/* |
File: CredentialImportController.m |
|
Contains: View to import a credential. |
|
Written by: DTS |
|
Copyright: Copyright (c) 2011 Apple Inc. All Rights Reserved. |
|
Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple Inc. |
("Apple") in consideration of your agreement to the following |
terms, and your use, installation, modification or |
redistribution of this Apple software constitutes acceptance of |
these terms. If you do not agree with these terms, please do |
not use, install, modify or redistribute this Apple software. |
|
In consideration of your agreement to abide by the following |
terms, and subject to these terms, Apple grants you a personal, |
non-exclusive license, under Apple's copyrights in this |
original Apple software (the "Apple Software"), to use, |
reproduce, modify and redistribute the Apple Software, with or |
without modifications, in source and/or binary forms; provided |
that if you redistribute the Apple Software in its entirety and |
without modifications, you must retain this notice and the |
following text and disclaimers in all such redistributions of |
the Apple Software. Neither the name, trademarks, service marks |
or logos of Apple Inc. may be used to endorse or promote |
products derived from the Apple Software without specific prior |
written permission from Apple. Except as expressly stated in |
this notice, no other rights or licenses, express or implied, |
are granted by Apple herein, including but not limited to any |
patent rights that may be infringed by your derivative works or |
by other works in which the Apple Software may be incorporated. |
|
The Apple Software is provided by Apple on an "AS IS" basis. |
APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING |
WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, |
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, REGARDING |
THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE OR IN |
COMBINATION WITH YOUR PRODUCTS. |
|
IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT, |
INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED |
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ARISING IN ANY WAY |
OUT OF THE USE, REPRODUCTION, MODIFICATION AND/OR DISTRIBUTION |
OF THE APPLE SOFTWARE, HOWEVER CAUSED AND WHETHER UNDER THEORY |
OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR |
OTHERWISE, EVEN IF APPLE HAS BEEN ADVISED OF THE POSSIBILITY OF |
SUCH DAMAGE. |
|
*/ |
|
#import "CredentialImportController.h" |
|
@interface CredentialImportController () <UITextFieldDelegate> |
|
@property (nonatomic, assign, readonly) BOOL isPKCS12; |
|
@end |
|
@implementation CredentialImportController |
|
+ (NSSet *)supportedMIMETypes |
{ |
static NSSet * sSupportedCredentialTypes; |
|
if (sSupportedCredentialTypes == nil) { |
sSupportedCredentialTypes = [[NSSet alloc] initWithObjects:@"application/x-pkcs12", @"application/x-x509-ca-cert", @"application/pkix-cert", nil]; |
assert(sSupportedCredentialTypes != nil); |
} |
return sSupportedCredentialTypes; |
} |
|
- (id)initWithCredentialData:(NSData *)data type:(NSString *)type |
{ |
assert(data != nil); |
assert(type != nil); |
assert([[[self class] supportedMIMETypes] containsObject:type]); |
|
self = [super initWithNibName:@"CredentialImportController" bundle:[NSBundle bundleForClass:[self class]]]; |
if (self != nil) { |
self->_data = [data copy]; |
self->_type = [[type lowercaseString] copy]; |
} |
return self; |
} |
|
@synthesize data = _data; |
@synthesize type = _type; |
@synthesize origin = _origin; |
@synthesize delegate = _delegate; |
|
- (BOOL)isPKCS12 |
{ |
return [self.type isEqual:@"application/x-pkcs12"]; |
} |
|
#pragma mark * Text field delegate callbacks |
|
// The passwordIncorrectLabel tells the user that their password was incorrect |
// (obviously this is only used for PKCS#12). We show the label when the user |
// tries to import the PKCS#12 and that fails with an error. We hide the label |
// when the user changes (or clears) the text in the password field. |
|
- (BOOL)textFieldShouldClear:(UITextField *)textField |
{ |
#pragma unused(textField) |
assert(textField == self.passwordField); |
self.passwordIncorrectLabel.hidden = YES; |
return YES; |
} |
|
- (BOOL)textField:(UITextField *)textField shouldChangeCharactersInRange:(NSRange)range replacementString:(NSString *)string |
{ |
#pragma unused(textField) |
#pragma unused(range) |
#pragma unused(string) |
assert(textField == self.passwordField); |
self.passwordIncorrectLabel.hidden = YES; |
return YES; |
} |
|
- (BOOL)textFieldShouldReturn:(UITextField *)textField |
{ |
#pragma unused(textField) |
assert(textField == self.passwordField); |
|
// We don't check for the password being non-empty because it seems that a |
// PKCS#12 with an empty password is legal. |
|
[self importAction:self]; |
return NO; |
} |
|
#pragma mark * Action code |
|
- (CredentialImportStatus)_importPKCS12 |
// Attempts to import the identities in a PKCS#12 data blob. |
{ |
OSStatus err; |
CredentialImportStatus status; |
CFArrayRef importedItems; |
|
status = kCredentialImportStatusFailed; |
|
importedItems = NULL; |
|
err = SecPKCS12Import( |
(CFDataRef) self.data, |
(CFDictionaryRef) [NSDictionary dictionaryWithObjectsAndKeys: |
