大改 OTPAuthURL ，说是同名账户不能保存多个

wanghengheng · wanghengheng · commit efbbb8d1cef5 · 2015-07-10T14:58:40.000+08:00
diff --git a/Coding_iOS/Ease_2FA/Controllers/OTPListViewController.m b/Coding_iOS/Ease_2FA/Controllers/OTPListViewController.m
@@ -186,9 +186,31 @@ - (void)beginButtonClicked:(id)sender{
 }
 
 - (void)addOneAuthURL:(OTPAuthURL *)authURL{
-    [authURL saveToKeychain];
-    [self.authURLs addObject:authURL];
-    [self configUI];
+    for (OTPAuthURL *item in self.authURLs) {
+        if ([authURL.name isEqualToString:item.name]) {
+            if ([authURL.otpCode isEqualToString:item.otpCode]) {
+                kTipAlert(@"该二维码已被保存为账户名：%@", authURL.name);
+            }else{
+                UIAlertView *alertV = [UIAlertView bk_alertViewWithTitle:@"提示" message:[NSString stringWithFormat:@"账户名：%@ 已存在\n选择 '更新' 覆盖原账户。", authURL.name]];
+                [alertV bk_setCancelButtonWithTitle:@"取消" handler:nil];
+                [alertV bk_addButtonWithTitle:@"更新" handler:nil];
+                @weakify(self);
+                alertV.bk_didDismissBlock = ^(UIAlertView *alertView, NSInteger buttonIndex){
+                    if (buttonIndex == 1) {
+                        @strongify(self);
+                        [authURL saveToKeychain];
+                        if ([self.authURLs indexOfObject:item] != NSNotFound) {
+                            [self.authURLs replaceObjectAtIndex:[self.authURLs indexOfObject:item] withObject:authURL];
+                            [self configUI];
+                            [self showHudTipStr:@"更新成功"];
+                        }
+                    }
+                };
+                [alertV show];
+            }
+            break;
+        }
+    }
 }
 
 - (void)deleteOneAuthURL:(OTPAuthURL *)authURL{
diff --git a/Coding_iOS/Ease_2FA/GoogleOTP/OTPAuthURL.h b/Coding_iOS/Ease_2FA/GoogleOTP/OTPAuthURL.h
@@ -30,14 +30,12 @@ static NSString *const kOTPService = @"com.google.otp.authentication";
 @interface OTPAuthURL : NSObject
 
 // |name| is an arbitrary UTF8 text string extracted from the url path.
-@property (nonatomic, copy) NSString *name, *issuer, *ease_SecAttrAccount;
+@property (nonatomic, copy) NSString *name, *issuer;
 @property (nonatomic, copy, readonly) NSString *otpCode;
 @property (nonatomic, copy, readonly) NSString *checkCode;
-@property (nonatomic, strong, readonly) NSData *keychainItemRef;
 
 + (OTPAuthURL *)authURLWithURL:(NSURL *)url
                         secret:(NSData *)secret;
-+ (OTPAuthURL *)authURLWithKeychainItemRef:(NSData *)keychainItemRef;
 
 + (OTPAuthURL *)ease_authURLWithKeychainDictionary:(NSDictionary *)dict;//
 
@@ -51,12 +49,6 @@ static NSString *const kOTPService = @"com.google.otp.authentication";
 // Removes the current object state from the keychain.
 - (BOOL)removeFromKeychain;
 
-// Returns true if the object was loaded from or subsequently added to the
-// iPhone keychain.
-// It does not assert that the keychain is up to date with the latest
-// |generator| state.
-- (BOOL)isInKeychain;
-
 - (NSString*)checkCode;
 
 @end
diff --git a/Coding_iOS/Ease_2FA/GoogleOTP/OTPAuthURL.m b/Coding_iOS/Ease_2FA/GoogleOTP/OTPAuthURL.m
@@ -55,7 +55,6 @@
 
 @interface OTPAuthURL ()
 
-@property (strong, nonatomic, readwrite) NSData *keychainItemRef;
 @property (strong, nonatomic) OTPGenerator *generator;
 
