APP安全机制(二十) —— 基于SwiftUI App的钥匙串

2020-09-07  本文已影响0人  刀客传奇


V1.0 2020.09.07 星期一


在这个信息爆炸的年代,特别是一些敏感的行业,比如金融业和银行卡相关等等,这都对app的安全机制有更高的需求,很多大公司都有安全 部门,用于检测自己产品的安全性,但是及时是这样,安全问题仍然被不断曝出,接下来几篇我们主要说一下app的安全机制。感兴趣的看我上面几篇。
1. Swift



1. TextEditor.swift
import SwiftUI

struct TextEditor: UIViewRepresentable {
  @Binding var text: String

  func makeCoordinator() -> Coordinator {

  func makeUIView(context: Context) -> UITextView {
    let textView = UITextView()
    textView.delegate = context.coordinator

    textView.font = UIFont.systemFont(ofSize: UIFont.systemFontSize)
    textView.isScrollEnabled = true
    textView.isEditable = true
    textView.isUserInteractionEnabled = true
    textView.backgroundColor = UIColor.white

    return textView

  func updateUIView(_ uiView: UITextView, context: Context) {
    uiView.text = text

  class Coordinator: NSObject, UITextViewDelegate {
    var parent: TextEditor

    init(_ textView: TextEditor) {
      self.parent = textView

    func textView(
      _ textView: UITextView,
      shouldChangeTextIn range: NSRange,
      replacementText text: String
    ) -> Bool {
      return true

    func textViewDidChange(_ textView: UITextView) {
      self.parent.text = textView.text

struct TextEditor_Previews: PreviewProvider {
  static var previews: some View {
    TextEditor(text: .constant("This is some text."))
2. ContentView.swift
import SwiftUI

func randomText(length: Int) -> String {
  let letters = "ABCDEFGHIJKLMNOPQRSTUVWXYZ       abcdefghijklmnopqrstuvwxyz      "
  return String((0..<length).map { _ in letters.randomElement() ?? " " })

struct ContentView: View {
  @ObservedObject var noteData: NoteData
  @State private var noteLocked = true
  @State private var fillerText = randomText(length: 250)
  @State private var setPasswordModal = false

  var body: some View {
    VStack(alignment: .leading) {
      Text("RW Quick Note")
      ToolbarView(noteLocked: $noteLocked, noteData: noteData, setPasswordModal: $setPasswordModal)
        .onAppear {
          if self.noteData.isPasswordBlank {
            self.setPasswordModal = true
      Group {
        if noteLocked {
          TextEditor(text: $fillerText)
            .blur(radius: 5.0)
        } else {
          TextEditor(text: $noteData.noteText)

struct ContentView_Previews: PreviewProvider {
  static var previews: some View {
    ContentView(noteData: NoteData())
3. SetPasswordView.swift
import SwiftUI

struct SetPasswordView: View {
  var title: String
  var subTitle: String
  @State var password1 = ""
  @State var password2 = ""
  @Binding var noteLocked: Bool
  @Binding var showModal: Bool
  @ObservedObject var noteData: NoteData

  var passwordValid: Bool {
    passwordsMatch && !password1.isEmpty

  var passwordsMatch: Bool {
    password1 == password2

  var body: some View {
    VStack(alignment: .leading) {
      SecureField("Password", text: $password1)
        .modifier(PasswordField(error: !passwordsMatch))
      SecureField("Verify Password", text: $password2)
        .modifier(PasswordField(error: !passwordsMatch))
      HStack {
        if password1 != password2 {
          Text("Passwords Do Not Match")
        Button("Set Password") {
          if self.passwordValid {
            self.noteLocked = false
            self.showModal = false

struct SetPasswordView_Previews: PreviewProvider {
  static var previews: some View {
      title: "Test",
      subTitle: "This is a test",
      noteLocked: .constant(true),
      showModal: .constant(true),
      noteData: NoteData()
4. ToolbarView.swift
import SwiftUI
import LocalAuthentication

func getBiometricType() -> String {
  let context = LAContext()

  _ = context.canEvaluatePolicy(
    error: nil)
  switch context.biometryType {
  case .faceID:
    return "faceid"
  case .touchID:
    // In iOS 14 and later, you can use "touchid" here
    return "lock"
  case .none:
    return "lock"
  @unknown default:
    return "lock"

// swiftlint:disable multiple_closures_with_trailing_closure
struct ToolbarView: View {
  @Binding var noteLocked: Bool
  @ObservedObject var noteData: NoteData
  @Binding var setPasswordModal: Bool
  @State private var showUnlockModal: Bool = false
  @State private var changePasswordModal: Bool = false

  func tryBiometricAuthentication() {
    // 1
    let context = LAContext()
    var error: NSError?

