-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
Copy pathKeychainTools.swift
82 lines (75 loc) · 2.82 KB
/
KeychainTools.swift
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
import Foundation
import BuildSettingsKit
import Security
import WordPressShared
private let keychainDebugWipeArgument = "WipeKeychainItem"
final class KeychainTools: NSObject {
/// Searches the launch arguments for a WipeKeychainItem and removes the
/// matching keychain items.
///
/// To simulate keychain issues, you can pass the WipeKeychainItem argument
/// at launch. Valid options for this argument are:
///
/// * "*" or "all": removes every keychain entry
/// * "wordpress.com": removes any WordPress.com OAuth2 token
/// * hostname: removes a self hosted password
///
/// - Note:
/// The self hosted case uses a hostname for convenience, but the
/// password is stored using the XML-RPC as a key. If the xmlrpc.php
/// endpoint is not in the root directory this won't work.
///
/// - Attention: This is only enabled in debug builds.
///
@objc static func processKeychainDebugArguments() {
guard BuildConfiguration.current == .debug else {
return
}
guard let item = UserPersistentStoreFactory.instance().object(forKey: keychainDebugWipeArgument) as? String else {
return
}
DDLogWarn("🔑 Attempting to remove keychain entry for \(item)")
if let service = serviceForItem(item) {
removeKeychainItem(forService: service)
} else {
removeAllKeychainItems()
}
}
static fileprivate func serviceForItem(_ item: String) -> String? {
switch item {
case "wordpress.com":
return BuildSettings.current.authKeychainServiceName
case "*", "all":
return nil
default:
return "http://\(item)/xmlrpc.php"
}
}
static fileprivate func removeKeychainItem(forService service: String) {
let query: [NSString: AnyObject] = [
kSecClass: kSecClassGenericPassword,
kSecAttrService: service as AnyObject
]
let status = SecItemDelete(query as CFDictionary)
switch status {
case errSecSuccess:
DDLogWarn("🔑 Removed keychain entry for service \(service)")
case errSecItemNotFound:
DDLogWarn("🔑 Keychain entry not found for service \(service)")
default:
DDLogWarn("🔑 Error removing keychain entry for service \(service): \(status)")
}
}
static fileprivate func removeAllKeychainItems() {
let query: [NSString: AnyObject] = [
kSecClass: kSecClassGenericPassword
]
let status = SecItemDelete(query as CFDictionary)
switch status {
case errSecSuccess:
DDLogWarn("🔑 Removed all keychain entries")
default:
DDLogWarn("🔑 Error removing all keychain entries: \(status)")
}
}
}