SOSAuthKitHelpers.m   [plain text]

//
//  SOSAuthKitHelpers.m
//  Security
//
//  Created by murf on 6/19/18.
//

#import <Foundation/Foundation.h>
#import "SOSAuthKitHelpers.h"
#import <utilities/debugging.h>
#import <Security/SecureObjectSync/SOSAccount.h>
#import <Security/SecureObjectSync/SOSAccountPriv.h>
#import <Security/SecureObjectSync/SOSFullPeerInfo.h>
#import <Security/SecureObjectSync/SOSPeerInfoV2.h>
#import <Security/SecureObjectSync/SOSPeerInfoPriv.h>

#if !TARGET_OS_BRIDGE && !TARGET_OS_SIMULATOR
#import <AppleAccount/AppleAccount_Private.h>
#import <AuthKit/AuthKit.h>
#import <AuthKit/AuthKit_Private.h>

#define SUPPORT_MID 1
#endif

@implementation SOSAuthKitHelpers

#if SUPPORT_MID

SOFT_LINK_FRAMEWORK(PrivateFrameworks, AuthKit);
SOFT_LINK_FRAMEWORK(Frameworks, Accounts);

#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wstrict-prototypes"
SOFT_LINK_CLASS(AuthKit, AKAccountManager);
SOFT_LINK_CLASS(AuthKit, AKAnisetteProvisioningController);
SOFT_LINK_CLASS(AuthKit, AKAppleIDAuthenticationController);
SOFT_LINK_CLASS(AuthKit, AKDeviceListRequestContext);
SOFT_LINK_CLASS(Accounts, Accounts);
SOFT_LINK_CLASS(Accounts, ACAccountStore);
SOFT_LINK_CONSTANT(AuthKit, AKServiceNameiCloud, const NSString *);
#pragma clang diagnostic pop



+ (NSString *) machineID {
    NSError *error = nil;
    NSString *retval = nil;
    secnotice("sosauthkit", "Entering machineID");

    AKAnisetteProvisioningController *anisetteController = [getAKAnisetteProvisioningControllerClass() new];
    if(anisetteController) {
        AKAnisetteData *anisetteData = [anisetteController anisetteDataWithError:&error];
        if (anisetteData) {
            retval = [anisetteData.machineID copy];
            if(retval) {
                secnotice("sosauthkit", "machineID is %@", retval);
            } else {
                secnotice("sosauthkit", "Failed to get machineID");
            }
        } else {
            secnotice("sosauthkit", "can't get mID: %@", error);
        }
    } else {
        secnotice("sosauthkit", "can't get controller");
    }
    return retval;
}

+ (bool) peerinfoHasMID: (SOSAccount *) account {
    SOSPeerInfoRef pi = SOSFullPeerInfoGetPeerInfo(account.fullPeerInfo);
    if(!pi) return false;
    return SOSPeerInfoV2DictionaryHasString(pi, sMachineIDKey);
}

+ (bool) updateMIDInPeerInfo: (SOSAccount *) account {
    NSString *mid = [SOSAuthKitHelpers machineID];
    if(!mid) return true;
    CFErrorRef error = NULL;
    SOSAccountSetValue(account, sMachineIDKey, (__bridge CFStringRef)mid, &error);
    bool peerUpdated = SOSAccountUpdatePeerInfoAndPush(account, CFSTR("Add Machine ID"), &error, ^bool(SOSPeerInfoRef pi, CFErrorRef *error) {
        if(SOSPeerInfoV2DictionaryHasString(pi, sMachineIDKey)) {
            return false;
        }
        secnotice("sosauthkit", "Setting PeerInfo MID to %@", mid);
        SOSPeerInfoV2DictionarySetValue(pi, sMachineIDKey, (__bridge CFStringRef)mid);
        return true;
    });
    if(!peerUpdated) {
        secnotice("sosauthkit", "Failed to record MID in PeerInfo: %@", error);
    }
    CFReleaseNull(error);
    return peerUpdated;
}

+ (void)activeMIDs:(void(^_Nonnull)(NSSet *activeMIDs, NSError *error))complete {
    AKDeviceListRequestContext *context;
    ACAccount *primaryAccount;

    ACAccountStore *store = [getACAccountStoreClass() new];
    if(!store) {
        complete(NULL, [NSError errorWithDomain:(__bridge NSString *)kSecErrorDomain code:errSecParam userInfo:@{NSLocalizedDescriptionKey : @"can't get store"}]);
        return;
    }
    primaryAccount = [store aa_primaryAppleAccount];
    if(!primaryAccount) {
        secnotice("sosauthkit", "can't get account");
        complete(NULL, [NSError errorWithDomain:(__bridge NSString *)kSecErrorDomain code:errSecParam userInfo:@{NSLocalizedDescriptionKey : @"no primary account"}]);
        return;
    }

    context = [getAKDeviceListRequestContextClass() new];
    if (context == NULL) {
        complete(NULL, [NSError errorWithDomain:(__bridge NSString *)kSecErrorDomain code:errSecParam userInfo:@{NSLocalizedDescriptionKey : @"can't get AKDeviceListRequestContextClass"}]);
        return;
    }
    context.altDSID = primaryAccount.aa_altDSID;
    context.services = @[ getAKServiceNameiCloud() ];

    AKAppleIDAuthenticationController *authController = [getAKAppleIDAuthenticationControllerClass() new];
    if(!authController) {
        complete(NULL, [NSError errorWithDomain:(__bridge NSString *)kSecErrorDomain code:errSecParam userInfo:@{NSLocalizedDescriptionKey : @"can't get authController"}]);
        return;
    }

    [authController fetchDeviceListWithContext:context completion:^(NSArray<AKRemoteDevice *> *deviceList, NSError *error) {
        NSMutableSet *mids = [[NSMutableSet alloc] init];
        if (deviceList != nil) {
            for (AKRemoteDevice *device in deviceList) {
                [mids addObject:device.machineId];
            }
        } else {
            secnotice("sosauthkit", "got no mIDs: %@", error);
        }
        if([mids count] == 0) {
            secnotice("sosauthkit", "found not devices in account");
            mids = nil;
        }

        complete(mids, error);
    }];
}


#else /* TARGET_OS_BRIDGE || TARGET_OS_SIMULATOR */

+ (NSString *) machineID {
    return nil;
}

+ (void)activeMIDs:(void(^_Nonnull)(NSSet *activeMIDs, NSError *error))complete {
    complete(NULL, NULL);
}

+ (bool) updateMIDInPeerInfo: (SOSAccount *) account {
    return true;
}

+ (bool) peerinfoHasMID: (SOSAccount *) account {
    return false;
}

#endif

@end