Beam/ElementX/Sources/Services/Keychain/KeychainController.swift

//
// Copyright 2022-2024 New Vector Ltd.
//
// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
// Please see LICENSE files in the repository root for full details.
//

import Foundation
import KeychainAccess
import MatrixRustSDK

enum KeychainControllerService: String {
    case sessions
    case tests

    var restorationTokenID: String {
        InfoPlistReader.main.baseBundleIdentifier + "." + rawValue
    }
    
    var mainID: String {
        InfoPlistReader.main.baseBundleIdentifier + ".keychain.\(rawValue)"
    }
}

class KeychainController: KeychainControllerProtocol {
    /// The keychain responsible for storing account restoration tokens (keyed by userID).
    private let restorationTokenKeychain: Keychain
    /// The keychain responsible for storing all other secrets in the app (keyed by `Key`s).
    private let mainKeychain: Keychain
    
    private enum Key: String {
        case appLockPINCode
        case appLockBiometricState
    }

    init(service: KeychainControllerService, accessGroup: String) {
        restorationTokenKeychain = Keychain(service: service.restorationTokenID, accessGroup: accessGroup)
        mainKeychain = Keychain(service: service.mainID, accessGroup: accessGroup)
    }
    
    // MARK: - Restoration Tokens

    func setRestorationToken(_ restorationToken: RestorationToken, forUsername username: String) {
        do {
            let tokenData = try JSONEncoder().encode(restorationToken)
            try restorationTokenKeychain.set(tokenData, key: username)
        } catch {
            MXLog.error("Failed storing user restore token with error: \(error)")
        }
    }

    func restorationTokenForUsername(_ username: String) -> RestorationToken? {
        do {
            guard let tokenData = try restorationTokenKeychain.getData(username) else {
                return nil
            }

            return try JSONDecoder().decode(RestorationToken.self, from: tokenData)
        } catch {
            MXLog.error("Failed retrieving user restore token")
            return nil
        }
    }

    func restorationTokens() -> [KeychainCredentials] {
        restorationTokenKeychain.allKeys().compactMap { username in
            guard let restorationToken = restorationTokenForUsername(username) else {
                return nil
            }

            return KeychainCredentials(userID: username, restorationToken: restorationToken)
        }
    }

    func removeRestorationTokenForUsername(_ username: String) {
        MXLog.warning("Removing restoration token for user: \(username).")
        
        do {
            try restorationTokenKeychain.remove(username)
        } catch {
            MXLog.error("Failed removing restore token with error: \(error)")
        }
    }

    func removeAllRestorationTokens() {
        MXLog.warning("Removing all user restoration tokens.")
        
        do {
            try restorationTokenKeychain.removeAll()
        } catch {
            MXLog.error("Failed removing all tokens")
        }
    }
    
    // MARK: - ClientSessionDelegate
    
    func retrieveSessionFromKeychain(userId: String) throws -> Session {
        MXLog.info("Retrieving an updated Session from the keychain.")
        guard let session = restorationTokenForUsername(userId)?.session else {
            throw ClientError.Generic(msg: "Failed to find RestorationToken in the Keychain.")
        }
        return session
    }
    
    func saveSessionInKeychain(session: Session) {
        MXLog.info("Saving session changes in the keychain.")
        
        guard let oldToken = restorationTokenForUsername(session.userId) else {
            MXLog.error("Failed retrieving the restoration token for \(session.userId)")
            fatalError("Something has gone mega wrong, all bets are off.")
        }
        let restorationToken = RestorationToken(session: session,
                                                sessionDirectories: oldToken.sessionDirectories,
                                                passphrase: oldToken.passphrase,
                                                pusherNotificationClientIdentifier: oldToken.pusherNotificationClientIdentifier,
                                                slidingSyncProxyURLString: oldToken.slidingSyncProxyURLString)
        setRestorationToken(restorationToken, forUsername: session.userId)
    }
    
    // MARK: - App Secrets
    
    func resetSecrets() {
        MXLog.warning("Resetting main keychain.")
        
