KeychainSyncAccountNotification/KeychainSyncAccountNotification.m

   1 //
   2 //  KeychainSyncAccountNotification.m
   3 //  Security
   4 //
   5
   6 #import "KeychainSyncAccountNotification.h"
   7 #import <Accounts/ACLogging.h>
   8 #import <Accounts/Accounts.h>
   9 #import <Accounts/Accounts_Private.h>
  10 #if TARGET_OS_IPHONE
  11 #import <AppleAccount/ACAccount+AppleAccount.h>
  12 #else
  13 #import <AOSAccounts/ACAccount+iCloudAccount.h>
  14 #endif
  15 #import <AccountsDaemon/ACDAccountStore.h>
  16 #import <AccountsDaemon/ACDClientAuthorizationManager.h>
  17 #import <AccountsDaemon/ACDClientAuthorization.h>
  18 #import <Security/SOSCloudCircle.h>
  19
  20 @implementation KeychainSyncAccountNotification
  21
  22
  23 - (bool)accountIsPrimary:(ACAccount *)account
  24 {
  25 #if TARGET_OS_IPHONE
  26     return [account aa_isPrimaryAccount];
  27 #else
  28     return [account icaIsPrimaryAccount];
  29 #endif
  30 }
  31
  32 - (BOOL)account:(ACAccount *)account willChangeWithType:(ACAccountChangeType)changeType inStore:(ACDAccountStore *)store oldAccount:(ACAccount *)oldAccount {
  33
  34     if ((changeType == kACAccountChangeTypeDeleted) && [oldAccount.accountType.identifier isEqualToString:ACAccountTypeIdentifierAppleAccount]) {
  35         if(oldAccount.identifier != NULL && oldAccount.username !=NULL){
  36
  37             if ([self accountIsPrimary:oldAccount]) {
  38
  39                 CFErrorRef removalError = NULL;
  40
  41                 ACLogDebug(@"Performing SOS circle credential removal for account %@: %@", oldAccount.identifier, oldAccount.username);
  42
  43                 if (!SOSCCLoggedOutOfAccount(&removalError)) {
  44                     ACLogError(@"Account %@ could not leave the SOS circle: %@", oldAccount.identifier, removalError);
  45                 }
  46             } else {
  47                 ACLogDebug(@"NOT performing SOS circle credential removal for secondary account %@: %@", account.identifier, account.username);
  48             }
  49         }
  50         else{
  51             ACLogDebug(@"Already logged out of account");
  52
  53         }
  54     }
  55
  56     return YES;
  57 }
  58
  59 - (void)account:(ACAccount *)account didChangeWithType:(ACAccountChangeType)changeType inStore:(ACDAccountStore *)store oldAccount:(ACAccount *)oldAccount {
  60         if (changeType == kACAccountChangeTypeDeleted) {
  61         if (oldAccount.identifier != NULL && oldAccount.username != NULL){
  62
  63             if ([self accountIsPrimary:oldAccount]) {
  64                 CFErrorRef removalError = NULL;
  65                 ACLogDebug(@"Performing SOS circle credential removal for account %@: %@", oldAccount.identifier, oldAccount.username);
  66                 if (!SOSCCLoggedOutOfAccount(&removalError)) {
  67                     ACLogError(@"Account %@ could not leave the SOS circle: %@", oldAccount.identifier, removalError);
  68                 }
  69             } else {
  70                 ACLogDebug(@"NOT performing SOS circle credential removal for secondary account %@: %@", account.identifier, account.username);
  71             }
  72         }
  73         ACLogDebug(@"Already logged out of account");
  74     }
  75 }
  76
  77 @end