Merge pull request #64 from square/federman/can_access_keychain_optim…

…ization Prevent canAccessKeychain from logging to the console. Improve performance in likely case.
square · Jan 4, 2016 · 447c783 · 447c783
2 parents eb066df + a5f9e83
commit 447c783
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 8 deletions.
diff --git a/Valet.podspec b/Valet.podspec
@@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
   s.name     = 'Valet'
-  s.version  = '2.0.6'
+  s.version  = '2.0.7'
   s.license  = 'Apache License, Version 2.0'
   s.summary  = 'Valet lets you securely store data in the iOS or OS X Keychain without knowing a thing about how the Keychain works. It\'s easy. We promise.'
   s.homepage = 'https://github.com/square/Valet'

diff --git a/Valet/VALValet.m b/Valet/VALValet.m
@@ -248,14 +248,21 @@ - (BOOL)canAccessKeychain;
         NSString *const canaryKey = @"VAL_KeychainCanaryUsername";
         NSString *const canaryValue = @"VAL_KeychainCanaryPassword";
 
-        // Manually add the key to the keychain since we don't care about duplicates and are optimizing for speed.
-        NSMutableDictionary *query = [self.baseQuery mutableCopy];
-        [query addEntriesFromDictionary:[self _secItemFormatDictionaryWithKey:canaryKey]];
-        query[(__bridge id)kSecValueData] = [canaryValue dataUsingEncoding:NSUTF8StringEncoding];
-        (void)VALAtomicSecItemAdd((__bridge CFDictionaryRef)query, NULL);
-
         NSString *const retrievedCanaryValue = [self stringForKey:canaryKey];
-        canAccessKeychain = [canaryValue isEqualToString:retrievedCanaryValue];
+        if ([canaryValue isEqualToString:retrievedCanaryValue]) {
+            canAccessKeychain = YES;
+
+        } else {
+            // Canary value can't be found. Manually add the value to see if we can pull it back out.
+            NSMutableDictionary *query = [self.baseQuery mutableCopy];
+            [query addEntriesFromDictionary:[self _secItemFormatDictionaryWithKey:canaryKey]];
+            query[(__bridge id)kSecValueData] = [canaryValue dataUsingEncoding:NSUTF8StringEncoding];
+            (void)VALAtomicSecItemAdd((__bridge CFDictionaryRef)query, NULL);
+
+            NSString *const retrievedCanaryValueAfterAdding = [self stringForKey:canaryKey];
+            canAccessKeychain = [canaryValue isEqualToString:retrievedCanaryValueAfterAdding];
+        }
+
     }, self.lockForSetAndRemoveOperations);
 
     return canAccessKeychain;

diff --git a/ValetTests/ValetTests.m b/ValetTests/ValetTests.m
@@ -150,6 +150,13 @@ - (void)test_canAccessKeychain;
 #endif
 }
 
+- (void)test_canAccessKeychain_performance;
+{
+    [self measureBlock:^{
+        [self.valet canAccessKeychain];
+    }];
+}
+
 - (void)test_stringForKey_retrievesString;
 {
     XCTAssertNil([self.valet stringForKey:self.key]);