *)specifiers {
333
334 if (!_specifiers) {
335 NSMutableArray* specifiers = [NSMutableArray array];
336
337 [specifiers addObjectsFromArray: [self loadSpecifiersFromPlistName:@"KeychainSettingsCKKSViews" target:self]];
338
339 void (^replyBlock)(NSArray<NSDictionary *> * _Nullable result, NSError * _Nullable error) = ^(NSArray<NSDictionary *>* result, NSError* _Nullable error){
340
341 NSMutableArray<NSDictionary*>* views = [NSMutableArray array];
342 for(NSDictionary* view in result) {
343 NSString* viewName = view[@"view"];
344 if (viewName == NULL || [viewName isEqualToString:@"global"]) {
345 return;
346 }
347
348 [views addObject:view];
349 }
350
351 [views sortUsingComparator:^NSComparisonResult(NSDictionary *_Nonnull obj1, NSDictionary *_Nonnull obj2) {
352 return [obj1[@"view"] compare: obj2[@"view"]];
353 }];
354
355 for (NSDictionary *view in views) {
356 NSString *description = [NSString stringWithFormat:@"%@ - %@", view[@"view"], view[@"keystate"]];
357 PSSpecifier* spec = [PSSpecifier preferenceSpecifierNamed:description target:self set:nil get:nil detail:nil cell:PSTitleValueCell edit:nil];
358
359 [specifiers addObject:spec];
360 }
361 };
362 [[KeychainSettings sharedCKKSControl] rpcFastStatus:NULL reply: replyBlock];
363
364 _specifiers = specifiers;
365 }
366
367 return _specifiers;
368 }
369
370
371
372 @end
mirror of Security