keychain/ot/OTSetRecoveryKeyOperation.m

   1 /*
   2  * Copyright (c) 2019 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #if OCTAGON
  25
  26 #import <utilities/debugging.h>
  27
  28 #import "keychain/ot/OTSetRecoveryKeyOperation.h"
  29 #import "keychain/ot/OTClientStateMachine.h"
  30 #import "keychain/ot/OTCuttlefishContext.h"
  31 #import "keychain/ot/OTFetchCKKSKeysOperation.h"
  32
  33 #import "keychain/TrustedPeersHelper/TrustedPeersHelperProtocol.h"
  34 #import "keychain/ot/ObjCImprovements.h"
  35
  36 @interface OTSetRecoveryKeyOperation ()
  37 @property OTOperationDependencies* deps;
  38
  39 @property NSOperation* finishOp;
  40 @end
  41
  42 @implementation OTSetRecoveryKeyOperation
  43
  44 - (instancetype)initWithDependencies:(OTOperationDependencies*)dependencies
  45                          recoveryKey:(NSString*)recoveryKey
  46 {
  47     if((self = [super init])) {
  48         _deps = dependencies;
  49         _recoveryKey = recoveryKey;
  50     }
  51     return self;
  52 }
  53
  54 - (void)groupStart
  55 {
  56     self.finishOp = [[NSOperation alloc] init];
  57     [self dependOnBeforeGroupFinished:self.finishOp];
  58
  59     NSString* salt = nil;
  60
  61     if(self.deps.authKitAdapter.primaryiCloudAccountAltDSID){
  62         salt = self.deps.authKitAdapter.primaryiCloudAccountAltDSID;
  63     }
  64     else {
  65         NSError* accountError = nil;
  66         OTAccountMetadataClassC* account = [self.deps.stateHolder loadOrCreateAccountMetadata:&accountError];
  67
  68         if(account && !accountError) {
  69             secnotice("octagon", "retrieved account, altdsid is: %@", account.altDSID);
  70             salt = account.altDSID;
  71         }
  72         if(accountError || !account){
  73             secerror("failed to rerieve account object: %@", accountError);
  74         }
  75     }
  76
  77     WEAKIFY(self);
  78
  79     OTFetchCKKSKeysOperation* fetchKeysOp = [[OTFetchCKKSKeysOperation alloc] initWithDependencies:self.deps];
  80     [self runBeforeGroupFinished:fetchKeysOp];
  81
  82     CKKSResultOperation* proceedWithKeys = [CKKSResultOperation named:@"setting-recovery-tlks"
  83                                                             withBlock:^{
  84                                                                 STRONGIFY(self);
  85                                                                 [self proceedWithKeys:fetchKeysOp.viewKeySets salt:salt];
  86                                                             }];
  87
  88     [proceedWithKeys addDependency:fetchKeysOp];
  89     [self runBeforeGroupFinished:proceedWithKeys];
  90 }
  91
  92 - (void)proceedWithKeys:(NSArray<CKKSKeychainBackedKeySet*>*)viewKeySets salt:(NSString*)salt
  93 {
  94     WEAKIFY(self);
  95
  96     [[self.deps.cuttlefishXPC remoteObjectProxyWithErrorHandler:^(NSError * _Nonnull error) {
  97         STRONGIFY(self);
  98         secerror("octagon: Can't talk with TrustedPeersHelper: %@", error);
  99         [[CKKSAnalytics logger] logRecoverableError:error forEvent:OctagonEventRecoveryKey withAttributes:NULL];
 100         self.error = error;
 101         [self runBeforeGroupFinished:self.finishOp];
 102
 103     }]  setRecoveryKeyWithContainer:self.deps.containerName
 104      context:self.deps.contextID
 105      recoveryKey:self.recoveryKey
 106      salt:salt
 107      ckksKeys:viewKeySets
 108      reply:^(NSError * _Nullable setError) {
 109          if(setError){
 110              [[CKKSAnalytics logger] logResultForEvent:OctagonEventSetRecoveryKey hardFailure:true result:setError];
 111              secerror("octagon: Error setting recovery key: %@", setError);
 112              self.error = setError;
 113              [self runBeforeGroupFinished:self.finishOp];
 114          } else {
 115              secnotice("octagon", "successfully set recovery key");
 116              [self runBeforeGroupFinished:self.finishOp];
 117          }
 118      }];
 119 }
 120
 121 @end
 122
 123 #endif // OCTAGON