        do {
            try mainKeychain.removeAll()
        } catch {
            MXLog.error("Failed resetting the main keychain.")
        }
    }
    
    func containsPINCode() throws -> Bool {
        try mainKeychain.contains(Key.appLockPINCode.rawValue)
    }
    
    func setPINCode(_ pinCode: String) throws {
        try mainKeychain.set(pinCode, key: Key.appLockPINCode.rawValue)
    }
    
    func pinCode() -> String? {
        do {
            return try mainKeychain.getString(Key.appLockPINCode.rawValue)
        } catch {
            MXLog.error("Failed retrieving the PIN code.")
            return nil
        }
    }
    
    func removePINCode() {
        do {
            try mainKeychain.remove(Key.appLockPINCode.rawValue)
        } catch {
            MXLog.error("Failed removing the PIN code.")
        }
    }
    
    func containsPINCodeBiometricState() -> Bool {
        do {
            return try mainKeychain.contains(Key.appLockBiometricState.rawValue)
        } catch {
            MXLog.error("Failed checking for biometric state.")
            return false // No need to re-throw the error, we can fall back to the PIN code.
        }
    }
    
    func setPINCodeBiometricState(_ state: Data) throws {
        try mainKeychain.set(state, key: Key.appLockBiometricState.rawValue)
    }
    
    func pinCodeBiometricState() -> Data? {
        do {
            return try mainKeychain.getData(Key.appLockBiometricState.rawValue)
        } catch {
            MXLog.error("Failed setting the PIN code biometric state.")
            return nil
        }
    }
    
    func removePINCodeBiometricState() {
        do {
            try mainKeychain.remove(Key.appLockBiometricState.rawValue)
        } catch {
            MXLog.error("Failed removing the PIN code biometric state.")
        }
    }
}
Fixes #239 - Use new restoration token format, pass stored homeserver url to the client builder when restoring, dropping the need for a network request - bumped the rust sdk to v1.0.17-alpha - move all UserSession related files to Services/UserSession 2022-11-04 13:24:53 +02:00			`//`
Switch license to AGPL (#3237) * Switch license file to AGPL * Update file copyright headers * Update the default project file header 2024-09-06 16:34:30 +03:00			`// Copyright 2022-2024 New Vector Ltd.`
Fixes #239 - Use new restoration token format, pass stored homeserver url to the client builder when restoring, dropping the need for a network request - bumped the rust sdk to v1.0.17-alpha - move all UserSession related files to Services/UserSession 2022-11-04 13:24:53 +02:00			`//`
Dual licensing: AGPL + Element Commercial (#3657) * New LICENSE-COMMERCIAL file * Apply dual licenses: AGPL + Element Commercial to file headers * Update README with dual licensing 2025-01-06 11:27:37 +01:00			`// SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial`
			`// Please see LICENSE files in the repository root for full details.`
Fixes #239 - Use new restoration token format, pass stored homeserver url to the client builder when restoring, dropping the need for a network request - bumped the rust sdk to v1.0.17-alpha - move all UserSession related files to Services/UserSession 2022-11-04 13:24:53 +02:00			`//`

			`import Foundation`
			`import KeychainAccess`
Enable OIDC token refresh in the NSE. (#1711) Update the SDK and handle API changes. 2023-09-15 10:01:09 +01:00			`import MatrixRustSDK`
Fixes #239 - Use new restoration token format, pass stored homeserver url to the client builder when restoring, dropping the need for a network request - bumped the rust sdk to v1.0.17-alpha - move all UserSession related files to Services/UserSession 2022-11-04 13:24:53 +02:00
Notifications (#275) 2022-11-21 19:37:13 +03:00			`enum KeychainControllerService: String {`
			`case sessions`
			`case tests`