 // Initialize an OTPAuthURL with a dictionary of attributes from a keychain.
@@ -149,29 +148,12 @@ + (OTPAuthURL *)authURLWithURL:(NSURL *)url
   return authURL;
 }
 
-+ (OTPAuthURL *)authURLWithKeychainItemRef:(NSData *)data {
-	OTPAuthURL *authURL = nil;
-	NSDictionary *query = @{
-					 (__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword,
-		(__bridge id)kSecValuePersistentRef: data,
-		  (__bridge id)kSecReturnAttributes: @YES,
-				(__bridge id)kSecReturnData: @YES
-	};
-	CFDictionaryRef result = NULL;
-	OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, (CFTypeRef *)&result);
-  if (status == noErr) {
-    authURL = [self authURLWithKeychainDictionary:(__bridge_transfer NSDictionary *)result];
-    [authURL setKeychainItemRef:data];
-  }
-  return authURL;
-}
-
 + (OTPAuthURL *)ease_authURLWithKeychainDictionary:(NSDictionary *)dict{
     OTPAuthURL *authURL = [self authURLWithKeychainDictionary:dict];
     if (authURL) {
         NSString *secAttrAccount = dict[(__bridge id)kSecAttrAccount];
-        if (secAttrAccount.length > 0) {
-            authURL.ease_SecAttrAccount = secAttrAccount;
+        if (![secAttrAccount isEqualToString:authURL.name]) {
+            authURL.name = secAttrAccount;
         }
     }
     return authURL;
@@ -216,81 +198,63 @@ - (NSURL *)url {
   return nil;
 }
 
-- (BOOL)saveToKeychain {
-  NSString *urlString = [[self url] absoluteString];
-  NSData *urlData = [urlString dataUsingEncoding:NSUTF8StringEncoding];
-
-  NSMutableDictionary *attributes =
-   [NSMutableDictionary dictionaryWithObject:urlData
-                                      forKey:(__bridge id)kSecAttrGeneric];
-  OSStatus status = noErr;
-
-  if ([self isInKeychain] || self.ease_SecAttrAccount.length > 0) {
-    NSDictionary *query = @{(__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword,
-                           (__bridge id)kSecValuePersistentRef: self.keychainItemRef};
-
-    status = SecItemUpdate((__bridge CFDictionaryRef)query, (__bridge CFDictionaryRef)attributes);
+- (NSDictionary *)keychainQuery{
+    return @{(__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword,
+             (__bridge id)kSecAttrAccount: self.name};
+}
 
-    OTPDevLog(@"SecItemUpdate(%@, %@) = %d", query, attributes, (int)status);
-  } else {
+- (BOOL)saveToKeychain {
+    NSString *urlString = [[self url] absoluteString];
+    NSData *urlData = [urlString dataUsingEncoding:NSUTF8StringEncoding];
+    
+    NSMutableDictionary *attributes = [[NSMutableDictionary alloc] init];
     attributes[(__bridge id)kSecClass] = (__bridge id)kSecClassGenericPassword;
     attributes[(__bridge id)kSecReturnPersistentRef] = (id)kCFBooleanTrue;
-    attributes[(__bridge id)kSecValueData] = self.generator.secret;
     attributes[(__bridge id)kSecAttrService] = kOTPService;
-      if (self.issuer.length > 0) {
-          attributes[(__bridge id)kSecAttrType] = self.issuer;
-      }
 
