Merge pull request #579 from Iterable/encryption

merging encryption feature into main SDK

Author: roninopf

swift-sdk.xcodeproj/project.pbxproj

@@ -63,6 +63,7 @@ enum Const {
             static let email = "itbl_email"
             static let userId = "itbl_userid"
             static let authToken = "itbl_auth_token"
+            static let lastPushPayloadAndExpiration = "itbl_last_push_payload_and_expiration"
         }
     }
 

swift-sdk/Constants.swift

@@ -41,7 +41,7 @@ final class InternalIterableAPI: NSObject, PushTrackerProtocol, AuthProvider {
     }
 
     var lastPushPayload: [AnyHashable: Any]? {
-        localStorage.getPayload(currentDate: dateProvider.currentDate)
+        localStorage.getLastPushPayload(dateProvider.currentDate)
     }
 
     var attributionInfo: IterableAttributionInfo? {
@@ -522,7 +522,7 @@ final class InternalIterableAPI: NSObject, PushTrackerProtocol, AuthProvider {
         let expiration = Calendar.current.date(byAdding: .hour,
                                                value: Const.UserDefault.payloadExpiration,
                                                to: dateProvider.currentDate)
-        localStorage.save(payload: payload, withExpiration: expiration)
+        localStorage.saveLastPushPayload(payload, withExpiration: expiration)
 
         if let metadata = IterablePushNotificationMetadata.metadata(fromLaunchOptions: payload) {
             if let templateId = metadata.templateId {

swift-sdk/Internal/InternalIterableAPI.swift

@@ -5,6 +5,10 @@
 import Foundation
 
 class IterableKeychain {
+    init(wrapper: KeychainWrapper = KeychainWrapper()) {
+        self.wrapper = wrapper
+    }
+    
     var email: String? {
         get {
             let data = wrapper.data(forKey: Const.Keychain.Key.email)
@@ -21,7 +25,6 @@ class IterableKeychain {
 
             wrapper.set(data, forKey: Const.Keychain.Key.email)
         }
-        
     }
 
     var userId: String? {
@@ -48,6 +51,7 @@ class IterableKeychain {
 
             return data.flatMap { String(data: $0, encoding: .utf8) }
         }
+        
         set {
             guard let token = newValue,
                   let data = token.data(using: .utf8) else {
@@ -59,134 +63,104 @@ class IterableKeychain {
         }
     }
 
-    init(wrapper: KeychainWrapper = KeychainWrapper()) {
-        self.wrapper = wrapper
+    func getLastPushPayload(currentDate: Date) -> [AnyHashable: Any]? {
+        guard let payloadExpirationPair = getPayloadExpirationPairFromKeychain() else {
+            return nil
+        }
+        
+        if isLastPushPayloadExpired(expiration: payloadExpirationPair.expiration, currentDate: currentDate) {
+            removePayloadExpirationPairFromKeychain()
+            return nil
+        }
+        
+        return decodeJsonPayload(payloadExpirationPair.payload)
     }
 
-    private let wrapper: KeychainWrapper
-}
-
-/// Basic wrapper for keychain
-/// This should have no dependency on Iterable classes
-class KeychainWrapper {
-    init(serviceName: String = Const.Keychain.serviceName) {
-        self.serviceName = serviceName
+    func setLastPushPayload(_ payload: [AnyHashable: Any]?, withExpiration expiration: Date?) {
+        guard let payload = payload, JSONSerialization.isValidJSONObject(payload) else {
+            removePayloadExpirationPairFromKeychain()
+            return
+        }
+        
+        savePayloadExpirationPairToKeychain(payload: payload, expiration: expiration)
     }
 
-    @discardableResult
-    func set(_ value: Data, forKey key: String) -> Bool {
-        var keychainQueryDictionary: [String: Any] = setupKeychainQueryDictionary(forKey: key)
-        
-        keychainQueryDictionary[SecValueData] = value
+    // MARK: - PRIVATE/INTERNAL
+    
+    private let wrapper: KeychainWrapper
+    
+    private func getPayloadExpirationPairFromKeychain() -> (payload: Data, expiration: Date?)? {
+        // get the value from the keychain
+        guard let keychainValue = wrapper.data(forKey: Const.Keychain.Key.lastPushPayloadAndExpiration) else {
+            return nil
+        }
 