Initial service implementation for using a PIN code. (#1912) * Initial service implementation for using a PIN code. * Tweak Danger for commit size 600-800 lines is perfectly normal for our PRs, up it to 1000. 2023-10-19 10:42:12 +01:00			`var restorationTokenID: String {`
Hardcode the sliding sync proxy. (#502) * Add support for migrating between versions. * Rename InfoPlistReader property. * Bump SDK version. 2023-01-31 17:48:24 +00:00			`InfoPlistReader.main.baseBundleIdentifier + "." + rawValue`
Notifications (#275) 2022-11-21 19:37:13 +03:00			`}`
Initial service implementation for using a PIN code. (#1912) * Initial service implementation for using a PIN code. * Tweak Danger for commit size 600-800 lines is perfectly normal for our PRs, up it to 1000. 2023-10-19 10:42:12 +01:00
			`var mainID: String {`
			`InfoPlistReader.main.baseBundleIdentifier + ".keychain.\(rawValue)"`
			`}`
Notifications (#275) 2022-11-21 19:37:13 +03:00			`}`

Fixes #239 - Use new restoration token format, pass stored homeserver url to the client builder when restoring, dropping the need for a network request - bumped the rust sdk to v1.0.17-alpha - move all UserSession related files to Services/UserSession 2022-11-04 13:24:53 +02:00			`class KeychainController: KeychainControllerProtocol {`
Initial service implementation for using a PIN code. (#1912) * Initial service implementation for using a PIN code. * Tweak Danger for commit size 600-800 lines is perfectly normal for our PRs, up it to 1000. 2023-10-19 10:42:12 +01:00			`/// The keychain responsible for storing account restoration tokens (keyed by userID).`
			`private let restorationTokenKeychain: Keychain`
			/// The keychain responsible for storing all other secrets in the app (keyed by `Key`s).
			`private let mainKeychain: Keychain`

			`private enum Key: String {`
Add support for Face ID/Touch ID to app lock. (#1966) * Fix biometrics with low grace period and backgrounding before unlocked. * Trigger permissions alert when enabling Face ID. 2023-10-27 10:09:12 +01:00			`case appLockPINCode`
			`case appLockBiometricState`
Initial service implementation for using a PIN code. (#1912) * Initial service implementation for using a PIN code. * Tweak Danger for commit size 600-800 lines is perfectly normal for our PRs, up it to 1000. 2023-10-19 10:42:12 +01:00			`}`
Notifications (#275) 2022-11-21 19:37:13 +03:00
Initial service implementation for using a PIN code. (#1912) * Initial service implementation for using a PIN code. * Tweak Danger for commit size 600-800 lines is perfectly normal for our PRs, up it to 1000. 2023-10-19 10:42:12 +01:00			`init(service: KeychainControllerService, accessGroup: String) {`
			`restorationTokenKeychain = Keychain(service: service.restorationTokenID, accessGroup: accessGroup)`
			`mainKeychain = Keychain(service: service.mainID, accessGroup: accessGroup)`
Fixes #239 - Use new restoration token format, pass stored homeserver url to the client builder when restoring, dropping the need for a network request - bumped the rust sdk to v1.0.17-alpha - move all UserSession related files to Services/UserSession 2022-11-04 13:24:53 +02:00			`}`
Initial service implementation for using a PIN code. (#1912) * Initial service implementation for using a PIN code. * Tweak Danger for commit size 600-800 lines is perfectly normal for our PRs, up it to 1000. 2023-10-19 10:42:12 +01:00
			`// MARK: - Restoration Tokens`
Notifications (#275) 2022-11-21 19:37:13 +03:00
Fixes #239 - Use new restoration token format, pass stored homeserver url to the client builder when restoring, dropping the need for a network request - bumped the rust sdk to v1.0.17-alpha - move all UserSession related files to Services/UserSession 2022-11-04 13:24:53 +02:00			`func setRestorationToken(_ restorationToken: RestorationToken, forUsername username: String) {`
			`do {`
			`let tokenData = try JSONEncoder().encode(restorationToken)`
Initial service implementation for using a PIN code. (#1912) * Initial service implementation for using a PIN code. * Tweak Danger for commit size 600-800 lines is perfectly normal for our PRs, up it to 1000. 2023-10-19 10:42:12 +01:00			`try restorationTokenKeychain.set(tokenData, key: username)`
Fixes #239 - Use new restoration token format, pass stored homeserver url to the client builder when restoring, dropping the need for a network request - bumped the rust sdk to v1.0.17-alpha - move all UserSession related files to Services/UserSession 2022-11-04 13:24:53 +02:00			`} catch {`
			`MXLog.error("Failed storing user restore token with error: \(error)")`
			`}`
			`}`
Notifications (#275) 2022-11-21 19:37:13 +03:00
Fixes #239 - Use new restoration token format, pass stored homeserver url to the client builder when restoring, dropping the need for a network request - bumped the rust sdk to v1.0.17-alpha - move all UserSession related files to Services/UserSession 2022-11-04 13:24:53 +02:00			`func restorationTokenForUsername(_ username: String) -> RestorationToken? {`
			`do {`
Initial service implementation for using a PIN code. (#1912) * Initial service implementation for using a PIN code. * Tweak Danger for commit size 600-800 lines is perfectly normal for our PRs, up it to 1000. 2023-10-19 10:42:12 +01:00			`guard let tokenData = try restorationTokenKeychain.getData(username) else {`
Fixes #239 - Use new restoration token format, pass stored homeserver url to the client builder when restoring, dropping the need for a network request - bumped the rust sdk to v1.0.17-alpha - move all UserSession related files to Services/UserSession 2022-11-04 13:24:53 +02:00			`return nil`
			`}`

