Магазин NSDictionary в брелках для ключей

Question

Можно хранить NSDictionary в цепочке ключей iPhone, используя KeychainItemWrapper (или без)? Если это невозможно, у вас есть другое решение?

Answer 1

Кодирование: [dic description]
Декодирование: [dic propertyList]

Answer 2

Вы можете хранить что угодно, вам просто нужно его сериализовать.

NSData *data = [NSKeyedArchiver archivedDataWithRootObject:dictionary]; 

Вы должны иметь возможность хранить эти данные в цепочке ключей.

Answer 3

Вы должны правильно сериализовать NSDictionary перед сохранением его в брелок. Использование:

[dic description] 
[dic propertyList] 

вы будете в конечном итоге с NSDictionary коллекции только NSString объектов. Если вы хотите сохранить типы данных объектов, вы можете использовать NSPropertyListSerialization.

KeychainItemWrapper *keychain = [[KeychainItemWrapper alloc] initWithIdentifier:@"arbitraryId" accessGroup:nil] 
NSString *error; 
//The following NSData object may be stored in the Keychain 
NSData *dictionaryRep = [NSPropertyListSerialization dataFromPropertyList:dictionary format:NSPropertyListXMLFormat_v1_0 errorDescription:&error]; 
[keychain setObject:dictionaryRep forKey:kSecValueData]; 

//When the NSData object object is retrieved from the Keychain, you convert it back to NSDictionary type 
dictionaryRep = [keychain objectForKey:kSecValueData]; 
NSDictionary *dictionary = [NSPropertyListSerialization propertyListFromData:dictionaryRep mutabilityOption:NSPropertyListImmutable format:nil errorDescription:&error]; 

if (error) { 
    NSLog(@"%@", error); 
} 

NSDictionary возвращаемых при втором вызове NSPropertyListSerialization будет поддерживать исходные типы данных в NSDictionary коллекции.

Answer 4

Я обнаружил, что оболочка для ключей связывает только строки. Даже NSData. Поэтому для хранения словаря вам нужно будет сделать, как предложил Брет, но с дополнительным шагом для преобразования сериализации NSData в строку. Как это:

NSString *error; 
KeychainItemWrapper *keychain = [[KeychainItemWrapper alloc] initWithIdentifier:MY_STRING accessGroup:nil]; 
NSData *dictionaryRep = [NSPropertyListSerialization dataFromPropertyList:dictToSave format:NSPropertyListXMLFormat_v1_0 errorDescription:&error]; 
NSString *xml = [[NSString alloc] initWithBytes:[dictionaryRep bytes] length:[dictionaryRep length] encoding:NSUTF8StringEncoding]; 
[keychain setObject:xml forKey:(__bridge id)(kSecValueData)]; 

Чтение его обратно:

NSError *error; 
NSString *xml = [keychain objectForKey:(__bridge id)(kSecValueData)]; 
if (xml && xml.length) { 
    NSData *dictionaryRep = [xml dataUsingEncoding:NSUTF8StringEncoding]; 
    dict = [NSPropertyListSerialization propertyListWithData:dictionaryRep options:NSPropertyListImmutable format:nil error:&error]; 
    if (error) { 
     NSLog(@"%@", error); 
    } 
} 

Answer 5

Использование KeychainItemWrapper зависимость требует модификации код библиотеки/образец принять NSData в качестве зашифрованного полезной нагрузки, которая не является доказательством будущего. Кроме того, выполнение последовательности преобразования NSDictionary > NSData > NSString только для того, чтобы вы могли использовать KeychainItemWrapper, неэффективно: KeychainItemWrapper в любом случае преобразует вашу строку обратно в NSData, чтобы зашифровать ее.

Вот полное решение, которое разрешает вышеупомянутое, напрямую используя библиотеку ключей. Он реализован в виде категории, так что вы использовать его как это:

// to store your dictionary 
[myDict storeToKeychainWithKey:@"myStorageKey"]; 

// to retrieve it 
NSDictionary *myDict = [NSDictionary dictionaryFromKeychainWithKey:@"myStorageKey"]; 

// to delete it 
[myDict deleteFromKeychainWithKey:@"myStorageKey"]; 

и вот Категория:

@implementation NSDictionary (Keychain) 

-(void) storeToKeychainWithKey:(NSString *)aKey { 
    // serialize dict 
    NSString *error; 
    NSData *serializedDictionary = [NSPropertyListSerialization dataFromPropertyList:self format:NSPropertyListXMLFormat_v1_0 errorDescription:&error]; 

    // encrypt in keychain 
    if(!error) { 
     // first, delete potential existing entries with this key (it won't auto update) 
     [self deleteFromKeychainWithKey:aKey]; 

     // setup keychain storage properties 
     NSDictionary *storageQuery = @{ 
      (id)kSecAttrAccount: aKey, 
      (id)kSecValueData:  serializedDictionary, 
      (id)kSecClass:   (id)kSecClassGenericPassword, 
      (id)kSecAttrAccessible: (id)kSecAttrAccessibleWhenUnlocked 
     }; 
     OSStatus osStatus = SecItemAdd((CFDictionaryRef)storageQuery, nil); 
     if(osStatus != noErr) { 
      // do someting with error 
     } 
    } 
} 


+(NSDictionary *) dictionaryFromKeychainWithKey:(NSString *)aKey { 
    // setup keychain query properties 
    NSDictionary *readQuery = @{ 
     (id)kSecAttrAccount: aKey, 
     (id)kSecReturnData: (id)kCFBooleanTrue, 
     (id)kSecClass:  (id)kSecClassGenericPassword 
    }; 

    NSData *serializedDictionary = nil; 
    OSStatus osStatus = SecItemCopyMatching((CFDictionaryRef)readQuery, (CFTypeRef *)&serializedDictionary); 
    if(osStatus == noErr) { 
     // deserialize dictionary 
     NSString *error; 
     NSDictionary *storedDictionary = [NSPropertyListSerialization propertyListFromData:serializedDictionary mutabilityOption:NSPropertyListImmutable format:nil errorDescription:&error]; 
     if(error) { 
      NSLog(@"%@", error); 
     } 
     return storedDictionary; 
    } 
    else { 
     // do something with error 
     return nil; 
    } 
} 


-(void) deleteFromKeychainWithKey:(NSString *)aKey { 
    // setup keychain query properties 
    NSDictionary *deletableItemsQuery = @{ 
     (id)kSecAttrAccount:  aKey, 
     (id)kSecClass:    (id)kSecClassGenericPassword, 
     (id)kSecMatchLimit:   (id)kSecMatchLimitAll, 
     (id)kSecReturnAttributes: (id)kCFBooleanTrue 
    }; 

    NSArray *itemList = nil; 
    OSStatus osStatus = SecItemCopyMatching((CFDictionaryRef)deletableItemsQuery, (CFTypeRef *)&itemList); 
    // each item in the array is a dictionary 
    for (NSDictionary *item in itemList) { 
     NSMutableDictionary *deleteQuery = [item mutableCopy]; 
     [deleteQuery setValue:(id)kSecClassGenericPassword forKey:(id)kSecClass]; 
     // do delete 
     osStatus = SecItemDelete((CFDictionaryRef)deleteQuery); 
     if(osStatus != noErr) { 
      // do something with error 
     } 
     [deleteQuery release]; 
    } 
} 


@end 

В самом деле, вы можете изменить его легко хранить любой вид сериализуемого объекта keychain, а не только словарь. Просто сделайте представление NSData объекта, который вы хотите сохранить.

Answer 6

Сделано несколько незначительных изменений в категории Dts. Преобразован в ARC и использует NSKeyedArchiver для хранения пользовательских объектов.

@implementation NSDictionary (Keychain) 

-(void) storeToKeychainWithKey:(NSString *)aKey { 
    // serialize dict 
    NSData *serializedDictionary = [NSKeyedArchiver archivedDataWithRootObject:self]; 
    // encrypt in keychain 
     // first, delete potential existing entries with this key (it won't auto update) 
     [self deleteFromKeychainWithKey:aKey]; 

     // setup keychain storage properties 
     NSDictionary *storageQuery = @{ 
             (__bridge id)kSecAttrAccount: aKey, 
             (__bridge id)kSecValueData:  serializedDictionary, 
             (__bridge id)kSecClass:   (__bridge id)kSecClassGenericPassword, 
             (__bridge id)kSecAttrAccessible: (__bridge id)kSecAttrAccessibleWhenUnlocked 
             }; 
     OSStatus osStatus = SecItemAdd((__bridge CFDictionaryRef)storageQuery, nil); 
     if(osStatus != noErr) { 
      // do someting with error 
     } 
} 


+(NSDictionary *) dictionaryFromKeychainWithKey:(NSString *)aKey { 
    // setup keychain query properties 
    NSDictionary *readQuery = @{ 
           (__bridge id)kSecAttrAccount: aKey, 
           (__bridge id)kSecReturnData: (id)kCFBooleanTrue, 
           (__bridge id)kSecClass:  (__bridge id)kSecClassGenericPassword 
           }; 

    CFDataRef serializedDictionary = NULL; 
    OSStatus osStatus = SecItemCopyMatching((__bridge CFDictionaryRef)readQuery, (CFTypeRef *)&serializedDictionary); 
    if(osStatus == noErr) { 
     // deserialize dictionary 
     NSData *data = (__bridge NSData *)serializedDictionary; 
     NSDictionary *storedDictionary = [NSKeyedUnarchiver unarchiveObjectWithData:data]; 
     return storedDictionary; 
    } 
    else { 
     // do something with error 
     return nil; 
    } 
} 


-(void) deleteFromKeychainWithKey:(NSString *)aKey { 
    // setup keychain query properties 
    NSDictionary *deletableItemsQuery = @{ 
              (__bridge id)kSecAttrAccount:  aKey, 
              (__bridge id)kSecClass:    (__bridge id)kSecClassGenericPassword, 
              (__bridge id)kSecMatchLimit:   (__bridge id)kSecMatchLimitAll, 
              (__bridge id)kSecReturnAttributes: (id)kCFBooleanTrue 
              }; 

    CFArrayRef itemList = nil; 
    OSStatus osStatus = SecItemCopyMatching((__bridge CFDictionaryRef)deletableItemsQuery, (CFTypeRef *)&itemList); 
    // each item in the array is a dictionary 
    NSArray *itemListArray = (__bridge NSArray *)itemList; 
    for (NSDictionary *item in itemListArray) { 
     NSMutableDictionary *deleteQuery = [item mutableCopy]; 
     [deleteQuery setValue:(__bridge id)kSecClassGenericPassword forKey:(__bridge id)kSecClass]; 
     // do delete 
     osStatus = SecItemDelete((__bridge CFDictionaryRef)deleteQuery); 
     if(osStatus != noErr) { 
      // do something with error 
     } 
    } 
} 

@end 

Answer 7

Я добавил поддержку группы доступа и безопасности тренажера для решения Amols:

// 
// NSDictionary+SharedKeyChain.h 
// LHSharedKeyChain 
// 

#import <Foundation/Foundation.h> 

@interface NSDictionary (SharedKeyChain) 

/** 
* Returns a previously stored dictionary from the KeyChain. 
* 
* @param key   NSString The name of the dictionary. There can be multiple dictionaries stored in the KeyChain. 
* @param accessGroup NSString Access group for shared KeyChains, set to nil for no group. 
* 
* @return NSDictionary A dictionary that has been stored in the Keychain, nil if no dictionary for the key and accessGroup exist. 
*/ 
+ (NSDictionary *)dictionaryFromKeychainWithKey:(NSString *)key accessGroup:(NSString *)accessGroup; 

/** 
* Deletes a previously stored dictionary from the KeyChain. 
* 
* @param key   NSString The name of the dictionary. There can be multiple dictionaries stored in the KeyChain. 
* @param accessGroup NSString Access group for shared KeyChains, set to nil for no group. 
*/ 
+ (void)deleteFromKeychainWithKey:(NSString *)key accessGroup:(NSString *)accessGroup; 

/** 
* Save dictionary instance to the KeyChain. Any previously existing data with the same key and accessGroup will be overwritten. 
* 
* @param key   NSString The name of the dictionary. There can be multiple dictionaries stored in the KeyChain. 
* @param accessGroup NSString Access group for shared KeyChains, set to nil for no group. 
*/ 
- (void)storeToKeychainWithKey:(NSString *)key accessGroup:(NSString *)accessGroup; 

@end 

---

// 
// NSDictionary+SharedKeyChain.m 
// LHSharedKeyChain 
// 

#import "NSDictionary+SharedKeyChain.h" 

@implementation NSDictionary (SharedKeyChain) 

- (void)storeToKeychainWithKey:(NSString *)key accessGroup:(NSString *)accessGroup; 
{ 
    // serialize dict 
    NSData *serializedDictionary = [NSKeyedArchiver archivedDataWithRootObject:self]; 
    // encrypt in keychain 
    // first, delete potential existing entries with this key (it won't auto update) 
    [NSDictionary deleteFromKeychainWithKey:key accessGroup:accessGroup]; 