    // 2
    if context.canEvaluatePolicy(
      error: &error) {
      // 3
      let reason = "Authenticate to unlock your note."
        localizedReason: reason) { authenticated, error in
        // 4
        DispatchQueue.main.async {
          if authenticated {
            // 5
            self.noteLocked = false
          } else {
            // 6
            if let errorString = error?.localizedDescription {
              print("Error in biometric policy evaluation: \(errorString)")
            self.showUnlockModal = true
    } else {
      // 7
      if let errorString = error?.localizedDescription {
        print("Error in biometric policy evaluation: \(errorString)")
      showUnlockModal = true

  var body: some View {
    HStack {
      #if DEBUG
        action: {
          print("App reset.")
          self.noteData.noteText = ""
        }, label: {
          Image(systemName: "trash")
            .aspectRatio(contentMode: .fit)
            .frame(width: 25.0, height: 25.0)

        .sheet(isPresented: $setPasswordModal) {
            title: "Set Note Password",
            subTitle: "Enter a password to protect this note.",
            noteLocked: self.$noteLocked,
            showModal: self.$setPasswordModal,
            noteData: self.noteData


        action: {
          self.changePasswordModal = true
        }) {
        Image(systemName: "arrow.right.arrow.left")
          .aspectRatio(contentMode: .fit)
          .frame(width: 25.0, height: 25.0)
      .disabled(noteLocked || noteData.isPasswordBlank)
      .sheet(isPresented: $changePasswordModal) {
          title: "Change Password",
          subTitle: "Enter new password",
          noteLocked: self.$noteLocked,
          showModal: self.$changePasswordModal,
          noteData: self.noteData)

        action: {
          if self.noteLocked {
            // Biometric Authentication Point
          } else {
            self.noteLocked = true
        }) {
        // Lock Icon
        Image(systemName: noteLocked ? getBiometricType() : "")
          .aspectRatio(contentMode: .fit)
          .frame(width: 25.0, height: 25.0)
      .sheet(isPresented: $showUnlockModal) {
        if self.noteData.isPasswordBlank {
            title: "Enter Password",
            subTitle: "Enter a password to protect your notes",
            noteLocked: self.$noteLocked,
            showModal: self.$changePasswordModal,
            noteData: self.noteData)
        } else {
          UnlockView(noteLocked: self.$noteLocked, showModal: self.$showUnlockModal, noteData: self.noteData)
    .frame(height: 64)

struct ToolbarView_Previews: PreviewProvider {
  static var previews: some View {
    ToolbarView(noteLocked: .constant(true), noteData: NoteData(), setPasswordModal: .constant(false))
5. UnlockView.swift
import SwiftUI

// swiftlint:disable multiple_closures_with_trailing_closure
struct UnlockView: View {
  @State var password = ""
  @State var passwordError = false
  @State var showPassword = false
  @Binding var noteLocked: Bool
  @Binding var showModal: Bool
  @ObservedObject var noteData: NoteData

  var body: some View {
    VStack(alignment: .leading) {
      Text("Enter Password")
      Text("Enter password to unlock note")
      HStack {
        Group {
          if showPassword {
            TextField("Password", text: $password)
          } else {
            SecureField("Password", text: $password)
          action: {
          }) {
          if showPassword {
            Image(systemName: "eye.slash")
          } else {
            Image(systemName: "eye")
              .padding(.trailing, 5.0)
      }.modifier(PasswordField(error: passwordError))
      HStack {
        if passwordError {
          Text("Incorrect Password")
        Button("Unlock") {
          if !self.noteData.validatePassword(self.password) {
            self.passwordError = true
          } else {
            self.noteLocked = false
            self.showModal = false

struct ToggleLock_Previews: PreviewProvider {
  static var previews: some View {
    UnlockView(noteLocked: .constant(false), showModal: .constant(true), noteData: NoteData())
6. ViewModifiers.swift
import SwiftUI

struct PasswordField: ViewModifier {
  var error: Bool

  func body(content: Content) -> some View {
      .border(error ? : Color.gray)
7. NoteData.swift
import SwiftUI

class NoteData: ObservableObject {
  let textKey = "StoredText"