			`return try JSONDecoder().decode(RestorationToken.self, from: tokenData)`
			`} catch {`
			`MXLog.error("Failed retrieving user restore token")`
			`return nil`
			`}`
			`}`
Notifications (#275) 2022-11-21 19:37:13 +03:00
Fixes #239 - Use new restoration token format, pass stored homeserver url to the client builder when restoring, dropping the need for a network request - bumped the rust sdk to v1.0.17-alpha - move all UserSession related files to Services/UserSession 2022-11-04 13:24:53 +02:00			`func restorationTokens() -> [KeychainCredentials] {`
Initial service implementation for using a PIN code. (#1912) * Initial service implementation for using a PIN code. * Tweak Danger for commit size 600-800 lines is perfectly normal for our PRs, up it to 1000. 2023-10-19 10:42:12 +01:00			`restorationTokenKeychain.allKeys().compactMap { username in`
Fixes #239 - Use new restoration token format, pass stored homeserver url to the client builder when restoring, dropping the need for a network request - bumped the rust sdk to v1.0.17-alpha - move all UserSession related files to Services/UserSession 2022-11-04 13:24:53 +02:00			`guard let restorationToken = restorationTokenForUsername(username) else {`
			`return nil`
			`}`
Notifications (#275) 2022-11-21 19:37:13 +03:00
Fixes #239 - Use new restoration token format, pass stored homeserver url to the client builder when restoring, dropping the need for a network request - bumped the rust sdk to v1.0.17-alpha - move all UserSession related files to Services/UserSession 2022-11-04 13:24:53 +02:00			`return KeychainCredentials(userID: username, restorationToken: restorationToken)`
			`}`
			`}`
Notifications (#275) 2022-11-21 19:37:13 +03:00
Fixes #239 - Use new restoration token format, pass stored homeserver url to the client builder when restoring, dropping the need for a network request - bumped the rust sdk to v1.0.17-alpha - move all UserSession related files to Services/UserSession 2022-11-04 13:24:53 +02:00			`func removeRestorationTokenForUsername(_ username: String) {`
Bump the RustSDK, bump the app minor version and force user logout 2023-03-31 14:42:05 +03:00			`MXLog.warning("Removing restoration token for user: \(username).")`

Fixes #239 - Use new restoration token format, pass stored homeserver url to the client builder when restoring, dropping the need for a network request - bumped the rust sdk to v1.0.17-alpha - move all UserSession related files to Services/UserSession 2022-11-04 13:24:53 +02:00			`do {`
Initial service implementation for using a PIN code. (#1912) * Initial service implementation for using a PIN code. * Tweak Danger for commit size 600-800 lines is perfectly normal for our PRs, up it to 1000. 2023-10-19 10:42:12 +01:00			`try restorationTokenKeychain.remove(username)`
Fixes #239 - Use new restoration token format, pass stored homeserver url to the client builder when restoring, dropping the need for a network request - bumped the rust sdk to v1.0.17-alpha - move all UserSession related files to Services/UserSession 2022-11-04 13:24:53 +02:00			`} catch {`
			`MXLog.error("Failed removing restore token with error: \(error)")`
			`}`
			`}`
Notifications (#275) 2022-11-21 19:37:13 +03:00
Fixes #239 - Use new restoration token format, pass stored homeserver url to the client builder when restoring, dropping the need for a network request - bumped the rust sdk to v1.0.17-alpha - move all UserSession related files to Services/UserSession 2022-11-04 13:24:53 +02:00			`func removeAllRestorationTokens() {`
Bump the RustSDK, bump the app minor version and force user logout 2023-03-31 14:42:05 +03:00			`MXLog.warning("Removing all user restoration tokens.")`

