Merge pull request #134 from square/dfed/use_shared_access_group

Create sharedAccessGroup Valet when requested
square · Mar 30, 2018 · 88515f5 · 88515f5
2 parents 68dd3ed + d02aa1d
commit 88515f5
Show file tree

Hide file tree

Showing 7 changed files with 100 additions and 25 deletions.
diff --git a/Sources/SecureEnclaveValet.swift b/Sources/SecureEnclaveValet.swift
@@ -212,10 +212,13 @@ public final class SecureEnclaveValet: NSObject {
     public func migrateObjects(from keychain: KeychainQueryConvertible, removeOnCompletion: Bool) -> MigrationResult {
         return migrateObjects(matching: keychain.keychainQuery, removeOnCompletion: removeOnCompletion)
     }
-
+
+    // MARK: Internal Properties
+
+    internal let service: Service
+
     // MARK: Private Properties
 
-    private let service: Service
     private let lock = NSLock()
     private let keychainQuery: [String : AnyHashable]
 }

diff --git a/Sources/SinglePromptSecureEnclaveValet.swift b/Sources/SinglePromptSecureEnclaveValet.swift
@@ -242,10 +242,13 @@ public final class SinglePromptSecureEnclaveValet: NSObject {
     public func migrateObjects(from keychain: KeychainQueryConvertible, removeOnCompletion: Bool) -> MigrationResult {
         return migrateObjects(matching: keychain.keychainQuery, removeOnCompletion: removeOnCompletion)
     }
-
+
+    // MARK: Internal Properties
+
+    internal let service: Service
+
     // MARK: Private Properties
-
-    private let service: Service
+
     private let lock = NSLock()
     private let baseKeychainQuery: [String : AnyHashable]
     private var localAuthenticationContext = LAContext()

diff --git a/Sources/Valet.swift b/Sources/Valet.swift
@@ -69,14 +69,19 @@ public final class Valet: NSObject, KeychainQueryConvertible {
     // MARK: Private Class Functions
 
     /// - returns: a Valet with the given Identifier, Flavor (and a shared access group service if requested)
-    private class func findOrCreate(_ identifier: Identifier, configuration: Configuration, sharedAccessGroup: Bool=false) -> Valet {
-        let service : Service = sharedAccessGroup ? .sharedAccessGroup(identifier, configuration) : .standard(identifier, configuration)
+    private class func findOrCreate(_ identifier: Identifier, configuration: Configuration, sharedAccessGroup: Bool = false) -> Valet {
+        let service: Service = sharedAccessGroup ? .sharedAccessGroup(identifier, configuration) : .standard(identifier, configuration)
         let key = service.description as NSString
         if let existingValet = identifierToValetMap.object(forKey: key) {
             return existingValet
 
         } else {
-            let valet = Valet(identifier: identifier, configuration: configuration)
+            let valet: Valet
+            if sharedAccessGroup {
+                valet = Valet(sharedAccess: identifier, configuration: configuration)
+            } else {
+                valet = Valet(identifier: identifier, configuration: configuration)
+            }
             identifierToValetMap.setObject(valet, forKey: key)
             return valet
         }

diff --git a/Tests/SecureEnclaveTests.swift b/Tests/SecureEnclaveTests.swift
@@ -40,7 +40,27 @@ class SecureEnclaveTests: XCTestCase
 
         valet.removeObject(forKey: key)
     }
-
+
+    // MARK: Initialization
+
+    func test_init_createsCorrectBackingService() {
+        let identifier = ValetTests.identifier
+
+        SecureEnclaveAccessControl.allValues().forEach { accessControl in
+            let backingService = SecureEnclaveValet.valet(with: identifier, accessControl: accessControl).service
+            XCTAssertEqual(backingService, Service.standard(identifier, .secureEnclave(accessControl)))
+        }
+    }
+
+    func test_init_createsCorrectBackingService_sharedAccess() {
+        let identifier = ValetTests.identifier
+
+        SecureEnclaveAccessControl.allValues().forEach { accessControl in
+            let backingService = SecureEnclaveValet.sharedAccessGroupValet(with: identifier, accessControl: accessControl).service
+            XCTAssertEqual(backingService, Service.sharedAccessGroup(identifier, .secureEnclave(accessControl)))
+        }
+    }
+
     // MARK: Equality
 
     func test_secureEnclaveValetsWithEqualConfiguration_haveEqualPointers()

diff --git a/Tests/SinglePromptSecureEnclaveTests.swift b/Tests/SinglePromptSecureEnclaveTests.swift
@@ -40,7 +40,27 @@ class SinglePromptSecureEnclaveTests: XCTestCase
 