  @Published var noteText: String {
    didSet {
      UserDefaults.standard.set(noteText, forKey: textKey)

  var isPasswordBlank: Bool {
    getStoredPassword() == ""

  func getStoredPassword() -> String {
    let kcw = KeychainWrapper()
    if let password = try? kcw.getGenericPasswordFor(
      account: "RWQuickNote",
      service: "unlockPassword") {
      return password

    return ""

  func updateStoredPassword(_ password: String) {
    let kcw = KeychainWrapper()
    do {
      try kcw.storeGenericPasswordFor(
        account: "RWQuickNote",
        service: "unlockPassword",
        password: password)
    } catch let error as KeychainWrapperError {
      print("Exception setting password: \(error.message ?? "no message")")
    } catch {
      print("An error occurred setting the password.")

  func validatePassword(_ password: String) -> Bool {
    let currentPassword = getStoredPassword()
    return password == currentPassword

  func changePassword(currentPassword: String, newPassword: String) -> Bool {
    guard validatePassword(currentPassword) == true else { return false }
    return true

  init() {
    noteText = UserDefaults.standard.string(forKey: textKey) ?? ""
8. KeychainServices.swift
import Foundation

struct KeychainWrapperError: Error {
  var message: String?
  var type: KeychainErrorType

  enum KeychainErrorType {
    case badData
    case servicesError
    case itemNotFound
    case unableToConvertToString

  init(status: OSStatus, type: KeychainErrorType) {
    self.type = type
    if let errorMessage = SecCopyErrorMessageString(status, nil) {
      self.message = String(errorMessage)
    } else {
      self.message = "Status Code: \(status)"

  init(type: KeychainErrorType) {
    self.type = type

  init(message: String, type: KeychainErrorType) {
    self.message = message
    self.type = type

class KeychainWrapper {
  func storeGenericPasswordFor(
    account: String,
    service: String,
    password: String
  ) throws {
    if password.isEmpty {
      try deleteGenericPasswordFor(account: account, service: service)
    guard let passwordData = .utf8) else {
      print("Error converting value to data.")
      throw KeychainWrapperError(type: .badData)

    // 1
    let query: [String: Any] = [
      // 2
      kSecClass as String: kSecClassGenericPassword,
      // 3
      kSecAttrAccount as String: account,
      // 4
      kSecAttrService as String: service,
      // 5
      kSecValueData as String: passwordData

    // 1
    let status = SecItemAdd(query as CFDictionary, nil)
    switch status {
    // 2
    case errSecSuccess:
    case errSecDuplicateItem:
      try updateGenericPasswordFor(
        account: account,
        service: service,
        password: password)
    // 3
      throw KeychainWrapperError(status: status, type: .servicesError)

  func getGenericPasswordFor(account: String, service: String) throws -> String {
    let query: [String: Any] = [
      // 1
      kSecClass as String: kSecClassGenericPassword,
      kSecAttrAccount as String: account,
      kSecAttrService as String: service,
      // 2
      kSecMatchLimit as String: kSecMatchLimitOne,
      kSecReturnAttributes as String: true,
      // 3
      kSecReturnData as String: true

    var item: CFTypeRef?
    let status = SecItemCopyMatching(query as CFDictionary, &item)
    guard status != errSecItemNotFound else {
      throw KeychainWrapperError(type: .itemNotFound)
    guard status == errSecSuccess else {
      throw KeychainWrapperError(status: status, type: .servicesError)

    guard let existingItem = item as? [String: Any],
      // 2
      let valueData = existingItem[kSecValueData as String] as? Data,
      // 3
      let value = String(data: valueData, encoding: .utf8)
      else {
        // 4
        throw KeychainWrapperError(type: .unableToConvertToString)

    return value

  func updateGenericPasswordFor(
    account: String,
    service: String,
    password: String
  ) throws {
    guard let passwordData = .utf8) else {
      print("Error converting value to data.")
    // 1
    let query: [String: Any] = [
      kSecClass as String: kSecClassGenericPassword,
      kSecAttrAccount as String: account,
      kSecAttrService as String: service

    // 2
    let attributes: [String: Any] = [
      kSecValueData as String: passwordData

    // 3
    let status = SecItemUpdate(query as CFDictionary, attributes as CFDictionary)
    guard status != errSecItemNotFound else {
      throw KeychainWrapperError(message: "Matching Item Not Found", type: .itemNotFound)
    guard status == errSecSuccess else {
      throw KeychainWrapperError(status: status, type: .servicesError)

  func deleteGenericPasswordFor(account: String, service: String) throws {
    // 1
    let query: [String: Any] = [
      kSecClass as String: kSecClassGenericPassword,
      kSecAttrAccount as String: account,
      kSecAttrService as String: service

    // 2
    let status = SecItemDelete(query as CFDictionary)
    guard status == errSecSuccess || status == errSecItemNotFound else {
      throw KeychainWrapperError(status: status, type: .servicesError)