Fixes #239 - Use new restoration token format, pass stored homeserver url to the client builder when restoring, dropping the need for a network request - bumped the rust sdk to v1.0.17-alpha - move all UserSession related files to Services/UserSession 2022-11-04 13:24:53 +02:00			`do {`
Initial service implementation for using a PIN code. (#1912) * Initial service implementation for using a PIN code. * Tweak Danger for commit size 600-800 lines is perfectly normal for our PRs, up it to 1000. 2023-10-19 10:42:12 +01:00			`try restorationTokenKeychain.removeAll()`
Fixes #239 - Use new restoration token format, pass stored homeserver url to the client builder when restoring, dropping the need for a network request - bumped the rust sdk to v1.0.17-alpha - move all UserSession related files to Services/UserSession 2022-11-04 13:24:53 +02:00			`} catch {`
			`MXLog.error("Failed removing all tokens")`
			`}`
			`}`
Enable OIDC token refresh in the NSE. (#1711) Update the SDK and handle API changes. 2023-09-15 10:01:09 +01:00
			`// MARK: - ClientSessionDelegate`

			`func retrieveSessionFromKeychain(userId: String) throws -> Session {`
			`MXLog.info("Retrieving an updated Session from the keychain.")`
			`guard let session = restorationTokenForUsername(userId)?.session else {`
			`throw ClientError.Generic(msg: "Failed to find RestorationToken in the Keychain.")`
			`}`
			`return session`
			`}`

			`func saveSessionInKeychain(session: Session) {`
			`MXLog.info("Saving session changes in the keychain.")`
Enable database encryption for new logins on Nightly/PR builds. (#2328) - Slightly reworks where the pusher client ID is generated. 2024-01-12 16:45:59 +00:00
			`guard let oldToken = restorationTokenForUsername(session.userId) else {`
			`MXLog.error("Failed retrieving the restoration token for \(session.userId)")`
			`fatalError("Something has gone mega wrong, all bets are off.")`
			`}`
			`let restorationToken = RestorationToken(session: session,`
Make the SessionDirectories type responsible for cleaning up data. (#3261) 2024-09-11 14:32:03 +01:00			`sessionDirectories: oldToken.sessionDirectories,`
Enable database encryption for new logins on Nightly/PR builds. (#2328) - Slightly reworks where the pusher client ID is generated. 2024-01-12 16:45:59 +00:00			`passphrase: oldToken.passphrase,`
Update the SDK. Handles changes that removed support for the sliding sync proxy. 2025-02-18 10:34:32 +00:00			`pusherNotificationClientIdentifier: oldToken.pusherNotificationClientIdentifier,`
			`slidingSyncProxyURLString: oldToken.slidingSyncProxyURLString)`
Enable OIDC token refresh in the NSE. (#1711) Update the SDK and handle API changes. 2023-09-15 10:01:09 +01:00			`setRestorationToken(restorationToken, forUsername: session.userId)`
			`}`
Initial service implementation for using a PIN code. (#1912) * Initial service implementation for using a PIN code. * Tweak Danger for commit size 600-800 lines is perfectly normal for our PRs, up it to 1000. 2023-10-19 10:42:12 +01:00
			`// MARK: - App Secrets`

			`func resetSecrets() {`
			`MXLog.warning("Resetting main keychain.")`

			`do {`
			`try mainKeychain.removeAll()`
			`} catch {`
			`MXLog.error("Failed resetting the main keychain.")`
			`}`
			`}`