self.passwordField.text, kSecImportExportPassphrase, |
nil |
], |
&importedItems |
); |
if (err == noErr) { |
// +++ If there are multiple identities in the PKCS#12, and adding a non-first |
// one fails, we end up with partial results. Right now that's not an issue |
// in practice, but I might want to revisit this. |
|
for (NSDictionary * itemDict in (id) importedItems) { |
SecIdentityRef identity; |
|
assert([itemDict isKindOfClass:[NSDictionary class]]); |
|
identity = (SecIdentityRef) [itemDict objectForKey:(NSString *) kSecImportItemIdentity]; |
assert(identity != NULL); |
assert( CFGetTypeID(identity) == SecIdentityGetTypeID() ); |
|
err = SecItemAdd( |
(CFDictionaryRef) [NSDictionary dictionaryWithObjectsAndKeys: |
(id) identity, kSecValueRef, |
nil |
], |
NULL |
); |
if (err == errSecDuplicateItem) { |
err = noErr; |
} |
if (err != noErr) { |
break; |
} |
} |
if (err == noErr) { |
status = kCredentialImportStatusSucceeded; |
} |
} else if (err == errSecAuthFailed) { |
self.passwordIncorrectLabel.hidden = NO; |
status = kCredentialImportStatusCancelled; |
} |
|
if (importedItems != NULL) { |
CFRelease(importedItems); |
} |
return status; |
} |
|
- (CredentialImportStatus)_importCertificate |
// Attempts to import the data as a certificate. |
{ |
OSStatus err; |
CredentialImportStatus status; |
SecCertificateRef cert; |
|
status = kCredentialImportStatusFailed; |
|
cert = SecCertificateCreateWithData(NULL, (CFDataRef) self.data); |
if (cert != NULL) { |
err = SecItemAdd( |
(CFDictionaryRef) [NSDictionary dictionaryWithObjectsAndKeys: |
(id) kSecClassCertificate, kSecClass, |
(id) cert, kSecValueRef, |
nil |
], |
NULL |
); |
if ( (err == errSecSuccess) || (err == errSecDuplicateItem) ) { |
status = kCredentialImportStatusSucceeded; |
} |
} |
return status; |
} |
|
- (IBAction)importAction:(id)sender |
// Called when the user taps on the Import button. |
{ |
#pragma unused(sender) |
CredentialImportStatus status; |
|
if (self.isPKCS12) { |
status = [self _importPKCS12]; |
} else { |
status = [self _importCertificate]; |
} |
|
// We use kCredentialImportStatusCancelled as a special token (in this context |
// only) to indicate that the user should retry their password. |
|
if ( (self.delegate != nil) && (status != kCredentialImportStatusCancelled) ) { |
[self.delegate credentialImport:self didImportWithStatus:status]; |
} |
} |
|
- (IBAction)cancelAction:(id)sender |
// Called when the user taps on the Cancel button. |
{ |
#pragma unused(sender) |
if (self.delegate != nil) { |
[self.delegate credentialImport:self didImportWithStatus:kCredentialImportStatusCancelled]; |
} |
} |
|
#pragma mark * View controller boilerplate |
|
@synthesize descriptionLabel = _descriptionLabel; |
@synthesize typeLabel = _typeLabel; |
@synthesize originLabel = _originLabel; |
@synthesize passwordField = _passwordField; |
@synthesize passwordIncorrectLabel = _passwordIncorrectLabel; |
|
- (void)viewDidLoad |
{ |
[super viewDidLoad]; |
|
assert(self.descriptionLabel != nil); |
assert(self.typeLabel != nil); |
assert(self.originLabel != nil); |
assert(self.passwordField != nil); |
assert(self.passwordField.delegate == self); |
assert(self.passwordIncorrectLabel != nil); |
|
self.view.backgroundColor = [UIColor groupTableViewBackgroundColor]; |
|
// Set up the UI to reflect what the user is trying to import. This includes, |
// for example, setting the the various text fields and hiding the password |
// field if we're importing a certificate. |
|
if (self.isPKCS12) { |
self.descriptionLabel.text = [NSString stringWithFormat:@"not available prior to import"]; |
self.typeLabel.text = @"identity"; |
|
// Debug builds get a default password of "test". |
|
#if ! defined(NDEBUG) |
self.passwordField.text = @"test"; |
#endif |
} else { |
SecCertificateRef cert; |
CFStringRef summary; |
|
summary = NULL; |
cert = SecCertificateCreateWithData(NULL, (CFDataRef) self.data); |
if (cert != NULL) { |
summary = SecCertificateCopySubjectSummary(cert); |
} |
if (summary == NULL) { |
summary = CFSTR("unknown"); |
} |
|
if (self.origin != nil) { |
self.descriptionLabel.text = (NSString *) summary; |
} else { |
self.descriptionLabel.text = @"n/a"; |
} |
|
if (summary != NULL) { |
CFRelease(summary); |
} |
if (cert != NULL) { |
CFRelease(cert); |
} |
|
self.typeLabel.text = @"certificate"; |
self.passwordField.hidden = YES; |
} |
|
if (self.origin != nil) { |
self.originLabel.text = [self.origin absoluteString]; |
} else { |
self.originLabel.text = @"n/a"; |
} |
} |
|
- (void)viewWillAppear:(BOOL)animated |
{ |
assert(self.delegate != nil); // c'mon folks! |
|
[super viewWillAppear:animated]; |
|
if (self.isPKCS12) { |
[self.passwordField becomeFirstResponder]; |
} |
self.passwordIncorrectLabel.hidden = YES; |
} |
|
- (void)viewDidUnload |
{ |
[super viewDidUnload]; |
|
self.descriptionLabel = nil; |
self.typeLabel = nil; |
self.originLabel = nil; |
self.passwordField = nil; |
self.passwordIncorrectLabel = nil; |
} |
|
- (void)dealloc |
{ |
[self->_data release]; |
[self->_type release]; |
[self->_origin release]; |
|
[self->_descriptionLabel release]; |
[self->_typeLabel release]; |
[self->_originLabel release]; |
[self->_passwordField release]; |
[self->_passwordIncorrectLabel release]; |
|
[super dealloc]; |
} |
|
@end |