-	  CFDataRef ref = NULL;
-
-    // The name here has to be unique or else we will get a errSecDuplicateItem
-    // so if we have two items with the same name, we will just append a
-    // random number on the end until we get success. We will try at max of
-    // 1000 times so as to not hang in shut down.
-    // We do not display this name to the user, so anything will do.
-    NSString *name = self.name;
-    for (int i = 0; i < 1000; i++) {
-      attributes[(__bridge id)kSecAttrAccount] = name;
-      status = SecItemAdd((__bridge CFDictionaryRef)attributes, (CFTypeRef *)&ref);
-      if (status == errSecDuplicateItem) {
-        name = [NSString stringWithFormat:@"%@.%ld", self.name, random()];
-      } else {
-        break;
-      }
+    
+    attributes[(__bridge id)kSecAttrGeneric] = urlData;
+    attributes[(__bridge id)kSecValueData] = self.generator.secret;
+    if (self.issuer.length > 0) {
+        attributes[(__bridge id)kSecAttrType] = self.issuer;
     }
-
-    OTPDevLog(@"SecItemAdd(%@, %@) = %d", attributes, ref, (int)status);
-
-    if (status == noErr) {
-      self.keychainItemRef = (__bridge_transfer NSData *)ref;
+    
+    OSStatus status = noErr;
+    CFDataRef ref = NULL;
+    status = SecItemAdd((__bridge CFDictionaryRef)attributes, (CFTypeRef *)&ref);
+    if (status == errSecDuplicateItem) {//如果有同名的话，就直接覆盖
+        [attributes removeObjectsForKeys:@[(__bridge id)kSecClass, (__bridge id)kSecReturnPersistentRef, (__bridge id)kSecAttrService]];
+        NSDictionary *query = [self keychainQuery];
+        status = SecItemUpdate((__bridge CFDictionaryRef)query, (__bridge CFDictionaryRef)attributes);
     }
-  }
-
-  return status == noErr;
+    return status == noErr;
 }
 
-- (BOOL)removeFromKeychain {
-    if (self.ease_SecAttrAccount.length > 0) {
-        return [SSKeychain deletePasswordForService:kOTPService account:self.ease_SecAttrAccount];
-    }
+- (BOOL)hotpUpdateToKeychain{
+    NSString *urlString = [[self url] absoluteString];
+    NSData *urlData = [urlString dataUsingEncoding:NSUTF8StringEncoding];
     
-  if (![self isInKeychain]) {
-    return NO;
-  }
-  NSDictionary *query = @{(__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword,
-                         (__bridge id)kSecValuePersistentRef: [self keychainItemRef]};
-  OSStatus status = SecItemDelete((__bridge CFDictionaryRef)query);
-
-  OTPDevLog(@"SecItemDelete(%@) = %d", query, (int)status);
-
-  if (status == noErr) {
-    [self setKeychainItemRef:nil];
-  }
-  return status == noErr;
+    NSMutableDictionary *attributes = [NSMutableDictionary dictionaryWithObject:urlData forKey:(__bridge id)kSecAttrGeneric];
+    NSDictionary *query = [self keychainQuery];
+    OSStatus status = SecItemUpdate((__bridge CFDictionaryRef)query, (__bridge CFDictionaryRef)attributes);
+    
+    OTPDevLog(@"SecItemUpdate(%@, %@) = %d", query, attributes, (int)status);
+    
+    return status == noErr;
 }
 
-- (BOOL)isInKeychain {
-  return self.keychainItemRef != nil;
+- (BOOL)removeFromKeychain {
+    if (self.name.length > 0) {
+        NSDictionary *query = [self keychainQuery];
+        OSStatus status = SecItemDelete((__bridge CFDictionaryRef)query);
+        OTPDevLog(@"SecItemDelete(%@) = %d", query, (int)status);
+        if (status == noErr) {
+            self.name = nil;
+        }
+        return status == noErr;
+    }else{
+        return NO;
+    }
 }
 
 - (void)generateNextOTPCode {
@@ -302,8 +266,8 @@ - (NSString*)checkCode {
 }
 
 - (NSString *)description {
-  return [NSString stringWithFormat:@"<%@ %p> Name: %@ ref: %p checkCode: %@",
-          [self class], self, self.name, self.keychainItemRef, self.checkCode];
+  return [NSString stringWithFormat:@"<%@ %p> Name: %@ checkCode: %@",
+          [self class], self, self.name, self.checkCode];
 }
 
 #pragma mark -
@@ -515,7 +479,7 @@ - (id)initWithName:(NSString *)name
 
 - (void)generateNextOTPCode {
   self.otpCode = [[self generator] generateOTP];
-  [self saveToKeychain];
+  [self hotpUpdateToKeychain];
   NSNotificationCenter *nc = [NSNotificationCenter defaultCenter];
   [nc postNotificationName:OTPAuthURLDidGenerateNewOTPNotification object:self];
 }