         valet.removeObject(forKey: key)
     }
-
+
+    // MARK: Initialization
+
+    func test_init_createsCorrectBackingService() {
+        let identifier = ValetTests.identifier
+
+        SecureEnclaveAccessControl.allValues().forEach { accessControl in
+            let backingService = SinglePromptSecureEnclaveValet.valet(with: identifier, accessControl: accessControl).service
+            XCTAssertEqual(backingService, Service.standard(identifier, .singlePromptSecureEnclave(accessControl)))
+        }
+    }
+
+    func test_init_createsCorrectBackingService_sharedAccess() {
+        let identifier = ValetTests.identifier
+
+        SecureEnclaveAccessControl.allValues().forEach { accessControl in
+            let backingService = SinglePromptSecureEnclaveValet.sharedAccessGroupValet(with: identifier, accessControl: accessControl).service
+            XCTAssertEqual(backingService, Service.sharedAccessGroup(identifier, .singlePromptSecureEnclave(accessControl)))
+        }
+    }
+
     // MARK: Equality
 
     func test_SinglePromptSecureEnclaveValetsWithEqualConfiguration_haveEqualPointers()

diff --git a/Tests/ValetTests.swift b/Tests/ValetTests.swift
@@ -110,6 +110,44 @@ class ValetTests: XCTestCase
         XCTAssert(anotherFlavor.allKeys().isEmpty)
     }
 
+    // MARK: Initialization
+
+    func test_init_createsCorrectBackingService() {
+        let identifier = ValetTests.identifier
+
+        Accessibility.allValues().forEach { accessibility in
+            let backingService = Valet.valet(with: identifier, accessibility: accessibility).service
+            XCTAssertEqual(backingService, Service.standard(identifier, .valet(accessibility)))
+        }
+    }
+
+    func test_init_createsCorrectBackingService_sharedAccess() {
+        let identifier = ValetTests.identifier
+
+        Accessibility.allValues().forEach { accessibility in
+            let backingService = Valet.sharedAccessGroupValet(with: identifier, accessibility: accessibility).service
+            XCTAssertEqual(backingService, Service.sharedAccessGroup(identifier, .valet(accessibility)))
+        }
+    }
+
+    func test_init_createsCorrectBackingService_cloud() {
+        let identifier = ValetTests.identifier
+
+        CloudAccessibility.allValues().forEach { accessibility in
+            let backingService = Valet.iCloudValet(with: identifier, accessibility: accessibility).service
+            XCTAssertEqual(backingService, Service.standard(identifier, .iCloud(accessibility)))
+        }
+    }
+
+    func test_init_createsCorrectBackingService_cloudSharedAccess() {
+        let identifier = ValetTests.identifier
+
+        CloudAccessibility.allValues().forEach { accessibility in
+            let backingService = Valet.iCloudSharedAccessGroupValet(with: identifier, accessibility: accessibility).service
+            XCTAssertEqual(backingService, Service.sharedAccessGroup(identifier, .iCloud(accessibility)))
+        }
+    }
+
     // MARK: Equality
 
     func test_valetsWithSameConfiguration_areEqual()

diff --git a/Valet.podspec b/Valet.podspec
@@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
   s.name     = 'Valet'
-  s.version  = '3.1.1'
+  s.version  = '3.1.2'
   s.license  = 'Apache License, Version 2.0'
   s.summary  = 'Securely store data in the iOS, tvOS, or macOS Keychain without knowing a thing about how the Keychain works. It\'s easy. We promise.'
   s.homepage = 'https://github.com/square/Valet'
@@ -14,18 +14,4 @@ Pod::Spec.new do |s|
   s.macos.deployment_target = '10.11'
 
   s.tvos.exclude_files = 'Sources/SinglePromptSecureEnclaveValet.swift'
-
-  s.test_spec 'Tests' do |test_spec|
-    test_spec.ios.requires_app_host = true
-    test_spec.ios.source_files = 'Tests/**/*.{h,m,swift}'
-    test_spec.ios.exclude_files = 'Tests/MacTests.swift'
-    test_spec.tvos.requires_app_host = true
-    test_spec.tvos.source_files = 'Tests/**/*.{h,m,swift}'
-    test_spec.tvos.exclude_files = ['Tests/MacTests.swift', 'Tests/*BackwardsCompatibilityTests.swift', 'Tests/SinglePromptSecureEnclaveTests.swift']
-    test_spec.macos.source_files = 'Tests/**/*.{h,m,swift}'
-    test_spec.pod_target_xcconfig = {
-      'SWIFT_OBJC_BRIDGING_HEADER' => '${PODS_TARGET_SRCROOT}/Tests/ValetTests-Bridging-Header.h',
-      'CLANG_WARN_UNGUARDED_AVAILABILITY' => 'YES'
-    }
-  end
 end