NetIQ Mobile SDK for iOS  2.0
Access Manager iOS Framework for OAuth & OIDC
MFSimpleKeychain Class Reference

#import <MFSimpleKeychain.h>

Inherits NSObject.

Instance Methods

(NSData *) - publicRSAKeyDataForTag:
 
(BOOL) - generateRSAKeyPairWithLength:publicKeyTag:privateKeyTag:
 
(nullable NSData *) - dataForRSAKeyWithTag:
 
(BOOL) - deleteRSAKeyWithTag:
 
(SecKeyRef) - keyRefOfRSAKeyWithTag:
 
(BOOL) - hasRSAKeyWithTag:
 
Initialization


(instancetype) - init
 
(instancetype) - initWithService:
 
(instancetype) - initWithService:accessGroup:
 
Store values


(BOOL) - setString:forKey:
 
(BOOL) - setData:forKey:
 
(BOOL) - setString:forKey:promptMessage:
 
(BOOL) - setData:forKey:promptMessage:
 
Remove values


(BOOL) - deleteEntryForKey:
 
(void) - clearAll
 
Obtain values


(nullable NSString *) - stringForKey:
 
(nullable NSData *) - dataForKey:
 
(nullable NSString *) - stringForKey:promptMessage:
 
(nullable NSData *) - dataForKey:promptMessage:
 
(nullable NSData *) - dataForKey:promptMessage:error:
 
(BOOL) - hasValueForKey:
 

Class Methods

Create helper methods


(MFSimpleKeychain *) + keychain
 
(MFSimpleKeychain *) + keychainWithService:
 
(MFSimpleKeychain *) + keychainWithService:accessGroup:
 

Properties

NSString * service
 
NSString * accessGroup
 
MFSimpleKeychainItemAccessible defaultAccessiblity
 
BOOL useAccessControl
 

Detailed Description

A simple helper class to deal with storing and retrieving values from iOS Keychain. It has support for sharing keychain items using Access Group and also for iOS 8 fine grained accesibility over a specific Kyechain Item (Using Access Control). The support is only available for iOS 8+, otherwise it will default using the coarse grained accesibility field. When a NSString or NSData is stored using Access Control and the accesibility flag MFSimpleKeychainItemAccessibleWhenPasscodeSetThisDeviceOnly, iOS will prompt the user for it's passcode or pass a TouchID challenge (if available).

Method Documentation

◆ clearAll()

- (void) clearAll

Remove all entries from the kechain with the service and access group values.

◆ dataForKey:()

- (NSData *) dataForKey: (NSString *)  key

Fetches a NSData from the keychain

Parameters
keythe key of the value to fetch
Returns
the value or nil if an error occurs.

◆ dataForKey:promptMessage:()

- (nullable NSData *) dataForKey: (NSString *)  key
promptMessage: (nullable NSString *)  message 

Fetches a NSData from the keychain

Parameters
keythe key of the value to fetch
messageprompt message to display for TouchID/passcode prompt if neccesary
Returns
the value or nil if an error occurs.

◆ dataForKey:promptMessage:error:()

- (nullable NSData *) dataForKey: (NSString *)  key
promptMessage: (nullable NSString *)  message
error: (NSError **)  err 

Fetches a NSData from the keychain

Parameters
keythe key of the value to fetch
messageprompt message to display for TouchID/passcode prompt if neccesary
errReturns an error, if the item cannot be retrieved. F.e. item not found or user authentication failed in TouchId case.
Returns
the value or nil if an error occurs.

◆ dataForRSAKeyWithTag:()

- (NSData *) dataForRSAKeyWithTag: (NSString *)  keyTag

Returns a RSA key as NSData.

Parameters
keyTagtag of the key
Returns
the key as NSData or nil if not found

Provided by category MFSimpleKeychain(KeyPair).

◆ deleteEntryForKey:()

- (BOOL) deleteEntryForKey: (NSString *)  key

Removes an entry from the Keychain using its key

Parameters
keythe key of the entry to delete.
Returns
If the entry was removed it will return YES. Otherwise it will return NO.

◆ deleteRSAKeyWithTag:()

- (BOOL) deleteRSAKeyWithTag: (NSString *)  keyTag

Removes a key using its tag.

Parameters
keyTagtag of the key to remove
Returns
if the key was removed successfuly.

Provided by category MFSimpleKeychain(KeyPair).

◆ generateRSAKeyPairWithLength:publicKeyTag:privateKeyTag:()

- (BOOL) generateRSAKeyPairWithLength: (MFSimpleKeychainRSAKeySize)  keyLength
publicKeyTag: (NSString *)  publicKeyTag
privateKeyTag: (NSString *)  privateKeyTag 

Generates a RSA key pair with a specific length and tags. Each key is marked as permanent in the Keychain

Parameters
keyLengthnumber of bits of the keys.
publicKeyTagtag of the public key
privateKeyTagtag of the private key
Returns
if the key par is created it will return YES, otherwise NO.

Provided by category MFSimpleKeychain(KeyPair).

◆ hasRSAKeyWithTag:()

- (BOOL) hasRSAKeyWithTag: (NSString *)  keyTag

Checks if a RSA key exists with a given tag.

Parameters
keyTagtag of RSA Key
Returns
if the key exists or not.

Provided by category MFSimpleKeychain(KeyPair).