-        // Assign default protection - Protect the keychain entry so it's only valid when the device is unlocked
-        keychainQueryDictionary[SecAttrAccessible] = SecAttrAccessibleWhenUnlocked
+        // decode the payload/expiration pair
+        guard let payloadExpirationPair = try? JSONDecoder().decode(LastPushPayloadValue.self, from: keychainValue) else {
+            return nil
+        }
 
-        let status: OSStatus = SecItemAdd(keychainQueryDictionary as CFDictionary, nil)
+        // cast the payload as a JSON object
+        guard let lastPushPayloadJSON = try? JSONSerialization.jsonObject(with: payloadExpirationPair.payload, options: []) as? [AnyHashable: Any] else {
+            return nil
+        }
 
-        if status == errSecSuccess {
-            return true
-        } else if status == errSecDuplicateItem {
-            return update(value, forKey: key)
-        } else {
-            return false
+        guard let lastPushPayloadData = try? JSONSerialization.data(withJSONObject: lastPushPayloadJSON) else {
+            return nil
         }
+        
+        return (payload: lastPushPayloadData, expiration: payloadExpirationPair.expiration)
     }
 
-    func data(forKey key: String) -> Data? {
-        var keychainQueryDictionary = setupKeychainQueryDictionary(forKey: key)
+    private func savePayloadExpirationPairToKeychain(payload: [AnyHashable: Any]?, expiration: Date?) {
+        guard let payload = payload else {
+            removePayloadExpirationPairFromKeychain()
+            return
+        }
 
-        // Limit search results to one
-        keychainQueryDictionary[SecMatchLimit] = SecMatchLimitOne
+        guard let payloadAsData = encodeJsonPayload(payload) else {
+            return
+        }
 
-        // Specify we want Data/CFData returned
-        keychainQueryDictionary[SecReturnData] = CFBooleanTrue
+        let payloadExpirationPair = LastPushPayloadValue(payload: payloadAsData, expiration: expiration)
 
-        // Search
-        var result: AnyObject?
-        let status = SecItemCopyMatching(keychainQueryDictionary as CFDictionary, &result)
+        guard let encodedPair = try? JSONEncoder().encode(payloadExpirationPair) else {
+            return
+        }
 
-        return status == noErr ? result as? Data : nil
+        wrapper.set(encodedPair, forKey: Const.Keychain.Key.lastPushPayloadAndExpiration)
     }
 
-    @discardableResult
-    func removeValue(forKey key: String) -> Bool {
-        let keychainQueryDictionary: [String: Any] = setupKeychainQueryDictionary(forKey: key)
-        
-        // Delete
-        let status: OSStatus = SecItemDelete(keychainQueryDictionary as CFDictionary)
-        
-        if status == errSecSuccess {
-            return true
-        } else {
-            return false
+    private func encodeJsonPayload(_ json: [AnyHashable: Any]?) -> Data? {
+        guard let json = json, JSONSerialization.isValidJSONObject(json) else {
+            return nil
         }
+        
+        return try? JSONSerialization.data(withJSONObject: json)
     }
 
-    @discardableResult
-    func removeAll() -> Bool {
-        var keychainQueryDictionary: [String: Any] = [SecClass: SecClassGenericPassword]
-        
-        keychainQueryDictionary[SecAttrService] = serviceName
-        
-        let status: OSStatus = SecItemDelete(keychainQueryDictionary as CFDictionary)
-        
-        if status == errSecSuccess {
-            return true
-        } else {
-            return false
+    private func decodeJsonPayload(_ data: Data?) -> [AnyHashable: Any]? {
+        guard let data = data else {
+            return nil
         }
+        
+        return try? JSONSerialization.jsonObject(with: data) as? [AnyHashable: Any]
     }
 
-    
-    private let serviceName: String
-    
-    private func setupKeychainQueryDictionary(forKey key: String) -> [String: Any] {
-        // Setup default access as generic password (rather than a certificate, internet password, etc)
-        var keychainQueryDictionary: [String: Any] = [SecClass: SecClassGenericPassword]
-        
-        // Uniquely identify this keychain accessor
-        keychainQueryDictionary[SecAttrService] = serviceName
-        
-        // Uniquely identify the account who will be accessing the keychain
-        let encodedIdentifier: Data? = key.data(using: .utf8)
-        
-        keychainQueryDictionary[SecAttrGeneric] = encodedIdentifier
-        
-        keychainQueryDictionary[SecAttrAccount] = encodedIdentifier
-        
-        keychainQueryDictionary[SecAttrSynchronizable] = CFBooleanFalse
-        
-        return keychainQueryDictionary
+    private func removePayloadExpirationPairFromKeychain() {
+        wrapper.removeValue(forKey: Const.Keychain.Key.lastPushPayloadAndExpiration)
     }
 
-    private func update(_ value: Data, forKey key: String) -> Bool {
-        let keychainQueryDictionary: [String: Any] = setupKeychainQueryDictionary(forKey: key)
-        let updateDictionary = [SecValueData: value]
-        
-        // Update
-        let status: OSStatus = SecItemUpdate(keychainQueryDictionary as CFDictionary, updateDictionary as CFDictionary)
-        
-        if status == errSecSuccess {
-            return true
-        } else {
+    private func isLastPushPayloadExpired(expiration: Date?, currentDate: Date) -> Bool {
+        guard let expiration = expiration else {
             return false
         }
+        
+        return !(expiration.timeIntervalSinceReferenceDate > currentDate.timeIntervalSinceReferenceDate)
     }
 
-    private let SecValueData = kSecValueData as String
-    private let SecAttrAccessible: String = kSecAttrAccessible as String
-    private let SecAttrAccessibleWhenUnlocked = kSecAttrAccessibleWhenUnlocked
-    private let SecClass: String = kSecClass as String
-    private let SecClassGenericPassword = kSecClassGenericPassword
-    private let SecAttrService: String = kSecAttrService as String
-    private let SecAttrGeneric: String = kSecAttrGeneric as String
-    private let SecAttrAccount: String = kSecAttrAccount as String
-    private let SecAttrSynchronizable: String = kSecAttrSynchronizable as String
-    private let CFBooleanTrue = kCFBooleanTrue
-    private let CFBooleanFalse = kCFBooleanFalse
-    private let SecMatchLimit: String = kSecMatchLimit as String
-    private let SecMatchLimitOne = kSecMatchLimitOne
-    private let SecReturnData: String = kSecReturnData as String
+    private struct LastPushPayloadValue: Codable {
+        let payload: Data
+        let expiration: Date?
+    }
 }
-

swift-sdk/Internal/IterableKeychain.swift

@@ -10,6 +10,7 @@ class IterableUserDefaults {
         self.userDefaults = userDefaults
     }
 
+    // migrated to IterableKeychain
     var userId: String? {
         get {
             string(withKey: .userId)
@@ -18,6 +19,7 @@ class IterableUserDefaults {
         }
     }
 
+    // migrated to IterableKeychain
     var email: String? {
         get {
             string(withKey: .email)
@@ -26,6 +28,7 @@ class IterableUserDefaults {
         }
     }
 
+    // migrated to IterableKeychain
     var authToken: String? {
         get {
             string(withKey: .authToken)
@@ -34,6 +37,7 @@ class IterableUserDefaults {
         }
     }
 
+    // deprecated, not in use anymore
     var ddlChecked: Bool {
         get {
             bool(withKey: .ddlChecked)
@@ -74,14 +78,37 @@ class IterableUserDefaults {
         try? save(codable: attributionInfo, withKey: .attributionInfo, andExpiration: expiration)
     }
 
+    // migrated to IterableKeychain
     func getPayload(currentDate: Date) -> [AnyHashable: Any]? {
         (try? dict(withKey: .payload, currentDate: currentDate)) ?? nil
     }
 
+    // migrated to IterableKeychain
     func save(payload: [AnyHashable: Any]?, withExpiration expiration: Date?) {
         try? save(dict: payload, withKey: .payload, andExpiration: expiration)
     }
 
+    // MARK: data migration functions
+    
+    func getLastPushPayloadExpirationPairForMigration() -> (payload: [AnyHashable: Any]?, expiration: Date?)? {
+        guard let encodedEnvelope = userDefaults.value(forKey: UserDefaultsKey.payload.value) as? Data else {
+            return nil
+        }
+        
+        do {
+            let envelope = try JSONDecoder().decode(Envelope.self, from: encodedEnvelope)
+            let decoded = try JSONSerialization.jsonObject(with: envelope.payload, options: []) as? [AnyHashable: Any]
+            
+            return (payload: decoded, envelope.expiration)
+        } catch {
+            return nil
+        }
+    }
+    
+    func getAuthDataForMigration() -> (email: String?, userId: String?, authToken: String?) {
+        return (email: email, userId: userId, authToken: authToken)
+    }
+    
     // MARK: Private implementation
 
     private let userDefaults: UserDefaults