			`func containsPINCode() throws -> Bool {`
Add support for Face ID/Touch ID to app lock. (#1966) * Fix biometrics with low grace period and backgrounding before unlocked. * Trigger permissions alert when enabling Face ID. 2023-10-27 10:09:12 +01:00			`try mainKeychain.contains(Key.appLockPINCode.rawValue)`
Initial service implementation for using a PIN code. (#1912) * Initial service implementation for using a PIN code. * Tweak Danger for commit size 600-800 lines is perfectly normal for our PRs, up it to 1000. 2023-10-19 10:42:12 +01:00			`}`

			`func setPINCode(_ pinCode: String) throws {`
Add support for Face ID/Touch ID to app lock. (#1966) * Fix biometrics with low grace period and backgrounding before unlocked. * Trigger permissions alert when enabling Face ID. 2023-10-27 10:09:12 +01:00			`try mainKeychain.set(pinCode, key: Key.appLockPINCode.rawValue)`
Initial service implementation for using a PIN code. (#1912) * Initial service implementation for using a PIN code. * Tweak Danger for commit size 600-800 lines is perfectly normal for our PRs, up it to 1000. 2023-10-19 10:42:12 +01:00			`}`

			`func pinCode() -> String? {`
			`do {`
Add support for Face ID/Touch ID to app lock. (#1966) * Fix biometrics with low grace period and backgrounding before unlocked. * Trigger permissions alert when enabling Face ID. 2023-10-27 10:09:12 +01:00			`return try mainKeychain.getString(Key.appLockPINCode.rawValue)`
Initial service implementation for using a PIN code. (#1912) * Initial service implementation for using a PIN code. * Tweak Danger for commit size 600-800 lines is perfectly normal for our PRs, up it to 1000. 2023-10-19 10:42:12 +01:00			`} catch {`
			`MXLog.error("Failed retrieving the PIN code.")`
			`return nil`
			`}`
			`}`

			`func removePINCode() {`
			`do {`
Add support for Face ID/Touch ID to app lock. (#1966) * Fix biometrics with low grace period and backgrounding before unlocked. * Trigger permissions alert when enabling Face ID. 2023-10-27 10:09:12 +01:00			`try mainKeychain.remove(Key.appLockPINCode.rawValue)`
Initial service implementation for using a PIN code. (#1912) * Initial service implementation for using a PIN code. * Tweak Danger for commit size 600-800 lines is perfectly normal for our PRs, up it to 1000. 2023-10-19 10:42:12 +01:00			`} catch {`
			`MXLog.error("Failed removing the PIN code.")`
			`}`
			`}`
Add support for Face ID/Touch ID to app lock. (#1966) * Fix biometrics with low grace period and backgrounding before unlocked. * Trigger permissions alert when enabling Face ID. 2023-10-27 10:09:12 +01:00
			`func containsPINCodeBiometricState() -> Bool {`
			`do {`
			`return try mainKeychain.contains(Key.appLockBiometricState.rawValue)`
			`} catch {`
			`MXLog.error("Failed checking for biometric state.")`
			`return false // No need to re-throw the error, we can fall back to the PIN code.`
			`}`
			`}`

			`func setPINCodeBiometricState(_ state: Data) throws {`
			`try mainKeychain.set(state, key: Key.appLockBiometricState.rawValue)`
			`}`

			`func pinCodeBiometricState() -> Data? {`
			`do {`
			`return try mainKeychain.getData(Key.appLockBiometricState.rawValue)`
			`} catch {`
			`MXLog.error("Failed setting the PIN code biometric state.")`
			`return nil`
			`}`
			`}`

			`func removePINCodeBiometricState() {`
			`do {`
			`try mainKeychain.remove(Key.appLockBiometricState.rawValue)`
			`} catch {`
			`MXLog.error("Failed removing the PIN code biometric state.")`
			`}`
			`}`
Fixes #239 - Use new restoration token format, pass stored homeserver url to the client builder when restoring, dropping the need for a network request - bumped the rust sdk to v1.0.17-alpha - move all UserSession related files to Services/UserSession 2022-11-04 13:24:53 +02:00			`}`