◆ hasValueForKey:()

- (BOOL) hasValueForKey: (NSString *)  key

Checks if a key has a value in the Keychain

Parameters
keythe key to check if it has a value
Returns
if the key has an associated value in the Keychain or not.

◆ init()

- (instancetype) init

Initialise a MFSimpleKeychain with default values.

Returns
an initialised instance

◆ initWithService:()

- (instancetype) initWithService: (NSString *)  service

Initialise a MFSimpleKeychain with a given service.

Parameters
servicename of the service to use to save items.
Returns
an initialised instance.

◆ initWithService:accessGroup:()

- (instancetype) initWithService: (NSString *)  service
accessGroup: (nullable NSString *)  accessGroup 

Initialise a MFSimpleKeychain with a given service and access group.

Parameters
servicename of the service to use to save items.
accessGroupname of the access group to share items.
Returns
an initialised instance.

◆ keychain()

+ (MFSimpleKeychain *) keychain

Creates a new instance of MFSimpleKeychain

Returns
a new instance

◆ keychainWithService:()

+ (MFSimpleKeychain *) keychainWithService: (NSString *)  service

Creates a new instance of MFSimpleKeychain with a service name.

Parameters
servicename of the service under all items will be stored.
Returns
a new instance

◆ keychainWithService:accessGroup:()

+ (MFSimpleKeychain *) keychainWithService: (NSString *)  service
accessGroup: (NSString *)  accessGroup 

Creates a new instance of MFSimpleKeychain with a service name and access group

Parameters
servicename of the service under all items will be stored.
accessGroupname of the access group to share keychain items.
Returns
a new instance

◆ keyRefOfRSAKeyWithTag:()

- (SecKeyRef) keyRefOfRSAKeyWithTag: (NSString *)  keyTag

Returns a RSA key as SecKeyRef. You must release it when you're done with it

Parameters
keyTagtag of the RSA Key
Returns
SecKeyRef of RSA Key

Provided by category MFSimpleKeychain(KeyPair).

◆ publicRSAKeyDataForTag:()

- (NSData *) publicRSAKeyDataForTag: (NSString *)  keyTag

Returns the public key as NSData.

Parameters
keyTagtag of the public key
Returns
the public key as NSData or nil if not found
Deprecated:
0.2.0

Provided by category MFSimpleKeychain(Deprecated).

◆ setData:forKey:()

- (BOOL) setData: (NSData *)  data
forKey: (NSString *)  key 

Saves the NSData with the type kSecClassGenericPassword in the keychain.

Parameters
datavalue to save in the keychain
keykey for the keychain entry.
Returns
if the value was saved it will return YES. Otherwise it'll return NO.

◆ setData:forKey:promptMessage:()

- (BOOL) setData: (NSData *)  data
forKey: (NSString *)  key
promptMessage: (nullable NSString *)  message 

Saves the NSData with the type kSecClassGenericPassword in the keychain.

Parameters
datavalue to save in the keychain
keykey for the keychain entry.
messageprompt message to display for TouchID/passcode prompt if neccesary
Returns
if the value was saved it will return YES. Otherwise it'll return NO.

◆ setString:forKey:()

- (BOOL) setString: (NSString *)  string
forKey: (NSString *)  key 

Saves the NSString with the type kSecClassGenericPassword in the keychain.

Parameters
stringvalue to save in the keychain
keykey for the keychain entry.
Returns
if the value was saved it will return YES. Otherwise it'll return NO.

◆ setString:forKey:promptMessage:()

- (BOOL) setString: (NSString *)  string
forKey: (NSString *)  key
promptMessage: (nullable NSString *)  message 

Saves the NSString with the type kSecClassGenericPassword in the keychain.

Parameters
stringvalue to save in the keychain
keykey for the keychain entry.
messageprompt message to display for TouchID/passcode prompt if neccesary
Returns
if the value was saved it will return YES. Otherwise it'll return NO.

◆ stringForKey:()

- (NSString *) stringForKey: (NSString *)  key

Fetches a NSString from the keychain

Parameters
keythe key of the value to fetch
Returns
the value or nil if an error occurs.

◆ stringForKey:promptMessage:()

- (nullable NSString *) stringForKey: (NSString *)  key
promptMessage: (nullable NSString *)  message 

Fetches a NSString from the keychain

Parameters
keythe key of the value to fetch
messageprompt message to display for TouchID/passcode prompt if neccesary
Returns
the value or nil if an error occurs.

Property Documentation

◆ accessGroup

- (NSString*) accessGroup
readnonatomicassign

Access Group for Keychain item sharing. If it's nil no keychain sharing is possible. Default value is nil.

◆ defaultAccessiblity

- (MFSimpleKeychainItemAccessible) defaultAccessiblity
readwritenonatomicassign

What type of accessibility the items stored will have. All values are translated to kSecAttrAccessible constants. Default value is MFSimpleKeychainItemAccessibleAfterFirstUnlock.

See also
kSecAttrAccessible

◆ service

- (NSString*) service
readnonatomicassign

Service name under all items are saved. Default value is Bundle Identifier.

◆ useAccessControl

- (BOOL) useAccessControl
readwritenonatomicassign

Tells MFSimpleKeychain to use kSecAttrAccessControl instead of kSecAttrAccessible. It will work only in iOS 8+, defaulting to kSecAttrAccessible on lower version. Default value is NO.


The documentation for this class was generated from the following files: