cks*_*ubs 4 macos cocoa keychain security-framework
所以OS X Keychain有三条信息:
我显然总是知道ServiceName.有没有办法找到该ServiceName的任何已保存用户名?(一旦知道用户名,就很容易找到密码.)
我更喜欢使用一个漂亮的Cocoa包装器,如EMKeychain来做到这一点.但EMKeychain要求UserName获取任何钥匙串项目!
+ (EMGenericKeychainItem *)genericKeychainItemForService:(NSString *)serviceNameString withUsername:(NSString *)usernameString;
如果您需要用户名来查找凭据,您希望如何充分利用钥匙串中的保存凭据?将用户名保存在.plist文件中的最佳做法是什么?
SecKeychainFindGenericPassword只返回一个钥匙串项.要查找特定服务的所有通用密码,您需要在钥匙串上运行查询.根据您定位的OS X版本,有多种方法可以执行此操作.
如果您需要在10.5或更低版本上运行,则需要使用SecKeychainSearchCreateFromAttributes.这是一个相当可怕的API.下面是一个返回将用户名映射到密码的字典的方法的粗略剪辑.
- (NSDictionary *)genericPasswordsWithService:(NSString *)service {
OSStatus status;
// Construct a query.
const char *utf8Service = [service UTF8String];
SecKeychainAttribute attr = { .tag = kSecServiceItemAttr,
.length = strlen(utf8Service),
.data = (void *)utf8Service };
SecKeychainAttribute attrList = { .count = 1, .attr = &attr };
SecKeychainSearchRef *search = NULL;
status = SecKeychainSearchCreateFromAttributes(NULL, kSecGenericPasswordItemClass, &attrList, &search);
if (status) {
report(status);
return nil;
}
// Enumerate results.
NSMutableDictionary *result = [NSMutableDictionary dictionary];
while (1) {
SecKeychainItemRef item = NULL;
status = SecKeychainSearchCopyNext(search, &item);
if (status)
break;
// Find 'account' attribute and password value.
UInt32 tag = kSecAccountItemAttr;
UInt32 format = CSSM_DB_ATTRIBUTE_FORMAT_STRING;
SecKeychainAttributeInfo info = { .count = 1, .tag = &tag, .format = &format };
SecKeychainAttributeList *attrList = NULL;
UInt32 length = 0;
void *data = NULL;
status = SecKeychainItemCopyAttributesAndData(item, &info, NULL, &attrList, &length, &data);
if (status) {
CFRelease(item);
continue;
}
NSAssert(attrList->count == 1 && attrList->attr[0].tag == kSecAccountItemAttr, @"SecKeychainItemCopyAttributesAndData is messing with us");
NSString *account = [[[NSString alloc] initWithBytes:attrList->attr[0].data length:attrList->attr[0].length encoding:NSUTF8StringEncoding] autorelease];
NSString *password = [[[NSString alloc] initWithBytes:data length:length encoding:NSUTF8StringEncoding] autorelease];
[result setObject:password forKey:account];
SecKeychainItemFreeAttributesAndData(attrList, data);
CFRelease(item);
}
CFRelease(search);
return result;
}
对于10.6及更高版本,您可以使用稍微不那么不方便的SecItemCopyMatchingAPI:
- (NSDictionary *)genericPasswordsWithService:(NSString *)service {
NSDictionary *query = [NSDictionary dictionaryWithObjectsAndKeys:
kSecClassGenericPassword, kSecClass,
(id)kCFBooleanTrue, kSecReturnData,
(id)kCFBooleanTrue, kSecReturnAttributes,
kSecMatchLimitAll, kSecMatchLimit,
service, kSecAttrService,
nil];
NSArray *itemDicts = nil;
OSStatus status = SecItemCopyMatching((CFDictionaryRef)q, (CFTypeRef *)&itemDicts);
if (status) {
report(status);
return nil;
}
NSMutableDictionary *result = [NSMutableDictionary dictionary];
for (NSDictionary *itemDict in itemDicts) {
NSData *data = [itemDict objectForKey:kSecValueData];
NSString *password = [[[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding] autorelease];
NSString *account = [itemDict objectForKey:kSecAttrAccount];
[result setObject:password forKey:account];
}
[itemDicts release];
return result;
}
对于10.7或更高版本,您可以使用我精彩的LKKeychain框架(PLUG!).它不支持构建基于属性的查询,但您只需列出所有密码并过滤掉您不需要的密码.
- (NSDictionary *)genericPasswordsWithService:(NSString *)service {
LKKCKeychain *keychain = [LKKCKeychain defaultKeychain];
NSMutableDictionary *result = [NSMutableDictionary dictionary];
for (LKKCGenericPassword *item in [keychain genericPasswords]) {
if ([service isEqualToString:item.service]) {
[result setObject:item.password forKey:item.account];
}
}
return result;
}
(我没有尝试运行,甚至没有编译上面的任何代码示例;抱歉任何错别字.)
通用密码具有服务名称和用户名的唯一密钥。因此,要获取单个通用钥匙串条目,您需要提供两者。但是,您可以使用该函数迭代给定服务的所有通用钥匙串条目SecKeychainFindGenericPassword。
(免责声明:我对在 EMKeychain 中执行此操作一无所知。)
| 归档时间: |
|
| 查看次数: |
2670 次 |
| 最近记录: |