    // setup keychain storage properties 
    NSDictionary *storageQuery = @{ 
     (__bridge id)kSecAttrAccount: key, 
#if TARGET_IPHONE_SIMULATOR 
// Ignore the access group if running on the iPhone simulator. 
// 
// Apps that are built for the simulator aren't signed, so there's no keychain access group 
// for the simulator to check. This means that all apps can see all keychain items when run 
// on the simulator. 
// 
// If a SecItem contains an access group attribute, SecItemAdd and SecItemUpdate on the 
// simulator will return -25243 (errSecNoAccessForItem). 
#else 
     (__bridge id)kSecAttrAccessGroup: accessGroup, 
#endif 
     (__bridge id)kSecValueData: serializedDictionary, 
     (__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword, 
     (__bridge id)kSecAttrAccessible: (__bridge id)kSecAttrAccessibleWhenUnlocked 
    }; 
    OSStatus status = SecItemAdd ((__bridge CFDictionaryRef)storageQuery, nil); 
    if (status != noErr) 
    { 
     NSLog (@"%d %@", (int)status, @"Couldn't save to Keychain."); 
    } 
} 


+ (NSDictionary *)dictionaryFromKeychainWithKey:(NSString *)key accessGroup:(NSString *)accessGroup; 
{ 
    // setup keychain query properties 
    NSDictionary *readQuery = @{ 
     (__bridge id)kSecAttrAccount: key, 
#if TARGET_IPHONE_SIMULATOR 
// Ignore the access group if running on the iPhone simulator. 
// 
// Apps that are built for the simulator aren't signed, so there's no keychain access group 
// for the simulator to check. This means that all apps can see all keychain items when run 
// on the simulator. 
// 
// If a SecItem contains an access group attribute, SecItemAdd and SecItemUpdate on the 
// simulator will return -25243 (errSecNoAccessForItem). 
#else 
     (__bridge id)kSecAttrAccessGroup: accessGroup, 
#endif 
     (__bridge id)kSecReturnData: (id)kCFBooleanTrue, 
     (__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword 
    }; 

    CFDataRef serializedDictionary = NULL; 
    OSStatus status = SecItemCopyMatching ((__bridge CFDictionaryRef)readQuery, (CFTypeRef *)&serializedDictionary); 
    if (status == noErr) 
    { 
     // deserialize dictionary 
     NSData *data = (__bridge NSData *)serializedDictionary; 
     NSDictionary *storedDictionary = [NSKeyedUnarchiver unarchiveObjectWithData:data]; 
     return storedDictionary; 
    } 
    else 
    { 
     NSLog (@"%d %@", (int)status, @"Couldn't read from Keychain."); 
     return nil; 
    } 
} 


+ (void)deleteFromKeychainWithKey:(NSString *)key accessGroup:(NSString *)accessGroup; 
{ 
    // setup keychain query properties 
    NSDictionary *deletableItemsQuery = @{ 
     (__bridge id)kSecAttrAccount: key, 
#if TARGET_IPHONE_SIMULATOR 
// Ignore the access group if running on the iPhone simulator. 
// 
// Apps that are built for the simulator aren't signed, so there's no keychain access group 
// for the simulator to check. This means that all apps can see all keychain items when run 
// on the simulator. 
// 
// If a SecItem contains an access group attribute, SecItemAdd and SecItemUpdate on the 
// simulator will return -25243 (errSecNoAccessForItem). 
#else 
     (__bridge id)kSecAttrAccessGroup: accessGroup, 
#endif 
     (__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword, 
     (__bridge id)kSecMatchLimit: (__bridge id)kSecMatchLimitAll, 
     (__bridge id)kSecReturnAttributes: (id)kCFBooleanTrue 
    }; 

    CFArrayRef itemList = nil; 
    OSStatus status = SecItemCopyMatching ((__bridge CFDictionaryRef)deletableItemsQuery, (CFTypeRef *)&itemList); 
    // each item in the array is a dictionary 
    NSArray *itemListArray = (__bridge NSArray *)itemList; 
    for (NSDictionary *item in itemListArray) 
    { 
     NSMutableDictionary *deleteQuery = [item mutableCopy]; 
     [deleteQuery setValue:(__bridge id)kSecClassGenericPassword forKey:(__bridge id)kSecClass]; 
     // do delete 
     status = SecItemDelete ((__bridge CFDictionaryRef)deleteQuery); 
     if (status != noErr) 
     { 
      NSLog (@"%d %@", (int)status, @"Couldn't delete from Keychain."); 
     } 
    } 
} 

@end